I can't find any examples of the file that you hand to "--jetty-config"
The "official" jetty docs for configuring SSL imply that there are two configuration files, jetty-ssl-context.xml and jetty-https.xml. (http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html) The example that you cite: http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml says that: "This configuration must be used in conjunction with jetty.xml and jetty-ssl.xml" Where do these files go? The Fuseki download does not have any "etc" directory or any xml configuration files at all. So, I tried handing some XML config files to Fuseki using --jetty-config and it gives very little info in the error (see below). Has anyone actually successfully run Fuseki over SSL? [2015-08-25 22:13:34] Server INFO Jetty server config file = ./jetty-https.xml [2015-08-25 22:13:34] Server ERROR SPARQLServer: Failed to configure server: Unknown configuration type: Call in org.eclipse.jetty.xml.XmlConfiguration@1d80d2b java.lang.IllegalStateException: Unknown configuration type: Call in org.eclipse.jetty.xml.XmlConfiguration@1d80d2b at org.eclipse.jetty.xml.XmlConfiguration.setConfig(XmlConfiguration.java:198) at org.eclipse.jetty.xml.XmlConfiguration.<init>(XmlConfiguration.java:177) at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:264) at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222) at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91) at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335) at jena.cmd.CmdMain.mainMethod(CmdMain.java:93) at jena.cmd.CmdMain.mainRun(CmdMain.java:58) at jena.cmd.CmdMain.mainRun(CmdMain.java:45) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96) at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59) org.apache.jena.fuseki.FusekiException: Failed to configure a server using configuration file './jetty-https.xml' at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269) at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222) at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91) at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335) at jena.cmd.CmdMain.mainMethod(CmdMain.java:93) at jena.cmd.CmdMain.mainRun(CmdMain.java:58) at jena.cmd.CmdMain.mainRun(CmdMain.java:45) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96) at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59) J On Fri, Aug 21, 2015 at 4:14 AM, Andy Seaborne <a...@apache.org> wrote: > On 20/08/15 22:37, Jason Levitt wrote: >> >> Thanks. So I can still use the "--jetty-config" option with Fuseki v2.30 ? >> >> J > > > Yes, should work to pass in the file. There was a major jetty version > change (8 to 9) and what effect that has had on that option is unclear to > me. Connector changed Jetty 8->9 > > http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html > > and their example: > > http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml > > It would be good to add this to the distribution - if you or anyone else has > a working version, I'd be very grateful to get a copy. > > > Andy > >> >> On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <a...@apache.org> wrote: >>> >>> On 20/08/15 21:24, Jason Levitt wrote: >>>> >>>> >>>> Which version of Jetty does Fuseki 2.30 (the latest version) use? >>>> >>>> J >>> >>> >>> >>> >>> http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0/jena-fuseki-2.3.0.pom >>> >>> ==> Jetty 9.1.1.v20140108 >>> >>> Andy >>> >>> >>>> >>>> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne <a...