You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jena.apache.org by Andy Seaborne <an...@apache.org> on 2015/09/01 11:12:24 UTC
Re: Fuseki over HTTPS?
On 27/08/15 16:56, Jason Levitt wrote:
> If I remove that line from my config file:
>
> <Set name="host">mysite.com</Set>
>
> And then run fuseki and try to connect, using openssl, I get:
>
> $ openssl s_client -connect mysite.com:8443
> CONNECTED(00000003)
> 5546:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185:
>
> I have no idea what this means -- probably a certificate mismatch(?).
That could be what's happening - if the handshake is failing, I think it
means the operation hasn't got near the level of dispatching to the
index page.
Andy
>
> J
>
> On Thu, Aug 27, 2015 at 10:46 AM, Andy Seaborne <an...@apache.org> wrote:
>> On 27/08/15 15:20, Jason Levitt wrote:
>>>
>>> Hi Andy,
>>>
>>> Not only is Jetty 9.1 fairly different than Jetty 8, but the current
>>> version of Jetty, 9.3 is somewhat different
>>> than 9.1. I will investigate further.
>>
>>
>> I just tried out 9.3 by flipping the version to 9.3.2.v20150730 and it seem
>> OK (after 5 mins playing with it....). So looks like the codebase can
>> switch if that helps simplifies things.
>>
>> Andy
>>
>>
>>
>>>
>>> J
>>>
>>> On Thu, Aug 27, 2015 at 6:42 AM, Andy Seaborne <an...@apache.org> wrote:
>>>>
>>>> Jason - thank you for pushing on with this. It seems a lot of Jetty has
>>>> changed Jetty8->Jetty9.1 in this area which is all news to me.
>>>>
>>>> On 27/08/15 06:09, Jason Levitt wrote:
>>>>>
>>>>>
>>>>> Making some progress but things still don't work.
>>>>>
>>>>> The startup log (edited) looks like this (domain name changed to
>>>>> mysite.com):
>>>>
>>>>
>>>>
>>>> This looks like it is because its asking to run on an address that isn't
>>>> the
>>>> local machine for some reason. It does not look like something on the
>>>> same
>>>> port because it is (usually)
>>>>
>>>> "java.net.BindException: Address already in use"
>>>>
>>>> but it's might be worth checking. On Linux, "sudo lsof -i:8443"
>>>>
>>>> Your config does not set the host but maybe the IP config is getting in
>>>> the
>>>> way. This is EC2 so does the real DNS name resolve to the IP address of a
>>>> local interface? Does using "localhost" work (= do something different)?
>>>>
>>>> That's the best clue I could find on StackOverflow. I haven't found a
>>>> way
>>>> to get the same error message using plan HTTP on a non-EC2 machine
>>>> though.
>>>>
>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>> to start server: Cannot assign requested address
>>>>
>>>>
>>>> port=0 looks weird though if you are taking control with the config file
>>>> that is possible due to the earlier error.
>>>>
>>>> What is printed is serverConnector.getPort() and serverConnector is the
>>>> first/only configured ServerConnector.
>>>>
>>>> Andy
>>>>
>>>>
>>>>
>>>>>
>>>>> [2015-08-27 03:56:03] Server INFO Jetty server config file =
>>>>> myconfig.xml
>>>>> [2015-08-27 03:56:03] Server INFO Fuseki 2.3.0
>>>>> 2015-07-25T17:11:28+0000
>>>>> [2015-08-27 03:56:03] Config INFO FUSEKI_HOME=/home/ec2-user/fuseki
>>>>> [2015-08-27 03:56:03] Config INFO
>>>>> FUSEKI_BASE=/home/ec2-user/fuseki/run
>>>>> [2015-08-27 03:56:03] Servlet INFO Initializing Shiro environment
>>>>> [2015-08-27 03:56:03] Config INFO Shiro file:
>>>>> file:///home/ec2-user/fuseki/run/shiro.ini
>>>>> [2015-08-27 03:56:03] Config INFO Template file:
>>>>> templates/config-tdb-dir
>>>>> [2015-08-27 03:56:03] Config INFO TDB dataset: directory=ds
>>>>> [2015-08-27 03:56:03] Config INFO Register: /ds
>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>> ServerConnector@7e5441{SSL-http/1.1}{mysite.com:8443}:
>>>>> java.net.BindException: Cannot assign requested address
>>>>> java.net.BindException: Cannot assign requested address
>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>> ....
