DataStax Help Center

Configuring the DSE Solr HTTP/HTTPS port for customised settings

Summary

DSE Solr makes use of an embedded apache tomcat webserver. The settings for the web server are all configured as part of the DSE install and setup. Tomcat uses HTTP connectors to allow incoming HTTP / HTTPS connections and DSE will configure these as required with default settings.

In some cases there may be a requirement to deviate from the default settings, a good example is where there is a requirement to alter SSL cipher settings to disable weaker ciphers as part of security requirements.

This note discusses how this is achieved and should help as a guide to configuring other settings for the default DSE Solr HTTP port.

Solution

The tomcat HTTP connector settings reside in the server.xml file which is located as follows:

In package installs you'll find it under /usr/share/dse/tomcat/conf

In tarball installs its under <dse home>/resources/tomcat/conf/

The server.xml file is quite well commented. Note the comments informing the user that once a connector is configured in here then DSE will not automatically manage the connector settings.

Example of a connector configured for SSL with a required SSL Cipher:

<Connector port="8900" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/etc/dse/dse.keystore"
keystorePass="datastax"
clientAuth="false" sslProtocol="SSL"
ciphers="SSL_RSA_WITH_DES_CBC_SHA"
/>

Once the configuration is done then restart DSE.

Testing

If using SSL it can be easily tested with openssl s_client. The example below shows the port being tested with a non-compliant cipher and being rejected

$ openssl s_client -connect 10.1.2.3:8983 -cipher RC4-SHA
CONNECTED(00000003)
140699447514952:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 101 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk