You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Gus Heck <gu...@gmail.com> on 2019/01/01 17:43:02 UTC
Re: How to access the Solr Admin GUI
Why would you want to expose the administration gui on the web? This is a
very hazardous thing to do. Never mind that it normally also runs on 8983
and all it's functionality relies on the ability to interact with 8983
hosted api end points.
What are you actually trying to solve?
On Dec 31, 2018 6:04 PM, "Jörn Franke" <jo...@gmail.com> wrote:
Reverse proxy?
> Am 31.12.2018 um 22:48 schrieb solr@cid.is:
>
> Hi all,
>
> is there a way, better a solution, to access the Solr Admin GUI from
outside the server (via public web) while the Solr port 8983 is closed by a
firewall and only available inside the server via localhost?
>
> Thanks in advance
> Walter Claassen
>
> Alexandraweg 32
> D 64287 Darmstadt
> Fon +49-6151-4937961
> Fax +49-6151-4937969
> cla@cid.is
>
Re: How to access the Solr Admin GUI
Posted by Jörn Franke <jo...@gmail.com>.
You could configure a reverse proxy to provide one or more means of authentication.
However, I agree that the purpose why this is done should be clarified.
> Am 01.01.2019 um 19:02 schrieb Kay Wrobel <kw...@hawkusa.com>:
>
> You can use ssh to tunnel in.
>
> ssh -L8983:localhost:8983 userid@myremoteserver.example.com
>
> This will only require port 22 to be exposed to the public.
>
>
> Sent from my iPhone
>
>> On Jan 1, 2019, at 11:43 AM, Gus Heck <gu...@gmail.com> wrote:
>>
>> Why would you want to expose the administration gui on the web? This is a
>> very hazardous thing to do. Never mind that it normally also runs on 8983
>> and all it's functionality relies on the ability to interact with 8983
>> hosted api end points.
>>
>> What are you actually trying to solve?
>>
>> On Dec 31, 2018 6:04 PM, "Jörn Franke" <jo...@gmail.com> wrote:
>>
>> Reverse proxy?
>>
>>
>>> Am 31.12.2018 um 22:48 schrieb solr@cid.is:
>>>
>>> Hi all,
>>>
>>> is there a way, better a solution, to access the Solr Admin GUI from
>> outside the server (via public web) while the Solr port 8983 is closed by a
>> firewall and only available inside the server via localhost?
>>>
>>> Thanks in advance
>>> Walter Claassen
>>>
>>> Alexandraweg 32
>>> D 64287 Darmstadt
>>> Fon +49-6151-4937961
>>> Fax +49-6151-4937969
>>> cla@cid.is
>>>
>
> --
>
> The information in this e-mail is confidential and is intended solely for
> the addressee(s). Access to this email by anyone else is unauthorized. If
> you are not an intended recipient, you may not print, save or otherwise
> store the e-mail or any of the contents thereof in electronic or physical
> form, nor copy, use or disseminate the information contained in the email.
> If you are not an intended recipient, please notify the sender of this
> email immediately.
Re: How to access the Solr Admin GUI
Posted by Terry Steichen <te...@net-frame.com>.
I think a better approach to tunneling would be:
ssh -p xxxx -L 8888:localhost:8983 userid@myremoteserver.example.com
This requires you to set up a different port (xxxx) rather than use the
standard 22 port (on your router and on your sshd config). I've been
running something like this for about a year and have rarely if ever had
it attacked. Prior to changing the port (to xxxx), however, I was under
constant hacking attacks - they find port 22 too attractive to ignore.
Also, regarding my use of port 8888: if you have the server running on
several local machines (as I do), the use of the 8888 port may help
prevent confusion (as to whether your browser is accessing a local -
defaulted to 8983 - or a remote solr server).
Note: you might find that the ssh connection will drop out after some
inactivity, and need to be restarted occasionally. Pretty simple to do
- just run the ssh line above again.
Note: I also add authorization controls to the AdminUI (and its functions)
On 1/1/19 1:02 PM, Kay Wrobel wrote:
> You can use ssh to tunnel in.
>
> ssh -L8983:localhost:8983 userid@myremoteserver.example.com
>
> This will only require port 22 to be exposed to the public.
