Thanks. So I can still use the "--jetty-config" option with Fuseki v2.30 ?
J On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <a...@apache.org> wrote: > On 20/08/15 21:24, Jason Levitt wrote: >> >> Which version of Jetty does Fuseki 2.30 (the latest version) use? >> >> J > > > http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0/jena-fuseki-2.3.0.pom > > ==> Jetty 9.1.1.v20140108 > > Andy > > >> >> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne <a...@apache.org> wrote: >>> >>> The Jetty documentation is the best place to go for details of setting up >>> Jetty. >>> >>> Here's one in the examples/ area but as far as I can tell it's more int >>> he >>> category of "should work" (it is from Fuseki1 and that was a different >>> version of Jetty) rather than tested. >>> >>> >>> https://github.com/apache/jena/blob/master/jena-fuseki2/examples/jetty-fuseki.xml >>> >>> If you, or anyone else, has a better example - please send it. >>> >>> Andy >>> >>> >>> On 20/08/15 02:54, Jason Levitt wrote: >>>> >>>> >>>> We're in an AWS environment using Fuseki 2 with built-in Jetty. It >>>> only talks to internal machines so there >>>> is no need to protect it from external exposure. So that means that >>>> the easiest way is to use the >>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any docs on >>>> what the options are for that >>>> config file (e.g. what goes into the config file)? >>>> >>>> J >>>> >>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne <a...@apache.org> wrote: >>>>> >>>>> >>>>> Right. In a production environment, a reverse proxy is useful for >>>>> several >>>>> things and while there is nothing that force a reverse proxy, the >>>>> weight >>>>> of >>>>> features can mean it's a useful and flexible thing to put into a >>>>> production >>>>> system. >>>>> >>>>> 1/ Blocking undesirable clients >>>>> (manic crawlers, badly written PHP scripts) >>>>> 2/ more robust to DOS attacks (and accidental attacks) >>>>> Java web containers just aren't as good under silly load >>>>> conditions. >>>>> 3/ URL rewrite >>>>> E.g don't need /dataset/query - can be any URL you like. >>>>> 4/ Security >>>>> integrate with local systems; rich choice of controls. >>>>> Control who and what can update >>>>> No need to restart for shiro chnages. >>>>> 5/ Rate control (e.g. no more than N queries at a time) >>>>> 6/ https (can be expensive so a C-implementation can help) >>>>> 7/ Lots of add-ons and mods for all sorts of tasks. >>>>> 8/ Lots of Q&A on stackoverflow! >>>>> >>>>> Fuseki has "--localhost" to only talk to the machine's localhost >>>>> network >>>>> interface. In an environment like AWS, where port control is easily, >>>>> it's >>>>> trivial to secure the Fuseki server to only talk to the local reverse >>>>> proxy >>>>> by blocking all ports except (22 and) 80+443. >>>>> >>>>> Andy >>>>> >>>>> >>>>> On 18/08/15 20:21, A. Soroka wrote: >>>>>> >>>>>> >>>>>> >>>>>> I checked more carefully (should have done that before replying) and >>>>>> it >>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag for using a >>>>>> Jetty >>>>>> configuration that supports HTTPS: >>>>>> >>>>>> --jetty-config=FILE Set up the server (not services) with a Jetty >>>>>> XML >>>>>> file >>>>>> >>>>>> --- >>>>>> A. Soroka >>>>>> The University of Virginia Library >>>>>> >>>>>> On Aug 18, 2015, at 10:34 AM, aj...@virginia.edu >>>>>> <aj...@email.virginia.edu> wrote: >>>>>> >>>>>>> Are you deploying Fuseki to your own servlet container (e.g. Tomcat >>>>>>> or >>>>>>> Jetty) or using the server included with Fuseki and is it Fuskei 1 or >>>>>>> 2? >>>>>>> >>>>>>> If the former, you will need to supply configuration specific to that >>>>>>> container. If the latter and it is Fuseki 1, there is a Stack >>>>>>> Overflow >>>>>>> answer for it: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server >>>>>>> >>>>>>> but the links seems to be dead. The idea is to supply your own Jetty >>>>>>> configuration (Jetty is the servlet container that the Fuseki command >>>>>>> uses). >>>>>>> For Fuseki 2, I think it is still under development? You could use a >>>>>>> reverse >>>>>>> proxy in front of Fuseki, in that case. >>>>>>> >>>>>>> --- >>>>>>> A. Soroka >>>>>>> The University of Virginia Library >>>>>>> >>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt <slimands...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are >>>>>>>> any guidelines online to setting up >>>>>>>> Fuseki for HTTPS access? >>>>>>>> >>>>>>>> Jason >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>> >