Back to square one. This Jetty config file works fine with Jetty 9:
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd";> <!-- ============================================================= --> <!-- Configure the Jetty Server instance with an ID "Server" --> <!-- by adding a HTTP connector. --> <!-- This configuration must be used in conjunction with jetty.xml --> <!-- ============================================================= --> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!-- =========================================================== --> <!-- Add a HTTP Connector. --> <!-- Configure an o.e.j.server.ServerConnector with a single --> <!-- HttpConnectionFactory instance using the common httpConfig --> <!-- instance defined in jetty.xml --> <!-- --> <!-- Consult the javadoc of o.e.j.server.ServerConnector and --> <!-- o.e.j.server.HttpConnectionFactory for all configuration --> <!-- that may be set here. --> <!-- =========================================================== --> <Call name="addConnector"> <Arg> <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg> <Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.http.host" deprecated="jetty.host" /></Set> <Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="3030" /></Set> <Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set> <Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set> <Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set> <Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set> </New> </Arg> </Call> </Configure> But when I feed it to fuseki: $ ./fuseki-server --update --jetty-config=jetty-http.xml --loc=ds /ds I get this: [2015-09-01 19:32:39] Server INFO Jetty server config file = /home/ec2-user/fuseki/etc/jetty-http.xml [2015-09-01 19:32:39] XmlConfiguration WARN Config error at <Call name="addConnector"><Arg> <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref refid="Server"/></Arg><Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg><Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"><Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg name="config"><Ref refid="httpConfig"/></Arg></New> </Item></Array> </Arg><Set name="host"><Property name="jetty.http.host" deprecated="jetty.host"/></Set><Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="3030"/></Set><Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set><Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set><Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set></New> </Arg></Call> [2015-09-01 19:32:39] Server ERROR SPARQLServer: Failed to configure server: No suitable constructor: <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref refid="Server"/></Arg><Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg><Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"><Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg name="config"><Ref refid="httpConfig"/></Arg></New> </Item></Array> </Arg><Set name="host"><Property name="jetty.http.host" deprecated="jetty.host"/></Set><Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="3030"/></Set><Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set><Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set><Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set></New> on org.eclipse.jetty.server.Server@9b0314 java.lang.IllegalStateException: No suitable constructor: <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref refid="Server"/></Arg><Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg><Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"><Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg name="config"><Ref refid="httpConfig"/></Arg></New> </Item></Array> </Arg><Set name="host"><Property name="jetty.http.host" deprecated="jetty.host"/></Set><Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="3030"/></Set><Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set><Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set><Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set></New> on org.eclipse.jetty.server.Server@9b0314 