mirror of https://github.com/apache/lucene.git
SOLR-4839: SSL support with Jetty 9. Also fixes SOLR-7449 on trunk.
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1675619 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Shalin Shekhar Mangar
parent
551562bed6
commit
299ddc5abe
|
|
@ -142,6 +142,14 @@ if [ -n "$SOLR_SSL_OPTS" ]; then
|
|||
SOLR_URL_SCHEME=https
|
||||
fi
|
||||
|
||||
# Which Jetty module to use - either HTTPS or HTTP
|
||||
SOLR_JETTY_CONFIG=()
|
||||
if [ -n "$SOLR_SSL_OPTS" ]; then
|
||||
SOLR_JETTY_CONFIG+=("--module=https")
|
||||
else
|
||||
SOLR_JETTY_CONFIG+=("--module=http")
|
||||
fi
|
||||
|
||||
function print_usage() {
|
||||
CMD="$1"
|
||||
ERROR_MSG="$2"
|
||||
|
|
@ -1289,11 +1297,8 @@ function launch_solr() {
|
|||
|
||||
# If SSL-related system props are set, add them to SOLR_OPTS
|
||||
if [ -n "$SOLR_SSL_OPTS" ]; then
|
||||
# If using SSL and jetty.ssl.port not set explicitly, use the jetty.port
|
||||
SSL_PORT_PROP="-Djetty.ssl.port=$SOLR_PORT"
|
||||
if [ -n "$SOLR_SSL_PORT" ]; then
|
||||
SSL_PORT_PROP="-Djetty.ssl.port=$SOLR_SSL_PORT"
|
||||
fi
|
||||
# If using SSL and solr.jetty.https.port not set explicitly, use the jetty.port
|
||||
SSL_PORT_PROP="-Dsolr.jetty.https.port=$SOLR_PORT"
|
||||
SOLR_OPTS+=($SOLR_SSL_OPTS "$SSL_PORT_PROP")
|
||||
fi
|
||||
|
||||
|
|
@ -1352,11 +1357,11 @@ function launch_solr() {
|
|||
|
||||
if [ "$run_in_foreground" == "true" ]; then
|
||||
echo -e "\nStarting Solr$IN_CLOUD_MODE on port $SOLR_PORT from $SOLR_SERVER_DIR\n"
|
||||
"$JAVA" "${SOLR_START_OPTS[@]}" $SOLR_ADDL_ARGS -jar start.jar
|
||||
"$JAVA" "${SOLR_START_OPTS[@]}" $SOLR_ADDL_ARGS -jar start.jar "${SOLR_JETTY_CONFIG[@]}"
|
||||
else
|
||||
# run Solr in the background
|
||||
nohup "$JAVA" "${SOLR_START_OPTS[@]}" $SOLR_ADDL_ARGS -jar start.jar \
|
||||
"-XX:OnOutOfMemoryError=$SOLR_TIP/bin/oom_solr.sh $SOLR_PORT $SOLR_LOGS_DIR" \
|
||||
"-XX:OnOutOfMemoryError=$SOLR_TIP/bin/oom_solr.sh $SOLR_PORT $SOLR_LOGS_DIR" "${SOLR_JETTY_CONFIG[@]}" \
|
||||
1>"$SOLR_LOGS_DIR/solr-$SOLR_PORT-console.log" 2>&1 & echo $! > "$SOLR_PID_DIR/solr-$SOLR_PORT.pid"
|
||||
|
||||
# no lsof on cygwin though
|
||||
|
|
|
|||
|
|
@ -41,6 +41,10 @@ set SOLR_URL_SCHEME=http
|
|||
IF DEFINED SOLR_SSL_OPTS set SOLR_URL_SCHEME=https
|
||||
IF NOT DEFINED SOLR_SSL_OPTS set SOLR_SSL_OPTS=
|
||||
|
||||
REM Which Jetty module to use - either HTTPS or HTTP
|
||||
set "SOLR_JETTY_CONFIG=--module=http"
|
||||
IF NOT "%SOLR_SSL_OPTS%"=="" set "SOLR_JETTY_CONFIG=--module=http"
|
||||
|
||||
REM Verify Java is available
|
||||
IF DEFINED SOLR_JAVA_HOME set "JAVA_HOME=%SOLR_JAVA_HOME%"
|
||||
REM Try to detect JAVA_HOME from the registry
|
||||
|
|
@ -694,7 +698,7 @@ IF "%SCRIPT_CMD%"=="stop" (
|
|||
set found_it=1
|
||||
@echo Stopping Solr process %%N running on port %SOLR_PORT%
|
||||
set /A STOP_PORT=%SOLR_PORT% - 1000
|
||||
"%JAVA%" %SOLR_SSL_OPTS% -Djetty.home="%SOLR_SERVER_DIR%" -jar "%SOLR_SERVER_DIR%\start.jar" STOP.PORT=!STOP_PORT! STOP.KEY=%STOP_KEY% --stop
|
||||
"%JAVA%" %SOLR_SSL_OPTS% -Djetty.home="%SOLR_SERVER_DIR%" -jar "%SOLR_SERVER_DIR%\start.jar" "%SOLR_JETTY_CONFIG%" STOP.PORT=!STOP_PORT! STOP.KEY=%STOP_KEY% --stop
|
||||
