spring-cloud-netflix.adoc

:github-tag: master
:github-repo: spring-cloud/spring-cloud-netflix
:github-raw: http://raw.github.com/{github-repo}/{github-tag}
:github-code: http://github.com/{github-repo}/tree/{github-tag}
:all: {asterisk}{asterisk}
:nofooter:
:imagesdir: ./images
= Spring Cloud Netflix

*{spring-cloud-version}*

include::intro.adoc[]


== Service Discovery: Eureka Clients

Service Discovery is one of the key tenets of a microservice based architecture. Trying to hand configure each client or some form of convention can be very difficult to do and can be very brittle.  Eureka is the Netflix Service Discovery Server and Client.  The server can be configured and deployed to be highly available, with each server replicating state about the registered services to the others.

[[netflix-eureka-client-starter]]
=== How to Include Eureka Client

To include Eureka Client in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-netflix-eureka-client`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

=== Registering with Eureka

When a client registers with Eureka, it provides meta-data about itself
such as host and port, health indicator URL, home page etc.  Eureka
receives heartbeat messages from each instance belonging to a service.
If the heartbeat fails over a configurable timetable, the instance is
normally removed from the registry.

Example eureka client:

[source,java,indent=0]
----
@Configuration
@ComponentScan
@EnableAutoConfiguration
@RestController
public class Application {

    @RequestMapping("/")
    public String home() {
        return "Hello world";
    }

    public static void main(String[] args) {
        new SpringApplicationBuilder(Application.class).web(true).run(args);
    }

}
----

(i.e. utterly normal Spring Boot app). By having `spring-cloud-starter-netflix-eureka-client`
 on the classpath your application will automatically register with the Eureka Server.  Configuration is required to
locate the Eureka server. Example:


.application.yml
----
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
----

where "defaultZone" is a magic string fallback value that provides the
service URL for any client that doesn't express a preference
(i.e. it's a useful default).

The default application name (service ID), virtual host and non-secure
port, taken from the `Environment`, are `${spring.application.name}`,
`${spring.application.name}` and `${server.port}` respectively.

Having `spring-cloud-starter-netflix-eureka-client` on the classpath
makes the app into both a Eureka "instance"
(i.e. it registers itself) and a "client" (i.e. it can query the
registry to locate other services). The instance behaviour is driven
by `eureka.instance.*` configuration keys, but the defaults will be
fine if you ensure that your application has a
`spring.application.name` (this is the default for the Eureka service
ID, or VIP).

See {github-code}/spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaInstanceConfigBean.java[EurekaInstanceConfigBean] and {github-code}/spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientConfigBean.java[EurekaClientConfigBean] for more details of the configurable options.

To disable the Eureka Discovery Client you can set `eureka.client.enabled` to `false`.

=== Authenticating with the Eureka Server

HTTP basic authentication will be automatically added to your eureka
client if one of the `eureka.client.serviceUrl.defaultZone` URLs has
credentials embedded in it (curl style, like
`http://user:password@localhost:8761/eureka`). For more complex needs
you can create a `@Bean` of type `DiscoveryClientOptionalArgs` and
inject `ClientFilter` instances into it, all of which will be applied
to the calls from the client to the server.

NOTE: Because of a limitation in Eureka it isn't possible to support
per-server basic auth credentials, so only the first set that are
found will be used.

=== Status Page and Health Indicator

The status page and health indicators for a Eureka instance default to
"/info" and "/health" respectively, which are the default locations of
useful endpoints in a Spring Boot Actuator application. You need to
change these, even for an Actuator application if you use a
non-default context path or servlet path
(e.g. `server.servletPath=/foo`) or management endpoint path
(e.g. `management.contextPath=/admin`). Example:

.application.yml
----
eureka:
  instance:
    statusPageUrlPath: ${management.context-path}/info
    healthCheckUrlPath: ${management.context-path}/health
----

These links show up in the metadata that is consumed by clients, and
used in some scenarios to decide whether to send requests to your
application, so it's helpful if they are accurate.

=== Registering a Secure Application

If your app wants to be contacted over HTTPS you can set two flags in
the `EurekaInstanceConfig`, _viz_
`eureka.instance.[nonSecurePortEnabled,securePortEnabled]=[false,true]`
respectively. This will make Eureka publish instance information
showing an explicit preference for secure communication. The Spring
Cloud `DiscoveryClient` will always return a URI starting with `https` for a
service configured this way, and the Eureka (native) instance
information will have a secure health check URL.

Because of the way
Eureka works internally, it will still publish a non-secure URL for
status and home page unless you also override those explicitly.
You can use placeholders to configure the eureka instance urls,
e.g.

.application.yml
----
eureka:
  instance:
    statusPageUrl: https://${eureka.hostname}/info
    healthCheckUrl: https://${eureka.hostname}/health
    homePageUrl: https://${eureka.hostname}/
----

(Note that `${eureka.hostname}` is a native placeholder only available
in later versions of Eureka. You could achieve the same thing with
Spring placeholders as well, e.g. using `${eureka.instance.hostName}`.)

NOTE: If your app is running behind a proxy, and the SSL termination
is in the proxy (e.g. if you run in Cloud Foundry or other platforms
as a service) then you will need to ensure that the proxy "forwarded"
headers are intercepted and handled by the application. An embedded
Tomcat container in a Spring Boot app does this automatically if it
has explicit configuration for the 'X-Forwarded-\*` headers. A sign
that you got this wrong will be that the links rendered by your app to
itself will be wrong (the wrong host, port or protocol).

=== Eureka's Health Checks

By default, Eureka uses the client heartbeat to determine if a client is up.
Unless specified otherwise the Discovery Client will not propagate the
current health check status of the application per the Spring Boot Actuator.  Which means
that after successful registration Eureka will always announce that the
application is in 'UP' state. This behaviour can be altered by enabling
Eureka health checks, which results in propagating application status
to Eureka. As a consequence every other application won't be sending
traffic to application in state other then 'UP'.

.application.yml
----
eureka:
  client:
    healthcheck:
      enabled: true
----

WARNING: `eureka.client.healthcheck.enabled=true` should only be set in `application.yml`. Setting the value in `bootstrap.yml` will cause undesirable side effects like registering in eureka with an `UNKNOWN` status.

If you require more control over the health checks, you may consider
implementing your own `com.netflix.appinfo.HealthCheckHandler`.

=== Eureka Metadata for Instances and Clients

It's worth spending a bit of time understanding how the Eureka metadata works, so you can use it in a way that makes sense in your platform. There is standard metadata for things like hostname, IP address, port numbers, status page and health check. These are published in the service registry and used by clients to contact the services in a straightforward way. Additional metadata can be added to the instance registration in the `eureka.instance.metadataMap`, and this will be accessible in the remote clients, but in general will not change the behaviour of the client, unless it is made aware of the meaning of the metadata. There are a couple of special cases described below where Spring Cloud already assigns meaning to the metadata map.

==== Using Eureka on Cloudfoundry

Cloudfoundry has a global router so that all instances of the same app have the same hostname (it's the same in other PaaS solutions with a similar architecture). This isn't necessarily a barrier to using Eureka, but if you use the router (recommended, or even mandatory depending on the way your platform was set up), you need to explicitly set the hostname and port numbers (secure or non-secure) so that they use the router. You might also want to use instance metadata so you can distinguish between the instances on the client (e.g. in a custom load balancer). By default, the `eureka.instance.instanceId` is `vcap.application.instance_id`. For example:

.application.yml
----
eureka:
  instance:
    hostname: ${vcap.application.uris[0]}
    nonSecurePort: 80
----

Depending on the way the security rules are set up in your Cloudfoundry instance, you might be able to register and use the IP address of the host VM for direct service-to-service calls. This feature is not (yet) available on Pivotal Web Services (https://run.pivotal.io[PWS]).

==== Using Eureka on AWS

If the application is planned to be deployed to an AWS cloud, then the Eureka instance will have to be configured to be AWS aware and this can be done by customizing the {github-code}/spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaInstanceConfigBean.java[EurekaInstanceConfigBean] the following way:

[source,java,indent=0]
----
@Bean
@Profile("!default")
public EurekaInstanceConfigBean eurekaInstanceConfig(InetUtils inetUtils) {
  EurekaInstanceConfigBean b = new EurekaInstanceConfigBean(inetUtils);
  AmazonInfo info = AmazonInfo.Builder.newBuilder().autoBuild("eureka");
  b.setDataCenterInfo(info);
  return b;
}
----

==== Changing the Eureka Instance ID

A vanilla Netflix Eureka instance is registered with an ID that is equal to its host name (i.e. only one service per host). Spring Cloud Eureka provides a sensible default that looks like this: `${spring.cloud.client.hostname}:${spring.application.name}:${spring.application.instance_id:${server.port}}}`. For example `myhost:myappname:8080`.

Using Spring Cloud you can override this by providing a unique identifier in `eureka.instance.instanceId`. For example:

.application.yml
----
eureka:
  instance:
    instanceId: ${spring.application.name}:${vcap.application.instance_id:${spring.application.instance_id:${random.value}}}
----

With this metadata, and multiple service instances deployed on
localhost, the random value will kick in there to make the instance
unique. In Cloudfoundry the `vcap.application.instance_id` will be
populated automatically in a Spring Boot application, so the
random value will not be needed.

=== Using the EurekaClient

Once you have an app that is a discovery client you can use it to
discover service instances from the <<spring-cloud-eureka-server,
Eureka Server>>. One way to do that is to use the native
`com.netflix.discovery.EurekaClient` (as opposed to the Spring
Cloud `DiscoveryClient`), e.g.

----
@Autowired
private EurekaClient discoveryClient;

public String serviceUrl() {
    InstanceInfo instance = discoveryClient.getNextServerFromEureka("STORES", false);
    return instance.getHomePageUrl();
}
----

[TIP]
====
Don't use the `EurekaClient` in `@PostConstruct` method or in a
`@Scheduled` method (or anywhere where the `ApplicationContext` might
not be started yet). It is initialized in a `SmartLifecycle` (with
`phase=0`) so the earliest you can rely on it being available is in
another `SmartLifecycle` with higher phase.
====

==== EurekaClient without Jersey

By default, EurekaClient uses Jersey for HTTP communication. If you wish 
to avoid dependencies from Jersey, you can exclude it from your dependencies.
Spring Cloud will auto configure a transport client based on Spring 
`RestTemplate`.

----
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-eureka</artifactId>
    <exclusions>
        <exclusion>
            <groupId>com.sun.jersey</groupId>
            <artifactId>jersey-client</artifactId>
        </exclusion>
        <exclusion>
            <groupId>com.sun.jersey</groupId>
            <artifactId>jersey-core</artifactId>
        </exclusion>
        <exclusion>
            <groupId>com.sun.jersey.contribs</groupId>
            <artifactId>jersey-apache-client4</artifactId>
        </exclusion>
    </exclusions>
</dependency>
----

=== Alternatives to the native Netflix EurekaClient

You don't have to use the raw Netflix `EurekaClient` and usually it
is more convenient to use it behind a wrapper of some sort. Spring
Cloud has support for <<spring-cloud-feign, Feign>> (a REST client
builder) and also <<spring-cloud-ribbon, Spring `RestTemplate`>> using
the logical Eureka service identifiers (VIPs) instead of physical
URLs. To configure Ribbon with a fixed list of physical servers you
can simply set `<client>.ribbon.listOfServers` to a comma-separated
list of physical addresses (or hostnames), where `<client>` is the ID
of the client.

You can also use the `org.springframework.cloud.client.discovery.DiscoveryClient`
which provides a simple API for discovery clients that is not specific
to Netflix, e.g.

----
@Autowired
private DiscoveryClient discoveryClient;

public String serviceUrl() {
    List<ServiceInstance> list = discoveryClient.getInstances("STORES");
    if (list != null && list.size() > 0 ) {
        return list.get(0).getUri();
    }
    return null;
}
----

=== Why is it so Slow to Register a Service?

Being an instance also involves a periodic heartbeat to the registry
(via the client's `serviceUrl`) with default duration 30 seconds. A
service is not available for discovery by clients until the instance,
the server and the client all have the same metadata in their local
cache (so it could take 3 heartbeats). You can change the period using
`eureka.instance.leaseRenewalIntervalInSeconds` and this will speed up
the process of getting clients connected to other services. In
production it's probably better to stick with the default because
there are some computations internally in the server that make
assumptions about the lease renewal period.


=== Zones

If you have deployed Eureka clients to multiple zones than you may prefer that
those clients leverage services within the same zone before trying services
in another zone.  To do this you need to configure your Eureka clients correctly.

First, you need to make sure you have Eureka servers deployed to each zone and that
they are peers of each other.  See the section on <<spring-cloud-eureka-server-zones-and-regions,zones and regions>> 
for more information.