at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:811) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1125) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1030) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:721) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:298) at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:248) at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:265) at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222) at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91) at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335) at jena.cmd.CmdMain.mainMethod(CmdMain.java:93) at jena.cmd.CmdMain.mainRun(CmdMain.java:58) at jena.cmd.CmdMain.mainRun(CmdMain.java:45) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96) at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59) org.apache.jena.fuseki.FusekiException: Failed to configure a server using configuration file '/home/ec2-user/fuseki/etc/jetty-http.xml' at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269) at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222) at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91) at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335) at jena.cmd.CmdMain.mainMethod(CmdMain.java:93) at jena.cmd.CmdMain.mainRun(CmdMain.java:58) at jena.cmd.CmdMain.mainRun(CmdMain.java:45) at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96) at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59) On Tue, Sep 1, 2015 at 4:47 AM, Rob Vesse <[email protected]> wrote: > I would suggest it is worth turning on DEBUG level logging for Jetty and > reviewing the output carefully > > This is especially true if you are specifying a Jetty configuration where > you are locking down the SSL configuration to disable the older insecure > SSL protocols. > > I recently had an issue where on one JVM excluding the older protocols > left only the newer secure protocols whereas on another JVM it removed all > protocols and I needed to explicitly include the newer secure protocols to > get things to work. This manifested as a very similar error about the SSL > handshake failing. > > The other thing to watch out for if you are getting this kind of error and > you are limiting the set of SSL protocls and ciphers is that depending on > your system the libraries and tools installed may be outdated enough to > not support the more recent protocols and ciphers (I ran into an ancient > curl version on some systems that didn't support TLS 1.1 or TLS 1.2) > > Rob > > On 01/09/2015 10:12, "Andy Seaborne" <[email protected]> wrote: > >>On 27/08/15 16:56, Jason Levitt wrote: >>> If I remove that line from my config file: >>> >>> <Set name="host">mysite.com</Set> >>> >>> And then run fuseki and try to connect, using openssl, I get: >>> >>> $ openssl s_client -connect mysite.com:8443 >>> CONNECTED(00000003) >>> 5546:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >>> >>>failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185: >>> >>> I have no idea what this means -- probably a certificate mismatch(?). >> >>That could be what's happening - if the handshake is failing, I think it >>means the operation hasn't got near the level of dispatching to the >>index page. >> >> Andy >> >>> >>> J >>> >>> On Thu, Aug 27, 2015 at 10:46 AM, Andy Seaborne <[email protected]> wrote: >>>> On 27/08/15 15:20, Jason Levitt wrote: >>>>> >>>>> Hi Andy, >>>>> >>>>> Not only is Jetty 9.1 fairly different than Jetty 8, but the >>>>>current >>>>> version of Jetty, 9.3 is somewhat different >>>>> than 9.1. I will investigate further. >>>> >>>> >>>> I just tried out 9.3 by flipping the version to 9.3.2.v20150730 and it >>>>seem >>>> OK (after 5 mins playing with it....). So looks like the codebase can >>>> switch if that helps simplifies things. >>>> >>>> Andy >>>> >>>> >>>> >>>>> >>>>> J >>>>> >>>>> On Thu, Aug 27, 2015 at 6:42 AM, Andy Seaborne <[email protected]> >>>>>wrote: >>>>>> >>>>>> Jason - thank you for pushing on with this. It seems a lot of Jetty >>>>>>has >>>>>> changed Jetty8->Jetty9.1 in this area which is all news to me. >>>>>> >>>>>> On 27/08/15 06:09, Jason Levitt wrote: >>>>>>> >>>>>>> >>>>>>> Making some progress but things still don't work. >>>>>>> >>>>>>> The startup log (edited) looks like this (domain name