Configure Spring Boot with two ports
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
Running Spring Boot with two ports is a common pattern when you want to separate application traffic from management or migration traffic. The cleanest option is using a dedicated management port for Actuator endpoints. For advanced cases, you can add a second connector to the embedded server for full application routes.
Use a Dedicated Management Port First
If the goal is operational separation, configure management endpoints on a different port.
This keeps client traffic on one port and operations traffic on another, which simplifies firewall and monitoring policies.
Restrict Management Surface Area
A second port is useful only if access is controlled. Limit endpoint exposure and bind management interface appropriately.
In container or cloud environments, pair this with network policy so only trusted sources can reach the management listener.
Add a Second Application Connector with Tomcat
When you need two full application listeners, customize embedded Tomcat.
Now the same app responds on both primary and additional ports.
Validate Behavior on Each Port
After configuration, verify endpoint routing explicitly.
Do not assume filters, auth rules, and headers behave identically on all listeners.
Design Port Roles Clearly
Document purpose of each port:
- Primary application traffic.
- Management and observability.
- Temporary migration or internal compatibility traffic.
Clear role boundaries reduce operational mistakes and make incident triage faster.
Consider TLS and Proxy Topology
If TLS is terminated by ingress or reverse proxy, verify scheme and forwarded headers for both ports. A common failure is securing one listener while leaving another exposed unintentionally.
For internal-only listeners, combine private network binding with cluster policy and service segmentation.
Deployment and Infrastructure Alignment
Two-port app configuration must match deployment manifests and load balancer setup. In Kubernetes, expose intended ports in service definitions and ensure health checks target the expected listener.
If infrastructure misses one port, local tests may pass while production routing fails.
Monitoring by Port Purpose
Build metrics dashboards per port role. You should see high controlled traffic on primary app port and predictable low traffic on management port.
Unexpected spikes on management port can indicate misrouting or probing and should trigger alerts. Port-level visibility makes it easier to isolate whether issue is app logic, health endpoint, or listener configuration.
Recommended Rollout Sequence
A practical rollout approach:
- Add second port in configuration.
- Restrict access with network and auth controls.
- Verify endpoint behavior per listener.
- Update dashboards and alerts per port.
- Deploy gradually and monitor traffic shape.
This sequence reduces risk from exposing extra listeners.
Common Pitfalls
- Opening management port without tightening endpoint exposure.
- Forgetting to update firewall or load balancer for new listener.
- Assuming security filter behavior is identical across ports.
- Mixing public and admin traffic on one listener without policy boundaries.
- Validating only local environment and skipping deployment-level tests.
Summary
- Use
management.server.portfor clean app and admin separation. - Add extra server connectors only when truly needed.
- Secure and validate each listener independently.
- Align app config with infrastructure listeners and policies.
- Monitor traffic by port role to improve operations and incident response.

