[ckan-dev] FW: Securing the :8983/solr/admin page

David Raznick david.raznick at okfn.org
Tue May 14 13:13:56 UTC 2013


Hello

In production servers it is probably better to run with a firewall and
therefore you can just block that port to the outside world.

Thanks

David


On Tue, May 14, 2013 at 12:16 PM, Adrià Mercader <adria.mercader at okfn.org>wrote:

> Hi Fred,
>
> I'm not a sysadmin, so I may be wrong in this, but we don't generally
> password protect our Solr deployments on the frontend, as we either:
> * install them on dedicated servers and then restrict their access via
> firewall to just the relevant CKAN servers that are using them.
> * install them on the same server as CKAN and set JETTY_HOST=127.0.0.1
> on /etc/default/jetty, which will make jetty only listen to
> connections from localhost.
>
> The drawback of course if that you can not access the admin interface
> unless you add your IP to the accepted ones.
>
> I can not help with the jetty security setup that you link to.
>
> Adrià
>
>
>
> On 13 May 2013 23:38, Sasse, Fred (MNIT) <fred.sasse at state.mn.us> wrote:
> > Hello, I am wondering if anyone has implemented password protection on
> the
> > CKAN /solr/admin page in Ubuntu with Jetty?
> >
> >
> >
> > The solr documentation is not very clear on how to do this at
> > http://wiki.apache.org/solr/SolrSecurity.
> >
> >
> >
> > The best example I have found so far is here, but I haven’t been able to
> get
> > it to work either:
> >
> >
> >
> > http://knackforge.com/blog/sivaji/how-protect-apache-solr-admin-console
> >
> >
> >
> > If you have solved this, please share!
> >
> >
> >
> > I am thinking most are running with the :8983/solr/admin wide open.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Fred Sasse
> >
> >
> >
> >
> > _______________________________________________
> > ckan-dev mailing list
> > ckan-dev at lists.okfn.org
> > http://lists.okfn.org/mailman/listinfo/ckan-dev
> > Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
> >
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20130514/044831ef/attachment-0001.html>


More information about the ckan-dev mailing list