We don’t want SOLR available publically, and it is secured only to the localhost. However, when I forced HTTPS our DSpace instance in Tomcat, it started causing the 302 errors with SOLR. I guess I’m going to have to install Apache httpd or nginx to handle the certificate. I was hoping to get away with just using tomcat.
-- Jake Cameron, BCS(UNB) Systems Support Specialist III Information Systems and Technical Services University of Lethbridge Library Phone:(403)329-2756 This e-mail, including any and all attachments, is only for the use of the intended recipient(s) and may contain information that is confidential or privileged. If you are not the intended recipient, you are advised that any dissemination, copying or other use of this e-mail is prohibited. Please notify the sender of the error in communication by return e-mail and destroy all copies of this e-mail. Thank you. From: dspace-tech@googlegroups.com <dspace-tech@googlegroups.com> On Behalf Of Alan Orth Sent: Tuesday, November 6, 2018 1:42 AM To: Cameron, Jacob <jacob.came...@uleth.ca> Cc: dspace-tech@googlegroups.com Subject: Re: [dspace-tech] HTTPS and SOLR Dear Jacob, Is there any reason you need Solr available publicly? It is recommended that Solr run on localhost and the DSpace applications communicate with it directly, ie at http://localhost:8080/solr. The Solr application is not secured and should, under most circumstances, never be exposed publicly. We use a normal HTTP server (nginx) in front of our Tomcat. It makes things like TLS certificates easier. We block access to the /solr path in nginx: # Only allow Solr access from localhost location /solr { allow 127.0.0.1; deny all; } If I ever need direct access to the Solr web application remotely I use SSH local port forwarding, ie: $ ssh -L 3000:localhost:8080 dspaceserver.com<http://dspaceserver.com> Then I can access the remote Solr application locally using: http://localhost:3000/solr Hope that helps, On Tue, Nov 6, 2018 at 1:11 AM Cameron, Jacob <jacob.came...@uleth.ca<mailto:jacob.came...@uleth.ca>> wrote: Can I have SOLR secured under a wildcard SSL certificate? I’ve installed our cert and forced HTTPS I’m tomcat, but SOLR keeps giving a 302 error now and when I browse it it tells me that it’s an invalid cert. I haven’t been able to figure a way around it. We aren’t using Apache HTTPD to configure our ports. -- Please excuse any typing errors or grammatical mistakes. I’m sending this message from a mobile device. Jake Cameron, BCS(UNB) Systems Support Specialist III Information Systems and Technical Services University of Lethbridge Library Phone:(403)329-2756 This e-mail, including any and all attachments, is only for the use of the intended recipient(s) and may contain information that is confidential or privileged. If you are not the intended recipient, you are advised that any dissemination, copying or other use of this e-mail is prohibited. Please notify the sender of the error in communication by return e-mail and destroy all copies of this e-mail. Thank you. -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com<mailto:dspace-tech+unsubscr...@googlegroups.com>. To post to this group, send email to dspace-tech@googlegroups.com<mailto:dspace-tech@googlegroups.com>. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout. -- Alan Orth alan.o...@gmail.com<mailto:alan.o...@gmail.com> https://picturingjordan.com https://englishbulgaria.net https://mjanja.ch "In heaven all the interesting people are missing." ―Friedrich Nietzsche -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com<mailto:dspace-tech+unsubscr...@googlegroups.com>. To post to this group, send email to dspace-tech@googlegroups.com<mailto:dspace-tech@googlegroups.com>. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout. -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
