Close Menu
    Monday, September 1

    How to Configure Let’s Encrypt SSL with Apache Solr

    By 4 Mins Read

    This tutorial provides a comprehensive guide to securing Apache Solr with an SSL certificate from Let’s Encrypt, a free and automated certificate authority. By following these steps, you will enable Solr to operate over HTTPS, ensuring encrypted communication. This guide assumes you are using a Linux server (Ubuntu/Debian) with Apache Solr and Apache2 web server already installed.

    Prerequisites

    • A server running Ubuntu/Debian with Apache Solr installed.
    • Apache2 web server installed and configured.
    • A registered domain name pointing to your server’s public IP.
    • Root or sudo access to the server.
    • Basic familiarity with terminal commands.

    Step 1: Install Certbot

    Certbot is the tool used to obtain and manage Let’s Encrypt SSL certificates.

    1. Update the package list:
      sudo apt update
    2. Install Certbot and the Apache plugin:
      sudo apt install certbot python3-certbot-apache -y

    Step 2: Obtain the SSL Certificate

    Use Certbot to generate an SSL certificate for your domain.

    1. Run Certbot to request a certificate, replacing solr.yourdomain.com with your actual domain:
      sudo certbot --apache -d solr.yourdomain.com
    2. Follow the prompts:
      • Provide an email address for renewal notifications.
      • Agree to the terms of service.
      • Choose whether to redirect HTTP traffic to HTTPS (recommended).
    3. Certbot will generate and store the certificate files in /etc/letsencrypt/live/solr.yourdomain.com/.

    Step 3: Configure Apache Solr for SSL

    Solr typically runs as a standalone service, but to enable SSL, you need to configure it to use the certificate and private key from Let’s Encrypt.

    1. Locate Solr’s configuration: Solr’s configuration files are usually in /opt/solr or the directory where Solr is installed. The main configuration file is solr.in.sh (or solr.in.cmd on Windows).
    2. Edit solr.in.sh: Open the file, typically located at /opt/solr/bin/solr.in.sh:
      sudo nano /opt/solr/bin/solr.in.sh
    3. Add SSL settings: Add or modify the following lines to enable SSL and point to the Let’s Encrypt certificate:
      
SOLR_SSL_ENABLED=true
SOLR_SSL_KEY_STORE=/etc/letsencrypt/live/solr.yourdomain.com/privkey.pem
SOLR_SSL_KEY_STORE_PASSWORD=your_keystore_password
SOLR_SSL_TRUST_STORE=/etc/letsencrypt/live/solr.yourdomain.com/fullchain.pem
SOLR_SSL_TRUST_STORE_PASSWORD=your_truststore_password
SOLR_SSL_NEED_CLIENT_AUTH=false
SOLR_SSL_WANT_CLIENT_AUTH=false
      • Replace solr.yourdomain.com with your domain.
      • Set your_keystore_password and your_truststore_password to secure passwords (you can generate random passwords if needed).
    4. Save and exit: Save the file and exit the editor.

    Step 4: Configure Apache2 for Proxying

    Since Solr runs on its own server (default port 8983), you can use Apache2 as a reverse proxy to handle SSL and forward requests to Solr.

    1. Enable Apache modules: Ensure the required Apache modules are enabled:
      sudo a2enmod proxy proxy_http ssl rewrite
    2. Create a virtual host configuration: Create a new configuration file for Solr:
      sudo nano /etc/apache2/sites-available/solr.conf
    3. Add the virtual host configuration:
      

	ServerName solr.yourdomain.com
	
	ProxyPreserveHost On
	ProxyPass /solr http://localhost:8983/solr
	ProxyPassReverse /solr http://localhost:8983/solr
	
	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/solr.yourdomain.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/solr.yourdomain.com/privkey.pem
	
	ErrorLog ${APACHE_LOG_DIR}/solr_error.log
	CustomLog ${APACHE_LOG_DIR}/solr_access.log combined
      • Replace solr.yourdomain.com with your domain.
      • The ProxyPass directive forwards requests to Solr’s default port (8983).
    4. Enable the site:
      sudo a2ensite solr.conf
    5. Restart Apache:
      sudo systemctl restart apache2

    Step 5: Restart Solr

    Apply the SSL configuration by restarting Solr:

    sudo systemctl restart solr

    If Solr is not running as a service, stop and start it manually:

    /opt/solr/bin/solr stop
/opt/solr/bin/solr start

    Step 6: Test the Configuration

    1. Open a browser and navigate to https://solr.yourdomain.com/solr. You should see the Solr Admin interface over HTTPS.
    2. Verify the SSL certificate by clicking the padlock icon in your browser to ensure it is issued by Let’s Encrypt.
    3. If you encounter issues, check the Apache logs:
      sudo tail -f /var/log/apache2/solr_error.log
    4. Check Solr logs, typically in /var/solr/logs/solr.log.

    Step 7: Automate Certificate Renewal

    Let’s Encrypt certificates expire every 90 days, but Certbot can automate renewals.

    1. Test the renewal process:
      sudo certbot renew --dry-run
    2. Certbot’s cron job is usually set up automatically. Verify it:
      sudo systemctl status certbot.timer
    3. After renewal, restart Apache and Solr to apply the new certificate:
      sudo systemctl restart apache2
sudo systemctl restart solr

    Troubleshooting Tips

    • Certificate errors: Ensure the domain points to your server’s IP and that port 443 is open in your firewall.
    • Solr not accessible: Verify that Solr is running (sudo systemctl status solr) and that the proxy settings in Apache are correct.
    • Permission issues: Ensure the Solr user has read access to the certificate files:
      sudo chown solr:solr /etc/letsencrypt/live/solr.yourdomain.com/*
sudo chmod 640 /etc/letsencrypt/live/solr.yourdomain.com/*

    Conclusion

    You have successfully configured Apache Solr to use a Let’s Encrypt SSL certificate, securing communication over HTTPS. Regular maintenance includes monitoring certificate renewals and ensuring Solr and Apache services are running smoothly.

    Share.

    Related Posts

    Add A Comment
    Leave A Reply


    Manage Preferences