Re: How to access the Solr Admin GUI (2)
If the keys line up nicely across jumps... On Wed, Jan 2, 2019, 10:49 AM Kay Wrobel In case of multiple "jumps", might I suggest the -J switch which allows > you to specify a jump host. > > Kay > > > On Jan 2, 2019, at 9:37 AM, Gus Heck wrote: > > > > I typically resolve this sort of situation with a ssh proxy such as > > > > ssh -f user@123.456.789.012 -L :127.0.0.1:8983 -N > > > > Then I can access the solr GUI from localhost: on my machine, and all > > the traffic is secured by SSH. Pick your local port ( here) as > desired > > of course. Sometimes I have to do two layers of this if there is only a > > single machine accepting SSH for the remote network. Of course this > > requires that the client be able to give you SSH shell access. > > > -- > > The information in this e-mail is confidential and is intended solely for > the addressee(s). Access to this email by anyone else is unauthorized. If > you are not an intended recipient, you may not print, save or otherwise > store the e-mail or any of the contents thereof in electronic or physical > form, nor copy, use or disseminate the information contained in the email. > > If you are not an intended recipient, please notify the sender of this > email immediately. >
Re: How to access the Solr Admin GUI (2)
In case of multiple "jumps", might I suggest the -J switch which allows you to specify a jump host. Kay > On Jan 2, 2019, at 9:37 AM, Gus Heck wrote: > > I typically resolve this sort of situation with a ssh proxy such as > > ssh -f user@123.456.789.012 -L :127.0.0.1:8983 -N > > Then I can access the solr GUI from localhost: on my machine, and all > the traffic is secured by SSH. Pick your local port ( here) as desired > of course. Sometimes I have to do two layers of this if there is only a > single machine accepting SSH for the remote network. Of course this > requires that the client be able to give you SSH shell access. -- The information in this e-mail is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorized. If you are not an intended recipient, you may not print, save or otherwise store the e-mail or any of the contents thereof in electronic or physical form, nor copy, use or disseminate the information contained in the email. If you are not an intended recipient, please notify the sender of this email immediately.
Re: How to access the Solr Admin GUI (2)
I typically resolve this sort of situation with a ssh proxy such as ssh -f user@123.456.789.012 -L :127.0.0.1:8983 -N Then I can access the solr GUI from localhost: on my machine, and all the traffic is secured by SSH. Pick your local port ( here) as desired of course. Sometimes I have to do two layers of this if there is only a single machine accepting SSH for the remote network. Of course this requires that the client be able to give you SSH shell access.
Re: How to access the Solr Admin GUI (2)
In this case create a VPN and then access it. > Am 02.01.2019 um 11:03 schrieb s...@cid.is: > > First I want to thank you for your comments. > Second I'll add some background information. > > Here Solr is part of a complex information management project, which I > developed for a customer and which includes different source databases, > containing edited/imported/crawled content. > This project runs on a Debian root server, which is hosted by an ISP and > maintained by the ISP's support team and - a little bit - by me. > This setting was required by my customer. > > Solr searches are created and processed on this server from a PHP MySQL > stack, and port 8983 is only available internally. > I agree the opening port 8983 to the public is dangerous, I've experienced > that. > Nevertheless from time to time I need access to the Solr Admin GUI on that > server. > > My ISP's support team is not familiar with Solr, but willing to help. > So I'll forward your comments to them and discuss with them. > > Thank you again. > Walter > > > Shawn Heisey schrieb am 01.01.2019 20:00:13: > >> If you've blocked the Solr port, then you can't access Solr at all, >> including the admin UI. The UI is accessed through the same port as the >> rest of Solr. >> >> The admin UI is a static set of resources (html, css, javascript, images, >> etc) that gets downloaded and runs within the browser, accessing the same >> API that anything else would. When you issue a query with the admin UI, it >> is your browser that makes the query, not the server. >> >> If you set up a reverse proxy that blocks URL paths for the API while >> allowing URL paths for the admin UI, then the admin UI won't work -- because >> everything the admin UI displays or does is accomplished by your browser >> making calls to the API. >> >> Thanks, >> Shawn > > > Terry Steichen schrieb am 01.01.2019 19:39:04: > >> I think a better approach to tunneling would be: >> >> ssh -p -L :localhost:8983 use...@myremoteserver.example.com >> >> This requires you to set up a different port () rather than use the >> standard 22 port (on your router and on your sshd config). I've been >> running something like this for about a year and have rarely if ever had >> it attacked. Prior to changing the port (to ), however, I was under >> constant hacking attacks - they find port 22 too attractive to ignore. >> >> Also, regarding my use of port : if you have the server running on >> several local machines (as I do), the use of the port may help >> prevent confusion (as to whether your browser is accessing a local - >> defaulted to 8983 - or a remote solr server). >> >> Note: you might find that the ssh connection will drop out after some >> inactivity, and need to be restarted occasionally. Pretty simple to do >> - just run the ssh line above again. >> >> Note: I also add authorization controls to the AdminUI (and its functions) > > > Jörn Franke schrieb am 01.01.2019 19:11:18: > >> You could configure a reverse proxy to provide one or more means of >> authentication. >> >> However, I agree that the purpose why this is done should be clarified. > > > Kay Wrobel schrieb am 01.01.2019 19:02:10: > >> You can use ssh to tunnel in. >> >> ssh -L8983:localhost:8983 use...