search

jhipster / generator-jhipster

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.
https://www.jhipster.tech
Apache License 2.0
21.54k stars 4.02k forks source link

Expose management endpoints on a different port #12184

Closed PierreBesson closed 7 months ago

PierreBesson commented 4 years ago
Overview of the feature request

Set the management.server.port property to a different value from the one in server.port on generated apps to expose the management API to a different port.

Motivation for or Use Case

Exposing the management API on a different port is generally a good practice but was not implemented because it could break the existing admin screens. However, with the JHCC becoming available, there is a way to access those screens on a different app which could work even if those endpoints are on a different port.

Moreover, in the JHCC RFC design document, there is the example of the JHCC connecting to the management endpoints on port 9999. To improve security, the JHCC should support any port and be able to dynamically discover the port from instance metadata with these settings (eg for eureka) : 

eureka:                                                                                                                                                                                                                                                                                           
  instance:                                                                                                                                                                                                                                                               
    metadata-map:                                                                                                                                                         
      management-port: ${management.server.port:}

However this asks the question, should we expose a different management port by default for JHipster v7 or just leave it the same as the normal server port (with users being able to change it by themselves) ? What do you think @jhipster/developers ? It could also be set to a different port in deployment files only (Kubernetes, docker-compose...).

We should also add a log on startup to show that the management port is different.

gmarziou commented 4 years ago

I'm fully in favor of a different port, I already use it in a project for security reasons.

Having secure defaults for JHipster v7 seems a good choice to me, and for users who want to have one single port, it's very easy to revert by configuration as you mentioned it.

atomfrede commented 4 years ago

I would say have a dedicated port by default.

pascalgrimaud commented 4 years ago

do you want to take this ticket and lead this part @PierreBesson ?

github-actions[bot] commented 4 years ago

This issue is stale because it has been open 30 days with no activity. Our core developers tend to be more verbose on denying. If there is no negative comment, possibly this feature will be accepted. We are accepting PRs :smiley:. Comment or this will be closed in 7 days

DanielFran commented 1 year ago

@PierreBesson are you available to contribute to this ticket?

github-actions[bot] commented 7 months ago

This issue is stale because it has been open for too long without any activity. Due to the moving nature of jhipster generated application, bugs can become invalid. If this issue still applies please comment otherwise it will be closed in 7 days