This needs to also make its way into the Solr Ref Guide - stuff documented on the wiki doesn't automatically get into the Solr Reference Guide without human intervention.
There is an issue already to document this in the guide, so if you do add something to the Solr Wiki, please add a link to the page to https://issues.apache.org/jira/browse/SOLR-5757 so it can be officially documented. Thanks, Cassandra On Wed, Mar 12, 2014 at 7:19 PM, Erick Erickson <[email protected]>wrote: > Steve: > > It would be a great service if you were willing to document this on > the Wiki. If you don't already have contributor rights, just create a > logon on the Wiki, send us your logon ID and we'll add you to the > approved editors list. > > A bit of background: We used to let anyone edit the Wiki, but then > started getting hit with a billion spam pages so had to lock it down. > As long as we're convinced it's a real person asking for edit rights, > they're freely granted! > > Best, > Erick > > > On Wed, Mar 12, 2014 at 8:15 PM, Steve Davids <[email protected]> wrote: > > I will be upgrading my SolrCloud cluster at work in a couple of days > (hand > > patched former builds) will let everyone know if there are any other > > gothchyas. I know depending on different cases the need to bundle your > own > > HttpClientConfigurer to use the AllowAllHostnameVerifier (if using a > single > > cert for all instances) or to add the TrustedSelfSignedStrategy if using > > two-way SSL w/ self-signed certs. > > > > -Steve > > > > On Mar 12, 2014, at 8:05 PM, Erick Erickson <[email protected]> > wrote: > > > > Steve: > > > > Thanks, I confess confusion about all things HTTPS. I'll turn this > > over to the people who _do_ know about it in the morning, this is a > > great help in that it tells us where to look. > > > > I smell a Wiki page coming.... > > > > Erick > > > > On Wed, Mar 12, 2014 at 7:47 PM, Steve Davids <[email protected]> wrote: > > > > Hi Eric, > > > > Unfortunately the only "working example" is in the unit-tests. What have > you > > done thus far? First step would be to add the "urlScheme" into > > clusterprops.json: > > > > ./zkcli.sh -zkhost localhost:9983 -cmd put /clusterprops.json > > '{"urlScheme":"https"}' > > > > > > You will also need to add the basic javax.net.ssl.* system properties > > (http://stackoverflow.com/a/5871352) > > > > It is important to note that if there is a pre-existing clusterstate.json > > file you will need to update the current base_url values to move 'http' > -> > > 'https' scheme + update the port value. This is all necessary because > when a > > node is rebooted it compares the base_url to figure out where it left > off in > > the cluster. SOLR-5770 was created so we don't need to worry about > > performing this manual http->https mapping since it will use the > node_name > > to perform the comparison (though the port value would still be a > problem). > > > > Let me know if that helps, > > > > -Steve > > > > On Mar 12, 2014, at 4:23 PM, Erick Erickson <[email protected]> > wrote: > > > > We simply cannot get Solr running over HTTPS. We're running Solr 4.7, > > SOLR-3854 should be included. > > > > To complicate matters this is on WebSphere, but fortunately the people > > here are handling that part (not a chance in the world to use Jetty). > > > > "IOException can't connect with an http (not https) address" > > > > Do we have any examples lying around that handle this case that we can > > use as a template? I'm out of my league with this, https is a mystery. > > > > Thanks! > > Erick > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
