1. What is Spring Boot Admin?
codecentric’s Spring Boot Admin is a community project to manage and monitor your Spring Boot ® applications. The applications register with our Spring Boot Admin Client (via HTTP) or are discovered using Spring Cloud ® (e.g. Eureka, Consul). The UI is just an AngularJs application on top of the Spring Boot Actuator endpoints.
2. Getting started
2.1. Setting up Spring Boot Admin Server
First you need to setup your server. To do this just setup a simple boot project (using start.spring.io). As Spring Boot Admin Server is capable of running as servlet or webflux application, you need to decide on this and add the according Spring Boot Starter. In this example we’re using the servlet web starter.
-
Add Spring Boot Admin Server starter to your dependencies:
pom.xml<dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-starter-server</artifactId> <version>2.0.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency>
-
Pull in the Spring Boot Admin Server configuration via adding
@EnableAdminServer
to your configuration:@Configuration @EnableAutoConfiguration @EnableAdminServer public class SpringBootAdminApplication { public static void main(String[] args) { SpringApplication.run(SpringBootAdminApplication.class, args); } }
If you want to setup the Spring Boot Admin Server via war-deployment in a servlet-container, please have a look at the spring-boot-admin-sample-war. |
See also the spring-boot-admin-sample-servlet project, which also adds security.
2.2. Registering client applications
To register your application at the SBA Server you can either include the SBA Client or use Spring Cloud Discovery (e.g. Eureka, Consul, …). There is also a simple option using a static configuration on the SBA Server side.
2.2.1. Spring Boot Admin Client
Each application that wants to register has to include the Spring Boot Admin Client. In order to secure the endpoints also add the spring-boot-starter-security
.
-
Add spring-boot-admin-starter-client to your dependencies:
pom.xml<dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-starter-client</artifactId> <version>2.0.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
-
Enable the SBA Client by configuring the URL of the Spring Boot Admin Server:
application.ymlspring.boot.admin.client.url: "http://localhost:8080" (1) management.endpoints.web.exposure.include: "*" (2)
1 The URL of the Spring Boot Admin Server to register at. 2 As with Spring Boot 2 most of the endpoints aren’t exposed via http by default, we expose all of them. For production you should carefully choose which endpoints to expose. -
Make the actuator endpoints accessible:
@Configuration public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll() (1) .and().csrf().disable(); } }
1 For the sake of brevity we’re disabling the security for now. Have a look at the security section on how to deal with secured endpoints.
2.2.2. Spring Cloud Discovery
If you already use Spring Cloud Discovery for your applications you don’t need the SBA Client. Just add a DiscoveryClient to Spring Boot Admin Server, the rest is done by our AutoConfiguration.
The following steps uses Eureka, but other Spring Cloud Discovery implementations are supported as well. There are examples using Consul and Zookeeper.
Also have a look at the Spring Cloud documentation.
-
Add spring-cloud-starter-eureka to you dependencies:
pom.xml<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency>
-
Enable discovery by adding
@EnableDiscoveryClient
to your configuration:@Configuration @EnableAutoConfiguration @EnableDiscoveryClient @EnableAdminServer public class SpringBootAdminApplication { public static void main(String[] args) { SpringApplication.run(SpringBootAdminApplication.class, args); } @Configuration public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll() (1) .and().csrf().disable(); } } }
1 For the sake of brevity we’re disabling the security for now. Have a look at the security section on how to deal with secured endpoints. -
Tell the Eureka client where to find the service registry:
application.ymleureka: (1) instance: leaseRenewalIntervalInSeconds: 10 health-check-url-path: /actuator/health client: registryFetchIntervalSeconds: 5 serviceUrl: defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/ management: endpoints: web: exposure: include: "*" (2) endpoint: health: show-details: ALWAYS
1 Configuration section for the Eureka client 2 As with Spring Boot 2 most of the endpoints aren’t exposed via http by default, we expose all of them. For production you should carefully choose which endpoints to expose.
See also spring-boot-admin-sample-eureka.
