You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by an...@apache.org on 2015/11/18 20:54:59 UTC
jena git commit: Example Jetty config file for https
Repository: jena
Updated Branches:
refs/heads/master 9c35b6806 -> b1a467457
Example Jetty config file for https
Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/b1a46745
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/b1a46745
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/b1a46745
Branch: refs/heads/master
Commit: b1a467457476d1e55f098c28fad4b72beef97354
Parents: 9c35b68
Author: Andy Seaborne <an...@apache.org>
Authored: Wed Nov 18 19:54:45 2015 +0000
Committer: Andy Seaborne <an...@apache.org>
Committed: Wed Nov 18 19:54:45 2015 +0000
----------------------------------------------------------------------
jena-fuseki2/examples/README | 6 +-
jena-fuseki2/examples/fuseki-jetty-https.xml | 270 ++++++++++++++++++++++
2 files changed, 275 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jena/blob/b1a46745/jena-fuseki2/examples/README
----------------------------------------------------------------------
diff --git a/jena-fuseki2/examples/README b/jena-fuseki2/examples/README
index 1c51b9e..acdd08a 100644
--- a/jena-fuseki2/examples/README
+++ b/jena-fuseki2/examples/README
@@ -2,5 +2,9 @@ This directory includes some examples - they will need to be adapted to
local requirements.
service-* ; Examples of service assembler descriptions
+Put in the configuration/ directory.
-jetty-fuseki.xml : A Jetty XML configuration file.
\ No newline at end of file
+
+fuseki-jetty-https.xml : A Jetty XML configuration file for running
+ This file will require configuration and also installing a certificate
+ Requires Jetty 9.3.3 first used in Fuseki 2.3.1
http://git-wip-us.apache.org/repos/asf/jena/blob/b1a46745/jena-fuseki2/examples/fuseki-jetty-https.xml
----------------------------------------------------------------------
diff --git a/jena-fuseki2/examples/fuseki-jetty-https.xml b/jena-fuseki2/examples/fuseki-jetty-https.xml
new file mode 100644
index 0000000..20762a1
--- /dev/null
+++ b/jena-fuseki2/examples/fuseki-jetty-https.xml
@@ -0,0 +1,270 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+
+<!--
+Example Jetty - you will need to configure a certificate.
+You wil need to conigure this example.
+
+See "sslContextFactory" below.
+
+Contributed by: Jason Levitt
+http://mail-archives.apache.org/mod_mbox/jena-users/201509.mbox/%3C55EB4CA2.7040803@apache.org%3E
+
+Use:
+ fuseki -jetty fuseki-jetty-https.xml ...
+
+
+External references:
+
+Jetty documentation on SSL:
+ https://wiki.eclipse.org/Jetty/Howto/Configure_SSL
+
+Oracle Java keytool
+ http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html
+
+Some more tools to help manage Java certificate store:
+ https://bitbucket.org/rvesse/java-ssl-helper/overview
+(external project Rob Vesse and Paul Heinlein / License: CC-BY-NC-SA)
+
+-->
+
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+
+ <Get name="ThreadPool">
+ <Set name="minThreads" type="int"><Property name="jetty.threadPool.minThreads" deprecated="threads.min" default="10"/></Set>
+ <Set name="maxThreads" type="int"><Property name="jetty.threadPool.maxThreads" deprecated="threads.max" default="200"/></Set>
+ <Set name="idleTimeout" type="int"><Property name="jetty.threadPool.idleTimeout" deprecated="threads.timeout" default="60000"/></Set>
+ <Set name="detailedDump">false</Set>
+ </Get>
+
+ <!-- =========================================================== -->
+ <!-- Add shared Scheduler instance -->
+ <!-- =========================================================== -->
+ <Call name="addBean">
+ <Arg>
+ <New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
+ </Arg>
+ </Call>
+
+ <!-- =========================================================== -->
+ <!-- Http Configuration. -->
+ <!-- This is a common configuration instance used by all -->
+ <!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
+ <!-- It configures the non wire protocol aspects of the HTTP -->
+ <!-- semantic. -->
+ <!-- -->
+ <!-- This configuration is only defined here and is used by -->
+ <!-- reference from other XML files such as jetty-http.xml, -->
+ <!-- jetty-https.xml and other configuration files which -->
+ <!-- instantiate the connectors. -->
+ <!-- -->
+ <!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
+ <!-- for all configuration that may be set here. -->
+ <!-- =========================================================== -->
+ <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set>
+ <Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" /></Set>
+ <Set name="outputBufferSize"><Property name="jetty.httpConfig.outputBufferSize" deprecated="jetty.output.buffer.size" default="32768" /></Set>
+ <Set name="outputAggregationSize"><Property name="jetty.httpConfig.outputAggregationSize" deprecated="jetty.output.aggregation.size" default="8192" /></Set>
+ <Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default="8192" /></Set>
+ <Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" deprecated="jetty.response.header.size" default="8192" /></Set>
+ <Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" deprecated="jetty.send.server.version" default="true" /></Set>
+ <Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" deprecated="jetty.send.date.header" default="false" /></Set>
+ <Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
+ <Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
+ <!-- Uncomment to enable handling of X-Forwarded- style headers
+ <Call name="addCustomizer">
+ <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
+ </Call>
+ -->
+ </New>
+
+ <!-- =========================================================== -->
+ <!-- Set the default handler structure for the Server -->
+ <!-- A handler collection is used to pass received requests to -->
+ <!-- both the ContextHandlerCollection, which selects the next -->
+ <!-- handler by context path and virtual host, and the -->
+ <!-- DefaultHandler, which handles any requests not handled by -->
+ <!-- the context handlers. -->
+ <!-- Other handlers may be added to the "Handlers" collection, -->
+ <!-- for example the jetty-requestlog.xml file adds the -->
+ <!-- RequestLogHandler after the default handler -->
+ <!-- =========================================================== -->
+ <Set name="handler">
+ <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
+ <Set name="handlers">
+ <Array type="org.eclipse.jetty.server.Handler">
+ <Item>
+ <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
+ </Item>
+ <Item>
