If you want runtime metrics and app info without turning your production app into a public status billboard then Spring Boot Actuator is your friend and your mild responsibility. This short tutorial walks you through adding Actuator support exposing the endpoints you need enabling useful details and locking down access so your metrics do not become internet trivia.
Actuator gives you built in endpoints for health checks metrics info and other operational data. Think of it as a small command center for your app that developers and ops can use to troubleshoot and monitor. You will learn how to:
Most projects just need the official starter. If you use Maven add the dependency under the dependencies element in pom.xml.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
If you use Gradle add the starter dependency to your build script. This makes the actuator module available with minimal fuss.
By default Actuator does not expose everything over HTTP which is good because less noise means less attack surface. Configure the web exposure in application.properties or application.yml to include only the endpoints you want. Example properties snippet for common needs.
# application.properties
management.endpoints.web.exposure.include=health,info,metrics
management.endpoints.web.base-path=/actuator
Only include endpoints you use in production. Putting wildcard exposure in production is a fast track to regret.
Some endpoints provide less data by default for safety. If you need health details for debugging set the property to show them. Keep this cautious in production.
# show health details for debugging
management.endpoint.health.show-details=always
Other endpoints may need additional configuration depending on the information they surface. Enable what you need and no more.
Actuator endpoints are useful to ops and also attractive to unauthorized snoops. Protect them. Two common approaches work well together:
# run actuator on a separate port
management.server.port=8081
For role based security add checks in your security configuration or use HTTP basic or OAuth depending on your environment. Treat access control as mandatory and not optional decor.
Confirm endpoints are responding. Use a browser curl or your favorite HTTP client to hit the actuator base path and a few endpoints. Example curl checks.
# check health
curl -i http://localhost:8080/actuator/health
# check metrics
curl -i http://localhost:8080/actuator/metrics
# check info
curl -i http://localhost:8080/actuator/info
If you moved the management port remember to target that port. If you protected endpoints with auth provide credentials in your client or test tool.
Pro tip Keep the exposure tight prefer role based access and avoid turning on wildcard exposure unless you are building a local sandbox where nobody will notice your overconfidence.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.