If your data changes slowly and you don’t need to shard, master/slave is great. It is loosely coupled, so not as complicated as Solr Cloud. Each slave is an exact clone.
For master/slave, you can put an HTTP server (nginx, etc.) on each server and proxy traffic to Solr. Then configure Solr to only listen to localhost. The HTTP server should have plenty of tools for configuring access. The slave servers will contact the master on the port that the HTTP server uses. Also, even if you prevent access to the admin UI, a request to /update can delete all the content. It is really easy. This Gist shows how. https://gist.github.com/nz/673027/313f70681daa985ea13ba33a385753aef951a0f3 wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On Mar 16, 2020, at 8:20 AM, David Hastings <hastings.recurs...@gmail.com> > wrote: > > master slave is the idea that you have an indexing server you do all > indexing to and a search server that replicates the index, to deliver the > results etc. if you keep the indexer separate you can tune it differently > as well as protect the data. also means you can remove the delete/update > request handlers from the slave/searcher > > yes security by obscurity isnt ideal, but the over head of adding > authentication to requests i find unnecessary, > > On Mon, Mar 16, 2020 at 11:16 AM Ryan W <rya...@gmail.com> wrote: > >> On Mon, Mar 16, 2020 at 11:09 AM Walter Underwood <wun...@wunderwood.org> >> wrote: >> >>> What access do you want to prevent? How do you prefer to authenticate? >>> How do you manage users or roles? Master/slave or Solr Cloud? >>> >> >> I want to prevent access to the admin UI. >> >> I don't want to manage users or roles, preferably. I have only one user: >> staff. I want to prevent the public from accessing the admin UI. I'd be >> happy if I could set an IP address whitelist... especially if I don't have >> to learn a new framework (which I will never use for any other purpose) to >> do it. >> >> I don't know what master/slave is. These are new concepts that weren't >> required to secure Solr prior to 7x, and this is my first project using a >> version after 6x. >> >> Thanks! >> >> >> >>> >>> wunder >>> Walter Underwood >>> wun...@wunderwood.org >>> http://observer.wunderwood.org/ (my blog) >>> >>>> On Mar 16, 2020, at 7:44 AM, Ryan W <rya...@gmail.com> wrote: >>>> >>>> How do you, personally, do it? Do you use IPTables? Basic >>> Authentication >>>> Plugin? Something else? >>>> >>>> I'm asking in part so I'l have something to search for. I don't know >>> where >>>> I should begin, so I figured I would ask how others do it. >>>> >>>> I haven't been able to find anything that works, so if you can tell me >>> what >>>> works for you, I can at least narrow it down a bit and do some Google >>>> searches. Do I need to learn Solr's plugin system? Am I starting in >> the >>>> right place if I follow this document: >>>> >>> >> https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin >>>> >>>> Initially, the above document seems far too comprehensive for my needs. >>> I >>>> just want to block access to the Solr admin UI, and the list of >>> predefined >>>> permissions in that document don't seem to be relevant. Also, it seems >>>> unlikely this plugin system is necessary just to control access to the >>>> admin UI... or maybe it necessary? >>>> >>>> In any case, what is your approach? >>>> >>>> I'm using version 7.7.2 of Solr. >>>> >>>> Thanks! >>> >>> >>
