You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by sh...@apache.org on 2015/04/26 14:44:21 UTC

svn commit: r1676102 - in /lucene/dev/trunk/solr: bin/solr bin/solr.cmd bin/solr.in.cmd bin/solr.in.sh server/etc/jetty-ssl.xml

Author: shalin
Date: Sun Apr 26 12:44:20 2015
New Revision: 1676102

URL: http://svn.apache.org/r1676102
Log:
SOLR-4839: Separate jetty and client specific SSL properties

Modified:
    lucene/dev/trunk/solr/bin/solr
    lucene/dev/trunk/solr/bin/solr.cmd
    lucene/dev/trunk/solr/bin/solr.in.cmd
    lucene/dev/trunk/solr/bin/solr.in.sh
    lucene/dev/trunk/solr/server/etc/jetty-ssl.xml

Modified: lucene/dev/trunk/solr/bin/solr
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr (original)
+++ lucene/dev/trunk/solr/bin/solr Sun Apr 26 12:44:20 2015
@@ -136,16 +136,30 @@ fi
   exit 1
 }
 
-# URL scheme for contacting Solr
+# Select HTTP OR HTTPS related configurations
 SOLR_URL_SCHEME=http
-if [ -n "$SOLR_SSL_OPTS" ]; then
-  SOLR_URL_SCHEME=https
-fi
-
-# Which Jetty module to use - either HTTPS or HTTP
 SOLR_JETTY_CONFIG=()
-if [ -n "$SOLR_SSL_OPTS" ]; then
+SOLR_SSL_OPTS=""
+if [ -n "$SOLR_SSL_KEY_STORE" ]; then
   SOLR_JETTY_CONFIG+=("--module=https")
+  SOLR_URL_SCHEME=https
+  SOLR_SSL_OPTS=" -Dsolr.jetty.keystore=$SOLR_SSL_KEY_STORE \
+    -Dsolr.jetty.keystore.password=$SOLR_SSL_KEY_STORE_PASSWORD \
+    -Dsolr.jetty.truststore=$SOLR_SSL_TRUST_STORE \
+    -Dsolr.jetty.truststore.password=$SOLR_SSL_TRUST_STORE_PASSWORD \
+    -Dsolr.jetty.ssl.needClientAuth=$SOLR_SSL_NEED_CLIENT_AUTH \
+    -Dsolr.jetty.ssl.wantClientAuth=$SOLR_SSL_WANT_CLIENT_AUTH"
+  if [ -n "$SOLR_SSL_CLIENT_KEY_STORE" ]; then
+    SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_CLIENT_KEY_STORE \
+      -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_CLIENT_KEY_STORE_PASSWORD \
+      -Djavax.net.ssl.trustStore=$SOLR_SSL_CLIENT_TRUST_STORE \
+      -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD"
+  else
+    SOLR_SSL_OPTS+=" -Djavax.net.ssl.keyStore=$SOLR_SSL_KEY_STORE \
+      -Djavax.net.ssl.keyStorePassword=$SOLR_SSL_KEY_STORE_PASSWORD \
+      -Djavax.net.ssl.trustStore=$SOLR_SSL_TRUST_STORE \
+      -Djavax.net.ssl.trustStorePassword=$SOLR_SSL_TRUST_STORE_PASSWORD"
+  fi
 else
   SOLR_JETTY_CONFIG+=("--module=http")
 fi

Modified: lucene/dev/trunk/solr/bin/solr.cmd
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr.cmd?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr.cmd (original)
+++ lucene/dev/trunk/solr/bin/solr.cmd Sun Apr 26 12:44:20 2015
@@ -36,14 +36,23 @@ REM command line args
 IF "%SOLR_INCLUDE%"=="" set "SOLR_INCLUDE=%SOLR_TIP%\bin\solr.in.cmd"
 IF EXIST "%SOLR_INCLUDE%" CALL "%SOLR_INCLUDE%"
 
-REM URL scheme for contacting Solr
+REM Select HTTP OR HTTPS related configurations
 set SOLR_URL_SCHEME=http
-IF DEFINED SOLR_SSL_OPTS set SOLR_URL_SCHEME=https
-IF NOT DEFINED SOLR_SSL_OPTS set SOLR_SSL_OPTS=
-
-REM Which Jetty module to use - either HTTPS or HTTP
 set "SOLR_JETTY_CONFIG=--module=http"
-IF NOT "%SOLR_SSL_OPTS%"=="" set "SOLR_JETTY_CONFIG=--module=http"
+set "SOLR_SSL_OPTS= "
+IF DEFINED SOLR_SSL_KEY_STORE (
+  set "SOLR_JETTY_CONFIG=--module=https"
+  set SOLR_URL_SCHEME=https
+  set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
+  set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%"
+  IF DEFINED SOLR_SSL_CLIENT_KEY_STORE  (
+    set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%"
+  ) ELSE (
+    set "SOLR_SSL_OPTS=%SOLR_SSL_OPTS% -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%"
+  )
+) ELSE (
+  set SOLR_SSL_OPTS=
+)
 
