|
|
|
|
@ -86,7 +86,7 @@ The following endpoints are available:
|
|
|
|
|
|true
|
|
|
|
|
|
|
|
|
|
|`health`
|
|
|
|
|
|Shows application health information (a simple '`status`' when accessed over an
|
|
|
|
|
|Shows application health information (when the application is secure, a simple '`status`' when accessed over an
|
|
|
|
|
unauthenticated connection or full message details when authenticated).
|
|
|
|
|
|false
|
|
|
|
|
|
|
|
|
|
@ -157,8 +157,8 @@ For example, the following will disable _all_ endpoints except for `info`:
|
|
|
|
|
Health information can be used to check the status of your running application. It is
|
|
|
|
|
often used by monitoring software to alert someone if a production system goes down.
|
|
|
|
|
The default information exposed by the `health` endpoint depends on how it is accessed.
|
|
|
|
|
For an insecure unauthenticated connection a simple '`status`' message is returned, for a
|
|
|
|
|
secure or authenticated connection additional details are also displayed (see
|
|
|
|
|
For an unauthenticated connection in a secure application a simple '`status`' message is
|
|
|
|
|
returned, and for a authenticated connection additional details are also displayed (see
|
|
|
|
|
<<production-ready-health-access-restrictions>> for HTTP details).
|
|
|
|
|
|
|
|
|
|
Health information is collected from all
|
|
|
|
|
@ -507,16 +507,30 @@ If you don't want to expose endpoints over HTTP you can set the management port
|
|
|
|
|
[[production-ready-health-access-restrictions]]
|
|
|
|
|
=== HTTP health endpoint access restrictions
|
|
|
|
|
The information exposed by the health endpoint varies depending on whether or not it's
|
|
|
|
|
accessed anonymously. By default, when accessed anonymously, any details about the
|
|
|
|
|
accessed anonymously, and whether or not the enclosing application is secure.
|
|
|
|
|
By default, when accessed anonymously in a secure application, any details about the
|
|
|
|
|
server's health are hidden and the endpoint will simply indicate whether or not the server
|
|
|
|
|
is up or down. Furthermore, when accessed anonymously, the response is cached for a
|
|
|
|
|
configurable period to prevent the endpoint being used in a denial of service attack.
|
|
|
|
|
The `endpoints.health.time-to-live` property is used to configure the caching period in
|
|
|
|
|
milliseconds. It defaults to 1000, i.e. one second.
|
|
|
|
|
|
|
|
|
|
The above-described restrictions can be disabled, thereby allowing anonymous users full
|
|
|
|
|
access to the health endpoint. To do so, set `endpoints.health.sensitive` to `false`.
|
|
|
|
|
The above-described restrictions can be enhanced, thereby allowing only authenticated users full
|
|
|
|
|
access to the health endpoint in a secure application. To do so, set `endpoints.health.sensitive` to `true`.
|
|
|
|
|
Here's a summary of behaviour (with default `sensitive` flag value "false" indicated in bold):
|
|
|
|
|
|
|
|
|
|
|====
|
|
|
|
|
|Secure | Sensitive | Unauthenticated behaviour | Authenticated behaviour
|
|
|
|
|
|
|
|
|
|
| false | **false** | Full content | Full content
|
|
|
|
|
|
|
|
|
|
| false | true | Status only | Full content
|
|
|
|
|
|
|
|
|
|
| true | **false** | Status only | Full content
|
|
|
|
|
|
|
|
|
|
| true | true | No content | Full content
|
|
|
|
|
|
|
|
|
|
|====
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[[production-ready-jmx]]
|
|
|
|
|
|
Dave Syer
10 years ago