Next you need to tell Eureka which zone your service is in.  You can do this using
the `metadataMap` property.  For example if `service 1` is deployed to both `zone 1`
and `zone 2` you would need to set the following Eureka properties in `service 1`

*Service 1 in Zone 1*
```
eureka.instance.metadataMap.zone = zone1
eureka.client.preferSameZoneEureka = true
```

*Service 1 in Zone 2*
```
eureka.instance.metadataMap.zone = zone2
eureka.client.preferSameZoneEureka = true
```

[[spring-cloud-eureka-server]]
== Service Discovery: Eureka Server

[[netflix-eureka-server-starter]]
=== How to Include Eureka Server

To include Eureka Server in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-netflix-eureka-server`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

[[spring-cloud-running-eureka-server]]
=== How to Run a Eureka Server

Example eureka server;

[source,java,indent=0]
----
@SpringBootApplication
@EnableEurekaServer
public class Application {

    public static void main(String[] args) {
        new SpringApplicationBuilder(Application.class).web(true).run(args);
    }

}
----

The server has a home page with a UI, and HTTP API endpoints per the
normal Eureka functionality under `/eureka/*`.

Eureka background reading: see https://github.com/cfregly/fluxcapacitor/wiki/NetflixOSS-FAQ#eureka-service-discovery-load-balancer[flux capacitor] and https://groups.google.com/forum/?fromgroups#!topic/eureka_netflix/g3p2r7gHnN0[google group discussion].


[TIP]
====
Due to Gradle's dependency resolution rules and the lack of a parent bom feature, simply depending on spring-cloud-starter-netflix-eureka-server can cause failures on application startup. To remedy this the Spring Boot Gradle plugin must be added and the Spring cloud starter parent bom must be imported like so:

.build.gradle
[source,java,indent=0]
----
buildscript {
  dependencies {
    classpath("org.springframework.boot:spring-boot-gradle-plugin:1.3.5.RELEASE")
  }
}

apply plugin: "spring-boot"

dependencyManagement {
  imports {
    mavenBom "org.springframework.cloud:spring-cloud-dependencies:Brixton.RELEASE"
  }
}
----
====

[[spring-cloud-eureka-server-zones-and-regions]]
=== High Availability, Zones and Regions

The Eureka server does not have a backend store, but the service
instances in the registry all have to send heartbeats to keep their
registrations up to date (so this can be done in memory). Clients also
have an in-memory cache of eureka registrations (so they don't have to
go to the registry for every single request to a service).

By default every Eureka server is also a Eureka client and requires
(at least one) service URL to locate a peer. If you don't provide it
the service will run and work, but it will shower your logs with a lot
of noise about not being able to register with the peer.

See also <<spring-cloud-ribbon,below for details of Ribbon
support>> on the client side for Zones and Regions.

=== Standalone Mode

The combination of the two caches (client and server) and the
heartbeats make a standalone Eureka server fairly resilient to
failure, as long as there is some sort of monitor or elastic runtime
keeping it alive (e.g. Cloud Foundry). In standalone mode, you might
prefer to switch off the client side behaviour, so it doesn't keep
trying and failing to reach its peers. Example:

.application.yml (Standalone Eureka Server)
----
server:
  port: 8761

eureka:
  instance:
    hostname: localhost
  client:
    registerWithEureka: false
    fetchRegistry: false
    serviceUrl:
      defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/
----

Notice that the `serviceUrl` is pointing to the same host as the local
instance.

=== Peer Awareness

Eureka can be made even more resilient and available by running
multiple instances and asking them to register with each other. In
fact, this is the default behaviour, so all you need to do to make it
work is add a valid `serviceUrl` to a peer, e.g.

.application.yml (Two Peer Aware Eureka Servers)
----

---
spring:
  profiles: peer1
eureka:
  instance:
    hostname: peer1
  client:
    serviceUrl:
      defaultZone: http://peer2/eureka/

---
spring:
  profiles: peer2
eureka:
  instance:
    hostname: peer2
  client:
    serviceUrl:
      defaultZone: http://peer1/eureka/
----

In this example we have a YAML file that can be used to run the same
server on 2 hosts (peer1 and peer2), by running it in different
Spring profiles. You could use this configuration to test the peer
awareness on a single host (there's not much value in doing that in
production) by manipulating `/etc/hosts` to resolve the host names. In
fact, the `eureka.instance.hostname` is not needed if you are running
on a machine that knows its own hostname (it is looked up using
`java.net.InetAddress` by default).

You can add multiple peers to a system, and as long as they are all
connected to each other by at least one edge, they will synchronize
the registrations amongst themselves. If the peers are physically
separated (inside a data centre or between multiple data centres) then
the system can in principle survive split-brain type failures.

=== Prefer IP Address

In some cases, it is preferable for Eureka to advertise the IP Adresses
of services rather than the hostname.  Set `eureka.instance.preferIpAddress`
to `true` and when the application registers with eureka, it will use its
IP Address rather than its hostname.

[TIP]
====
If hostname can't be determined by Java, then IP address is sent to Eureka.
Only explict way of setting hostname is by using `eureka.instance.hostname`.
You can set your hostname at the run time using environment variable, for
example `eureka.instance.hostname=${HOST_NAME}`.
====

== Circuit Breaker: Hystrix Clients

Netflix has created a library called https://github.com/Netflix/Hystrix[Hystrix] that implements the http://martinfowler.com/bliki/CircuitBreaker.html[circuit breaker pattern].  In a microservice architecture it is common to have multiple layers of service calls.

.Microservice Graph
image::HystrixGraph.png[]

A service failure in the lower level of services can cause cascading failure all the way up to the user. When calls to a particular service is greater than `circuitBreaker.requestVolumeThreshold` (default: 20 requests) and failue percentage is greater than `circuitBreaker.errorThresholdPercentage` (default: >50%) in a rolling window defined  by `metrics.rollingStats.timeInMilliseconds` (default: 10 seconds), the circuit opens and the call is not made.  In cases of error and an open circuit a fallback can be provided by the developer.

.Hystrix fallback prevents cascading failures
image::HystrixFallback.png[]

Having an open circuit stops cascading failures and allows overwhelmed or failing services time to heal.  The fallback can be another Hystrix protected call, static data or a sane empty value.  Fallbacks may be chained so the first fallback makes some other business call which in turn falls back to static data.


[[netflix-hystrix-starter]]
=== How to Include Hystrix

To include Hystrix in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-netflix-hystrix`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

Example boot app:

----
@SpringBootApplication
@EnableCircuitBreaker
public class Application {

    public static void main(String[] args) {
        new SpringApplicationBuilder(Application.class).web(true).run(args);
    }

}

@Component
public class StoreIntegration {

    @HystrixCommand(fallbackMethod = "defaultStores")
    public Object getStores(Map<String, Object> parameters) {
        //do stuff that might fail
    }

    public Object defaultStores(Map<String, Object> parameters) {
        return /* something useful */;
    }
}

----

The `@HystrixCommand` is provided by a Netflix contrib library called
https://github.com/Netflix/Hystrix/tree/master/hystrix-contrib/hystrix-javanica["javanica"].
Spring Cloud automatically wraps Spring beans with that
annotation in a proxy that is connected to the Hystrix circuit
breaker. The circuit breaker calculates when to open and close the
circuit, and what to do in case of a failure.

To configure the `@HystrixCommand` you can use the `commandProperties`
attribute with a list of `@HystrixProperty` annotations.  See
https://github.com/Netflix/Hystrix/tree/master/hystrix-contrib/hystrix-javanica#configuration[here]
for more details.  See the https://github.com/Netflix/Hystrix/wiki/Configuration[Hystrix wiki]
for details on the properties available.

=== Propagating the Security Context or using Spring Scopes

If you want some thread local context to propagate into a `@HystrixCommand` the default declaration will not work because it executes the command in a thread pool (in case of timeouts). You can switch Hystrix to use the same thread as the caller using some configuration, or directly in the annotation, by asking it to use a different "Isolation Strategy". For example:

[source,java]
----
@HystrixCommand(fallbackMethod = "stubMyService",
    commandProperties = {
      @HystrixProperty(name="execution.isolation.strategy", value="SEMAPHORE")
    }
)
...
----

The same thing applies if you are using `@SessionScope` or `@RequestScope`. You will know when you need to do this because of a runtime exception that says it can't find the scoped context.

You also have the option to set the `hystrix.shareSecurityContext` property to `true`. Doing so will auto configure an Hystrix concurrency strategy plugin hook who will transfer the `SecurityContext` from your main thread to the one used by the Hystrix command. Hystrix does not allow multiple hystrix concurrency strategy to be registered so an extension mechanism is available by declaring your own `HystrixConcurrencyStrategy` as a Spring bean. Spring Cloud will lookup for your implementation within the Spring context and wrap it inside its own plugin.

### Health Indicator

The state of the connected circuit breakers are also exposed in the
`/health` endpoint of the calling application.

[source,json,indent=0]
----
{
    "hystrix": {
        "openCircuitBreakers": [
            "StoreIntegration::getStoresByLocationLink"
        ],
        "status": "CIRCUIT_OPEN"
    },
    "status": "UP"
}
----

=== Hystrix Metrics Stream

To enable the Hystrix metrics stream include a dependency on `spring-boot-starter-actuator`.  This will expose the `/hystrix.stream` as a management endpoint.

[source,xml]
----
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
----

== Circuit Breaker: Hystrix Dashboard

One of the main benefits of Hystrix is the set of metrics it gathers about each HystrixCommand.  The Hystrix Dashboard displays the health of each circuit breaker in an efficient manner.

.Hystrix Dashboard
image::Hystrix.png[]

== Hystrix Timeouts And Ribbon Clients

When using Hystrix commands that wrap Ribbon clients you want to make sure your Hystrix timeout
is configured to be longer than the configured Ribbon timeout, including any potential
retries that might be made.  For example, if your Ribbon connection timeout is one second and
the Ribbon client might retry the request three times, than your Hystrix timeout should
be slightly more than three seconds.


[[netflix-hystrix-dashboard-starter]]
=== How to Include Hystrix Dashboard

To include the Hystrix Dashboard in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-hystrix-netflix-dashboard`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

To run the Hystrix Dashboard annotate your Spring Boot main class with `@EnableHystrixDashboard`.  You then visit `/hystrix` and point the dashboard to an individual instances `/hystrix.stream` endpoint in a Hystrix client application.

NOTE: When connecting to a `/hystrix.stream` endpoint which uses HTTPS the certificate used by the server
must be trusted by the JVM.  If the certificate is not trusted you must import the certificate into the JVM
in order for the Hystrix Dashboard to make a successful connection to the stream endpoint.

=== Turbine

Looking at an individual instances Hystrix data is not very useful in terms of the overall health of the system.  https://github.com/Netflix/Turbine[Turbine] is an application that aggregates all of the relevant `/hystrix.stream` endpoints into a combined `/turbine.stream` for use in the Hystrix Dashboard.  Individual instances are located via Eureka.  Running Turbine is as simple as annotating your main class with the `@EnableTurbine` annotation  (e.g. using spring-cloud-starter-netflix-turbine to set up the classpath).  All of the documented configuration properties from https://github.com/Netflix/Turbine/wiki/Configuration-(1.x)[the Turbine 1 wiki] apply.  The only difference is that the `turbine.instanceUrlSuffix` does not need the port prepended as this is handled automatically unless `turbine.instanceInsertPort=false`.

NOTE: By default, Turbine looks for the `/hystrix.stream` endpoint on a registered instance by looking up its `hostName` and `port` entries in Eureka, then appending `/hystrix.stream` to it.
If the instance's metadata contains `management.port`, it will be used instead of the `port` value for the `/hystrix.stream` endpoint.
By default, metadata entry `management.port` is equal to the `management.port` configuration property, it can be overridden though with following configuration:
----
eureka:
  instance:
    metadata-map:
      management.port: ${management.port:8081}
----


The configuration key `turbine.appConfig` is a list of eureka serviceIds that turbine will use to lookup instances.  The turbine stream is then used in the Hystrix dashboard using a url that looks like: `http://my.turbine.sever:8080/turbine.stream?cluster=CLUSTERNAME` (the cluster parameter can be omitted if the name is "default"). The `cluster` parameter must match an entry in `turbine.aggregator.clusterConfig`. Values returned from eureka are uppercase, thus we expect this example to work if there is an app registered with Eureka called "customers":

----
turbine:
  aggregator:
    clusterConfig: CUSTOMERS
  appConfig: customers
----

If you need to customize which cluster names should be used by Turbine (you don't want to store cluster names in
`turbine.aggregator.clusterConfig` configuration) provide a bean of type `TurbineClustersProvider`.

The `clusterName` can be customized by a SPEL expression in `turbine.clusterNameExpression` with root an instance of `InstanceInfo`. The default value is `appName`, which means that the Eureka serviceId ends up as the cluster key (i.e. the `InstanceInfo` for customers has an `appName` of "CUSTOMERS").  A different example would be `turbine.clusterNameExpression=aSGName`, which would get the cluster name from the AWS ASG name. Another example:

----
turbine:
  aggregator:
    clusterConfig: SYSTEM,USER
  appConfig: customers,stores,ui,admin
  clusterNameExpression: metadata['cluster']
----

In this case, the cluster name from 4 services is pulled from their metadata map, and is expected to have values that include "SYSTEM" and "USER".

