This is an automated email from the ASF dual-hosted git repository.
dsmiley pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new bdc4e277d84 SOLR-18055: Improve SSL/HTTPS URL scheme detection (#4272)
bdc4e277d84 is described below
commit bdc4e277d8466f24fd9123c2956d05634c72b5e3
Author: Vishnu Priya <[email protected]>
AuthorDate: Fri May 8 20:43:10 2026 -0700
SOLR-18055: Improve SSL/HTTPS URL scheme detection (#4272)
Prioritize the solr.ssl.enabled system property for determining the URL
scheme used in inter-node communication. CloudSolrClient was recently also
improved similarly.
This makes SSL configuration more straightforward for users, although the
urlScheme cluster property is still supported and so is the urlScheme config
field of HttpShardHandlerFactory in solr.xml. Those might become deprecated if
they don't have a purpose.
Co-authored-by: David Smiley <[email protected]>
---
changelog/unreleased/SOLR-18056-urlScheme-csp.yml | 4 +-
solr/benchmark/src/resources/solr.xml | 1 -
.../java/org/apache/solr/cloud/ZkController.java | 7 +--
.../apache/solr/cloud/overseer/ReplicaMutator.java | 8 ++-
.../apache/solr/cloud/overseer/SliceMutator.java | 8 ++-
.../solr/handler/admin/SystemInfoProvider.java | 3 +-
.../handler/component/HttpShardHandlerFactory.java | 28 +++++++---
solr/core/src/test-files/solr/solr-jmxreporter.xml | 1 -
.../test-files/solr/solr-trackingshardhandler.xml | 1 -
solr/core/src/test-files/solr/solr.xml | 1 -
.../org/apache/solr/cloud/LeaderElectionTest.java | 6 +--
.../solr/cloud/LeaderVoteWaitTimeoutTest.java | 9 +---
.../solr/cloud/TestMiniSolrCloudClusterSSL.java | 19 ++++---
.../solr/cloud/overseer/ZkStateReaderTest.java | 10 ++++
.../src/test-files/clustering/solr/solr.xml | 4 --
solr/modules/cuvs/src/test-files/solr/solr.xml | 1 -
.../language-models/src/test-files/solr/solr.xml | 1 -
solr/modules/ltr/src/test-files/solr/solr.xml | 1 -
.../opentelemetry/src/test-files/solr/solr.xml | 1 -
.../pages/configuring-solr-xml.adoc | 3 +-
.../deployment-guide/pages/enabling-ssl.adoc | 59 ++--------------------
.../pages/major-changes-in-solr-10.adoc | 4 ++
.../src/test-files/solrj/solr/solr.xml | 1 -
.../apache/solr/common/cloud/ZkStateReader.java | 21 ++++++--
.../src/resources/EnvToSyspropMappings.properties | 1 -
.../src/test-files/solrj/solr/shared/solr.xml | 1 -
.../test-files/solrj/solr/solr-metrics-enabled.xml | 1 -
solr/solrj/src/test-files/solrj/solr/solr.xml | 1 -
.../solrj/impl/ClusterStateProviderTest.java | 8 +--
.../src/java/org/apache/solr/SolrTestCaseJ4.java | 2 +-
30 files changed, 86 insertions(+), 130 deletions(-)
diff --git a/changelog/unreleased/SOLR-18056-urlScheme-csp.yml
b/changelog/unreleased/SOLR-18056-urlScheme-csp.yml
index f7a3d2690b1..12691974908 100644
--- a/changelog/unreleased/SOLR-18056-urlScheme-csp.yml
+++ b/changelog/unreleased/SOLR-18056-urlScheme-csp.yml
@@ -1,8 +1,10 @@
# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
-title: Improved CloudSolrClient's urlScheme detection by using the scheme of
provided Solr URLs, or looking at "solr.ssl.enabled".
