generator-jhipster icon indicating copy to clipboard operation
generator-jhipster copied to clipboard

Published 20 hours ago verified publisher icon jhipster

Expose management endpoints on a different port

Open PierreBesson opened this issue 5 years ago • 5 comments

Overview of the feature request

Set the management.server.port property to a different value from the one in server.port on generated apps to expose the management API to a different port.

Motivation for or Use Case

Exposing the management API on a different port is generally a good practice but was not implemented because it could break the existing admin screens. However, with the JHCC becoming available, there is a way to access those screens on a different app which could work even if those endpoints are on a different port.

Moreover, in the JHCC RFC design document, there is the example of the JHCC connecting to the management endpoints on port 9999. To improve security, the JHCC should support any port and be able to dynamically discover the port from instance metadata with these settings (eg for eureka) :

eureka:                                                                                                                                                                                                                                                                                           
  instance:                                                                                                                                                                                                                                                               
    metadata-map:                                                                                                                                                         
      management-port: ${management.server.port:}

However this asks the question, should we expose a different management port by default for JHipster v7 or just leave it the same as the normal server port (with users being able to change it by themselves) ? What do you think @jhipster/developers ? It could also be set to a different port in deployment files only (Kubernetes, docker-compose...).

We should also add a log on startup to show that the management port is different.

  • [x] Checking this box is mandatory (this is just to show you read everything)

PierreBesson avatar Jul 31 '20 14:07 PierreBesson

I'm fully in favor of a different port, I already use it in a project for security reasons.

Having secure defaults for JHipster v7 seems a good choice to me, and for users who want to have one single port, it's very easy to revert by configuration as you mentioned it.

gmarziou avatar Jul 31 '20 15:07 gmarziou

I would say have a dedicated port by default.

atomfrede avatar Jul 31 '20 15:07 atomfrede

do you want to take this ticket and lead this part @PierreBesson ?

pascalgrimaud avatar Aug 16 '20 08:08 pascalgrimaud

This issue is stale because it has been open 30 days with no activity. Our core developers tend to be more verbose on denying. If there is no negative comment, possibly this feature will be accepted. We are accepting PRs :smiley:. Comment or this will be closed in 7 days

github-actions[bot] avatar Oct 10 '20 00:10 github-actions[bot]

@PierreBesson are you available to contribute to this ticket?

DanielFran avatar Jun 20 '23 12:06 DanielFran

This issue is stale because it has been open for too long without any activity. Due to the moving nature of jhipster generated application, bugs can become invalid. If this issue still applies please comment otherwise it will be closed in 7 days

github-actions[bot] avatar Mar 04 '24 00:03 github-actions[bot]