Hi Marco, Good progress. The logs confirm hybris is now passing hostname: 0.0.0.0, but Solr is still binding to loopback. That means the -Dhost= parameter isn't controlling the Jetty bind address the way we'd expect.
The Jetty bind is governed by a different property. Try adding this to your hybris local properties: solrserver.instances.default.ssl.host=0.0.0.0 Or, if that property isn't recognized in your hybris version, you may need to set the Jetty host directly. Check for a solr.in.sh or solr.in.cmd that hybris generates for your instance — it's typically under: hybris/config/solr/instances/default/ In that file, set: SOLR_JETTY_HOST="0.0.0.0" The reason your earlier edit to /etc/default/solr.in.sh didn't work is that hybris doesn't use the system-level Solr config — it manages its own instance with its own startup scripts and environment files under the hybris directory tree. After making the change, restart hybris (which restarts Solr), and check ss -tulpn | grep 8983 again. You should see *:8983 or 0.0.0.0:8983. Regarding the 403 from hybris to Solr — once you have connectivity sorted, let's tackle that next. It's almost certainly the basic auth credentials. Your ps aux output shows -Dbasicauth=solrserver:server123 in plain text, so make sure the hybris endpoint configuration is sending those exact credentials. Also worth checking that Solr's security.json has the matching user/password hash. Cip. Opensolr.com Your Path to AI Search <https://opensolr.com/> [email protected] https://opensolr.com <https://opensolr.com/> VAT: RO-35410526 > On 5 Feb 2026, at 14:53, MarcoDaniele Coppola > <[email protected]> wrote: > > Ok, something is starting to change!!! > > Hybris logs of solr start up: > >>> No SAP licenses found in the system. Trying fallback to hybris license. > Feb 05, 2026 12:27:23 PM > de.hybris.platform.solr.controller.commands.StartSolrServersCommand > executeCommand > INFO: Starting Solr servers ... > Feb 05, 2026 12:27:23 PM > de.hybris.platform.solr.controller.commands.StartSolrServerCommand > getSolrServerStatus > INFO: Checking Solr server status for instance [name: default, hostname: > 0.0.0.0, port: 8983, mode: STANDALONE] > Feb 05, 2026 12:27:23 PM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client key store has not been configured. client key store parameters > will not be configured for solr > Feb 05, 2026 12:27:23 PM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client trust store has not been configured. client trust store > parameters will not be configured for solr > Feb 05, 2026 12:27:24 PM > de.hybris.platform.solr.controller.commands.StartSolrServerCommand > startSolrServer > INFO: Starting Solr server for instance [name: default, hostname: 0.0.0.0, > port: 8983, mode: STANDALONE] > Feb 05, 2026 12:27:24 PM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client key store has not been configured. client key store parameters > will not be configured for solr > Feb 05, 2026 12:27:24 PM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client trust store has not been configured. client trust store > parameters will not be configured for solr > Solr will start in SolrCloud mode by default in version 10, and you will have > to provide --user-managed if you want to stay on the user-managed (aka. > standalone) mode. > > Java 17 detected. Enabled workaround for SOLR-16463 > Waiting up to 180 seconds to see Solr running on port 8983 [/] > > [|] > > Started Solr server on port 8983 (pid=386741). Happy searching! > > [WARN] 02-05-2026 12:27:48 de.hybris.platform.converters.impl.Abs > > But the behaviour is the same: > > And ss -tulpn still return [::ffff:127.0.0.1]:8983 > > Marco > > From: Ciprian Dimofte - Opensolr.com > Sent: Thursday, February 05, 2026 12:13 > To: [email protected] > Cc: Tim Repke > Subject: Re: