On 7/12/2017 7:20 AM, Nawab Zada Asad Iqbal wrote: > I am wondering what is wrong if I pass both http and https port to > underlying jetty sever , won't that be enough to have both http and https > access to solr ?
Jetty should be capable of doing both HTTP and HTTPS (on different ports), but the instructions that the Solr project provides for SSL do not set things up that way. If you know how to configure Jetty, then you can do anything you want, but the only way of doing SSL that is supported by the Solr project is the method that disables HTTP. The reason that we don't support both at the same time is that the entire reason for enabling SSL is for security purposes. Leaving HTTP open defeats that goal. In my opinion, the best way to secure Solr is to make sure it cannot be reached from unauthorized locations. In particular, having Solr accessible from the open Internet is dangerous. If Solr is only reachable from specific authorized network addresses, then you do not need encryption or authentication. Thanks, Shawn