You can include the Spring Boot Admin Server to your Eureka server. Setup everything as described above and set spring.boot.admin.context-path to something different than "/" so that the Spring Boot Admin Server UI won’t clash with Eureka’s one.
|
3. Client applications
3.1. Show version in application list
For Spring Boot applications the easiest way to show the version, is to use the build-info
goal from the spring-boot-maven-plugin
, which generates the META-INF/build-info.properties
. See also the Spring Boot Reference Guide.
For non-Spring Boot applications you can either add a version
or build.version
to the registration metadata and the version will show up in the application list.
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>build-info</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
3.2. JMX-bean management
To interact with JMX-beans in the admin UI you have to include Jolokia in your application. As Jolokia is servlet based there is no support for reactive applications.
In case you are using the spring-boot-admin-starter-client
it will be pulled in for you, if not add Jolokia to your dependencies:
<dependency>
<groupId>org.jolokia</groupId>
<artifactId>jolokia-core</artifactId>
</dependency>
3.3. Spring Boot Admin Client
The Spring Boot Admin Client registers the application at the admin server. This is done by periodically doing a HTTP post request to the SBA Server providing information about the application. It also adds Jolokia to your application, so that JMX-beans are accessible via HTTP.
There are plenty of properties to influence the way how the SBA Client registers your application. In case that doesn’t fit your needs, you can provide your own AppliationFactory implementation.
|
Property name | Description | Default value |
---|---|---|
spring.boot.admin.client.enabled |
Enables the Spring Boot Admin Client. |
|
spring.boot.admin.client.url |
Comma separated ordered list of URLs of the Spring Boot Admin server to register at. This triggers the AutoConfiguration. Mandatory. |
|
spring.boot.admin.client.api-path |
Http-path of registration endpoint at your admin server. |
|
spring.boot.admin.client.username |
Username and password in case the SBA Server api is protected with HTTP Basic authentication. |
|
spring.boot.admin.client.period |
Interval for repeating the registration (in ms). |
|
spring.boot.admin.client.connect-timeout |
Connect timeout for the registration (in ms). |
|
spring.boot.admin.client.read-timeout |
Read timeout for the registration (in ms). |
|
spring.boot.admin.client.auto-registration |
If set to true the periodic task to register the application is automatically scheduled after the application is ready. |
|
spring.boot.admin.client.auto-deregistration |
Switch to enable auto-deregistration at Spring Boot Admin server when context is closed. If the value is unset the feature is active if a running CloudPlatform was detected. |
|
spring.boot.admin.client.register-once |
If set to true the client will only register against one admin server (in order defined by |
|
spring.boot.admin.client.instance.health-url |
Health-url to register with. Can be overridden in case the reachable URL is different (e.g. Docker). Must be unique in registry. |
Guessed based on management-url and |
spring.boot.admin.client.instance.management-base-url |
Base url for computing the management-url to register with. The path is inferred at runtime, and appended to the base url. |
Guessed based on |
spring.boot.admin.client.instance.management-url |
Management-url to register with. Can be overridden in case the reachable url is different (e.g. Docker). |
Guessed based on management-base-url and |
spring.boot.admin.client.instance.service-base-url |
Base url for computing the service-url to register with. The path is inferred at runtime, and appended to the base url. |
Guessed based on hostname, |
spring.boot.admin.client.instance.service-url |
Service-url to register with. Can be overridden in case the reachable url is different (e.g. Docker). |
Guessed based on service-base-url and |
spring.boot.admin.client.instance.name |
Name to register with. |
|
spring.boot.admin.client.instance.prefer-ip |
Use the ip-address rather then the hostname in the guessed urls. If |
|
spring.boot.admin.client.instance.metadata.* |
Metadata key-value-pairs to be asscoiated with this instance. |
Key | Value | Default value |
---|---|---|
user.name |
Credentials being used to access the endpoints. |
4. Spring Boot Admin Server
Property name | Description | Default value |
---|---|---|
spring.boot.admin.context-path |
