inteligr8/SearchServices
1
0
Fork 0
mirror of https://github.com/Alfresco/SearchServices.git synced 2025-09-17 14:21:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

handle secureComms to secret

Browse Source
This commit is contained in:
Alex Chapellon
2022-02-04 20:08:32 +01:00
parent 70ae436254
commit 66692aaecf
2 changed files with 41 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
search-services/README.md
View File

@@ -385,7 +385,8 @@ The following environment variables are supported:
| SEARCH_LOG_LEVEL | ERROR, WARN, INFO, DEBUG or TRACE | The root logger level. | | SEARCH_LOG_LEVEL | ERROR, WARN, INFO, DEBUG or TRACE | The root logger level. |
| ENABLE_SPELLCHECK | true or false | Whether spellchecking is enabled or not. | | ENABLE_SPELLCHECK | true or false | Whether spellchecking is enabled or not. |
| DISABLE_CASCADE_TRACKING | true or false | Whether cascade tracking is enabled or not. Disabling cascade tracking will improve performance, but result in some feature loss (e.g. path queries). | | DISABLE_CASCADE_TRACKING | true or false | Whether cascade tracking is enabled or not. Disabling cascade tracking will improve performance, but result in some feature loss (e.g. path queries). |
| ALFRESCO_SECURE_COMMS | https or none | Whether communication with the repository is secured. See below. | | ALFRESCO_SECURE_COMMS | https, secret or none | Whether communication with the repository is secured. See below. |
| ALFRESCO_SECURE_COMMS_SHARED_SECRET | string | A shared secret for Solr and repository to authenticate each other |
| SOLR_SSL_... | --- | These variables are also used to configure SSL. See below. | | SOLR_SSL_... | --- | These variables are also used to configure SSL. See below. |
**Using Mutual Auth TLS (SSL)** **Using Mutual Auth TLS (SSL)**
@@ -414,6 +415,10 @@ $ docker run -p 8983:8983 \
searchservices:develop searchservices:develop
``` ```
**Using Shared secret authentication**
An alternative is to use a shared secret in order to secure repo <-> solr commnunication. You just need to set `ALFRESCO_SECURE_COMMS=secret` **AND** `ALFRESCO_SECURE_COMMS_SHARED_SECRET=my_super_secret_secret`
SOLR Web Console will be available at: SOLR Web Console will be available at:
[https://localhost:8983/solr](https://localhost:8983/solr) [https://localhost:8983/solr](https://localhost:8983/solr)

45
search-services/packaging/src/docker/search_config_setup.sh Normal file → Executable file
View File

@@ -3,6 +3,10 @@ set -e
# By default its going to deploy "Master" setup configuration with "REPLICATION_TYPE=master". # By default its going to deploy "Master" setup configuration with "REPLICATION_TYPE=master".
# Slave replica service can be enabled using "REPLICATION_TYPE=slave" environment value. # Slave replica service can be enabled using "REPLICATION_TYPE=slave" environment value.
log_warn() {
echo -e " ====WARN==== \n$*\nWARN CODE was $LOG_WARN" >&2
}
RERANK_TEMPLATE_PATH=$PWD/solrhome/templates/rerank/conf RERANK_TEMPLATE_PATH=$PWD/solrhome/templates/rerank/conf
NORERANK_TEMPLATE_PATH=$PWD/solrhome/templates/noRerank/conf NORERANK_TEMPLATE_PATH=$PWD/solrhome/templates/noRerank/conf
SOLR_RERANK_CONFIG_FILE=$RERANK_TEMPLATE_PATH/solrconfig.xml SOLR_RERANK_CONFIG_FILE=$RERANK_TEMPLATE_PATH/solrconfig.xml
@@ -87,16 +91,37 @@ fi
# By default Docker Image is using TLS Mutual Authentication (SSL) for communications with Repository # By default Docker Image is using TLS Mutual Authentication (SSL) for communications with Repository
# Plain HTTP can be enabled by setting ALFRESCO_SECURE_COMMS to 'none' # Plain HTTP can be enabled by setting ALFRESCO_SECURE_COMMS to 'none'
if [[ "none" == "$ALFRESCO_SECURE_COMMS" ]]; then case "$ALFRESCO_SECURE_COMMS" in
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE secret)
# Apply also the setting to existing SOLR cores property files when existing if [ -n "$ALFRESCO_SECURE_COMMS_SHARED_SECRET" ]; then
if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' ${PWD}/solrhome/alfresco/conf/solrcore.properties if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then
fi sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" ${PWD}/solrhome/alfresco/conf/solrcore.properties
if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then fi
sed -i 's/alfresco.secureComms=https/alfresco.secureComms=none/' ${PWD}/solrhome/archive/conf/solrcore.properties if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then
fi sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" ${PWD}/solrhome/archive/conf/solrcore.properties
fi fi
else
LOG_WARN=1
fi
;;
none)
sed -i "s/alfresco.secureComms=https/alfresco.secureComms=none\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then
sed -i "s/alfresco.secureComms=https/alfresco.secureComms=none\n/" ${PWD}/solrhome/alfresco/conf/solrcore.properties
fi
if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then
sed -i "s/alfresco.secureComms=https/alfresco.secureComms=none\n/" ${PWD}/solrhome/archive/conf/solrcore.properties
fi
;;
https|'')
;;
*)
LOG_WARN=2
;;
esac
[ -z $LOG_WARN ] || log_warn "something was wrong with the authentication config, defaulting to https mTLS auth.\nIf mTLS is not properly configured Search service might not work"
if [[ true == "$ENABLE_SPELLCHECK" ]]; then if [[ true == "$ENABLE_SPELLCHECK" ]]; then
sed -i 's/#alfresco.suggestable.property/alfresco.suggestable.property/' ${PWD}/solrhome/conf/shared.properties sed -i 's/#alfresco.suggestable.property/alfresco.suggestable.property/' ${PWD}/solrhome/conf/shared.properties