+title: Improved CloudSolrClient's http/https (SSL) detection by using the
scheme of provided Solr URLs, or looking at the "solr.ssl.enabled" system
property. Likewise improved Solr itself to consider this property as an
alternative to the urlScheme cluster property.
type: changed
authors:
- name: Vishnu Priya Chandra Sekar
links:
- name: SOLR-18056
url: https://issues.apache.org/jira/browse/SOLR-18056
+ - name: SOLR-18055
+ url: https://issues.apache.org/jira/browse/SOLR-18055
diff --git a/solr/benchmark/src/resources/solr.xml
b/solr/benchmark/src/resources/solr.xml
index 38c9a776f53..9292940b222 100644
--- a/solr/benchmark/src/resources/solr.xml
+++ b/solr/benchmark/src/resources/solr.xml
@@ -28,7 +28,6 @@
<str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:15000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/core/src/java/org/apache/solr/cloud/ZkController.java
b/solr/core/src/java/org/apache/solr/cloud/ZkController.java
index 4b574750ede..a3702c1f1e3 100644
--- a/solr/core/src/java/org/apache/solr/cloud/ZkController.java
+++ b/solr/core/src/java/org/apache/solr/cloud/ZkController.java
@@ -365,13 +365,8 @@ public class ZkController implements Closeable {
});
zkStateReader.createClusterStateWatchersAndUpdate(); // and reads cluster
properties
-
// note: Can't read cluster properties until createClusterState ^ is called
- final String urlSchemeFromClusterProp =
- zkStateReader.getClusterProperty(ZkStateReader.URL_SCHEME,
ZkStateReader.HTTP);
- // this must happen after zkStateReader has initialized the cluster props
- this.baseURL = URLUtil.getBaseUrlForNodeName(this.nodeName,
urlSchemeFromClusterProp);
-
+ this.baseURL = zkStateReader.getBaseUrlForNodeName(this.nodeName);
// Now that zkStateReader is available, read OVERSEER_ENABLED.
final boolean overseerEnabled =
Boolean.parseBoolean(
diff --git
a/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java
b/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java
index 3b06bbe6df8..1536c5176fc 100644
--- a/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java
+++ b/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java
@@ -52,6 +52,7 @@ import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.common.params.CollectionAdminParams;
import org.apache.solr.common.util.CollectionUtil;
import org.apache.solr.common.util.StrUtils;
+import org.apache.solr.common.util.URLUtil;
import org.apache.solr.common.util.Utils;
import org.apache.solr.util.TestInjection;
import org.slf4j.Logger;
@@ -407,11 +408,8 @@ public class ReplicaMutator {
String nodeName = (String) replicaProps.get(ZkStateReader.NODE_NAME_PROP);
if (nodeName != null) {
String baseUrl =
- Utils.getBaseUrlForNodeName(
- nodeName,
- cloudManager
- .getClusterStateProvider()
- .getClusterProperty(ZkStateReader.URL_SCHEME, "http"));
+ URLUtil.getBaseUrlForNodeName(
+ nodeName, cloudManager.getClusterStateProvider().getUrlScheme());
replicaProps.put(ZkStateReader.BASE_URL_PROP, baseUrl);
}
Replica replica = new Replica(coreNodeName, replicaProps, collectionName,
sliceName);
diff --git
a/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java
b/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java
index 962f7ea0b47..9b72410a114 100644
--- a/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java
+++ b/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java
@@ -39,6 +39,7 @@ import org.apache.solr.common.cloud.ZkCoreNodeProps;
import org.apache.solr.common.cloud.ZkNodeProps;
import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.common.params.CollectionAdminParams;
+import org.apache.solr.common.util.URLUtil;
import org.apache.solr.common.util.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -88,11 +89,8 @@ public class SliceMutator {
}
String nodeName = message.getStr(ZkStateReader.NODE_NAME_PROP);
String baseUrl =
- Utils.getBaseUrlForNodeName(
- nodeName,
- cloudManager
- .getClusterStateProvider()
- .getClusterProperty(ZkStateReader.URL_SCHEME, "http"));
+ URLUtil.getBaseUrlForNodeName(
+ nodeName, cloudManager.getClusterStateProvider().getUrlScheme());
Map<String, Object> replicaProps =
Utils.makeMap(
diff --git
a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoProvider.java
b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoProvider.java
index 1af8b9a9c61..f9b39864156 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoProvider.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoProvider.java
@@ -320,8 +320,7 @@ public class SystemInfoProvider {
}
if (cc != null && cc.getZkController() != null) {
- String urlScheme =
-
cc.getZkController().zkStateReader.getClusterProperty(ZkStateReader.URL_SCHEME,
"http");
+ String urlScheme = cc.getZkController().zkStateReader.getUrlScheme();
info.tls = ZkStateReader.HTTPS.equals(urlScheme);
}
diff --git
a/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java
b/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java
index fa2392c5a1d..574a0b266a3 100644
---
a/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java
+++
b/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java
@@ -48,6 +48,7 @@ import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.common.params.ShardParams;
import org.apache.solr.common.params.SolrParams;
+import org.apache.solr.common.util.EnvUtils;
import org.apache.solr.common.util.ExecutorUtil;
import org.apache.solr.common.util.IOUtils;
import org.apache.solr.common.util.NamedList;
@@ -109,6 +110,9 @@ public class HttpShardHandlerFactory extends
ShardHandlerFactory
// URL scheme to be used in distributed search.
