Commit Graph

227 Commits

Author SHA1 Message Date
Marcus bc5f837344
SOLR-14147 change the Security manager to default to true. (#1141)
* change the Security manager to default.
* update the ref-guide.
* uncomment init scripts update changes.
* changed the ref guide and re-commented file.
* remove added comment.
* modified shell script.
* removed comment in windows file.

Signed-off-by: marcussorealheis <marcuseagan@gmail.com>

* bashism and fix windows
* remove space

Signed-off-by: marcussorealheis <marcuseagan@gmail.com>
2020-02-05 19:17:55 -05:00
Jason Gerlowski 424ace6f5d
SOLR-14186: Enforce CRLF in Windows files with .gitattributes (#1163) 2020-01-16 08:30:39 -05:00
Jason Gerlowski 58b3c1f068
SOLR-14186: Re-add CRLF line endings to solr.cmd (#1162) 2020-01-13 10:40:43 -05:00
Jason Gerlowski 5377742a62
SOLR-13985: Bind to localhost interface by default (#1154)
Prior to this commit, Solr's Jetty listened for connections on all
network interfaces. This commit changes it to only listen on localhost,
to prevent incautious administrators from accidentally exposing their
Solr deployment to the world.

Administrators who wish to override this behavior can set the
SOLR_JETTY_HOST property in their Solr include file
(solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value.

A version of this commit was previously reverted due to inconsistency
between SOLR_HOST and SOLR_JETTY_HOST.  This commit fixes this issue.
2020-01-13 09:42:30 -05:00
Kevin Risden 22155bf7a7
SOLR-14163: SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION needs to work with Jetty server/client SSL contexts
Closes #1147

Signed-off-by: Kevin Risden <krisden@apache.org>
2020-01-09 10:28:35 -05:00
Jason Gerlowski a17c486424 Revert "SOLR-13985: Bind to localhost interface by default"
This temporarily reverts commit 479e73 while a potentially related
networking hiccup is investigated.
2020-01-07 09:05:13 -05:00
Martijn Koster ac777a5352 SOLR-13089: Fix lsof edge cases in the solr CLI script 2020-01-06 13:20:14 +01:00
Jason Gerlowski 479e736469 SOLR-13985: Bind to localhost interface by default
Prior to this commit, Solr's Jetty listened for connections on all
network interfaces.  This commit changes it to only listen on localhost,
to prevent incautious administrators from accidentally exposing their
Solr deployment to the world.

Administrators who wish to override this behavior can set the
SOLR_JETTY_HOST property in their Solr include file
(solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value.
2020-01-03 15:17:24 -05:00
Joel Bernstein 8df304d12e SOLR-14130: Harden parsing logic 2020-01-03 08:47:19 -05:00
Joel Bernstein 29c00d4fe7 SOLR-14130: Add postlogs command line tool for indexing Solr logs 2020-01-03 08:47:19 -05:00
Robert Muir 1cb6e35058 SOLR-14141: eliminate JKS keystore from solr ssl docs.
Currently the documentation pretends to create a JKS keystore. It is
only actually a JKS keystore on java 8: on java9+ it is a PKCS12
keystore with a .jks extension (because PKCS12 is the new java default).
It works even though solr explicitly tells the JDK
(SOLR_SSL_KEY_STORE_TYPE=JKS) that its JKS when it is in fact not, due
to how keystore backwards compatibility was implemented.

Fix docs to explicitly create a PKCS12 keystore with .p12 extension and
so on instead of a PKCS12 keystore masquerading as a JKS one. This
simplifies the SSL steps since the "conversion" step (which was doing
nothing) from .JKS -> .P12 can be removed.
2019-12-29 09:34:00 -05:00
Robert Muir 126d6b7767
SOLR-13984: add (experimental, disabled by default) security manager support (#1082)
* SOLR-13984: add (experimental, disabled by default) security manager support.

User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.

The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.

This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
2019-12-24 06:30:31 -08:00
Robert Muir 72c99e921c
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars

This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.

Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
2019-12-23 19:26:11 -05:00
Robert Muir 1425d6cbf8
SOLR-14138: enable request log via environ var, remove deprecated jetty class usage, respect SOLR_LOGS_DIR (#1110)
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
2019-12-23 10:37:31 -05:00
Andy Vuong e428628054 SOLR-14107: Ensure bin/solr -q/-v args work with -e/example (#1093)
Co-authored-by: Andy Vuong <andyvvv.101@gmail.com>
2019-12-20 11:31:16 -05:00
Jason Gerlowski 62e0222aef SOLR-13087: Remove 'whoami' usage in bin/solr
whoami displays a warning if the effective-uid is not in /etc/password.
This can happen in certain situations when running in a docker
container.  This replaces the 'whoami' usage with a safer check.
2019-12-06 15:31:37 -05:00
Jan Høydahl 936f4b6ee9 SOLR-13977: solr create -c not working under Windows 10 2019-11-29 01:22:06 +01:00
Ishan Chattopadhyaya d9f41f8a5a SOLR-13662: Package manager (CLI) 2019-11-14 18:21:35 +05:30
Erick Erickson a1f3d2c29a SOLR-13771: Add -v and -m to ulimit section of reference guide and bin/solr checks 2019-09-30 17:58:35 -04:00
Cao Manh Dat 7350c50316 SOLR-13798: SSL: Adding Enabling/Disabling client's hostname verification config 2019-09-30 16:29:43 +01:00
Jan Høydahl d468d71c03 SOLR-13647: Default solr.in.sh contains incorrect default value 2019-08-12 13:56:35 +02:00
Noble Paul e45e8127d5
SOLR-13682: command line option to export documents to a file
* SOLR-13682: command line option to export documents to a file
2019-08-10 16:34:23 +10:00
Jan Høydahl b54126169b SOLR-13569: AdminUI visual indication of prod/test/dev environment 2019-06-26 12:09:02 +02:00
Ishan Chattopadhyaya 91969f40fe SOLR-13394: Tweaking G1 parameters and adding ref guide documentation 2019-05-03 00:36:32 +05:30
Andrzej Bialecki 6eccf2bf53 SOLR-13427: Support simulating the execution of autoscaling suggestions. 2019-04-29 23:14:38 +02:00
Ishan Chattopadhyaya 9c77889217 SOLR-13394: Switch default GC from CMS to G1 2019-04-25 13:58:43 +05:30
Andrzej Bialecki bd8905150d SOLR-12461: Upgrade Dropwizard Metrics to 4.0.5 release. 2019-04-18 19:08:20 +02:00
Uwe Schindler db5f1af59b Fix Windows startup script to disable HTTP/2 if TLS is enabled on Java 8. 2019-03-07 14:16:36 +01:00
Jason Gerlowski a084cc1e33 SOLR-13241: Add 'autoscaling' tool to solr.cmd
Prior to this commit, SOLR-13155 added support for an 'autoscaling' tool
to bin/solr, but not to the Windows equivalent bin/solr.cmd.  This
commit adds the necessary plumbing to the Windows version of this
script.  It also removes some dead help-text from the bin/solr script.
2019-02-13 10:48:31 -05:00
Andrzej Bialecki 242ff88e02 SOLR-13155: Add command-line option for testing autoscaling configurations. 2019-02-12 11:53:15 +01:00
Tomas Fernandez Lobbe 8b54b20fc4 SOLR-12770: Make it possible to configure a host whitelist for distributed search 2019-01-15 11:44:57 -08:00
Jan Høydahl 9488c8f688 SOLR-12237: Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script 2019-01-03 19:40:47 +01:00
Jan Høydahl a1c6e642aa SOLR-11853: Solr installer fails on SuSE linux 2019-01-02 17:24:22 +01:00
Cao Manh Dat f80e8e1167 Merge jira/http2 branch to master 2018-12-16 16:58:20 +00:00
Cassandra Targett df5540acc9 SOLR-12497: Add documentation for Hadoop credential provider-based keystore/truststore 2018-11-15 00:35:25 -06:00
Tim Underwood 5202a713ba Java 9+ GC Logging filesize parameter should be 20M instead of 20000
JEP 158 (https://openjdk.java.net/jeps/158) says the filesize parameter is the “file size in kb” however that appears to not be the case since when it is set to a value of 20000 you end up with GC logs that are only 20000 bytes in length.  Setting the value to 20M produces the desired result of GC log files that are 20MB in size.
2018-10-15 12:52:40 -07:00
Erick Erickson 95cc6f4f76 SOLR-12776: Setting of TMP in solr.cmd causes invisibility of Solr to JDK tools 2018-09-23 16:03:30 -07:00
Erick Erickson 93ae3669b5 SOLR-12008: Settle a location for the log4j2.xml file 2018-07-11 20:57:38 -07:00
Steve Rowe fba42bbac6 SOLR-12435: Fix bin/solr help and ref guide text to describe ZK_HOST in solr.in.sh/solr.in.cmd as an alternative to -z cmdline param 2018-06-14 21:06:09 -04:00
Steve Rowe 6f9f4f70f2 SOLR-12434: Fix standalone mode 'bin/solr config' to not pass in empty -z ZK_HOST param; revert accidental ZK_HOST definition in solr.in.cmd 2018-06-13 09:35:18 -04:00
Steve Rowe ca35c40f1b SOLR-12481: update.autoCreateFields must be set via Config API command 'set-user-property', but 'bin/solr create' tells users to use the default action 'set-property', which fails because the property is not editable 2018-06-12 21:50:25 -04:00
Steve Rowe 3d8b219273 SOLR-12434: remove debug printing from bin/solr 2018-06-12 21:10:19 -04:00
Steve Rowe 00be7bc2d6 SOLR-12434: remove debug printing from bin/solr 2018-06-12 21:00:39 -04:00
Steve Rowe ade22a1ef9 SOLR-12434: Fix 'bin/solr config' endless loop parsing cmdline args 2018-06-12 20:56:57 -04:00
Steve Rowe ba62472bd3 SOLR-12434: bin/solr {config,healthcheck} ignore ZK_HOST in solr.in.{sh,cmd} 2018-06-12 20:01:20 -04:00
Erick Erickson abb57c5c81 SOLR-12192: Error when ulimit is unlimited 2018-05-08 09:54:40 -07:00
Chris Hostetter 4e0e8e979b SOLR-9304: Fix Solr's HTTP handling to respect '-Dsolr.ssl.checkPeerName=false' aka SOLR_SSL_CHECK_PEER_NAME 2018-04-22 13:38:37 -07:00
Jason Gerlowski 7edfd9c410 SOLR-11840: Fix bin/solr help-text inconsistencies 2018-04-16 22:21:27 -04:00
Mark Miller 5e2a5a5b8c SOLR-10783: Add support for Hadoop Credential Provider as SSL/TLS store password source. 2018-04-09 21:57:56 -05:00
Jan Høydahl 0989e5874a SOLR-12144: SOLR_LOG_PRESTART_ROTATION now defaults to false, we leverage log4j2 for log rotation on startup 2018-04-03 13:10:20 +02:00