The context-path prefixes the path where the Admin Server’s statics assets and API should be served. Relative to the Dispatcher-Servlet. |
|
spring.boot.admin.monitor.period |
Time interval in ms to update the status of applications with expired status-information. |
10,000 |
spring.boot.admin.monitor.status-lifetime |
Lifetime of application statuses in ms. The applications /health-endpoint will not be queried until the lifetime has expired. |
10,000 |
spring.boot.admin.monitor.connect-timeout |
Connect timeout in ms when querying the applications' status and info. |
2,000 |
spring.boot.admin.monitor.read-timeout |
Read timeout in ms when querying the applications' status and info. |
20,000 |
spring.boot.admin.metadata-keys-to-sanitize |
Metadata values for the keys matching these regex patterns will be sanitized in all json output. |
|
spring.boot.admin.probed-endpoints |
For Spring Boot 1.x client applications SBA probes for the specified endpoints using an OPTIONS request. If the path differs from the id you can specify this as id:path (e.g. health:ping).. |
|
spring.boot.admin.instance-proxy.ignored-headers |
Headers not to be forwarded when making requests to clients. |
`"Cookie", "Set-Cookie", "Authorization" |
4.1. Spring Cloud Discovery
The Spring Boot Admin Server can use Spring Clouds DiscoveryClient
to discover applications. The advantage is that the clients don’t have to include the spring-boot-admin-starter-client
. You just have to add a DiscoveryClient
implementation to your admin server - everything else is done by AutoConfiguration.
4.1.1. SimpleDiscoveryClient configuration
Spring Cloud provides a SimpleDiscoveryClient
. It allows you to specify client applications via static configuration:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
</dependency>
spring:
cloud:
discovery:
client:
simple:
instances:
test:
- uri: http://instance1.intern:8080
metadata:
management.context-path: /actuator
- uri: http://instance2.intern:8080
metadata:
management.context-path: /actuator
4.1.2. Other DiscoveryClients
Spring Boot Admin supports all other implementations of Spring Cloud’s DiscoveryClient
(Eureka, Zookeeper, Consul, …). You need to add it to the Spring Boot Admin Server and configure it properly.
An example setup using Eureka is shown above.
4.1.3. Converting ServiceInstances
The information from the service registry are converted by the ServiceInstanceConverter
. Spring Boot Admin ships with a default and Eureka converter implementation. The correct one is selected by AutoConfiguration.
You can modify how the information from the registry is used to register the application by using SBA Server configuration options and instance metadata. The values from the metadata takes precedence over the server config. If the plenty of options don’t fit your needs you can provide your own ServiceInstanceConverter .
|
When using Eureka, the healthCheckUrl known to Eureka is used for health-checking, which can be set on your client using eureka.instance.healthCheckUrl .
|
Key | Value | Default value |
---|---|---|
user.name |
Credentials being used to access the endpoints. |
|
management.port |
The port is substituted in the service URL and will be used for accessing the actuator endpoints. |
|
management.context-path |
The path is appended to the service URL and will be used for accessing the actuator endpoints. |
|
health.path |
The path is appended to the service URL and will be used for the health-checking. Ignored by the |
|
Property name | Description | Default value |
---|---|---|
spring.boot.admin.discovery.enabled |
Enables the DiscoveryClient-support for the admin server. |
|
spring.boot.admin.discovery.converter.management-context-path |
Will be appended to the service-url of the discovered service when the management-url is converted by the |
|
spring.boot.admin.discovery.converter.health-endpoint-path |
Will be appended to the management-url of the discovered service when the health-url is converted by the |
|
spring.boot.admin.discovery.ignored-services |
This services will be ignored when using discovery and not registered as application. Supports simple patterns (e.g. "foo*", "bar", "foo*bar"). |
|
spring.boot.admin.discovery.services |
This services will be included when using discovery and registered as application. Supports simple patterns (e.g. "foo*", "bar", "foo*bar"). |
|
4.2. Clustering
Spring Boot Admin Server supports cluster replication via Hazelcast. It is automatically enabled when a HazelcastConfig
- or HazelcastInstance
-Bean is present. You can also configure the Hazelcast instance to be persistent, to keep the status over restarts.
Also have a look at the Spring Boot support for Hazelcast.
