Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
administration:security [2018/12/19 17:32] – demiankatz | administration:security [2020/07/23 16:47] – demiankatz | ||
---|---|---|---|
Line 19: | Line 19: | ||
===== Locking Down Solr ===== | ===== Locking Down Solr ===== | ||
- | To ensure that your data is secure, it is advised that you lock down the solr server to only be accessible from your local webserver. The default port is 8080. This port should be locked down to eliminate security threats to your data. | + | To ensure that your data is secure, it is advised that you lock down the Solr server to only be accessible from your local webserver. The default port is 8983 in VuFind 7 and newer, |
Line 26: | Line 26: | ||
=== 1. Reconfigure Solr === | === 1. Reconfigure Solr === | ||
- | :!: If using VuFind 3.0 or newer, the Solr port number is controlled by the SOLR_PORT environment variable; just set this before [[administration: | + | If using VuFind 3.0 or newer, the Solr port number is controlled by the SOLR_PORT environment variable; just set this before [[administration: |
- | If using VuFind 2.x or earlier, you can change the port number used by Solr by editing the file solr/ | + | If using VuFind 2.x or earlier, you can change the port number used by Solr by editing the file solr/ |
- | + | ||
- | <code xml> | + | |
- | <Set name=" | + | |
- | </ | + | |
=== 2. Reconfigure VuFind === | === 2. Reconfigure VuFind === | ||
- | Edit the solr.hosturl setting in the import/ | + | You will need to adjust a few configuration files to reflect the new port number you have chosen. |
+ | |||
+ | == A. SolrMarc Import Configuration == | ||
+ | |||
+ | If you use SolrMarc to import MARC records, you must edit the solr.hosturl setting in the import/ | ||
< | < | ||
- | solr.hosturl = http:// | + | solr.hosturl = http:// |
</ | </ | ||
- | Edit the [Statistics] and/ | + | == B. VuFind Configuration == |
+ | |||
+ | To ensure that VuFind can perform Solr searches, edit the [Index] | ||
< | < | ||
- | [Statistics] | ||
- | ... | ||
- | solr = http:// | ||
- | ... | ||
[Index] | [Index] | ||
... | ... | ||
- | url = http:// | + | url = http:// |
</ | </ | ||
+ | |||
+ | == C. Other Configuration Files == | ||
+ | |||
+ | Some advanced features (such as [[indexing: | ||
=== 3. Restart Solr === | === 3. Restart Solr === | ||
Line 60: | Line 62: | ||
VuFind includes an administration module (accessible through < | VuFind includes an administration module (accessible through < | ||
+ | |||
+ | ===== Proxies and IP Authentication ===== | ||
+ | |||
+ | If you rely on IP authentication for setting VuFind permissions, | ||
+ | |||
+ | Starting with VuFind 7.0.1, the config.ini [Proxy] section contains an allow_forwarded_ips setting which can be used to control how VuFind identifies IP addresses based on HTTP headers. The full details on configuration options can be found in the comments in that file. | ||
+ | |||
+ | By default, all IP-forwarding headers are ignored, but by turning on allow_forwarded_ips, | ||
+ | |||
+ | If you plan to use this feature, you should install one of the many available browser plugins for editing HTTP headers, and determine exactly how your proxy behaves when receiving falsified headers. (A quick way to do to this is to var_dump the $_SERVER superglobal in a PHP script that you can access through your proxy). Based on this information, | ||
===== Securing User Credentials ===== | ===== Securing User Credentials ===== | ||
VuFind stores some user information in its database. | VuFind stores some user information in its database. | ||
+ | |||
+ | ===== Using a Content Security Policy ===== | ||
+ | |||
+ | Starting with VuFind 7.0, you can configure a [[administration: | ||
---- struct data ---- | ---- struct data ---- | ||
---- | ---- | ||
administration/security.txt · Last modified: 2024/05/22 17:27 by demiankatz