del "%SOLR_TIP%"\bin\solr-%SOLR_PORT%.port
|
||||
timeout /T 5
|
||||
REM Kill it if it is still running after the graceful shutdown
|
||||
|
|
@ -857,8 +861,7 @@ IF NOT "%SOLR_ADDL_ARGS%"=="" set "START_OPTS=%START_OPTS% %SOLR_ADDL_ARGS%"
|
|||
IF NOT "%SOLR_HOST_ARG%"=="" set "START_OPTS=%START_OPTS% %SOLR_HOST_ARG%"
|
||||
IF NOT "%SOLR_OPTS%"=="" set "START_OPTS=%START_OPTS% %SOLR_OPTS%"
|
||||
IF NOT "%SOLR_SSL_OPTS%"=="" (
|
||||
set "SSL_PORT_PROP=-Djetty.ssl.port=%SOLR_PORT%"
|
||||
IF DEFINED SOLR_SSL_PORT set "SSL_PORT_PROP=-Djetty.ssl.port=%SOLR_SSL_PORT%"
|
||||
set "SSL_PORT_PROP=-Dsolr.jetty.https.port=%SOLR_PORT%"
|
||||
set "START_OPTS=%START_OPTS% %SOLR_SSL_OPTS% !SSL_PORT_PROP!"
|
||||
)
|
||||
|
||||
|
|
@ -882,10 +885,10 @@ IF "%FG%"=="1" (
|
|||
title "Solr-%SOLR_PORT%"
|
||||
echo %SOLR_PORT%>"%SOLR_TIP%"\bin\solr-%SOLR_PORT%.port
|
||||
"%JAVA%" %SERVEROPT% -Xss256k %SOLR_JAVA_MEM% %START_OPTS% -Xloggc:"!SOLR_LOGS_DIR!"/solr_gc.log -Dlog4j.configuration="%LOG4J_CONFIG%" -DSTOP.PORT=!STOP_PORT! -DSTOP.KEY=%STOP_KEY% ^
|
||||
-Djetty.port=%SOLR_PORT% -Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Djetty.home="%SOLR_SERVER_DIR%" -Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar
|
||||
-Djetty.port=%SOLR_PORT% -Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Djetty.home="%SOLR_SERVER_DIR%" -Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar "%SOLR_JETTY_CONFIG%"
|
||||
) ELSE (
|
||||
START /B "Solr-%SOLR_PORT%" /D "%SOLR_SERVER_DIR%" "%JAVA%" %SERVEROPT% -Xss256k %SOLR_JAVA_MEM% %START_OPTS% -Xloggc:"!SOLR_LOGS_DIR!"/solr_gc.log -Dlog4j.configuration="%LOG4J_CONFIG%" -DSTOP.PORT=!STOP_PORT! -DSTOP.KEY=%STOP_KEY% ^
|
||||
-Djetty.port=%SOLR_PORT% -Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Djetty.home="%SOLR_SERVER_DIR%" -Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar > "!SOLR_LOGS_DIR!\solr-%SOLR_PORT%-console.log"
|
||||
-Djetty.port=%SOLR_PORT% -Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Djetty.home="%SOLR_SERVER_DIR%" -Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar "%SOLR_JETTY_CONFIG%" > "!SOLR_LOGS_DIR!\solr-%SOLR_PORT%-console.log"
|
||||
echo %SOLR_PORT%>"%SOLR_TIP%"\bin\solr-%SOLR_PORT%.port
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -82,8 +82,4 @@ REM set SOLR_PORT=8983
|
|||
|
||||
REM Uncomment to set SSL-related system properties
|
||||
REM Be sure to update the paths to the correct keystore for your environment
|
||||
REM set SOLR_SSL_OPTS=-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.trustStorePassword=secret
|
||||
|
||||
REM Uncomment to set a specific SSL port (-Djetty.ssl.port=N); if not set
|
||||
REM and you are using SSL, then the start script will use SOLR_PORT for the SSL port
|
||||
REM set SOLR_SSL_PORT=
|
||||
REM set SOLR_SSL_OPTS=-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.trustStorePassword=secret
|
||||
|
|
@ -100,8 +100,4 @@ ENABLE_REMOTE_JMX_OPTS="false"
|
|||
#SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \
|
||||
#-Djavax.net.ssl.keyStorePassword=secret \
|
||||
#-Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \
|
||||
#-Djavax.net.ssl.trustStorePassword=secret"
|
||||
|
||||
