Spring-boot Actuator SSL configuration

Question

I'm developing a webapplication with Spring-boot using embedded tomcat. One of the requirements of this app is 2-way SSL (clientAuth).

Enabling ClientAuth is easy enough however we also like to use spring-boot Actuator for management of the app on a different port without clientAuth.

Is there is a clean way to do this?

(Disabling SSL on the actuator endpoints would also be enough)

Looking at the source of org.springframework.boot.actuate.autoconfigure.EndpointWebMvcChildContextConfiguration i see a ServerProperties is injected From the beanFactory, but my Spring experience is too limited to work out how/if i can influence this which bean is actualy injected there, or how i could get a hold of the bean to configure it. — pvgoddijn
It should be possible by config docs.spring.io/spring-boot/docs/current/reference/htmlsingle/… — Redlab
Must have been in a update to spring boot since i asked this question, thanks. (you can make it a answer if you like) — pvgoddijn

Redlab Redlab · Accepted Answer · 2016-12-13T18:57:33

According to latest spring docs, you can use

management.server.port=8080
management.server.ssl.enabled=false

in the properties to configure the management ports. see production-ready-management-specific-ssl in the spring boot doc for more options.