Re: How to access the Solr Admin GUI (2)

2019-01-02 Thread Gus Heck 
If the keys line up nicely across jumps...

On Wed, Jan 2, 2019, 10:49 AM Kay Wrobel  In case of multiple "jumps", might I suggest the -J switch which allows
> you to specify a jump host.
>
> Kay
>
> > On Jan 2, 2019, at 9:37 AM, Gus Heck  wrote:
> >
> > I typically resolve this sort of situation with a ssh proxy such as
> >
> > ssh -f  user@123.456.789.012 -L :127.0.0.1:8983 -N
> >
> > Then I can access the solr GUI from localhost: on my machine, and all
> > the traffic is secured by SSH. Pick your local port ( here) as
> desired
> > of course. Sometimes I have to do two layers of this if there is only a
> > single machine accepting SSH for the remote network. Of course this
> > requires that the client be able to give you SSH shell access.
>
>
> --
>
> The information in this e-mail is confidential and is intended solely for
> the addressee(s). Access to this email by anyone else is unauthorized. If
> you are not an intended recipient, you may not print, save or otherwise
> store the e-mail or any of the contents thereof in electronic or physical
> form, nor copy, use or disseminate the information contained in the email.
>
> If you are not an intended recipient,  please notify the sender of this
> email immediately.
>

Re: How to access the Solr Admin GUI (2)

2019-01-02 Thread Kay Wrobel 
In case of multiple "jumps", might I suggest the -J switch which allows you to 
specify a jump host.

Kay

> On Jan 2, 2019, at 9:37 AM, Gus Heck  wrote:
> 
> I typically resolve this sort of situation with a ssh proxy such as
> 
> ssh -f  user@123.456.789.012 -L :127.0.0.1:8983 -N
> 
> Then I can access the solr GUI from localhost: on my machine, and all
> the traffic is secured by SSH. Pick your local port ( here) as desired
> of course. Sometimes I have to do two layers of this if there is only a
> single machine accepting SSH for the remote network. Of course this
> requires that the client be able to give you SSH shell access.


-- 

The information in this e-mail is confidential and is intended solely for 
the addressee(s). Access to this email by anyone else is unauthorized. If 
you are not an intended recipient, you may not print, save or otherwise 
store the e-mail or any of the contents thereof in electronic or physical 
form, nor copy, use or disseminate the information contained in the email.  
If you are not an intended recipient,  please notify the sender of this 
email immediately.

Re: How to access the Solr Admin GUI (2)

2019-01-02 Thread Gus Heck 
I typically resolve this sort of situation with a ssh proxy such as

ssh -f  user@123.456.789.012 -L :127.0.0.1:8983 -N

Then I can access the solr GUI from localhost: on my machine, and all
the traffic is secured by SSH. Pick your local port ( here) as desired
of course. Sometimes I have to do two layers of this if there is only a
single machine accepting SSH for the remote network. Of course this
requires that the client be able to give you SSH shell access.

Re: How to access the Solr Admin GUI (2)

2019-01-02 Thread Jörn Franke 
In this case create a VPN and then access it.