static final String INIT_URL_SCHEME = "urlScheme";
+ // system property to enable ssl or tls for communication within Solr
+ static final String SOLR_SSL_ENABLED = "solr.ssl.enabled";
+
// The core size of the threadpool servicing requests
static final String INIT_CORE_POOL_SIZE = "corePoolSize";
@@ -227,12 +231,7 @@ public class HttpShardHandlerFactory extends
ShardHandlerFactory
public void init(PluginInfo info) {
StringBuilder sb = new StringBuilder();
NamedList<?> args = info.initArgs;
- // note: the sys prop is only used in testing
- this.scheme = getParameter(args, INIT_URL_SCHEME,
System.getProperty(INIT_URL_SCHEME), sb);
- if (this.scheme != null && this.scheme.endsWith("://")) {
- this.scheme = this.scheme.replace("://", "");
- }
-
+ this.scheme = initUrlScheme(args, sb);
String strategy =
getParameter(
args, "metricNameStrategy",
UpdateShardHandlerConfig.DEFAULT_METRICNAMESTRATEGY, sb);
@@ -436,6 +435,23 @@ public class HttpShardHandlerFactory extends
ShardHandlerFactory
return url;
}
+ /**
+ * Get url scheme of host
+ *
+ * @return http or https or null
+ */
+ private String initUrlScheme(NamedList<?> args, StringBuilder sb) {
+ final Boolean isSolrSslEnabled =
EnvUtils.getPropertyAsBool(SOLR_SSL_ENABLED, null);
+ if (isSolrSslEnabled != null) {
+ return isSolrSslEnabled ? "https" : "http";
+ }
+ String urlScheme = getParameter(args, INIT_URL_SCHEME,
System.getProperty(INIT_URL_SCHEME), sb);
+ if (urlScheme != null && urlScheme.endsWith("://")) {
+ urlScheme = urlScheme.replace("://", "");
+ }
+ return urlScheme;
+ }
+
@Override
public void initializeMetrics(SolrMetricsContext parentContext, Attributes
attributes) {
solrMetricsContext = parentContext.getChildContext(this);
diff --git a/solr/core/src/test-files/solr/solr-jmxreporter.xml
b/solr/core/src/test-files/solr/solr-jmxreporter.xml
index c5b296994a4..559b2e30348 100644
--- a/solr/core/src/test-files/solr/solr-jmxreporter.xml
+++ b/solr/core/src/test-files/solr/solr-jmxreporter.xml
@@ -18,7 +18,6 @@
<solr>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/core/src/test-files/solr/solr-trackingshardhandler.xml
b/solr/core/src/test-files/solr/solr-trackingshardhandler.xml
index a0ff99a60db..90efdebde0e 100644
--- a/solr/core/src/test-files/solr/solr-trackingshardhandler.xml
+++ b/solr/core/src/test-files/solr/solr-trackingshardhandler.xml
@@ -36,7 +36,6 @@
<shardHandlerFactory name="shardHandlerFactory"
class="org.apache.solr.handler.component.TrackingShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/core/src/test-files/solr/solr.xml
b/solr/core/src/test-files/solr/solr.xml
index 92e3d7d6bf3..d2210695e77 100644
--- a/solr/core/src/test-files/solr/solr.xml
+++ b/solr/core/src/test-files/solr/solr.xml
@@ -32,7 +32,6 @@
<int name="indexSearcherExecutorThreads">4</int>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:15000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java
b/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java
index 7bac68872a1..e95c1b41111 100644
--- a/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java
@@ -16,8 +16,6 @@
*/
package org.apache.solr.cloud;
-import static org.apache.solr.common.cloud.ZkStateReader.URL_SCHEME;
-
import java.lang.invoke.MethodHandles;
import java.nio.file.Path;
import java.util.ArrayList;
@@ -233,7 +231,7 @@ public class LeaderElectionTest extends SolrTestCaseJ4 {
elector, "shard2", "collection1", "dummynode1", props,
zkController);
elector.setup(context);
elector.joinElection(context, false);
- String urlScheme = zkStateReader.getClusterProperty(URL_SCHEME, "http");
+ String urlScheme = zkStateReader.getUrlScheme();
assertEquals(urlScheme + "://127.0.0.1:80/solr/",
getLeaderUrl("collection1", "shard2"));
}
@@ -259,7 +257,7 @@ public class LeaderElectionTest extends SolrTestCaseJ4 {
Thread.sleep(1000);
- String urlScheme = zkStateReader.getClusterProperty(URL_SCHEME, "http");
+ String urlScheme = zkStateReader.getUrlScheme();
String url1 = Utils.getBaseUrlForNodeName("127.0.0.1:80_solr", urlScheme)
+ "/1/";
String url2 = Utils.getBaseUrlForNodeName("127.0.0.1:80_solr", urlScheme)
+ "/2/";
diff --git
a/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java
b/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java
index 1c042c6f222..4deca8cebd5 100644
--- a/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java
@@ -17,9 +17,6 @@
package org.apache.solr.cloud;
-import static org.apache.solr.common.cloud.ZkStateReader.HTTP;
-import static org.apache.solr.common.cloud.ZkStateReader.URL_SCHEME;
-
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.URI;
@@ -39,7 +36,6 @@ import
org.apache.solr.client.solrj.request.CollectionAdminRequest;
import org.apache.solr.client.solrj.request.GenericSolrRequest;
import org.apache.solr.common.SolrInputDocument;
import org.apache.solr.common.cloud.Replica;
-import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.common.util.NamedList;
import org.apache.solr.embedded.JettySolrRunner;
import org.apache.solr.util.SocketProxy;
@@ -79,10 +75,7 @@ public class LeaderVoteWaitTimeoutTest extends
SolrCloudTestCase {
@Before
public void setupTest() throws Exception {
- configureCluster(NODE_COUNT)
- .withProperty(ZkStateReader.URL_SCHEME, System.getProperty(URL_SCHEME,
HTTP))
- .addConfig("conf", configset("cloud-minimal"))
- .configure();
+ configureCluster(NODE_COUNT).addConfig("conf",
configset("cloud-minimal")).configure();
// Add proxies
proxies = new HashMap<>(cluster.getJettySolrRunners().size());
diff --git
a/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
b/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
index 58b5a175ca8..85072d26d32 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
@@ -32,7 +32,6 @@ import org.apache.solr.client.solrj.impl.SolrHttpConstants;
import org.apache.solr.client.solrj.jetty.HttpJettySolrClient;
import org.apache.solr.client.solrj.request.CollectionAdminRequest;
import org.apache.solr.client.solrj.request.CoreAdminRequest;
-import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
import org.apache.solr.embedded.JettyConfig;
import org.apache.solr.embedded.JettySolrRunner;
@@ -71,7 +70,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
}
private static final Logger log =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
+ private static final String SOLR_SSL_ENABLED = "solr.ssl.enabled";
public static final int NUM_SERVERS = 3;
public static final String CONF_NAME =
MethodHandles.lookup().lookupClass().getName();
@@ -86,14 +85,14 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
"NOTE: This Test ignores the randomized SSL & clientAuth settings
selected by base class");
HttpClientUtil.resetHttpClientBuilder(); // also resets
SocketFactoryRegistryProvider
HttpJettySolrClient.resetSslContextFactory();
- System.clearProperty(ZkStateReader.URL_SCHEME);
+ System.clearProperty(SOLR_SSL_ENABLED);
}
@After
public void after() {
HttpClientUtil.resetHttpClientBuilder(); // also resets
SocketFactoryRegistryProvider
HttpJettySolrClient.resetSslContextFactory();
- System.clearProperty(ZkStateReader.URL_SCHEME);
+ System.clearProperty(SOLR_SSL_ENABLED);
SSLContext.setDefault(DEFAULT_SSL_CONTEXT);
}
@@ -102,7 +101,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
HttpClientUtil.setSocketFactoryRegistryProvider(
sslConfig.buildClientSocketFactoryRegistryProvider()); // must be reset
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
// must be reset
- System.setProperty(ZkStateReader.URL_SCHEME, "http");
+ System.setProperty(SOLR_SSL_ENABLED, "false");
checkClusterWithNodeReplacement(sslConfig);
}
@@ -114,7 +113,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
HttpClientUtil.setSocketFactoryRegistryProvider(
sslConfig.buildClientSocketFactoryRegistryProvider());