To use the "default" cluster for all apps you need a string literal expression (with single quotes, and escaped with double quotes if it is in YAML as well):

----
turbine:
  appConfig: customers,stores
  clusterNameExpression: "'default'"
----

Spring Cloud provides a `spring-cloud-starter-netflix-turbine` that has all the dependencies you need to get a Turbine server running. Just create a Spring Boot application and annotate it with `@EnableTurbine`.

NOTE: by default Spring Cloud allows Turbine to use the host and port to allow multiple processes per host, per cluster. If you want the native Netflix behaviour built into Turbine that does _not_ allow multiple processes per host, per cluster (the key to the instance id is the hostname), then set the property `turbine.combineHostPort=false`.

=== Turbine Stream

In some environments (e.g. in a PaaS setting), the classic Turbine model of pulling metrics from all the distributed Hystrix commands doesn't work. In that case you might want to have your Hystrix commands push metrics to Turbine, and Spring Cloud enables that with messaging. All you need to do on the client is add a dependency to `spring-cloud-netflix-hystrix-stream` and the `spring-cloud-starter-stream-*` of your choice (see Spring Cloud Stream documentation for details on the brokers, and how to configure the client credentials, but it should work out of the box for a local broker).

On the server side Just create a Spring Boot application and annotate it with `@EnableTurbineStream` and by default it will come up on port 8989 (point your Hystrix dashboard to that port, any path). You can customize the port using either `server.port` or `turbine.stream.port`. If you have `spring-boot-starter-web` and `spring-boot-starter-actuator` on the classpath as well, then you can open up the Actuator endpoints on a separate port (with Tomcat by default) by providing a `management.port` which is different.

You can then point the Hystrix Dashboard to the Turbine Stream Server instead of individual Hystrix streams.  If Turbine Stream is running on port 8989 on myhost, then put `http://myhost:8989` in the stream input field in the Hystrix Dashboard. Circuits will be prefixed by their respective serviceId, followed by a dot, then the circuit name.

Spring Cloud provides a `spring-cloud-starter-netflix-turbine-stream` that has all the dependencies you need to get a Turbine Stream server running - just add the Stream binder of your choice, e.g. `spring-cloud-starter-stream-rabbit`. You need Java 8 to run the app because it is Netty-based.

[[spring-cloud-ribbon]]
== Client Side Load Balancer: Ribbon

Ribbon is a client side load balancer which gives you a lot of control
over the behaviour of HTTP and TCP clients. Feign already uses Ribbon,
so if you are using `@FeignClient` then this section also applies.

A central concept in Ribbon is that of the named client. Each load
balancer is part of an ensemble of components that work together to
contact a remote server on demand, and the ensemble has a name that
you give it as an application developer (e.g. using the `@FeignClient`
annotation). Spring Cloud creates a new ensemble as an
`ApplicationContext` on demand for each named client using
`RibbonClientConfiguration`. This contains (amongst other things) an
`ILoadBalancer`, a `RestClient`, and a `ServerListFilter`.

[[netflix-ribbon-starter]]
=== How to Include Ribbon

To include Ribbon in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-netflix-ribbon`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

=== Customizing the Ribbon Client

You can configure some bits of a Ribbon client using external
properties in `<client>.ribbon.*`, which is no different than using
the Netflix APIs natively, except that you can use Spring Boot
configuration files. The native options can
be inspected as static fields in https://github.com/Netflix/ribbon/blob/master/ribbon-core/src/main/java/com/netflix/client/config/CommonClientConfigKey.java[`CommonClientConfigKey`] (part of
ribbon-core).

Spring Cloud also lets you take full control of the client by
declaring additional configuration (on top of the
`RibbonClientConfiguration`) using `@RibbonClient`. Example:

[source,java,indent=0]
----
@Configuration
@RibbonClient(name = "foo", configuration = FooConfiguration.class)
public class TestConfiguration {
}
----

In this case the client is composed from the components already in
`RibbonClientConfiguration` together with any in `FooConfiguration`
(where the latter generally will override the former).

WARNING: The `FooConfiguration` has to be `@Configuration` but take
care that it is not in a `@ComponentScan` for the main application
context, otherwise it will be shared by all the `@RibbonClients`. If
you use `@ComponentScan` (or `@SpringBootApplication`) you need to
take steps to avoid it being included (for instance put it in a
separate, non-overlapping package, or specify the packages to scan
explicitly in the `@ComponentScan`).

Spring Cloud Netflix provides the following beans by default for ribbon
(`BeanType` beanName: `ClassName`):

* `IClientConfig` ribbonClientConfig: `DefaultClientConfigImpl`
* `IRule` ribbonRule: `ZoneAvoidanceRule`
* `IPing` ribbonPing: `DummyPing`
* `ServerList<Server>` ribbonServerList: `ConfigurationBasedServerList`
* `ServerListFilter<Server>` ribbonServerListFilter: `ZonePreferenceServerListFilter`
* `ILoadBalancer` ribbonLoadBalancer: `ZoneAwareLoadBalancer`
* `ServerListUpdater` ribbonServerListUpdater: `PollingServerListUpdater`

Creating a bean of one of those type and placing it in a `@RibbonClient`
configuration (such as `FooConfiguration` above) allows you to override each
one of the beans described.  Example:

[source,java,indent=0]
----
include::../../../../spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/ribbon/RibbonClientsPreprocessorIntegrationTests.java[tags=sample_override_ribbon_config,indent=0]
----

This replaces the `NoOpPing` with `PingUrl` and provides a custom `serverListFilter`

=== Customizing default for all Ribbon Clients
A default configuration can be provided for all Ribbon Clients using the `@RibbonClients` annotation and registering a default configuration as shown in the following example:
[source,java,indent=0]
----
include::../../../../spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/ribbon/test/RibbonClientDefaultConfigurationTestsConfig.java[tags=sample_default_ribbon_config,indent=0]

----

=== Customizing the Ribbon Client using properties

Starting with version 1.2.0, Spring Cloud Netflix now supports customizing Ribbon clients using properties to be compatible with the https://github.com/Netflix/ribbon/wiki/Working-with-load-balancers#components-of-load-balancer[Ribbon documentation].

This allows you to change behavior at start up time in different environments.

The supported properties are listed below and should be prefixed by `<clientName>.ribbon.`:

* `NFLoadBalancerClassName`: should implement `ILoadBalancer`
* `NFLoadBalancerRuleClassName`: should implement `IRule`
* `NFLoadBalancerPingClassName`: should implement `IPing`
* `NIWSServerListClassName`: should implement `ServerList`
* `NIWSServerListFilterClassName` should implement `ServerListFilter`

NOTE: Classes defined in these properties have precedence over beans defined using `@RibbonClient(configuration=MyRibbonConfig.class)` and the defaults provided by Spring Cloud Netflix.

To set the `IRule` for a service name `users` you could set the following:

.application.yml
----
users:
  ribbon:
    NIWSServerListClassName: com.netflix.loadbalancer.ConfigurationBasedServerList
    NFLoadBalancerRuleClassName: com.netflix.loadbalancer.WeightedResponseTimeRule
----

See the https://github.com/Netflix/ribbon/wiki/Working-with-load-balancers[Ribbon documentation] for implementations provided by Ribbon.

=== Using Ribbon with Eureka

When Eureka is used in conjunction with Ribbon (i.e., both are on the classpath) the `ribbonServerList`
is overridden with an extension of `DiscoveryEnabledNIWSServerList`
which populates the list of servers from Eureka.  It also replaces the
`IPing` interface with `NIWSDiscoveryPing` which delegates to Eureka
to determine if a server is up. The `ServerList` that is installed by
default is a `DomainExtractingServerList` and the purpose of this is
to make physical metadata available to the load balancer without using
AWS AMI metadata (which is what Netflix relies on). By default the
server list will be constructed with "zone" information as provided in
the instance metadata (so on the remote clients set
`eureka.instance.metadataMap.zone`), and if that is missing it can use
the domain name from the server hostname as a proxy for zone (if the
flag `approximateZoneFromHostname` is set). Once the zone information
is available it can be used in a `ServerListFilter`. By default it
will be used to locate a server in the same zone as the client because
the default is a `ZonePreferenceServerListFilter`. The zone of the
client is determined the same way as the remote instances by default,
i.e. via `eureka.instance.metadataMap.zone`.

NOTE: The orthodox "archaius" way to set the client zone is via a
configuration property called "@zone", and Spring Cloud will use that
in preference to all other settings if it is available (note that the
key will have to be quoted in YAML configuration).

NOTE: If there is no other source of zone data then a guess is made
based on the client configuration (as opposed to the instance
configuration). We take `eureka.client.availabilityZones`, which is a
map from region name to a list of zones, and pull out the first zone
for the instance's own region (i.e. the `eureka.client.region`, which
defaults to "us-east-1" for comatibility with native Netflix).

[[spring-cloud-ribbon-without-eureka]]
=== Example: How to Use Ribbon Without Eureka

Eureka is a convenient way to abstract the discovery of remote servers
so you don't have to hard code their URLs in clients, but if you
prefer not to use it, Ribbon and Feign are still quite
amenable. Suppose you have declared a `@RibbonClient` for "stores",
and Eureka is not in use (and not even on the classpath). The Ribbon
client defaults to a configured server list, and you can supply the
configuration like this

.application.yml
----
stores:
  ribbon:
    listOfServers: example.com,google.com
----

=== Example: Disable Eureka use in Ribbon

Setting the property `ribbon.eureka.enabled = false` will explicitly
disable the use of Eureka in Ribbon.

.application.yml
----
ribbon:
  eureka:
   enabled: false
----

=== Using the Ribbon API Directly

You can also use the `LoadBalancerClient` directly. Example:

[source,java,indent=0]
----
public class MyClass {
    @Autowired
    private LoadBalancerClient loadBalancer;

    public void doStuff() {
        ServiceInstance instance = loadBalancer.choose("stores");
        URI storesUri = URI.create(String.format("http://%s:%s", instance.getHost(), instance.getPort()));
        // ... do something with the URI
    }
}
----

[[ribbon-child-context-eager-load]]
=== Caching of Ribbon Configuration

Each Ribbon named client has a corresponding child Application Context that Spring Cloud maintains, this application context is lazily loaded up on the first request to the named client.
This lazy loading behavior can be changed to instead eagerly load up these child Application contexts at startup by specifying the names of the Ribbon clients.

.application.yml
----
ribbon:
  eager-load:
    enabled: true
    clients: client1, client2, client3
----

[[how-to-configure-hystrix-thread-pools]]
=== How to Configure Hystrix thread pools
If you change `zuul.ribbonIsolationStrategy` to THREAD, the thread isolation strategy for Hystrix will be used for all routes. In this case, the HystrixThreadPoolKey is set to "RibbonCommand" as default. It means that HystrixCommands for all routes will be executed in the same Hystrix thread pool. This behavior can be changed using the following configuration and it will result in HystrixCommands being executed in the Hystrix thread pool for each route.

.application.yml
----
zuul:
  threadPool:
    useSeparateThreadPools: true
----

The default HystrixThreadPoolKey in this case is same with service ID for each route. To add a prefix to HystrixThreadPoolKey, set `zuul.threadPool.threadPoolKeyPrefix` to a value that you want to add. For example:

.application.yml
----
zuul:
  threadPool:
    useSeparateThreadPools: true
    threadPoolKeyPrefix: zuulgw
----

[[how-to-provdie-a-key-to-ribbon]]
=== How to Provide a Key to Ribbon's `IRule`

If you need to provide your own `IRule` implementation to handle a special routing requirement like a canary test,
you probably want to pass some information to the `choose` method of `IRule`.

.com.netflix.loadbalancer.IRule.java
----
public interface IRule{
    public Server choose(Object key);
         :
----

You can provide some information that will be used to choose a target server by your `IRule` implementation like
the following:

----
RequestContext.getCurrentContext()
              .set(FilterConstants.LOAD_BALANCER_KEY, "canary-test");
----

If you put any object into the `RequestContext` with a key `FilterConstants.LOAD_BALANCER_KEY`, it will
be passed to the `choose` method of `IRule` implementation. Above code must be executed before `RibbonRoutingFilter`
is executed and Zuul's pre filter is the best place to do that. You can easily access HTTP headers and query parameters
via `RequestContext` in pre filter, so it can be used to determine `LOAD_BALANCER_KEY` that will be passed to Ribbon.
If you don't put any value with `LOAD_BALANCER_KEY` in `RequestContext`, null will be passed as a parameter of `choose`
method.

[[spring-cloud-feign]]
== Declarative REST Client: Feign

https://github.com/Netflix/feign[Feign] is a declarative web service client.  It makes writing web service clients easier.  To use Feign create an interface and annotate it.  It has pluggable annotation support including Feign annotations and JAX-RS annotations. Feign also supports pluggable encoders and decoders.  Spring Cloud adds support for Spring MVC annotations and for using the same `HttpMessageConverters` used by default in Spring Web.  Spring Cloud integrates Ribbon and Eureka to provide a load balanced http client when using Feign.

