Login/Register
Spring Boot Admin uses HTTP instead of HTTPS Actuator Endpoints
Asked Answered
javaspringspring-mvcspring-bootspring-boot-admin
G

3

10

After the registration at the Spring Boot Admin (SBA) Server, some actuators of the clients get adressed with http://springapplication.com/actuator instead of https://springapplication.com/actuator. Why does it change the endpoints to HTTP and doesn´t stay at HTTPS? Is it customizable?

Here are some Logs and the Java/YML-Files.

Logs:

2018-07-02 06:13:27.683  INFO 3194 --- [-client-epoll-7] d.c.b.a.server.services.StatusUpdater    : Couldn't retrieve status for Instance(id=0d47f12b0a94, version=57, registration=Registration(name=springbootapplication-Name, managementUrl=https://springbootapplication.com/actuator, healthUrl=https://springbootapplication.com/actuator/health, serviceUrl=https://springbootapplication.com, source=http-api), registered=true, statusInfo=StatusInfo(status=UP, details={}), statusTimestamp=2018-07-02T05:06:08.423Z, info=Info(values={}), endpoints=Endpoints(endpoints={httptrace=Endpoint(id=httptrace, url=http://springbootapplication.com/actuator/httptrace), flyway=Endpoint(id=flyway, url=http://springbootapplication.com/actuator/flyway), loggers=Endpoint(id=loggers, url=http://springbootapplication.com/actuator/loggers), health=Endpoint(id=health, url=https://springbootapplication.com/actuator/health), env=Endpoint(id=env, url=http://springbootapplication.com/actuator/env), heapdump=Endpoint(id=heapdump, url=http://springbootapplication.com/actuator/heapdump), scheduledtasks=Endpoint(id=scheduledtasks, url=http://springbootapplication.com/actuator/scheduledtasks), mappings=Endpoint(id=mappings, url=http://springbootapplication.com/actuator/mappings), beans=Endpoint(id=beans, url=http://springbootapplication.com/actuator/beans), configprops=Endpoint(id=configprops, url=http://springbootapplication.com/actuator/configprops), threaddump=Endpoint(id=threaddump, url=http://springbootapplication.com/actuator/threaddump), metrics=Endpoint(id=metrics, url=http://springbootapplication.com/actuator/metrics), conditions=Endpoint(id=conditions, url=http://springbootapplication.com/actuator/conditions), auditevents=Endpoint(id=auditevents, url=http://springbootapplication.com/actuator/auditevents), info=Endpoint(id=info, url=http://springbootapplication.com/actuator/info), jolokia=Endpoint(id=jolokia, url=http://springbootapplication.com/actuator/jolokia)}), buildVersion=null)

Application.yml (Server):

server:
  port: 5100
spring: 
  security:
    user:
      name: admin
      password: password

SecuritySecureConfig.java (Server):

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

import de.codecentric.boot.admin.server.config.AdminServerProperties;

@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");

        http.authorizeRequests().antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll().anyRequest().authenticated().and().formLogin()
                .loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout()
                .logoutUrl(adminContextPath + "/logout").and().httpBasic().and().csrf().disable();
    }
}

SpringBootAdminApplication.java (Server):

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import de.codecentric.boot.admin.server.config.EnableAdminServer;

@EnableAutoConfiguration
@EnableWebSecurity
@EnableAdminServer
@SpringBootApplication(scanBasePackages = "administration")
@PropertySource(value = "META-INF/build-info.properties", ignoreResourceNotFound = true)
public class SpringBootAdminApplication {

    private static final Logger log = LoggerFactory.getLogger(SpringBootAdminApplication.class);

    public static void main(final String[] args) {
        SpringApplication.run(SpringBootAdminApplication.class, args);
    }
}

Application.yml (Client):

spring:
  application:
    name: springapplication
  boot:
    admin:
      client:
        username: ${application.security.usernameAdmin}
        password: ${application.security.passwordAdmin}
        url: "https://springBootAdminServerURL.com"
        instance:
          service-base-url: https://http://springapplication.com/
          metadata:
            user.name: ${application.security.usernameAdmin}
            user.password: ${application.security.passwordAdmin}                 
management:
  endpoints:
    web:
      exposure:
        include: "*"
application:
  security:
    usernameAdmin: admin
    passwordAdmin: password
Genagenappe answered 2/7, 2018 at 12:54 Comment(1)
Hi, did you ever find a solution for this?Iced
I
4

I had the same problem. Look at your applications /actuator endpoint. Is it reporting urls as http? It did for me, even if health used https. What solved it for me was adding server.use-forward-headers=true which adds all X-Forwarded-*, including the X-Forwared-Proto that identifies scheme (http/https).

Remember if your app is behind a reverse proxy like NGINX, you'd also need to configure this. Example for NGINX

location / {
  proxy_set_header   X-Forwarded-Proto $scheme;
  ...
}
Iced answered 25/3, 2019 at 8:48 Comment(0)
E
3

Need correction in the config file for below property which signifies as

Base url for computing the service-url to register with. The path is inferred at runtime, and appended to the base url.

spring.boot.admin.client.instance.service-base-url


instance:
          service-base-url: https://springapplication.com/
Endlong answered 2/7, 2018 at 13:10 Comment(2)
Hey Rizwan, thank you for your reply. After changing the service-base-url to service-url the Client registered itself on the Server, but stays inactive. The URL's for the actuators also stay http.Genagenappe
Service url is same for all instances of the same application. So, how to capture each instance metrics instead of service url when SSL enabled.Han
P
1

In my experience this is usually due to two issues.

  1. Incorrect port configs
  2. Untrusted SSL certs

To fix the first issue, you need to make sure your client application correctly informs Eureka to use the secure port:

eureka:
  instance:
    nonSecurePortEnable: false
    securePortEnabled: true

To fix the second, you need to ensure the SSL cert is trusted by the JVM that is running Spring Boot Admin. Just install your cert into the JRE's cacert file using keytool. I would recommend enabling SSL debug logging while trying to get this to work.

-Djavax.net.debug=SSL

These two steps solved this issue for me.

Peculiarize answered 17/9, 2018 at 16:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.