OK, so I'm not a server guru, but I need to figure out how to set up authentication for our solr server admin page. I'm trying to follow the steps outlined here:
https://lucidworks.com/2015/08/17/securing-solr-basic-auth-permission-rules/
I can't even complete the first step, upload the JSON file. I created the JSON file, but when I go to upload it, I get a "command not found" error when trying to run zkcli.sh. Do I need to set something up with Zookeeper first to get this to run? What should I check?
EDIT: I followed some tutorials online and did the following:
1) set jetty-http.xml to localhost (changing the host to 127.0.0.1) by adding the line:
<Set name="Host"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set>
2) I also added the following to the apache config file (obv changing to correct path in the path to htpasswd):
<Location /solr >
AuthName "Secure Area"
AuthType Basic
AuthUserFile /path/to/htpasswd/.htpasswd require valid-user
</Location>
ProxyPass /solr http://localhost:8983/solr
ProxyPassReverse /solr http://localhost:8983/solr
3) I set up a password via htpasswd.
4) I restarted the server. I refreshed the solr page and nothing; it's a broken link.
What am I doing wrong?
(Unfortunately every time I do that the solr core also disappears and refuses to load. That's another issue though, which I thought was related to permissions but doesn't seem to be...)
You can follow these steps to get the basic authentication work in solr.
Assuming you have ubuntu OS and installled the server using the install script.
Step1. sudo vi /opt/solr/server/etc/jetty.xml
Add the following code towards the end of the file before the "" tag.
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
Step2. sudo vi /opt/solr/server/etc/webdefault.xml
Add the following code towards the end of the file before the "" tag.
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>core1-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Step3. Create the file "/opt/solr/server/etc/realm.properties" with the following contents:
USERNAME: PASSWORD,core1-role
The username and password is stored in the following file /opt/solr/server/etc/realm.properties
Related
I freshly installed Apache Tomcat via ansible on CentOS 7 VM but it seems that I can't access anything. I tried editing the tomcat-users.xml with
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manager"/>
<role rolename="manager-gui"/>
<user username="hultanu" password="hultanu" roles="admin,admin-gui,manager,manager-gui"/>
</tomcat-users>
Still nothing, it keep giving me 403 when I try to access "Server Status, Manager App or Host Manager". Any ideas?
Thank you !
I have just downloaded and installed a fresh/clean version of Apache 8.5.16, copied your tomcat-users.xml into my conf folder and able to browse to the server and login to the management/admin pages using the defined user (hultanu) perfectly fine. However this was done on my Windows 10 machine.
This plus the fact you are getting a 403 (Forbidden) rather than a 401 (Unauthorized) would make me think that your user settings are fine, but there is something more fundamentally wrong with your installation of Tomcat.
Are you able to browse to the tomcat instance when running and see the standard welcome screen (by default that would be localhost:8080)?
At what point do you get the 403 response (do you get asked for login details)?
Also - not sure if this is a duplicate of this question here
Following this howto I tried to set up my Debian 8 server with Apache 2.4.10 and MySQL 5.5.50 to use MySQL as authentication backend for my SVN. I get an internal server error and can't figure out why.
First I added the file /etc/apache2/conf-available/dbd_mysql.conf, containing
<IfModule mod_dbd.c>
DBDriver mysql
DBDParams "host=localhost user=THEUSER pass=THEPASS"
DBDMin 2
DBDKeep 4
DBDMax 10
DBDExptime 300
</IfModule>
of course followed by
a2enconfig dbd_mysql
I've set up a MySQL Database "authdb" containing the table "mysql_auth" with basically two important columns, "username" and "password". The specific database is accessible by a user, which I will refer to as "THEUSER" with SELECT permission.