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
- System.setProperty(ZkStateReader.URL_SCHEME, "http");
+ System.setProperty(SOLR_SSL_ENABLED, "false");
checkClusterWithNodeReplacement(sslConfig);
}
@@ -123,7 +122,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
HttpClientUtil.setSocketFactoryRegistryProvider(
sslConfig.buildClientSocketFactoryRegistryProvider());
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
- System.setProperty(ZkStateReader.URL_SCHEME, "https");
+ System.setProperty(SOLR_SSL_ENABLED, "true");
checkClusterWithNodeReplacement(sslConfig);
}
@@ -135,7 +134,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
HttpClientUtil.setSocketFactoryRegistryProvider(
sslConfig.buildClientSocketFactoryRegistryProvider());
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
- System.setProperty(ZkStateReader.URL_SCHEME, "https");
+ System.setProperty(SOLR_SSL_ENABLED, "true");
checkClusterWithNodeReplacement(sslConfig);
}
@@ -144,7 +143,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
HttpClientUtil.setSocketFactoryRegistryProvider(
sslConfig.buildClientSocketFactoryRegistryProvider());
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
- System.setProperty(ZkStateReader.URL_SCHEME, "https");
+ System.setProperty(SOLR_SSL_ENABLED, "true");
checkClusterWithNodeReplacement(sslConfig);
}
@@ -193,7 +192,7 @@ public class TestMiniSolrCloudClusterSSL extends
SolrTestCaseJ4 {
HttpClientUtil.setSocketFactoryRegistryProvider(
sslConfig.buildClientSocketFactoryRegistryProvider());
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
- System.setProperty(ZkStateReader.URL_SCHEME, "https");
+ System.setProperty(SOLR_SSL_ENABLED, "true");
final JettyConfig config =
JettyConfig.builder().withSSLConfig(sslConfig.buildServerSSLConfig()).build();
final MiniSolrCloudCluster cluster =
diff --git
a/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java
b/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java
index eb3eadff0e6..df6aced524e 100644
--- a/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java
+++ b/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java
@@ -994,4 +994,14 @@ public class ZkStateReaderTest extends SolrTestCaseJ4 {
var lowestVersion = reader.fetchLowestSolrVersion();
assertFalse("Expected no lowest version when no live nodes exist",
lowestVersion.isPresent());
}
+
+ public void testGetUrlScheme_validSystemProperty() {
+ String expectedUrlScheme = isSSLMode() ? "https" : "http";
+ assertEquals(expectedUrlScheme, fixture.reader.getUrlScheme());
+ }
+
+ public void testGetUrlScheme_noClusterAndSystemProperty() {
+ assumeFalse("Skip the test when ssl is enabled", isSSLMode());
+ assertEquals("http", fixture.reader.getUrlScheme());
+ }
}
diff --git a/solr/modules/clustering/src/test-files/clustering/solr/solr.xml
b/solr/modules/clustering/src/test-files/clustering/solr/solr.xml
index 3596eebbdaf..7370666792b 100644
--- a/solr/modules/clustering/src/test-files/clustering/solr/solr.xml
+++ b/solr/modules/clustering/src/test-files/clustering/solr/solr.xml
@@ -25,8 +25,4 @@
<str name="coreRootDirectory">cores/</str>
<str name="configSetBaseDir"></str>
- <shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
- </shardHandlerFactory>
-
</solr>
diff --git a/solr/modules/cuvs/src/test-files/solr/solr.xml
b/solr/modules/cuvs/src/test-files/solr/solr.xml
index 26d92c24f4c..6a7a1ff36c2 100644
--- a/solr/modules/cuvs/src/test-files/solr/solr.xml
+++ b/solr/modules/cuvs/src/test-files/solr/solr.xml
@@ -23,7 +23,6 @@
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/modules/language-models/src/test-files/solr/solr.xml
b/solr/modules/language-models/src/test-files/solr/solr.xml
index c201efd50d9..bea3624ec6f 100644
--- a/solr/modules/language-models/src/test-files/solr/solr.xml
+++ b/solr/modules/language-models/src/test-files/solr/solr.xml
