Spring Boot Admin Server

Running Behind a Front-end Proxy Server

In case the Spring Boot Admin server is running behind a reverse proxy, it may be requried to configure the public url where the server is reachable via (spring.boot.admin.ui.public-url). In addition when the reverse proxy terminates the https connection, it may be necessary to configure server.forward-headers-strategy=native (also see Spring Boot Reference Guide).

Configuration Options

Property name Description Default value

spring.boot.admin.server.enabled

Enables the Spring Boot Admin Server.

true

spring.boot.admin.context-path

The context-path prefixes the path where the Admin Server’s statics assets and API should be served. Relative to the Dispatcher-Servlet.

spring.boot.admin.monitor.status-interval

Time interval to check the status of instances.

10,000ms

spring.boot.admin.monitor.status-max-backoff

The maximal backoff for status check retries (retry after error has exponential backoff, minimum backoff is 1 second).

60,000ms

spring.boot.admin.monitor.status-lifetime

Lifetime of status. The status won’t be updated as long the last status isn’t expired.

10,000ms

spring.boot.admin.monitor.info-interval

Time interval to check the info of instances.

1m

spring.boot.admin.monitor.info-max-backoff

The maximal backoff for info check retries (retry after error has exponential backoff, minimum backoff is 1 second).

10m

spring.boot.admin.monitor.info-lifetime

Lifetime of info. The info won’t be updated as long the last info isn’t expired.

1m

spring.boot.admin.monitor.default-timeout

Default timeout when making requests. Individual values for specific endpoints can be overridden using spring.boot.admin.monitor.timeout.*.

10,000

spring.boot.admin.monitor.timeout.*

Key-Value-Pairs with the timeout per endpointId. Defaults to default-timeout.

spring.boot.admin.monitor.default-retries

Default number of retries for failed requests. Modifying requests (PUT, POST, PATCH, DELETE) are never retried. Individual values for specific endpoints can be overridden using spring.boot.admin.monitor.retries.*.

0

spring.boot.admin.monitor.retries.*

Key-Value-Pairs with the number of retries per endpointId. Defaults to default-retries. Modifying requests (PUT, POST, PATCH, DELETE) are never retried.

spring.boot.admin.metadata-keys-to-sanitize

Metadata values for the keys matching these regex patterns will be sanitized in all json output.

Starting from Spring Boot 3, all actuator values are masked by default.

Take a look at the Spring Boot documentation in order to configure unsanitizing of values (Sanitize Sensitive Values).

".password$", ".*secret$", ".*key$", ".*token$", ".*credentials.", ".*vcap_services$"

spring.boot.admin.probed-endpoints

For Spring Boot 1.x client applications SBA probes for the specified endpoints using an OPTIONS request. If the path differs from the id you can specify this as id:path (e.g. health:ping)..

"health", "env", "metrics", "httptrace:trace", "threaddump:dump", "jolokia", "info", "logfile", "refresh", "flyway", "liquibase", "heapdump", "loggers", "auditevents"

spring.boot.admin.instance-auth.enabled

Enable pulling credentials from spring configuration properties

true

spring.boot.admin.instance-auth.default-user-name

A default user name used to authenticate to registered services. The spring.boot.admin.instance-auth.enabled property must be true.

null

spring.boot.admin.instance-auth.default-password

A default user password used to authenticate to registered services. The spring.boot.admin.instance-auth.enabled property must be true.

null

spring.boot.admin.instance-auth.service-map.*.user-name

A user name used to authenticate to the registered service with the specified name. The spring.boot.admin.instance-auth.enabled property must be true.

spring.boot.admin.instance-auth.service-map.*.user-password

A user password used to authenticate to the registered service with the specified name. The spring.boot.admin.instance-auth.enabled property must be true.

spring.boot.admin.instance-proxy.ignored-headers

Headers not to be forwarded when making requests to clients.

"Cookie", "Set-Cookie", "Authorization"

spring.boot.admin.ui.public-url

Base url to use to build the base href in the ui.

If running behind a reverse proxy (using path rewriting) this can be used to make correct self references. If the host/port is omitted it will be inferred from the request.

spring.boot.admin.ui.brand

Brand to be shown in the navbar.

