I would suggest it is worth turning on DEBUG level logging for Jetty and
reviewing the output carefully
This is especially true if you are specifying a Jetty configuration where
you are locking down the SSL configuration to disable the older insecure
SSL protocols.
I recently had an issue where on one JVM excluding the older protocols
left only the newer secure protocols whereas on another JVM it removed all
protocols and I needed to explicitly include the newer secure protocols to
get things to work. This manifested as a very similar error about the SSL
handshake failing.
The other thing to watch out for if you are getting this kind of error and
you are limiting the set of SSL protocls and ciphers is that depending on
your system the libraries and tools installed may be outdated enough to
not support the more recent protocols and ciphers (I ran into an ancient
curl version on some systems that didn't support TLS 1.1 or TLS 1.2)
Rob
On 01/09/2015 10:12, "Andy Seaborne" <a...@apache.org> wrote:
>On 27/08/15 16:56, Jason Levitt wrote:
>> If I remove that line from my config file:
>>
>> <Set name="host">mysite.com</Set>
>>
>> And then run fuseki and try to connect, using openssl, I get:
>>
>> $ openssl s_client -connect mysite.com:8443
>> CONNECTED(00000003)
>> 5546:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
>>
>>failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185:
>>
>> I have no idea what this means -- probably a certificate mismatch(?).
>
>That could be what's happening - if the handshake is failing, I think it
>means the operation hasn't got near the level of dispatching to the
>index page.
>
> Andy
>
>>
>> J
>>
>> On Thu, Aug 27, 2015 at 10:46 AM, Andy Seaborne <a...@apache.org> wrote:
>>> On 27/08/15 15:20, Jason Levitt wrote:
>>>>
>>>> Hi Andy,
>>>>
>>>> Not only is Jetty 9.1 fairly different than Jetty 8, but the
>>>>current
>>>> version of Jetty, 9.3 is somewhat different
>>>> than 9.1. I will investigate further.
>>>
>>>
>>> I just tried out 9.3 by flipping the version to 9.3.2.v20150730 and it
>>>seem
>>> OK (after 5 mins playing with it....). So looks like the codebase can
>>> switch if that helps simplifies things.
>>>
>>> Andy
>>>
>>>
>>>
>>>>
>>>> J
>>>>
>>>> On Thu, Aug 27, 2015 at 6:42 AM, Andy Seaborne <a...@apache.org>
>>>>wrote:
>>>>>
>>>>> Jason - thank you for pushing on with this. It seems a lot of Jetty
>>>>>has
>>>>> changed Jetty8->Jetty9.1 in this area which is all news to me.
>>>>>
>>>>> On 27/08/15 06:09, Jason Levitt wrote:
>>>>>>
>>>>>>
>>>>>> Making some progress but things still don't work.
>>>>>>
>>>>>> The startup log (edited) looks like this (domain name changed to
>>>>>> mysite.com):
>>>>>
>>>>>
>>>>>
>>>>> This looks like it is because its asking to run on an address that
>>>>>isn't
>>>>> the
>>>>> local machine for some reason. It does not look like something on
>>>>>the
>>>>> same
>>>>> port because it is (usually)
>>>>>
>>>>> "java.net.BindException: Address already in use"
>>>>>
>>>>> but it's might be worth checking. On Linux, "sudo lsof -i:8443"
>>>>>
>>>>> Your config does not set the host but maybe the IP config is getting
>>>>>in
>>>>> the
>>>>> way. This is EC2 so does the real DNS name resolve to the IP address
>>>>>of a
>>>>> local interface? Does using "localhost" work (= do something
>>>>>different)?
>>>>>
>>>>> That's the best clue I could find on StackOverflow. I haven't found
>>>>>a
>>>>> way
>>>>> to get the same error message using plan HTTP on a non-EC2 machine
>>>>> though.
