IBM Support

Configuring the DSE Solr HTTP/HTTPS port for customised settings

Troubleshooting


Problem

Summary

DSE Solr makes use of an embedded apache tomcat webserver. The settings for the web server are all configured as part of the DSE install and setup. Tomcat uses HTTP connectors to allow incoming HTTP / HTTPS connections and DSE will configure these as required with default settings.


In some cases there may be a requirement to deviate from the default settings, a good example is where there is a requirement to alter SSL cipher settings to disable weaker ciphers as part of security requirements.


This note discusses how this is achieved and should help as a guide to configuring other settings for the default DSE Solr HTTP port.


Solution

The tomcat HTTP connector settings reside in the server.xml file which is located as follows:


In package installs you'll find it under /usr/share/dse/tomcat/conf


In tarball installs its under <dse home>/resources/tomcat/conf/


The server.xml file is quite well commented. Note the comments informing the user that once a connector is configured in here then DSE will not automatically manage the connector settings.


Example of a connector configured for SSL with a required SSL Cipher:

<Connector port="8900" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/etc/dse/dse.keystore"
keystorePass="datastax"
clientAuth="false" sslProtocol="SSL"
ciphers="SSL_RSA_WITH_DES_CBC_SHA"
/>

 

Once the configuration is done then restart DSE.


Testing

If using SSL it can be easily tested with openssl s_client. The example below shows the port being tested with a non-compliant cipher and being rejected

$ openssl s_client -connect 10.1.2.3:8983 -cipher RC4-SHA
CONNECTED(00000003)
140699447514952:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 101 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Last Reviewed Date: 2023/11/20

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCR56","label":"IBM DataStax Enterprise"},"ARM Category":[{"code":"","label":""}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Historical Number

ka06R000000Hct9QAC

Document Information

Modified date:
30 January 2026

UID

ibm17259084

Page Feedback