Reputation: 81
Expose spring actuator health endpoint on a different is a good thing or bad thing?
Based on 48.3 Customizing the management server port
Exposing management endpoints using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center you may prefer to expose endpoints using a different HTTP port.
What is value of have a different port for actuator health endpoint to run? under what kind of scenario?
Generally, is one port for all service endpoint good enough? Is implementation of setup health endpoint on a different a standard implementation?
Upvotes: 0
Views: 1488
Answers (2)
Reputation: 42441
There can be different reasons some are technical, some are not:
Your Security department has a policy that no "administration" stuff (and actuator certainly falls into this category) can share the default port of the application. So you just live with that :) I've seen that in one of pretty big companies, so its not a joke.
If you use the actuator intensively (like doing some integration via the actuator) - there will be request on the same thread pool of tomcat connector as regular rest requests that the application has to serve, in this case you might prefer to separate.
You have some network equipment that routes your requests, it can easily forbid a request to some port from the end-user, but it can't operate on URL parts:
http://host:port/api/v1/business-stuff
http://host:port/health
--> Hard / impossible to configure routing
as opposed to:
http://host:port1/api/v1/business-stuff
http://host:port2/health
--> easy - open port1 for end users, don't open port2 to the out world
After all spring boot give many options and you should decide what suits you best
Upvotes: 1
Reputation: 14712
Why you might want to expose actuator endpoints on a different port has to do with the loadbalancer/firewall infront of the application.
let's say you have you api on port 8080. Your firewall will take port 80 and direct the traffic to port 8080.
Why dont we expose port 80 directly on our spring application? well in linux opening port 1024 or below demands a root account, that is because the ports below are sensitive ports. So one reason is that you dont want to run your applications as root.
But why then actuators on a different port, well if you have actuators on lets say 8081 well then you can only access those from INSIDE your network, behind the firewall (because the firewall only has port 80 open for external connections) and no one else can check your service for health status, memory etc. etc.
Upvotes: 1
Related Questions
- Spring boot actuator health endpoint
- Spring boot - health endpoint - can I have more than one URI, one simple, other more detailed?
- Health endpoint not working in spring-boot-actuator service
- Spring Boot Actuator - Multiple Health Endpoints
- SpringBoot health Endpoints overriden
- in Spring actuator: does HealthEndPoint.health() give the same result as calling /health endpoint?
- Changing spring boot actuator health end point to a custom end point
- Spring boot actuator: Health endpoint not showing details when other actuator's endpoints are secured
- Spring Boot Actuator - Endpoint sensitivity vs security enablement
- Is it possible to change the /health endpoint in spring-boot?