@@ -23,7 +23,6 @@
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/modules/ltr/src/test-files/solr/solr.xml
b/solr/modules/ltr/src/test-files/solr/solr.xml
index c201efd50d9..bea3624ec6f 100644
--- a/solr/modules/ltr/src/test-files/solr/solr.xml
+++ b/solr/modules/ltr/src/test-files/solr/solr.xml
@@ -23,7 +23,6 @@
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/modules/opentelemetry/src/test-files/solr/solr.xml
b/solr/modules/opentelemetry/src/test-files/solr/solr.xml
index 1f519208496..42f330816fd 100644
--- a/solr/modules/opentelemetry/src/test-files/solr/solr.xml
+++ b/solr/modules/opentelemetry/src/test-files/solr/solr.xml
@@ -29,7 +29,6 @@
<str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git
a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
index 2aed51b89e3..66e6d21dc7a 100644
---
a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
+++
b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
@@ -552,7 +552,8 @@ Defaults to the `distribUpdateConnTimeout` specified in the
`<solrcloud>` sectio
|Optional |Default: none
|===
+
-The URL scheme to be used in distributed search.
+The URL scheme to be used in distributed search and other inter-node
communication.
+Note: this is obsoleted by the `solr.ssl.enabled` boolean system property.
`maxConnectionsPerHost`::
+
diff --git
a/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc
b/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc
index 536038df68c..3a455450a48 100644
--- a/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc
+++ b/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc
@@ -62,10 +62,10 @@ If you want to use curl on OS X Yosemite (10.10), you'll
need to create a certif
$ openssl pkcs12 -nokeys -in solr-ssl.keystore.p12 -out solr-ssl.cacert.pem
----
-=== Set Common SSL-Related System Properties
+=== Set Common SSL-Related Environment Variables
-The Solr Control Script is already setup to pass SSL-related Java system
properties to the JVM.
-To activate the SSL settings, uncomment and update the set of properties
beginning with `SOLR_SSL_*` in `bin/solr.in.sh` on *nix systems or
`bin\solr.in.cmd` on Windows.
+The Solr Control Script is already setup to pass SSL-related environment
variables.
+To activate the SSL settings, uncomment and update the set of variables
beginning with `SOLR_SSL_*` in `bin/solr.in.sh` on *nix systems or
`bin\solr.in.cmd` on Windows.
[tabs#solr-in]
======
@@ -132,59 +132,6 @@ They are mutually exclusive and Jetty will select one of
them which may not be w
When you start Solr, the `bin/solr` script includes these settings and will
pass them as system properties to the JVM.
-If you are using SolrCloud, you need to <<Configure ZooKeeper>> before
starting Solr.
-
-If you are running Solr in a user-managed cluster or standalone installation,
you can skip to <<Start User-Managed Cluster or Standalone Solr>>.
-
-=== Configure ZooKeeper
-
-After creating the keystore described above and before you start any SolrCloud
nodes, you must configure your Solr cluster properties in ZooKeeper so that
Solr nodes know to communicate via SSL.
-
-This section assumes you have created and started an external ZooKeeper.
-See xref:zookeeper-ensemble.adoc[] for more information.
-
-The `urlScheme` cluster-wide property needs to be set to `https` before any
Solr node starts up.
-The examples below use the `bin/solr` tool that comes with Solr to do this.
-
-[tabs#zkclusterprops]
-======
-*nix::
-+
-====
-[source,terminal]
-----
-$ bin/solr cluster --property urlScheme --value https --zk-host
server1:2181,server2:2181,server3:2181
-----
-====
-
-Windows::
-+
-====
-[source,powershell]
-----
-C:\> bin/solr.cmd cluster --property urlScheme --value https --zk-host
server1:2181,server2:2181,server3:2181
-----
-====
-======
-
-Be sure to use the correct `--zk-host` value for your system.