# Uncomment to set a specific SSL port (-Djetty.ssl.port=N); if not set
|
||||
# and you are using SSL, then the start script will use SOLR_PORT for the SSL port
|
||||
#SOLR_SSL_PORT=
|
||||
#-Djavax.net.ssl.trustStorePassword=secret"
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
</Arg>
|
||||
<Set name="host"><Property name="jetty.host" /></Set>
|
||||
<Set name="port"><Property name="jetty.port" default="8983" /></Set>
|
||||
<Set name="idleTimeout"><Property name="solr.jetty.http.idleTimeout" default="30000"/></Set>
|
||||
<Set name="idleTimeout"><Property name="solr.jetty.http.idleTimeout" default="50000"/></Set>
|
||||
<Set name="soLingerTime"><Property name="solr.jetty.http.soLingerTime" default="-1"/></Set>
|
||||
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.http.acceptorPriorityDelta" default="0"/></Set>
|
||||
<Set name="selectorPriorityDelta"><Property name="solr.jetty.http.selectorPriorityDelta" default="0"/></Set>
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@
|
|||
</Array>
|
||||
</Arg>
|
||||
<Set name="host"><Property name="solr.jetty.host" /></Set>
|
||||
<Set name="port"><Property name="solr.jetty.https.port" default="443" /></Set>
|
||||
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="30000"/></Set>
|
||||
<Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
|
||||
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="50000"/></Set>
|
||||
<Set name="soLingerTime"><Property name="solr.jetty.https.soLingerTime" default="-1"/></Set>
|
||||
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
|
||||
<Set name="selectorPriorityDelta"><Property name="solr.jetty.ssl.selectorPriorityDelta" default="0"/></Set>
|
||||
|
|
|
|||
|
|
@ -7,14 +7,12 @@
|
|||
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
|
||||
<!-- ============================================================= -->
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<Set name="KeyStorePath"><Property name="solr.jetty.keystore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="solr.jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="KeyManagerPassword"><Property name="solr.jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="solr.jetty.truststore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="solr.jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="EndpointIdentificationAlgorithm"></Set>
|
||||
<Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
|
||||
<Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="javax.net.ssl.keyStore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="javax.net.ssl.keyStorePassword" default="secret"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="javax.net.ssl.trustStore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="javax.net.ssl.trustStorePassword" default="secret"/></Set>
|
||||
<Set name="NeedClientAuth"><Property name="jetty.ssl.clientAuth" default="false"/></Set>
|
||||
<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
|
||||
<Set name="ExcludeCipherSuites">
|
||||
<Array type="String">
|
||||
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
|
||||
|
|
|
|||
|
|
@ -35,7 +35,8 @@
|
|||
<Get name="ThreadPool">
|
||||
<Set name="minThreads" type="int"><Property name="solr.jetty.threads.min" default="10"/></Set>