>>>>>
>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>>> to start server: Cannot assign requested address
>>>>>
>>>>>
>>>>> port=0 looks weird though if you are taking control with the config
>>>>>file
>>>>> that is possible due to the earlier error.
>>>>>
>>>>> What is printed is serverConnector.getPort() and serverConnector is
>>>>>the
>>>>> first/only configured ServerConnector.
>>>>>
>>>>> Andy
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> [2015-08-27 03:56:03] Server INFO Jetty server config file =
>>>>>> myconfig.xml
>>>>>> [2015-08-27 03:56:03] Server INFO Fuseki 2.3.0
>>>>>> 2015-07-25T17:11:28+0000
>>>>>> [2015-08-27 03:56:03] Config INFO
>>>>>>FUSEKI_HOME=/home/ec2-user/fuseki
>>>>>> [2015-08-27 03:56:03] Config INFO
>>>>>> FUSEKI_BASE=/home/ec2-user/fuseki/run
>>>>>> [2015-08-27 03:56:03] Servlet INFO Initializing Shiro
>>>>>>environment
>>>>>> [2015-08-27 03:56:03] Config INFO Shiro file:
>>>>>> file:///home/ec2-user/fuseki/run/shiro.ini
>>>>>> [2015-08-27 03:56:03] Config INFO Template file:
>>>>>> templates/config-tdb-dir
>>>>>> [2015-08-27 03:56:03] Config INFO TDB dataset: directory=ds
>>>>>> [2015-08-27 03:56:03] Config INFO Register: /ds
>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>>> ServerConnector@7e5441{SSL-http/1.1}{mysite.com:8443}:
>>>>>> java.net.BindException: Cannot assign requested address
>>>>>> java.net.BindException: Cannot assign requested address
>>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>>> ....
>>>>>> ....
>>>>>> ....
>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>>> org.eclipse.jetty.server.Server@f9ed3e: java.net.BindException:
>>>>>>Cannot
>>>>>> assign requested address
>>>>>> java.net.BindException: Cannot assign requested address
>>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>>> ....
>>>>>> ....
>>>>>> ....
>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>>> to start server: Cannot assign requested address
>>>>>>
>>>>>>
>>>>>> And I'm running fuseki 2.3.0 with this command:
>>>>>>
>>>>>> nohup ./fuseki-server --port 8443 --update
>>>>>> --jetty-config=myconfig.xml --loc=ds /ds
>>>>>>
>>>>>>
>>>>>> The "myconfig.xml" file is below (I've already added my certificate
>>>>>> and key to the Java 8 JSSE):
>>>>>>
>>>>>> <?xml version="1.0"?>
>>>>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>>>>> "http://www.eclipse.org/jetty/configure.dtd";>
>>>>>>
>>>>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>>>>> <Call name="addConnector">
>>>>>> <Arg>
>>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>>> <Arg name="factories">
>>>>>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>>>>>> <Item>
>>>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>>>>> </New>
>>>>>> </Item>
>>>>>> </Array>
>>>>>> </Arg>
>>>>>> </New>
>>>>>> </Arg>
>>>>>> </Call>
>>>>>>
>>>>>> <New id="sslContextFactory"
>>>>>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>>>>> <Set name="KeyStorePath">/home/ec2-user/keystore</Set>
>>>>>> <Set name="KeyStorePassword">somepassword</Set>
>>>>>> <Set name="KeyManagerPassword">somepassword</Set>
>>>>>> <Set name="TrustStorePath">/home/ec2-user/keystore</Set>
>>>>>> <Set name="TrustStorePassword">somepassword</Set>
>>>>>> </New>
>>>>>>
>>>>>> <Call id="sslConnector" name="addConnector">
>>>>>> <Arg>
>>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>>> <Arg name="factories">
>>>>>> <Array
>>>>>>type="org.eclipse.jetty.server.ConnectionFactory">
>>>>>> <Item>
>>>>>> <New
>>>>>> class="org.eclipse.jetty.server.SslConnectionFactory">
>>>>>> <Arg name="next">http/1.1</Arg>
>>>>>> <Arg name="sslContextFactory"><Ref
>>>>>> refid="sslContextFactory"/></Arg>
>>>>>> </New>
