Hello! Successfully run Fuseki 4.4.0 (Jetty 10.0.7) with option "--jetty-config fuseki-jetty-https.xml" on this config (see below). For Fuseki 4.2.0 (Jetty 10.0.6) it works too. It based on config from examples ( https://github.com/apache/jena/blob/main/jena-fuseki2/examples/fuseki-jetty-https.xml) and updated: removed useless <Property>, added option to reload on keystore change, optimized a little.
Vladimir fuseki-jetty-https.xml: <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" " https://www.eclipse.org/jetty/configure_10_0.dtd";> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <Get name="ThreadPool"> <Set name="minThreads" type="int">10</Set> <Set name="maxThreads" type="int">200</Set> <Set name="idleTimeout" type="int">60000</Set> <Set name="detailedDump">false</Set> </Get> <!-- =========================================================== --> <!-- Add shared Scheduler instance --> <!-- =========================================================== --> <Call name="addBean"> <Arg> <New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/> </Arg> </Call> <!-- =========================================================== --> <!-- Http Configuration. --> <!-- This is a common configuration instance used by all --> <!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)--> <!-- It configures the non wire protocol aspects of the HTTP --> <!-- semantic. --> <!-- --> <!-- This configuration is only defined here and is used by --> <!-- reference from other XML files such as jetty-http.xml, --> <!-- jetty-https.xml and other configuration files which --> <!-- instantiate the connectors. --> <!-- --> <!-- Consult the javadoc of o.e.j.server.HttpConfiguration --> <!-- for all configuration that may be set here. --> <!-- =========================================================== --> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="outputBufferSize">32768</Set> <Set name="outputAggregationSize">8192</Set> <Set name="requestHeaderSize">8192</Set> <Set name="responseHeaderSize">8192</Set> <Set name="sendServerVersion">true</Set> <Set name="sendDateHeader">false</Set> <Set name="headerCacheSize">512</Set> <Set name="delayDispatchUntilContent">true</Set> <!-- Uncomment to enable handling of X-Forwarded- style headers <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> --> </New> <!-- =========================================================== --> <!-- Set the default handler structure for the Server --> <!-- A handler collection is used to pass received requests to --> <!-- both the ContextHandlerCollection, which selects the next --> <!-- handler by context path and virtual host, and the --> <!-- DefaultHandler, which handles any requests not handled by --> <!-- the context handlers. --> <!-- Other handlers may be added to the "Handlers" collection, --> <!-- for example the jetty-requestlog.xml file adds the --> <!-- RequestLogHandler after the default handler --> <!-- =========================================================== --> <Set name="handler"> <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> <Set name="handlers"> <Array type="org.eclipse.jetty.server.Handler"> <Item> <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/> </Item> <Item> <New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/> </Item> </Array> </Set> </New> </Set> <!-- =========================================================== --> <!-- extra server options --> <!-- =========================================================== --> <Set name="stopAtShutdown">true</Set> <Set name="stopTimeout">5000</Set> <Set name="dumpAfterStart">false</Set> <Set name="dumpBeforeStop">false</Set> <!-- ============================================================= --> <!-- Configure the Jetty Server instance with an ID "Server" --> <!-- by adding a HTTP connector. --> <!-- This configuration must be used in conjunction with jetty.xml --> <!-- ============================================================= --> <!-- =========================================================== --> <!-- Add a HTTP Connector. --> <!-- Configure an o.e.j.server.ServerConnector with a single --> <!-- HttpConnectionFactory instance using the common httpConfig --> <!-- instance defined in jetty.xml --> <!-- --> <!-- Consult the javadoc of o.e.j.server.ServerConnector and --> <!-- o.e.j.server.HttpConnectionFactory for all configuration --> <!-- that may be set here. --> <!-- =========================================================== --> <Call name="addConnector"> <Arg> <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"> <Ref refid="Server"/> </Arg> <Arg name="acceptors" type="int">-1</Arg> <Arg name="selectors" type="int">-1</Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <!