Thanks Jan, the use of Shawl showed me that I had JAVA_HOME set as a local environment variable and not a system variable. All sorted now. Thank you everyone for your help.
Shaun On Tue, 2 Dec 2025 at 11:26, Shaun Campbell <[email protected]> wrote: > Hi All > > I found what I needed. It seems like I had to set SOLR_JETTY_HOST and > SOLR_ZK_EMBEDDED_HOST to 0.0.0.0. I may have also have been mucking around > with SOLR_HOME or SOLR_HOST environment variables which I also removed. > Now it seems to be working as expected. I can get it all locked down with > firewalls etc now. > > Still finding the service won't start though with nssm and no useful > message why. I'll take a look at alternative to nssm Jan. > > Shaun > > On Tue, 2 Dec 2025 at 06:38, Jan Høydahl <[email protected]> wrote: > >> Alternative to NSSM that I find even more pleasant to work with: >> https://github.com/mtkennerly/shawl >> >> Jan Høydahl >> >> > 1. des. 2025 kl. 23:21 skrev Dave <[email protected]>: >> > >> > Thomas has the right idea, but even so I would go external >> request->custom code->nginx->Solr and back again. The custom code lets >> you have absolute control over what the external user can see, you don’t >> want them to know it’s Solr on the back end at all. And yeah that nginx >> config would work well unless there are some documents you want to keep >> secure from one client to the next. Like you don’t want a school >> accessing government documents maybe. Having the custom code allows you to >> add a filter query based on the client authentication. For example I have >> no business accessing a medical record from someone else but a doctor sure >> does when needed. The customer code in between is a cya if you have >> anything close to sensitive >> > -david >> > >> >> On Dec 1, 2025, at 16:59, Thomas Corthals <[email protected]> >> wrote: >> >> >> >> When I had to grant temporary access to an external developer to read >> from >> >> a single core. I proxied it through nginx as >> https://solr.example.org:443 with >> >> a Let's Encrypt certificate and basic authentication. >> >> >> >> Config looked something like this. I only exposed the select handler. >> This >> >> effectively blocks everything that isn't select. You could replace this >> >> with a script running on nginx that sanitises queries, adds specific >> >> filters based on the auth username … and the client wouldn't notice a >> >> functional difference. >> >> >> >> auth_basic "My Solr"; >> >> auth_basic_user_file /path/to/.htpasswd; >> >> >> >> location /solr/my_core/select { >> >> proxy_pass http://10.0.0.1:8983/solr/my_core/select; >> >> proxy_http_version 1.1; >> >> >> >> } >> >> >> >> >> >> Op ma 1 dec 2025, 21:43 schreef Dave <[email protected]>: >> >> >> >>> Use an nginx proxy server instead of jetty to go from external to >> >>> internal. Don’t ever expose solr to the public, block any update and >> >>> delete commands, it should all be done inside the vpn and through >> secondary >> >>> code. If anyone sees raw solr commands it can be exploited easily. >> >>> >> >>>> On Dec 1, 2025, at 15:20, Shaun Campbell <[email protected]> >> >>> wrote: >> >>>> >> >>>> Hi >> >>>> >> >>>> I'm updating a Solr 6 server to the latest 9.10 on a Windows server. >> >>> It's a >> >>>> simple stand-alone instance and not cloud or anything. Solr starts >> but I >> >>>> can only access it via localhost or 127.0.0.1. My aim is to access >> Solr >> >>>> from another server where my application is running. This is how it >> used >> >>> to >> >>>> work and there was no problems. >> >>>> >> >>>> I have a development Linux laptop and changed SOLR_JETTY_HOST in the >> solr >> >>>> include file on that to 0.0.0.0 and I can now access Solr on my >> laptop's >> >>> ip >> >>>> address. I tried to do the same on the Windows server and I can't get >> >>>> anything to work apart from localhost. I want eventually to be able >> to >> >>>> access it by the server name which I can ping. >> >>>> >> >>>> I'm also trying to run Solr as a Windows service which I used to do, >> but >> >>>> now the service just tries to start and then stops. I can't see any >> >>> errors. >> >>>> I wonder if the above issue is stopping it starting. >> >>>> >> >>>> Any ideas what I'm doing wrong? >> >>>> >> >>>> Many thanks >> >>>> Shaun >> >>> >> >