Solr unreachable from local network > > Hi Marco, > > Your ss output confirms the problem - Solr is listening on > [::ffff:127.0.0.1]:8983, so it's loopback only. And since your Python test on > 0.0.0.0:8983 worked fine from the browser, the network itself is not the > issue. It's purely the bind address. > > **The fix** > > In your hybris properties, change: > > solrserver.instances.default.hostname=localhost > > to: > > solrserver.instances.default.hostname=0.0.0.0 > > That property is what hybris passes as -Dhost=localhost in the Solr start > command (you can see it in your ps aux output). Changing it to 0.0.0.0 should > make Solr bind to all interfaces. > > After restarting, verify with: ss -tulpn | grep 8983 > You should see *:8983 instead of 127.0.0.1:8983. > > **About the curl SSL error** > > That's expected - you have SSL enabled with what looks like a self-signed > certificate. curl won't trust it by default. You can test with: curl -k > https://localhost:8983/solr > The -k flag skips certificate verification. In the browser you'll just need > to accept the certificate warning. > > The reason http://localhost:8983 gave you "Received HTTP/0.9 when not > allowed" is because you're hitting an HTTPS port with plain HTTP. > > **About the 403 from hybris** > > That's most likely the basic auth configuration. Your process args show > -Dbasicauth=solrserver:server123, so make sure the credentials hybris is > sending to Solr match those exactly. Check that > solrserver.instances.default.user and solrserver.instances.default.password > in your hybris properties correspond to what Solr is configured to accept. > > Kind regards > Ciprian > > Opensolr.com > Your Path to AI Search <https://opensolr.com/> > [email protected] > https://opensolr.com <https://opensolr.com/> > VAT: RO-35410526 > > On 5 Feb 2026, at 13:09, MarcoDaniele Coppola > <[email protected]> wrote: > > > > Hi Tim, > > Are you talking of this line: > INFO: Starting Solr server for instance [name: default, hostname: localhost, > port: 8983, mode: STANDALONE] > ? > > What your expectation for have solr reachable from the network? > > The start of solr is in the hand of hybris, I don't run a command for start > solr (and tbh I don't want modify it). But I can modify the properties used: > > solrserver.instances.default.autostart=true > solrserver.instances.default.mode=standalone > solrserver.instances.default.hostname=localhost > solrserver.instances.default.port=8983 > solrserver.instances.default.memory=512m > solrserver.instances.default.authtype=basic > solrserver.instances.default.user=xxx > solrserver.instances.default.password=yyy > solrserver.instances.default.ssl.enabled=true > solrserver.instances.default.ssl.keyStorePassword=kkk > solrserver.instances.default.ssl.trustStorePassword=nnn > solrserver.instances.default.ssl.needClientAuth=false > solrserver.instances.default.ssl.wantClientAuth=false > solrserver.instances.default.ssl.clientHostnameVerification=false > solrserver.instances.default.ssl.checkPeerName=true > > Maybe modify Solrserver.instances.default.hostname=localhost ? > > About curl -L localhost:8983 > user@server:~$ curl -L https://localhost:8983 > curl: (60) SSL certificate problem: unable to get local issuer certificate > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could not > establish a secure connection to it. To learn more about this situation and > how to fix it, please visit the web page mentioned above. > user@server:~$ curl -L https://localhost:8983/solr > curl: (60) SSL certificate problem: unable to get local issuer certificate > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could not > establish a secure connection to it. To learn more about this situation and > how to fix it, please visit the web page mentioned above. > user@server:~$ curl -L