Can I expose the web app and the REST api on separate ports?

I’m a little lost in the weeds on what configs to touch. Or even if this is possible.

Not possible … has nothing to do with spring boot or this extension … how would you do st. like this with plain tomcat?

What you can do, is start two containers that are connected to the same DB and have one of them expose the rest api …

Yes, of course you are right, You can’t do that with tomcat and a single web app. And I forget that spring boot does nothing more than embed that.

I’ve become spoiled with node, being able to easily listen to different ports as needed.

I have following understanding problem:

I am using Spring Boot with Camunda.

Spring Boot I am using because as a damn normal Java backend for my application where I can do REST calls to. Camunda I am using to manage the business processes.

So logically the flow would be like: I call a GET or POST method on my backend which is listening on specific IP and port. This method in turn should call the functions of camunda to trigger new tasks/processes etc…

I do not understand right now, how I can have my backend running on specific IP and port and calling camunda web application on different port.

OK, I solved the problem by declaring in application.properties:

server.port=8081

Now my application (Spring Boot) is running on localhost:8081 and camunda webapp is running on http://localhost:8080/

Perfect.

@derweise do you have a little time to explain how to do this?
I am heading down the “Run Distribution” path, but just hit this blocker where I need to have the API on a different port than the Camunda management webapps. I’m a java newbie, so just trying to build the platform into a Docker container where I’ll interact with it via the REST api.
Was thinking I could use the spring boot starter? But I’m not exactly sure what you did.

Hi @DGilmour22,

you have to start two different docker containers and configure to them either with just the rest api and with webapps only (and the ports you want).

Configuration can be done with environment variables passing to the docker containers: Camunda Platform Run | docs.camunda.org

You can also set configration parameters from the command line starting the app in the container.

Hope this helpe, Ingo

Fantastic idea @Ingo_Richtsmeier!!
I’m using Camunda a a component in a .net application, so I’m putting the two docker containers in a single Kubernetes pod. I want the Camunda web apps available outside the pod so I can perform any management tasks, but not the API. I only want the API available inside the pod for the .net application to use.
I was about to head down the route of a third container in a Kubernetes pod that runs NGINX and have it block the path/route to /engine-rest, but I think this is simpler.

@Ingo_Richtsmeier I have a couple of additional questions because I’m likely going to be drilled on this by Cyber Security.

  1. If an engine is started with --webapps, is it still performing BPMN work? What’s the risk if it gets compromised?
  2. Can I enable LDAP on the engine that’s started with --webapps but not on the one started with --rest? Does it matter if the --rest engine has LDAP configured but not authentication (camunda.bpm.run.auth = false)?
    Here’s what I’m thinking:

We built something very similar in the past … you will have to consider one major issue with these kind of setups.

As long as you use the cockpit as “read only”, this will work. But if you actively interfere with the engine (close a user task, cancel a task, correlate a message, …), camunda will try to execute the process continuation on the engine the cockpit is running on … which will fail because you do not have the any delegates, listeners … deployed on that node.

What exactly do you mean by “you do not have any delegates/listeners deployed”?
The two Camunda docker containers will be exactly the same (Camunda Run distro). They will simply be started with different parameters. So the plug-ins we’ve developed will be already built into the Docker image before Kubernetes pulls them into the pod(s). Am I missing something? Does running only webapps stop the loading of plug-ins from the /configuration/userlib directory?

Hi @DGilmour22,

as long as you use only external task for service invocation, everything is fine.

You can some potential problems and their solutions in a heterogenius cluster here: CamundaCon 2018: Camunda In A Heterogeneous Cluster (Generali) - YouTube

Hope this helps, Ingo