>>>>>> </Item>
>>>>>> <Item>
>>>>>> <New
>>>>>> class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>>> <Arg name="config"><Ref
>>>>>>refid="tlsHttpConfig"/></Arg>
>>>>>> </New>
>>>>>> </Item>
>>>>>> </Array>
>>>>>> </Arg>
>>>>>> <Set name="host"><Property name="jetty.host"/></Set>
>>>>>> <Set name="port"><Property name="jetty.tls.port"
>>>>>> default="8443"
>>>>>> /></Set>
>>>>>> <Set name="idleTimeout">30000</Set>
>>>>>> <Set name="host">mysite.com</Set>
>>>>>> </New>
>>>>>> </Arg>
>>>>>> </Call>
>>>>>>
>>>>>> </Configure>
>>>>>>
>>>>>> ===================================
>>>>>>
>>>>>> On Tue, Aug 25, 2015 at 5:17 PM, Jason Levitt
>>>>>><slimands...@gmail.com>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> I can't find any examples of the file that you hand to
>>>>>>> "--jetty-config"
>>>>>>>
>>>>>>> The "official" jetty docs for configuring SSL imply that there are
>>>>>>>two
>>>>>>> configuration files,
>>>>>>> jetty-ssl-context.xml and jetty-https.xml.
>>>>>>>
>>>>>>>
>>>>>>>(http://www.eclipse.org/jetty/documentation/current/configuring-ssl.
>>>>>>>html)
>>>>>>>
>>>>>>> The example that you cite:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/j
>>>>>>>etty-server/src/main/config/etc/jetty-https.xml
>>>>>>>
>>>>>>> says that: "This configuration must be used in conjunction with
>>>>>>> jetty.xml and jetty-ssl.xml"
>>>>>>>
>>>>>>> Where do these files go? The Fuseki download does not have any
>>>>>>>"etc"
>>>>>>> directory or
>>>>>>> any xml configuration files at all.
>>>>>>>
>>>>>>> So, I tried handing some XML config files to Fuseki using
>>>>>>> --jetty-config and it gives very little
>>>>>>> info in the error (see below). Has anyone actually successfully run
>>>>>>> Fuseki over SSL?
>>>>>>>
>>>>>>> [2015-08-25 22:13:34] Server INFO Jetty server config file =
>>>>>>> ./jetty-https.xml
>>>>>>> [2015-08-25 22:13:34] Server ERROR SPARQLServer: Failed to
>>>>>>> configure server: Unknown configuration type: Call in
>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>>> java.lang.IllegalStateException: Unknown configuration type: Call
>>>>>>>in
>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.setConfig(XmlConfiguration.ja
>>>>>>>va:198)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.<init>(XmlConfiguration.java:
>>>>>>>177)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja
>>>>>>>va:264)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse
>>>>>>>ki.java:222)
>>>>>>> at
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek
>>>>>>>i.java:86)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j
>>>>>>>ava:335)
>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki
>>>>>>>Cmd.java:96)
>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>> org.apache.jena.fuseki.FusekiException: Failed to configure a
>>>>>>>server
>>>>>>> using configuration file './jetty-https.xml'
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja
>>>>>>>va:269)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse
>>>>>>>ki.java:222)
>>>>>>> at
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek
>>>>>>>i.java:86)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j
>>>>>>>ava:335)
>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki
>>>>>>>Cmd.java:96)
>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>>
>>>>>>> J
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Aug 21, 2015 at 4:14 AM, Andy Seaborne <a...@apache.org>
>>>>>>>wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 20/08/15 22:37, Jason Levitt wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks. So I can still use the "--jetty-config" option with
>>>>>>>>>Fuseki
>>>>>>>>> v2.30 ?
