This tutorial provides a comprehensive guide to securing Apache Solr with an SSL certificate from Let’s Encrypt, a free and automated certificate authority. By following these steps, you will enable Solr to operate over HTTPS, ensuring encrypted communication. This guide assumes you are using a Linux server (Ubuntu/Debian) with Apache Solr and Apache2 web server already installed.
Prerequisites
- A server running Ubuntu/Debian with Apache Solr installed.
- Apache2 web server installed and configured.
- A registered domain name pointing to your server’s public IP.
- Root or sudo access to the server.
- Basic familiarity with terminal commands.
Step 1: Install Certbot
Certbot is the tool used to obtain and manage Let’s Encrypt SSL certificates.
- Update the package list:
sudo apt update - Install Certbot and the Apache plugin:
sudo apt install certbot python3-certbot-apache -y
Step 2: Obtain the SSL Certificate
Use Certbot to generate an SSL certificate for your domain.
- Run Certbot to request a certificate, replacing
solr.yourdomain.comwith your actual domain:sudo certbot --apache -d solr.yourdomain.com - Follow the prompts:
- Provide an email address for renewal notifications.
- Agree to the terms of service.
- Choose whether to redirect HTTP traffic to HTTPS (recommended).
- Certbot will generate and store the certificate files in
/etc/letsencrypt/live/solr.yourdomain.com/.
Step 3: Configure Apache Solr for SSL
Solr typically runs as a standalone service, but to enable SSL, you need to configure it to use the certificate and private key from Let’s Encrypt.
- Locate Solr’s configuration: Solr’s configuration files are usually in
/opt/solror the directory where Solr is installed. The main configuration file issolr.in.sh(orsolr.in.cmdon Windows). - Edit solr.in.sh: Open the file, typically located at
/opt/solr/bin/solr.in.sh:sudo nano /opt/solr/bin/solr.in.sh - Add SSL settings: Add or modify the following lines to enable SSL and point to the Let’s Encrypt certificate:
SOLR_SSL_ENABLED=true SOLR_SSL_KEY_STORE=/etc/letsencrypt/live/solr.yourdomain.com/privkey.pem SOLR_SSL_KEY_STORE_PASSWORD=your_keystore_password SOLR_SSL_TRUST_STORE=/etc/letsencrypt/live/solr.yourdomain.com/fullchain.pem SOLR_SSL_TRUST_STORE_PASSWORD=your_truststore_password SOLR_SSL_NEED_CLIENT_AUTH=false SOLR_SSL_WANT_CLIENT_AUTH=false- Replace
solr.yourdomain.comwith your domain. - Set
your_keystore_passwordandyour_truststore_passwordto secure passwords (you can generate random passwords if needed).
- Replace
- Save and exit: Save the file and exit the editor.
Step 4: Configure Apache2 for Proxying
Since Solr runs on its own server (default port 8983), you can use Apache2 as a reverse proxy to handle SSL and forward requests to Solr.
- Enable Apache modules: Ensure the required Apache modules are enabled:
sudo a2enmod proxy proxy_http ssl rewrite - Create a virtual host configuration: Create a new configuration file for Solr:
sudo nano /etc/apache2/sites-available/solr.conf - Add the virtual host configuration:
ServerName solr.yourdomain.com ProxyPreserveHost On ProxyPass /solr http://localhost:8983/solr ProxyPassReverse /solr http://localhost:8983/solr SSLEngine on SSLCertificateFile /etc/letsencrypt/live/solr.yourdomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/solr.yourdomain.com/privkey.pem ErrorLog ${APACHE_LOG_DIR}/solr_error.log CustomLog ${APACHE_LOG_DIR}/solr_access.log combined- Replace
solr.yourdomain.comwith your domain. - The
ProxyPassdirective forwards requests to Solr’s default port (8983).
- Replace
- Enable the site:
sudo a2ensite solr.conf - Restart Apache:
sudo systemctl restart apache2
Step 5: Restart Solr
Apply the SSL configuration by restarting Solr:
sudo systemctl restart solr
If Solr is not running as a service, stop and start it manually:
/opt/solr/bin/solr stop/opt/solr/bin/solr start
Step 6: Test the Configuration
- Open a browser and navigate to
https://solr.yourdomain.com/solr. You should see the Solr Admin interface over HTTPS. - Verify the SSL certificate by clicking the padlock icon in your browser to ensure it is issued by Let’s Encrypt.
- If you encounter issues, check the Apache logs:
sudo tail -f /var/log/apache2/solr_error.log - Check Solr logs, typically in
/var/solr/logs/solr.log.
Step 7: Automate Certificate Renewal
Let’s Encrypt certificates expire every 90 days, but Certbot can automate renewals.
- Test the renewal process:
sudo certbot renew --dry-run - Certbot’s cron job is usually set up automatically. Verify it:
sudo systemctl status certbot.timer - After renewal, restart Apache and Solr to apply the new certificate:
sudo systemctl restart apache2sudo systemctl restart solr
Troubleshooting Tips
- Certificate errors: Ensure the domain points to your server’s IP and that port 443 is open in your firewall.
- Solr not accessible: Verify that Solr is running (
sudo systemctl status solr) and that the proxy settings in Apache are correct. - Permission issues: Ensure the Solr user has read access to the certificate files:
sudo chown solr:solr /etc/letsencrypt/live/solr.yourdomain.com/*sudo chmod 640 /etc/letsencrypt/live/solr.yourdomain.com/*
Conclusion
You have successfully configured Apache Solr to use a Let’s Encrypt SSL certificate, securing communication over HTTPS. Regular maintenance includes monitoring certificate renewals and ensuring Solr and Apache services are running smoothly.
The post How to Configure Let’s Encrypt SSL with Apache Solr appeared first on TecAdmin.
Source: Read More
