lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörn Franke <jornfra...@gmail.com>
Subject Re: How to access the Solr Admin GUI (2)
Date Wed, 02 Jan 2019 10:38:00 GMT
In this case create a VPN and then access it.

> Am 02.01.2019 um 11:03 schrieb solr@cid.is:
> 
> First I want to thank you for your comments.
> Second I'll add some background information.
> 
> Here Solr is part of a complex information management project, which I developed for
a customer and which includes different source databases, containing edited/imported/crawled
content.
> This project runs on a Debian root server, which is hosted by an ISP and maintained by
the ISP's support team and - a little bit - by me.
> This setting was required by my customer.
> 
> Solr searches are created and processed on this server from a PHP MySQL stack, and port
8983 is only available internally.
> I agree the opening port 8983 to the public is dangerous, I've experienced that.
> Nevertheless from time to time I need access to the Solr Admin GUI on that server.
> 
> My ISP's support team is not familiar with Solr, but willing to help.
> So I'll forward your comments to them and discuss with them.
> 
> Thank you again.
> Walter
> 
> 
> Shawn Heisey <apache@elyograg.org> schrieb am 01.01.2019 20:00:13:
> 
>> If you've blocked the Solr port, then you can't access Solr at all, including the
admin UI.  The UI is accessed through the same port as the rest of Solr.
>> 
>> The admin UI is a static set of resources (html, css, javascript, images, etc) that
gets downloaded and runs within the browser, accessing the same API that anything else would.
 When you issue a query with the admin UI, it is your browser that makes the query, not the
server.
>> 
>> If you set up a reverse proxy that blocks URL paths for the API while allowing URL
paths for the admin UI, then the admin UI won't work -- because everything the admin UI displays
or does is accomplished by your browser making calls to the API.
>> 
>> Thanks,
>> Shawn
> 
> 
> Terry Steichen <terry@net-frame.com> schrieb am 01.01.2019 19:39:04:
> 
>> I think a better approach to tunneling would be:
>> 
>> ssh -p xxxx -L 8888:localhost:8983 userid@myremoteserver.example.com
>> 
>> This requires you to set up a different port (xxxx) rather than use the
>> standard 22 port (on your router and on your sshd config).  I've been
>> running something like this for about a year and have rarely if ever had
>> it attacked.  Prior to changing the port (to xxxx), however, I was under
>> constant hacking attacks - they find port 22 too attractive to ignore.
>> 
>> Also, regarding my use of port 8888: if you have the server running on
>> several local machines (as I do), the use of the 8888 port may help
>> prevent confusion (as to whether your browser is accessing a local -
>> defaulted to 8983 - or a remote solr server).
>> 
>> Note: you might find that the ssh connection will drop out after some
>> inactivity, and need to be restarted occasionally.  Pretty simple to do
>> - just run the ssh line above again.
>> 
>> Note: I also add authorization controls to the AdminUI (and its functions)
> 
> 
> Jörn Franke <jornfranke@gmail.com> schrieb am 01.01.2019 19:11:18:
> 
>> You could configure a reverse proxy to provide one or more means of authentication.
>> 
>> However, I agree that the purpose why this is done should be clarified.
> 
> 
> Kay Wrobel <kwrobel@hawkusa.com> schrieb am 01.01.2019 19:02:10:
> 
>> You can use ssh to tunnel in.
>> 
>> ssh -L8983:localhost:8983 userid@myremoteserver.example.com
>> 
>> This will only require port 22 to be exposed to the public.
>> 
>> 
>> Sent from my iPhone
> 
> 
> Walter Underwood <wunder@wunderwood.org> schrieb am 01.01.2019 19:00:31:
> 
>> Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it
>> can delete all your collections. That UI is designed for “back office” use only.
>> 
>> wunder
>> Walter Underwood
>> wunder@wunderwood.org
>> http://observer.wunderwood.org/  (my blog)
> 
> 
> Gus Heck <gus.heck@gmail.com> schrieb am 01.01.2019 18:43:02:
> 
>> Why would you want to expose the administration gui on the web? This is a
>> very hazardous thing to do. Never mind that it normally also runs on 8983
>> and all it's functionality relies on the ability to interact with 8983
>> hosted api end points.
>> 
>> What are you actually trying to solve?
> 
> 
> Jörn Franke <jornfranke@gmail.com> schrieb am 31.12.2018 23:07:49:
> 
>> Reverse proxy?
> 
> 
> "aleksander_goncharov@yahoo.de" <aleksander_goncharov@yahoo.de> schrieb am 31.12.2018
23:22:59:
> 
>> Hi Walter,
>> 
>> hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix dazwischen geschaltet.
>> 
>> Viele Grüße
>> Alexander
> 
> solr@cid.is schrieb am 31.12.2018 22:48:55:
> 
>> Hi all,
>> 
>> is there a way, better a solution, to access the Solr Admin GUI from  outside the
server (via public web) while the Solr port 8983 is closed  by a firewall and only available
inside the server via localhost?
>> 
>> Thanks in advance
>> Walter Claassen
>> 
>> Alexandraweg 32
>> D 64287 Darmstadt
>> Fon +49-6151-4937961
>> Fax +49-6151-4937969
>> cla@cid.is
> 

Mime
View raw message