>>>>>>>>>
>>>>>>>>> J
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Yes, should work to pass in the file. There was a major jetty
>>>>>>>>version
>>>>>>>> change (8 to 9) and what effect that has had on that option is
>>>>>>>>unclear
>>>>>>>> to
>>>>>>>> me. Connector changed Jetty 8->9
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>http://www.eclipse.org/jetty/documentation/current/configuring-ssl.
>>>>>>>>html
>>>>>>>>
>>>>>>>> and their example:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/
>>>>>>>>jetty-server/src/main/config/etc/jetty-https.xml
>>>>>>>>
>>>>>>>> It would be good to add this to the distribution - if you or
>>>>>>>>anyone
>>>>>>>> else
>>>>>>>> has
>>>>>>>> a working version, I'd be very grateful to get a copy.
>>>>>>>>
>>>>>>>>
>>>>>>>> Andy
>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <a...@apache.org>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 20/08/15 21:24, Jason Levitt wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Which version of Jetty does Fuseki 2.30 (the latest version)
>>>>>>>>>>>use?
>>>>>>>>>>>
>>>>>>>>>>> J
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0
>>>>>>>>>>/jena-fuseki-2.3.0.pom
>>>>>>>>>>
>>>>>>>>>> ==> Jetty 9.1.1.v20140108
>>>>>>>>>>
>>>>>>>>>> Andy
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne
>>>>>>>>>>><a...@apache.org>
>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> The Jetty documentation is the best place to go for details of
>>>>>>>>>>>> setting
>>>>>>>>>>>> up
>>>>>>>>>>>> Jetty.
>>>>>>>>>>>>
>>>>>>>>>>>> Here's one in the examples/ area but as far as I can tell it's
>>>>>>>>>>>> more
>>>>>>>>>>>> int
>>>>>>>>>>>> he
>>>>>>>>>>>> category of "should work" (it is from Fuseki1 and that was a
>>>>>>>>>>>> different
>>>>>>>>>>>> version of Jetty) rather than tested.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>https://github.com/apache/jena/blob/master/jena-fuseki2/example
>>>>>>>>>>>>s/jetty-fuseki.xml
>>>>>>>>>>>>
>>>>>>>>>>>> If you, or anyone else, has a better example - please send it.
>>>>>>>>>>>>
>>>>>>>>>>>> Andy
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 20/08/15 02:54, Jason Levitt wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> We're in an AWS environment using Fuseki 2 with built-in
>>>>>>>>>>>>>Jetty.
>>>>>>>>>>>>> It
>>>>>>>>>>>>> only talks to internal machines so there
>>>>>>>>>>>>> is no need to protect it from external exposure. So that
>>>>>>>>>>>>>means
>>>>>>>>>>>>> that
>>>>>>>>>>>>> the easiest way is to use the
>>>>>>>>>>>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any
>>>>>>>>>>>>> docs
>>>>>>>>>>>>> on
>>>>>>>>>>>>> what the options are for that
>>>>>>>>>>>>> config file (e.g. what goes into the config file)?
>>>>>>>>>>>>>
>>>>>>>>>>>>> J
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne
>>>>>>>>>>>>><a...@apache.org>
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Right. In a production environment, a reverse proxy is
>>>>>>>>>>>>>>useful
>>>>>>>>>>>>>> for
>>>>>>>>>>>>>> several
>>>>>>>>>>>>>> things and while there is nothing that force a reverse
>>>>>>>>>>>>>>proxy,
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> weight
>>>>>>>>>>>>>> of
>>>>>>>>>>>>>> features can mean it's a useful and flexible thing to put
>>>>>>>>>>>>>>into a
>>>>>>>>>>>>>> production
>>>>>>>>>>>>>> system.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1/ Blocking undesirable clients
>>>>>>>>>>>>>> (manic crawlers, badly written PHP scripts)
>>>>>>>>>>>>>> 2/ more robust to DOS attacks (and accidental attacks)
>>>>>>>>>>>>>> Java web containers just aren't as good under
>>>>>>>>>>>>>>silly load
>>>>>>>>>>>>>> conditions.
