Which version of Jetty does Fuseki 2.30 (the latest version) use? J
On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne <[email protected]> wrote: > The Jetty documentation is the best place to go for details of setting up > Jetty. > > Here's one in the examples/ area but as far as I can tell it's more int he > category of "should work" (it is from Fuseki1 and that was a different > version of Jetty) rather than tested. > > https://github.com/apache/jena/blob/master/jena-fuseki2/examples/jetty-fuseki.xml > > If you, or anyone else, has a better example - please send it. > > Andy > > > On 20/08/15 02:54, Jason Levitt wrote: >> >> We're in an AWS environment using Fuseki 2 with built-in Jetty. It >> only talks to internal machines so there >> is no need to protect it from external exposure. So that means that >> the easiest way is to use the >> `--jetty-config` flag to setup HTTPS to Jetty? Are there any docs on >> what the options are for that >> config file (e.g. what goes into the config file)? >> >> J >> >> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne <[email protected]> wrote: >>> >>> Right. In a production environment, a reverse proxy is useful for >>> several >>> things and while there is nothing that force a reverse proxy, the weight >>> of >>> features can mean it's a useful and flexible thing to put into a >>> production >>> system. >>> >>> 1/ Blocking undesirable clients >>> (manic crawlers, badly written PHP scripts) >>> 2/ more robust to DOS attacks (and accidental attacks) >>> Java web containers just aren't as good under silly load conditions. >>> 3/ URL rewrite >>> E.g don't need /dataset/query - can be any URL you like. >>> 4/ Security >>> integrate with local systems; rich choice of controls. >>> Control who and what can update >>> No need to restart for shiro chnages. >>> 5/ Rate control (e.g. no more than N queries at a time) >>> 6/ https (can be expensive so a C-implementation can help) >>> 7/ Lots of add-ons and mods for all sorts of tasks. >>> 8/ Lots of Q&A on stackoverflow! >>> >>> Fuseki has "--localhost" to only talk to the machine's localhost network >>> interface. In an environment like AWS, where port control is easily, it's >>> trivial to secure the Fuseki server to only talk to the local reverse >>> proxy >>> by blocking all ports except (22 and) 80+443. >>> >>> Andy >>> >>> >>> On 18/08/15 20:21, A. Soroka wrote: >>>> >>>> >>>> I checked more carefully (should have done that before replying) and it >>>> seems that Fuseki 2 also offers the `--jetty-config` flag for using a >>>> Jetty >>>> configuration that supports HTTPS: >>>> >>>> --jetty-config=FILE Set up the server (not services) with a Jetty XML >>>> file >>>> >>>> --- >>>> A. Soroka >>>> The University of Virginia Library >>>> >>>> On Aug 18, 2015, at 10:34 AM, [email protected] >>>> <[email protected]> wrote: >>>> >>>>> Are you deploying Fuseki to your own servlet container (e.g. Tomcat or >>>>> Jetty) or using the server included with Fuseki and is it Fuskei 1 or >>>>> 2? >>>>> >>>>> If the former, you will need to supply configuration specific to that >>>>> container. If the latter and it is Fuseki 1, there is a Stack Overflow >>>>> answer for it: >>>>> >>>>> >>>>> >>>>> https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server >>>>> >>>>> but the links seems to be dead. The idea is to supply your own Jetty >>>>> configuration (Jetty is the servlet container that the Fuseki command >>>>> uses). >>>>> For Fuseki 2, I think it is still under development? You could use a >>>>> reverse >>>>> proxy in front of Fuseki, in that case. >>>>> >>>>> --- >>>>> A. Soroka >>>>> The University of Virginia Library >>>>> >>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt <[email protected]> >>>>> wrote: >>>>> >>>>>> Sorry if this is a FAQ, but I'm wondering if there are >>>>>> any guidelines online to setting up >>>>>> Fuseki for HTTPS access? >>>>>> >>>>>> Jason >>>>> >>>>> >>>>> >>>> >>> >
