Difference between revisions of "SMILA/Documentation/Enable Remote Access"

From Eclipsepedia

Jump to: navigation, search
(Enable HTTP remote access to SMILA by HTTP)
(Enable HTTP remote access to SMILA by HTTP)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
For security reasons, SMILA is configured by default to allow access to the HTTP and JMX servers only from the host SMILA is running on.  
+
For security reasons, by default SMILA is configured to allow access to the HTTP and JMX servers only from the host SMILA is running on, i.e. using <tt>"localhost"</tt> adresses.
  
 
{{Note|Warning
 
{{Note|Warning
Line 24: Line 24:
 
</source>
 
</source>
  
More fine-grained control is possible using the <tt>jetty.xml</tt> configuration, of course. Consult the [[Jetty|Jetty Manual]] for details.
+
More fine-grained control is possible using the <tt>jetty.xml</tt> configuration, of course. Consult the [[Jetty|Jetty Manual]] for details.  
 +
 
 +
{{Tip|See also [[SMILA/Documentation/JettyHttpServer]] for more information about configuring the HTTP server.
 +
 
 +
For example, to change the HTTP server port, please edit <tt>configuration/org.eclipse.smila.clusterconfig.simple/clusterconfig.json</tt>.}}
  
 
=== Enable JMX remote access to SMILA ===
 
=== Enable JMX remote access to SMILA ===
Line 34: Line 38:
 
...
 
...
 
</source>
 
</source>
 +
 +
[[Category:SMILA]]

Latest revision as of 04:37, 15 February 2012

For security reasons, by default SMILA is configured to allow access to the HTTP and JMX servers only from the host SMILA is running on, i.e. using "localhost" adresses.

Note.png
Warning Making the HTTP and JMX interfaces accessible to other hosts may cause security problems because then everyone with access to the SMILA host can add, change, invoke pipelines, run jobs, clear stores and indexes, etc. Ideally, SMILA itself is not accessible to everyone, but there should be a web application for everyone to use so that the SMILA hosts and ports can be secured using firewalls or similar means. If you really need to expose the SMILA HTTP server to the world, you should check the Jetty Manual for ways to make it secure.


[edit] Enable HTTP remote access to SMILA by HTTP

There are two ways to change this:

  • Edit SMILA.ini and add this line to make the SMILA HTTP server listen on all network interfaces of the host:
...
-Djetty.host=0.0.0.0
...
  • Edit configuration/org.eclipse.smila.http.server/jetty.xml and edit the connector definition. E.g. remove the attribute default="localhost" for setting the "host" property to let it listen on all network interfaces:
    ...
    <Call name="addConnector">
      <Arg>
          <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
            <Set name="host"><SystemProperty name="jetty.host"/></Set>
            <Set name="port"><Property name="jetty.port" default="8080"/></Set>
    ...

More fine-grained control is possible using the jetty.xml configuration, of course. Consult the Jetty Manual for details.

Idea.png
See also SMILA/Documentation/JettyHttpServer for more information about configuring the HTTP server. For example, to change the HTTP server port, please edit configuration/org.eclipse.smila.clusterconfig.simple/clusterconfig.json.


[edit] Enable JMX remote access to SMILA

Edit SMILA.ini and remove this line to make the SMILA JMX server listen on all network interfaces of the host:

...
-Djava.rmi.server.hostname=localhost
...