Permalink
Browse files

Protect SOLR access from outside Docker network

Alfresco REST API urls return 403
SOLR Web Console requires Basic Auth
  • Loading branch information...
angelborroy-ks committed Sep 14, 2018
1 parent c36c5af commit 5aecf9207832f75c0d038adfccbaf98de2cc956c
Showing with 32 additions and 1 deletion.
  1. +14 −0 README.md
  2. +1 −1 docker-compose.yml
  3. +16 −0 volumes/config/nginx.conf
  4. +1 −0 volumes/config/nginx.htpasswd
View
@@ -93,6 +93,20 @@ PG_MAX_PARALLEL_WORKERS_PER_GATHER=1
PG_MAX_PARALLEL_WORKERS=1
```
## SOLR Considerations
Alfresco SOLR API has been protected to be accessed from outside Docker network. You can enable this URLs removing following lines at [nginx.conf](https://github.com/keensoft/docker-alfresco/blob/master/volumes/config/nginx.conf)
```
# Protect access to SOLR APIs
location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
```
SOLR Web Console (http://localhost/solr) access has been protected with Basic Auth. Default user/password is `admin/admin`, but it can be customised modifying the content of the file [nginx.htpasswd](https://github.com/keensoft/docker-alfresco/blob/master/volumes/config/nginx.htpasswd)
# How to use this composition
## Start Docker
View
@@ -105,7 +105,7 @@ services:
- content-app
- share
volumes:
- ./volumes/config/nginx.conf:/etc/nginx/conf.d/default.conf
- ./volumes/config:/etc/nginx/conf.d
- ./volumes/logs/nginx:/var/log/nginx
networks:
- internal
View
@@ -5,8 +5,10 @@ server {
proxy_pass_request_headers on;
proxy_pass_header Set-Cookie;
# Upload size unlimited
client_max_body_size 0;
# SharePoint URLs for Office clients
location ~ (^/spp|^/_vti_bin/|^/_vti_history/|^/_vti_inf.html$) {
proxy_pass http://alfresco:8080;
@@ -19,6 +21,13 @@ server {
proxy_pass_header Set-Cookie;
}
# Protect access to SOLR APIs
location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
# Alfresco Content Application
location / {
proxy_pass http://content-app;
@@ -31,6 +40,7 @@ server {
proxy_pass_header Set-Cookie;
}
# Alfresco Repository
location /alfresco/ {
proxy_pass http://alfresco:8080;
@@ -43,6 +53,7 @@ server {
proxy_pass_header Set-Cookie;
}
# Alfresco Share Web App
location /share/ {
proxy_pass http://share:8080;
@@ -55,9 +66,14 @@ server {
proxy_pass_header Set-Cookie;
}
# SOLR Web Console
location /solr/ {
proxy_pass http://solr6:8983;
# Basic authentication
auth_basic "Solr web console";
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
@@ -0,0 +1 @@
admin:YWG41BPzVAkN6

0 comments on commit 5aecf92

Please sign in to comment.