-
Add Hazelcast to your dependencies:
pom.xml<dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast</artifactId> </dependency>
-
Instantiate a HazelcastConfig:
@Configuration @EnableAutoConfiguration @EnableAdminServer public class SpringBootAdminApplication { @Bean public Config hazelcastConfig() { MapConfig mapConfig = new MapConfig("spring-boot-admin-event-store").setInMemoryFormat(InMemoryFormat.OBJECT) .setBackupCount(1) .setEvictionPolicy(EvictionPolicy.NONE); return new Config().setProperty("hazelcast.jmx", "true").addMapConfig(mapConfig); } @Profile("insecure") @Configuration public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll()// .and().csrf().disable(); } } @Profile("secure") @Configuration public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter { private final String adminContextPath; public SecuritySecureConfig(AdminServerProperties adminServerProperties) { this.adminContextPath = adminServerProperties.getContextPath(); } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter("redirectTo"); http.authorizeRequests() .antMatchers(adminContextPath + "/assets/**").permitAll() .antMatchers(adminContextPath + "/login").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and() .logout().logoutUrl(adminContextPath + "/logout").and() .httpBasic().and() .csrf().disable(); // @formatter:on } } public static void main(String[] args) { SpringApplication.run(SpringBootAdminApplication.class, args); } }
Property name | Description | Default value |
---|---|---|
spring.boot.admin.hazelcast.enabled |
Enables the Hazelcast support |
|
spring.boot.admin.hazelcast.event-store |
Name of the Hazelcast-map to store the events |
|
4.3. Notifications
4.3.1. Reminder notifications
The RemindingNotifier
sends reminders for down/offline applications, it delegates the sending of notifications to another notifier.
By default a reminder is triggered when a registered application changes to DOWN
or OFFLINE
. You can alter this behaviour via setReminderStatuses()
. The reminder ends when either the status changes to a non-triggering status or the regarding application gets deregistered.
By default the reminders are sent every 10 minutes, to change this use setReminderPeriod()
. The RemindingNotifier
itself doesn’t start the background thread to send the reminders, you need to take care of this as shown in the given example below;
@Configuration
@EnableScheduling
public class NotifierConfiguration {
@Autowired
private Notifier notifier;
@Bean
@Primary
public RemindingNotifier remindingNotifier() {
RemindingNotifier remindingNotifier = new RemindingNotifier(notifier);
remindingNotifier.setReminderPeriod(TimeUnit.MINUTES.toMillis(5)); (1)
return remindingNotifier;
}
@Scheduled(fixedRate = 60_000L) (2)
public void remind() {
remindingNotifier().sendReminders();
}
}
1 | The reminders will be sent every 5 minutes. |
2 | Schedules sending of due reminders every 60 seconds. |
4.3.2. Filtering notifications
The FilteringNotifier
allows you to filter certain notification based on rules you can add/remove at runtime. It delegates the sending of notifications to another notifier.
If you add a FilteringNotifier
to your ApplicationContext
a RESTful interface on api/notifications/filter
gets available.
This notifier is useful if you don’t want recieve notifications when deploying your applications. Before stopping the application you can add an (expiring) filter either via a POST
request.
@Configuration
@EnableScheduling
public class NotifierConfiguration {
@Autowired
private Notifier delegate;
@Bean
public FilteringNotifier filteringNotifier() { (1)
return new FilteringNotifier(delegate);
}
@Bean
@Primary
public RemindingNotifier remindingNotifier() { (2)
RemindingNotifier notifier = new RemindingNotifier(filteringNotifier());
notifier.setReminderPeriod(TimeUnit.SECONDS.toMillis(10));
return notifier;
}
@Scheduled(fixedRate = 1_000L)
public void remind() {
remindingNotifier().sendReminders();
}
}
1 | Add the FilteringNotifier bean using a delegate (e.g. MailNotifier when configured) |
2 | Add the RemindingNotifier as primary bean using the FilteringNotifier as delegate. |
This example combines the reminding and filtering notifiers. This allows you to get notifications after the deployed application hasn’t restarted in a certain amount of time (until the filter expires). |
4.3.3. Mail notifications
Mail notifications will be delivered as HTML emails rendered using Thymeleaf templates.