-- uncomment to support proxy protocol <Item> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> </Item>--> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"> <Ref refid="httpConfig"/> </Arg> </New> </Item> </Array> </Arg> <Set name="host"/> <Set name="port">8080</Set> <Set name="idleTimeout">30000</Set> <Set name="acceptorPriorityDelta">0</Set> <Set name="acceptQueueSize">0</Set> </New> </Arg> </Call> <!-- ============================================================= --> <!-- Base SSL configuration --> <!-- This configuration needs to be used together with 1 or more --> <!-- of jetty-https.xml or jetty-http2.xml --> <!-- ============================================================= --> <!-- =========================================================== --> <!-- Add a SSL Connector with no protocol factories --> <!-- =========================================================== --> <Call name="addConnector"> <Arg> <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"> <Ref refid="Server"/> </Arg> <Arg name="acceptors" type="int">-1</Arg> <Arg name="selectors" type="int">-1</Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <!-- uncomment to support proxy protocol <Item> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> </Item>--> </Array> </Arg> <Set name="host"/> <Set name="port">8443</Set> <Set name="idleTimeout">30000</Set> <Set name="acceptorPriorityDelta">0</Set> <Set name="acceptQueueSize">0</Set> </New> </Arg> </Call> <!-- =========================================================== --> <!-- Create a TLS specific HttpConfiguration based on the --> <!-- common HttpConfiguration defined in jetty.xml --> <!-- Add a SecureRequestCustomizer to extract certificate and --> <!-- session information --> <!-- =========================================================== --> <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Arg> <Ref refid="httpConfig"/> </Arg> <Call name="addCustomizer"> <Arg> <New class="org.eclipse.jetty.server.SecureRequestCustomizer"> <Arg name="sniRequired" type="boolean">false</Arg> <Arg name="sniHostCheck" type="boolean">true</Arg> <Arg name="stsMaxAgeSeconds" type="int">-1</Arg> <Arg name="stsIncludeSubdomains" type="boolean">false</Arg> </New> </Arg> </Call> </New> <!-- ============================================================= --> <!-- SSL ContextFactory configuration --> <!-- ============================================================= --> <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> <Set name="KeyStorePath">keystore.p12</Set> <Set name="KeyStorePassword">MyPassword</Set> <Set name="KeyStoreType">pkcs12</Set> <Set name="KeyStoreProvider"/> <Set name="KeyManagerPassword">MyPassword</Set> <Set name="TrustStorePath">keystore.p12</Set> <Set name="TrustStorePassword">MyPassword</Set> <Set name="TrustStoreType">pkcs12</Set> <Set name="TrustStoreProvider"/> <Set name="EndpointIdentificationAlgorithm"/> <Set name="NeedClientAuth">false</Set> <Set name="WantClientAuth">false</Set> <Set name="excludeProtocols"> <Array type="String"> <Item>TLSv1.0</Item> <Item>TLSv1.1</Item> </Array> </Set> <Set name="UseCipherSuitesOrder">true</Set> </New> <!-- ============================================================= --> <!-- Configure a HTTPS connector. --> <!-- This configuration must be used in conjunction with jetty.xml --> <!-- and jetty-ssl.xml. --> <!-- ============================================================= --> <Ref refid="sslConnector"> <Call name="addIfAbsentConnectionFactory"> <Arg> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"> <Ref refid="sslContextFactory"/> </Arg> </New> </Arg> </Call> <Call name="addConnectionFactory"> <Arg> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"> <Ref refid="sslHttpConfig"/> </Arg> </New> </Arg> </Call> </Ref> <!-- ============================================================= --> <!-- Configure ssl-context-reload. --> <!-- Provides a periodic scanning of the directory where the --> <!-- KeyStore file resides. When the scanning detects a change to --> <!-- the KeyStore file, the correspondent SslContextFactory.Server --> <!-- component is reloaded with the new KeyStore configuration. --> <!-- ============================================================= --> <Call name="addBean"> <Arg> <New id="keyStoreScanner" class="org.eclipse.jetty.util.ssl.KeyStoreScanner"> <Arg> <Ref refid="sslContextFactory"/> </Arg> <Set name="scanInterval">1</Set> </New> </Arg> </Call> </Configure>
