You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by sh...@apache.org on 2015/04/26 14:44:21 UTC
svn commit: r1676102 - in /lucene/dev/trunk/solr: bin/solr bin/solr.cmd
bin/solr.in.cmd bin/solr.in.sh server/etc/jetty-ssl.xml
Author: shalin
Date: Sun Apr 26 12:44:20 2015
New Revision: 1676102
URL: http://svn.apache.org/r1676102
Log:
SOLR-4839: Separate jetty and client specific SSL properties
Modified:
lucene/dev/trunk/solr/bin/solr
lucene/dev/trunk/solr/bin/solr.cmd
lucene/dev/trunk/solr/bin/solr.in.cmd
lucene/dev/trunk/solr/bin/solr.in.sh
lucene/dev/trunk/solr/server/etc/jetty-ssl.xml
Modified: lucene/dev/trunk/solr/bin/solr
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr (original)
+++ lucene/dev/trunk/solr/bin/solr Sun Apr 26 12:44:20 2015
@@ -136,16 +136,30 @@ fi
exit 1
}
-# URL scheme for contacting Solr
+# Select HTTP OR HTTPS related configurations
SOLR_URL_SCHEME=http
-if [ -n "$SOLR_SSL_OPTS" ]; then
- SOLR_URL_SCHEME=https
-fi
-
-# Which Jetty module to use - either HTTPS or HTTP
SOLR_JETTY_CONFIG=()
-if [ -n "$SOLR_SSL_OPTS" ]; then
+SOLR_SSL_OPTS=""
+if [ -n "$SOLR_SSL_KEY_STORE" ]; then
SOLR_JETTY_CONFIG+=("--module=https")
+ SOLR_URL_SCHEME=https
+ SOLR_SSL_OPTS=" -Dsolr.jetty.keystore=$SOLR_SSL_KEY_STORE \
+ -Dsolr.jetty.keystore.password=$SOLR_SSL_KEY_STORE_PASSWORD \
+ -Dsolr.jetty.truststore=$SOLR_SSL_TRUST_STORE \
+ -Dsolr.jetty.truststore.password=$SOLR_SSL_TRUST_STORE_PASSWORD \
+ -Dsolr.jetty.ssl.needClientAuth=$SOLR_SSL_NEED_CLIENT_AUTH \
+ -Dsolr.jetty.ssl.wantClientAuth=$SOLR_SSL_WANT_CLIENT_AUTH"
+ if [ -n "$SOLR_SSL_CLIENT_KEY_STORE" ]; then
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_CLIENT_KEY_STORE \
+ -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD \
+ -Djavax.net.ssl.trustStore=$SOLR_SSL_CLIENT_TRUST_STORE \
+ -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD"
+ else
+ SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_KEY_STORE \
+ -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_KEY_STORE_PASSWORD \
+ -Djavax.net.ssl.trustStore=$SOLR_SSL_TRUST_STORE \
+ -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_TRUST_STORE_PASSWORD"
+ fi
else
SOLR_JETTY_CONFIG+=("--module=http")
fi
Modified: lucene/dev/trunk/solr/bin/solr.cmd
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr.cmd?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr.cmd (original)
+++ lucene/dev/trunk/solr/bin/solr.cmd Sun Apr 26 12:44:20 2015
@@ -36,14 +36,23 @@ REM command line args
IF "%SOLR_INCLUDE%"=="" set "SOLR_INCLUDE=%SOLR_TIP%\bin\solr.in.cmd"
IF EXIST "%SOLR_INCLUDE%" CALL "%SOLR_INCLUDE%"
-REM URL scheme for contacting Solr
+REM Select HTTP OR HTTPS related configurations
set SOLR_URL_SCHEME=http
-IF DEFINED SOLR_SSL_OPTS set SOLR_URL_SCHEME=https
-IF NOT DEFINED SOLR_SSL_OPTS set SOLR_SSL_OPTS=
-
-REM Which Jetty module to use - either HTTPS or HTTP
set "SOLR_JETTY_CONFIG=--module=http"
-IF NOT "%SOLR_SSL_OPTS%"=="" set "SOLR_JETTY_CONFIG=--module=http"
+set "SOLR_SSL_OPTS= "
+IF DEFINED SOLR_SSL_KEY_STORE (
+ set "SOLR_JETTY_CONFIG=--module=https"
+ set SOLR_URL_SCHEME=https
+ set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
+ set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
+ IF DEFINED SOLR_SSL_CLIENT_KEY_STORE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
+ ) ELSE (
+ set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
+ )
+) ELSE (
+ set SOLR_SSL_OPTS=
+)
REM Verify Java is available
IF DEFINED SOLR_JAVA_HOME set "JAVA_HOME=%SOLR_JAVA_HOME%"
Modified: lucene/dev/trunk/solr/bin/solr.in.cmd
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr.in.cmd?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr.in.cmd (original)
+++ lucene/dev/trunk/solr/bin/solr.in.cmd Sun Apr 26 12:44:20 2015
@@ -82,4 +82,16 @@ REM set SOLR_PORT=8983
REM Uncomment to set SSL-related system properties
