Setting up Solr

May 8 2012

Few of my Ruby friends have a hard time setting up Solr for their Prod / EC2 servers. Solr is a Java web application and also come with a Jetty distribution so that you can just do -

java -jar SOLR_DOWNLOAD/example/start.jar

This however is not recommended for production as this is just running Solr on the bundled Jetty and Solr Admin is unsecured.

To setup a clean and secure Solr instance, I usually do the following -

  1. Copy the $SOLR_DOWNLOAD/example/solr directory somewhere else. For example $HOME/config/solr. This is now your solr config directory.
  2. Download Tomcat and add the following line to $TOMCAT_HOME/bin/catalina.sh
    CATALINA_OPTS="-Dsolr.solr.home=/home/rockyj/conf/solr"

    This basically sets the solr.solr.home Java environment variable.

  3. Copy the solr.war (you may need to rename this) from your SOLR_DOWNLOAD/dist to $TOMCAT_HOME/webapps.
  4. Start Tomcat
    $TOMCAT_HOME/bin/startup.sh
  5. Go to http://localhost:8080/solr. You should see the Solr home page with the link to Admin page. The Admin is unsecured right now. The basic Solr installation works now.
  6. Shutdown Tomcat.
  7. Let us now add a Solr core. Solr core allow you to use a single Solr webapp with many configurations and indexes for different aplications, each with their own config and schema.
  8. In your $HOME/config/solr/solr.xml file edit the cores tag like this -
       <cores adminPath="/admin/cores" defaultCoreName="collection1">
         <core name="collection1" instanceDir="." />
         <core name="core1" instanceDir="./core1" />
       </cores>

    This creates a new core which will look for its config in $HOME/config/solr/core1/ (in our case). The default core will be called "collection1" and our new core is "core1".

  9. Now create a directory in your $HOME/config/solr called "core1" and copy the "conf" directory from $HOME/config/solr into the "core1" directory. Create an empty directory called "data" as well in "core1".
  10. Now your new core is all setup. Restart Tomcat and check the admin page, you should see a new core listed there.
  11. Let us secure the admin page then. We will do this the standard Java way. In your $TOMCAT_HOME/webapps/solr/WEB-INF/web.xml add -
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>Solr Admin</web-resource-name>
          <url-pattern>/admin/*</url-pattern>
          <url-pattern>/collection1/admin/*</url-pattern>
          <url-pattern>/core1/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>tomcat</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>default</realm-name>
      </login-config>

    Here we are basically securing url patterns (the admin pages) with HTTP BASIC and providing access to user "tomcat".

  12. To activate the "tomcat" user, uncomment the tags in $TOMCAT_HOME/conf/tomcat-users.xml. You can change both the username and password there.
  13. That's it, once Tomcat is restarted, the admin urls should pop up a HTTP BASIC auth window.
  14. Finally don't forget to setup your firewall and block Tomcat's port 8080. For Ubuntu I highly recommend the ultra simple "UFW".