|
||||
<Set name="maxThreads" type="int"><Property name="solr.jetty.threads.max" default="10000"/></Set>
|
||||
<Set name="idleTimeout" type="int"><Property name="solr.jetty.threads.idle.timeout" default="50000"/></Set>
|
||||
<Set name="idleTimeout" type="int"><Property name="solr.jetty.threads.idle.timeout" default="5000"/></Set>
|
||||
<Set name="stopTimeout" type="int"><Property name="solr.jetty.threads.stop.timeout" default="60000"/></Set>
|
||||
<Set name="detailedDump">false</Set>
|
||||
</Get>
|
||||
|
||||
|
|
@ -62,7 +63,7 @@
|
|||
<Set name="outputAggregationSize"><Property name="solr.jetty.output.aggregation.size" default="8192" /></Set>
|
||||
<Set name="requestHeaderSize"><Property name="solr.jetty.request.header.size" default="8192" /></Set>
|
||||
<Set name="responseHeaderSize"><Property name="solr.jetty.response.header.size" default="8192" /></Set>
|
||||
<Set name="sendServerVersion"><Property name="solr.jetty.send.server.version" default="true" /></Set>
|
||||
<Set name="sendServerVersion"><Property name="solr.jetty.send.server.version" default="false" /></Set>
|
||||
<Set name="sendDateHeader"><Property name="solr.jetty.send.date.header" default="false" /></Set>
|
||||
<Set name="headerCacheSize"><Property name="solr.jetty.header.cache.size" default="512" /></Set>
|
||||
<Set name="delayDispatchUntilContent"><Property name="solr.jetty.delayDispatchUntilContent" default="false"/></Set>
|
||||
|
|
|
|||
|
|
@ -6,35 +6,4 @@
|
|||
server
|
||||
|
||||
[xml]
|
||||
etc/jetty-ssl.xml
|
||||
|
||||
[files]
|
||||
http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/keystore|etc/keystore
|
||||
|
||||
[ini-template]
|
||||
### SSL Keystore Configuration
|
||||
# define the port to use for secure redirection
|
||||
solr.jetty.secure.port=8443
|
||||
|
||||
## Setup a demonstration keystore and truststore
|
||||
solr.jetty.keystore=etc/keystore
|
||||
solr.jetty.truststore=etc/keystore
|
||||
|
||||
## Set the demonstration passwords.
|
||||
## Note that OBF passwords are not secure, just protected from casual observation
|
||||
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
|
||||
solr.jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
|
||||
solr.jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
|
||||
solr.jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
|
||||
|
||||
### Set the client auth behavior
|
||||
## Set to true if client certificate authentication is required
|
||||
# solr.jetty.ssl.needClientAuth=true
|
||||
## Set to true if client certificate authentication is desired
|
||||
# solr.jetty.ssl.wantClientAuth=true
|
||||
|
||||
## Parameters to control the number and priority of acceptors and selectors
|
||||
# solr.jetty.ssl.selectors=1
|
||||
# solr.jetty.ssl.acceptors=1
|
||||
# solr.jetty.ssl.selectorPriorityDelta=0
|
||||
# solr.jetty.ssl.acceptorPriorityDelta=0
|
||||
etc/jetty-ssl.xml
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
--module=http
|
||||
|
||||
solr.jetty.threads.min=10
|
||||
solr.jetty.threads.max=10000
|
||||
solr.jetty.threads.idle.timeout=50000
|
||||
|
||||
# jetty.http.acceptors=1
|
||||
# jetty.http.selectors=1
|
||||
|
||||
Loading…
Reference in New Issue