When I had to grant temporary access to an external developer to read from
a single core. I proxied it through nginx as https://solr.example.org:443 with
a Let's Encrypt certificate and basic authentication.
Config looked something like this. I only exposed the select handler. This
effectively blocks everything that isn't select. You could replace this
with a script running on nginx that sanitises queries, adds specific
filters based on the auth username … and the client wouldn't notice a
functional difference.
auth_basic "My Solr";
auth_basic_user_file /path/to/.htpasswd;
location /solr/my_core/select {
proxy_pass http://10.0.0.1:8983/solr/my_core/select;
proxy_http_version 1.1;
}
Op ma 1 dec 2025, 21:43 schreef Dave <[email protected]>:
> Use an nginx proxy server instead of jetty to go from external to
> internal. Don’t ever expose solr to the public, block any update and
> delete commands, it should all be done inside the vpn and through secondary
> code. If anyone sees raw solr commands it can be exploited easily.
>
> > On Dec 1, 2025, at 15:20, Shaun Campbell <[email protected]>
> wrote:
> >
> > Hi
> >
> > I'm updating a Solr 6 server to the latest 9.10 on a Windows server.
> It's a
> > simple stand-alone instance and not cloud or anything. Solr starts but I
> > can only access it via localhost or 127.0.0.1. My aim is to access Solr
> > from another server where my application is running. This is how it used
> to
> > work and there was no problems.
> >
> > I have a development Linux laptop and changed SOLR_JETTY_HOST in the solr
> > include file on that to 0.0.0.0 and I can now access Solr on my laptop's
> ip
> > address. I tried to do the same on the Windows server and I can't get
> > anything to work apart from localhost. I want eventually to be able to
> > access it by the server name which I can ping.
> >
> > I'm also trying to run Solr as a Windows service which I used to do, but
> > now the service just tries to start and then stops. I can't see any
> errors.
> > I wonder if the above issue is stopping it starting.
> >
> > Any ideas what I'm doing wrong?
> >
> > Many thanks
> > Shaun
>