> Am 02.01.2019 um 11:03 schrieb s...@cid.is:
> 
> First I want to thank you for your comments.
> Second I'll add some background information.
> 
> Here Solr is part of a complex information management project, which I 
> developed for a customer and which includes different source databases, 
> containing edited/imported/crawled content.
> This project runs on a Debian root server, which is hosted by an ISP and 
> maintained by the ISP's support team and - a little bit - by me.
> This setting was required by my customer.
> 
> Solr searches are created and processed on this server from a PHP MySQL 
> stack, and port 8983 is only available internally.
> I agree the opening port 8983 to the public is dangerous, I've experienced 
> that.
> Nevertheless from time to time I need access to the Solr Admin GUI on that 
> server.
> 
> My ISP's support team is not familiar with Solr, but willing to help.
> So I'll forward your comments to them and discuss with them.
> 
> Thank you again.
> Walter
> 
> 
> Shawn Heisey  schrieb am 01.01.2019 20:00:13:
> 
>> If you've blocked the Solr port, then you can't access Solr at all, 
>> including the admin UI.  The UI is accessed through the same port as the 
>> rest of Solr.
>> 
>> The admin UI is a static set of resources (html, css, javascript, images, 
>> etc) that gets downloaded and runs within the browser, accessing the same 
>> API that anything else would.  When you issue a query with the admin UI, it 
>> is your browser that makes the query, not the server.
>> 
>> If you set up a reverse proxy that blocks URL paths for the API while 
>> allowing URL paths for the admin UI, then the admin UI won't work -- because 
>> everything the admin UI displays or does is accomplished by your browser 
>> making calls to the API.
>> 
>> Thanks,
>> Shawn
> 
> 
> Terry Steichen  schrieb am 01.01.2019 19:39:04:
> 
>> I think a better approach to tunneling would be:
>> 
>> ssh -p  -L :localhost:8983 use...@myremoteserver.example.com
>> 
>> This requires you to set up a different port () rather than use the
>> standard 22 port (on your router and on your sshd config).  I've been
>> running something like this for about a year and have rarely if ever had
>> it attacked.  Prior to changing the port (to ), however, I was under
>> constant hacking attacks - they find port 22 too attractive to ignore.
>> 
>> Also, regarding my use of port : if you have the server running on
>> several local machines (as I do), the use of the  port may help
>> prevent confusion (as to whether your browser is accessing a local -
>> defaulted to 8983 - or a remote solr server).
>> 
>> Note: you might find that the ssh connection will drop out after some
>> inactivity, and need to be restarted occasionally.  Pretty simple to do
>> - just run the ssh line above again.
>> 
>> Note: I also add authorization controls to the AdminUI (and its functions)
> 
> 
> Jörn Franke  schrieb am 01.01.2019 19:11:18:
> 
>> You could configure a reverse proxy to provide one or more means of 
>> authentication.
>> 
>> However, I agree that the purpose why this is done should be clarified.
> 
> 
> Kay Wrobel  schrieb am 01.01.2019 19:02:10:
> 
>> You can use ssh to tunnel in.
>> 
>> ssh -L8983:localhost:8983 use...@myremoteserver.example.com
>> 
>> This will only require port 22 to be exposed to the public.
>> 
>> 
>> Sent from my iPhone
> 
> 
> Walter Underwood  schrieb am 01.01.2019 19:00:31:
> 
>> Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it
>> can delete all your collections. That UI is designed for “back office” use 
>> only.
>> 
>> wunder
>> Walter Underwood
>> wun...@wunderwood.org
>> http://observer.wunderwood.org/  (my blog)
> 
> 
> Gus Heck  schrieb am 01.01.2019 18:43:02:
> 
>> Why would you want to expose the administration gui on the web? This is a
>> very hazardous thing to do. Never mind that it normally also runs on 8983
>> and all it's functionality relies on the ability to interact with 8983
>> hosted api end points.
>> 
>> What are you actually trying to solve?
> 
> 
> Jörn Franke  schrieb am 31.12.2018 23:07:49:
> 
>> Reverse proxy?
> 
> 
> "aleksander_goncha...@yahoo.de"  schrieb am 
> 31.12.2018 23:22:59:
> 
>> Hi Walter,
>> 
>> hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix dazwischen 
>> geschaltet.
>> 
>> Viele Grüße
>> Alexander
> 
> s...@cid.is schrieb am 31.12.2018 22:48:55:
> 
>> Hi all,
>> 
>> is there a way, better a solution, to access the Solr Admin GUI from  
>> outside the server (via public web) while the Solr port 8983 is closed  by a 
>> firewall and only available inside the server via localhost?
>> 
>> Thanks in advance
>> Walter Claassen
>> 
>> Alexandraweg 32
>> D 64287 Darmstadt
>> Fon +49-6151-4937961
>> Fax +49-6151-4937969
>> c...@cid.is
>