The Jetty documentation is the best place to go for details of setting
up Jetty.
Here's one in the examples/ area but as far as I can tell it's more int
he category of "should work" (it is from Fuseki1 and that was a
different version of Jetty) rather than tested.
https://github.com/apache/jena/blob/master/jena-fuseki2/examples/jetty-fuseki.xml
If you, or anyone else, has a better example - please send it.
Andy
On 20/08/15 02:54, Jason Levitt wrote:
We're in an AWS environment using Fuseki 2 with built-in Jetty. It
only talks to internal machines so there
is no need to protect it from external exposure. So that means that
the easiest way is to use the
`--jetty-config` flag to setup HTTPS to Jetty? Are there any docs on
what the options are for that
config file (e.g. what goes into the config file)?
J
On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne <[email protected]> wrote:
Right. In a production environment, a reverse proxy is useful for several
things and while there is nothing that force a reverse proxy, the weight of
features can mean it's a useful and flexible thing to put into a production
system.
1/ Blocking undesirable clients
(manic crawlers, badly written PHP scripts)
2/ more robust to DOS attacks (and accidental attacks)
Java web containers just aren't as good under silly load conditions.
3/ URL rewrite
E.g don't need /dataset/query - can be any URL you like.
4/ Security
integrate with local systems; rich choice of controls.
Control who and what can update
No need to restart for shiro chnages.
5/ Rate control (e.g. no more than N queries at a time)
6/ https (can be expensive so a C-implementation can help)
7/ Lots of add-ons and mods for all sorts of tasks.
8/ Lots of Q&A on stackoverflow!
Fuseki has "--localhost" to only talk to the machine's localhost network
interface. In an environment like AWS, where port control is easily, it's
trivial to secure the Fuseki server to only talk to the local reverse proxy
by blocking all ports except (22 and) 80+443.
Andy
On 18/08/15 20:21, A. Soroka wrote:
I checked more carefully (should have done that before replying) and it
seems that Fuseki 2 also offers the `--jetty-config` flag for using a Jetty
configuration that supports HTTPS:
--jetty-config=FILE Set up the server (not services) with a Jetty XML
file
---
A. Soroka
The University of Virginia Library
On Aug 18, 2015, at 10:34 AM, [email protected]
<[email protected]> wrote:
Are you deploying Fuseki to your own servlet container (e.g. Tomcat or
Jetty) or using the server included with Fuseki and is it Fuskei 1 or 2?
If the former, you will need to supply configuration specific to that
container. If the latter and it is Fuseki 1, there is a Stack Overflow
answer for it:
https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server
but the links seems to be dead. The idea is to supply your own Jetty
configuration (Jetty is the servlet container that the Fuseki command uses).
For Fuseki 2, I think it is still under development? You could use a reverse
proxy in front of Fuseki, in that case.
---
A. Soroka
The University of Virginia Library
On Aug 17, 2015, at 7:07 PM, Jason Levitt <[email protected]> wrote:
Sorry if this is a FAQ, but I'm wondering if there are
any guidelines online to setting up
Fuseki for HTTPS access?
Jason