To enable Mail notifications, configure a JavaMailSender
using spring-boot-starter-mail
and set a recipient.

To prevent disclosure of sensitive information, the default mail template doesn’t show any metadata of the instance. If you want to you show some of the metadata you can use a custom template. |
-
Add spring-boot-starter-mail to your dependencies:
pom.xml<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-mail</artifactId> </dependency>
-
Configure a JavaMailSender
application.propertiesspring.mail.host=smtp.example.com spring.boot.admin.notify.mail.to=admin@example.com
-
Configure the mail with the options below
Table 7. Mail notifications configuration options Property name Description Default value spring.boot.admin.notify.mail.enabled
Enable mail notifications
true
spring.boot.admin.notify.mail.ignore-changes
Comma-delimited list of status changes to be ignored. Format: "<from-status>:<to-status>". Wildcards allowed.
"UNKNOWN:UP"
spring.boot.admin.notify.mail.template
Resource path to the Thymelef template used for rendering.
"classpath:/META-INF/spring-boot-admin-server/mail/status-changed.html"
spring.boot.admin.notify.mail.to
Comma-delimited list of mail recipients
"root@localhost"
spring.boot.admin.notify.mail.cc
Comma-delimited list of carbon-copy recipients
spring.boot.admin.notify.mail.from
Mail sender
"Spring Boot Admin <noreply@localhost>"
spring.boot.admin.notify.mail.additional-properties
Additional properties which can be accessed from the template
4.3.4. PagerDuty notifications
To enable PagerDuty notifications you just have to add a generic service to your PagerDuty-account and set spring.boot.admin.notify.pagerduty.service-key
to the service-key you received.
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.pagerduty.enabled |
Enable mail notifications |
|
spring.boot.admin.notify.pagerduty.ignore-changes |
Comma-delimited list of status changes to be ignored. Format: "<from-status>:<to-status>". Wildcards allowed. |
|
spring.boot.admin.notify.pagerduty.service-key |
Service-key to use for PagerDuty |
|
spring.boot.admin.notify.pagerduty.url |
The Pagerduty-rest-api url |
|
spring.boot.admin.notify.pagerduty.description |
Description to use in the event. SpEL-expressions are supported |
|
spring.boot.admin.notify.pagerduty.client |
Client-name to use in the event |
|
spring.boot.admin.notify.pagerduty.client-url |
Client-url to use in the event |
4.3.5. OpsGenie notifications
To enable OpsGenie notifications you just have to add a new JSON Rest API integration to your OpsGenie account and set spring.boot.admin.notify.opsgenie.api-key
to the apiKey you received.
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.opsgenie.enabled |
Enable OpsGenie notifications |
|
spring.boot.admin.notify.opsgenie.ignore-changes |
Comma-delimited list of status changes to be ignored. Format: "<from-status>:<to-status>". Wildcards allowed. |
|
spring.boot.admin.notify.opsgenie.api-key |
apiKey you received when creating the integration |
|
spring.boot.admin.notify.opsgenie.url |
OpsGenie Alert API url |
|
spring.boot.admin.notify.opsgenie.description |
Description to use in the event. SpEL-expressions are supported |
|
spring.boot.admin.notify.opsgenie.actions |
Comma separated list of actions that can be executed. |
|
spring.boot.admin.notify.opsgenie.source |
Field to specify source of alert. By default, it will be assigned to IP address of incoming request. |
|
spring.boot.admin.notify.opsgenie.tags |
Comma separated list of labels attached to the alert. |
|
spring.boot.admin.notify.opsgenie.entity |
The entity the alert is related to. |
|
spring.boot.admin.notify.opsgenie.user |
Default owner of the execution. If user is not specified, the system becomes owner of the execution. |
4.3.6. Hipchat notifications
To enable Hipchat notifications you need to create an API token on your Hipchat account and set the appropriate configuration properties.
