mirror of https://github.com/apache/lucene.git
Merge remote-tracking branch 'origin/master' into gradle-master
This commit is contained in:
commit
7e4c841aa7
|
@ -77,10 +77,6 @@ Upgrade Notes
|
||||||
|
|
||||||
* SOLR-14092: Deprecated BlockJoinFacetComponent and BlockJoinDocSetFacetComponent are removed
|
* SOLR-14092: Deprecated BlockJoinFacetComponent and BlockJoinDocSetFacetComponent are removed
|
||||||
Users are encouraged to migrate to uniqueBlock() in JSON Facet API. (Mikhail Khludnev)
|
Users are encouraged to migrate to uniqueBlock() in JSON Facet API. (Mikhail Khludnev)
|
||||||
|
|
||||||
* SOLR-13985: Solr's Jetty now binds to localhost network interface by default for better out of the box security.
|
|
||||||
Administrators that need Solr exposed more broadly can change the SOLR_JETTY_HOST property in their Solr include
|
|
||||||
(solr.in.sh/solr.in.cmd) file. (Jason Gerlowski, David Smiley, Robert Muir)
|
|
||||||
|
|
||||||
Improvements
|
Improvements
|
||||||
----------------------
|
----------------------
|
||||||
|
|
|
@ -1879,10 +1879,6 @@ if [ -z "$SOLR_PORT" ]; then
|
||||||
SOLR_PORT=8983
|
SOLR_PORT=8983
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$SOLR_JETTY_HOST" ]; then
|
|
||||||
SOLR_OPTS+=("-Dsolr.jetty.host=$SOLR_JETTY_HOST")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$STOP_PORT" ]; then
|
if [ -z "$STOP_PORT" ]; then
|
||||||
STOP_PORT=`expr $SOLR_PORT - 1000`
|
STOP_PORT=`expr $SOLR_PORT - 1000`
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -178,7 +178,7 @@ IF NOT "%SOLR_HOST%"=="" (
|
||||||
set "SOLR_TOOL_HOST=localhost"
|
set "SOLR_TOOL_HOST=localhost"
|
||||||
)
|
)
|
||||||
IF "%SOLR_JETTY_HOST%"=="" (
|
IF "%SOLR_JETTY_HOST%"=="" (
|
||||||
set "SOLR_JETTY_HOST=127.0.0.1"
|
set SOLR_JETTY_HOST=0.0.0.0
|
||||||
)
|
)
|
||||||
|
|
||||||
REM Verify Java is available
|
REM Verify Java is available
|
||||||
|
@ -1086,10 +1086,6 @@ IF "!IS_RESTART!"=="1" set SCRIPT_CMD=start
|
||||||
IF "%SOLR_PORT%"=="" set SOLR_PORT=8983
|
IF "%SOLR_PORT%"=="" set SOLR_PORT=8983
|
||||||
IF "%STOP_PORT%"=="" set /A STOP_PORT=%SOLR_PORT% - 1000
|
IF "%STOP_PORT%"=="" set /A STOP_PORT=%SOLR_PORT% - 1000
|
||||||
|
|
||||||
IF DEFINED SOLR_JETTY_HOST (
|
|
||||||
set "SOLR_OPTS=%SOLR_OPTS% -Dsolr.jetty.host=%SOLR_JETTY_HOST%"
|
|
||||||
)
|
|
||||||
|
|
||||||
IF "%SCRIPT_CMD%"=="start" (
|
IF "%SCRIPT_CMD%"=="start" (
|
||||||
REM see if Solr is already running using netstat
|
REM see if Solr is already running using netstat
|
||||||
For /f "tokens=2,5" %%j in ('netstat -aon ^| find "TCP " ^| find ":0 " ^| find ":%SOLR_PORT% "') do (
|
For /f "tokens=2,5" %%j in ('netstat -aon ^| find "TCP " ^| find ":0 " ^| find ":%SOLR_PORT% "') do (
|
||||||
|
@ -1325,7 +1321,7 @@ IF "%FG%"=="1" (
|
||||||
"%JAVA%" %SERVEROPT% %SOLR_JAVA_MEM% %START_OPTS% ^
|
"%JAVA%" %SERVEROPT% %SOLR_JAVA_MEM% %START_OPTS% ^
|
||||||
