Configuring non-default settings for the Spring Boot Actuator

You can change the HTTP endpoint, virtual host, and other settings for the Spring Boot Actuator so that it uses values other than the Open Liberty defaults. When you are not using the default HTTP endpoint and default virtual host, Open Liberty provides a set of configuration IDs to configure a web server for a Spring Boot application.

Open Liberty defines the main web server for a Spring Boot application as the first server that is created for the root Spring Boot ApplicationContext class. By default, the main web server uses the Open Liberty default HTTP endpoint and the virtual host when the Spring Boot application is deployed to Open Liberty.

When the Spring Boot application uses the default HTTP endpoint and virtual host, the Spring Boot application properties that are used to configure the main web server are ignored. The Open Liberty configuration settings for the default HTTP endpoint and default virtual host are used instead. All other Spring Boot application web server instances use the settings that are specified by the application. For example, you can use Spring Boot Actuators on a different port than the main web server port by configuring the management.server.port application property.

You can override the use of the Open Liberty default HTTP endpoint and default virtual host for the main web server by setting the server.liberty.use-default-host application property to false in the applicationArgument element.

<springBootApplication location="hellospringboot.jar">
    <applicationArgument>--server.liberty.use-default-host=false</applicationArgument>
</springBootApplication>

This configuration uses the Spring Boot application properties to configure the main web server instead of the Open Liberty defaults.

Open Liberty Spring Boot configuration IDs

When you are not using the default HTTP endpoint and default virtual host, Open Liberty provides a set of configuration IDs to configure a web server for a Spring Boot application. Use these configuration IDs in the server.xml file to override application settings for the web server.

The IDs are ordered by precedence by using the springBootVirtualHost-<requested port> ID , which overrides all server endpoint settings with configurations from the server.xml file. You can specify these IDs on different server.xml configuration elements to define the values for the web server for a Spring Boot application. The <requested port> value is the HTTP port that the Spring Boot application requests.

springBootVirtualHost-<requested port>

Set this ID on the virtualHost element to configure the virtual host host for the server to use a specified alias.

springBootHttpEndpoint-<requested port>

Set this ID on the httpEndpoint element to configure the HTTP endpoint for the server to use a specified host address and HTTP port.

springBootSsl-<requested port>

Set this ID on the ssl element to configure SSL settings for the HTTP endpoint.

springBootKeyStore-<requested port>

Set this ID on the keyStore element to configure the keystore for the SSL settings.

springBootTrustStore-<requested port>

Set this ID on the keyStore element to configure the truststore for the SSL settings.

The examples in the following sections demonstrate how to specify these configuration IDs.

Configuration examples

The following examples use the sample hellospringboot.jar application that you deploy to Open Liberty in Configure and Deploy Spring Boot applications to Open Liberty. However, the Open Liberty configuration applies equally to JAR and WAR files.

Spring Boot properties sometimes change between versions. The following examples use Spring Boot 3.04 properties. For more information, see Spring Boot common application properties.

Configuring a non-default virtual host and HTTP endpoint for a Spring Boot application and the Spring Boot Actuator

In the example, the hellospringboot.jar application that is deployed to Liberty is configured so that it does not use the Liberty default HTTP endpoint or default virtual host. From the application HTTP port, you configure the application to use a different HTTP port for the actuator. Then, use the server.xml file to override the server settings for the actuator.

  1. Configure the springBootApplication element in the server.xml file to override the default HTTP endpoint and default virtual host.

    1. Add a command line argument for the application by using the applicationArgument element. Pass the --server.liberty.use-default-host=false argument.

      <springBootApplication location="hellospringboot.jar">
          <applicationArgument>--server.liberty.use-default-host=false</applicationArgument>
      </springBootApplication>
    2. Start the server in the foreground by running the server run helloserver command.

    3. Test the application in a browser by going to the http://localhost:8080 URL.

    4. Test the actuator health endpoint at the http://localhost:8080/actuator/health URL.

  2. To configure a non-default port for the actuator input, pass the --management.server.port=9999 argument.

    <springBootApplicationlocation="hellospringboot.jar">
        <applicationArgument>--server.liberty.use-default-host=false</applicationArgument>
        <applicationArgument>--management.server.port=9999</applicationArgument>
    </springBootApplication>
    1. Test the application at the http://localhost:8080 URL.

    2. Test the actuator health endpoint at the http://localhost:9999/actuator/health URL.

    3. Stop the server by running the server stop helloserver command.

Configuring an HTTP port for the Spring Boot Actuator

  1. For the actuator to use the HTTP port 9080 endpoint by default, configure a virtualHost element with the springBootVirtualHost-9999 configuration ID.

