Dear Jacob,
I think it's better if you add another Tomcat connector to handle the
un-encrypted HTTP. We use nginx + TLS in front of our Tomcat and the "main"
connector specifically has to know about the reverse port mapping 443→8443
with HTTPS scheme, so we added a plain HTTP connector for localhost:
<!-- "normal" http connector for SOLR -->
<Connector port="8081" protocol="HTTP/1.1"
...
address="127.0.0.1"
URIEncoding="UTF-8" />
<!-- tell tomcat it's being proxied via nginx on port 443/ scheme https -->
<Connector port="8443" protocol="HTTP/1.1"
...
address="127.0.0.1"
URIEncoding="UTF-8"
proxyPort="443"
scheme="https"
secure="true" />
Then in our DSpace configuration we point Solr to this localhost:8081.
Hope that helps,
On Tue, Nov 6, 2018 at 11:49 PM Cameron, Jacob <jacob.came...@uleth.ca>
wrote:
> Hi Mark,
>
>
>
> It’s because the cert is wildcard for our domain it is breaking going to
> the localhost for SOLR. With SOLR setup for localhost only, it got
> grumpy. I’ve found an easy way to work around it now. I hope to get
> apache httpd working on it in the future.
>
>
>
> Jake
>
> --
>
> Jake Cameron, BCS(UNB)
>
> Systems Support Specialist III
>
> Information Systems and Technical Services University of Lethbridge Library
>
> Phone:(403)329-2756
>
> This e-mail, including any and all attachments, is only for the use of the
> intended recipient(s) and may contain information that is confidential or
> privileged. If you are not the intended recipient, you are advised that any
> dissemination, copying or other use of this e-mail is prohibited. Please
> notify the sender of the error in communication by return e-mail and
> destroy all copies of this e-mail. Thank you.
>
>
>
> *From:* dspace-tech@googlegroups.com <dspace-tech@googlegroups.com> *On
> Behalf Of *Mark H. Wood
> *Sent:* Tuesday, November 6, 2018 11:27 AM
> *To:* DSpace Technical Support <dspace-tech@googlegroups.com>
> *Subject:* [dspace-tech] Re: HTTPS and SOLR
>
>
>
> On Monday, November 5, 2018 at 6:11:29 PM UTC-5, jacob.cameron wrote:
>
> Can I have SOLR secured under a wildcard SSL certificate? I’ve installed
> our cert and forced HTTPS I’m tomcat, but SOLR keeps giving a 302 error now
> and when I browse it it tells me that it’s an invalid cert. I haven’t been
> able to figure a way around it. We aren’t using Apache HTTPD to configure
> our ports.
>
>
>
>
>
>
>
> There are any number of ways a cert. can be invalid. Which specific one
> does your browser show you? (Browsers are so "helpful" these days that you
> may need to dig...and dig...to get down to the real reason.) A less
> "friendly", more precise tool such as 'openssl s_client' may provide better
> information.
>
>
>
> HTTP status 302 ("Found") is a redirection. Tomcat (not Solr) is saying
> that the resource exists but you have to ask for it at a different
> location. Is DSpace configured to contact Solr via HTTPS? Does
> 'bin/dspace dsprop -property solr.server' show the https: scheme?
>
> --
> All messages to this mailing list should adhere to the DuraSpace Code of
> Conduct: https://duraspace.org/about/policies/code-of-conduct/
> ---
> You received this message because you are subscribed to the Google Groups
> "DSpace Technical Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dspace-tech+unsubscr...@googlegroups.com.
> To post to this group, send email to dspace-tech@googlegroups.com.
> Visit this group at https://groups.google.com/group/dspace-tech.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> All messages to this mailing list should adhere to the DuraSpace Code of
> Conduct: https://duraspace.org/about/policies/code-of-conduct/
> ---
> You received this message because you are subscribed to the Google Groups
> "DSpace Technical Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dspace-tech+unsubscr...@googlegroups.com.
> To post to this group, send email to dspace-tech@googlegroups.com.
> Visit this group at https://groups.google.com/group/dspace-tech.
> For more options, visit https://groups.google.com/d/optout.
>
--
Alan Orth
alan.o...@gmail.com
https://picturingjordan.com
https://englishbulgaria.net
https://mjanja.ch
"In heaven all the interesting people are missing." ―Friedrich Nietzsche
--
All messages to this mailing list should adhere to the DuraSpace Code of
Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.
