We're in an AWS environment using Fuseki 2 with built-in Jetty. It only talks to internal machines so there is no need to protect it from external exposure. So that means that the easiest way is to use the `--jetty-config` flag to setup HTTPS to Jetty? Are there any docs on what the options are for that config file (e.g. what goes into the config file)?
J On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne <a...@apache.org> wrote: > Right. In a production environment, a reverse proxy is useful for several > things and while there is nothing that force a reverse proxy, the weight of > features can mean it's a useful and flexible thing to put into a production > system. > > 1/ Blocking undesirable clients > (manic crawlers, badly written PHP scripts) > 2/ more robust to DOS attacks (and accidental attacks) > Java web containers just aren't as good under silly load conditions. > 3/ URL rewrite > E.g don't need /dataset/query - can be any URL you like. > 4/ Security > integrate with local systems; rich choice of controls. > Control who and what can update > No need to restart for shiro chnages. > 5/ Rate control (e.g. no more than N queries at a time) > 6/ https (can be expensive so a C-implementation can help) > 7/ Lots of add-ons and mods for all sorts of tasks. > 8/ Lots of Q&A on stackoverflow! > > Fuseki has "--localhost" to only talk to the machine's localhost network > interface. In an environment like AWS, where port control is easily, it's > trivial to secure the Fuseki server to only talk to the local reverse proxy > by blocking all ports except (22 and) 80+443. > > Andy > > > On 18/08/15 20:21, A. Soroka wrote: >> >> I checked more carefully (should have done that before replying) and it >> seems that Fuseki 2 also offers the `--jetty-config` flag for using a Jetty >> configuration that supports HTTPS: >> >> --jetty-config=FILE Set up the server (not services) with a Jetty XML >> file >> >> --- >> A. Soroka >> The University of Virginia Library >> >> On Aug 18, 2015, at 10:34 AM, aj...@virginia.edu >> <aj...@email.virginia.edu> wrote: >> >>> Are you deploying Fuseki to your own servlet container (e.g. Tomcat or >>> Jetty) or using the server included with Fuseki and is it Fuskei 1 or 2? >>> >>> If the former, you will need to supply configuration specific to that >>> container. If the latter and it is Fuseki 1, there is a Stack Overflow >>> answer for it: >>> >>> >>> https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server >>> >>> but the links seems to be dead. The idea is to supply your own Jetty >>> configuration (Jetty is the servlet container that the Fuseki command uses). >>> For Fuseki 2, I think it is still under development? You could use a reverse >>> proxy in front of Fuseki, in that case. >>> >>> --- >>> A. Soroka >>> The University of Virginia Library >>> >>> On Aug 17, 2015, at 7:07 PM, Jason Levitt <slimands...@gmail.com> wrote: >>> >>>> Sorry if this is a FAQ, but I'm wondering if there are >>>> any guidelines online to setting up >>>> Fuseki for HTTPS access? >>>> >>>> Jason >>> >>> >> >