+ <New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <!-- =========================================================== -->
+ <!-- extra server options -->
+ <!-- =========================================================== -->
+ <Set name="stopAtShutdown"><Property name="jetty.server.stopAtShutdown" default="true"/></Set>
+ <Set name="stopTimeout">5000</Set>
+ <Set name="dumpAfterStart"><Property name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start" default="false"/></Set>
+ <Set name="dumpBeforeStop"><Property name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop" default="false"/></Set>
+
+<!-- ============================================================= -->
+<!-- Configure the Jetty Server instance with an ID "Server" -->
+<!-- by adding a HTTP connector. -->
+<!-- This configuration must be used in conjunction with jetty.xml -->
+<!-- ============================================================= -->
+
+ <!-- =========================================================== -->
+ <!-- Add a HTTP Connector. -->
+ <!-- Configure an o.e.j.server.ServerConnector with a single -->
+ <!-- HttpConnectionFactory instance using the common httpConfig -->
+ <!-- instance defined in jetty.xml -->
+ <!-- -->
+ <!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
+ <!-- o.e.j.server.HttpConnectionFactory for all configuration -->
+ <!-- that may be set here. -->
+ <!-- =========================================================== -->
+ <Call name="addConnector">
+ <Arg>
+ <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server"><Ref refid="Server" /></Arg>
+ <Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg>
+ <Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <!-- uncomment to support proxy protocol
+ <Item>
+ <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
+ </Item>-->
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config"><Ref refid="httpConfig" /></Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="host"><Property name="jetty.http.host" deprecated="jetty.host" /></Set>
+ <Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="8082" /></Set>
+ <Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set>
+ <Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set>
+ <Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set>
+ <Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set>
+ </New>
+ </Arg>
+ </Call>
+
+<!-- ============================================================= -->
+<!-- Base SSL configuration -->
+<!-- This configuration needs to be used together with 1 or more -->
+<!-- of jetty-https.xml or jetty-http2.xml -->
+<!-- ============================================================= -->
+
+ <!-- =========================================================== -->
+ <!-- Add a SSL Connector with no protocol factories -->
+ <!-- =========================================================== -->
+ <Call name="addConnector">
+ <Arg>
+ <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server"><Ref refid="Server" /></Arg>
+ <Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
+ <Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <!-- uncomment to support proxy protocol
+ <Item>
+ <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
+ </Item>-->
+ </Array>
+ </Arg>
+
+ <Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
+ <Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="8443" /></Set>
+ <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
+ <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
+ <Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
+ <Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
+ </New>
+ </Arg>
+ </Call>
+
+ <!-- =========================================================== -->
+ <!-- Create a TLS specific HttpConfiguration based on the -->
+ <!-- common HttpConfiguration defined in jetty.xml -->
+ <!-- Add a SecureRequestCustomizer to extract certificate and -->
+ <!-- session information -->
+ <!-- =========================================================== -->
+ <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Arg><Ref refid="httpConfig"/></Arg>
+ <Call name="addCustomizer">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
+ <Arg type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
+ </New>
+ </Arg>
+ </Call>
+ </New>
+
+<!-- ============================================================= -->
+<!-- SSL ContextFactory configuration -->
+<!-- ============================================================= -->
+<!-- Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory" -->
+
+<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
+ <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="MyPassword" /></Set>
+ <Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
+ <Set name="KeyStoreProvider"><Property name="jetty.sslContext.keyStoreProvider"/></Set>
+ <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="MyPassword" /></Set>
+ <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/></Set>
+ <Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password" default="MyPassword" /></Set>
+ <Set name="TrustStoreType"><Property name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
+ <Set name="TrustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set>
+ <Set name="EndpointIdentificationAlgorithm"></Set>
+ <Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
+ <Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
+ <Set name="ExcludeCipherSuites">
+ <Array type="String">
+ <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
+ <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
+ <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
+ <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
+ <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
+ <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
+ <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
+ </Array>
+ </Set>
+ <Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
+</New>
+
+<!-- ============================================================= -->
+<!-- Configure a HTTPS connector. -->
+<!-- This configuration must be used in conjunction with jetty.xml -->
+<!-- and jetty-ssl.xml. -->
+<!-- ============================================================= -->
+
+<Ref id="sslConnector">
+ <Call name="addIfAbsentConnectionFactory">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SslConnectionFactory">
+ <Arg name="next">http/1.1</Arg>
+ <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
+ </New>
+ </Arg>
+ </Call>
+
+ <Call name="addConnectionFactory">
+ <Arg>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
+ </New>
+ </Arg>
+ </Call>
+</Ref>
+
+
+</Configure>