DEV Community

Loknath Dhar
Loknath Dhar

Posted on

2 1

SSL with Apache Solr

Setting up SSL

As I am highly dependent on official documentation, I found that Apache Solr maintain an awesome documentation from which I learned a lot. Setting up SSL can be found here. I am writing this for easier step by step setup.

Happy Searching!

Generate certificate & key

From the official documentation, you can generate a self-signed certificate to test your setup. But for the trusted authority, generate a certificate and convert it to .pfx format, which is type PKCS12.

And before starting Solr, we need to configure zookeeper.

Configure Zookeeper

We must configure Solr cluster properties in Zookeeper so that Solr nodes know to communicate via SSL. After creating, setting up and starting Zookeeper, we need to setup urlScheme cluster-wide property to https before any Solr nodes start up.

For Unix, go to $solr_home and run,

server/scripts/cloud-scripts/zkcli.sh -zkhost server1:2181,server2:2181,server3:2181 -cmd clusterprop -name urlScheme -val https
Enter fullscreen mode Exit fullscreen mode

For existing collections, we can update cluster properties by using the Collections API (CLUSTERPROP):

http://IP:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https
Enter fullscreen mode Exit fullscreen mode

This command only needs to be run on one node of the cluster, the change will apply to all nodes.

Configure Solr

At this point, I think we all have set up zookeeper properly, have certificates and key at hand and didn't start Solr. Now, let's set up system properties of Solr in $solr_home/bin/solr.in.sh or, /etc/default/solr.in.sh:

SOLR_SSL_ENABLED=true
SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.p12    # define your store path
SOLR_SSL_KEY_STORE_PASSWORD=secret    # use your store password
SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.p12    # define your store path
SOLR_SSL_TRUST_STORE_PASSWORD=secret    # use your store password
SOLR_SSL_NEED_CLIENT_AUTH=false
SOLR_SSL_WANT_CLIENT_AUTH=false
SOLR_SSL_CHECK_PEER_NAME=true
Enter fullscreen mode Exit fullscreen mode

Now, start Solr and it's working.

If you use curl, see the official documentation section on how to use curl in case of SSL.

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay