Make sure SOLR only listens to localhost

xhero · xhero · commit f893a299e0b4 · 2018-12-03T15:04:20.000+01:00
diff --git a/2- INSTALL.rdoc b/2- INSTALL.rdoc
@@ -189,3 +189,8 @@ If all this works, you can access the rism application:
   
 Depending on the env, remove sudo if necessary. RAILS_ENV is needed only on production, and has to come *after* sudo.
   
+Also it is goot to block access to SOLR:
+
+  sudo iptables -A INPUT -p tcp -s localhost --dport 8983 -j ACCEPT
+  sudo iptables -A INPUT -p tcp --dport 8983 -j DROP
+  
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -69,7 +69,7 @@ GIT
 
 GIT
   remote: https://github.com/rism-ch/sunspot
-  revision: f4089a58025be84d9445d3282c107abafab02f4f
+  revision: 18fa86905668c1edc1d01917ef5fbef16bd4bcd9
   branch: java9-stack
   specs:
     sunspot (2.3.0)
diff --git a/config/sunspot.yml b/config/sunspot.yml
@@ -5,6 +5,7 @@ production:
     log_level: WARNING
     path: /solr/production
     memory: 16G
+    bind_address: 127.0.0.1
     # read_timeout: 2
     # open_timeout: 0.5
 
@@ -14,11 +15,12 @@ development:
     port: 8982
     log_level: INFO
     path: /solr/development
+    bind_address: 127.0.0.1
 
 test:
   solr:
     hostname: localhost
     port: 8982
     log_level: WARNING
     path: /solr/test
-    
+    bind_address: 127.0.0.1
