我一直在像http
这样的http IP上使用solr搜索http://xxx.xxx.xxx.xxx:8983/solr/#/
但出于安全考虑,我现在需要拥有一个域名+ https ,如
https://example.com:8983/solr/#/
或(?)
https://example.com/solr/#/
任何想法?
PS。我已经为我的域https://example.com/
启用了https答案 0 :(得分:-1)
您可以让solr只监听localhost并安装Apache或Nginx作为反向代理,在端口443上侦听公共IP上的HTTPS,并将请求转发到端口8983上的localhost。
使用NginX,您可以在Virtualhost文件中使用类似的内容:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
location / {
try_files $uri @proxy;
}
location @proxy {
include cors_support;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS "on";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:8983;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
tcp_nodelay on;
}
access_log /var/log/nginx/access-example.log;
error_log /var/log/nginx/error-example.log;
include snippets/ssl-params.conf;
include snippets/ssl-example.com.conf;
}
对于启用了模块代理和proxy_http的Apache:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin support@example.com
ServerName example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8983/
ProxyPassReverse / http://127.0.0.1:8983/
<Location />
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/privkey.pem
Include /etc/apache2/ssl/options-ssl-apache.conf
SSLCertificateChainFile /etc/apache2/ssl/chain.pem
</VirtualHost>
</IfModule>