mirror of
https://github.com/apache/lucene.git
synced 2025-02-07 18:49:03 +00:00
5377742a62
Prior to this commit, Solr's Jetty listened for connections on all network interfaces. This commit changes it to only listen on localhost, to prevent incautious administrators from accidentally exposing their Solr deployment to the world. Administrators who wish to override this behavior can set the SOLR_JETTY_HOST property in their Solr include file (solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value. A version of this commit was previously reverted due to inconsistency between SOLR_HOST and SOLR_JETTY_HOST. This commit fixes this issue.
76 lines
3.6 KiB
XML
76 lines
3.6 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
|
|
|
<!-- ============================================================= -->
|
|
<!-- Configure a HTTPS connector. -->
|
|
<!-- This configuration must be used in conjunction with jetty.xml -->
|
|
<!-- and jetty-ssl.xml. -->
|
|
<!-- ============================================================= -->
|
|
<Configure id="Server" class="org.eclipse.jetty.server.Server">
|
|
|
|
<Ref refid="sslContextFactory">
|
|
<Set name="CipherComparator">
|
|
<Get class="org.eclipse.jetty.http2.HTTP2Cipher" name="COMPARATOR"/>
|
|
</Set>
|
|
<Set name="useCipherSuitesOrder">true</Set>
|
|
</Ref>
|
|
|
|
<!-- =========================================================== -->
|
|
<!-- Add a HTTPS Connector. -->
|
|
<!-- Configure an o.e.j.server.ServerConnector with connection -->
|
|
<!-- factories for TLS (aka SSL) and HTTP to provide HTTPS. -->
|
|
<!-- All accepted TLS connections are wired to a HTTP connection.-->
|
|
<!-- -->
|
|
<!-- Consult the javadoc of o.e.j.server.ServerConnector, -->
|
|
<!-- o.e.j.server.SslConnectionFactory and -->
|
|
<!-- o.e.j.server.HttpConnectionFactory for all configuration -->
|
|
<!-- that may be set here. -->
|
|
<!-- =========================================================== -->
|
|
<Call id="httpsConnector" name="addConnector">
|
|
<Arg>
|
|
<New class="org.eclipse.jetty.server.ServerConnector">
|
|
<Arg name="server"><Ref refid="Server" /></Arg>
|
|
<Arg name="acceptors" type="int"><Property name="solr.jetty.ssl.acceptors" default="-1"/></Arg>
|
|
<Arg name="selectors" type="int"><Property name="solr.jetty.ssl.selectors" default="-1"/></Arg>
|
|
<Arg name="factories">
|
|
<Array type="org.eclipse.jetty.server.ConnectionFactory">
|
|
<Item>
|
|
<New class="org.eclipse.jetty.server.SslConnectionFactory">
|
|
<Arg name="next">alpn</Arg>
|
|
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
|
|
</New>
|
|
</Item>
|
|
<Item>
|
|
<New id="alpn" class="org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory">
|
|
<Arg name="protocols">
|
|
<Array type="java.lang.String">
|
|
<Item>h2</Item>
|
|
<Item>http/1.1</Item>
|
|
</Array>
|
|
</Arg>
|
|
<Set name="defaultProtocol">http/1.1</Set>
|
|
</New>
|
|
</Item>
|
|
<Item>
|
|
<New class="org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory">
|
|
<Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
|
|
</New>
|
|
</Item>
|
|
<Item>
|
|
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
|
|
<Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
|
|
</New>
|
|
</Item>
|
|
</Array>
|
|
</Arg>
|
|
<Set name="host"><Property name="solr.jetty.host" default="127.0.0.1"/></Set>
|
|
<Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
|
|
<Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
|
|
<Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
|
|
<Set name="acceptQueueSize"><Property name="solr.jetty.https.acceptQueueSize" default="0"/></Set>
|
|
</New>
|
|
</Arg>
|
|
</Call>
|
|
|
|
</Configure>
|