Right. In a production environment, a reverse proxy is useful for
several things and while there is nothing that force a reverse proxy,
the weight of features can mean it's a useful and flexible thing to put
into a production system.
1/ Blocking undesirable clients
(manic crawlers, badly written PHP scripts)
2/ more robust to DOS attacks (and accidental attacks)
Java web containers just aren't as good under silly load conditions.
3/ URL rewrite
E.g don't need /dataset/query - can be any URL you like.
4/ Security
integrate with local systems; rich choice of controls.
Control who and what can update
No need to restart for shiro chnages.
5/ Rate control (e.g. no more than N queries at a time)
6/ https (can be expensive so a C-implementation can help)
7/ Lots of add-ons and mods for all sorts of tasks.
8/ Lots of Q&A on stackoverflow!
Fuseki has "--localhost" to only talk to the machine's localhost network
interface. In an environment like AWS, where port control is easily,
it's trivial to secure the Fuseki server to only talk to the local
reverse proxy by blocking all ports except (22 and) 80+443.
Andy
On 18/08/15 20:21, A. Soroka wrote:
I checked more carefully (should have done that before replying) and it seems
that Fuseki 2 also offers the `--jetty-config` flag for using a Jetty
configuration that supports HTTPS:
--jetty-config=FILE Set up the server (not services) with a Jetty XML file
---
A. Soroka
The University of Virginia Library
On Aug 18, 2015, at 10:34 AM, [email protected] <[email protected]>
wrote:
Are you deploying Fuseki to your own servlet container (e.g. Tomcat or Jetty)
or using the server included with Fuseki and is it Fuskei 1 or 2?
If the former, you will need to supply configuration specific to that
container. If the latter and it is Fuseki 1, there is a Stack Overflow answer
for it:
https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server
but the links seems to be dead. The idea is to supply your own Jetty
configuration (Jetty is the servlet container that the Fuseki command uses).
For Fuseki 2, I think it is still under development? You could use a reverse
proxy in front of Fuseki, in that case.
---
A. Soroka
The University of Virginia Library
On Aug 17, 2015, at 7:07 PM, Jason Levitt <[email protected]> wrote:
Sorry if this is a FAQ, but I'm wondering if there are
any guidelines online to setting up
Fuseki for HTTPS access?
Jason
