Commit Graph

122 Commits

Author SHA1 Message Date
Marcus bc5f837344
SOLR-14147 change the Security manager to default to true. (#1141)
* change the Security manager to default.
* update the ref-guide.
* uncomment init scripts update changes.
* changed the ref guide and re-commented file.
* remove added comment.
* modified shell script.
* removed comment in windows file.

Signed-off-by: marcussorealheis <marcuseagan@gmail.com>

* bashism and fix windows
* remove space

Signed-off-by: marcussorealheis <marcuseagan@gmail.com>
2020-02-05 19:17:55 -05:00
Jason Gerlowski 424ace6f5d
SOLR-14186: Enforce CRLF in Windows files with .gitattributes (#1163) 2020-01-16 08:30:39 -05:00
Jason Gerlowski 58b3c1f068
SOLR-14186: Re-add CRLF line endings to solr.cmd (#1162) 2020-01-13 10:40:43 -05:00
Jason Gerlowski 5377742a62
SOLR-13985: Bind to localhost interface by default (#1154)
Prior to this commit, Solr's Jetty listened for connections on all
network interfaces. This commit changes it to only listen on localhost,
to prevent incautious administrators from accidentally exposing their
Solr deployment to the world.

Administrators who wish to override this behavior can set the
SOLR_JETTY_HOST property in their Solr include file
(solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value.

A version of this commit was previously reverted due to inconsistency
between SOLR_HOST and SOLR_JETTY_HOST.  This commit fixes this issue.
2020-01-13 09:42:30 -05:00
Kevin Risden 22155bf7a7
SOLR-14163: SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION needs to work with Jetty server/client SSL contexts
Closes #1147

Signed-off-by: Kevin Risden <krisden@apache.org>
2020-01-09 10:28:35 -05:00
Jason Gerlowski a17c486424 Revert "SOLR-13985: Bind to localhost interface by default"
This temporarily reverts commit 479e73 while a potentially related
networking hiccup is investigated.
2020-01-07 09:05:13 -05:00
Jason Gerlowski 479e736469 SOLR-13985: Bind to localhost interface by default
Prior to this commit, Solr's Jetty listened for connections on all
network interfaces.  This commit changes it to only listen on localhost,
to prevent incautious administrators from accidentally exposing their
Solr deployment to the world.

Administrators who wish to override this behavior can set the
SOLR_JETTY_HOST property in their Solr include file
(solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value.
2020-01-03 15:17:24 -05:00
Robert Muir 126d6b7767
SOLR-13984: add (experimental, disabled by default) security manager support (#1082)
* SOLR-13984: add (experimental, disabled by default) security manager support.

User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.

The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.

This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
2019-12-24 06:30:31 -08:00
Robert Muir 72c99e921c
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars

This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.

Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
2019-12-23 19:26:11 -05:00
Robert Muir 1425d6cbf8
SOLR-14138: enable request log via environ var, remove deprecated jetty class usage, respect SOLR_LOGS_DIR (#1110)
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
2019-12-23 10:37:31 -05:00
Andy Vuong e428628054 SOLR-14107: Ensure bin/solr -q/-v args work with -e/example (#1093)
Co-authored-by: Andy Vuong <andyvvv.101@gmail.com>
2019-12-20 11:31:16 -05:00
Jan Høydahl 936f4b6ee9 SOLR-13977: solr create -c not working under Windows 10 2019-11-29 01:22:06 +01:00
Ishan Chattopadhyaya d9f41f8a5a SOLR-13662: Package manager (CLI) 2019-11-14 18:21:35 +05:30
Noble Paul e45e8127d5
SOLR-13682: command line option to export documents to a file
* SOLR-13682: command line option to export documents to a file
2019-08-10 16:34:23 +10:00
Ishan Chattopadhyaya 91969f40fe SOLR-13394: Tweaking G1 parameters and adding ref guide documentation 2019-05-03 00:36:32 +05:30
Ishan Chattopadhyaya 9c77889217 SOLR-13394: Switch default GC from CMS to G1 2019-04-25 13:58:43 +05:30
Uwe Schindler db5f1af59b Fix Windows startup script to disable HTTP/2 if TLS is enabled on Java 8. 2019-03-07 14:16:36 +01:00
Jason Gerlowski a084cc1e33 SOLR-13241: Add 'autoscaling' tool to solr.cmd
Prior to this commit, SOLR-13155 added support for an 'autoscaling' tool
to bin/solr, but not to the Windows equivalent bin/solr.cmd.  This
commit adds the necessary plumbing to the Windows version of this
script.  It also removes some dead help-text from the bin/solr script.
2019-02-13 10:48:31 -05:00
Tim Underwood 5202a713ba Java 9+ GC Logging filesize parameter should be 20M instead of 20000
JEP 158 (https://openjdk.java.net/jeps/158) says the filesize parameter is the “file size in kb” however that appears to not be the case since when it is set to a value of 20000 you end up with GC logs that are only 20000 bytes in length.  Setting the value to 20M produces the desired result of GC log files that are 20MB in size.
2018-10-15 12:52:40 -07:00
Erick Erickson 95cc6f4f76 SOLR-12776: Setting of TMP in solr.cmd causes invisibility of Solr to JDK tools 2018-09-23 16:03:30 -07:00
Erick Erickson 93ae3669b5 SOLR-12008: Settle a location for the log4j2.xml file 2018-07-11 20:57:38 -07:00
Steve Rowe fba42bbac6 SOLR-12435: Fix bin/solr help and ref guide text to describe ZK_HOST in solr.in.sh/solr.in.cmd as an alternative to -z cmdline param 2018-06-14 21:06:09 -04:00
Steve Rowe 6f9f4f70f2 SOLR-12434: Fix standalone mode 'bin/solr config' to not pass in empty -z ZK_HOST param; revert accidental ZK_HOST definition in solr.in.cmd 2018-06-13 09:35:18 -04:00
Steve Rowe ca35c40f1b SOLR-12481: update.autoCreateFields must be set via Config API command 'set-user-property', but 'bin/solr create' tells users to use the default action 'set-property', which fails because the property is not editable 2018-06-12 21:50:25 -04:00
Steve Rowe ba62472bd3 SOLR-12434: bin/solr {config,healthcheck} ignore ZK_HOST in solr.in.{sh,cmd} 2018-06-12 20:01:20 -04:00
Chris Hostetter 4e0e8e979b SOLR-9304: Fix Solr's HTTP handling to respect '-Dsolr.ssl.checkPeerName=false' aka SOLR_SSL_CHECK_PEER_NAME 2018-04-22 13:38:37 -07:00
Jason Gerlowski 7edfd9c410 SOLR-11840: Fix bin/solr help-text inconsistencies 2018-04-16 22:21:27 -04:00
Mark Miller 5e2a5a5b8c SOLR-10783: Add support for Hadoop Credential Provider as SSL/TLS store password source. 2018-04-09 21:57:56 -05:00
Jan Høydahl 0989e5874a SOLR-12144: SOLR_LOG_PRESTART_ROTATION now defaults to false, we leverage log4j2 for log rotation on startup 2018-04-03 13:10:20 +02:00
Uwe Schindler ade2cf2e74 SOLR-12141: Fix "bin/solr" shell scripts (Windows/Linux/Mac) to correctly detect major Java version and use numerical version comparison to enforce minimum requirements. Also remove obsolete "UseParNewGC" option. This allows to start Solr with Java 10 or later. 2018-03-27 22:49:23 +02:00
Varun Thacker bea6e2307b SOLR-7887: Log4J2 upgrade fixes 2018-03-26 11:32:03 -07:00
Erick Erickson 624d128b5e SOLR-7887: Upgrade Solr to use log4j2 -- log4j 1 now officially end of life 2018-03-25 19:16:09 -07:00
Jason Gerlowski b4f8cd7ea6 SOLR-11108: Shorten/improve _default-configset msg
The bin/solr scripts print a warning message when a user creates a
collection that makes use of the default config (which has settings
not recommended for production).

While helpful, this warning was a little too noisy.  It also suggested
users resolve the issue with a provided curl command, but bin/solr is
also capable of performing the same action.

This commit cleans up the error message a bit.
2018-02-17 19:08:26 -05:00
Jason Gerlowski 11a23a9029 SOLR-11902: Clarify bin/solr -h text to describe which commands can be run remotely
The bin/solr scripts contain a number of independent tools.  Many of
these can be run anywhere and just pointed at the correct Solr or ZK
host.  Some must run on the machine hosting Solr itself.

This commit clarifies help text for each bin/solr command, indicating
whether it can be run remotely, or must be run locally.
2018-02-09 18:05:45 -05:00
Christine Poerschke 9268b2b30f SOLR-9137: bin/solr script ignored custom STOP_PORT on shutdown.
(Joachim Kohlhammer, Steve Rowe, Christine Poerschke)
2017-12-05 12:19:14 +00:00
Jan Høydahl b67424ee58 SOLR-10628: Less verbose output from bin/solr commands 2017-08-22 12:50:53 +02:00
Uwe Schindler 86f7d6779a SOLR-8689: Fix bin/solr.cmd so it can run properly on Java 9 2017-08-21 22:30:53 +02:00
Erick Erickson 7109820e01 SOLR-11084 Issue with starting script with solr.home (-s) == solr 2017-08-13 19:43:01 -07:00
Anshum Gupta 8821882400 SOLR-11131: Document 'assert' as a command option in bin/solr, and bin/solr.cmd scripts 2017-07-21 16:05:28 -07:00
Ishan Chattopadhyaya b29951ff2b SOLR-10920: Warning for production use of _default configset's data-driven functionality 2017-07-09 17:05:38 +05:30
Ishan Chattopadhyaya 85069cacf4 SOLR-10272: Adding user _default configset to test-files, fixing solr & solr.cmd script bugs 2017-06-29 10:46:14 +05:30
Ishan Chattopadhyaya ee572b052a SOLR-10272: Use _default config set if config name is not specified with CREATE collection 2017-06-27 09:07:05 +05:30
Ishan Chattopadhyaya e4a7fc59ad SOLR-10574: Adding _default configset, replacing data_driven_schema_configs and basic_configs 2017-06-26 04:58:02 +05:30
Jan Høydahl 39dfb7808a SOLR-6671: Possible to set solr.data.home property as root dir for all data 2017-06-20 13:21:14 +02:00
Mark Miller 9a0d9e83f6 SOLR-9910: Add solr/solr.cmd parameter to append jetty parameters to the start script. 2017-06-13 15:55:51 -04:00
Mark Miller 0fb89f17e1 SOLR-10307: Allow Passing SSL passwords through environment variables. 2017-05-16 14:19:16 -03:00
Ishan Chattopadhyaya 9be68cc307 SOLR-8440: Support for enabling basic authentication using bin/solr|bin/solr.cmd 2017-05-15 22:06:26 +05:30
Ishan Chattopadhyaya c9541c216d SOLR-8440: Support for enabling basic authentication using bin/solr|bin/solr.cmd
Usage:
    bin/solr auth -enable -prompt
    bin/solr auth -enable -credentials solr:SolrRocks
    bin/solr auth -disable
2017-05-09 12:42:41 +05:30
Jan Høydahl 68eb078af8 SOLR-10369: bin\solr.cmd delete and healthcheck now works again (fixed continuation chars ^) 2017-03-28 14:24:09 +02:00
Erick Erickson 0b3ca1bb61 SLR-10108: bin/solr script recursive copy broken 2017-03-27 12:15:05 -07:00