http://localhost:8983/solr > curl: (1) Received HTTP/0.9 when not allowed > user@server:~$ > But, as I wrote, I'm able to open the solr console using lynx when I'm > connected on ssh to the server > > About the simple test with python, yes, it works, I'm able to see from > browser of my local machine the dir where I run python3 -m http.server -b > 0.0.0.0 8983 > > r > Marco > > ________________________________ > From: Tim Repke > Sent: Thursday, February 05, 2026 11:21 > To: MarcoDaniele Coppola > Cc: [email protected] > Subject: Re: Solr unreachable from local network > > Hi Marco Danielle, > > The log you posted says it started on "localhost", which would mean your > instance is only accessible > from the host unless you expose the port in some other way. > > You could try passing the host and port directly in the start command instead > of the configuration: > $ solr/bin/solr start -c -p 8983 --host 0.0.0.0 > > It's probably running as it seems, but just to double-check, you could > contact the solr server by > running the following command on the machine solr is running on: > $ curl -L localhost:8983 > > Lastly, just to make sure you don't have network issues you could test that a > very simple server is > reachable from the outside, for example using python's built-in server: > $ python3 -m http.server -b 0.0.0.0 8983 > (note, that this will expose files in the current directory, > so point it to somewhere safe with --directory) > > These checks should help you narrow down potential issues. > > Best > Tim > > On 05/02/2026 11:08, MarcoDaniele Coppola wrote: > Hi, > > I'm experiencing some issue with solr. > > Landscape of my project: > > * > Vm used as local environment, development purpose > > > > * > Sap Commerce (hybris) > * > Solr (standalone mode) > * > Unix (ubuntu) > * > No container (not for the moment) > > The start up of hybris works fine and during it, it is triggered the start of > solr. > ... > ... > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.commands.StartSolrServersCommand > executeCommand > INFO: Starting Solr servers ... > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.commands.StartSolrServerCommand > getSolrServerStatus > INFO: Checking Solr server status for instance [name: default, hostname: > localhost, port: 8983, mode: STANDALONE] > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client key store has not been configured. client key store parameters > will not be configured for solr > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client trust store has not been configured. client trust store > parameters will not be configured for solr > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.commands.StartSolrServerCommand > startSolrServer > INFO: Starting Solr server for instance [name: default, hostname: localhost, > port: 8983, mode: STANDALONE] > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client key store has not been configured. client key store parameters > will not be configured for solr > Feb 05, 2026 8:47:18 AM > de.hybris.platform.solr.controller.core.impl.SolrCommonParamsCommandBuilder > putCertParamsIfStoreIsNotEmptyOrLogMsg > INFO: client trust store has not been configured. client trust store > parameters will not be configured for solr > Solr will start in SolrCloud mode by default in version 10, and you will have > to provide --user-managed if you want to stay on the user-managed (aka. > standalone) mode. > > Java 17 detected. Enabled workaround for SOLR-16463 > Waiting up to 180 seconds to see Solr running on port 8983 [/] > > [|] > Started Solr server on port 8983 (pid=375162). Happy searching! > > [WARN] 02-05-2026 08:47:39 de.hybris.platform.conve... > user@server:~$ ps aux | grep solr > user+ 375162 1.1 7.7 4726956 1266924 pts/0 Sl 09:47 0:15 > /usr/lib64/jvm/sapmachine-jdk-17.0.17/bin/java -server -Xms1024m -Xmx1024m > -XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled > -XX:MaxGCPauseMillis=250 -XX:+AlwaysPreTouch > -Xlog:gc*:file=/home/user/git/prj1/core-customize/hybris/log/solr/instances/default/solr_gc.log:time,uptime:filecount=9,filesize=20M > -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes= > -Dsolr.log.dir=/home/user/git/prj1/core-customize/hybris/log/solr/instances/default > -Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Dhost=localhost > -Duser.timezone=UTC -XX:-OmitStackTraceInFastThrow > -XX:+CrashOnOutOfMemoryError > -XX:ErrorFile=/home/user/git/prj1/core-customize/hybris/log/solr/instances/default/jvm_crash_%p.log > > -Djetty.home=/home/user/git/prj1/core-customize/hybris/bin/modules/search-and-navigation/solrserver/resources/solr/9.8/server/server > > -Dsolr.solr.home=/home/user/git/prj1/core-customize/hybris/config/solr/instances/default > > -Dsolr.install.dir=/home/user/git/prj1/core-customize/hybris/bin/modules/search-and-navigation/solrserver/resources/solr/9.8/server > > -Dsolr.install.symDir=/home/user/git/prj1/core-customize/hybris/bin/modules/search-and-navigation/solrserver/resources/solr/9.8/server > > -Dsolr.default.confdir=/home/user/git/prj1/core-customize/hybris/bin/modules/search-and-navigation/solrserver/resources/solr/9.8/server/server/solr/configsets/_default/conf > > -Dlog4j.configurationFile=/home/user/git/prj1/core-customize/hybris/config/solr/instances/default/log4j2.xml > -Dsolr.placementplugin.default=simple -Xss256k > -Dsolr.data.home=/home/user/git/prj1/core-customize/hybris/data/solr/instances/default > -Dsolr.keyStoreReload.enabled=true > -Dsolr.jetty.keystore=/home/user/git/prj1/core-customize/hybris/config/solr/instances/default/solr.p12 > -Dsolr.jetty.keystore.type=PKCS12 > -Dsolr.jetty.truststore=/home/user/git/prj1/core-customize/hybris/config/solr/instances/default/solr.p12 > -Dsolr.jetty.truststore.type=PKCS12 -Dsolr.jetty.ssl.needClientAuth=false > -Dsolr.jetty.ssl.wantClientAuth=false > -Djavax.net.ssl.keyStore=/home/user/git/prj1/core-customize/hybris/config/solr/instances/default/solr.p12 > -Djavax.net.ssl.keyStoreType=PKCS12 -Dsolr.ssl.checkPeerName=true > -Dsolr.jetty.ssl.sniHostCheck=true > -Djavax.net.ssl.trustStore=/home/user/git/prj1/core-customize/hybris/config/solr/instances/default/solr.p12 > -Djavax.net.ssl.trustStoreType=PKCS12 -Dsolr.jetty.https.port=8983 > -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory > -Dbasicauth=solrserver:server123 > -XX:CompileCommand=exclude,com.github.benmanes.caffeine.cache.BoundedLocalCache::put > -DdisableAdminUI=false > -DzkACLProvider=org.apache.solr.common.cloud.DefaultZkACLProvider > -DzkCredentialsProvider=org.apache.solr.common.cloud.DefaultZkCredentialsProvider > > -DzkCredentialsInjector=org.apache.solr.common.cloud.DefaultZkCredentialsInjector > -Dsolr.log.muteconsole -jar start.jar --module=https > --lib=/home/user/git/prj1/core-customize/hybris/bin/modules/search-and-navigation/solrserver/resources/solr/9.8/server/server/solr-webapp/webapp/WEB-INF/lib/* > --module=ssl-reload --module=gzip > user+ 377191 0.0 0.0 7224 2432 pts/1 S+ 10:08 0:00 grep > --color=auto solr > Now, first issue: solr console don't is reachable from my local machine. A > colleague of network team suggest my to modify solr configuration in order to > expose solr endpoint to all the network (as hybris that use 9002 and 9001 > ports); my colleague told me that "Local Address" from ss command must return > "*:8983" in order to have solr reachable from our network. > user@server:~$ sudo ss -tulpn > Netid State Recv-Q Send-Q > Local Address:Port Peer Address:Port Process > udp UNCONN 0 0 > 127.0.0.54:53 0.0.0.0:* > users:(("systemd-resolve",pid=372701,fd=16)) > udp UNCONN 0 0 > 1XX.0.0.5X%lo:53 