Solr
  1. Solr
  2. SOLR-7020

Stop requiring jetty.xml edits to enable bin/solr to start in SSL mode

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0, 5.1
    • Component/s: None
    • Labels:
      None

      Description

      Right now we tell people to edit server/etc/jetty.xml to enable SSL: comment out the non-SSL connector(s), uncomment the SSL connector.

      Jetty can be started using alternate configuration files - see https://wiki.eclipse.org/Jetty/Reference/jetty.xml_usage - we should make use of this capability and provide an SSL-enabled alternative to jetty.xml that bin/solr start can use when SSL is enabled. That way no manual edits to jetty.xml will be required.

        Activity

        Hide
        Steve Rowe added a comment -

        Patch against branch_5x implementing the idea.

        I chose the name jetty-https-ssl.xml for the alternative jetty config file, to avoid collision with the Jetty 9 changes on trunk (SOLR-4839) that will eventually be backported to branch_5x. (Trunk has files named jetty-ssl.xml and jetty-https.xml.)

        bin/solr start will choose to use jetty-https-ssl.xml instead of the default jetty config file when $SOLR_SSL_OPTS is defined - just like already happens when it chooses the url scheme used to address running instances - so no explicit options are required to choose the SSL jetty config file.

        Show
        Steve Rowe added a comment - Patch against branch_5x implementing the idea. I chose the name jetty-https-ssl.xml for the alternative jetty config file, to avoid collision with the Jetty 9 changes on trunk ( SOLR-4839 ) that will eventually be backported to branch_5x. (Trunk has files named jetty-ssl.xml and jetty-https.xml .) bin/solr start will choose to use jetty-https-ssl.xml instead of the default jetty config file when $SOLR_SSL_OPTS is defined - just like already happens when it chooses the url scheme used to address running instances - so no explicit options are required to choose the SSL jetty config file.
        Hide
        Anshum Gupta added a comment -

        This looks good. We should get this in 5.0 too.

        Show
        Anshum Gupta added a comment - This looks good. We should get this in 5.0 too.
        Hide
        Steve Rowe added a comment -

        Thanks for the review, Anshum. Committing shortly.

        Show
        Steve Rowe added a comment - Thanks for the review, Anshum. Committing shortly.
        Hide
        ASF subversion and git services added a comment -

        Commit 1654078 from Use account "steve_rowe" instead in branch 'dev/branches/branch_5x'
        [ https://svn.apache.org/r1654078 ]

        SOLR-7020: 'bin/solr start' should automatically use an SSL-enabled alternate jetty configuration file when in SSL mode, eliminating the need for manual jetty.xml edits.

        Show
        ASF subversion and git services added a comment - Commit 1654078 from Use account "steve_rowe" instead in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1654078 ] SOLR-7020 : 'bin/solr start' should automatically use an SSL-enabled alternate jetty configuration file when in SSL mode, eliminating the need for manual jetty.xml edits.
        Hide
        ASF subversion and git services added a comment -

        Commit 1654079 from Use account "steve_rowe" instead in branch 'dev/branches/branch_5x'
        [ https://svn.apache.org/r1654079 ]

        SOLR-7020: add attribution to CHANGES entry

        Show
        ASF subversion and git services added a comment - Commit 1654079 from Use account "steve_rowe" instead in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1654079 ] SOLR-7020 : add attribution to CHANGES entry
        Hide
        ASF subversion and git services added a comment -

        Commit 1654080 from Use account "steve_rowe" instead in branch 'dev/branches/lucene_solr_5_0'
        [ https://svn.apache.org/r1654080 ]

        SOLR-7020: 'bin/solr start' should automatically use an SSL-enabled alternate jetty configuration file when in SSL mode, eliminating the need for manual jetty.xml edits. (merged branch_5x r1654078 and r1654079)

        Show
        ASF subversion and git services added a comment - Commit 1654080 from Use account "steve_rowe" instead in branch 'dev/branches/lucene_solr_5_0' [ https://svn.apache.org/r1654080 ] SOLR-7020 : 'bin/solr start' should automatically use an SSL-enabled alternate jetty configuration file when in SSL mode, eliminating the need for manual jetty.xml edits. (merged branch_5x r1654078 and r1654079)
        Hide
        Shalin Shekhar Mangar added a comment -

        Hi Steve, this isn't mentioned in the CHANGES.txt on trunk in the 5.0 section.

        Show
        Shalin Shekhar Mangar added a comment - Hi Steve, this isn't mentioned in the CHANGES.txt on trunk in the 5.0 section.
        Hide
        ASF subversion and git services added a comment -

        Commit 1657615 from Steve Rowe in branch 'dev/trunk'
        [ https://svn.apache.org/r1657615 ]

        SOLR-7020: add CHANGES entry on trunk

        Show
        ASF subversion and git services added a comment - Commit 1657615 from Steve Rowe in branch 'dev/trunk' [ https://svn.apache.org/r1657615 ] SOLR-7020 : add CHANGES entry on trunk
        Hide
        Steve Rowe added a comment -

        Hi Steve, this isn't mentioned in the CHANGES.txt on trunk in the 5.0 section.

        Thanks Shalin, I've added the entry on trunk. Unusual situation where trunk didn't get any changes because of the Jetty 9 stuff.

        Show
        Steve Rowe added a comment - Hi Steve, this isn't mentioned in the CHANGES.txt on trunk in the 5.0 section. Thanks Shalin, I've added the entry on trunk. Unusual situation where trunk didn't get any changes because of the Jetty 9 stuff.
        Hide
        Shalin Shekhar Mangar added a comment -

        Unusual situation where trunk didn't get any changes because of the Jetty 9 stuff.

        Yes, Steve. The Jetty 9 stuff is overdue on branch_5x and I'll get to it soon. Still, the change log for 5.0 should be identical in both places. Thanks for updating!

        Show
        Shalin Shekhar Mangar added a comment - Unusual situation where trunk didn't get any changes because of the Jetty 9 stuff. Yes, Steve. The Jetty 9 stuff is overdue on branch_5x and I'll get to it soon. Still, the change log for 5.0 should be identical in both places. Thanks for updating!
        Hide
        Steve Rowe added a comment -

        Still, the change log for 5.0 should be identical in both places.

        Completely agree, my mistake in not thinking of it.

        Show
        Steve Rowe added a comment - Still, the change log for 5.0 should be identical in both places. Completely agree, my mistake in not thinking of it.
        Hide
        Timothy Potter added a comment -

        Bulk close after 5.1 release

        Show
        Timothy Potter added a comment - Bulk close after 5.1 release

          People

          • Assignee:
            Steve Rowe
            Reporter:
            Steve Rowe
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development