REM Be sure to update the paths to the correct keystore for your environment
-REM set SOLR_SSL_OPTS=-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.trustStorePassword=secret
\ No newline at end of file
+REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
+REM set SOLR_SSL_KEY_STORE_PASSWORD=secret
+REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
+REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret
+REM set SOLR_SSL_NEED_CLIENT_AUTH=false
+REM set SOLR_SSL_WANT_CLIENT_AUTH=false
+
+REM Uncomment if you want to override previously defined SSL values for HTTP client
+REM otherwise keep them commented and the above values will automatically be set for HTTP clients
+REM set SOLR_SSL_CLIENT_KEY_STORE=
+REM set SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+REM setSOLR_SSL_CLIENT_TRUST_STORE=
+REM setSOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
\ No newline at end of file
Modified: lucene/dev/trunk/solr/bin/solr.in.sh
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr.in.sh?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr.in.sh (original)
+++ lucene/dev/trunk/solr/bin/solr.in.sh Sun Apr 26 12:44:20 2015
@@ -97,7 +97,16 @@ ENABLE_REMOTE_JMX_OPTS="false"
# Uncomment to set SSL-related system properties
# Be sure to update the paths to the correct keystore for your environment
-#SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \
-#-Djavax.net.ssl.keyStorePassword=secret \
-#-Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \
-#-Djavax.net.ssl.trustStorePassword=secret"
\ No newline at end of file
+#SOLR_SSL_KEY_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
+#SOLR_SSL_KEY_STORE_PASSWORD=secret
+#SOLR_SSL_TRUST_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
+#SOLR_SSL_TRUST_STORE_PASSWORD=secret
+#SOLR_SSL_NEED_CLIENT_AUTH=false
+#SOLR_SSL_WANT_CLIENT_AUTH=false
+
+# Uncomment if you want to override previously defined SSL values for HTTP client
+# otherwise keep them commented and the above values will automatically be set for HTTP clients
+#SOLR_SSL_CLIENT_KEY_STORE=
+#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+#SOLR_SSL_CLIENT_TRUST_STORE=
+#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
\ No newline at end of file
Modified: lucene/dev/trunk/solr/server/etc/jetty-ssl.xml
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/server/etc/jetty-ssl.xml?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/server/etc/jetty-ssl.xml (original)
+++ lucene/dev/trunk/solr/server/etc/jetty-ssl.xml Sun Apr 26 12:44:20 2015
@@ -7,12 +7,12 @@
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
<!-- ============================================================= -->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
- <Set name="KeyStorePath"><Property name="javax.net.ssl.keyStore" default="./etc/solr-ssl.keystore.jks"/></Set>
- <Set name="KeyStorePassword"><Property name="javax.net.ssl.keyStorePassword" default="secret"/></Set>
- <Set name="TrustStorePath"><Property name="javax.net.ssl.trustStore" default="./etc/solr-ssl.keystore.jks"/></Set>
- <Set name="TrustStorePassword"><Property name="javax.net.ssl.trustStorePassword" default="secret"/></Set>
- <Set name="NeedClientAuth"><Property name="jetty.ssl.clientAuth" default="false"/></Set>
- <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
+ <Set name="KeyStorePath"><Property name="solr.jetty.keystore" default="./etc/solr-ssl.keystore.jks"/></Set>
+ <Set name="KeyStorePassword"><Property name="solr.jetty.keystore.password" default="secret"/></Set>
+ <Set name="TrustStorePath"><Property name="solr.jetty.truststore" default="./etc/solr-ssl.keystore.jks"/></Set>
+ <Set name="TrustStorePassword"><Property name="solr.jetty.truststore.password" default="secret"/></Set>
+ <Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
+ <Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>