-If you have set up your ZooKeeper ensemble to use a
xref:taking-solr-to-production.adoc#zookeeper-chroot[chroot for Solr], make
sure to include it in the `zkHost` string, e.g., `--zk-host
server1:2181,server2:2181,server3:2181/solr`.
-
-=== Update Cluster Properties for Existing Collections
-
-If you are using SolrCloud and have collections created before enabling SSL,
you will need to update the cluster properties to use HTTPS.
-
-If you do not have existing collections or are not using SolrCloud, you can
skip ahead and start Solr.
-
-Updating cluster properties can be done with the Collections API
xref:cluster-node-management.adoc#clusterprop[CLUSTERPROP command], as in this
example (update the hostname and port as appropriate for your system):
-
-[source,terminal]
-$
http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https
-
-This command only needs to be run on one node of the cluster, the change will
apply to all nodes.
-
-Once this and all other steps are complete, you can go ahead and start Solr.
-
== Starting Solr After Enabling SSL
=== Start SolrCloud
diff --git
a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc
b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc
index face4201d8c..546f93f4b3a 100644
---
a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc
+++
b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc
@@ -36,6 +36,10 @@ Solr 10.0 requires at least Java 21, while SolrJ 10.0
requires at least Java 17.
== Solr 10.1
+For SSL (https), it's no longer necessary to set the "urlScheme" cluster
property since the `SOLR_SSL_ENABLED` env var (or `solr.ssl.enabled` sys-prop)
suffices.
+These are now honored by CloudSolrClient, as well as scheme detection from the
connection string / hosts.
+The "urlScheme" cluster property and httpShardHandlerFactory configuration is
likely to be deprecated; feedback welcome.
+
=== v2 API
Starting in Solr 10.1 it is no longer possible for users to disable the v2 API
by use of the `solr.api.v2.enabled` system property, and the Solr server and
tooling (`bin/solr`, Admin UI, etc.) will start using these APIs internally.
diff --git a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
index 3e578e6cfdd..cd24ddbc200 100644
--- a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
+++ b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
@@ -28,7 +28,6 @@
<str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git
a/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java
b/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java
index 101d2ea983f..4f0c3bb3836 100644
---
a/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java
+++
b/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java
@@ -56,8 +56,10 @@ import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.params.CollectionAdminParams;
import org.apache.solr.common.params.CoreAdminParams;
import org.apache.solr.common.util.CommonTestInjection;
+import org.apache.solr.common.util.EnvUtils;
import org.apache.solr.common.util.ExecutorUtil;
import org.apache.solr.common.util.ObjectReleaseTracker;
+import org.apache.solr.common.util.URLUtil;
import org.apache.solr.common.util.Utils;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.KeeperException.NoNodeException;
@@ -1228,8 +1230,7 @@ public class ZkStateReader implements SolrCloseable {
* @return url that looks like {@code https://localhost:8983/solr}
*/
public String getBaseUrlForNodeName(final String nodeName) {
- String urlScheme = getClusterProperty(URL_SCHEME, "http");
- return Utils.getBaseUrlForNodeName(nodeName, urlScheme, false);
+ return URLUtil.getBaseUrlForNodeName(nodeName, getUrlScheme(), false);
}
/**
@@ -1240,8 +1241,20 @@ public class ZkStateReader implements SolrCloseable {
* @return url that looks like {@code https://localhost:8983/api}
*/
public String getBaseUrlV2ForNodeName(final String nodeName) {
- String urlScheme = getClusterProperty(URL_SCHEME, "http");
- return Utils.getBaseUrlForNodeName(nodeName, urlScheme, true);
+ return URLUtil.getBaseUrlForNodeName(nodeName, getUrlScheme(), true);
+ }
+
+ /**
+ * Returns the URL scheme for hosts in the cluster.
