Web Software Architecture and Engineering – Life on the Bleeding Edge

I’ve been working with Solr a lot more lately. Its worked fine locally. I decided to try a standalone installation on our dev server so that all developers can access the same collection. However it seems the Solr installer isn’t as robust as Verity’s.
One issue is that in CFAdmin, Data & Services > Solr Server, you can type in any text or IP, and there is no indication as to whether CF was able to connect at all. It always returns a positive message: “Solr Server Configuration information updated.”. Either way, I typed the FQDN of the dev server.
I then went to the Data & Services > ColdFusion Collections page, and it cleared out my old Solr collections, but there was also no error here – it would be nice to know if it wasn’t able to connect!
So I tried the URL, http://<FQDN&gt;:8983/solr/, and it didn’t connect, so I supposed it was a firewall issue. So I hopped on the dev server, which is a Windows 2008 R2 OS, and went to the firewall area. No entry for Solr!
I suppose that since Verity uses specific ports like 9953, and that its not a web server returning data, its not as big a security risk. You’d have to know the specifics on the proprietary protocol. But, since Jetty is returning data on port 8983, and its a web server, this is where you need some security. It would have been nice though to see CF Solr as an entry in the firewall unchecked, and all you had to do was enable access to your subnet (domain) for the standalone to be complete.
To me, the standalone installer is locked into the server, unless you open it up. And the installer doesn’t do any of the work for you, nor does it notify you that you may need to make the following changes for standalone to work properly. Sigh.
Anyways, so I added inbound and outbound entries for the firewall and I am still unable to connect. Does anyone have any clues on any additional setup that is needed for a standalone Solr to accept remote connections? I am able to run the Solr web interface locally on the dev server just fine, just not from my workstation, and the firewall isn’t the issue, because I tried turning the firewall off completely and still no-go.
UPDATE: Looks like Jetty is set to block all NON-LOCAL connections. This makes the standalone installer pretty useless. We went to coldfusionsolretcjetty.xml, and changed -Set name=”Host”-127.0.0.1-/Set- to -Set name=”Host”-0.0.0.0-/Set- (substitute dashes with <>). But now its open to everyone, and ideally you’d like to enter just your subnet or set of IPs. Looks like I have to drive into Jetty now!

Advertisements

Comments on: "Standalone Solr 9.0.1 Woes" (3)

  1. While you can control access via Jetty, I find that it’s better to set everything open, and then lock things down with a dedicated firewall tool on the server. Otherwise you start getting into the internals of Jetty (which I am sure you are in now!) and Jetty is meant to serve up Java Web Apps, not be a security wrapper/proxy etc…

    Good luck!

  2. I changed it from 0.0.0.0 to , which seems to work well as well. I think I’ll have to end up keeping it open and restrict on the firewall.

    I think standalone installer needs to change this entry upon install, and not be locked down like a non-standalone install would be. Then they should also either alert the user, or create a fw entry allowing domain only – or its equivalent in *nix, which I suppose would meet the standard use case.

  3. I am not familiar with the installer tat CFSolr users, but yeah, installers can sometimes make things easier, but also make decisions for you that make things harder!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: