Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Solr admin UI redirecting root path requests to http instead of https 
On 5/24/2022 4:34 PM, Greg Wilkins wrote:
To turn on relative redirects, you need to set the property `jetty.httpConfig.relativeRedirectAllowed=true`, which can be done on the command line or better yet in the server.ini file.
There is no server.ini file in a Solr install.  How would I configure that?  We certainly could define a sysprop on the commandline, we already do it for other things, but I would prefer a way to do it through configuration rather than commandline parameters.  The full command that the script uses to start Solr is already quite long.  This is from a stock install of version 8.11.1:
java -server -Xms512m -Xmx512m -XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch -XX:+ExplicitGCInvokesConcurrent -Xlog:gc*:file=/var/solr/logs/solr_gc.log:time,uptime:filecount=9,filesize=20M -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes= -Dsolr.log.dir=/var/solr/logs -Djetty.port=8981 -DSTOP.PORT=7981 -DSTOP.KEY=solrrocks -Dhost=127.0.0.1 -Duser.timezone=UTC -XX:-OmitStackTraceInFastThrow -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8981 /var/solr/logs -Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data -Dsolr.data.home= -Dsolr.install.dir=/opt/solr -Dsolr.default.confdir=/opt/solr/server/solr/configsets/_default/conf -Dlog4j.configurationFile=/var/solr/log4j2.xml -Xss256k -Dsolr.log.muteconsole -jar start.jar --module=http --module=gzip
Would you expect configuring ForwardedRequestCustomizer in our provided jetty.xml (or one of the other xml configs when using SSL) to cause problems?  If I understand what it does correctly, I would not expect it to cause problems for users who do not have a proxy, but I haven't looked at the code and I am hoping that someone here knows enough about it that they can answer that question.
I am inclined right now to uncomment the ForwardedRequestCustomizer section in our xml configs for our next release, if someone can tell me that it would be a safe thing to do.  I've done some minimal testing and it did not appear to cause any issues.  But it certainly was not an extensive test.  Maybe I can find a co-conspirator with a large development or testing SolrCloud cluster that would be willing to try it out. 

Thanks,
Shawn

Back to the top