I an not very familiar with solr. I have installed solr successfully. It is using jetty webserver. My solr version is 4.10.3. It admin page is not protected by password. Anyone can access it. I want to apply a paaword on solr admin. How I will do it?
How to set Apache solr admin password
Asked Answered
For version below 5
If you are using solr-webapp then you need to modify web.xml file and add these lines:
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Lockdown</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name>
</login-config>
For Jetty server, you need to add below lines in /example/etc/webdefault.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>**admin-role**</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Update /example/etc/jetty.xml file
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
/example/etc/realm.properties :
admin: s3cr3t, admin-role
Username = admin password = s3cr3t. Role name = admin-role
Solr version 5+
In latest Solr version folder structure got changed. You will find all files in below folder-path.
{SOLR_HOME}/server/etc/jetty.xml {SOLR_HOME}/server/etc/webdefault.xml
Create new credential file at {SOLR_HOME}/server/etc/realm.properties:
admin: s3cr3t, admin-role
For more info you can help solr wiki docs
I am using jetty. I follow your instructions but it did not work for my case –
Pained
I have updated answer try putting above changes accordingly and let me know if it works.It is works for me. updated url <url-pattern>/</url-pattern>. –
Bourbon
I think what might be confusing is that the only text you need to add to realm.properties is
admin: s3cr3t, admin-role. I was trying to add the entire string, because I'm a noob. –
Gastroenteritis LandonC I have updated the string for admin and s3cr3t –
Bourbon
Hi Manoj, In the <role-name>core1-role</role-name> you had mentioned core1-role and int realm.properties the role is admin-role will that work? –
Galluses
This is working, admin is now secured, but also the REST endpoints (such as example.com:8983/solr/mycore/select?q=*%3A*&wt=json&indent=true) are now under authentication. How can I just secure the admin web interface, but leave the REST endpoints without authentication? –
Dovetail
In solr 5 there is not
etc folder in /opt/solr or its sub directories. Please tell a solution for solr 5 –
Woolgrower @Woolgrower You can check below folder directory and update the details accordingly. /opt/solr/server/etc/jetty.xml –
Bourbon
You should replace
core1-role by admin-role in webdefault.xml –
Sherronsherry I followed the same steps and when i try to login I get this error ""Problem accessing /solr/. Reason: !role " Can anyone help please –
Erdman
This worked for me. But instead of changing the webdefault.xml, I made all the changes in the path wherefrom the solr is running.
/opt/solr/server/solr-webapp/webapp/WEB-INF/web.xml, /opt/solr/server/etc/jetty.xml and /opt/solr/server/etc/realm.properties. Thanks, you saved my day. –
Pretense If not working, Create creds file in /opt/solr-6.6.2/server/etc/realm.properties –
Honshu
@capooti, did you get any solution for the use case you mentioned. I want to implement the same –
Rind
@MuthuPrasanth I am now using nginx and it correctly works by using auth_basic and auth_basic_user_file –
Dovetail
will it work for solr7.4.0, because after adding all above properties my solr is not starting –
Passkey
Enable authentication in solr admin running with solr 6.1 and jetty
Pre condition:
Solr version 6.1
Solr is running successfully in the system
Solr Admin running through jetty
Process:
1. Edit jetty.xml
Edit the file “server/etc/jetty.xml” Add following before the Configure tag ends
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
2. Edit webdefault.xml
Edit the file “server/etc/webdefault.xml” Add following before the web-app tag ends
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>core1-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Special Note:
Value used in the role-name tag need to be same used in “realm.properties” file
3. Create new file “realm.properties”
Create a file named “realm.properties” in the location “server/etc/” and put the below content
admin: admin123,core1-role
User Name: admin
Password: admin123
Role name: core1-role
(This need to be same as the name used in role-name tag in server/etc/webdefault.xml” file )
4. Final Step
Restart Solr server
Now access Solr in your browser http://localhost:8983/solr/
You will find the browser is asking for username and password. Enter the username and password.
What are the first two steps for? –
Disappointment
Password hashing is also accepted - admin: MD5:<yourhashedpassword>,<role> –
Hurley
Is it possible to white-list this authentication for a certian range of IP addresses ? –
Cesium
If its not working, Create creds file in /opt/solr-6.6.2/server/etc/realm.properties –
Honshu
It's not working, the page (after restarting the server), shows a 503 error "Service Unavailable" (version 7.4.0) –
Pacesetter
This also seems to be broken on Solr 8.1.1 - the system doesn't start with the changes shown above. –
Pyszka
On Solr 8.8 I got error at <Set name="refreshInterval">0</Set> . Once that line in jetty.xml was removed, the server started and prompted me for a login! –
Garett
For version below 5
If you are using solr-webapp then you need to modify web.xml file and add these lines:
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Lockdown</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name>
</login-config>
For Jetty server, you need to add below lines in /example/etc/webdefault.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>**admin-role**</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Update /example/etc/jetty.xml file
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
/example/etc/realm.properties :
admin: s3cr3t, admin-role
Username = admin password = s3cr3t. Role name = admin-role
Solr version 5+
In latest Solr version folder structure got changed. You will find all files in below folder-path.