[[netflix-feign-starter]]
=== How to Include Feign

To include Feign in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-openfeign`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

Example spring boot app

[source,java,indent=0]
----
@Configuration
@ComponentScan
@EnableAutoConfiguration
@EnableFeignClients
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

}
----

.StoreClient.java
[source,java,indent=0]
----
@FeignClient("stores")
public interface StoreClient {
    @RequestMapping(method = RequestMethod.GET, value = "/stores")
    List<Store> getStores();

    @RequestMapping(method = RequestMethod.POST, value = "/stores/{storeId}", consumes = "application/json")
    Store update(@PathVariable("storeId") Long storeId, Store store);
}
----

In the `@FeignClient` annotation the String value ("stores" above) is
an arbitrary client name, which is used to create a Ribbon load
balancer (see <<spring-cloud-ribbon,below for details of Ribbon
support>>). You can also specify a URL using the `url` attribute
(absolute value or just a hostname). The name of the bean in the
application context is the fully qualified name of the interface.
To specify your own alias value you can use the `qualifier` value
of the `@FeignClient` annotation.

The Ribbon client above will want to discover the physical addresses
for the "stores" service. If your application is a Eureka client then
it will resolve the service in the Eureka service registry. If you
don't want to use Eureka, you can simply configure a list of servers
in your external configuration (see
<<spring-cloud-ribbon-without-eureka,above for example>>).

[[spring-cloud-feign-overriding-defaults]]
=== Overriding Feign Defaults

A central concept in Spring Cloud's Feign support is that of the named client. Each feign client is part of an ensemble of components that work together to contact a remote server on demand, and the ensemble has a name that you give it as an application developer using the `@FeignClient` annotation. Spring Cloud creates a new ensemble as an
`ApplicationContext` on demand for each named client using `FeignClientsConfiguration`. This contains (amongst other things) an `feign.Decoder`, a `feign.Encoder`, and a `feign.Contract`.

Spring Cloud lets you take full control of the feign client by declaring additional configuration (on top of the `FeignClientsConfiguration`) using `@FeignClient`. Example:

[source,java,indent=0]
----
@FeignClient(name = "stores", configuration = FooConfiguration.class)
public interface StoreClient {
    //..
}
----

In this case the client is composed from the components already in `FeignClientsConfiguration` together with any in `FooConfiguration` (where the latter will override the former).

NOTE: `FooConfiguration` does not need to be annotated with `@Configuration`. However, if it is, then take care to exclude it from any `@ComponentScan` that would otherwise include this configuration as it will become the default source for `feign.Decoder`, `feign.Encoder`, `feign.Contract`, etc., when specified. This can be avoided by putting it in a separate, non-overlapping package from any `@ComponentScan` or `@SpringBootApplication`, or it can be explicitly excluded in `@ComponentScan`.

NOTE: The `serviceId` attribute is now deprecated in favor of the `name` attribute.

WARNING: Previously, using the `url` attribute, did not require the `name` attribute. Using `name` is now required.

Placeholders are supported in the `name` and `url` attributes.

[source,java,indent=0]
----
@FeignClient(name = "${feign.name}", url = "${feign.url}")
public interface StoreClient {
    //..
}
----

Spring Cloud Netflix provides the following beans by default for feign (`BeanType` beanName: `ClassName`):

* `Decoder` feignDecoder: `ResponseEntityDecoder` (which wraps a `SpringDecoder`)
* `Encoder` feignEncoder: `SpringEncoder`
* `Logger` feignLogger: `Slf4jLogger`
* `Contract` feignContract: `SpringMvcContract`
* `Feign.Builder` feignBuilder: `HystrixFeign.Builder`
* `Client` feignClient: if Ribbon is enabled it is a `LoadBalancerFeignClient`, otherwise the default feign client is used.

The OkHttpClient and ApacheHttpClient feign clients can be used by setting `feign.okhttp.enabled` or `feign.httpclient.enabled` to `true`, respectively, and having them on the classpath.
You can customize the HTTP client used by providing a bean of either `ClosableHttpClient` when using Apache or `OkHttpClient` whe using OK HTTP.

Spring Cloud Netflix _does not_ provide the following beans by default for feign, but still looks up beans of these types from the application context to create the feign client:

* `Logger.Level`
* `Retryer`
* `ErrorDecoder`
* `Request.Options`
* `Collection<RequestInterceptor>`
* `SetterFactory`

Creating a bean of one of those type and placing it in a `@FeignClient` configuration (such as `FooConfiguration` above) allows you to override each one of the beans described.  Example:

[source,java,indent=0]
----
@Configuration
public class FooConfiguration {
    @Bean
    public Contract feignContract() {
        return new feign.Contract.Default();
    }

    @Bean
    public BasicAuthRequestInterceptor basicAuthRequestInterceptor() {
        return new BasicAuthRequestInterceptor("user", "password");
    }
}
----

This replaces the `SpringMvcContract` with `feign.Contract.Default` and adds a `RequestInterceptor` to the collection of `RequestInterceptor`.

`@FeignClient` also can be configured using configuration properties.

application.yml
[source,yaml]
----
feign:
  client:
    config:
      feignName:
        connectTimeout: 5000
        readTimeout: 5000
        loggerLevel: full
        errorDecoder: com.example.SimpleErrorDecoder
        retryer: com.example.SimpleRetryer
        requestInterceptors:
          - com.example.FooRequestInterceptor
          - com.example.BarRequestInterceptor
        decode404: false
----

Default configurations can be specified in the `@EnableFeignClients` attribute `defaultConfiguration` in a similar manner as described above. The difference is that this configuration will apply to _all_ feign clients.

If you prefer using configuration properties to configured all `@FeignClient`, you can create configuration properties with `default` feign name.

application.yml
[source,yaml]
----
feign:
  client:
    config:
      default:
        connectTimeout: 5000
        readTimeout: 5000
        loggerLevel: basic
----

If we create both `@Configuration` bean and configuration properties, configuration properties will win.
It will override `@Configuration` values. But if you want to change the priority to `@Configuration`,
you can change `feign.client.default-to-properties` to `false`.

NOTE: If you need to use `ThreadLocal` bound variables in your `RequestInterceptor`s you will need to either set the
thread isolation strategy for Hystrix to `SEMAPHORE` or disable Hystrix in Feign.

application.yml
[source,yaml]
----
# To disable Hystrix in Feign
feign:
  hystrix:
    enabled: false

# To set thread isolation to SEMAPHORE
hystrix:
  command:
    default:
      execution:
        isolation:
          strategy: SEMAPHORE
----

=== Creating Feign Clients Manually

In some cases it might be necessary to customize your Feign Clients in a way that is not
possible using the methods above.  In this case you can create Clients using the
https://github.com/OpenFeign/feign/#basics[Feign Builder API]. Below is an example
which creates two Feign Clients with the same interface but configures each one with
a separate request interceptor.

[source,java,indent=0]
----
@Import(FeignClientsConfiguration.class)
class FooController {

	private FooClient fooClient;

	private FooClient adminClient;

    	@Autowired
	public FooController(
			Decoder decoder, Encoder encoder, Client client) {
		this.fooClient = Feign.builder().client(client)
				.encoder(encoder)
				.decoder(decoder)
				.requestInterceptor(new BasicAuthRequestInterceptor("user", "user"))
				.target(FooClient.class, "http://PROD-SVC");
		this.adminClient = Feign.builder().client(client)
				.encoder(encoder)
				.decoder(decoder)
				.requestInterceptor(new BasicAuthRequestInterceptor("admin", "admin"))
				.target(FooClient.class, "http://PROD-SVC");
    }
}
----

NOTE: In the above example `FeignClientsConfiguration.class` is the default configuration
provided by Spring Cloud Netflix.

NOTE: `PROD-SVC` is the name of the service the Clients will be making requests to.

[[spring-cloud-feign-hystrix]]
=== Feign Hystrix Support

If Hystrix is on the classpath and `feign.hystrix.enabled=true`, Feign will wrap all methods with a circuit breaker. Returning a `com.netflix.hystrix.HystrixCommand` is also available. This lets you use reactive patterns (with a call to `.toObservable()` or `.observe()` or asynchronous use (with a call to `.queue()`).

To disable Hystrix support on a per-client basis create a vanilla `Feign.Builder` with the "prototype" scope, e.g.:

[source,java,indent=0]
----
@Configuration
public class FooConfiguration {
    	@Bean
	@Scope("prototype")
	public Feign.Builder feignBuilder() {
		return Feign.builder();
	}
}
----

WARNING:  Prior to the Spring Cloud Dalston release, if Hystrix was on the classpath Feign would have wrapped
all methods in a circuit breaker by default.  This default behavior was changed in Spring Cloud Dalston in
favor for an opt-in approach.

[[spring-cloud-feign-hystrix-fallback]]
=== Feign Hystrix Fallbacks

Hystrix supports the notion of a fallback: a default code path that is executed when they circuit is open or there is an error. To enable fallbacks for a given `@FeignClient` set the `fallback` attribute to the class name that implements the fallback. You also need to declare your implementation as a Spring bean.

[source,java,indent=0]
----
@FeignClient(name = "hello", fallback = HystrixClientFallback.class)
protected interface HystrixClient {
    @RequestMapping(method = RequestMethod.GET, value = "/hello")
    Hello iFailSometimes();
}

static class HystrixClientFallback implements HystrixClient {
    @Override
    public Hello iFailSometimes() {
        return new Hello("fallback");
    }
}
----

If one needs access to the cause that made the fallback trigger, one can use the `fallbackFactory` attribute inside `@FeignClient`.

[source,java,indent=0]
----
@FeignClient(name = "hello", fallbackFactory = HystrixClientFallbackFactory.class)
protected interface HystrixClient {
	@RequestMapping(method = RequestMethod.GET, value = "/hello")
	Hello iFailSometimes();
}

@Component
static class HystrixClientFallbackFactory implements FallbackFactory<HystrixClient> {
	@Override
	public HystrixClient create(Throwable cause) {
		return new HystrixClient() {
			@Override
			public Hello iFailSometimes() {
				return new Hello("fallback; reason was: " + cause.getMessage());
			}
		};
	}
}
----

WARNING: There is a limitation with the implementation of fallbacks in Feign and how Hystrix fallbacks work. Fallbacks are currently not supported for methods that return `com.netflix.hystrix.HystrixCommand` and `rx.Observable`.

=== Feign and `@Primary`

When using Feign with Hystrix fallbacks, there are multiple beans in the `ApplicationContext` of the same type. This will cause `@Autowired` to not work because there isn't exactly one bean, or one marked as primary. To work around this, Spring Cloud Netflix marks all Feign instances as `@Primary`, so Spring Framework will know which bean to inject. In some cases, this may not be desirable. To turn off this behavior set the `primary` attribute of `@FeignClient` to false.

[source,java,indent=0]
----
@FeignClient(name = "hello", primary = false)
public interface HelloClient {
	// methods here
}
----

[[spring-cloud-feign-inheritance]]
=== Feign Inheritance Support

Feign supports boilerplate apis via single-inheritance interfaces.
This allows grouping common operations into convenient base interfaces.

.UserService.java
[source,java,indent=0]
----
public interface UserService {

    @RequestMapping(method = RequestMethod.GET, value ="/users/{id}")
    User getUser(@PathVariable("id") long id);
}
----

.UserResource.java
[source,java,indent=0]
----
@RestController
public class UserResource implements UserService {

}
----

.UserClient.java
[source,java,indent=0]
----
package project.user;

@FeignClient("users")
public interface UserClient extends UserService {

}
----

NOTE: It is generally not advisable to share an interface between a
server and a client. It introduces tight coupling, and also actually
doesn't work with Spring MVC in its current form (method parameter
mapping is not inherited).

=== Feign request/response compression

You may consider enabling the request or response GZIP compression for your
Feign requests. You can do this by enabling one of the properties:

[source,java]
----
feign.compression.request.enabled=true
feign.compression.response.enabled=true
----

Feign request compression gives you settings similar to what you may set for your web server:

[source,java]
----
feign.compression.request.enabled=true
feign.compression.request.mime-types=text/xml,application/xml,application/json
feign.compression.request.min-request-size=2048
----

These properties allow you to be selective about the compressed media types and minimum request threshold length.

=== Feign logging

A logger is created for each Feign client created. By default the name of the logger is the full class name of the interface used to create the Feign client. Feign logging only responds to the `DEBUG` level.

.application.yml

[source,yaml]
----
logging.level.project.user.UserClient: DEBUG
----

The `Logger.Level` object that you may configure per client, tells Feign how much to log. Choices are:

* `NONE`, No logging (*DEFAULT*).
* `BASIC`, Log only the request method and URL and the response status code and execution time.
* `HEADERS`, Log the basic information along with request and response headers.
* `FULL`, Log the headers, body, and metadata for both requests and responses.

For example, the following would set the `Logger.Level` to `FULL`:

[source,java,indent=0]
----
@Configuration
public class FooConfiguration {
    @Bean
    Logger.Level feignLoggerLevel() {
        return Logger.Level.FULL;
    }
}
----

== External Configuration: Archaius

https://github.com/Netflix/archaius[Archaius] is the Netflix client side configuration library.  It is the library used by all of the Netflix OSS components for configuration.  Archaius is an extension of the http://commons.apache.org/proper/commons-configuration[Apache Commons Configuration] project.  It allows updates to configuration by either polling a source for changes or for a source to push changes to the client.  Archaius uses Dynamic<Type>Property classes as handles to properties.

