fix(caddy): wrap actuator block in handle so it takes precedence over catch-all (#512)
#517
@@ -31,8 +31,16 @@
|
||||
# in application.yaml, /actuator/* is unreachable externally. The internal
|
||||
# Prometheus scrape (future) talks to the backend directly on the docker
|
||||
# network, not via Caddy.
|
||||
@actuator path /actuator/*
|
||||
respond @actuator 404
|
||||
#
|
||||
# Why a `handle` block and not a top-level `respond @matcher`: each archive
|
||||
# vhost has a catch-all `handle { reverse_proxy ... }` that matches every
|
||||
# path including /actuator/*, and Caddy's `handle` blocks are mutually
|
||||
# exclusive. Without our own `handle /actuator/*` the catch-all wins, the
|
||||
# request is proxied to the backend, and Spring Security 302s to /login
|
||||
# instead of Caddy returning 404. See #512.
|
||||
handle /actuator/* {
|
||||
respond 404
|
||||
}
|
||||
}
|
||||
|
||||
(access_log) {
|
||||
|
||||
Reference in New Issue
Block a user