{SOLR_HOME}/server/etc/jetty.xml {SOLR_HOME}/server/etc/webdefault.xml
Create new credential file at {SOLR_HOME}/server/etc/realm.properties:
admin: s3cr3t, admin-role
For more info you can help solr wiki docs
I am using jetty. I follow your instructions but it did not work for my case –
Pained
I have updated answer try putting above changes accordingly and let me know if it works.It is works for me. updated url <url-pattern>/</url-pattern>. –
Bourbon
I think what might be confusing is that the only text you need to add to realm.properties is
admin: s3cr3t, admin-role. I was trying to add the entire string, because I'm a noob. –
Gastroenteritis LandonC I have updated the string for admin and s3cr3t –
Bourbon
Hi Manoj, In the <role-name>core1-role</role-name> you had mentioned core1-role and int realm.properties the role is admin-role will that work? –
Galluses
This is working, admin is now secured, but also the REST endpoints (such as example.com:8983/solr/mycore/select?q=*%3A*&wt=json&indent=true) are now under authentication. How can I just secure the admin web interface, but leave the REST endpoints without authentication? –
Dovetail
In solr 5 there is not
etc folder in /opt/solr or its sub directories. Please tell a solution for solr 5 –
Woolgrower @Woolgrower You can check below folder directory and update the details accordingly. /opt/solr/server/etc/jetty.xml –
Bourbon
You should replace
core1-role by admin-role in webdefault.xml –
Sherronsherry I followed the same steps and when i try to login I get this error ""Problem accessing /solr/. Reason: !role " Can anyone help please –
Erdman
This worked for me. But instead of changing the webdefault.xml, I made all the changes in the path wherefrom the solr is running.
/opt/solr/server/solr-webapp/webapp/WEB-INF/web.xml, /opt/solr/server/etc/jetty.xml and /opt/solr/server/etc/realm.properties. Thanks, you saved my day. –
Pretense If not working, Create creds file in /opt/solr-6.6.2/server/etc/realm.properties –
Honshu
@capooti, did you get any solution for the use case you mentioned. I want to implement the same –
Rind
@MuthuPrasanth I am now using nginx and it correctly works by using auth_basic and auth_basic_user_file –
Dovetail
will it work for solr7.4.0, because after adding all above properties my solr is not starting –
Passkey
If you are using tomcat,
Open [Tomcat install dir]\tomcat-users.xml for editing.
Add the following lines within the <tomcat-user> element and save the changes (using your own username and password):
<role rolename="solr_admin"/><user username="your_username" password="your_password" roles="solr_admin"/>
Open Tomcat install dir\webapps\solr\WEB-INF\web.xml for editing.
"solr" in the path is the name of the instance you want to secure. Typically this is "solr," but may be different if you are running an advanced setup.
Add the following lines within the <web-app> element:
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Lockdown</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name></login-config>
Save the changes and restart Tomcat. Test your changes by starting a new browser session and navigating to your site, for ex. http://localhost:8080/solr/ You should be prompted for credentials.
If your Tomcat install dir tomcat-users.xml file is being modified then go to tomcat-users.xml file under Servers in Project Explorer and add your changes there.
As setting a password to Solr is a pain in the ass (sorry, but some time you have to name it as it is) I propose an other solution: Restrict access to it using iptables.
If you install Apache Solr Server usually the Server will listen on Port 8983. Hence the servers admin interface will be available under:
http://YOUR_SERVERS_IP:8983/solr/
So we can restrict connections to port 8983 as follows:
iptables -A INPUT -p tcp -s localhost --dport 8983 -j ACCEPT
iptables -A INPUT -p tcp -s YOUR_SERVERS_IP --dport 8983 -j ACCEPT
iptables -A INPUT -p tcp --dport 8983 -j DROP
This will accept all requests from localhost (first line) and from the server's IP itself (second line), but drop all other connections (last line). The second line is not necessary but helps us to find easy access to Solr's admin interface. To access the admin interface form a local machine, we have to forward all connections to the server at first. The easiest way to do this, is using sshuttle (lazy mans VPN):
sshuttle --dns -r root@YOUR_SERVERS_IP 0/0
Performing this command on the local machine, from where we want to access the admin interface.
An other option is, to use ssh tunnelling with the open ssh client:
ssh -D 1080 root@YOUR_SERVERS_IP
Set up a socks proxy in your browser to port 1080.
If I use above then how it can server to our webclient. That is a website is ajax –
Pained
I'm dealing with Solr v.4.10 too and this is really annoyingly hard. None of the so-called "solutions" works for me. I ended up installing Nginx on my Ubuntu box and proxy the :8983 port to docker, where password is required by Nginx. This works for me.
I have just to inform what was solution in my case. Actually my website was written in ajax that's why by setting passowrd also protect my website. So its not the solution in case where solr has to be used by open internet. So its best solution as guided by solr wiki is to use proxies like node.js, nginex etc. as given here
Using node.js proxy and applying iptable rules ( as guided above) solve my problem.
© 2022 - 2024 — McMap. All rights reserved.