-Dlog4j.configurationFile="%LOG4J_CONFIG%" -DSTOP.PORT=!STOP_PORT! -DSTOP.KEY=%STOP_KEY% ^
|
-Dlog4j.configurationFile="%LOG4J_CONFIG%" -DSTOP.PORT=!STOP_PORT! -DSTOP.KEY=%STOP_KEY% ^
|
||||||
-Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Dsolr.default.confdir="%DEFAULT_CONFDIR%" ^
|
-Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Dsolr.default.confdir="%DEFAULT_CONFDIR%" ^
|
||||||
-Djetty.port=%SOLR_PORT% -Djetty.home="%SOLR_SERVER_DIR%" ^
|
-Djetty.host=%SOLR_JETTY_HOST% -Djetty.port=%SOLR_PORT% -Djetty.home="%SOLR_SERVER_DIR%" ^
|
||||||
-Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar %SOLR_JETTY_CONFIG% "%SOLR_JETTY_ADDL_CONFIG%"
|
-Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar %SOLR_JETTY_CONFIG% "%SOLR_JETTY_ADDL_CONFIG%"
|
||||||
) ELSE (
|
) ELSE (
|
||||||
START /B "Solr-%SOLR_PORT%" /D "%SOLR_SERVER_DIR%" ^
|
START /B "Solr-%SOLR_PORT%" /D "%SOLR_SERVER_DIR%" ^
|
||||||
|
@ -1333,7 +1329,7 @@ IF "%FG%"=="1" (
|
||||||
-Dlog4j.configurationFile="%LOG4J_CONFIG%" -DSTOP.PORT=!STOP_PORT! -DSTOP.KEY=%STOP_KEY% ^
|
-Dlog4j.configurationFile="%LOG4J_CONFIG%" -DSTOP.PORT=!STOP_PORT! -DSTOP.KEY=%STOP_KEY% ^
|
||||||
-Dsolr.log.muteconsole ^
|
-Dsolr.log.muteconsole ^
|
||||||
-Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Dsolr.default.confdir="%DEFAULT_CONFDIR%" ^
|
-Dsolr.solr.home="%SOLR_HOME%" -Dsolr.install.dir="%SOLR_TIP%" -Dsolr.default.confdir="%DEFAULT_CONFDIR%" ^
|
||||||
-Djetty.port=%SOLR_PORT% -Djetty.home="%SOLR_SERVER_DIR%" ^
|
-Djetty.host=%SOLR_JETTY_HOST% -Djetty.port=%SOLR_PORT% -Djetty.home="%SOLR_SERVER_DIR%" ^
|
||||||
-Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar %SOLR_JETTY_CONFIG% "%SOLR_JETTY_ADDL_CONFIG%" > "!SOLR_LOGS_DIR!\solr-%SOLR_PORT%-console.log"
|
-Djava.io.tmpdir="%SOLR_SERVER_DIR%\tmp" -jar start.jar %SOLR_JETTY_CONFIG% "%SOLR_JETTY_ADDL_CONFIG%" > "!SOLR_LOGS_DIR!\solr-%SOLR_PORT%-console.log"
|
||||||
echo %SOLR_PORT%>"%SOLR_TIP%"\bin\solr-%SOLR_PORT%.port
|
echo %SOLR_PORT%>"%SOLR_TIP%"\bin\solr-%SOLR_PORT%.port
|
||||||
|
|
||||||
|
|
|
@ -105,17 +105,13 @@ REM set SOLR_LOG_PRESTART_ROTATION=false
|
||||||
REM Enables jetty request log for all requests
|
REM Enables jetty request log for all requests
|
||||||
REM set SOLR_REQUESTLOG_ENABLED=false
|
REM set SOLR_REQUESTLOG_ENABLED=false
|
||||||
|
|
||||||
|
REM Set the host interface to listen on. Jetty will listen on all interfaces (0.0.0.0) by default.
|
||||||
|
REM This must be an IPv4 ("a.b.c.d") or bracketed IPv6 ("[x::y]") address, not a hostname!
|
||||||
|
REM set SOLR_JETTY_HOST=0.0.0.0
|
||||||
|
|
||||||
REM Sets the port Solr binds to, default is 8983
|
REM Sets the port Solr binds to, default is 8983
|
||||||
REM set SOLR_PORT=8983
|
REM set SOLR_PORT=8983
|
||||||
|
|
||||||
REM Sets the network interface the Solr binds to. To prevent administrators from
|
|
||||||
REM accidentally exposing Solr more widely than intended, this defaults to 127.0.0.1.
|
|
||||||
REM Administrators should think carefully about their deployment environment and
|
|
||||||
REM set this value as narrowly as required before going to production. In
|
|
||||||
REM environments where security is not a concern, 0.0.0.0 can be used to allow
|
|
||||||
REM Solr to accept connections on all network interfaces.
|
|
||||||
REM set SOLR_JETTY_HOST=127.0.0.1
|
|
||||||
|
|
||||||
REM Restrict access to solr by IP address.
|
REM Restrict access to solr by IP address.
|
||||||
REM Specify a comma-separated list of addresses or networks, for example:
|
REM Specify a comma-separated list of addresses or networks, for example:
|
||||||
REM 127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64
|
REM 127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64
|
||||||
|
|
|
@ -139,14 +139,6 @@
|
||||||
# 127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64
|
# 127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64
|
||||||
#SOLR_IP_BLACKLIST=
|
#SOLR_IP_BLACKLIST=
|
||||||
|
|
||||||
# Sets the network interface the Solr binds to. To prevent administrators from
|
|
||||||
# accidentally exposing Solr more widely than intended, this defaults to 127.0.0.1.
|
|
||||||
# Administrators should think carefully about their deployment environment and
|
|
||||||
# set this value as narrowly as required before going to production. In
|
|
||||||
# environments where security is not a concern, 0.0.0.0 can be used to allow
|
|
||||||
# Solr to accept connections on all network interfaces.
|
|
||||||
#SOLR_JETTY_HOST="127.0.0.1"
|
|
||||||
|
|
||||||
# Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this config
|
# Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this config
|
||||||
# to enable https module with custom jetty configuration.
|
# to enable https module with custom jetty configuration.
|
||||||
#SOLR_SSL_ENABLED=true
|
#SOLR_SSL_ENABLED=true
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
</Item>
|
</Item>
|
||||||
</Array>
|
</Array>
|
||||||
</Arg>
|
</Arg>
|
||||||
<Set name="host"><Property name="solr.jetty.host" default="127.0.0.1"/></Set>
|
<Set name="host"><Property name="jetty.host" /></Set>
|
||||||
<Set name="port"><Property name="jetty.port" default="8983" /></Set>
|
<Set name="port"><Property name="jetty.port" default="8983" /></Set>
|
||||||
<Set name="idleTimeout"><Property name="solr.jetty.http.idleTimeout" default="120000"/></Set>
|
<Set name="idleTimeout"><Property name="solr.jetty.http.idleTimeout" default="120000"/></Set>
|
||||||
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.http.acceptorPriorityDelta" default="0"/></Set>
|
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.http.acceptorPriorityDelta" default="0"/></Set>
|
||||||
|
|
|
@ -63,7 +63,7 @@
|
||||||
</Item>
|
</Item>
|
||||||
</Array>
|
</Array>
|
||||||
</Arg>
|
</Arg>
|
||||||
<Set name="host"><Property name="solr.jetty.host" default="127.0.0.1"/></Set>
|
<Set name="host"><Property name="solr.jetty.host" /></Set>
|
||||||
<Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
|
<Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
|
||||||
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
|
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
|
||||||
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
|
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
|
||||||
|
|
|
@ -57,7 +57,7 @@
|
||||||
</Item>
|
</Item>
|
||||||
</Array>
|
</Array>
|
||||||
</Arg>
|
</Arg>
|
||||||
<Set name="host"><Property name="solr.jetty.host" default="127.0.0.1" /></Set>
|
<Set name="host"><Property name="solr.jetty.host" /></Set>
|
||||||
<Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
|
<Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
|
||||||
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
|
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
|
||||||
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
|
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
|
||||||
|
|
|
@ -31,11 +31,6 @@ In this section you will learn how to start a SolrCloud cluster using startup sc
|
||||||
This tutorial assumes that you're already familiar with the basics of using Solr. If you need a refresher, please see the <<getting-started.adoc#getting-started,Getting Started section>> to get a grounding in Solr concepts. If you load documents as part of that exercise, you should start over with a fresh Solr installation for these SolrCloud tutorials.
