Commit Graph

43 Commits

Author SHA1 Message Date
Robert Muir 126d6b7767
SOLR-13984: add (experimental, disabled by default) security manager support (#1082)
* SOLR-13984: add (experimental, disabled by default) security manager support.

User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.

The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.

This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
2019-12-24 06:30:31 -08:00
Robert Muir 72c99e921c
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars

This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.

Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
2019-12-23 19:26:11 -05:00
Robert Muir 1425d6cbf8
SOLR-14138: enable request log via environ var, remove deprecated jetty class usage, respect SOLR_LOGS_DIR (#1110)
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
2019-12-23 10:37:31 -05:00
Cao Manh Dat 7350c50316 SOLR-13798: SSL: Adding Enabling/Disabling client's hostname verification config 2019-09-30 16:29:43 +01:00
Jan Høydahl b54126169b SOLR-13569: AdminUI visual indication of prod/test/dev environment 2019-06-26 12:09:02 +02:00
Ishan Chattopadhyaya 9c77889217 SOLR-13394: Switch default GC from CMS to G1 2019-04-25 13:58:43 +05:30
Tomas Fernandez Lobbe 8b54b20fc4 SOLR-12770: Make it possible to configure a host whitelist for distributed search 2019-01-15 11:44:57 -08:00
Cassandra Targett df5540acc9 SOLR-12497: Add documentation for Hadoop credential provider-based keystore/truststore 2018-11-15 00:35:25 -06:00
Steve Rowe 6f9f4f70f2 SOLR-12434: Fix standalone mode 'bin/solr config' to not pass in empty -z ZK_HOST param; revert accidental ZK_HOST definition in solr.in.cmd 2018-06-13 09:35:18 -04:00
Steve Rowe ba62472bd3 SOLR-12434: bin/solr {config,healthcheck} ignore ZK_HOST in solr.in.{sh,cmd} 2018-06-12 20:01:20 -04:00
Chris Hostetter 4e0e8e979b SOLR-9304: Fix Solr's HTTP handling to respect '-Dsolr.ssl.checkPeerName=false' aka SOLR_SSL_CHECK_PEER_NAME 2018-04-22 13:38:37 -07:00
Mark Miller 5e2a5a5b8c SOLR-10783: Add support for Hadoop Credential Provider as SSL/TLS store password source. 2018-04-09 21:57:56 -05:00
Jan Høydahl 0989e5874a SOLR-12144: SOLR_LOG_PRESTART_ROTATION now defaults to false, we leverage log4j2 for log rotation on startup 2018-04-03 13:10:20 +02:00
Erick Erickson 624d128b5e SOLR-7887: Upgrade Solr to use log4j2 -- log4j 1 now officially end of life 2018-03-25 19:16:09 -07:00
Cao Manh Dat 2bc2759bf4 SOLR-5129: Add support for changing flag in bin/solr 2017-10-21 22:05:30 +07:00
Uwe Schindler 86f7d6779a SOLR-8689: Fix bin/solr.cmd so it can run properly on Java 9 2017-08-21 22:30:53 +02:00
Jan Høydahl 39dfb7808a SOLR-6671: Possible to set solr.data.home property as root dir for all data 2017-06-20 13:21:14 +02:00
Mark Miller 0fb89f17e1 SOLR-10307: Allow Passing SSL passwords through environment variables. 2017-05-16 14:19:16 -03:00
markrmiller e1a5776457 SOLR-9997: Enable configuring SolrHttpClientBuilder via java system property. 2017-02-07 13:15:51 -05:00
markrmiller 075aec91cd SOLR-9885: Allow pre-startup Solr log management in Solr bin scripts to be disabled. 2017-01-19 03:07:09 -05:00
Kevin Risden bf424d1ec1 SOLR-9728: Ability to specify Key Store type in solr.in file for SSL 2016-11-28 09:52:02 -06:00
Jan Høydahl feb1a5d3e7 SOLR-9670: Support SOLR_AUTHENTICATION_OPTS in solr.cmd 2016-10-26 15:17:13 +02:00
David Smiley 8ae3304c86 SOLR-7580: Move defaults in bin/solr.in.sh into bin/solr (incl. Windows) 2016-10-19 16:38:06 -04:00
Jan Høydahl 33db4de4d7 SOLR-9325: solr.log is now written to $SOLR_LOGS_DIR without changing log4j.properties 2016-10-14 23:19:09 +02:00
Jan Høydahl eba3939a04 SOLR-7436: Solr stops printing stacktraces in log and output (add -XX:-OmitStackTraceInFastThrow to solr.in.{sh|cmd)) 2016-09-28 10:06:15 +02:00
