lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@cid.is
Subject How to access the Solr Admin GUI (2)
Date Wed, 02 Jan 2019 10:03:59 GMT
First I want to thank you for your comments.
Second I'll add some background information.

Here Solr is part of a complex information management project, which I  
developed for a customer and which includes different source  
databases, containing edited/imported/crawled content.
This project runs on a Debian root server, which is hosted by an ISP  
and maintained by the ISP's support team and - a little bit - by me.
This setting was required by my customer.

Solr searches are created and processed on this server from a PHP  
MySQL stack, and port 8983 is only available internally.
I agree the opening port 8983 to the public is dangerous, I've  
experienced that.
Nevertheless from time to time I need access to the Solr Admin GUI on  
that server.

My ISP's support team is not familiar with Solr, but willing to help.
So I'll forward your comments to them and discuss with them.

Thank you again.
Walter


Shawn Heisey <apache@elyograg.org> schrieb am 01.01.2019 20:00:13:

> If you've blocked the Solr port, then you can't access Solr at all,  
> including the admin UI.  The UI is accessed through the same port as  
> the rest of Solr.
>
> The admin UI is a static set of resources (html, css, javascript,  
> images, etc) that gets downloaded and runs within the browser,  
> accessing the same API that anything else would.  When you issue a  
> query with the admin UI, it is your browser that makes the query,  
> not the server.
>
> If you set up a reverse proxy that blocks URL paths for the API  
> while allowing URL paths for the admin UI, then the admin UI won't  
> work -- because everything the admin UI displays or does is  
> accomplished by your browser making calls to the API.
>
> Thanks,
> Shawn


Terry Steichen <terry@net-frame.com> schrieb am 01.01.2019 19:39:04:

> I think a better approach to tunneling would be:
>
> ssh -p xxxx -L 8888:localhost:8983 userid@myremoteserver.example.com
>
> This requires you to set up a different port (xxxx) rather than use the
> standard 22 port (on your router and on your sshd config).  I've been
> running something like this for about a year and have rarely if ever had
> it attacked.  Prior to changing the port (to xxxx), however, I was under
> constant hacking attacks - they find port 22 too attractive to ignore.
>
> Also, regarding my use of port 8888: if you have the server running on
> several local machines (as I do), the use of the 8888 port may help
> prevent confusion (as to whether your browser is accessing a local -
> defaulted to 8983 - or a remote solr server).
>
> Note: you might find that the ssh connection will drop out after some
> inactivity, and need to be restarted occasionally.  Pretty simple to do
> - just run the ssh line above again.
>
> Note: I also add authorization controls to the AdminUI (and its functions)


Jörn Franke <jornfranke@gmail.com> schrieb am 01.01.2019 19:11:18:

> You could configure a reverse proxy to provide one or more means of  
> authentication.
>
> However, I agree that the purpose why this is done should be clarified.


Kay Wrobel <kwrobel@hawkusa.com> schrieb am 01.01.2019 19:02:10:

> You can use ssh to tunnel in.
>
> ssh -L8983:localhost:8983 userid@myremoteserver.example.com
>
> This will only require port 22 to be exposed to the public.
>
>
> Sent from my iPhone


Walter Underwood <wunder@wunderwood.org> schrieb am 01.01.2019 19:00:31:

> Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it
> can delete all your collections. That UI is designed for “back  
> office” use only.
>
> wunder
> Walter Underwood
> wunder@wunderwood.org
> http://observer.wunderwood.org/  (my blog)


Gus Heck <gus.heck@gmail.com> schrieb am 01.01.2019 18:43:02:

> Why would you want to expose the administration gui on the web? This is a
> very hazardous thing to do. Never mind that it normally also runs on 8983
> and all it's functionality relies on the ability to interact with 8983
> hosted api end points.
>
> What are you actually trying to solve?


Jörn Franke <jornfranke@gmail.com> schrieb am 31.12.2018 23:07:49:

> Reverse proxy?


"aleksander_goncharov@yahoo.de" <aleksander_goncharov@yahoo.de>  
schrieb am 31.12.2018 23:22:59:

> Hi Walter,
>
> hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix  
> dazwischen geschaltet.
>
> Viele Grüße
> Alexander

solr@cid.is schrieb am 31.12.2018 22:48:55:

> Hi all,
>
> is there a way, better a solution, to access the Solr Admin GUI from  
>  outside the server (via public web) while the Solr port 8983 is  
> closed  by a firewall and only available inside the server via  
> localhost?
>
> Thanks in advance
> Walter Claassen
>
> Alexandraweg 32
> D 64287 Darmstadt
> Fon +49-6151-4937961
> Fax +49-6151-4937969
> cla@cid.is


Mime
View raw message