@myremoteserver.example.com >> >> This will only require port 22 to be exposed to the public. >> >> >> Sent from my iPhone > > > Walter Underwood schrieb am 01.01.2019 19:00:31: > >> Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it >> can delete all your collections. That UI is designed for “back office” use >> only. >> >> wunder >> Walter Underwood >> wun...@wunderwood.org >> http://observer.wunderwood.org/ (my blog) > > > Gus Heck schrieb am 01.01.2019 18:43:02: > >> Why would you want to expose the administration gui on the web? This is a >> very hazardous thing to do. Never mind that it normally also runs on 8983 >> and all it's functionality relies on the ability to interact with 8983 >> hosted api end points. >> >> What are you actually trying to solve? > > > Jörn Franke schrieb am 31.12.2018 23:07:49: > >> Reverse proxy? > > > "aleksander_goncha...@yahoo.de" schrieb am > 31.12.2018 23:22:59: > >> Hi Walter, >> >> hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix dazwischen >> geschaltet. >> >> Viele Grüße >> Alexander > > s...@cid.is schrieb am 31.12.2018 22:48:55: > >> Hi all, >> >> is there a way, better a solution, to access the Solr Admin GUI from >> outside the server (via public web) while the Solr port 8983 is closed by a >> firewall and only available inside the server via localhost? >> >> Thanks in advance >> Walter Claassen >> >> Alexandraweg 32 >> D 64287 Darmstadt >> Fon +49-6151-4937961 >> Fax +49-6151-4937969 >> c...@cid.is >
How to access the Solr Admin GUI (2)
First I want to thank you for your comments. Second I'll add some background information. Here Solr is part of a complex information management project, which I developed for a customer and which includes different source databases, containing edited/imported/crawled content. This project runs on a Debian root server, which is hosted by an ISP and maintained by the ISP's support team and - a little bit - by me. This setting was required by my customer. Solr searches are created and processed on this server from a PHP MySQL stack, and port 8983 is only available internally. I agree the opening port 8983 to the public is dangerous, I've experienced that. Nevertheless from time to time I need access to the Solr Admin GUI on that server. My ISP's support team is not familiar with Solr, but willing to help. So I'll forward your comments to them and discuss with them. Thank you again. Walter Shawn Heisey schrieb am 01.01.2019 20:00:13: If you've blocked the Solr port, then you can't access Solr at all, including the admin UI. The UI is accessed through the same port as the rest of Solr. The admin UI is a static set of resources (html, css, javascript, images, etc) that gets downloaded and runs within the browser, accessing the same API that anything else would. When you issue a query with the admin UI, it is your browser that makes the query, not the server. If you set up a reverse proxy that blocks URL paths for the API while allowing URL paths for the admin UI, then the admin UI won't work -- because everything the admin UI displays or does is accomplished by your browser making calls to the API. Thanks, Shawn Terry Steichen schrieb am 01.01.2019 19:39:04: I think a better approach to tunneling would be: ssh -p -L :localhost:8983 use...@myremoteserver.example.com This requires you to set up a different port () rather than use the standard 22 port (on your router and on your sshd config). I've been running something like this for about a year and have rarely if ever had it attacked. Prior to changing the port (to ), however, I was under constant hacking attacks - they find port 22 too attractive to ignore. Also, regarding my use of port : if you have the server running on several local machines (as I do), the use of the port may help prevent confusion (as to whether your browser is accessing a local - defaulted to 8983 - or a remote solr server). Note: you might find that the ssh connection will drop out after some inactivity, and need to be restarted occasionally. Pretty simple to do - just run the ssh line above again. Note: I also add authorization controls to the AdminUI (and its functions) Jörn Franke schrieb am 01.01.2019 19:11:18: You could configure a reverse proxy to provide one or more means of authentication. However, I agree that the purpose why this is done should be clarified. Kay Wrobel schrieb am 01.01.2019 19:02:10: You can use ssh to tunnel in. ssh -L8983:localhost:8983 use...@myremoteserver.example.com This will only require port 22 to be exposed to the public. Sent from my iPhone Walter Underwood schrieb am 01.01.2019 19:00:31: Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it can delete all your collections. That UI is designed for “back office” use only. wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) Gus Heck schrieb am 01.01.2019 18:43:02: Why would you want to expose the administration gui on the web? This is a very hazardous thing to do. Never mind that it normally also runs on 8983 and all it's functionality relies on the ability to interact with 8983 hosted api end points. What are you actually trying to solve? Jörn Franke schrieb am 31.12.2018 23:07:49: Reverse proxy? "aleksander_goncha...@yahoo.de" schrieb am 31.12.2018 23:22:59: Hi Walter, hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix dazwischen geschaltet. Viele Grüße Alexander s...@cid.is schrieb am 31.12.2018 22:48:55: Hi all, is there a way, better a solution, to access the Solr Admin GUI from outside the server (via public web) while the Solr port 8983 is closed by a firewall and only available inside the server via localhost? Thanks in advance Walter Claassen Alexandraweg 32 D 64287 Darmstadt Fon +49-6151-4937961 Fax +49-6151-4937969 c...@cid.is