changed to >>>>>>> mysite.com): >>>>>> >>>>>> >>>>>> >>>>>> This looks like it is because its asking to run on an address that >>>>>>isn't >>>>>> the >>>>>> local machine for some reason. It does not look like something on >>>>>>the >>>>>> same >>>>>> port because it is (usually) >>>>>> >>>>>> "java.net.BindException: Address already in use" >>>>>> >>>>>> but it's might be worth checking. On Linux, "sudo lsof -i:8443" >>>>>> >>>>>> Your config does not set the host but maybe the IP config is getting >>>>>>in >>>>>> the >>>>>> way. This is EC2 so does the real DNS name resolve to the IP address >>>>>>of a >>>>>> local interface? Does using "localhost" work (= do something >>>>>>different)? >>>>>> >>>>>> That's the best clue I could find on StackOverflow. I haven't found >>>>>>a >>>>>> way >>>>>> to get the same error message using plan HTTP on a non-EC2 machine >>>>>> though. >>>>>> >>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed >>>>>>> to start server: Cannot assign requested address >>>>>> >>>>>> >>>>>> port=0 looks weird though if you are taking control with the config >>>>>>file >>>>>> that is possible due to the earlier error. >>>>>> >>>>>> What is printed is serverConnector.getPort() and serverConnector is >>>>>>the >>>>>> first/only configured ServerConnector. >>>>>> >>>>>> Andy >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> [2015-08-27 03:56:03] Server INFO Jetty server config file = >>>>>>> myconfig.xml >>>>>>> [2015-08-27 03:56:03] Server INFO Fuseki 2.3.0 >>>>>>> 2015-07-25T17:11:28+0000 >>>>>>> [2015-08-27 03:56:03] Config INFO >>>>>>>FUSEKI_HOME=/home/ec2-user/fuseki >>>>>>> [2015-08-27 03:56:03] Config INFO >>>>>>> FUSEKI_BASE=/home/ec2-user/fuseki/run >>>>>>> [2015-08-27 03:56:03] Servlet INFO Initializing Shiro >>>>>>>environment >>>>>>> [2015-08-27 03:56:03] Config INFO Shiro file: >>>>>>> file:///home/ec2-user/fuseki/run/shiro.ini >>>>>>> [2015-08-27 03:56:03] Config INFO Template file: >>>>>>> templates/config-tdb-dir >>>>>>> [2015-08-27 03:56:03] Config INFO TDB dataset: directory=ds >>>>>>> [2015-08-27 03:56:03] Config INFO Register: /ds >>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED >>>>>>> ServerConnector@7e5441{SSL-http/1.1}{mysite.com:8443}: >>>>>>> java.net.BindException: Cannot assign requested address >>>>>>> java.net.BindException: Cannot assign requested address >>>>>>> at sun.nio.ch.Net.bind0(Native Method) >>>>>>> at sun.nio.ch.Net.bind(Net.java:433) >>>>>>> at sun.nio.ch.Net.bind(Net.java:425) >>>>>>> .... >>>>>>> .... >>>>>>> .... >>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED >>>>>>> org.eclipse.jetty.server.Server@f9ed3e: java.net.BindException: >>>>>>>Cannot >>>>>>> assign requested address >>>>>>> java.net.BindException: Cannot assign requested address >>>>>>> at sun.nio.ch.Net.bind0(Native Method) >>>>>>> at sun.nio.ch.Net.bind(Net.java:433) >>>>>>> at sun.nio.ch.Net.bind(Net.java:425) >>>>>>> .... >>>>>>> .... >>>>>>> .... >>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed >>>>>>> to start server: Cannot assign requested address >>>>>>> >>>>>>> >>>>>>> And I'm running fuseki 2.3.0 with this command: >>>>>>> >>>>>>> nohup ./fuseki-server --port 8443 --update >>>>>>> --jetty-config=myconfig.xml --loc=ds /ds >>>>>>> >>>>>>> >>>>>>> The "myconfig.xml" file is below (I've already added my certificate >>>>>>> and key to the Java 8 JSSE): >>>>>>> >>>>>>> <?xml version="1.0"?> >>>>>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" >>>>>>> "http://www.eclipse.org/jetty/configure.dtd";> >>>>>>> >>>>>>> <Configure id="Server" class="org.eclipse.jetty.server.Server"> >>>>>>> <Call name="addConnector"> >>>>>>> <Arg> >>>>>>> <New class="org.eclipse.jetty.server.ServerConnector"> >>>>>>> <Arg name="server"><Ref refid="Server" /></Arg> >>>>>>> <Arg name="factories"> >>>>>>> <Array type="org.eclipse.jetty.server.ConnectionFactory"> >>>>>>> <Item> >>>>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> >>>>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg> >>>>>>> </New> >>>>>>> </Item> >>>>>>> </Array> >>>>>>> </Arg> >>>>>>> </New> >>>>>>> </Arg> >>>>>>> </Call> >>>>>>> >>>>>>> <New