Note: Throughout this document, the reference [Tomcat install dir] is the directory where Tomcat is installed. Typically, this location is C:\Program Files\Apache Software Foundation\Tomcat 6.0 or C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0.
Open [Tomcat install dir]\tomcat-users.xml for editing.
Add the following lines within the <tomcat-user> element and save the changes (using your own username and password):
<user username="your_username" password="your_password" roles="solr_admin" />
Open [Tomcat install dir]\webapps\solr\WEB-INF\web.xml for editing.
"solr" in the path is the name of the instance you want to secure. Typically this is called "solr," but could be different if you are running an advanced setup.
Add the following lines within the <web-app> element:
<security-role> <role-name>solr_admin</role-name> </security-role> <security-constraint>
Save the changes and restart Tomcat. Test your changes by starting a new browser session and navigating to your site, for ex. http://localhost:8080/solr/. You should be prompted for credentials.
Download the following communityserver_override.config file.
Place this file in the root of your web site directory.
Find the section in this file which is highlighted below:
<Override xpath="/CommunityServer/Search/Solr" mode="change" name="host" value="http://localhost:8080/solr" />
You can work with your IT department to limit connections, but if this kind of restriction is not an option you can enforce connection rules using Tomcat configuration.
Open the solr.xml file in [Tomcat Install Dir]/conf/Catalina/localhost/. Create the file if it does not exist.
The name of the file should match your instance name. A typical setup is running Solr at http://localhost:8080/solr, so the file should be named solr.xml (all lowercase, case-sensitive characters). If you set up Solr to run at a different location, for example, http://localhost/solr1, the file must be named solr1.xml.
Add the code snippet below to the file, but update the docBase value with the path to where your solr.war file resides. (Typically, this would be [Tomcat install dir]/webapps/.) For example, the following example only allows local connections from the local computer and connections from 127.0.0.1 and 18.104.22.168:
<Context docBase="C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\solr.war" debug="0" crossContext="true"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,22.214.171.124" /> </Context>
Save your work and restart Tomcat.
After restricting solr access with a user account, it seemed to work well enough. However, I checked the catalina logs, and found a lot of errors like this...
Apr 7, 2014 1:49:25 PM org.apache.catalina.startup.ContextConfig validateSecurityRoles
INFO: WARNING: Security role name solr_admin used in an without being defined in a
Everything works, so I'm leaving it in place. However, I wonder if there's a place in the tomcat config I can define a security role to eliminate the error messages.
Thanks dsentelle. The documentation has been updated. Step 3 in the first section above was missing the following declaration:
Powered by Zimbra