January 2018
Intermediate to advanced
414 pages
10h 29m
English
One of the things that we need to consider is when we enable our Actuator endpoints. They are open for use in those particular URLs by anyone that can access them, and that may not be ideal as they can provide sensitive information that we may not want to be used.
First, we can change their default URL and port by editing our application.yml:
management: endpoints: web: base-path: "/management" expose: ["health", "metrics", "trace"] server: port: 8089
Now, our URLs have changed to be like http://localhost:8089/management/health, and with this, we have to hide our Actuator endpoints in a production setup. We can even block the access to those URLs and ports outside our internal trusted zones.
Read now
Unlock full access