In this case create a VPN and then access it.
> Am 02.01.2019 um 11:03 schrieb s...@cid.is: > > First I want to thank you for your comments. > Second I'll add some background information. > > Here Solr is part of a complex information management project, which I > developed for a customer and which includes different source databases, > containing edited/imported/crawled content. > This project runs on a Debian root server, which is hosted by an ISP and > maintained by the ISP's support team and - a little bit - by me. > This setting was required by my customer. > > Solr searches are created and processed on this server from a PHP MySQL > stack, and port 8983 is only available internally. > I agree the opening port 8983 to the public is dangerous, I've experienced > that. > Nevertheless from time to time I need access to the Solr Admin GUI on that > server. > > My ISP's support team is not familiar with Solr, but willing to help. > So I'll forward your comments to them and discuss with them. > > Thank you again. > Walter > > > Shawn Heisey <apa...@elyograg.org> schrieb am 01.01.2019 20:00:13: > >> If you've blocked the Solr port, then you can't access Solr at all, >> including the admin UI. The UI is accessed through the same port as the >> rest of Solr. >> >> The admin UI is a static set of resources (html, css, javascript, images, >> etc) that gets downloaded and runs within the browser, accessing the same >> API that anything else would. When you issue a query with the admin UI, it >> is your browser that makes the query, not the server. >> >> If you set up a reverse proxy that blocks URL paths for the API while >> allowing URL paths for the admin UI, then the admin UI won't work -- because >> everything the admin UI displays or does is accomplished by your browser >> making calls to the API. >> >> Thanks, >> Shawn > > > Terry Steichen <te...@net-frame.com> schrieb am 01.01.2019 19:39:04: > >> I think a better approach to tunneling would be: >> >> ssh -p xxxx -L 8888:localhost:8983 use...@myremoteserver.example.com >> >> This requires you to set up a different port (xxxx) rather than use the >> standard 22 port (on your router and on your sshd config). I've been >> running something like this for about a year and have rarely if ever had >> it attacked. Prior to changing the port (to xxxx), however, I was under >> constant hacking attacks - they find port 22 too attractive to ignore. >> >> Also, regarding my use of port 8888: if you have the server running on >> several local machines (as I do), the use of the 8888 port may help >> prevent confusion (as to whether your browser is accessing a local - >> defaulted to 8983 - or a remote solr server). >> >> Note: you might find that the ssh connection will drop out after some >> inactivity, and need to be restarted occasionally. Pretty simple to do >> - just run the ssh line above again. >> >> Note: I also add authorization controls to the AdminUI (and its functions) > > > Jörn Franke <jornfra...@gmail.com> schrieb am 01.01.2019 19:11:18: > >> You could configure a reverse proxy to provide one or more means of >> authentication. >> >> However, I agree that the purpose why this is done should be clarified. > > > Kay Wrobel <kwro...@hawkusa.com> schrieb am 01.01.2019 19:02:10: > >> You can use ssh to tunnel in. >> >> ssh -L8983:localhost:8983 use...@myremoteserver.example.com >> >> This will only require port 22 to be exposed to the public. >> >> >> Sent from my iPhone > > > Walter Underwood <wun...@wunderwood.org> schrieb am 01.01.2019 19:00:31: > >> Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it >> can delete all your collections. That UI is designed for “back office” use >> only. >> >> wunder >> Walter Underwood >> wun...@wunderwood.org >> http://observer.wunderwood.org/ (my blog) > > > Gus Heck <gus.h...@gmail.com> schrieb am 01.01.2019 18:43:02: > >> Why would you want to expose the administration gui on the web? This is a >> very hazardous thing to do. Never mind that it normally also runs on 8983 >> and all it's functionality relies on the ability to interact with 8983 >> hosted api end points. >> >> What are you actually trying to solve? > > > Jörn Franke <jornfra...@gmail.com> schrieb am 31.12.2018 23:07:49: > >> Reverse proxy? > > > "aleksander_goncha...@yahoo.de" <aleksander_goncha...@yahoo.de> schrieb am > 31.12.2018 23:22:59: > >> Hi Walter, >> >> hatte ähnlichen Fall. Der wurde mit Proxy gelöst. "Einfach" Ngnix dazwischen >> geschaltet. >> >> Viele Grüße >> Alexander > > s...@cid.is schrieb am 31.12.2018 22:48:55: > >> Hi all, >> >> is there a way, better a solution, to access the Solr Admin GUI from >> outside the server (via public web) while the Solr port 8983 is closed by a >> firewall and only available inside the server via localhost? >> >> Thanks in advance >> Walter Claassen >> >> Alexandraweg 32 >> D 64287 Darmstadt >> Fon +49-6151-4937961 >> Fax +49-6151-4937969 >> c...@cid.is >