"<img src="assets/img/icon-spring-boot-admin.svg"><span>Spring Boot Admin</span>"

spring.boot.admin.ui.title

Page-Title to be shown.

"Spring Boot Admin"

spring.boot.admin.ui.login-icon

Icon used as image on login page.

"assets/img/icon-spring-boot-admin.svg"

spring.boot.admin.ui.favicon

Icon used as default favicon and icon for desktop notifications.

"assets/img/favicon.png"

spring.boot.admin.ui.favicon-danger

Icon used as favicon when one or more service is down and for desktop notifications.

"assets/img/favicon-danger.png"

spring.boot.admin.ui.remember-me-enabled

Switch to show/hide the remember-me checkbox on the login page.

true

spring.boot.admin.ui.poll-timer.cache

Polling duration in ms to fetch new cache data.

2500

spring.boot.admin.ui.poll-timer.datasource

Polling duration in ms to fetch new datasource data.

2500

spring.boot.admin.ui.poll-timer.gc

Polling duration in ms to fetch new gc data.

2500

spring.boot.admin.ui.poll-timer.process

Polling duration in ms to fetch new process data.

2500

spring.boot.admin.ui.poll-timer.memory

Polling duration in ms to fetch new memory data.

2500

spring.boot.admin.ui.poll-timer.threads

Polling duration in ms to fetch new threads data.

2500

spring.boot.admin.ui.poll-timer.logfile

Polling duration in ms to fetch new logfile data.

1000

spring.boot.admin.ui.enable-toasts

Allows to enable toast notifications.

false

Spring Cloud Discovery

The Spring Boot Admin Server can use Spring Clouds DiscoveryClient to discover applications. The advantage is that the clients don’t have to include the spring-boot-admin-starter-client. You just have to add a DiscoveryClient implementation to your admin server - everything else is done by AutoConfiguration.

Static Configuration using SimpleDiscoveryClient

Spring Cloud provides a SimpleDiscoveryClient. It allows you to specify client applications via static configuration:

pom.xml 
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter</artifactId>
</dependency>
application.yml 
spring:
  cloud:
    discovery:
      client:
        simple:
          instances:
            test:
              - uri: http://instance1.intern:8080
                metadata:
                  management.context-path: /actuator
              - uri: http://instance2.intern:8080
                metadata:
                  management.context-path: /actuator

Other DiscoveryClients

Spring Boot Admin supports all other implementations of Spring Cloud’s DiscoveryClient (Eureka, Zookeeper, Consul, Kubernetes, …​). You need to add it to the Spring Boot Admin Server and configure it properly. An example setup using Eureka is shown above.

Converting ServiceInstances

The information from the service registry are converted by the ServiceInstanceConverter. Spring Boot Admin ships with a default and Eureka converter implementation. The correct one is selected by AutoConfiguration.

You can modify how the information from the registry is used to register the application by using SBA Server configuration options and instance metadata. The values from the metadata takes precedence over the server config. If the plenty of options don’t fit your needs you can provide your own ServiceInstanceConverter.
When using Eureka, the healthCheckUrl known to Eureka is used for health-checking, which can be set on your client using eureka.instance.healthCheckUrl.
Table 1. Instance metadata options
Key Value Default value

user.name
user.password

Credentials being used to access the endpoints.

management.scheme

The scheme is substituted in the service URL and will be used for accessing the actuator endpoints.

management.address

The address is substituted in the service URL and will be used for accessing the actuator endpoints.

management.port

The port is substituted in the service URL and will be used for accessing the actuator endpoints.

management.context-path

The path is appended to the service URL and will be used for accessing the actuator endpoints.

${spring.boot.admin.discovery.converter.management-context-path}

health.path

The path is appended to the service URL and will be used for the health-checking. Ignored by the EurekaServiceInstanceConverter.

${spring.boot.admin.discovery.converter.health-endpoint}

group

The group is used to group services in the UI by the group name instead of application name.
Table 2. Discovery configuration options
Property name Description Default value

spring.boot.admin.discovery.enabled

Enables the DiscoveryClient-support for the admin server.

true

spring.boot.admin.discovery.converter.management-context-path

Will be appended to the service-url of the discovered service when the management-url is converted by the DefaultServiceInstanceConverter.

/actuator

spring.boot.admin.discovery.converter.health-endpoint-path

Will be appended to the management-url of the discovered service when the health-url is converted by the DefaultServiceInstanceConverter.

"health"

spring.boot.admin.discovery.ignored-services

This services will be ignored when using discovery and not registered as application. Supports simple patterns (e.g. "foo*", "*bar", "foo*bar*").

spring.boot.admin.discovery.services

This services will be included when using discovery and registered as application. Supports simple patterns (e.g. "foo*", "*bar", "foo*bar*").

"*"

spring.boot.admin.discovery.ignored-instances-metadata

Instances of services will be ignored if they contain at least one metadata item that matches this list. (e.g. "discoverable=false")

spring.boot.admin.discovery.instances-metadata

Instances of services will be included if they contain at least one metadata item that matches this list. (e.g. "discoverable=true")

CloudFoundry

If you are deploying your applications to CloudFoundry then vcap.application.application_id and vcap.application.instance_index must be added to the metadata for proper registration of applications with Spring Boot Admin Server. Here is a sample configuration for Eureka:

application.yml 
eureka:
  instance:
    hostname: ${vcap.application.uris[0]}
    nonSecurePort: 80
    metadata-map:
      applicationId: ${vcap.application.application_id}
      instanceId: ${vcap.application.instance_index}

Clustering

Spring Boot Admin Server supports cluster replication via Hazelcast. It is automatically enabled when a HazelcastConfig- or HazelcastInstance-Bean is present. You can also configure the Hazelcast instance to be persistent, to keep the status over restarts. Also have a look at the Spring Boot support for Hazelcast.

  1. Add Hazelcast to your dependencies:

    pom.xml 
    <dependency>
    <groupId>com.hazelcast</groupId>
    <artifactId>hazelcast</artifactId>
</dependency>

  2. Instantiate a HazelcastConfig:

    @Bean
public Config hazelcastConfig() {
        // This map is used to store the events.
        // It should be configured to reliably hold all the data,
        // Spring Boot Admin will compact the events, if there are too many
        MapConfig eventStoreMap = new MapConfig(DEFAULT_NAME_EVENT_STORE_MAP).setInMemoryFormat(InMemoryFormat.OBJECT)
                .setBackupCount(1)
                .setMergePolicyConfig(new MergePolicyConfig(PutIfAbsentMergePolicy.class.getName(), 100));

        // This map is used to deduplicate the notifications.
        // If data in this map gets lost it should not be a big issue as it will atmost
        // lead to
        // the same notification to be sent by multiple instances
        MapConfig sentNotificationsMap = new MapConfig(DEFAULT_NAME_SENT_NOTIFICATIONS_MAP)
                .setInMemoryFormat(InMemoryFormat.OBJECT)
                .setBackupCount(1)
                .setEvictionConfig(
                                new EvictionConfig().setEvictionPolicy(EvictionPolicy.LRU).setMaxSizePolicy(MaxSizePolicy.PER_NODE))
                .setMergePolicyConfig(new MergePolicyConfig(PutIfAbsentMergePolicy.class.getName(), 100));

        Config config = new Config();
        config.addMapConfig(eventStoreMap);
        config.addMapConfig(sentNotificationsMap);
        config.setProperty("hazelcast.jmx", "true");

        // WARNING: This setups a local cluster, you change it to fit your needs.
        config.getNetworkConfig().getJoin().getMulticastConfig().setEnabled(false);
        TcpIpConfig tcpIpConfig = config.getNetworkConfig().getJoin().getTcpIpConfig();
        tcpIpConfig.setEnabled(true);
        tcpIpConfig.setMembers(singletonList("127.0.0.1"));
        return config;
}
Table 3. Hazelcast configuration options
Property name Description Default value

spring.boot.admin.hazelcast.enabled

Enables the Hazelcast support

true

spring.boot.admin.hazelcast.event-store

Name of the Hazelcast-map to store the events

"spring-boot-admin-event-store"

spring.boot.admin.hazelcast.sent-notifications

Name of the Hazelcast-map used to deduplicate the notifications.

"spring-boot-admin-sent-notifications"