.Archaius Example
[source,java]
----
class ArchaiusTest {
    DynamicStringProperty myprop = DynamicPropertyFactory
            .getInstance()
            .getStringProperty("my.prop");

    void doSomething() {
        OtherClass.someMethod(myprop.get());
    }
}
----

Archaius has its own set of configuration files and loading priorities.  Spring applications should generally not use Archaius directly, but the need to configure the Netflix tools natively remains.  Spring Cloud has a Spring Environment Bridge so Archaius can read properties from the Spring Environment.  This allows Spring Boot projects to use the normal configuration toolchain, while allowing them to configure the Netflix tools, for the most part, as documented.

== Router and Filter: Zuul

Routing in an integral part of a microservice architecture.  For example, `/` may be mapped to your web application, `/api/users` is mapped to the user service and `/api/shop` is mapped to the shop service.  https://github.com/Netflix/zuul[Zuul] is a JVM based router and server side load balancer by Netflix.

http://www.slideshare.net/MikeyCohen1/edge-architecture-ieee-international-conference-on-cloud-engineering-32240146/27[Netflix uses Zuul] for the following:

* Authentication
* Insights
* Stress Testing
* Canary Testing
* Dynamic Routing
* Service Migration
* Load Shedding
* Security
* Static Response handling
* Active/Active traffic management

Zuul's rule engine allows rules and filters to be written in essentially any JVM language, with built in support for Java and Groovy.

NOTE: The configuration property `zuul.max.host.connections` has been replaced by two new properties, `zuul.host.maxTotalConnections` and `zuul.host.maxPerRouteConnections` which default to 200 and 20 respectively.

NOTE: Default Hystrix isolation pattern (ExecutionIsolationStrategy) for all routes is SEMAPHORE.  `zuul.ribbonIsolationStrategy` can be changed to THREAD if this isolation pattern is preferred.

[[netflix-zuul-starter]]
=== How to Include Zuul

To include Zuul in your project use the starter with group `org.springframework.cloud`
and artifact id `spring-cloud-starter-netflix-zuul`. See the http://projects.spring.io/spring-cloud/[Spring Cloud Project page]
for details on setting up your build system with the current Spring Cloud Release Train.

[[netflix-zuul-reverse-proxy]]
=== Embedded Zuul Reverse Proxy

Spring Cloud has created an embedded Zuul proxy to ease the
development of a very common use case where a UI application wants to
proxy calls to one or more back end services.  This feature is useful
for a user interface to proxy to the backend services it requires,
avoiding the need to manage CORS and authentication concerns
independently for all the backends.

To enable it, annotate a Spring Boot main class with
`@EnableZuulProxy`, and this forwards local calls to the appropriate
service.  By convention, a service with the ID "users", will
receive requests from the proxy located at `/users` (with the prefix
stripped). The proxy uses Ribbon to locate an instance to forward to
via discovery, and all requests are executed in a
<<hystrix-fallbacks-for-routes, hystrix command>>, so
failures will show up in Hystrix metrics, and once the circuit is open
the proxy will not try to contact the service.

NOTE: the Zuul starter does not include a discovery client, so for
routes based on service IDs you need to provide one of those
on the classpath as well (e.g. Eureka is one choice).

To skip having a service automatically added, set
`zuul.ignored-services` to a list of service id patterns. If a service
matches a pattern that is ignored, but also included in the explicitly
configured routes map, then it will be unignored. Example:

.application.yml
[source,yaml]
----
 zuul:
  ignoredServices: '*'
  routes:
    users: /myusers/**
----

In this example, all services are ignored *except* "users".

To augment or change
the proxy routes, you can add external configuration like the
following:

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users: /myusers/**
----

This means that http calls to "/myusers" get forwarded to the "users"
service (for example "/myusers/101" is forwarded to "/101").

To get more fine-grained control over a route you can specify the path
and the serviceId independently:

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users:
      path: /myusers/**
      serviceId: users_service
----

This means that http calls to "/myusers" get forwarded to the
"users_service" service.  The route has to have a "path" which can be
specified as an ant-style pattern, so "/myusers/{asterisk}" only matches one
level, but "/myusers/{all}" matches hierarchically.

The location of the backend can be specified as either a "serviceId"
(for a service from discovery) or a "url" (for a physical location), e.g.

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users:
      path: /myusers/**
      url: http://example.com/users_service
----

These simple url-routes don't get executed as a `HystrixCommand` nor do they loadbalance multiple URLs with Ribbon.
To achieve this, you can specify a `serviceId` with a static list of servers:

.application.yml
[source,yaml]
----
zuul:
  routes:
    echo:
      path: /myusers/**
      serviceId: myusers-service
      stripPrefix: true

hystrix:
  command:
    myusers-service:
      execution:
        isolation:
          thread:
            timeoutInMilliseconds: ...

myusers-service:
  ribbon:
    NIWSServerListClassName: com.netflix.loadbalancer.ConfigurationBasedServerList
    ListOfServers: http://example1.com,http://example2.com
    ConnectTimeout: 1000
    ReadTimeout: 3000
    MaxTotalHttpConnections: 500
    MaxConnectionsPerHost: 100  
----

Another method is specifiying a service-route and configure a Ribbon client for the
serviceId (this requires disabling Eureka support in Ribbon:
see <<spring-cloud-ribbon-without-eureka,above for more information>>), e.g.

.application.yml
[source,yaml]
----
zuul:
  routes:
    users:
      path: /myusers/**
      serviceId: users

ribbon:
  eureka:
    enabled: false

users:
  ribbon:
    listOfServers: example.com,google.com
----

You can provide convention between serviceId and routes using
regexmapper.  It uses regular expression named groups to extract
variables from serviceId and inject them into a route pattern.

.ApplicationConfiguration.java
[source,java]
----
@Bean
public PatternServiceRouteMapper serviceRouteMapper() {
    return new PatternServiceRouteMapper(
        "(?<name>^.+)-(?<version>v.+$)",
        "${version}/${name}");
}
----

This means that a serviceId "myusers-v1" will be mapped to route
"/v1/myusers/{all}".  Any regular expression is accepted but all named
groups must be present in both servicePattern and routePattern.  If
servicePattern does not match a serviceId, the default behavior is
used. In the example above, a serviceId "myusers" will be mapped to route
"/myusers/{all}" (no version detected) This feature is disabled by
default and only applies to discovered services.

To add a prefix to all mappings, set `zuul.prefix` to a value, such as
`/api`. The proxy prefix is stripped from the request before the
request is forwarded by default (switch this behaviour off with
`zuul.stripPrefix=false`). You can also switch off the stripping of
the service-specific prefix from individual routes, e.g.

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users:
      path: /myusers/**
      stripPrefix: false
----

NOTE:  `zuul.stripPrefix` only applies to the prefix set in `zuul.prefix`.  It does not have any effect on prefixes
defined within a given route's `path`.

In this example, requests to "/myusers/101" will be forwarded to "/myusers/101" on the "users" service.

The `zuul.routes` entries actually bind to an object of type `ZuulProperties`. If you
look at the properties of that object you will see that it also has a "retryable" flag.
Set that flag to "true" to have the Ribbon client automatically retry failed requests
(and if you need to you can modify the parameters of the retry operations using
the Ribbon client configuration).

The `X-Forwarded-Host` header is added to the forwarded requests by
default.  To turn it off set `zuul.addProxyHeaders = false`.  The
prefix path is stripped by default, and the request to the backend
picks up a header "X-Forwarded-Prefix" ("/myusers" in the examples
above).

An application with `@EnableZuulProxy` could act as a standalone
server if you set a default route ("/"), for example `zuul.route.home:
/` would route all traffic (i.e. "/{all}") to the "home" service.

If more fine-grained ignoring is needed, you can specify specific patterns to ignore.
These patterns are evaluated at the start of the route location process, which
means prefixes should be included in the pattern to warrant a match. Ignored patterns
span all services and supersede any other route specification.

.application.yml
[source,yaml]
----
 zuul:
  ignoredPatterns: /**/admin/**
  routes:
    users: /myusers/**
----

This means that all calls such as "/myusers/101" will be forwarded to "/101" on the "users" service.
But calls including "/admin/" will not resolve.

WARNING: If you need your routes to have their order preserved you need to use a YAML
file as the ordering will be lost using a properties file. For example:

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users:
      path: /myusers/**
    legacy:
      path: /**
----

If you were to use a properties file, the `legacy` path may end up in front of the `users`
path rendering the `users` path unreachable.

=== Zuul Http Client

The default HTTP client used by zuul is now backed by the Apache HTTP Client instead of the
deprecated Ribbon `RestClient`. To use `RestClient` or to use the `okhttp3.OkHttpClient` set
`ribbon.restclient.enabled=true` or `ribbon.okhttp.enabled=true` respectively.  If you would
like to customize the Apache HTTP client or the OK HTTP client provide a bean of type
`ClosableHttpClient` or `OkHttpClient`.

=== Cookies and Sensitive Headers

It's OK to share headers between services in the same system, but you
probably don't want sensitive headers leaking downstream into external
servers. You can specify a list of ignored headers as part of the
route configuration. Cookies play a special role because they have
well-defined semantics in browsers, and they are always to be treated
as sensitive. If the consumer of your proxy is a browser, then cookies
for downstream services also cause problems for the user because they
all get jumbled up (all downstream services look like they come from
the same place).

If you are careful with the design of your services, for example if
only one of the downstream services sets cookies, then you might be
able to let them flow from the backend all the way up to the
caller. Also, if your proxy sets cookies and all your back end
services are part of the same system, it can be natural to simply
share them (and for instance use Spring Session to link them up to some
shared state). Other than that, any cookies that get set by downstream
services are likely to be not very useful to the caller, so it is
recommended that you make (at least) "Set-Cookie" and "Cookie" into
sensitive headers for routes that are not part of your domain. Even
for routes that *are* part of your domain, try to think carefully
about what it means before allowing cookies to flow between them and
the proxy.

The sensitive headers can be configured as a comma-separated list per
route, e.g.

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users:
      path: /myusers/**
      sensitiveHeaders: Cookie,Set-Cookie,Authorization
      url: https://downstream
----

NOTE: this is the default value for `sensitiveHeaders`, so you don't
need to set it unless you want it to be different. N.B. this is new in
Spring Cloud Netflix 1.1 (in 1.0 the user had no control over headers
and all cookies flow in both directions).

The `sensitiveHeaders` are a blacklist and the default is not empty,
so to make Zuul send all headers (except the "ignored" ones) you would
have to explicitly set it to the empty list. This is necessary if you
want to pass cookie or authorization headers to your back end. Example:

.application.yml
[source,yaml]
----
 zuul:
  routes:
    users:
      path: /myusers/**
      sensitiveHeaders: 
      url: https://downstream
----

Sensitive headers can also be set globally by setting `zuul.sensitiveHeaders`. If `sensitiveHeaders` is set on a route, this will override the global `sensitiveHeaders` setting.

=== Ignored Headers

In addition to the per-route sensitive headers, you can set a global
value for `zuul.ignoredHeaders` for values that should be discarded
(both request and response) during interactions with downstream
services. By default these are empty, if Spring Security is not on the
classpath, and otherwise they are initialized to a set of well-known
"security" headers (e.g. involving caching) as specified by Spring
Security. The assumption in this case is that the downstream services
might add these headers too, and we want the values from the proxy.
To not discard these well known security headers in case Spring Security is on the classpath you can set `zuul.ignoreSecurityHeaders` to `false`. This can be useful if you disabled the HTTP Security response headers in Spring Security and want the values provided by downstream services

=== Management Endpoints

If you are using `@EnableZuulProxy` with the Spring Boot Actuator you
will enable (by default) two additional endpoints:

* Routes
* Filters

==== Routes Endpoint

A GET to the routes endpoint at `/routes` will return a list of the mapped
routes:

.GET /routes
[source,json]
----
{
  /stores/**: "http://localhost:8081"
}
----

Additional route details can be requested by adding the `?format=details` query
string to `/routes`. This will produce the following output:

.GET /routes?format=details
[source,json]
----
{
  "/stores/**": {
    "id": "stores",
    "fullPath": "/stores/**",
    "location": "http://localhost:8081",
    "path": "/**",
    "prefix": "/stores",
    "retryable": false,
    "customSensitiveHeaders": false,
    "prefixStripped": true
  }
}
----

A POST will force a refresh of the existing routes (e.g. in
case there have been changes in the service catalog).  You can disable
this endpoint by setting `endpoints.routes.enabled` to `false`.

NOTE: the routes should respond automatically to changes in the
service catalog, but the POST to /routes is a way to force the change
to happen immediately.

==== Filters Endpoint

A GET to the filters endpoint at `/filters` will return a map of Zuul
filters by type. For each filter type in the map, you will find a list
of all the filters of that type, along with their details.

=== Strangulation Patterns and Local Forwards

A common pattern when migrating an existing application or API is to
"strangle" old endpoints, slowly replacing them with different
implementations. The Zuul proxy is a useful tool for this because you
can use it to handle all traffic from clients of the old endpoints,
but redirect some of the requests to new ones.

