Return-Path: X-Original-To: apmail-lucene-solr-user-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E47661043E for ; Tue, 4 Nov 2014 14:09:12 +0000 (UTC) Received: (qmail 36238 invoked by uid 500); 4 Nov 2014 14:09:09 -0000 Delivered-To: apmail-lucene-solr-user-archive@lucene.apache.org Received: (qmail 36168 invoked by uid 500); 4 Nov 2014 14:09:09 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 36156 invoked by uid 99); 4 Nov 2014 14:09:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 14:09:08 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of bluethundr@gmail.com designates 209.85.212.172 as permitted sender) Received: from [209.85.212.172] (HELO mail-wi0-f172.google.com) (209.85.212.172) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 14:09:04 +0000 Received: by mail-wi0-f172.google.com with SMTP id bs8so9479513wib.17 for ; Tue, 04 Nov 2014 06:07:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=lrHAYW0IzZYg4TdWpqyOSgLKnhSIZaPdhzg6pIf8PNE=; b=ja9qm2D+pHNKpZvTeFY4ThQLIPueGpocZBiL4RpVbMOS4ksg7PPIWINNu+LeRkzSGo LvKfCvyn/cWkg9JGNW/yglVotwTLPronYasYyAQaDnnmZGahVNCa9taPzlpCICTt8pZm xnohSQDA5D/Wu8s/ALs1gPHMuWeQ5I2/mXU4NJ5+fGhNLTkYdoVv+4zyIVO/6G+szsZ+ HnFaVW6GK56g1bTxSE/4wxwr+141XMV3lffPe+VjqQk+n0CrpmEPWxU9wjxLTPx3chqy 6pnB4vfJ9vuoG2Zzq/cnBxqjfY1b/Aqcy6xEQ4MQadLdiT1yGDhynA84mx9QS41c6tar Fmjw== MIME-Version: 1.0 X-Received: by 10.180.9.103 with SMTP id y7mr24916546wia.5.1415110033164; Tue, 04 Nov 2014 06:07:13 -0800 (PST) Received: by 10.216.90.134 with HTTP; Tue, 4 Nov 2014 06:07:13 -0800 (PST) In-Reply-To: <8BDEF4EB3BF8E34FBB43BF46A279E19586C1912F@DAG-EX10.ad.checkpoint.com> References: <8BDEF4EB3BF8E34FBB43BF46A279E19586C19119@DAG-EX10.ad.checkpoint.com> <8BDEF4EB3BF8E34FBB43BF46A279E19586C1912F@DAG-EX10.ad.checkpoint.com> Date: Tue, 4 Nov 2014 09:07:13 -0500 Message-ID: Subject: Re: Solr authentication From: Tim Dunphy To: solr-user@lucene.apache.org Content-Type: multipart/alternative; boundary=001a11c238b8d850c3050708fa46 X-Virus-Checked: Checked by ClamAV on apache.org --001a11c238b8d850c3050708fa46 Content-Type: text/plain; charset=UTF-8 Shay, > Thanks for the quick response. No problem. > > 1. I'm using Solr with Jetty. > Yes. I got that from the fact that you were running Solr over port 8983. That's the Jetty port. I just didn't mention that in the email cuz I thought it was pretty obvious. :) But what I am saying you should do is to get Solr to run under Tomcat instead of Jetty. And then front it with apache. It'll be the only way to put authentication on your Solr instance that I know of. It's also pretty easy to do. And I did think that was the only way to secure solr. But after googling this question I do see there are some other ways to go about it. http://stackoverflow.com/questions/17613835/securing-solr-in-production But like I said the way I did this is pretty easy and that's what I'm recommending you do. > 2. I'm using Java to access Solr, so I need a way to pass / add > this authentication as well. You should have no trouble doing that with the way that I told you to set this up. If you do what I did you'll be using SSL. Which is the most secure you can get! Tim On Tue, Nov 4, 2014 at 8:49 AM, Shay Sofer wrote: > Thanks for the quick response. > > 1. I'm using Solr with Jetty. > 2. I'm using Java to access Solr, so I need a way to pass / add > this authentication as well. > > > > > -----Original Message----- > From: Tim Dunphy [mailto:bluethundr@gmail.com] > Sent: Tuesday, November 04, 2014 3:22 PM > To: solr-user@lucene.apache.org > Subject: Re: Solr authentication > > Hi Shay, > > I'm new to using Solr myself. But what I've done to solve this problem is > to run Solr via Tomcat. Then I put Apache in front of Tomcat using mod_jk > and made Solr accessible via SSL on port 443. I also put basic > authentication in front of Apache. That way you have to enter a username > and password to log in. > > Then I made port 8080 (the native port for Apache Tomcat) inaccessible > using the firewall. So that the only way to access the Solr instance was > through Apache and entering your password. With everything going over SSL. > It's very secure. > > From what I read about Solr, there are no security considerations (such as > using a password for access) built in. So the only way to achieve some > level of security without doing what I just did is to secure it with a > firewall. Making your Solr instance accessible only from certain IPs. > Please someone correct me if I'm wrong about that. > > But the way I did it with running Solr with Apache and SSL and mod_jk over > tomcat is pretty easy. If you google it you will find plenty of useful > guides out there on how to do this. I'd recommend taking that approach. > > Tim > > Sent from my iPhone > > > On Nov 4, 2014, at 7:53 AM, Shay Sofer wrote: > > > > Hi, > > > > I want that my Solr web connection will be protected by username and > password. > > > > When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after > login (with known users). > > > > Is it possible ? > > > > Thanks, > > Shay. > > Email secured by Check Point > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B --001a11c238b8d850c3050708fa46--