About Features Downloads Getting Started Documentation Events Support GitHub

Love VuFind®? Consider becoming a financial supporter. Your support helps build a better VuFind®!

VuFind Documentation

Site Tools

You are here: start » administration » security
Trace:
Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
administration:security [2023/03/13 11:50] demiankatzadministration:security [2023/06/30 11:02] – [Allowing Access to the Solr Host] demiankatz
Line 97: Line 97:
 ./solr.sh start ./solr.sh start
 </code> </code>
 +
 +See the note under [[administration:security#setting_up_cron_jobs|setting up cron jobs]] above for an explanation of the -s switch on su.
  
 If you are automatically starting Solr, make sure that your configuration includes the appropriate username. See the [[/administration:starting_and_stopping_solr|Starting and Stopping Solr]] page for more details. If you are automatically starting Solr, make sure that your configuration includes the appropriate username. See the [[/administration:starting_and_stopping_solr|Starting and Stopping Solr]] page for more details.
Line 137: Line 139:
 [[administration:starting_and_stopping_solr#restarting_solr_manually|Restart the Solr process]] so the changes can take effect. [[administration:starting_and_stopping_solr#restarting_solr_manually|Restart the Solr process]] so the changes can take effect.
  
 +==== Allowing Access to the Solr Host ====
 +
 +Starting with Solr 9 (and thus affecting VuFind® releases 9.0 and later), Solr will only allow "localhost" connections by default. If you wish to access Solr from another server or workstation, you will need to choose one of these solutions:
 +
 +=== Option 1: Reconfigure SOLR_JETTY_HOST ===
 +
 +If you want to permanently allow Solr to accept connections using a hostname other than "localhost," you can set the SOLR_JETTY_HOST environment variable to control this behavior. If you set the variable to "0.0.0.0" it will accept connections using any name. If you set the variable to a specific hostname, then ONLY that hostname will be allowed (e.g. if you set SOLR_JETTY_HOST to "myserver.myuniversity.edu" then "localhost" connections will stop working, and all Solr traffic must use the hostname). See [[https://solr.apache.org/guide/solr/latest/deployment-guide/taking-solr-to-production.html#security-considerations|Taking Solr to Production]] for more details.
 +
 +=== Option 2: Use SSH Tunneling ===
 +
 +If you only want to temporarily access Solr from another location, you can do so without loosening security by opening an SSH tunnel to expose the Solr port on another machine, effectively allowing "localhost" access remotely. SSH tunneling is available through the standard Unix ssh command line tool and through graphical clients like PuTTY. It is beyond the scope of this documentation to explain SSH tunneling in detail, but if you use a search engine to look for "SSH tunnel" and your client or operating system of choice, you should be able to find a wealth of tutorials on the subject.
 ===== Locking Down the Admin Panel ===== ===== Locking Down the Admin Panel =====
  
administration/security.txt · Last modified: 2024/05/22 17:27 by demiankatz