Example configuration:

.application.yml
[source,yaml]
----
 zuul:
  routes:
    first:
      path: /first/**
      url: http://first.example.com
    second:
      path: /second/**
      url: forward:/second
    third:
      path: /third/**
      url: forward:/3rd
    legacy:
      path: /**
      url: http://legacy.example.com
----

In this example we are strangling the "legacy" app which is mapped to
all requests that do not match one of the other patterns. Paths in
`/first/{all}` have been extracted into a new service with an external
URL. And paths in `/second/{all}` are forwarded so they can be handled
locally, e.g. with a normal Spring `@RequestMapping`. Paths in
`/third/{all}` are also forwarded, but with a different prefix
(i.e. `/third/foo` is forwarded to `/3rd/foo`).

NOTE: The ignored patterns aren't completely ignored, they just
aren't handled by the proxy (so they are also effectively forwarded
locally).

=== Uploading Files through Zuul

If you `@EnableZuulProxy` you can use the proxy paths to
upload files and it should just work as long as the files
are small. For large files there is an alternative path
which bypasses the Spring `DispatcherServlet` (to
avoid multipart processing) in "/zuul/{asterisk}". I.e. if
`zuul.routes.customers=/customers/{all}` then you can
POST large files to "/zuul/customers/*". The servlet
path is externalized via `zuul.servletPath`. Extremely
large files will also require elevated timeout settings
if the proxy route takes you through a Ribbon load
balancer, e.g.

.application.yml
[source,yaml]
----
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds: 60000
ribbon:
  ConnectTimeout: 3000
  ReadTimeout: 60000
----

Note that for streaming to work with large files, you need to use chunked encoding in the request (which some browsers
do not do by default). E.g. on the command line:

----
$ curl -v -H "Transfer-Encoding: chunked" \
    -F "file=@mylarge.iso" localhost:9999/zuul/simple/file
----

=== Query String Encoding
When processing the incoming request, query params are decoded so they can be available for possible modifications in
Zuul filters. They are then re-encoded when building the backend request in the route filters. The result
can be different than the original input if it was encoded using Javascript's `encodeURIComponent()` method for example.
While this causes no issues in most cases, some web servers can be picky with the encoding of complex query string.

To force the original encoding of the query string, it is possible to pass a special flag to `ZuulProperties` so
that the query string is taken as is with the `HttpServletRequest::getQueryString` method : 

.application.yml
[source,yaml]
----
 zuul:
  forceOriginalQueryStringEncoding: true
----

*Note:* This special flag only works with `SimpleHostRoutingFilter` and you loose the ability to easily override
query parameters with `RequestContext.getCurrentContext().setRequestQueryParams(someOverriddenParameters)` since
the query string is now fetched directly on the original `HttpServletRequest`.

=== Plain Embedded Zuul

You can also run a Zuul server without the proxying, or switch on parts of the proxying platform selectively, if you
use `@EnableZuulServer` (instead of `@EnableZuulProxy`). Any beans that you add to the application of type `ZuulFilter`
will be installed automatically, as they are with `@EnableZuulProxy`, but without any of the proxy filters being added
automatically.

In this case the routes into the Zuul server are still specified by
configuring "zuul.routes.{asterisk}", but there is no service
discovery and no proxying, so the "serviceId" and "url" settings are
ignored. For example:

.application.yml
[source,yaml]
----
 zuul:
  routes:
    api: /api/**
----

maps all paths in "/api/{all}" to the Zuul filter chain.

=== Disable Zuul Filters

Zuul for Spring Cloud comes with a number of `ZuulFilter` beans enabled by default
in both proxy and server mode.  See https://github.com/spring-cloud/spring-cloud-netflix/tree/master/spring-cloud-netflix-core/src/main/java/org/springframework/cloud/netflix/zuul/filters[the zuul filters package] for the
possible filters that are enabled.  If you want to disable one, simply set
`zuul.<SimpleClassName>.<filterType>.disable=true`. By convention, the package after
`filters` is the Zuul filter type. For example to disable
`org.springframework.cloud.netflix.zuul.filters.post.SendResponseFilter` set
`zuul.SendResponseFilter.post.disable=true`.

[[hystrix-fallbacks-for-routes]]
=== Providing Hystrix Fallbacks For Routes

When a circuit for a given route in Zuul is tripped you can provide a fallback response
by creating a bean of type `ZuulFallbackProvider`.  Within this bean you need to specify
the route ID the fallback is for and provide a `ClientHttpResponse` to return
as a fallback.  Here is a very simple `ZuulFallbackProvider` implementation.

[source,java]
----
class MyFallbackProvider implements ZuulFallbackProvider {
    @Override
    public String getRoute() {
        return "customers";
    }

    @Override
    public ClientHttpResponse fallbackResponse() {
        return new ClientHttpResponse() {
            @Override
            public HttpStatus getStatusCode() throws IOException {
                return HttpStatus.OK;
            }

            @Override
            public int getRawStatusCode() throws IOException {
                return 200;
            }

            @Override
            public String getStatusText() throws IOException {
                return "OK";
            }

            @Override
            public void close() {

            }

            @Override
            public InputStream getBody() throws IOException {
                return new ByteArrayInputStream("fallback".getBytes());
            }

            @Override
            public HttpHeaders getHeaders() {
                HttpHeaders headers = new HttpHeaders();
                headers.setContentType(MediaType.APPLICATION_JSON);
                return headers;
            }
        };
    }
}
----

And here is what the route configuration would look like.

[source,yaml]
----
zuul:
  routes:
    customers: /customers/**
----

If you would like to provide a default fallback for all routes than you can create a bean of
type `ZuulFallbackProvider` and have the `getRoute` method return `*` or `null`.

[source,java]
----
class MyFallbackProvider implements ZuulFallbackProvider {
    @Override
    public String getRoute() {
        return "*";
    }

    @Override
    public ClientHttpResponse fallbackResponse() {
        return new ClientHttpResponse() {
            @Override
            public HttpStatus getStatusCode() throws IOException {
                return HttpStatus.OK;
            }

            @Override
            public int getRawStatusCode() throws IOException {
                return 200;
            }

            @Override
            public String getStatusText() throws IOException {
                return "OK";
            }

            @Override
            public void close() {

            }

            @Override
            public InputStream getBody() throws IOException {
                return new ByteArrayInputStream("fallback".getBytes());
            }

            @Override
            public HttpHeaders getHeaders() {
                HttpHeaders headers = new HttpHeaders();
                headers.setContentType(MediaType.APPLICATION_JSON);
                return headers;
            }
        };
    }
}
----

If you would like to choose the response based on the cause of the failure use `FallbackProvider` which will replace `ZuulFallbackProvder` in future versions.

[source,java]
----
class MyFallbackProvider implements FallbackProvider {

    @Override
    public String getRoute() {
        return "*";
    }

    @Override
    public ClientHttpResponse fallbackResponse(final Throwable cause) {
        if (cause instanceof HystrixTimeoutException) {
            return response(HttpStatus.GATEWAY_TIMEOUT);
        } else {
            return fallbackResponse();
        }
    }

    @Override
    public ClientHttpResponse fallbackResponse() {
        return response(HttpStatus.INTERNAL_SERVER_ERROR);
    }

    private ClientHttpResponse response(final HttpStatus status) {
        return new ClientHttpResponse() {
            @Override
            public HttpStatus getStatusCode() throws IOException {
                return status;
            }

            @Override
            public int getRawStatusCode() throws IOException {
                return status.value();
            }

            @Override
            public String getStatusText() throws IOException {
                return status.getReasonPhrase();
            }

            @Override
            public void close() {
            }

            @Override
            public InputStream getBody() throws IOException {
                return new ByteArrayInputStream("fallback".getBytes());
            }

            @Override
            public HttpHeaders getHeaders() {
                HttpHeaders headers = new HttpHeaders();
                headers.setContentType(MediaType.APPLICATION_JSON);
                return headers;
            }
        };
    }
}
----

=== Zuul Timeouts

If you want to configure the socket timeouts and read timeouts for requests proxied through
Zuul there are two options based on your configuration.

If Zuul is using service discovery than you need to configure these timeouts via Ribbon properties,
`ribbon.ReadTimeout` and `ribbon.SocketTimeout`.

If you have configured Zuul routes by specifying URLs than you will need to use
`zuul.host.connect-timeout-millis` and `zuul.host.socket-timeout-millis`.

[[zuul-redirect-location-rewrite]]
=== Rewriting `Location` header

If Zuul is fronting a web application then there may be a need to re-write the `Location` header when the web application redirects through a http status code of 3XX, otherwise the browser will end up redirecting to the web application's url instead of the Zuul url. 
A `LocationRewriteFilter` Zuul filter can  be configured to re-write the Location header to the Zuul's url, it also adds back the stripped global and route specific prefixes. The filter can be added the following way via a Spring Configuration file:

[source,java]
----
import org.springframework.cloud.netflix.zuul.filters.post.LocationRewriteFilter;
...

@Configuration
@EnableZuulProxy
public class ZuulConfig {
    @Bean
    public LocationRewriteFilter locationRewriteFilter() {
        return new LocationRewriteFilter();
    }
}
----

[WARNING]
====
Use this filter with caution though, the filter acts on the `Location` header of ALL 3XX response codes which may not be appropriate in all scenarios, say if the user is redirecting to an external URL.
====

[[zuul-developer-guide]]
=== Zuul Developer Guide

For a general overview of how Zuul works, please see https://github.com/Netflix/zuul/wiki/How-it-Works[the Zuul Wiki].

==== The Zuul Servlet

Zuul is implemented as a Servlet. For the general cases, Zuul is embedded into the Spring Dispatch mechanism. This allows Spring MVC to be in control of the routing. In this case, Zuul is configured to buffer requests. If there is a need to go through Zuul without buffering requests (e.g. for large file uploads), the Servlet is also installed outside of the Spring Dispatcher. By default, this is located at `/zuul`. This path can be changed with the `zuul.servlet-path` property.

==== Zuul RequestContext

To pass information between filters, Zuul uses a https://github.com/Netflix/zuul/blob/1.x/zuul-core/src/main/java/com/netflix/zuul/context/RequestContext.java[`RequestContext`]. Its data is held in a `ThreadLocal` specific to each request. Information about where to route requests, errors and the actual `HttpServletRequest` and `HttpServletResponse` are stored there. The `RequestContext` extends `ConcurrentHashMap`, so anything can be stored in the context. https://github.com/spring-cloud/spring-cloud-netflix/blob/master/spring-cloud-netflix-core/src/main/java/org/springframework/cloud/netflix/zuul/filters/support/FilterConstants.java[`FilterConstants`] contains the keys that are used by the filters installed by Spring Cloud Netflix (more on these later).

==== `@EnableZuulProxy` vs. `@EnableZuulServer`

Spring Cloud Netflix installs a number of filters based on which annotation was used to enable Zuul. `@EnableZuulProxy` is a superset of `@EnableZuulServer`. In other words, `@EnableZuulProxy` contains all filters installed by `@EnableZuulServer`. The additional filters in the "proxy" enable routing functionality. If you want a "blank" Zuul, you should use `@EnableZuulServer`.

==== `@EnableZuulServer` Filters

Creates a `SimpleRouteLocator` that loads route definitions from Spring Boot configuration files.

The following filters are installed (as normal Spring Beans):

Pre filters:

- `ServletDetectionFilter`: Detects if the request is through the Spring Dispatcher. Sets boolean with key `FilterConstants.IS_DISPATCHER_SERVLET_REQUEST_KEY`.
- `FormBodyWrapperFilter`: Parses form data and reencodes it for downstream requests.
- `DebugFilter`: if the `debug` request parameter is set, this filter sets `RequestContext.setDebugRouting()` and `RequestContext.setDebugRequest()` to true.

Route filters:

- `SendForwardFilter`: This filter forwards requests using the Servlet `RequestDispatcher`. The forwarding location is stored in the `RequestContext` attribute `FilterConstants.FORWARD_TO_KEY`. This is useful for forwarding to endpoints in the current application.

Post filters:

- `SendResponseFilter`: Writes responses from proxied requests to the current response.

Error filters:

- `SendErrorFilter`: Forwards to /error (by default) if `RequestContext.getThrowable()` is not null. The default forwarding path (`/error`) can be changed by setting the `error.path` property.

==== `@EnableZuulProxy` Filters

Creates a `DiscoveryClientRouteLocator` that loads route definitions from a `DiscoveryClient` (like Eureka), as well as from properties. A route is created for each `serviceId` from the `DiscoveryClient`. As new services are added, the routes will be refreshed.

In addition to the filters described above, the following filters are installed (as normal Spring Beans):

Pre filters:

- `PreDecorationFilter`: This filter determines where and how to route based on the supplied `RouteLocator`. It also sets various proxy-related headers for downstream requests.

Route filters:

* `RibbonRoutingFilter`: This filter uses Ribbon, Hystrix and pluggable HTTP clients to send requests. Service ids are found in the `RequestContext` attribute `FilterConstants.SERVICE_ID_KEY`. This filter can use different HTTP clients. They are:
** Apache `HttpClient`. This is the default client.
** Squareup `OkHttpClient` v3. This is enabled by having the `com.squareup.okhttp3:okhttp` library on the classpath and setting `ribbon.okhttp.enabled=true`.
** Netflix Ribbon HTTP client. This is enabled by setting `ribbon.restclient.enabled=true`. This client has limitations, such as it doesn't support the PATCH method, but also has built-in retry.

* `SimpleHostRoutingFilter`: This filter sends requests to predetermined URLs via an Apache HttpClient. URLs are found in `RequestContext.getRouteHost()`.

==== Custom Zuul Filter examples

Most of the following "How to Write" examples below are included https://github.com/spring-cloud-samples/sample-zuul-filters[Sample Zuul Filters] project. There are also examples of manipulating the request or response body in that repository.

==== How to Write a Pre Filter

Pre filters are used to set up data in the `RequestContext` for use in filters downstream. The main use case is to set information required for route filters.

[source,java]
----
public class QueryParamPreFilter extends ZuulFilter {
	@Override
	public int filterOrder() {
		return PRE_DECORATION_FILTER_ORDER - 1; // run before PreDecoration
	}

	@Override
	public String filterType() {
		return PRE_TYPE;
	}

	@Override
	public boolean shouldFilter() {
		RequestContext ctx = RequestContext.getCurrentContext();
		return !ctx.containsKey(FORWARD_TO_KEY) // a filter has already forwarded
				&& !ctx.containsKey(SERVICE_ID_KEY); // a filter has already determined serviceId
	}
    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
		HttpServletRequest request = ctx.getRequest();
		if (request.getParameter("foo") != null) {
		    // put the serviceId in `RequestContext`
    		ctx.put(SERVICE_ID_KEY, request.getParameter("foo"));
    	}
        return null;
    }
}
----

The filter above populates `SERVICE_ID_KEY` from the `foo` request parameter. In reality, it's not a good idea to do that kind of direct mapping, but the service id should be looked up from the value of `foo` instead.

Now that `SERVICE_ID_KEY` is populated, `PreDecorationFilter` won't run and `RibbonRoutingFilter` will. If you wanted to route to a full URL instead, call `ctx.setRouteHost(url)` instead.

To modify the path that routing filters will forward to, set the `REQUEST_URI_KEY`.

==== How to Write a Route Filter

Route filters are run after pre filters and are used to make requests to other services. Much of the work here is to translate request and response data to and from the client required model.

[source,java]
----
public class OkHttpRoutingFilter extends ZuulFilter {
	@Autowired
	private ProxyRequestHelper helper;

	@Override
	public String filterType() {
		return ROUTE_TYPE;
	}

	@Override
	public int filterOrder() {
		return SIMPLE_HOST_ROUTING_FILTER_ORDER - 1;
	}

	@Override
	public boolean shouldFilter() {
		return RequestContext.getCurrentContext().getRouteHost() != null
				&& RequestContext.getCurrentContext().sendZuulResponse();
	}

    @Override
    public Object run() {
		OkHttpClient httpClient = new OkHttpClient.Builder()
				// customize
				.build();

		RequestContext context = RequestContext.getCurrentContext();
		HttpServletRequest request = context.getRequest();

		String method = request.getMethod();

		String uri = this.helper.buildZuulRequestURI(request);

		Headers.Builder headers = new Headers.Builder();
		Enumeration<String> headerNames = request.getHeaderNames();
		while (headerNames.hasMoreElements()) {
			String name = headerNames.nextElement();
			Enumeration<String> values = request.getHeaders(name);

			while (values.hasMoreElements()) {
				String value = values.nextElement();
				headers.add(name, value);
			}
		}

		InputStream inputStream = request.getInputStream();

		RequestBody requestBody = null;
		if (inputStream != null && HttpMethod.permitsRequestBody(method)) {
			MediaType mediaType = null;
			if (headers.get("Content-Type") != null) {
				mediaType = MediaType.parse(headers.get("Content-Type"));
			}
			requestBody = RequestBody.create(mediaType, StreamUtils.copyToByteArray(inputStream));
		}

		Request.Builder builder = new Request.Builder()
				.headers(headers.build())
				.url(uri)
				.method(method, requestBody);

		Response response = httpClient.newCall(builder.build()).execute();

		LinkedMultiValueMap<String, String> responseHeaders = new LinkedMultiValueMap<>();

		for (Map.Entry<String, List<String>> entry : response.headers().toMultimap().entrySet()) {
			responseHeaders.put(entry.getKey(), entry.getValue());
		}

		this.helper.setResponse(response.code(), response.body().byteStream(),
				responseHeaders);
		context.setRouteHost(null); // prevent SimpleHostRoutingFilter from running
		return null;
    }
}
----

The above filter translates Servlet request information into OkHttp3 request information, executes an HTTP request, then translates OkHttp3 reponse information to the Servlet response. WARNING: this filter might have bugs and not function correctly.

==== How to Write a Post Filter

Post filters typically manipulate the response. In the filter below, we add a random `UUID` as the `X-Foo` header. Other manipulations, such as transforming the response body, are much more complex and compute-intensive.

[source,java]
----
public class AddResponseHeaderFilter extends ZuulFilter {
	@Override
	public String filterType() {
		return POST_TYPE;
	}

	@Override
	public int filterOrder() {
		return SEND_RESPONSE_FILTER_ORDER - 1;
	}

	@Override
	public boolean shouldFilter() {
		return true;
	}

	@Override
	public Object run() {
		RequestContext context = RequestContext.getCurrentContext();
    	HttpServletResponse servletResponse = context.getResponse();
		servletResponse.addHeader("X-Foo", UUID.randomUUID().toString());
		return null;
	}
}
----

==== How Zuul Errors Work

If an exception is thrown during any portion of the Zuul filter lifecycle, the error filters are executed. The `SendErrorFilter` is only run if `RequestContext.getThrowable()` is not `null`. It then sets specific `javax.servlet.error.*` attributes in the request and forwards the request to the Spring Boot error page.

==== Zuul Eager Application Context Loading

Zuul internally uses Ribbon for calling the remote url's and Ribbon clients are by default lazily loaded up by Spring Cloud on first call.
This behavior can be changed for Zuul using the following configuration and will result in the child Ribbon related Application contexts being eagerly loaded up at application startup time.

.application.yml
----
zuul:
  ribbon:
    eager-load:
      enabled: true
----

== Polyglot support with Sidecar

Do you have non-jvm languages you want to take advantage of Eureka, Ribbon and
Config Server?  The Spring Cloud Netflix Sidecar was inspired by
https://github.com/Netflix/Prana[Netflix Prana].  It includes a simple http api
to get all of the instances (ie host and port) for a given service.  You can
also proxy service calls through an embedded Zuul proxy which gets its route
entries from Eureka.  The Spring Cloud Config Server can be accessed directly
via host lookup or through the Zuul Proxy.  The non-jvm app should implement
a health check so the Sidecar can report to eureka if the app is up or down.

To include Sidecar in your project use the dependency with group `org.springframework.cloud`
and artifact id `spring-cloud-netflix-sidecar`.

To enable the Sidecar, create a Spring Boot application with `@EnableSidecar`.
This annotation includes `@EnableCircuitBreaker`, `@EnableDiscoveryClient`,
and `@EnableZuulProxy`.  Run the resulting application on the same host as the
non-jvm application.

To configure the side car add `sidecar.port` and `sidecar.health-uri` to `application.yml`.
The `sidecar.port` property is the port the non-jvm app is listening on.  This
is so the Sidecar can properly register the app with Eureka.  The `sidecar.health-uri`
is a uri accessible on the non-jvm app that mimicks a Spring Boot health
indicator.  It should return a json document like the following:

.health-uri-document
[source,json]
----
{
  "status":"UP"
}
----

Here is an example application.yml for a Sidecar application:

.application.yml
[source,yaml]
----
server:
  port: 5678
spring:
  application:
    name: sidecar

sidecar:
  port: 8000
  health-uri: http://localhost:8000/health.json
----

The api for the `DiscoveryClient.getInstances()` method is `/hosts/{serviceId}`.
Here is an example response for `/hosts/customers` that returns two instances on
different hosts.  This api is accessible to the non-jvm app (if the sidecar is
on port 5678) at `http://localhost:5678/hosts/{serviceId}`.

./hosts/customers
[source,json]
----
[
    {
        "host": "myhost",
        "port": 9000,
        "uri": "http://myhost:9000",
        "serviceId": "CUSTOMERS",
        "secure": false
    },
    {
        "host": "myhost2",
        "port": 9000,
        "uri": "http://myhost2:9000",
        "serviceId": "CUSTOMERS",
        "secure": false
    }
]
----

The Zuul proxy automatically adds routes for each service known in eureka to
`/<serviceId>`, so the customers service is available at `/customers`.  The
Non-jvm app can access the customer service via `http://localhost:5678/customers`
(assuming the sidecar is listening on port 5678).

If the Config Server is registered with Eureka, non-jvm application can access
it via the Zuul proxy.  If the serviceId of the ConfigServer is `configserver`
and the Sidecar is on port 5678, then it can be accessed at
http://localhost:5678/configserver

Non-jvm app can take advantage of the Config Server's ability to return YAML
documents.  For example, a call to http://sidecar.local.spring.io:5678/configserver/default-master.yml
might result in a YAML document like the following

[source,yaml]
----
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
  password: password
info:
  description: Spring Cloud Samples
  url: https://github.com/spring-cloud-samples
----

[[netflix-rxjava-springmvc]]
== RxJava with Spring MVC
Spring Cloud Netflix includes https://github.com/ReactiveX/RxJava[RxJava].

> RxJava is a Java VM implementation of http://reactivex.io/[Reactive Extensions]: a library for composing asynchronous and event-based programs by using observable sequences.

Spring Cloud Netflix provides support for returning `rx.Single` objects from Spring MVC Controllers. It also supports using `rx.Observable` objects for https://en.wikipedia.org/wiki/Server-sent_events[Server-sent events (SSE)]. This can be very convenient if your internal APIs are already built using RxJava (see <<spring-cloud-feign-hystrix>> for examples).

Here are some examples of using `rx.Single`:

[source,java]
----
include::../../../../spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/rx/SingleReturnValueHandlerTests.java[tags=rx_single,indent=0]
----

If you have an `Observable`, rather than a single, you can use `.toSingle()` or `.toList().toSingle()`. Here are some examples:

[source,java]
----
include::../../../../spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/rx/ObservableReturnValueHandlerTests.java[tags=rx_observable,indent=0]
----

If you have a streaming endpoint and client, SSE could be an option. To convert `rx.Observable` to a Spring `SseEmitter` use `RxResponse.sse()`. Here are some examples:

[source,java]
----
include::../../../../spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/rx/ObservableSseEmitterTests.java[tags=rx_observable_sse,indent=0]
----

[[netflix-metrics]]
== Metrics: Spectator, Servo, and Atlas

When used together, Spectator/Servo and Atlas provide a near real-time operational insight platform.

Spectator and Servo are Netflix's metrics collection libraries. Atlas is a Netflix metrics backend to manage dimensional time series data.

Servo served Netflix for several years and is still usable, but is gradually being phased out in favor of Spectator, which is only designed to work with Java 8.  Spring Cloud Netflix provides support for both, but Java 8 based applications are encouraged to use Spectator.

=== Dimensional vs. Hierarchical Metrics

Spring Boot Actuator metrics are hierarchical and metrics are separated only by name. These names often follow a naming convention that embeds key/value attribute pairs (dimensions) into the name separated by periods. Consider the following metrics for two endpoints, root and star-star:

[source,json]
----
{
    "counter.status.200.root": 20,
    "counter.status.400.root": 3,
    "counter.status.200.star-star": 5,
}
----

The first metric gives us a normalized count of successful requests against the root endpoint per unit of time. But what if the system had 20 endpoints and you want to get a count of successful requests against all the endpoints? Some hierarchical metrics backends would allow you to specify a wild card such as `counter.status.200.\*` that would read all 20 metrics and aggregate the results. Alternatively, you could provide a `HandlerInterceptorAdapter` that intercepts and records a metric like `counter.status.200.all` for all successful requests irrespective of the endpoint, but now you must write 20+1 different metrics. Similarly if you want to know the total number of successful requests for all endpoints in the service, you could specify a wild card such as `counter.status.2*.*`.

Even in the presence of wildcarding support on a hierarchical metrics backend, naming consistency can be difficult. Specifically the position of these tags in the name string can slip with time, breaking queries. For example, suppose we add an additional dimension to the hierarchical metrics above for HTTP method. Then `counter.status.200.root` becomes `counter.status.200.method.get.root`, etc. Our `counter.status.200.*` suddenly no longer has the same semantic meaning.  Furthermore, if the new dimension is not applied uniformly across the codebase, certain queries may become impossible. This can quickly get out of hand.

Netflix metrics are tagged (a.k.a. dimensional). Each metric has a name, but this single named metric can contain multiple statistics and 'tag' key/value pairs that allows more querying flexibility. In fact, the statistics themselves are recorded in a special tag.