>>>>>>>>>>>>>> 3/ URL rewrite
>>>>>>>>>>>>>> E.g don't need /dataset/query - can be any URL you
>>>>>>>>>>>>>>like.
>>>>>>>>>>>>>> 4/ Security
>>>>>>>>>>>>>> integrate with local systems; rich choice of
>>>>>>>>>>>>>>controls.
>>>>>>>>>>>>>> Control who and what can update
>>>>>>>>>>>>>> No need to restart for shiro chnages.
>>>>>>>>>>>>>> 5/ Rate control (e.g. no more than N queries at a time)
>>>>>>>>>>>>>> 6/ https (can be expensive so a C-implementation can help)
>>>>>>>>>>>>>> 7/ Lots of add-ons and mods for all sorts of tasks.
>>>>>>>>>>>>>> 8/ Lots of Q&A on stackoverflow!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Fuseki has "--localhost" to only talk to the machine's
>>>>>>>>>>>>>>localhost
>>>>>>>>>>>>>> network
>>>>>>>>>>>>>> interface. In an environment like AWS, where port control is
>>>>>>>>>>>>>> easily,
>>>>>>>>>>>>>> it's
>>>>>>>>>>>>>> trivial to secure the Fuseki server to only talk to the
>>>>>>>>>>>>>>local
>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>> proxy
>>>>>>>>>>>>>> by blocking all ports except (22 and) 80+443.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Andy
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 18/08/15 20:21, A. Soroka wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I checked more carefully (should have done that before
>>>>>>>>>>>>>>> replying)
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> it
>>>>>>>>>>>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag
>>>>>>>>>>>>>>>for
>>>>>>>>>>>>>>> using
>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>> configuration that supports HTTPS:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --jetty-config=FILE Set up the server (not services)
>>>>>>>>>>>>>>>with a
>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>> XML
>>>>>>>>>>>>>>> file
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Aug 18, 2015, at 10:34 AM, aj...@virginia.edu
>>>>>>>>>>>>>>> <aj...@email.virginia.edu> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Are you deploying Fuseki to your own servlet container
>>>>>>>>>>>>>>>>(e.g.
>>>>>>>>>>>>>>>> Tomcat
>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>> Jetty) or using the server included with Fuseki and is it
>>>>>>>>>>>>>>>> Fuskei
>>>>>>>>>>>>>>>> 1
>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>> 2?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If the former, you will need to supply configuration
>>>>>>>>>>>>>>>>specific
>>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>> container. If the latter and it is Fuseki 1, there is a
>>>>>>>>>>>>>>>>Stack
>>>>>>>>>>>>>>>> Overflow
>>>>>>>>>>>>>>>> answer for it:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>https://stackoverflow.com/questions/28310045/enable-https-s
>>>>>>>>>>>>>>>>sl-on-fuseki-server
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> but the links seems to be dead. The idea is to supply
>>>>>>>>>>>>>>>>your own
>>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>>> configuration (Jetty is the servlet container that the
>>>>>>>>>>>>>>>>Fuseki
>>>>>>>>>>>>>>>> command
>>>>>>>>>>>>>>>> uses).
>>>>>>>>>>>>>>>> For Fuseki 2, I think it is still under development? You
>>>>>>>>>>>>>>>>could
>>>>>>>>>>>>>>>> use
>>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>>>> proxy in front of Fuseki, in that case.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt
>>>>>>>>>>>>>>>> <slimands...@gmail.com>
>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are
>>>>>>>>>>>>>>>>> any guidelines online to setting up
>>>>>>>>>>>>>>>>> Fuseki for HTTPS access?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Jason
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>
>>>
>