    <virtualHost id="springBootVirtualHost-9999">
        <hostAlias>*:9080</hostAlias>
    </virtualHost>
  2. Start the server in the foreground by running the server run helloserver command.

  3. Test the application at the http://localhost:8080 URL.

  4. Test the actuator health endpoint at the http://localhost:9080/actuator/health URL.

  5. Stop the server by running the server stop helloserver command.

  6. Remove the virtualHost configuration from the server.xml file.

Configure the HTTP endpoint for the Actuator and enable access logging

  1. Specify the springBootHttpEndpoint configuration ID for the httpEndpoint element and add the accessLogging element.

    <httpEndpoint id="springBootHttpEndpoint-9999" httpPort="9999"httpsPort="-1">
        <accessLogging/>
    </httpEndpoint>
  2. Start the server in the foreground by running the server run helloserver command.

  3. Test the application in a browser by going to the http://localhost:8080 URL.

  4. Test the actuator health endpoint in a browser by going to the http://localhost:9999/actuator/health URL.

  5. Check the /usr/servers/helloserver/logs/http_access.log file for reports about accessing the health actuator.

  6. Stop the server with the server stop helloserver command.

Override the default Transport Layer Security (TLS) settings for the Spring Boot Actuator

You can use the springBootVirtualHost-8080 and springBootHttpEndpoint-8080 configuration IDs to override the server settings for the main server of the application. Similarly, you can override the TLS settings that the actuator endpoints use, but overriding requires that the application includes configured TLS settings for the actuator server. Assume that the actuator TLS settings are set with the following values in the server.xml file and that the application contains a server-keystore.p12 keystore file and a server-truststore.p12 truststore file on the class path.

<featureManager>
    <feature>pages-3.1</feature>
    <feature>springBoot-3.0</feature>
    <feature>transportSecurity-1.0</feature>
</featureManager>

<springBootApplication location="hellospringboot.jar">
    <applicationArgument>--server.liberty.use-default-host=false</applicationArgument>
    <applicationArgument>--management.server.port=9999</applicationArgument>
    <applicationArgument>--management.server.ssl.key-store=classpath:server-keystore.p12</applicationArgument>
    <applicationArgument>--management.server.ssl.key-store-password=secret</applicationArgument>
    <applicationArgument>--management.server.ssl.key-password=secret</applicationArgument>
    <applicationArgument>--management.server.ssl.trust-store=classpath:server-truststore.p12</applicationArgument>
    <applicationArgument>--management.server.ssl.trust-store-password=secret</applicationArgument>
</springBootApplication>
  • Override the SSL settings by specifying the springBootSsl-9999 configuration ID.

    1. If the httpEndpoint element with the springBootHttpEndpoint-9999 ID exists, remove it from the server.xml file.

    2. Override the SSL settings that the actuator uses.

      <ssl keyStoreRef="mykeystore" trustStoreRef="mytruststore" id="springBootSsl-9999"/>
      <keyStore location="override-keystore.p12" password="secret" id="mykeystore"/>
      <keyStore location="override-truststore.p12" password="secret" id="mytruststore"/>
    3. Start the server in the foreground by using the server run helloserver command.

    4. Test the application at the http://localhost:8080 URL.

    5. Test the actuator health endpoint at the secure http://localhost:9999/actuator/health URL.

    6. Stop the server with the server stop helloserver command.

      If the application was configured to use SSL, you can use the springBootSsl-9999 ID in the previous steps to override the SSL settings for the main server of the application.

  • Override the individual keystore or truststore by specifying the springBootKeyStore-9999 or springBootTrustStore-9999 IDs.

    1. If the httpEndpoint element with the springBootHttpEndpoint-9999 ID exists, remove it from the server.xml file.

    2. If the ssl and keyStore elements with the springBootSsl-9999 IDexist, remove them from the server.xml file.

    3. Add one or both lines of code to override the keystore or truststore that the actuator uses.

      <keyStore location="override-keystore.p12" password="secret" id="springBootKeyStore-9999"/>
      <keyStore location="override-truststore.p12" password="secret" id="springBootTrustStore-9999"/>
    4. Start the server in the foreground by using the server run helloserver command.

    5. Test the application at the http://localhost:8080 URL.

    6. Test the actuator health endpoint at the secure https://localhost:9999/actuator/health URL.

    7. Stop the server with the server stop helloserver command.

      If the server was configured to use SSL, you can use the springBootKeyStore-8080 and springBootTrustStore-8080 IDs in the previous steps to override the TLS settings for the main server of the application.