I set up a Solr server on my Debian 10 VPS to do Full Text Search in my email archiv with email clients. I use Dovecot as IMAP server on the same host.
Everythings works fine so far.
But what I don't understand is: How to secure Solr?
By default everybody can reach my admin panel (and probably the API) by http://example.com:8983
To close the door I enabled Basic Authentication by creating a security.json file according to Solr reference guide https://solr.apache.org/guide/8_8/basic-authentication-plugin.html
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="},
"realm":"My Solr users",
"forwardCredentials": false
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[{"name":"security-edit",
"role":"admin"}],
"user-role":{"solr":"admin"}
}
}
The Good: This works great, now people have to authenticate, The Ugly:
- Dovecot can't login to Solr anymore, no more search in my email archive
- The rest of the world can login with standard credentials user "solr" and passwort "SolrRocks".
How stupid is that? Is that securing?
So, who can help me to configure my Solr and Dovecot servers that only me is able to log in the admin panel AND Dovecot keeps working with Solr.
I know I could just turn off authentication and simply block port 8983 by firewall but this can't be the way to get it done. Moreover, I won't be able to log in the admin panel either.
Thanks for any hint.
My Dovecot "90-plugins.conf":
plugin {
fts = solr
fts_autoindex = yes
fts_solr = break-imap-search url=http://127.0.0.1:8983/solr/dovecot/
}