How to disable solr admin page
For production, it feels unsafe to have a solr admin which even doesn\'t ask login credentials. How can I disable the solr admin page which comes by default? I simply want my we
-
You could protect your admin page with a password just by adding a security constraint to the Solr web application.
Snippet for Solr 3.6:
<security-constraint> <!-- This protects your admin interface and grants access to role Solr-Admin --> <web-resource-collection> <web-resource-name>Solr admin</web-resource-name> <!--url-pattern>/admin/*</url-pattern--> <url-pattern>/evu/admin/*</url-pattern> <url-pattern>/webcrawl/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Solr-Admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <!-- This protects your admin interface and grants access to roles Solr-Admin and Solr-Updater --> <web-resource-collection> <web-resource-name>Solr Update</web-resource-name> <url-pattern>/update/*</url-pattern> <url-pattern>/evu/update/*</url-pattern> <url-pattern>/webcrawl/update/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Solr-Admin</role-name> <role-name>Solr-Update</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <!-- This one is necessary to show the image on the Solr start page --> <web-resource-collection> <web-resource-name>Solr Admin images</web-resource-name> <url-pattern>*.png</url-pattern> </web-resource-collection> <auth-contraint> <role-name>*</role-name> </auth-contraint> </security-constraint> <security-role> <description>The role that is required to administer Solr</description> <role-name>Solr-Admin</role-name> </security-role> <security-role> <description>The role that is required to update the Solr index</description> <role-name>Solr-Update</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <realm-name>Solr</realm-name> </login-config> </web-app>In Solr 4 you have to protect the following resources for the admin interface:
/admin/* /admin.html讨论(0) -
I highly suggest keeping the admin page for debugging purposes. It has saved me in numerous cases. There are ways to restrict it to HTTP-authenticated users only: http://wiki.apache.org/solr/SolrSecurity#Jetty_example . You may have to unzip and re-zip your webapp.
However if you still want to disable the entire admin section, you can comment out the admin requestHandler in ${SOLR_HOME}/project/solr/conf/solrconfig.xml .
讨论(0) -
sudo vim /opt/solr-4.8.1/example/etc/jetty.xml change
<!-- This connector is currently being used for Solr because it showed better performance than nio.SelectChannelConnector for typical Solr requests. --> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.bio.SocketConnector"> <Set name="host">0.0.0.0</Set> <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> <Set name="maxIdleTime">50000</Set> <Set name="lowResourceMaxIdleTime">1500</Set> <Set name="statsOn">false</Set> </New> </Arg> </Call>to
<!-- This connector is currently being used for Solr because it showed better performance than nio.SelectChannelConnector for typical Solr requests. --> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.bio.SocketConnector"> <Set name="host">127.0.0.1</Set> <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> <Set name="maxIdleTime">50000</Set> <Set name="lowResourceMaxIdleTime">1500</Set> <Set name="statsOn">false</Set> </New> </Arg> </Call>then sudo service solrd restart
讨论(0) -
The most easy way:
iptables -A INPUT -p tcp --dport 8983 -j DROP
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 8983 -j ACCEPT
with this order!
讨论(0)
加载中...
- 热议问题