Hi All I found what I needed. It seems like I had to set SOLR_JETTY_HOST and SOLR_ZK_EMBEDDED_HOST to 0.0.0.0. I may have also have been mucking around with SOLR_HOME or SOLR_HOST environment variables which I also removed. Now it seems to be working as expected. I can get it all locked down with firewalls etc now.
Still finding the service won't start though with nssm and no useful message why. I'll take a look at alternative to nssm Jan. Shaun On Tue, 2 Dec 2025 at 06:38, Jan Høydahl <[email protected]> wrote: > Alternative to NSSM that I find even more pleasant to work with: > https://github.com/mtkennerly/shawl > > Jan Høydahl > > > 1. des. 2025 kl. 23:21 skrev Dave <[email protected]>: > > > > Thomas has the right idea, but even so I would go external > request->custom code->nginx->Solr and back again. The custom code lets > you have absolute control over what the external user can see, you don’t > want them to know it’s Solr on the back end at all. And yeah that nginx > config would work well unless there are some documents you want to keep > secure from one client to the next. Like you don’t want a school > accessing government documents maybe. Having the custom code allows you to > add a filter query based on the client authentication. For example I have > no business accessing a medical record from someone else but a doctor sure > does when needed. The customer code in between is a cya if you have > anything close to sensitive > > -david > > > >> On Dec 1, 2025, at 16:59, Thomas Corthals <[email protected]> > wrote: > >> > >> When I had to grant temporary access to an external developer to read > from > >> a single core. I proxied it through nginx as > https://solr.example.org:443 with > >> a Let's Encrypt certificate and basic authentication. > >> > >> Config looked something like this. I only exposed the select handler. > This > >> effectively blocks everything that isn't select. You could replace this > >> with a script running on nginx that sanitises queries, adds specific > >> filters based on the auth username … and the client wouldn't notice a > >> functional difference. > >> > >> auth_basic "My Solr"; > >> auth_basic_user_file /path/to/.htpasswd; > >> > >> location /solr/my_core/select { > >> proxy_pass http://10.0.0.1:8983/solr/my_core/select; > >> proxy_http_version 1.1; > >> > >> } > >> > >> > >> Op ma 1 dec 2025, 21:43 schreef Dave <[email protected]>: > >> > >>> Use an nginx proxy server instead of jetty to go from external to > >>> internal. Don’t ever expose solr to the public, block any update and > >>> delete commands, it should all be done inside the vpn and through > secondary > >>> code. If anyone sees raw solr commands it can be exploited easily. > >>> > >>>> On Dec 1, 2025, at 15:20, Shaun Campbell <[email protected]> > >>> wrote: > >>>> > >>>> Hi > >>>> > >>>> I'm updating a Solr 6 server to the latest 9.10 on a Windows server. > >>> It's a > >>>> simple stand-alone instance and not cloud or anything. Solr starts > but I > >>>> can only access it via localhost or 127.0.0.1. My aim is to access > Solr > >>>> from another server where my application is running. This is how it > used > >>> to > >>>> work and there was no problems. > >>>> > >>>> I have a development Linux laptop and changed SOLR_JETTY_HOST in the > solr > >>>> include file on that to 0.0.0.0 and I can now access Solr on my > laptop's > >>> ip > >>>> address. I tried to do the same on the Windows server and I can't get > >>>> anything to work apart from localhost. I want eventually to be able to > >>>> access it by the server name which I can ping. > >>>> > >>>> I'm also trying to run Solr as a Windows service which I used to do, > but > >>>> now the service just tries to start and then stops. I can't see any > >>> errors. > >>>> I wonder if the above issue is stopping it starting. > >>>> > >>>> Any ideas what I'm doing wrong? > >>>> > >>>> Many thanks > >>>> Shaun > >>> >