>>>>> ....
>>>>> ....
>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>> org.eclipse.jetty.server.Server@f9ed3e: java.net.BindException: Cannot
>>>>> assign requested address
>>>>> java.net.BindException: Cannot assign requested address
>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>> ....
>>>>> ....
>>>>> ....
>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>> to start server: Cannot assign requested address
>>>>>
>>>>>
>>>>> And I'm running fuseki 2.3.0 with this command:
>>>>>
>>>>> nohup ./fuseki-server --port 8443 --update
>>>>> --jetty-config=myconfig.xml --loc=ds /ds
>>>>>
>>>>>
>>>>> The "myconfig.xml" file is below (I've already added my certificate
>>>>> and key to the Java 8 JSSE):
>>>>>
>>>>> <?xml version="1.0"?>
>>>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>>>> "http://www.eclipse.org/jetty/configure.dtd">
>>>>>
>>>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>>>> <Call name="addConnector">
>>>>> <Arg>
>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>> <Arg name="factories">
>>>>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>>>>> <Item>
>>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>>>> </New>
>>>>> </Item>
>>>>> </Array>
>>>>> </Arg>
>>>>> </New>
>>>>> </Arg>
>>>>> </Call>
>>>>>
>>>>> <New id="sslContextFactory"
>>>>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>>>> <Set name="KeyStorePath">/home/ec2-user/keystore</Set>
>>>>> <Set name="KeyStorePassword">somepassword</Set>
>>>>> <Set name="KeyManagerPassword">somepassword</Set>
>>>>> <Set name="TrustStorePath">/home/ec2-user/keystore</Set>
>>>>> <Set name="TrustStorePassword">somepassword</Set>
>>>>> </New>
>>>>>
>>>>> <Call id="sslConnector" name="addConnector">
>>>>> <Arg>
>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>> <Arg name="factories">
>>>>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>>>>> <Item>
>>>>> <New
>>>>> class="org.eclipse.jetty.server.SslConnectionFactory">
>>>>> <Arg name="next">http/1.1</Arg>
>>>>> <Arg name="sslContextFactory"><Ref
>>>>> refid="sslContextFactory"/></Arg>
>>>>> </New>
>>>>> </Item>
>>>>> <Item>
>>>>> <New
>>>>> class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>> <Arg name="config"><Ref refid="tlsHttpConfig"/></Arg>
>>>>> </New>
>>>>> </Item>
>>>>> </Array>
>>>>> </Arg>
>>>>> <Set name="host"><Property name="jetty.host"/></Set>
>>>>> <Set name="port"><Property name="jetty.tls.port"
>>>>> default="8443"
>>>>> /></Set>
>>>>> <Set name="idleTimeout">30000</Set>
>>>>> <Set name="host">mysite.com</Set>
>>>>> </New>
>>>>> </Arg>
>>>>> </Call>
>>>>>
>>>>> </Configure>
>>>>>
>>>>> ===================================
>>>>>
>>>>> On Tue, Aug 25, 2015 at 5:17 PM, Jason Levitt <sl...@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> I can't find any examples of the file that you hand to
>>>>>> "--jetty-config"
>>>>>>
>>>>>> The "official" jetty docs for configuring SSL imply that there are two
>>>>>> configuration files,
>>>>>> jetty-ssl-context.xml and jetty-https.xml.
>>>>>>
>>>>>> (http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html)
>>>>>>
>>>>>> The example that you cite:
>>>>>>
>>>>>>
>>>>>>
>>>>>> http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml
>>>>>>
>>>>>> says that: "This configuration must be used in conjunction with
>>>>>> jetty.xml and jetty-ssl.xml"
>>>>>>
>>>>>> Where do these files go? The Fuseki download does not have any "etc"
>>>>>> directory or
>>>>>> any xml configuration files at all.
>>>>>>
>>>>>> So, I tried handing some XML config files to Fuseki using
>>>>>> --jetty-config and it gives very little
>>>>>> info in the error (see below). Has anyone actually successfully run
>>>>>> Fuseki over SSL?
