Closed PierreBesson closed 7 months ago
I'm fully in favor of a different port, I already use it in a project for security reasons.
Having secure defaults for JHipster v7 seems a good choice to me, and for users who want to have one single port, it's very easy to revert by configuration as you mentioned it.
I would say have a dedicated port by default.
do you want to take this ticket and lead this part @PierreBesson ?
This issue is stale because it has been open 30 days with no activity. Our core developers tend to be more verbose on denying. If there is no negative comment, possibly this feature will be accepted. We are accepting PRs :smiley:. Comment or this will be closed in 7 days
@PierreBesson are you available to contribute to this ticket?
This issue is stale because it has been open for too long without any activity. Due to the moving nature of jhipster generated application, bugs can become invalid. If this issue still applies please comment otherwise it will be closed in 7 days
Overview of the feature request
Set the
management.server.port
property to a different value from the one inserver.port
on generated apps to expose the management API to a different port.Motivation for or Use Case
Exposing the management API on a different port is generally a good practice but was not implemented because it could break the existing admin screens. However, with the JHCC becoming available, there is a way to access those screens on a different app which could work even if those endpoints are on a different port.
Moreover, in the JHCC RFC design document, there is the example of the JHCC connecting to the management endpoints on port 9999. To improve security, the JHCC should support any port and be able to dynamically discover the port from instance metadata with these settings (eg for eureka) :
However this asks the question, should we expose a different management port by default for JHipster v7 or just leave it the same as the normal server port (with users being able to change it by themselves) ? What do you think @jhipster/developers ? It could also be set to a different port in deployment files only (Kubernetes, docker-compose...).
We should also add a log on startup to show that the management port is different.