On 9/1/22 19:06, Victoria Stuart (VictoriasJourney.com) wrote:
I am moving from client-side (my personal local host environment; Linux) to
Solr running as a standalone backend server on a cloud VPS.
The web domain (mine) is SSL-only, and Solr is SSL-enabled with a signed (Let's
Encrypt) certificate. My domain index.html page includes a search interface
(input element) to Solr.
I am largely unfamiliar with deployment of Solr to the web.
SSL etc. is enabled in "solr.in.sh", as is Basic Authentication. "security.json" is present in
"$SOLR_HOME". Access to the Admin UI is password-protected (my Solr administrator username, password) with
"admin" role / privileges in Solr.
I want to allow anonymous (i.e. any) users to be able search the site; however
they are being required to log in to Solr.
How do I enable this - either in the Admin UI Security pane, or manually-editing
"security.json"?
You should NOT allow any IP address get to Solr's port other than your
applications and trusted admins. If you follow that advice, then you
probably don't even need authentication, just a restriction of source IP
addresses. If somebody compromises your application(s), then they would
be able to get to Solr ... but that would also be the case even if you
have authentication.
End users should be using your application to do their searches, not a
direct connection to Solr.
Thanks,
Shawn
