I have a config server using git and vault backends and several clients that access the config server, everything is working fine so far. Now I want to centralize the logging configuration as well (as they will all log to logstash) and have added the logback.xml to the repository.
Now I'm faced with a basic problem that has always existed but was never a problem: The config server only accepts requests that have the "X-Config-Token" header, otherwise it just rejects the request. The header value itself doesn't matter, it just has to be present. Is there a way around this limitation? I've put
logging:
config: ${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/master/logback.xml
in my bootstrap.yml which obviously can't send any headers. It actually baffles me that requests without a token are rejected and that Spring doesn't just serve from git and ignores Vault when no token is present.
Thanks for any help!
This is a bug within Spring, see https://github.com/spring-cloud/spring-cloud-config/issues/1512
Related
I have been experimenting with the Baeldung Keycloak tutorial here and did not specify the property
keycloak.security-constraints[0].authRoles[0] in the application.properties file e.g. application.properties file looks like this:
server.port=8081
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
keycloak.auth-server-url=http://<keycloak_server>
keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/customers/*
I have NOT included the spring-boot-starter-security dependency for this so all keycloak settings are via application.properties
The application starts up fine but surprisingly (to me at least) it allows access to the /customers/* endpoint even though I have specified a pattern for it in the security-constraints. In my mind I would have expected the endpoint to either:
Reject ALL requests because no roles had been specified, or
Accept any and ONLY authorised requests because no roles have been specified, or
At least log to the console that no roles have been specified
Is there a reason for the behaviour I observed as it seems a little insecure to me particularly if something is mis-configured or a typo?
Also is it possible to NOT specify any roles and accept any authorised request?
I am a little out of my league on this one as I am still getting familiar with everything Springboot. Onto my problem...
I am unable to access actuator for an application that is running in a fat jar file on an application server. All works great when I run the application locally through Eclipse as I am perfectly able to access a couple of the endpoints (health, logfile) via a browser and Postman.
However, when I attempt to access those same endpoints (via curl, a browser or Postman) using the application server's url, I get a 404. I am able to access other custom written apis within the application with no issue, just not actuator apis.
I know I am missing something very obvious, but cannot figure out what that is.
Good - http://localhost:9091/actuator/health --> from a browser or Postman
Not good - http://my-app-testserver-01:9090/actuator/health or curl localhost:9090/actuator/healthand both yield the below error. NOTE that the curl is performed on the application server.
"timestamp":"2022-06-30T20:57:12.191+00:00","status":404,"error":"Not Found","path":"/actuator/health"
What else? Oh yeah, below is a snippet from my yml file pertaining to actuator and I believe that is ok.
Any insight on this is greatly appreciated. Thank you.
management:
server:
port: 9090
endpoints:
web:
exposure:
include: "health,info,logfile" ```
This is all set now. I was setting up the application on a new server and had to have the ports opened up for me. Once that was done I was able to access the Actuator apis with no issues.
I have two microservices. A Spring Cloud Config Server and another module that implements Spring Cloud Config Client. When I use the default configuration for the Spring Cloud Config Server service (localhost:8888) I can start it locally without any issues, after which I can start my other module as well, using a bootstrap.yml, it clearly finds the Config Server, fetches its properties and starts properly. All good. Now I'd like to push both of these services to Pivotal Cloud Foundry.
The Config Server service works just fine, service is up and running in my Space, and using the browser I can verify that it can still fetch the property files from the specific GitHub repository.
The problem is the other module, the client. I've replaced the default localhost:8888 in its bootstrap.yml file (spring.cloud.config.url parameter) to the now active service in the cloud using the Route bound to it and tried to start it locally. Unfortunately now it simply timeouts during startup. At this point I tried to specify longer timeouts but nothing helps.
Interesting thing is that if I directly copy the URL from the logs that timeouts I see it works properly in the browser locally. So why not in IntelliJ when I try to package the client with the changed parameter?
Sorry, I can't include much details here, but I hope maybe there is a straightforward solution that I've missed. Thanks!
One of our apps uses Spring Cloud Config Server to store client configs. I.e. not the configs needed to start the, but the configs sent later to client. Basically, JSONs. It's a controversial solution, but it is as it is. It uses Spring Cloud Config Server client to fetch them directly from the server.
The problem is that it fetches them one by one and that the number of configs is huge (100th of parameters). As a result, this fetching process takes too long.
Is there a way to fetch multiple configs at once in one request in Spring Cloud Config Server?
Yes you can do that. Its designed for config sharing between apps.
In your bootstrap.yml, add all the configurations you want to fetch from server in the spring.cloud.config.name property as following:
spring:
cloud:
config:
uri: xxxxxxx
.....
name: myconfiguration1, myconfiguration2,...etc
keep in mind that all depends on the activated profile. So if your spring.profiles.active is dev i.e, the configurations that will be fetched all myconfiguration1-dev.yml, myconfiguration2-dev.yml...etc
I have spring web application (not spring boot) running in AWS. I am trying to create centralized configuration server. How to refresh the spring-cloud-client after the changing the properties? As per tutorial
Actuator endpoint by sending an empty HTTP POST to the client’s refresh endpoint, http://localhost:8080/refresh, and then confirm it worked by reviewing the http://localhost:8080/message endpoint.
But my aws Ec2 instances are behind the loadbalancer so i can't invoke the client url. I didn't understand the netflix Eureka and Ribbon much but it seems like adding another level of load balancer in the client side. I don't like this approach. Just to change a property i don't want to make the existing project unnecessarily complex. Is there any other way? or Am I misunderstood Eureka/Ribbon usage?
I have looked at the spring-cloud-config-client-without-spring-boot, spring-cloud-config-client-without-auto-configuration none of them have answer. First thread was answered in 2015. Wondering is there any update?
To get the configuration properties from a config server. You can do a http request. Example:
From the documentation we can see:
/{application}/{profile}[/{label}]
/{application}-{profile}.yml <- example
/{label}/{application}-{profile}.yml
/{application}-{profile}.properties
/{label}/{application}-{profile}.properties
So if you would do a request to http://localhost:8080/applicationName-activeProfile.yml you would receive the properties in .yml format for the application with that name and active profile. Spring boot config clients would automatically provide these values but you will have to provide em manually.
You don't need Eureka/Ribbon for this to work, it's a separate component.
More info: http://cloud.spring.io/spring-cloud-static/spring-cloud.html#_spring_cloud_config
Maybe you could even use spring-cloud-config but I'm not sure what extra configuration is needed without spring-boot.
https://cloud.spring.io/spring-cloud-config/