id="sslContextFactory" >>>>>>> class="org.eclipse.jetty.util.ssl.SslContextFactory"> >>>>>>> <Set name="KeyStorePath">/home/ec2-user/keystore</Set> >>>>>>> <Set name="KeyStorePassword">somepassword</Set> >>>>>>> <Set name="KeyManagerPassword">somepassword</Set> >>>>>>> <Set name="TrustStorePath">/home/ec2-user/keystore</Set> >>>>>>> <Set name="TrustStorePassword">somepassword</Set> >>>>>>> </New> >>>>>>> >>>>>>> <Call id="sslConnector" name="addConnector"> >>>>>>> <Arg> >>>>>>> <New class="org.eclipse.jetty.server.ServerConnector"> >>>>>>> <Arg name="server"><Ref refid="Server" /></Arg> >>>>>>> <Arg name="factories"> >>>>>>> <Array >>>>>>>type="org.eclipse.jetty.server.ConnectionFactory"> >>>>>>> <Item> >>>>>>> <New >>>>>>> class="org.eclipse.jetty.server.SslConnectionFactory"> >>>>>>> <Arg name="next">http/1.1</Arg> >>>>>>> <Arg name="sslContextFactory"><Ref >>>>>>> refid="sslContextFactory"/></Arg> >>>>>>> </New> >>>>>>> </Item> >>>>>>> <Item> >>>>>>> <New >>>>>>> class="org.eclipse.jetty.server.HttpConnectionFactory"> >>>>>>> <Arg name="config"><Ref >>>>>>>refid="tlsHttpConfig"/></Arg> >>>>>>> </New> >>>>>>> </Item> >>>>>>> </Array> >>>>>>> </Arg> >>>>>>> <Set name="host"><Property name="jetty.host"/></Set> >>>>>>> <Set name="port"><Property name="jetty.tls.port" >>>>>>> default="8443" >>>>>>> /></Set> >>>>>>> <Set name="idleTimeout">30000</Set> >>>>>>> <Set name="host">mysite.com</Set> >>>>>>> </New> >>>>>>> </Arg> >>>>>>> </Call> >>>>>>> >>>>>>> </Configure> >>>>>>> >>>>>>> =================================== >>>>>>> >>>>>>> On Tue, Aug 25, 2015 at 5:17 PM, Jason Levitt >>>>>>><[email protected]> >>>>>>> wrote: >>>>>>>> >>>>>>>> >>>>>>>> I can't find any examples of the file that you hand to >>>>>>>> "--jetty-config" >>>>>>>> >>>>>>>> The "official" jetty docs for configuring SSL imply that there are >>>>>>>>two >>>>>>>> configuration files, >>>>>>>> jetty-ssl-context.xml and jetty-https.xml. >>>>>>>> >>>>>>>> >>>>>>>>(http://www.eclipse.org/jetty/documentation/current/configuring-ssl. >>>>>>>>html) >>>>>>>> >>>>>>>> The example that you cite: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/j >>>>>>>>etty-server/src/main/config/etc/jetty-https.xml >>>>>>>> >>>>>>>> says that: "This configuration must be used in conjunction with >>>>>>>> jetty.xml and jetty-ssl.xml" >>>>>>>> >>>>>>>> Where do these files go? The Fuseki download does not have any >>>>>>>>"etc" >>>>>>>> directory or >>>>>>>> any xml configuration files at all. >>>>>>>> >>>>>>>> So, I tried handing some XML config files to Fuseki using >>>>>>>> --jetty-config and it gives very little >>>>>>>> info in the error (see below). Has anyone actually successfully run >>>>>>>> Fuseki over SSL? >>>>>>>> >>>>>>>> [2015-08-25 22:13:34] Server INFO Jetty server config file = >>>>>>>> ./jetty-https.xml >>>>>>>> [2015-08-25 22:13:34] Server ERROR SPARQLServer: Failed to >>>>>>>> configure server: Unknown configuration type: Call in >>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b >>>>>>>> java.lang.IllegalStateException: Unknown configuration type: Call >>>>>>>>in >>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.setConfig(XmlConfiguration.ja >>>>>>>>va:198) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.<init>(XmlConfiguration.java: >>>>>>>>177) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja >>>>>>>>va:264) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse >>>>>>>>ki.java:222) >>>>>>>> at >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek >>>>>>>>i.java:86) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j >>>>>>>>ava:335) >>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93) >>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58) >>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki >>>>>>>>Cmd.java:96) >>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59) >>>>>>>> org.apache.jena.fuseki.FusekiException: Failed to configure a >>>>>>>>server >>>>>>>> using configuration file './jetty-https.xml' >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja >>>>>>>>va:269) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse >>>>>>>>ki.java:222) >>>>>>>> at >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek >>>>>>>>i.java:86) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j >>>>>>>>ava:335) >>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93) >>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58) >>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45) >>>>>>>> at >>>>>>>> >>>>>>>> >>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki >>>>>>>>Cmd.java:96) >>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59) >>>>>>>> >>>>>>>> J >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Aug 21, 2015 at 4:14 AM, Andy Seaborne <[email protected]> >>>>>>>>wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> On 20/08/15 22:37, Jason Levitt wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks. So I can still use the "--jetty-config" option with >>>>>>>>>>Fuseki >>>>>>>>>> v2.30 ? >>>>>>>>>> >>>>>>>>>> J >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Yes, should work to pass in the file. There was a major jetty >>>>>>>>>version >>>>>>>>> change (8 to 9) and what effect that has had on that option is >>>>>>>>>unclear >>>>>>>>> to >>>>>>>>> me. Connector changed Jetty 8->9 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>http://www.eclipse.org/jetty/documentation/current/configuring-ssl. >>>>>>>>>html >>>>>>>>> >>>>>>>>> and their example: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/ >>>>>>>>>jetty-server/src/main/config/etc/jetty-https.xml >>>>>>>>> >>>>>>>>> It would be good to add this to the distribution - if you or >>>>>>>>>anyone >>>>>>>>> else >>>>>>>>> has >>>>>>>>> a working version, I'd be very grateful to get a copy. >>>>>>>>> >>>>>>>>> >>>>>>>>> Andy >>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 20/08/15 21:24, Jason Levitt wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Which version of Jetty does Fuseki 2.30 (the latest version) >>>>>>>>>>>>use? >>>>>>>>>>>> >>>>>>>>>>>> J >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0 >>>>>>>>>>>/jena-fuseki-2.3.0.pom >>>>>>>>>>> >>>>>>>>>>> ==> Jetty 9.1.1.v20140108 >>>>>>>>>>> >>>>>>>>>>> Andy >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne >>>>>>>>>>>><[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> The Jetty documentation is the best place to go for details of >>>>>>>>>>>>> setting >>>>>>>>>>>>> up >>>>>>>>>>>>> Jetty. >>>>>>>>>>>>> >>>>>>>>>>>>> Here's one in the examples/ area but as far as I can tell it's >>>>>>>>>>>>> more >>>>>>>>>>>>> int >>>>>>>>>>>>> he >>>>>>>>>>>>> category of "should work" (it is from Fuseki1 and that was a >>>>>>>>>>>>> different >>>>>>>>>>>>> version of Jetty) rather than tested. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>https://github.com/apache/jena/blob/master/jena-fuseki2/example >>>>>>>>>>>>>s/jetty-fuseki.xml >>>>>>>>>>>>> >>>>>>>>>>>>> If you, or anyone else, has a better example - please send it. >>>>>>>>>>>>> >>>>>>>>>>>>> Andy >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 20/08/15 02:54, Jason Levitt wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> We're in an AWS environment using Fuseki 2 with built-in >>>>>>>>>>>>>>Jetty. >>>>>>>>>>>>>> It >>>>>>>>>>>>>> only talks to internal machines so there >>>>>>>>>>>>>> is no need to protect it from external exposure. So that >>>>>>>>>>>>>>means >>>>>>>>>>>>>> that >>>>>>>>>>>>>> the easiest way is to use the >>>>>>>>>>>>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any >>>>>>>>>>>>>> docs >>>>>>>>>>>>>> on >>>>>>>>>>>>>> what the options are for that >>>>>>>>>>>>>> config file (e.g. what goes into the config file)? >>>>>>>>>>>>>> >>>>>>>>>>>>>> J >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne >>>>>>>>>>>>>><[email protected]> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Right. In a production environment, a reverse proxy is >>>>>>>>>>>>>>>useful >>>>>>>>>>>>>>> for >>>>>>>>>>>>>>> several >>>>>>>>>>>>>>> things and while there is nothing that force a reverse >>>>>>>>>>>>>>>proxy, >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> weight >>>>>>>>>>>>>>> of >>>>>>>>>>>>>>> features can mean it's a useful and flexible thing to put >>>>>>>>>>>>>>>into a >>>>>>>>>>>>>>> production >>>>>>>>>>>>>>> system. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 1/ Blocking undesirable clients >>>>>>>>>>>>>>> (manic crawlers, badly written PHP scripts) >>>>>>>>>>>>>>> 2/ more robust to DOS attacks (and accidental attacks) >>>>>>>>>>>>>>> Java web containers just aren't as good under >>>>>>>>>>>>>>>silly load >>>>>>>>>>>>>>> conditions. >>>>>>>>>>>>>>> 3/ URL rewrite >>>>>>>>>>>>>>> E.g don't need /dataset/query - can be any URL you >>>>>>>>>>>>>>>like. >>>>>>>>>>>>>>> 4/ Security >>>>>>>>>>>>>>> integrate with local systems; rich choice of >>>>>>>>>>>>>>>controls. >>>>>>>>>>>>>>> Control who and what can update >>>>>>>>>>>>>>> No need to restart for shiro chnages. >>>>>>>>>>>>>>> 5/ Rate control (e.g. no more than N queries at a time) >>>>>>>>>>>>>>> 6/ https (can be expensive so a C-implementation can help) >>>>>>>>>>>>>>> 7/ Lots of add-ons and mods for all sorts of tasks. >>>>>>>>>>>>>>> 8/ Lots of Q&A on stackoverflow! >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Fuseki has "--localhost" to only talk to the machine's >>>>>>>>>>>>>>>localhost >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> interface. In an environment like AWS, where port control is >>>>>>>>>>>>>>> easily, >>>>>>>>>>>>>>> it's >>>>>>>>>>>>>>> trivial to secure the Fuseki server to only talk to the >>>>>>>>>>>>>>>local >>>>>>>>>>>>>>> reverse >>>>>>>>>>>>>>> proxy >>>>>>>>>>>>>>> by blocking all ports except (22 and) 80+443. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Andy >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 18/08/15 20:21, A. Soroka wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I checked more carefully (should have done that before >>>>>>>>>>>>>>>> replying) >>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag >>>>>>>>>>>>>>>>for >>>>>>>>>>>>>>>> using >>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>> Jetty >>>>>>>>>>>>>>>> configuration that supports HTTPS: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> --jetty-config=FILE Set up the server (not services) >>>>>>>>>>>>>>>>with a >>>>>>>>>>>>>>>> Jetty >>>>>>>>>>>>>>>> XML >>>>>>>>>>>>>>>> file >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>> A. Soroka >>>>>>>>>>>>>>>> The University of Virginia Library >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Aug 18, 2015, at 10:34 AM, [email protected] >>>>>>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Are you deploying Fuseki to your own servlet container >>>>>>>>>>>>>>>>>(e.g. >>>>>>>>>>>>>>>>> Tomcat >>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>> Jetty) or using the server included with Fuseki and is it >>>>>>>>>>>>>>>>> Fuskei >>>>>>>>>>>>>>>>> 1 >>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>> 2? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> If the former, you will need to supply configuration >>>>>>>>>>>>>>>>>specific >>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> container. If the latter and it is Fuseki 1, there is a >>>>>>>>>>>>>>>>>Stack >>>>>>>>>>>>>>>>> Overflow >>>>>>>>>>>>>>>>> answer for it: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>https://stackoverflow.com/questions/28310045/enable-https-s >>>>>>>>>>>>>>>>>sl-on-fuseki-server >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> but the links seems to be dead. The idea is to supply >>>>>>>>>>>>>>>>>your own >>>>>>>>>>>>>>>>> Jetty >>>>>>>>>>>>>>>>> configuration (Jetty is the servlet container that the >>>>>>>>>>>>>>>>>Fuseki >>>>>>>>>>>>>>>>> command >>>>>>>>>>>>>>>>> uses). >>>>>>>>>>>>>>>>> For Fuseki 2, I think it is still under development? You >>>>>>>>>>>>>>>>>could >>>>>>>>>>>>>>>>> use >>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>> reverse >>>>>>>>>>>>>>>>> proxy in front of Fuseki, in that case. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>> A. Soroka >>>>>>>>>>>>>>>>> The University of Virginia Library >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt >>>>>>>>>>>>>>>>> <[email protected]> >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are >>>>>>>>>>>>>>>>>> any guidelines online to setting up >>>>>>>>>>>>>>>>>> Fuseki for HTTPS access? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Jason >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>> >>>> >> > > > >