Recorded with Netflix Servo or Spectator, a timer for the root endpoint described above contains 4 statistics per status code, where the count statistic is identical to Spring Boot Actuator's counter. In the event that we have encountered an HTTP 200 and 400 thus far, there will be 8 available data points:

[source,json]
----
{
    "root(status=200,stastic=count)": 20,
    "root(status=200,stastic=max)": 0.7265630630000001,
    "root(status=200,stastic=totalOfSquares)": 0.04759702862580789,
    "root(status=200,stastic=totalTime)": 0.2093076914666667,
    "root(status=400,stastic=count)": 1,
    "root(status=400,stastic=max)": 0,
    "root(status=400,stastic=totalOfSquares)": 0,
    "root(status=400,stastic=totalTime)": 0,
}
----

=== Default Metrics Collection

Without any additional dependencies or configuration, a Spring Cloud based service will autoconfigure a Servo `MonitorRegistry` and begin collecting metrics on every Spring MVC request. By default, a Servo timer with the name `rest` will be recorded for each MVC request which is tagged with:

1. HTTP method
2. HTTP status (e.g. 200, 400, 500)
3. URI (or "root" if the URI is empty), sanitized for Atlas
4. The exception class name, if the request handler threw an exception
5. The caller, if a request header with a key matching `netflix.metrics.rest.callerHeader` is set on the request. There is no default key for `netflix.metrics.rest.callerHeader`. You must add it to your application properties if you wish to collect caller information.

Set the `netflix.metrics.rest.metricName` property to change the name of the metric from `rest` to a name you provide.

If Spring AOP is enabled and `org.aspectj:aspectjweaver` is present on your runtime classpath, Spring Cloud will also collect metrics on every client call made with `RestTemplate`. A Servo timer with the name of `restclient` will be recorded for each MVC request which is tagged with:

1. HTTP method
2. HTTP status (e.g. 200, 400, 500), "CLIENT_ERROR" if the response returned null, or "IO_ERROR" if an `IOException` occurred during the execution of the `RestTemplate` method
3. URI, sanitized for Atlas
4. Client name

WARNING: Avoid using hardcoded url parameters within `RestTemplate`.  When targeting dynamic endpoints use URL variables. This will avoid potential "GC Overhead Limit Reached" issues where `ServoMonitorCache` treats each url as a unique key.

[source,java,indent=0]
----
// recommended
String orderid = "1";
restTemplate.getForObject("http://testeurekabrixtonclient/orders/{orderid}", String.class, orderid)

// avoid
restTemplate.getForObject("http://testeurekabrixtonclient/orders/1", String.class)
----

[[netflix-metrics-spectator]]
=== Metrics Collection: Spectator

To enable Spectator metrics, include a dependency on `spring-boot-starter-spectator`:

[source,xml]
----
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-netflix-spectator</artifactId>
    </dependency>
----

In Spectator parlance, a meter is a named, typed, and tagged configuration and a metric represents the value of a given meter at a point in time. Spectator meters are created and controlled by a registry, which currently has several different implementations. Spectator provides 4 meter types: counter, timer, gauge, and distribution summary.

Spring Cloud Spectator integration configures an injectable `com.netflix.spectator.api.Registry` instance for you. Specifically, it configures a `ServoRegistry` instance in order to unify the collection of REST metrics and the exporting of metrics to the Atlas backend under a single Servo API. Practically, this means that your code may use a mixture of Servo monitors and Spectator meters and both will be scooped up by Spring Boot Actuator `MetricReader` instances and both will be shipped to the Atlas backend.

==== Spectator Counter

A counter is used to measure the rate at which some event is occurring.

[source,java]
----
// create a counter with a name and a set of tags
Counter counter = registry.counter("counterName", "tagKey1", "tagValue1", ...);
counter.increment(); // increment when an event occurs
counter.increment(10); // increment by a discrete amount
----

The counter records a single time-normalized statistic.

==== Spectator Timer

A timer is used to measure how long some event is taking. Spring Cloud automatically records timers for Spring MVC requests and conditionally `RestTemplate` requests, which can later be used to create dashboards for request related metrics like latency:

.Request Latency
image::RequestLatency.png[]

[source,java]
----
// create a timer with a name and a set of tags
Timer timer = registry.timer("timerName", "tagKey1", "tagValue1", ...);

// execute an operation and time it at the same time
T result = timer.record(() -> fooReturnsT());

// alternatively, if you must manually record the time
Long start = System.nanoTime();
T result = fooReturnsT();
timer.record(System.nanoTime() - start, TimeUnit.NANOSECONDS);
----

The timer simultaneously records 4 statistics: count, max, totalOfSquares, and totalTime.  The count statistic will always match the single normalized value provided by a counter if you had called `increment()` once on the counter for each time you recorded a timing, so it is rarely necessary to count and time separately for a single operation.

For link:https://github.com/Netflix/spectator/wiki/Timer-Usage#longtasktimer[long running operations], Spectator provides a special `LongTaskTimer`.

==== Spectator Gauge

Gauges are used to determine some current value like the size of a queue or number of threads in a running state. Since gauges are sampled, they provide no information about how these values fluctuate between samples.

The normal use of a gauge involves registering the gauge once in initialization with an id, a reference to the object to be sampled, and a function to get or compute a numeric value based on the object. The reference to the object is passed in separately and the Spectator registry will keep a weak reference to the object. If the object is garbage collected, then Spectator will automatically drop the registration. See link:https://github.com/Netflix/spectator/wiki/Gauge-Usage#using-lambda[the note] in Spectator's documentation about potential memory leaks if this API is misused.

[source,java]
----
// the registry will automatically sample this gauge periodically
registry.gauge("gaugeName", pool, Pool::numberOfRunningThreads);

// manually sample a value in code at periodic intervals -- last resort!
registry.gauge("gaugeName", Arrays.asList("tagKey1", "tagValue1", ...), 1000);
----

==== Spectator Distribution Summaries

A distribution summary is used to track the distribution of events. It is similar to a timer, but more general in that the size does not have to be a period of time. For example, a distribution summary could be used to measure the payload sizes of requests hitting a server.

[source,java]
----
// the registry will automatically sample this gauge periodically
DistributionSummary ds = registry.distributionSummary("dsName", "tagKey1", "tagValue1", ...);
ds.record(request.sizeInBytes());
----

[[netflix-metrics-servo]]
=== Metrics Collection: Servo

WARNING: If your code is compiled on Java 8, please use Spectator instead of Servo as Spectator is destined to replace Servo entirely in the long term.

In Servo parlance, a monitor is a named, typed, and tagged configuration and a metric represents the value of a given monitor at a point in time. Servo monitors are logically equivalent to Spectator meters. Servo monitors are created and controlled by a `MonitorRegistry`. In spite of the above warning, Servo does have a link:https://github.com/Netflix/servo/wiki/Getting-Started[wider array] of monitor options than Spectator has meters.

Spring Cloud integration configures an injectable `com.netflix.servo.MonitorRegistry` instance for you. Once you have created the appropriate `Monitor` type in Servo, the process of recording data is wholly similar to Spectator.

==== Creating Servo Monitors

If you are using the Servo `MonitorRegistry` instance provided by Spring Cloud (specifically, an instance of `DefaultMonitorRegistry`), Servo provides convenience classes for retrieving link:https://github.com/Netflix/spectator/wiki/Servo-Comparison#dynamiccounter[counters] and link:https://github.com/Netflix/spectator/wiki/Servo-Comparison#dynamictimer[timers].  These convenience classes ensure that only one `Monitor` is registered for each unique combination of name and tags.

To manually create a Monitor type in Servo, especially for the more exotic monitor types for which convenience methods are not provided, instantiate the appropriate type by providing a `MonitorConfig` instance:

[source,java]
----
MonitorConfig config = MonitorConfig.builder("timerName").withTag("tagKey1", "tagValue1").build();

// somewhere we should cache this Monitor by MonitorConfig
Timer timer = new BasicTimer(config);
monitorRegistry.register(timer);
----

[[netflix-metrics-atlas]]
=== Metrics Backend: Atlas

Atlas was developed by Netflix to manage dimensional time series data for near real-time operational insight. Atlas features in-memory data storage, allowing it to gather and report very large numbers of metrics, very quickly.

Atlas captures operational intelligence. Whereas business intelligence is data gathered for analyzing trends over time, operational intelligence provides a picture of what is currently happening within a system.

Spring Cloud provides a `spring-cloud-starter-netflix-atlas` that has all the dependencies you need. Then just annotate your Spring Boot application with `@EnableAtlas` and provide a location for your running Atlas server with the `netflix.atlas.uri` property.

==== Global tags

Spring Cloud enables you to add tags to every metric sent to the Atlas backend. Global tags can be used to separate metrics by application name, environment, region, etc.

Each bean implementing `AtlasTagProvider` will contribute to the global tag list:

[source,java]
----
@Bean
AtlasTagProvider atlasCommonTags(
    @Value("${spring.application.name}") String appName) {
  return () -> Collections.singletonMap("app", appName);
}
----

==== Using Atlas

To bootstrap a in-memory standalone Atlas instance:

[source,bash]
----
$ curl -LO https://github.com/Netflix/atlas/releases/download/v1.4.2/atlas-1.4.2-standalone.jar
$ java -jar atlas-1.4.2-standalone.jar
----

TIP: An Atlas standalone node running on an r3.2xlarge (61GB RAM) can handle roughly 2 million metrics per minute for a given 6 hour window.

Once running and you have collected a handful of metrics, verify that your setup is correct by listing tags on the Atlas server:

[source,bash]
----
$ curl http://ATLAS/api/v1/tags
----

TIP: After executing several requests against your service, you can gather some very basic information on the request latency of every request by pasting the following url in your browser: `http://ATLAS/api/v1/graph?q=name,rest,:eq,:avg`

The Atlas wiki contains a link:https://github.com/Netflix/atlas/wiki/Single-Line[compilation of sample queries] for various scenarios.

Make sure to check out the link:https://github.com/Netflix/atlas/wiki/Alerting-Philosophy[alerting philosophy] and docs on using link:https://github.com/Netflix/atlas/wiki/DES[double exponential smoothing] to generate dynamic alert thresholds.

[[retrying-failed-requests]]
=== Retrying Failed Requests

Spring Cloud Netflix offers a variety of ways to make HTTP requests.  You can use a load balanced
`RestTemplate`, Ribbon, or Feign.  No matter how you choose to your HTTP requests, there is always
a chance the request may fail.  When a request fails you may want to have the request retried
automatically.  To accomplish this when using Sping Cloud Netflix you need to include
https://github.com/spring-projects/spring-retry[Spring Retry] on your application's classpath.
When Spring Retry is present load balanced `RestTemplates`, Feign, and Zuul will automatically
retry any failed requests (assuming you configuration allows it to).

==== BackOff Policies
By default no backoff policy is used when retrying requests.  If you would like to configure
a backoff policy you will need to create a bean of type `LoadBalancedBackOffPolicyFactory`
which will be used to create a `BackOffPolicy` for a given service.

[source,java,indent=0]
----
@Configuration
public class MyConfiguration {
    @Bean
    LoadBalancedBackOffPolicyFactory backOffPolciyFactory() {
        return new LoadBalancedBackOffPolicyFactory() {
            @Override
            public BackOffPolicy createBackOffPolicy(String service) {
                return new ExponentialBackOffPolicy();
            }
        };
    }
}
----

==== Configuration

Anytime Ribbon is used with Spring Retry you can control the retry functionality by configuring
certain Ribbon properties.  The properties you can use are
`client.ribbon.MaxAutoRetries`, `client.ribbon.MaxAutoRetriesNextServer`, and
`client.ribbon.OkToRetryOnAllOperations`. See the https://github.com/Netflix/ribbon/wiki/Getting-Started#the-properties-file-sample-clientproperties[Ribbon documentation]
for a description of what there properties do.

WARNING: Enabling `client.ribbon.OkToRetryOnAllOperations` includes retring POST requests wich can have a impact
on the server's resources due to the buffering of the request's body.

In addition you may want to retry requests when certain status codes are returned in the
response.  You can list the response codes you would like the Ribbon client to retry using the
 property `clientName.ribbon.retryableStatusCodes`.  For example

[source,yaml]
----
clientName:
  ribbon:
    retryableStatusCodes: 404,502
----

You can also create a bean of type `LoadBalancedRetryPolicy` and implement the `retryableStatusCode`
method to determine whether you want to retry a request given the status code.



==== Zuul

You can turn off Zuul's retry functionality by setting `zuul.retryable` to `false`.  You
can also disable retry functionality on route by route basis by setting
`zuul.routes.routename.retryable` to `false`.

== HTTP Clients

Spring Cloud Netflix will automatically create the HTTP client used by Ribbon, Feign, and
Zuul for you.  However you can also provide your own HTTP clients customized how you please
yourself.  To do this you can either create a bean of type `ClosableHttpClient` if you
are using the Apache Http Cient, or `OkHttpClient` if you are using OK HTTP.

NOTE: When you create your own HTTP client you are also responsible for implementing
the correct connection management strategies for these clients.  Doing this improperly
can result in resource management issues.