Allow specifying the port (or nic) for Spring Boot Actuator #2408

trustin · 2020-01-17T09:14:35Z

WebOperationService is currently always bound to Server's all ports. It'd be nice if there's a way to limit/disable WebOperationService for other ports than a specific port/remoteAddr/NIC.

Armeria currently is not capable of binding a service to a specific port only, but we could simply respond with 404 if the request came from a wrong port. Internally this could be implemented as a generic decorator that works for any HttpService.

As a workaround, a user can specify a custom route decorator:

@Bean
public ArmeriaServerConfigurator secureActuator() {
    return builder -> {
		builder.routeDecorator()
               .pathPrefix("/internal")
               .build((delegate, ctx, req) -> {
                   final InetSocketAddress laddr = ctx.localAddress();
                   if (laddr.getPort() != INTERNAL_PORT) {
                       return HttpResponse.of(404);
                   } else {
                       return delegate.serve(ctx, req);
                   }
               });
    };
}

The text was updated successfully, but these errors were encountered:

heowc · 2020-02-14T02:32:25Z

In spring boot actuator, the base path of the provided actuator is /actuator.
In addition, is there a need to include internal/docs, internal/metrics and internal/healthcheck in armeria?

trustin · 2020-02-14T03:32:07Z

@heowc Yes. It'd be nice to provide this feature as a part of the core, too.

…2502) Motivation: `WebOperationService` is currently always bound to `Server`'s all ports. It'd be nice if there's a way to limit/disable `WebOperationService` for other ports than a specific port/remoteAddr/NIC. Armeria currently is not capable of binding a service to a specific port only, but we could simply respond with 404 if the request came from a wrong port. Internally this could be implemented as a generic decorator that works for any `HttpService`. Modifications: - Copy `ArmeriaSetting` to `boot-actuator-autoconfigure` - If `management.server.port` is set, protect all services under `/internal/` and actuator services on other ports. - If `management.server.port` is set, support `@LocalManagementPort` - Add test Result: - Fixes #2408

…ine#2502) Motivation: `WebOperationService` is currently always bound to `Server`'s all ports. It'd be nice if there's a way to limit/disable `WebOperationService` for other ports than a specific port/remoteAddr/NIC. Armeria currently is not capable of binding a service to a specific port only, but we could simply respond with 404 if the request came from a wrong port. Internally this could be implemented as a generic decorator that works for any `HttpService`. Modifications: - Copy `ArmeriaSetting` to `boot-actuator-autoconfigure` - If `management.server.port` is set, protect all services under `/internal/` and actuator services on other ports. - If `management.server.port` is set, support `@LocalManagementPort` - Add test Result: - Fixes line#2408

trustin added the new feature label Jan 17, 2020

heowc mentioned this issue Feb 17, 2020

Add not to bind on the specific port(s) from Spring Boot (Actuator) #2502

Merged

trustin closed this as completed in #2502 Jun 4, 2020

trustin added this to the 0.99.7 milestone Jun 22, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow specifying the port (or nic) for Spring Boot Actuator #2408

Allow specifying the port (or nic) for Spring Boot Actuator #2408

trustin commented Jan 17, 2020

heowc commented Feb 14, 2020

trustin commented Feb 14, 2020

Allow specifying the port (or nic) for Spring Boot Actuator #2408

Allow specifying the port (or nic) for Spring Boot Actuator #2408

Comments

trustin commented Jan 17, 2020

heowc commented Feb 14, 2020

trustin commented Feb 14, 2020