+ *
+ * @return the URL scheme ("http" or "https")
+ */
+ public String getUrlScheme() {
+ final Boolean isSolrSslEnabled =
EnvUtils.getPropertyAsBool("solr.ssl.enabled");
+ if (isSolrSslEnabled != null) {
+ return isSolrSslEnabled ? "https" : "http";
+ }
+ return getClusterProperty(URL_SCHEME, "http");
}
/** Watches a single collection's state.json. */
diff --git a/solr/solrj/src/resources/EnvToSyspropMappings.properties
b/solr/solrj/src/resources/EnvToSyspropMappings.properties
index 7571f2968d3..ed6e742cebc 100644
--- a/solr/solrj/src/resources/EnvToSyspropMappings.properties
+++ b/solr/solrj/src/resources/EnvToSyspropMappings.properties
@@ -71,7 +71,6 @@ SOLR_SSL_CLIENT_KEY_STORE_TYPE=
SOLR_SSL_CLIENT_TRUST_STORE=
SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
SOLR_SSL_CLIENT_TRUST_STORE_TYPE=
-SOLR_SSL_ENABLED=
SOLR_SSL_KEY_STORE=
SOLR_SSL_KEY_STORE_PASSWORD=
SOLR_SSL_KEY_STORE_TYPE=
diff --git a/solr/solrj/src/test-files/solrj/solr/shared/solr.xml
b/solr/solrj/src/test-files/solrj/solr/shared/solr.xml
index 7f48a511a6f..08d3596ec35 100644
--- a/solr/solrj/src/test-files/solrj/solr/shared/solr.xml
+++ b/solr/solrj/src/test-files/solrj/solr/shared/solr.xml
@@ -23,7 +23,6 @@
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml
b/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml
index a48c29f7e27..e2e4fc7c10d 100644
--- a/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml
+++ b/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml
@@ -30,7 +30,6 @@
<str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git a/solr/solrj/src/test-files/solrj/solr/solr.xml
b/solr/solrj/src/test-files/solrj/solr/solr.xml
index 6957862f4d9..f9ec9e5ec96 100644
--- a/solr/solrj/src/test-files/solrj/solr/solr.xml
+++ b/solr/solrj/src/test-files/solrj/solr/solr.xml
@@ -28,7 +28,6 @@
<str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
- <str name="urlScheme">${urlScheme:}</str>
<int name="socketTimeout">${socketTimeout:90000}</int>
<int name="connTimeout">${connTimeout:15000}</int>
</shardHandlerFactory>
diff --git
a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java
b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java
index 175264ede47..63f3ab56657 100644
---
a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java
+++
b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java
@@ -472,6 +472,7 @@ public class ClusterStateProviderTest extends
SolrCloudTestCase {
}
private void testUrlSchemeDefault(SolrZkClient client) throws Exception {
+ assumeFalse("Skip the test when ssl is enabled", isSSLMode());
try (var zkStateReader = new ZkStateReader(client);
var clusterStateProvider = new
ZkClientClusterStateProvider(zkStateReader)) {
assertEquals("http", clusterStateProvider.getUrlScheme());
@@ -479,16 +480,15 @@ public class ClusterStateProviderTest extends
SolrCloudTestCase {
}
private void testUrlSchemeWithSystemProperties(SolrZkClient client) throws
Exception {
- System.setProperty(SOLR_SSL_ENABLED, "true");
try (var zkStateReader = new ZkStateReader(client);
var clusterStateProvider = new
ZkClientClusterStateProvider(zkStateReader)) {
- assertEquals("https", clusterStateProvider.getUrlScheme());
- } finally {
- System.clearProperty(SOLR_SSL_ENABLED);
+ String expectedUrlScheme = isSSLMode() ? "https" : "http";
+ assertEquals(expectedUrlScheme, clusterStateProvider.getUrlScheme());
}
}
private void testUrlSchemeWithClusterProperties(SolrZkClient client) throws
Exception {
+ assumeFalse("Skip the test when ssl is enabled", isSSLMode());
ClusterProperties cp = new ClusterProperties(client);
cp.setClusterProperty("urlScheme", "ftp");
try (var zkStateReader = new ZkStateReader(client);
diff --git a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
index b450cff5bd7..26668690557 100644
--- a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
+++ b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
@@ -287,7 +287,7 @@ public abstract class SolrTestCaseJ4 extends SolrTestCase {
HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
if (isSSLMode()) {
// SolrCloud tests should usually clear this
- System.setProperty("urlScheme", "https");
+ System.setProperty("solr.ssl.enabled", "true");
}
ExecutorUtil.resetThreadLocalProviders();