0.0.0.0:* > users:(("systemd-resolve",pid=372701,fd=14)) > udp UNCONN 0 0 > 1XX.1X.0.1:123 0.0.0.0:* > users:(("ntpd",pid=372637,fd=20)) > udp UNCONN 0 0 > 1X.1XX.1XX.9X:123 0.0.0.0:* > users:(("ntpd",pid=372637,fd=19)) > udp UNCONN 0 0 > 127.0.0.1:123 0.0.0.0:* > users:(("ntpd",pid=372637,fd=18)) > udp UNCONN 0 0 > 0.0.0.0:123 0.0.0.0:* > users:(("ntpd",pid=372637,fd=17)) > udp UNCONN 0 0 > 1XX.1X.2XX.2XX:137 0.0.0.0:* > users:(("nmbd",pid=372733,fd=20)) > udp UNCONN 0 0 > 1XX.1X.0.1:137 0.0.0.0:* > users:(("nmbd",pid=372733,fd=19)) > udp UNCONN 0 0 > 1X.1XX.1XX.2XX:137 0.0.0.0:* > users:(("nmbd",pid=372733,fd=16)) > udp UNCONN 0 0 > 1X.1XX.1XX.9X:137 0.0.0.0:* > users:(("nmbd",pid=372733,fd=15)) > udp UNCONN 0 0 > 0.0.0.0:137 0.0.0.0:* > users:(("nmbd",pid=372733,fd=13)) > udp UNCONN 0 0 > 1XX.1X.2XX.2XX:138 0.0.0.0:* > users:(("nmbd",pid=372733,fd=22)) > udp UNCONN 0 0 > 1XX.1X.0.1:138 0.0.0.0:* > users:(("nmbd",pid=372733,fd=21)) > udp UNCONN 0 0 > 1X.1XX.1XX.2XX:138 0.0.0.0:* > users:(("nmbd",pid=372733,fd=18)) > udp UNCONN 0 0 > 1X.1XX.1XX.9X:138 0.0.0.0:* > users:(("nmbd",pid=372733,fd=17)) > udp UNCONN 0 0 > 0.0.0.0:138 0.0.0.0:* > users:(("nmbd",pid=372733,fd=14)) > udp UNCONN 0 0 > [fy80::dy45:1yff:fy44:1y3d]%veth600161f:123 [::]:* > users:(("ntpd",pid=372637,fd=24)) > udp UNCONN 0 0 > [fy80::9y93:cyff:fyc3:3yf7]%docker0:123 [::]:* > users:(("ntpd",pid=372637,fd=23)) > udp UNCONN 0 0 > [fy80::2y0:5yff:fyay:4y7f]%ens33:123 [::]:* > users:(("ntpd",pid=372637,fd=22)) > udp UNCONN 0 0 > [::1]:123 [::]:* > users:(("ntpd",pid=372637,fd=21)) > udp UNCONN 0 0 > [::]:123 [::]:* > users:(("ntpd",pid=372637,fd=16)) > tcp LISTEN 0 4096 > 127.0.0.54:53 0.0.0.0:* > users:(("systemd-resolve",pid=372701,fd=17)) > tcp LISTEN 0 4096 > 0.0.0.0:1433 0.0.0.0:* > users:(("docker-proxy",pid=28479,fd=7)) > tcp LISTEN 0 50 > 0.0.0.0:445 0.0.0.0:* > users:(("smbd",pid=372778,fd=30)) > tcp LISTEN 0 4096 > 0.0.0.0:22 0.0.0.0:* > users:(("sshd",pid=372672,fd=3),("systemd",pid=1,fd=198)) > tcp LISTEN 0 50 > 0.0.0.0:139 0.0.0.0:* > users:(("smbd",pid=372778,fd=31)) > tcp LISTEN 0 1 > 127.0.0.1:32000 0.0.0.0:* > users:(("java",pid=374994,fd=4)) > tcp LISTEN 0 1 > 127.0.0.1:8000 0.0.0.0:* > users:(("java",pid=374994,fd=5)) > tcp LISTEN 0 4096 > 1XX.0.0.5X%lo:53 0.0.0.0:* > users:(("systemd-resolve",pid=372701,fd=15)) > tcp LISTEN 0 50 > [::ffff:127.0.0.1]:8983 *:* > users:(("java",pid=375162,fd=149)) > tcp LISTEN 0 4096 > [::]:1433 [::]:* > users:(("docker-proxy",pid=28485,fd=7)) > tcp LISTEN 0 50 > [::]:445 [::]:* > users:(("smbd",pid=372778,fd=28)) > tcp LISTEN 0 4096 > [::]:22 [::]:* > users:(("sshd",pid=372672,fd=4),("systemd",pid=1,fd=200)) > tcp LISTEN 0 50 > [::]:139 [::]:* > users:(("smbd",pid=372778,fd=29)) > tcp LISTEN 0 50 > *:41759 *:* > users:(("java",pid=374994,fd=14)) > tcp LISTEN 0 100 > *:9002 *:* > users:(("java",pid=374994,fd=52)) > tcp LISTEN 0 100 > *:9001 *:* > users:(("java",pid=374994,fd=51)) > tcp LISTEN 0 50 > [::ffff:127.0.0.1]:7983 *:* > users:(("java",pid=375162,fd=147)) > tcp LISTEN 0 100 > [::ffff:127.0.0.1]:8009 *:* > users:(("java",pid=374994,fd=53)) > User@server:~$ > What is needed to change for have solr exposed? > > Searching on internet I found this "where to change SOLR listening port? Now > only 127.0.0.1 : > r/Solr<https://www.reddit.com/r/Solr/comments/19ek8rj/where_to_change_solr_listening_port_now_only/>" > (the title of discussion looks misleading... is port but they talk of > addresses...). > I tried to modify the /etc/default/solr.in.s (adding SOLR_JETTY_HOST and > SOLR_HOST with 0.0.0.0 and ip address of the machine) but no changes... > > The solr console from the server vm machine is reachable (with lynx) > > I have also solr that return a 403 to hybris, but an issue at a time... > > Kind regards
smime.p7s
Description: S/MIME cryptographic signature
