如何禁用solr管理頁面

Question

對於生產而言，使用即使不要求登錄憑證的solr管理員也感到不安全。我如何禁用默認出現的solr管理頁面？我只是想讓我的web應用程序使用Solr進行搜索詞索引。

Answer 1

我強烈建議保留管理頁面用於調試目的。它在很多情況下拯救了我。有幾種方法可以將其限制爲僅限HTTP驗證的用戶：http://wiki.apache.org/solr/SolrSecurity#Jetty_example。你可能需要解壓並重新壓縮你的web應用程序。

但是，如果您仍想禁用整個管理部分，則可以在$ {SOLR_HOME} /project/solr/conf/solrconfig.xml中註釋掉admin requestHandler。

Answer 2

只需將安全約束添加到Solr Web應用程序，您就可以使用密碼保護您的管理頁面。

摘錄了Solr的3.6：

<security-constraint> 
    <!-- This protects your admin interface and grants access to role Solr-Admin --> 
    <web-resource-collection> 
    <web-resource-name>Solr admin</web-resource-name> 
     <!--url-pattern>/admin/*</url-pattern--> 
     <url-pattern>/evu/admin/*</url-pattern> 
     <url-pattern>/webcrawl/admin/*</url-pattern> 
    </web-resource-collection> 
    <auth-constraint> 
     <role-name>Solr-Admin</role-name> 
    </auth-constraint> 
    <user-data-constraint> 
     <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
    </user-data-constraint> 
    </security-constraint> 

    <security-constraint> 
    <!-- This protects your admin interface and grants access to roles Solr-Admin and Solr-Updater --> 
    <web-resource-collection> 
     <web-resource-name>Solr Update</web-resource-name> 
     <url-pattern>/update/*</url-pattern> 
     <url-pattern>/evu/update/*</url-pattern> 
     <url-pattern>/webcrawl/update/*</url-pattern> 
    </web-resource-collection> 
    <auth-constraint> 
     <role-name>Solr-Admin</role-name> 
     <role-name>Solr-Update</role-name> 
    </auth-constraint> 
    <user-data-constraint> 
     <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
    </user-data-constraint> 
    </security-constraint> 

    <security-constraint> 
    <!-- This one is necessary to show the image on the Solr start page --> 
    <web-resource-collection> 
     <web-resource-name>Solr Admin images</web-resource-name> 
     <url-pattern>*.png</url-pattern> 
    </web-resource-collection> 
    <auth-contraint> 
     <role-name>*</role-name> 
    </auth-contraint> 
    </security-constraint> 

    <security-role> 
    <description>The role that is required to administer Solr</description> 
    <role-name>Solr-Admin</role-name> 
    </security-role> 
    <security-role> 
    <description>The role that is required to update the Solr index</description> 
    <role-name>Solr-Update</role-name> 
    </security-role> 

    <login-config> 
    <auth-method>BASIC</auth-method> 
    <realm-name>Solr</realm-name> 
    </login-config> 
</web-app> 

Solr中4，你必須保護下列資源的管理界面：

/admin/* 
/admin.html 

Answer 3

最簡單的方法：

的iptables -A INPUT -p tcp --dport 8983 -j DROP

iptables -A INPUT -p tcp -s 127.0.0.1 --dport 8983 -j ACCEPT

用這個命令！

Answer 4

須藤的vim /opt/solr-4.8.1/example/etc/jetty.xml 變化

<!-- This connector is currently being used for Solr because it 
      showed better performance than nio.SelectChannelConnector 
      for typical Solr requests. --> 
    <Call name="addConnector"> 
     <Arg> 
      <New class="org.eclipse.jetty.server.bio.SocketConnector"> 
      <Set name="host">0.0.0.0</Set> 
      <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> 
      <Set name="maxIdleTime">50000</Set> 
      <Set name="lowResourceMaxIdleTime">1500</Set> 
      <Set name="statsOn">false</Set> 
      </New> 
     </Arg> 
    </Call> 

到

<!-- This connector is currently being used for Solr because it 
      showed better performance than nio.SelectChannelConnector 
      for typical Solr requests. --> 
    <Call name="addConnector"> 
     <Arg> 
      <New class="org.eclipse.jetty.server.bio.SocketConnector"> 
      <Set name="host">127.0.0.1</Set> 
      <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> 
      <Set name="maxIdleTime">50000</Set> 
      <Set name="lowResourceMaxIdleTime">1500</Set> 
      <Set name="statsOn">false</Set> 
      </New> 
     </Arg> 
    </Call> 

然後 須藤服務solrd重啓