mirror of https://github.com/apache/lucene.git
SOLR-4839: Separate jetty and client specific SSL properties
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1676102 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Shalin Shekhar Mangar
parent
4ebb2a4b1d
commit
c3185b5489
|
|
@ -136,16 +136,30 @@ fi
|
|||
exit 1
|
||||
}
|
||||
|
||||
# URL scheme for contacting Solr
|
||||
# Select HTTP OR HTTPS related configurations
|
||||
SOLR_URL_SCHEME=http
|
||||
if [ -n "$SOLR_SSL_OPTS" ]; then
|
||||
SOLR_URL_SCHEME=https
|
||||
fi
|
||||
|
||||
# Which Jetty module to use - either HTTPS or HTTP
|
||||
SOLR_JETTY_CONFIG=()
|
||||
if [ -n "$SOLR_SSL_OPTS" ]; then
|
||||
SOLR_SSL_OPTS=""
|
||||
if [ -n "$SOLR_SSL_KEY_STORE" ]; then
|
||||
SOLR_JETTY_CONFIG+=("--module=https")
|
||||
SOLR_URL_SCHEME=https
|
||||
SOLR_SSL_OPTS=" -Dsolr.jetty.keystore=$SOLR_SSL_KEY_STORE \
|
||||
-Dsolr.jetty.keystore.password=$SOLR_SSL_KEY_STORE_PASSWORD \
|
||||
-Dsolr.jetty.truststore=$SOLR_SSL_TRUST_STORE \
|
||||
-Dsolr.jetty.truststore.password=$SOLR_SSL_TRUST_STORE_PASSWORD \
|
||||
-Dsolr.jetty.ssl.needClientAuth=$SOLR_SSL_NEED_CLIENT_AUTH \
|
||||
-Dsolr.jetty.ssl.wantClientAuth=$SOLR_SSL_WANT_CLIENT_AUTH"
|
||||
if [ -n "$SOLR_SSL_CLIENT_KEY_STORE" ]; then
|
||||
SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_CLIENT_KEY_STORE \
|
||||
-Djavax.net.ssl.keyStorePassword=$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD \
|
||||
-Djavax.net.ssl.trustStore=$SOLR_SSL_CLIENT_TRUST_STORE \
|
||||
-Djavax.net.ssl.trustStorePassword=$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD"
|
||||
else
|
||||
SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_KEY_STORE \
|
||||
-Djavax.net.ssl.keyStorePassword=$SOLR_SSL_KEY_STORE_PASSWORD \
|
||||
-Djavax.net.ssl.trustStore=$SOLR_SSL_TRUST_STORE \
|
||||
-Djavax.net.ssl.trustStorePassword=$SOLR_SSL_TRUST_STORE_PASSWORD"
|
||||
fi
|
||||
else
|
||||
SOLR_JETTY_CONFIG+=("--module=http")
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -36,14 +36,23 @@ REM command line args
|
|||
IF "%SOLR_INCLUDE%"=="" set "SOLR_INCLUDE=%SOLR_TIP%\bin\solr.in.cmd"
|
||||
IF EXIST "%SOLR_INCLUDE%" CALL "%SOLR_INCLUDE%"
|
||||
|
||||
REM URL scheme for contacting Solr
|
||||
REM Select HTTP OR HTTPS related configurations
|
||||
set SOLR_URL_SCHEME=http
|
||||
IF DEFINED SOLR_SSL_OPTS set SOLR_URL_SCHEME=https
|
||||
IF NOT DEFINED SOLR_SSL_OPTS set SOLR_SSL_OPTS=
|
||||
|
||||
REM Which Jetty module to use - either HTTPS or HTTP
|
||||
set "SOLR_JETTY_CONFIG=--module=http"
|
||||
IF NOT "%SOLR_SSL_OPTS%"=="" set "SOLR_JETTY_CONFIG=--module=http"
|
||||
set "SOLR_SSL_OPTS= "
|
||||
IF DEFINED SOLR_SSL_KEY_STORE (
|
||||
set "SOLR_JETTY_CONFIG=--module=https"
|
||||
set SOLR_URL_SCHEME=https
|
||||
set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
|
||||
set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
|
||||
IF DEFINED SOLR_SSL_CLIENT_KEY_STORE (
|
||||
set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
|
||||
) ELSE (
|
||||
set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
|
||||
)
|
||||
) ELSE (
|
||||
set SOLR_SSL_OPTS=
|
||||
)
|
||||
|
||||
REM Verify Java is available
|
||||
IF DEFINED SOLR_JAVA_HOME set "JAVA_HOME=%SOLR_JAVA_HOME%"
|
||||
|
|
|
|||
|
|
@ -82,4 +82,16 @@ REM set SOLR_PORT=8983
|
|||
|
||||
REM Uncomment to set SSL-related system properties
|
||||