Jan Høydahl 73c2edddf0 SOLR-9534: You can now set Solr's log level through environment variable SOLR_LOG_LEVEL and -q and -v options to bin/solr 2016-09-22 21:05:28 +02:00
Steve Rowe 5d4cd44b6d SOLR-8792: ZooKeeper ACL support fixed 2016-05-03 18:57:59 -04:00
Uwe Schindler 3e6de6059f SOLR-9046: Fix solr.cmd that wrongly assumes Jetty will always listen on 0.0.0.0 2016-04-28 06:05:52 +02:00
Mark Robert Miller af2bce9ee1 SOLR-7831: Start Scripts: Allow a configurable stack size [-Xss]
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1694523 13f79535-47bb-0310-9956-ffa450edef68
2015-08-06 15:26:11 +00:00
Jan Høydahl 2d5f162bb8 SOLR-7735: Look for solr.xml in Zookeeper by default
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1692673 13f79535-47bb-0310-9956-ffa450edef68
2015-07-26 00:15:27 +00:00
Shalin Shekhar Mangar c3185b5489 SOLR-4839: Separate jetty and client specific SSL properties
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1676102 13f79535-47bb-0310-9956-ffa450edef68
2015-04-26 12:44:20 +00:00
Shalin Shekhar Mangar 299ddc5abe SOLR-4839: SSL support with Jetty 9. Also fixes SOLR-7449 on trunk.
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1675619 13f79535-47bb-0310-9956-ffa450edef68
2015-04-23 14:17:35 +00:00
Shawn Heisey 5f5814ce27 SOLR-7319: Revert previous patch, return to discussion.
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1670370 13f79535-47bb-0310-9956-ffa450edef68
2015-03-31 15:54:05 +00:00
Shawn Heisey 421897ea3c SOLR-7319: Workaround for the "Four Month Bug" GC pause problem
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1669731 13f79535-47bb-0310-9956-ffa450edef68
2015-03-28 04:07:18 +00:00
Timothy Potter 7401236745 SOLR-6982: bin/solr and SolrCLI should support SSL-related Java System Properties
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1652208 13f79535-47bb-0310-9956-ffa450edef68
2015-01-15 18:24:48 +00:00
Timothy Potter 4e65c4d1e0 SOLR-6851: Scripts to help install and run Solr as a service on Linux
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1647700 13f79535-47bb-0310-9956-ffa450edef68
2014-12-23 23:20:42 +00:00
Timothy Potter 3a5438ec1f SOLR-6843: JMX RMI connector should be disabled by default but can be activated by setting ENABLE_REMOTE_JMX_OPTS to true in solr.in.(sh|cmd).
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1644978 13f79535-47bb-0310-9956-ffa450edef68
2014-12-12 17:07:06 +00:00
Timothy Potter 9806b86719 SOLR-6726: better strategy for selecting the JMX RMI port based on SOLR_PORT in bin/solr
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1642745 13f79535-47bb-0310-9956-ffa450edef68
2014-12-01 19:50:30 +00:00
Timothy Potter f66288743c SOLR-6742: change eol-style to CRLF
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1639789 13f79535-47bb-0310-9956-ffa450edef68
2014-11-14 21:31:52 +00:00
Timothy Potter fe6eff7d1b SOLR-6705: Add specific JVM version checking to Windows start scripts
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1638429 13f79535-47bb-0310-9956-ffa450edef68
2014-11-11 21:28:17 +00:00
Jan Høydahl 5240a5ac8a SOLR-6697: bin/solr start scripts allow setting SOLR_OPTS in solr.in.*
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1638423 13f79535-47bb-0310-9956-ffa450edef68
2014-11-11 21:20:56 +00:00
Timothy Potter 3f566e6e91 SOLR-6549: add a -s option to set the -Dsolr.solr.home property, thus allowing multiple Solr nodes on the same host to share the same server directory -d but with different Solr home directories
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1630550 13f79535-47bb-0310-9956-ffa450edef68
2014-10-09 18:42:21 +00:00
Timothy Potter 6662a12c71 SOLR-3617: start/stop script with support for running examples
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1616271 13f79535-47bb-0310-9956-ffa450edef68
2014-08-06 16:30:01 +00:00