|
This tutorial assumes that you're already familiar with the basics of using Solr. If you need a refresher, please see the <<getting-started.adoc#getting-started,Getting Started section>> to get a grounding in Solr concepts. If you load documents as part of that exercise, you should start over with a fresh Solr installation for these SolrCloud tutorials.
|
||||||
====
|
====
|
||||||
|
|
||||||
[WARNING]
|
|
||||||
====
|
|
||||||
For security reasons, Solr nodes only accept connections from localhost by default. Administrators setting up SolrCloud deployments with multiple nodes must override this setting. For more details see <<securing-solr.adoc#network-configuration,here>>.
|
|
||||||
====
|
|
||||||
|
|
||||||
== SolrCloud Example
|
== SolrCloud Example
|
||||||
|
|
||||||
=== Interactive Startup
|
=== Interactive Startup
|
||||||
|
|
|
@ -79,22 +79,6 @@ SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
|
||||||
ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure
|
ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure
|
||||||
its content is covered in the <<zookeeper-access-control.adoc#zookeeper-access-control,ZooKeeper Access Control>> page.
|
its content is covered in the <<zookeeper-access-control.adoc#zookeeper-access-control,ZooKeeper Access Control>> page.
|
||||||
|
|
||||||
|
|
||||||
== Network Configuration
|
|
||||||
|
|
||||||
// tag::security-network-binding-1[]
|
|
||||||
Administrators should consider their security setup carefully as an important step in moving to production. Solr provides a number of features out of the box to meet the security needs of users: authentication and authorization can be configured using a range of security plugins, privacy can be bolstered by enabling SSL/TLS, and (in SolrCloud) ZooKeeper data can be protected with ACL rules to prevent unauthorized reads and writes.
|
|
||||||
|
|
||||||
Even if these measures or others are taken, it is strongly recommended that Solr always be protected by a firewall. Solr is not designed to be exposed on the open internet.
|
|
||||||
|
|
||||||
It is also strongly recommended that Solr listen to only those network interfaces that are strictly required. To prevent administrators from unintentionally exposing Solr more broadly, Solr only listens on the loopback interface ("127.0.0.1") by default. Most deployments will need to change this value to something less restrictive so that it can be reached from other boxes. This can be done by setting a `SOLR_JETTY_HOST` value in your environment's "include script" (`solr.in.sh` or `solr.in.cmd`):
|
|
||||||
|
|
||||||
[source,bash]
|
|
||||||
----
|
|
||||||
SOLR_JETTY_HOST="0.0.0.0"
|
|
||||||
----
|
|
||||||
// end::security-network-binding-1[]
|
|
||||||
|
|
||||||
== Enable Security Manager
|
== Enable Security Manager
|
||||||
|
|
||||||
Solr can run in a Java Security Manager sandbox by setting `SOLR_SECURITY_MANAGER_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. This feature is incompatible with Hadoop.
|
Solr can run in a Java Security Manager sandbox by setting `SOLR_SECURITY_MANAGER_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. This feature is incompatible with Hadoop.
|
||||||
|
|
|
@ -302,10 +302,6 @@ Check these limits every time you upgrade your kernel or operating system. These
|
||||||
If these limits are exceeded, the problems reported by Solr vary depending on the specific operation responsible for exceeding the limit. Errors such as "too many open files", "connection error", and "max processes exceeded" have been reported, as well as SolrCloud recovery failures.
|
If these limits are exceeded, the problems reported by Solr vary depending on the specific operation responsible for exceeding the limit. Errors such as "too many open files", "connection error", and "max processes exceeded" have been reported, as well as SolrCloud recovery failures.
|
||||||
====
|
====
|
||||||
|
|
||||||
== Security Considerations
|
|
||||||
|
|
||||||
include::securing-solr.adoc[tag=security-network-binding-1]
|
|
||||||
|
|
||||||
== Running Multiple Solr Nodes per Host
|
== Running Multiple Solr Nodes per Host
|
||||||
|
|
||||||
The `bin/solr` script is capable of running multiple instances on one machine, but for a *typical* installation, this is not a recommended setup. Extra CPU and memory resources are required for each additional instance. A single instance is easily capable of handling multiple indexes.
|
The `bin/solr` script is capable of running multiple instances on one machine, but for a *typical* installation, this is not a recommended setup. Extra CPU and memory resources are required for each additional instance. A single instance is easily capable of handling multiple indexes.
|
||||||
|
|
Loading…
Reference in New Issue