4

I'm developing a webapplication with Spring-boot using embedded tomcat. One of the requirements of this app is 2-way SSL (clientAuth).

Enabling ClientAuth is easy enough however we also like to use spring-boot Actuator for management of the app on a different port without clientAuth.

Is there is a clean way to do this?

(Disabling SSL on the actuator endpoints would also be enough)

pvgoddijn
  • 12,638
  • 15
  • 47
  • 56
  • Looking at the source of `org.springframework.boot.actuate.autoconfigure.EndpointWebMvcChildContextConfiguration` i see a `ServerProperties` is injected From the beanFactory, but my Spring experience is too limited to work out how/if i can influence this which bean is actualy injected there, or how i could get a hold of the bean to configure it. – pvgoddijn Jun 26 '15 at 11:44
  • It should be possible by config http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready-management-specific-ssl – Redlab Dec 09 '16 at 20:12
  • 1
    Must have been in a update to spring boot since i asked this question, thanks. (you can make it a answer if you like) – pvgoddijn Dec 12 '16 at 08:57

1 Answers1

9

According to latest spring docs, you can use 

management.server.port=8080
management.server.ssl.enabled=false

in the properties to configure the management ports. see production-ready-management-specific-ssl in the spring boot doc for more options.

Pyves
  • 6,333
  • 7
  • 41
  • 59
Redlab
  • 3,110
  • 19
  • 17
  • Why isn't it possible to do the same without using a different port? – PatPanda Sep 10 '20 at 23:05
  • @PatPatPat Using a different port allows you to separate the management webapp from the main webapp. If you want to use the same port, you need to enable/disable SSL globally for your application – gbaso Apr 28 '21 at 16:08