[
https://issues.apache.org/jira/browse/SOLR-4839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shalin Shekhar Mangar updated SOLR-4839:
----------------------------------------
Attachment: SOLR-4839-ssl-support_patch.patch
Changes:
# Threadpool configs: idleTimeout=5000 (5 seconds) and stopTimeout=60000 (1
minute) respectively to match what existed inside JettySolrRunner
# sendServerVersion is set to false by default to match branch_5x
# HTTP and HTTPS connector idleTimeout defaults to 50000 ms to match branch_5x
# HTTPS default port property is called solr.jetty.https.port and defaults to
8983
# I removed the keyManagerPassword property from jetty-ssl.xml because 1) it
was not specified in branch_5x as well and 2) from reading the docs, it
defaults to the keyStorePassword but if we ask the user to change it from the
solr.in.sh then we must introduce another property which should normally be
always set to the same as keyManagerPassword. I don't know if/how this property
is useful so I have removed it for the time being. Perhaps someone more
knowledgeable about security can chime in here.
# SSL property names are changed as follows to fix related issue SOLR-7449 so
that changes to property values in bin/solr.in.sh is propagated to jetty:
{code}
<Set name="KeyStorePath"><Property name="javax.net.ssl.keyStore"
default="./etc/solr-ssl.keystore.jks"/></Set>
<Set name="KeyStorePassword"><Property name="javax.net.ssl.keyStorePassword"
default="secret"/></Set>
<Set name="TrustStorePath"><Property name="javax.net.ssl.trustStore"
default="./etc/solr-ssl.keystore.jks"/></Set>
<Set name="TrustStorePassword"><Property
name="javax.net.ssl.trustStorePassword" default="secret"/></Set>
<Set name="NeedClientAuth"><Property name="jetty.ssl.clientAuth"
default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth"
default="false"/></Set>
{code}
# bin/solr and bin/solr.cmd enable the appropriate module name in jetty (http
or https)
# Removed unused properties in ssl.mod
# Deleted the start.ini altogether as it was serving no need
# It is no longer possible to run java -jar start.jar directly because by
default neither http nor https module is enabled. The bin/solr script is the
only supported way of starting solr. This is required because if we enable the
http module by default from inside start.ini then it is not possible to disable
http and enable https using command line arguments to start.jar. Instead both
are enabled and Solr ends up trying to listen using both http and https
connectors.
I tested using the SSL setup documentation in the reference guide and it works
with no modifications required to the setup steps.
The tests and precommit passes at this point. I cannot test the smoke tester
until I commit so I'll commit this changes and then run the smoke tester.
> Jetty 9
> -------
>
> Key: SOLR-4839
> URL: https://issues.apache.org/jira/browse/SOLR-4839
> Project: Solr
> Issue Type: Improvement
> Reporter: Bill Bell
> Assignee: Shalin Shekhar Mangar
> Fix For: Trunk, 5.2
>
> Attachments: SOLR-4839-conform-jetty9_2_10.patch,
> SOLR-4839-conform-jetty9_2_10.patch, SOLR-4839-fix-eclipse.patch,
> SOLR-4839-jetty9.2.10, SOLR-4839-mod-JettySolrRunner.patch,
> SOLR-4839-ssl-support_patch.patch, SOLR-4839.patch, SOLR-4839.patch,
> SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch,
> SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch
>
>
> Implement Jetty 9
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
