Using HTTP and HTTPS at the same time

[Nawab Zada Asad Iqbal <kh...@gmail.com>]

Hi,

I am reading a comment on
https://cwiki.apache.org/confluence/display/solr/Enabling+SSL which says.
Just wanted to check if this is still the same with 6.5? This used to work
in 4.5.
Shalin Shekhar Mangar
<https://cwiki.apache.org/confluence/display/%7Eshalinmangar>

Solr does not support both HTTP and HTTPS at the same time. You can only
use one of them at a time.


Thanks

Nawab

Re: Using HTTP and HTTPS at the same time

[Shawn Heisey <ap...@elyograg.org>]

On 7/12/2017 7:20 AM, Nawab Zada Asad Iqbal wrote:
> I am  wondering what is wrong if I pass both http and https port to
> underlying jetty sever , won't that be enough to have both http and https access to solr ?

Jetty should be capable of doing both HTTP and HTTPS (on different
ports), but the instructions that the Solr project provides for SSL do
not set things up that way.

If you know how to configure Jetty, then you can do anything you want,
but the only way of doing SSL that is supported by the Solr project is
the method that disables HTTP.

The reason that we don't support both at the same time is that the
entire reason for enabling SSL is for security purposes.  Leaving HTTP
open defeats that goal.

In my opinion, the best way to secure Solr is to make sure it cannot be
reached from unauthorized locations.  In particular, having Solr
accessible from the open Internet is dangerous.  If Solr is only
reachable from specific authorized network addresses, then you do not
need encryption or authentication.

Thanks,
Shawn

Re: Using HTTP and HTTPS at the same time

[Nawab Zada Asad Iqbal <kh...@gmail.com>]

Thanks rick

I am  wondering what is wrong if I pass both http and https port to
underlying jetty sever , won't that be enough to have both http and https
access to solr ?

Regards
Nawab

On Wed, Jul 12, 2017 at 3:39 AM Rick Leir <rl...@leirtech.com> wrote:

> Hi all,
> The recommended best practice is to run a web app in front of Solr, and
> maybe there is no benefit in SSL between the web app and Solr. In any case,
> if SSL is desired, you would configure the web app to always use HTTPS.
>
> Without the web app, you can have Apache promote a connection from http to
> https. (Is 'promote' the right term?) Cheers -- Rick
>
> On July 11, 2017 6:09:42 PM EDT, Nawab Zada Asad Iqbal <kh...@gmail.com>
> wrote:
> >Hi,
> >
> >I am reading a comment on
> >https://cwiki.apache.org/confluence/display/solr/Enabling+SSL which
> >says.
> >Just wanted to check if this is still the same with 6.5? This used to
> >work
> >in 4.5.
> >Shalin Shekhar Mangar
> ><https://cwiki.apache.org/confluence/display/%7Eshalinmangar>
> >
> >Solr does not support both HTTP and HTTPS at the same time. You can
> >only
> >use one of them at a time.
> >
> >
> >Thanks
> >
> >Nawab
>
> --
> Sorry for being brief. Alternate email is rickleir at yahoo dot com

Re: Using HTTP and HTTPS at the same time

[Rick Leir <rl...@leirtech.com>]

Hi all,
The recommended best practice is to run a web app in front of Solr, and maybe there is no benefit in SSL between the web app and Solr. In any case, if SSL is desired, you would configure the web app to always use HTTPS. 

Without the web app, you can have Apache promote a connection from http to https. (Is 'promote' the right term?) Cheers -- Rick

On July 11, 2017 6:09:42 PM EDT, Nawab Zada Asad Iqbal <kh...@gmail.com> wrote:
>Hi,
>
>I am reading a comment on
>https://cwiki.apache.org/confluence/display/solr/Enabling+SSL which
>says.
>Just wanted to check if this is still the same with 6.5? This used to
>work
>in 4.5.
>Shalin Shekhar Mangar
><https://cwiki.apache.org/confluence/display/%7Eshalinmangar>
>
>Solr does not support both HTTP and HTTPS at the same time. You can
>only
>use one of them at a time.
>
>
>Thanks
>
>Nawab

-- 
Sorry for being brief. Alternate email is rickleir at yahoo dot com