Re: How to access the Solr Admin GUI
On 12/31/2018 2:48 PM, s...@cid.is wrote: is there a way, better a solution, to access the Solr Admin GUI from outside the server (via public web) while the Solr port 8983 is closed by a firewall and only available inside the server via localhost? If you've blocked the Solr port, then you can't access Solr at all, including the admin UI. The UI is accessed through the same port as the rest of Solr. The admin UI is a static set of resources (html, css, javascript, images, etc) that gets downloaded and runs within the browser, accessing the same API that anything else would. When you issue a query with the admin UI, it is your browser that makes the query, not the server. If you set up a reverse proxy that blocks URL paths for the API while allowing URL paths for the admin UI, then the admin UI won't work -- because everything the admin UI displays or does is accomplished by your browser making calls to the API. Thanks, Shawn
Re: How to access the Solr Admin GUI
I think a better approach to tunneling would be: ssh -p -L :localhost:8983 use...@myremoteserver.example.com This requires you to set up a different port () rather than use the standard 22 port (on your router and on your sshd config). I've been running something like this for about a year and have rarely if ever had it attacked. Prior to changing the port (to ), however, I was under constant hacking attacks - they find port 22 too attractive to ignore. Also, regarding my use of port : if you have the server running on several local machines (as I do), the use of the port may help prevent confusion (as to whether your browser is accessing a local - defaulted to 8983 - or a remote solr server). Note: you might find that the ssh connection will drop out after some inactivity, and need to be restarted occasionally. Pretty simple to do - just run the ssh line above again. Note: I also add authorization controls to the AdminUI (and its functions) On 1/1/19 1:02 PM, Kay Wrobel wrote: > You can use ssh to tunnel in. > > ssh -L8983:localhost:8983 use...@myremoteserver.example.com > > This will only require port 22 to be exposed to the public. > > > Sent from my iPhone > >> On Jan 1, 2019, at 11:43 AM, Gus Heck wrote: >> >> Why would you want to expose the administration gui on the web? This is a >> very hazardous thing to do. Never mind that it normally also runs on 8983 >> and all it's functionality relies on the ability to interact with 8983 >> hosted api end points. >> >> What are you actually trying to solve? >> >> On Dec 31, 2018 6:04 PM, "Jörn Franke" wrote: >> >> Reverse proxy? >> >> >>> Am 31.12.2018 um 22:48 schrieb s...@cid.is: >>> >>> Hi all, >>> >>> is there a way, better a solution, to access the Solr Admin GUI from >> outside the server (via public web) while the Solr port 8983 is closed by a >> firewall and only available inside the server via localhost? >>> Thanks in advance >>> Walter Claassen >>> >>> Alexandraweg 32 >>> D 64287 Darmstadt >>> Fon +49-6151-4937961 >>> Fax +49-6151-4937969 >>> c...@cid.is >>>
Re: How to access the Solr Admin GUI
You could configure a reverse proxy to provide one or more means of authentication. However, I agree that the purpose why this is done should be clarified. > Am 01.01.2019 um 19:02 schrieb Kay Wrobel : > > You can use ssh to tunnel in. > > ssh -L8983:localhost:8983 use...@myremoteserver.example.com > > This will only require port 22 to be exposed to the public. > > > Sent from my iPhone > >> On Jan 1, 2019, at 11:43 AM, Gus Heck wrote: >> >> Why would you want to expose the administration gui on the web? This is a >> very hazardous thing to do. Never mind that it normally also runs on 8983 >> and all it's functionality relies on the ability to interact with 8983 >> hosted api end points. >> >> What are you actually trying to solve? >> >> On Dec 31, 2018 6:04 PM, "Jörn Franke" wrote: >> >> Reverse proxy? >> >> >>> Am 31.12.2018 um 22:48 schrieb s...@cid.is: >>> >>> Hi all, >>> >>> is there a way, better a solution, to access the Solr Admin GUI from >> outside the server (via public web) while the Solr port 8983 is closed by a >> firewall and only available inside the server via localhost? >>> >>> Thanks in advance >>> Walter Claassen >>> >>> Alexandraweg 32 >>> D 64287 Darmstadt >>> Fon +49-6151-4937961 >>> Fax +49-6151-4937969 >>> c...@cid.is >>> > > -- > > The information in this e-mail is confidential and is intended solely for > the addressee(s). Access to this email by anyone else is unauthorized. If > you are not an intended recipient, you may not print, save or otherwise > store the e-mail or any of the contents thereof in electronic or physical > form, nor copy, use or disseminate the information contained in the email. > If you are not an intended recipient, please notify the sender of this > email immediately.
Re: How to access the Solr Admin GUI
You can use ssh to tunnel in. ssh -L8983:localhost:8983 use...@myremoteserver.example.com This will only require port 22 to be exposed to the public. Sent from my iPhone > On Jan 1, 2019, at 11:43 AM, Gus Heck wrote: > > Why would you want to expose the administration gui on the web? This is a > very hazardous thing to do. Never mind that it normally also runs on 8983 > and all it's functionality relies on the ability to interact with 8983 > hosted api end points. > > What are you actually trying to solve? > > On Dec 31, 2018 6:04 PM, "Jörn Franke" wrote: > > Reverse proxy? > > >> Am 31.12.2018 um 22:48 schrieb s...@cid.is: >> >> Hi all, >> >> is there a way, better a solution, to access the Solr Admin GUI from > outside the server (via public web) while the Solr port 8983 is closed by a > firewall and only available inside the server via localhost? >> >> Thanks in advance >> Walter Claassen >> >> Alexandraweg 32 >> D 64287 Darmstadt >> Fon +49-6151-4937961 >> Fax +49-6151-4937969 >> c...@cid.is >> -- The information in this e-mail is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorized. If you are not an intended recipient, you may not print, save or otherwise store the e-mail or any of the contents thereof in electronic or physical form, nor copy, use or disseminate the information contained in the email. If you are not an intended recipient, please notify the sender of this email immediately.
Re: How to access the Solr Admin GUI
Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it can delete all your collections. That UI is designed for “back office” use only. wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On Jan 1, 2019, at 9:43 AM, Gus Heck wrote: > > Why would you want to expose the administration gui on the web? This is a > very hazardous thing to do. Never mind that it normally also runs on 8983 > and all it's functionality relies on the ability to interact with 8983 > hosted api end points. > > What are you actually trying to solve? > > On Dec 31, 2018 6:04 PM, "Jörn Franke" wrote: > > Reverse proxy? > > >> Am 31.12.2018 um 22:48 schrieb s...@cid.is: >> >> Hi all, >> >> is there a way, better a solution, to access the Solr Admin GUI from > outside the server (via public web) while the Solr port 8983 is closed by a > firewall and only available inside the server via localhost? >> >> Thanks in advance >> Walter Claassen >> >> Alexandraweg 32 >> D 64287 Darmstadt >> Fon +49-6151-4937961 >> Fax +49-6151-4937969 >> c...@cid.is >>
Re: How to access the Solr Admin GUI
Why would you want to expose the administration gui on the web? This is a very hazardous thing to do. Never mind that it normally also runs on 8983 and all it's functionality relies on the ability to interact with 8983 hosted api end points. What are you actually trying to solve? On Dec 31, 2018 6:04 PM, "Jörn Franke" wrote: Reverse proxy? > Am 31.12.2018 um 22:48 schrieb s...@cid.is: > > Hi all, > > is there a way, better a solution, to access the Solr Admin GUI from outside the server (via public web) while the Solr port 8983 is closed by a firewall and only available inside the server via localhost? > > Thanks in advance > Walter Claassen > > Alexandraweg 32 > D 64287 Darmstadt > Fon +49-6151-4937961 > Fax +49-6151-4937969 > c...@cid.is >
Re: How to access the Solr Admin GUI
Reverse proxy? > Am 31.12.2018 um 22:48 schrieb s...@cid.is: > > Hi all, > > is there a way, better a solution, to access the Solr Admin GUI from outside > the server (via public web) while the Solr port 8983 is closed by a firewall > and only available inside the server via localhost? > > Thanks in advance > Walter Claassen > > Alexandraweg 32 > D 64287 Darmstadt > Fon +49-6151-4937961 > Fax +49-6151-4937969 > c...@cid.is >
How to access the Solr Admin GUI
Hi all, is there a way, better a solution, to access the Solr Admin GUI from outside the server (via public web) while the Solr port 8983 is closed by a firewall and only available inside the server via localhost? Thanks in advance Walter Claassen Alexandraweg 32 D 64287 Darmstadt Fon +49-6151-4937961 Fax +49-6151-4937969 c...@cid.is