 REM Verify Java is available
 IF DEFINED SOLR_JAVA_HOME set "JAVA_HOME=%SOLR_JAVA_HOME%"

Modified: lucene/dev/trunk/solr/bin/solr.in.cmd
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr.in.cmd?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr.in.cmd (original)
+++ lucene/dev/trunk/solr/bin/solr.in.cmd Sun Apr 26 12:44:20 2015
@@ -82,4 +82,16 @@ REM set SOLR_PORT=8983
 
 REM Uncomment to set SSL-related system properties
 REM Be sure to update the paths to the correct keystore for your environment
-REM set SOLR_SSL_OPTS=-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks -Djavax.net.ssl.trustStorePassword=secret
\ No newline at end of file
+REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
+REM set SOLR_SSL_KEY_STORE_PASSWORD=secret
+REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
+REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret
+REM set SOLR_SSL_NEED_CLIENT_AUTH=false
+REM set SOLR_SSL_WANT_CLIENT_AUTH=false
+
+REM Uncomment if you want to override previously defined SSL values for HTTP client
+REM otherwise keep them commented and the above values will automatically be set for HTTP clients
+REM set SOLR_SSL_CLIENT_KEY_STORE=
+REM set SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+REM setSOLR_SSL_CLIENT_TRUST_STORE=
+REM setSOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
\ No newline at end of file

Modified: lucene/dev/trunk/solr/bin/solr.in.sh
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/bin/solr.in.sh?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/bin/solr.in.sh (original)
+++ lucene/dev/trunk/solr/bin/solr.in.sh Sun Apr 26 12:44:20 2015
@@ -97,7 +97,16 @@ ENABLE_REMOTE_JMX_OPTS="false"
 
 # Uncomment to set SSL-related system properties
 # Be sure to update the paths to the correct keystore for your environment
-#SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \
-#-Djavax.net.ssl.keyStorePassword=secret \
-#-Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \
-#-Djavax.net.ssl.trustStorePassword=secret"
\ No newline at end of file
+#SOLR_SSL_KEY_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
+#SOLR_SSL_KEY_STORE_PASSWORD=secret
+#SOLR_SSL_TRUST_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
+#SOLR_SSL_TRUST_STORE_PASSWORD=secret
+#SOLR_SSL_NEED_CLIENT_AUTH=false
+#SOLR_SSL_WANT_CLIENT_AUTH=false
+
+# Uncomment if you want to override previously defined SSL values for HTTP client
+# otherwise keep them commented and the above values will automatically be set for HTTP clients
+#SOLR_SSL_CLIENT_KEY_STORE=
+#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+#SOLR_SSL_CLIENT_TRUST_STORE=
+#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
\ No newline at end of file

Modified: lucene/dev/trunk/solr/server/etc/jetty-ssl.xml
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/server/etc/jetty-ssl.xml?rev=1676102&r1=1676101&r2=1676102&view=diff
==============================================================================
--- lucene/dev/trunk/solr/server/etc/jetty-ssl.xml (original)
+++ lucene/dev/trunk/solr/server/etc/jetty-ssl.xml Sun Apr 26 12:44:20 2015
@@ -7,12 +7,12 @@
 <!-- and either jetty-https.xml or jetty-spdy.xml (but not both)   -->
 <!-- ============================================================= -->
 <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
-  <Set name="KeyStorePath"><Property name="javax.net.ssl.keyStore" default="./etc/solr-ssl.keystore.jks"/></Set>
-  <Set name="KeyStorePassword"><Property name="javax.net.ssl.keyStorePassword" default="secret"/></Set>
-  <Set name="TrustStorePath"><Property name="javax.net.ssl.trustStore" default="./etc/solr-ssl.keystore.jks"/></Set>
-  <Set name="TrustStorePassword"><Property name="javax.net.ssl.trustStorePassword" default="secret"/></Set>
-  <Set name="NeedClientAuth"><Property name="jetty.ssl.clientAuth" default="false"/></Set>
-  <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
+  <Set name="KeyStorePath"><Property name="solr.jetty.keystore" default="./etc/solr-ssl.keystore.jks"/></Set>
+  <Set name="KeyStorePassword"><Property name="solr.jetty.keystore.password" default="secret"/></Set>
+  <Set name="TrustStorePath"><Property name="solr.jetty.truststore" default="./etc/solr-ssl.keystore.jks"/></Set>
+  <Set name="TrustStorePassword"><Property name="solr.jetty.truststore.password" default="secret"/></Set>
+  <Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
+  <Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
   <Set name="ExcludeCipherSuites">
     <Array type="String">
       <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>