REM Be sure to update the paths to the correct keystore for your environment
|
||||
REM set SOLR_SSL_OPTS=-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.trustStorePassword=secret
|
||||
REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
|
||||
REM set SOLR_SSL_KEY_STORE_PASSWORD=secret
|
||||
REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
|
||||
REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret
|
||||
REM set SOLR_SSL_NEED_CLIENT_AUTH=false
|
||||
REM set SOLR_SSL_WANT_CLIENT_AUTH=false
|
||||
|
||||
REM Uncomment if you want to override previously defined SSL values for HTTP client
|
||||
REM otherwise keep them commented and the above values will automatically be set for HTTP clients
|
||||
REM set SOLR_SSL_CLIENT_KEY_STORE=
|
||||
REM set SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
|
||||
REM setSOLR_SSL_CLIENT_TRUST_STORE=
|
||||
REM setSOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
|
||||
|
|
@ -97,7 +97,16 @@ ENABLE_REMOTE_JMX_OPTS="false"
|
|||
|
||||
# Uncomment to set SSL-related system properties
|
||||
# Be sure to update the paths to the correct keystore for your environment
|
||||
#SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \
|
||||
#-Djavax.net.ssl.keyStorePassword=secret \
|
||||
#-Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \
|
||||
#-Djavax.net.ssl.trustStorePassword=secret"
|
||||
#SOLR_SSL_KEY_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
|
||||
#SOLR_SSL_KEY_STORE_PASSWORD=secret
|
||||
#SOLR_SSL_TRUST_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
|
||||
#SOLR_SSL_TRUST_STORE_PASSWORD=secret
|
||||
#SOLR_SSL_NEED_CLIENT_AUTH=false
|
||||
#SOLR_SSL_WANT_CLIENT_AUTH=false
|
||||
|
||||
# Uncomment if you want to override previously defined SSL values for HTTP client
|
||||
# otherwise keep them commented and the above values will automatically be set for HTTP clients
|
||||
#SOLR_SSL_CLIENT_KEY_STORE=
|
||||
#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
|
||||
#SOLR_SSL_CLIENT_TRUST_STORE=
|
||||
#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
|
||||
|
|
@ -7,12 +7,12 @@
|
|||
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
|
||||
<!-- ============================================================= -->
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<Set name="KeyStorePath"><Property name="javax.net.ssl.keyStore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="javax.net.ssl.keyStorePassword" default="secret"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="javax.net.ssl.trustStore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="javax.net.ssl.trustStorePassword" default="secret"/></Set>
|
||||
<Set name="NeedClientAuth"><Property name="jetty.ssl.clientAuth" default="false"/></Set>
|
||||
<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="solr.jetty.keystore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="solr.jetty.keystore.password" default="secret"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="solr.jetty.truststore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="solr.jetty.truststore.password" default="secret"/></Set>
|
||||
<Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
|
||||
<Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
|
||||
<Set name="ExcludeCipherSuites">
|
||||
<Array type="String">
|
||||
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
|
||||
|
|
|
|||
Loading…
Reference in New Issue