@apache.org> wrote: >>>>> >>>>> >>>>> The Jetty documentation is the best place to go for details of setting >>>>> up >>>>> Jetty. >>>>> >>>>> Here's one in the examples/ area but as far as I can tell it's more int >>>>> he >>>>> category of "should work" (it is from Fuseki1 and that was a different >>>>> version of Jetty) rather than tested. >>>>> >>>>> >>>>> >>>>> https://github.com/apache/jena/blob/master/jena-fuseki2/examples/jetty-fuseki.xml >>>>> >>>>> If you, or anyone else, has a better example - please send it. >>>>> >>>>> Andy >>>>> >>>>> >>>>> On 20/08/15 02:54, Jason Levitt wrote: >>>>>> >>>>>> >>>>>> >>>>>> We're in an AWS environment using Fuseki 2 with built-in Jetty. It >>>>>> only talks to internal machines so there >>>>>> is no need to protect it from external exposure. So that means that >>>>>> the easiest way is to use the >>>>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any docs on >>>>>> what the options are for that >>>>>> config file (e.g. what goes into the config file)? >>>>>> >>>>>> J >>>>>> >>>>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne <a...@apache.org> >>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> Right. In a production environment, a reverse proxy is useful for >>>>>>> several >>>>>>> things and while there is nothing that force a reverse proxy, the >>>>>>> weight >>>>>>> of >>>>>>> features can mean it's a useful and flexible thing to put into a >>>>>>> production >>>>>>> system. >>>>>>> >>>>>>> 1/ Blocking undesirable clients >>>>>>> (manic crawlers, badly written PHP scripts) >>>>>>> 2/ more robust to DOS attacks (and accidental attacks) >>>>>>> Java web containers just aren't as good under silly load >>>>>>> conditions. >>>>>>> 3/ URL rewrite >>>>>>> E.g don't need /dataset/query - can be any URL you like. >>>>>>> 4/ Security >>>>>>> integrate with local systems; rich choice of controls. >>>>>>> Control who and what can update >>>>>>> No need to restart for shiro chnages. >>>>>>> 5/ Rate control (e.g. no more than N queries at a time) >>>>>>> 6/ https (can be expensive so a C-implementation can help) >>>>>>> 7/ Lots of add-ons and mods for all sorts of tasks. >>>>>>> 8/ Lots of Q&A on stackoverflow! >>>>>>> >>>>>>> Fuseki has "--localhost" to only talk to the machine's localhost >>>>>>> network >>>>>>> interface. In an environment like AWS, where port control is easily, >>>>>>> it's >>>>>>> trivial to secure the Fuseki server to only talk to the local reverse >>>>>>> proxy >>>>>>> by blocking all ports except (22 and) 80+443. >>>>>>> >>>>>>> Andy >>>>>>> >>>>>>> >>>>>>> On 18/08/15 20:21, A. Soroka wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I checked more carefully (should have done that before replying) and >>>>>>>> it >>>>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag for using >>>>>>>> a >>>>>>>> Jetty >>>>>>>> configuration that supports HTTPS: >>>>>>>> >>>>>>>> --jetty-config=FILE Set up the server (not services) with a Jetty >>>>>>>> XML >>>>>>>> file >>>>>>>> >>>>>>>> --- >>>>>>>> A. Soroka >>>>>>>> The University of Virginia Library >>>>>>>> >>>>>>>> On Aug 18, 2015, at 10:34 AM, aj...@virginia.edu >>>>>>>> <aj...@email.virginia.edu> wrote: >>>>>>>> >>>>>>>>> Are you deploying Fuseki to your own servlet container (e.g. Tomcat >>>>>>>>> or >>>>>>>>> Jetty) or using the server included with Fuseki and is it Fuskei 1 >>>>>>>>> or >>>>>>>>> 2? >>>>>>>>> >>>>>>>>> If the former, you will need to supply configuration specific to >>>>>>>>> that >>>>>>>>> container. If the latter and it is Fuseki 1, there is a Stack >>>>>>>>> Overflow >>>>>>>>> answer for it: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server >>>>>>>>> >>>>>>>>> but the links seems to be dead. The idea is to supply your own >>>>>>>>> Jetty >>>>>>>>> configuration (Jetty is the servlet container that the Fuseki >>>>>>>>> command >>>>>>>>> uses). >>>>>>>>> For Fuseki 2, I think it is still under development? You could use >>>>>>>>> a >>>>>>>>> reverse >>>>>>>>> proxy in front of Fuseki, in that case. >>>>>>>>> >>>>>>>>> --- >>>>>>>>> A. Soroka >>>>>>>>> The University of Virginia Library >>>>>>>>> >>>>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt <slimands...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are >>>>>>>>>> any guidelines online to setting up >>>>>>>>>> Fuseki for HTTPS access? >>>>>>>>>> >>>>>>>>>> Jason >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>> >>> >
