We're are using Jetty as a container for Solr and we've been configuring it heavily first for setting it up as a service and later for adding security. We considered the following options for securing the Solr instance
1. IP Filtering
2. Basic Username/Password authentication
We eventually went with IP filtering. IP filtering can be achieved by using the HTAccessHandler. To use the handler you need a .htaccess file which tells Jetty which IPs to allow or block. So your .htaccess file will look
Allowing from localhost or 127.0.0.1 doesn't work in Jetty 6 and I don't think Mortbay is supporting Jetty 6 anymore. With out of the box Solr configuration, Jetty explodes the solr.war file in the webapps folder to load Solr. However, I unzipped the war file (which is essentially a zip file) in to folder named solr in the webapps folder.
Next, you need to create a solr.xml file that tells Jetty to load a custom context.
Now comment out the redundant deployer org.mortbay.jetty.deployer.WebAppDeployer in etc/jetty.xml. Now, start up solr using java -jar start.jar and you now have a secure Solr instance.
1. IP Filtering
2. Basic Username/Password authentication
We eventually went with IP filtering. IP filtering can be achieved by using the HTAccessHandler. To use the handler you need a .htaccess file which tells Jetty which IPs to allow or block. So your .htaccess file will look
<Limit> satisfy all order deny, allow deny from all allow from xxx.xxx.xxx.xxx </Limit>
Allowing from localhost or 127.0.0.1 doesn't work in Jetty 6 and I don't think Mortbay is supporting Jetty 6 anymore. With out of the box Solr configuration, Jetty explodes the solr.war file in the webapps folder to load Solr. However, I unzipped the war file (which is essentially a zip file) in to folder named solr in the webapps folder.
Next, you need to create a solr.xml file that tells Jetty to load a custom context.
<Configure id="solr" class="org.mortbay.jetty.webapp.WebAppContext"> <Set name="resourceBase"><SystemProperty name="jetty.home" default="."/>/webapps/solr</Set> <Set name="contextPath">/solr</Set> <Call name="setSecurityHandler"> <Arg> <New class="org.mortbay.jetty.security.HTAccessHandler"> <Set name="protegee"> <Ref id="solr"/> </Set> </New> </Arg> </Call> </Configure>You can place this file in webapps/solr
Now comment out the redundant deployer org.mortbay.jetty.deployer.WebAppDeployer in etc/jetty.xml. Now, start up solr using java -jar start.jar and you now have a secure Solr instance.
doesnt work for me :((
ReplyDeleteAre you trying to access from localhost? What exactly is the problem?
ReplyDelete