Then I added the site specific configuration in /etc/apache2/site-available/svn.conf:
DBDParams "dbname=authdb"
<Location /svn/private/>
DAV svn
SVNParentPath /svn/private/
AuthzSVNAccessFile /svn/auth/accesslist_private
SSLRequireSSL
AuthUserFile /dev/null
AuthName "SVN"
AuthType Basic
<IfModule mod_authn_dbd.c>
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM mysql_auth WHERE username = %s"
Require valid-user
</IfModule>
</Location>
This site configuration has already been enabled so I restarted the Apache and found something in the log file which I absolutely can not understand:
[dbd:error] [pid 15225] (20014)Internal error: AH00629: Can't connect to mysql: Access denied for user 'A LOCAL SYSTEM USER'#'localhost' (using password: NO)
[dbd:error] [pid 15225] (20014)Internal error: AH00633: failed to initialise
[authn_dbd:error] [pid 15225] [client XX.XX.XX.XX:XYZ] AH01653: Failed to acquire database connection to look up user 'some_user'
This error repeats whenever I try to access my SVN repository.
What is really strange about this is that there is a user in the log file which I absolutely do not expect to find here. It is a system user who as nothing to do with neither MySQL nor Apache. This user is only used to login with SSH. Which point am I missing? Any help would be appreciated!
Finally figured out the problem. Obviously the content of my configuration file was loaded after the content of my site definition.
The solution was as follows: I moved the content from dbd_mysql.conf right in front of the -Definition of my /etc/apache2/site-available/svn.conf, disabled the conf, reloaded Apache and everything worked.
What I haven't figured out yet is, if my configuration is faulty because I would have expected that the configuration is loaded before my site definition which relies on the previous configuration.
I am using Tomcat8. I deployed a war file by name admin.war.This resulted in my URL turning out to
http://localhost:8080/admin.
Nevertheless, I want the URL to be http://localhost:8080. So I tried adding the following inside /conf/server.xml as mentioned here.
< Context path="" docBase="Advocatoree" debug="0" reloadable="true" >
However, this did not work. Is there an alternative?
Try to add a file called ROOT.xml in <catalina_home>/conf/Catalina/localhost/
And enter there the following:
<Context
docBase="yourAppName"
path=""
reloadable="true"
/>
Now your application is default application on your server and you can access it with URL http://localhost:8080
I have a GWT app, I'm using the MVP4G framework. I'm able to pull up my app just fine if I use HTTP. However, when I try to open it using HTTPS it does not work. My entire site works fine with the SSL certificate I have.
Is there a particular configuration that I need to enable when I compile GWT? Or is there something I need to do in my apache configuration? Any help would be greatly appreciated, thank you.
SSL should not affect your application, because SSL runs on an other Layer.
To configure HTTPS you must set the security constraints in web.xml and connect to "https://" afterwards not to "http://". If you connect to "http://" you receive a blank page.
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I need to restrict access to a particular URL, e.g. http://mydomain.com/this/is/the/url on my webserver using Basic Authentication through Apache. Any other URL should be openly accessible. I have seen that you can add specific rules to files using:
<Files "mypage.html">
Require valid-user
</Files>
My problem is that all requests are routed to controllers using mod-rewrite and so I don't think that I can restrict access based on the file. Any ideas would be most helpful!
In .htacess file you should put :
AuthType Basic
AuthName "Need to login"
AuthUserFile .htpasswd file location ;
Require user USER
//AuthName is login prompt message
//AuthUserFile is physical .htpasswd file location i.e.
C:/xampp/htdocs/basic/.htpasswd
//Require user is for a specific user i.e. the username you want to
authenticate
To generate .htpasswd file you can use :
- http://www.htaccesstools.com/htpasswd-generator/
I'm not sure if this would work/help, but you could specify something in your application web.xml.
<security-constraint>
<display-name>Public access</display-name>
<web-resource-collection>
<web-resource-name>PublicPages</web-resource-name>
<description>Public</description>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Secured access</display-name>
<web-resource-collection>
<web-resource-name>SecuredPages</web-resource-name>
<description>Secured pages</description>
<url-pattern>/services/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>General Access</description>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SecurePages</realm-name>
</login-config>
<security-role>
<description>General Access</description>
<role-name>*</role-name>
</security-role>