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.hipchat.enabled |
Enable Hipchat notifications |
|
spring.boot.admin.notify.hipchat.ignore-changes |
Comma-delimited list of status changes to be ignored. Format: "<from-status>:<to-status>". Wildcards allowed. |
|
spring.boot.admin.notify.hipchat.url |
The HipChat REST API (V2) URL |
|
spring.boot.admin.notify.hipchat.auth-token |
The API token with access to the notification room |
|
spring.boot.admin.notify.hipchat.room-id |
The ID or url-encoded name of the room to send notifications to |
|
spring.boot.admin.notify.hipchat.notify |
Whether the message should trigger a user notification |
|
spring.boot.admin.notify.hipchat.description |
Description to use in the event. SpEL-expressions are supported |
|
4.3.7. Slack notifications
To enable Slack notifications you need to add a incoming Webhook under custom integrations on your Slack account and configure it appropriately.
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.slack.enabled |
Enable Slack notifications |
|
spring.boot.admin.notify.slack.ignore-changes |
Comma-delimited list of status changes to be ignored. Format: "<from-status>:<to-status>". Wildcards allowed. |
|
spring.boot.admin.notify.slack.webhook-url |
The Slack Webhook URL to send notifications |
|
spring.boot.admin.notify.slack.channel |
Optional channel name (without # at the beginning). If different than channel in Slack Webhooks settings |
|
spring.boot.admin.notify.slack.icon |
Optional icon name (without surrounding colons). If different than icon in Slack Webhooks settings |
|
spring.boot.admin.notify.slack.username |
Optional username to send notification if different than in Slack Webhooks settings |
|
spring.boot.admin.notify.slack.message |
Message to use in the event. SpEL-expressions and Slack markups are supported |
|
4.3.8. Let’s Chat notifications
To enable Let’s Chat notifications you need to add the host url and add the API token and username from Let’s Chat
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.letschat.enabled |
Enable let´s Chat notifications |
|
spring.boot.admin.notify.letschat.ignore-changes |
Comma-delimited list of status changes to be ignored. Format: "<from-status>:<to-status>". Wildcards allowed. |
|
spring.boot.admin.notify.letschat.url |
The let´s Chat Host URL to send notifications |
|
spring.boot.admin.notify.letschat.room |
the room where to send the messages |
|
spring.boot.admin.notify.letschat.token |
the token to access the let´s Chat API |
|
spring.boot.admin.notify.letschat.username |
The username for which the token was created |
|
spring.boot.admin.notify.letschat.message |
Message to use in the event. SpEL-expressions are supported |
|
4.3.9. Microsoft Teams notifications
To enable Microsoft Teams notifications you need to setup a connector webhook url and set the appropriate configuration property.
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.ms-teams.enabled |
Enable Microsoft Teams notifications |
|
spring.boot.admin.notify.ms-teams.webhook-url |
The Microsoft Teams webhook url to send the notifications to. |
|
spring.boot.admin.notify.ms-teams.* |
There are several options to customize the message title and color |
4.3.10. Telegram notifications
To enable Telegram notifications you need to create and authorize a telegram bot and set the appropriate configuration properties for auth-token and chat-id.
Property name | Description | Default value |
---|---|---|
spring.boot.admin.notify.telegram.enabled |
Enable Microsoft Teams notifications |
|
spring.boot.admin.notify.telegram.auth-token |
The token identifiying und authorizing your Telegram bot (e.g. |
|
spring.boot.admin.notify.telegram.chat-id |
Unique identifier for the target chat or username of the target channel |
|
spring.boot.admin.notify.telegram.disable-notify |
If true users will receive a notification with no sound. |
|
spring.boot.admin.notify.telegram.parse_mode |
The parsing mode for the sent message. Currently |
|
spring.boot.admin.notify.telegram.message |
Text to send. SpEL-expressions are supported. |
|
5. Security
5.1. Securing Spring Boot Admin Server
Since there are several approaches on solving authentication and authorization in distributed web applications Spring Boot Admin doesn’t ship a default one.
If you include the spring-boot-admin-server-ui-login
in your dependencies it will provide a login page and a logout button.
A Spring Security configuration could look like this:
@Configuration
public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
private final String adminContextPath;
public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
this.adminContextPath = adminServerProperties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
http.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(adminContextPath + "/logout").and()
.httpBasic().and()
.csrf().disable();
// @formatter:on
}
}
For a complete sample look at github.com/codecentric/spring-boot-admin/tree/master/spring-boot-admin-samples/spring-boot-admin-sample-servlet/[spring-boot-admin-sample-servlet.
If you protect the /api/applications endpoint don’t forget to configure the username and password on your SBA-Client using spring.boot.admin.client.username and spring.boot.admin.instance.password .
|
5.2. Securing Client Actuator Endpoints
When the actuator endpoints are secured using HTTP Basic authentication the SBA Server needs credentials to access them. You can submit the credentials in the metadata when registering the application. The BasicAuthHttpHeaderProvider
then uses this metadata to add the Authorization
header to access your application’s actuator endpoints. You can provide your own HttpHeadersProvider
to alter the behaviour (e.g. add some decryption) or add extra headers.
Submitting the credentials using SBA Client:
spring.boot.admin.client:
url: http://localhost:8080
instance:
metadata:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
Submitting the credentials using Eureka:
eureka:
instance:
metadata-map:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
The SBA Server masks certain metadata in the HTTP interface to prevent leaking of sensitive information. |
You should configure HTTPS for your SBA Server or (service registry) when submitting credentials via the metadata. |
When using Spring Cloud Discovery, you must be aware that anybody who can query your service registry can obtain the credentials. |
When using this approach the SBA Server decides whether or not the user can access the registered applications. There are more complex solutions possible (using OAuth2) to let the clients decide if the user can access the endpoints. For that please have a look at the samples in joshiste/spring-boot-admin-samples. |
6. Monitoring Spring Boot 1.5.x
It is possible to monitor Spring Boot 1.5.x applications with Spring Boot Admin 2.x. The old Spring Boot Admin Client is able to register at a newer server. Since the API has slight changes, you need to set the following property on old clients:
-
Reconfigure the api path for Spring Boot Admin Client 1.5.x:
application.ymlspring.boot.admin.api-path: instances
As some of the actuator endpoints changed with the Spring Boot 2 release not all options might be available
(e.g. /metrics
endpoint); for some of the endpoints we provide legacy converters.
7. Changes with 2.x
-
Added stable automatic-module-name to all jars
7.1. UI
-
Rewritten ui using vue.js
-
Integrated ui-login module into the main ui module
-
Removed ui-activiti module, as it was only used rarely
-
Removed Hystrix-Dashboard integration (subject to change)
-
Added support for the session endpoint
-
Added display of the (sanitized) metadata
-
Added option to reset loglevels
-
Added wallboard view
7.2. Backend
-
Moved all classes to the
spring.boot.admin.server
package -
Redesigned backend using event sourcing principles
-
Added concept of applications (consisting of 1 to n instances)
-
Moved endpoint detection to the backend by querying the
/actuator
-index or by probing via OPTIONS request -
Replaced Zuul with a custom proxy using the WebClient
-
Removed dependency on spring-cloud-starter
-
Added
CompositeHttpHeadersProvider
to support multipleHttpHeadersProviders
at the same time -
Added `InstanceExchangeFilterFunction`s which allows to intercept/modify the requests to the monitored instances
-
Added out-of-the-box support for CloudFoundry
-
Added support for Spring Boot 1.5.x actuator endpoints using
LegacyEndpointConverters
-
Update
OpsGenieNotifier
to api v2 -
Rewritten the
MailNotifier
to use Thymeleaf templates
7.3. Client
-
Moved all properties to
spring.boot.admin.client.
andspring.boot.admin.client.instance.
-
Moved all classes to the
spring.boot.admin.client
package -
Added support webflux applications
-
Added out-of-the-box support for CloudFoundry
8. FAQs
- Can I include spring-boot-admin into my business application?
-
tl;dr You can, but you shouldn’t.
You can setspring.boot.admin.context-path
to alter the path where the UI and REST-API is served, but depending on the complexity of your application you might get in trouble. On the other hand in my opinion it makes no sense for an application to monitor itself. In case your application goes down your monitoring tool also does.