>
>
> Sent from my iPhone
>
>> On Jan 1, 2019, at 11:43 AM, Gus Heck <gu...@gmail.com> wrote:
>>
>> Why would you want to expose the administration gui on the web? This is a
>> very hazardous thing to do. Never mind that it normally also runs on 8983
>> and all it's functionality relies on the ability to interact with 8983
>> hosted api end points.
>>
>> What are you actually trying to solve?
>>
>> On Dec 31, 2018 6:04 PM, "Jörn Franke" <jo...@gmail.com> wrote:
>>
>> Reverse proxy?
>>
>>
>>> Am 31.12.2018 um 22:48 schrieb solr@cid.is:
>>>
>>> Hi all,
>>>
>>> is there a way, better a solution, to access the Solr Admin GUI from
>> outside the server (via public web) while the Solr port 8983 is closed by a
>> firewall and only available inside the server via localhost?
>>> Thanks in advance
>>> Walter Claassen
>>>
>>> Alexandraweg 32
>>> D 64287 Darmstadt
>>> Fon +49-6151-4937961
>>> Fax +49-6151-4937969
>>> cla@cid.is
>>>
Re: How to access the Solr Admin GUI
Posted by Kay Wrobel <kw...@hawkusa.com>.
You can use ssh to tunnel in.
ssh -L8983:localhost:8983 userid@myremoteserver.example.com
This will only require port 22 to be exposed to the public.
Sent from my iPhone
> On Jan 1, 2019, at 11:43 AM, Gus Heck <gu...@gmail.com> wrote:
>
> Why would you want to expose the administration gui on the web? This is a
> very hazardous thing to do. Never mind that it normally also runs on 8983
> and all it's functionality relies on the ability to interact with 8983
> hosted api end points.
>
> What are you actually trying to solve?
>
> On Dec 31, 2018 6:04 PM, "Jörn Franke" <jo...@gmail.com> wrote:
>
> Reverse proxy?
>
>
>> Am 31.12.2018 um 22:48 schrieb solr@cid.is:
>>
>> Hi all,
>>
>> is there a way, better a solution, to access the Solr Admin GUI from
> outside the server (via public web) while the Solr port 8983 is closed by a
> firewall and only available inside the server via localhost?
>>
>> Thanks in advance
>> Walter Claassen
>>
>> Alexandraweg 32
>> D 64287 Darmstadt
>> Fon +49-6151-4937961
>> Fax +49-6151-4937969
>> cla@cid.is
>>
--
The information in this e-mail is confidential and is intended solely for
the addressee(s). Access to this email by anyone else is unauthorized. If
you are not an intended recipient, you may not print, save or otherwise
store the e-mail or any of the contents thereof in electronic or physical
form, nor copy, use or disseminate the information contained in the email.
If you are not an intended recipient, please notify the sender of this
email immediately.
Re: How to access the Solr Admin GUI
Posted by Walter Underwood <wu...@wunderwood.org>.
Yes, exposing the admin UI on the web is very dangerous. Anyone who finds it
can delete all your collections. That UI is designed for “back office” use only.
wunder
Walter Underwood
wunder@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Jan 1, 2019, at 9:43 AM, Gus Heck <gu...@gmail.com> wrote:
>
> Why would you want to expose the administration gui on the web? This is a
> very hazardous thing to do. Never mind that it normally also runs on 8983
> and all it's functionality relies on the ability to interact with 8983
> hosted api end points.
>
> What are you actually trying to solve?
>
> On Dec 31, 2018 6:04 PM, "Jörn Franke" <jo...@gmail.com> wrote:
>
> Reverse proxy?
>
>
>> Am 31.12.2018 um 22:48 schrieb solr@cid.is:
>>
>> Hi all,
>>
>> is there a way, better a solution, to access the Solr Admin GUI from
> outside the server (via public web) while the Solr port 8983 is closed by a
> firewall and only available inside the server via localhost?
>>
>> Thanks in advance
>> Walter Claassen
>>
>> Alexandraweg 32
>> D 64287 Darmstadt
>> Fon +49-6151-4937961
>> Fax +49-6151-4937969
>> cla@cid.is
>>