First I want to thank you for your comments.
Second I'll add some background information.
Here Solr is part of a complex information management project, which I
developed for a customer and which includes different source
databases, containing edited/imported/crawled content.
This project runs on a Debian root server, which is hosted by an ISP
and maintained by the ISP's support team and - a little bit - by me.
This setting was required by my customer.
Solr searches are created and processed on this server from a PHP
MySQL stack, and port 8983 is only available internally.
I agree the opening port 8983 to the public is dangerous, I've
experienced that.
Nevertheless from time to time I need access to the Solr Admin GUI on
that server.
My ISP's support team is not familiar with Solr, but willing to help.
So I'll forward your comments to them and discuss with them.
Thank you again.
Walter
Shawn Heisey <apa...@elyograg.org> schrieb am 01.01.2019 20:00:13:
If you've blocked the Solr port, then you can't access Solr at all,
including the admin UI. The UI is accessed through the same port as
the rest of Solr.
The admin UI is a static set of resources (html, css, javascript,
images, etc) that gets downloaded and runs within the browser,
accessing the same API that anything else would. When you issue a
query with the admin UI, it is your browser that makes the query,
not the server.
If you set up a reverse proxy that blocks URL paths for the API
while allowing URL paths for the admin UI, then the admin UI won't
work -- because everything the admin UI displays or does is
accomplished by your browser making calls to the API.
Thanks,
Shawn
Terry Steichen <te...@net-frame.com> schrieb am 01.01.2019 19:39:04:
I think a better approach to tunneling would be:
ssh -p xxxx -L 8888:localhost:8983 use...@myremoteserver.example.com
This requires you to set up a different port (xxxx) rather than use the
standard 22 port (on your router and on your sshd config). I've been
running something like this for about a year and have rarely if ever had
it attacked. Prior to changing the port (to xxxx), however, I was under
constant hacking attacks - they find port 22 too attractive to ignore.
Also, regarding my use of port 8888: if you have the server running on
several local machines (as I do), the use of the 8888 port may help
prevent confusion (as to whether your browser is accessing a local -
defaulted to 8983 - or a remote solr server).
Note: you might find that the ssh connection will drop out after some
inactivity, and need to be restarted occasionally. Pretty simple to do
- just run the ssh line above again.
Note: I also add authorization controls to the AdminUI (and its functions)
Jörn Franke <jornfra...@gmail.com> schrieb am 01.01.2019 19:11:18:
You could configure a reverse proxy to provide one or more means of
authentication.
However, I agree that the purpose why this is done should be clarified.
Kay Wrobel <kwro...@hawkusa.com> schrieb am 01.01.2019 19:02:10:
You can use ssh to tunnel in.
ssh -L8983:localhost:8983 use...@myremoteserver.example.com
This will only require port 22 to be exposed to the public.
Sent from my iPhone
Walter Underwood <wun...@wunderwood.org> schrieb am 01.01.2019 19:00:31:
Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it
can delete all your collections. That UI is designed for “back
office” use only.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
Gus Heck <gus.h...@gmail.com> schrieb am 01.01.2019 18:43:02:
Why would you want to expose the administration gui on the web? This is a
very hazardous thing to do. Never mind that it normally also runs on 8983
and all it's functionality relies on the ability to interact with 8983
hosted api end points.
What are you actually trying to solve?
Jörn Franke <jornfra...@gmail.com> schrieb am 31.12.2018 23:07:49:
Reverse proxy?
"aleksander_goncha...@yahoo.de" <aleksander_goncha...@yahoo.de>
schrieb am 31.12.2018 23:22:59:
Hi Walter,
hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix
dazwischen geschaltet.
Viele Grüße
Alexander
s...@cid.is schrieb am 31.12.2018 22:48:55:
Hi all,
is there a way, better a solution, to access the Solr Admin GUI from
outside the server (via public web) while the Solr port 8983 is
closed by a firewall and only available inside the server via
localhost?
Thanks in advance
Walter Claassen
Alexandraweg 32
D 64287 Darmstadt
Fon +49-6151-4937961
Fax +49-6151-4937969
c...@cid.is
