lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Dunphy <bluethu...@gmail.com>
Subject Re: Solr authentication
Date Tue, 04 Nov 2014 14:07:13 GMT
Shay,



> Thanks for the quick response.


No problem.

>
>         1.  I'm using Solr with Jetty.
>

Yes. I got that from the fact that you were running Solr over port 8983.
That's the Jetty port. I just didn't mention that in the email cuz I
thought it was pretty obvious. :)

But what I am saying you should do is to get Solr to run under Tomcat
instead of Jetty. And then front it with apache. It'll be the only way to
put authentication on your Solr instance that I know of. It's also pretty
easy to do.

And I did think that was the only way to secure solr. But after googling
this question I do see there are some other ways to go about it.

http://stackoverflow.com/questions/17613835/securing-solr-in-production

But like I said the way I did this is pretty easy and that's what I'm
recommending you do.


>         2. I'm using Java to access Solr, so I need a way to pass / add
> this authentication as well.



You should have no trouble doing that with the way that I told you to set
this up. If you do what I did you'll be using SSL. Which is the most secure
you can get!

Tim

On Tue, Nov 4, 2014 at 8:49 AM, Shay Sofer <shayso@checkpoint.com> wrote:

> Thanks for the quick response.
>
>         1.  I'm using Solr with Jetty.
>         2. I'm using Java to access Solr, so I need a way to pass / add
> this authentication as well.
>
>
>
>
> -----Original Message-----
> From: Tim Dunphy [mailto:bluethundr@gmail.com]
> Sent: Tuesday, November 04, 2014 3:22 PM
> To: solr-user@lucene.apache.org
> Subject: Re: Solr authentication
>
> Hi Shay,
>
> I'm new to using Solr myself. But what I've done to solve this problem is
> to run Solr via Tomcat. Then I put Apache in front of Tomcat using mod_jk
> and made Solr accessible via SSL on port 443. I also put basic
> authentication in front of Apache. That way you have to enter a username
> and password to log in.
>
> Then I made port 8080 (the native port for Apache Tomcat) inaccessible
> using the firewall. So that the only way to access the Solr instance was
> through Apache and entering your password. With everything going over SSL.
> It's very secure.
>
> From what I read about Solr, there are no security considerations (such as
> using a password for access) built in. So the only way to achieve some
> level of security without doing what I just did is to secure it with a
> firewall. Making your Solr instance accessible only from certain IPs.
> Please someone correct me if I'm wrong about that.
>
> But the way I did it with running Solr with Apache and SSL and mod_jk over
> tomcat is pretty easy. If you google it you will find plenty of useful
> guides out there on how to do this. I'd recommend taking that approach.
>
> Tim
>
> Sent from my iPhone
>
> > On Nov 4, 2014, at 7:53 AM, Shay Sofer <shayso@checkpoint.com> wrote:
> >
> > Hi,
> >
> > I want that my Solr web connection will be protected by username and
> password.
> >
> > When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after
> login (with known users).
> >
> > Is it possible ?
> >
> > Thanks,
> > Shay.
>
> Email secured by Check Point
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message