>>>>>>
>>>>>> [2015-08-25 22:13:34] Server INFO Jetty server config file =
>>>>>> ./jetty-https.xml
>>>>>> [2015-08-25 22:13:34] Server ERROR SPARQLServer: Failed to
>>>>>> configure server: Unknown configuration type: Call in
>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>> java.lang.IllegalStateException: Unknown configuration type: Call in
>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>> at
>>>>>>
>>>>>> org.eclipse.jetty.xml.XmlConfiguration.setConfig(XmlConfiguration.java:198)
>>>>>> at
>>>>>>
>>>>>> org.eclipse.jetty.xml.XmlConfiguration.<init>(XmlConfiguration.java:177)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:264)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
>>>>>> at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>> org.apache.jena.fuseki.FusekiException: Failed to configure a server
>>>>>> using configuration file './jetty-https.xml'
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
>>>>>> at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>> at
>>>>>>
>>>>>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>
>>>>>> J
>>>>>>
>>>>>>
>>>>>> On Fri, Aug 21, 2015 at 4:14 AM, Andy Seaborne <an...@apache.org> wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 20/08/15 22:37, Jason Levitt wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks. So I can still use the "--jetty-config" option with Fuseki
>>>>>>>> v2.30 ?
>>>>>>>>
>>>>>>>> J
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Yes, should work to pass in the file. There was a major jetty version
>>>>>>> change (8 to 9) and what effect that has had on that option is unclear
>>>>>>> to
>>>>>>> me. Connector changed Jetty 8->9
>>>>>>>
>>>>>>>
>>>>>>> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html
>>>>>>>
>>>>>>> and their example:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/jetty-https.xml
>>>>>>>
>>>>>>> It would be good to add this to the distribution - if you or anyone
>>>>>>> else
>>>>>>> has
>>>>>>> a working version, I'd be very grateful to get a copy.
>>>>>>>
>>>>>>>
>>>>>>> Andy
>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <an...@apache.org>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 20/08/15 21:24, Jason Levitt wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Which version of Jetty does Fuseki 2.30 (the latest version) use?
>>>>>>>>>>
>>>>>>>>>> J
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0/jena-fuseki-2.3.0.pom
>>>>>>>>>
>>>>>>>>> ==> Jetty 9.1.1.v20140108
>>>>>>>>>
>>>>>>>>> Andy
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne <an...@apache.org>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> The Jetty documentation is the best place to go for details of
>>>>>>>>>>> setting
>>>>>>>>>>> up
>>>>>>>>>>> Jetty.
>>>>>>>>>>>
>>>>>>>>>>> Here's one in the examples/ area but as far as I can tell it's
>>>>>>>>>>> more
>>>>>>>>>>> int
>>>>>>>>>>> he
>>>>>>>>>>> category of "should work" (it is from Fuseki1 and that was a
>>>>>>>>>>> different
>>>>>>>>>>> version of Jetty) rather than tested.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> https://github.com/apache/jena/blob/master/jena-fuseki2/examples/jetty-fuseki.xml
>>>>>>>>>>>
>>>>>>>>>>> If you, or anyone else, has a better example - please send it.
>>>>>>>>>>>
>>>>>>>>>>> Andy
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 20/08/15 02:54, Jason Levitt wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> We're in an AWS environment using Fuseki 2 with built-in Jetty.
>>>>>>>>>>>> It
>>>>>>>>>>>> only talks to internal machines so there
>>>>>>>>>>>> is no need to protect it from external exposure. So that means
>>>>>>>>>>>> that
>>>>>>>>>>>> the easiest way is to use the
>>>>>>>>>>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any
>>>>>>>>>>>> docs
>>>>>>>>>>>> on
>>>>>>>>>>>> what the options are for that
>>>>>>>>>>>> config file (e.g. what goes into the config file)?
>>>>>>>>>>>>
>>>>>>>>>>>> J
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne <an...@apache.org>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Right. In a production environment, a reverse proxy is useful
>>>>>>>>>>>>> for
>>>>>>>>>>>>> several
>>>>>>>>>>>>> things and while there is nothing that force a reverse proxy,
>>>>>>>>>>>>> the
>>>>>>>>>>>>> weight
>>>>>>>>>>>>> of
>>>>>>>>>>>>> features can mean it's a useful and flexible thing to put into a
>>>>>>>>>>>>> production
>>>>>>>>>>>>> system.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 1/ Blocking undesirable clients
>>>>>>>>>>>>> (manic crawlers, badly written PHP scripts)
>>>>>>>>>>>>> 2/ more robust to DOS attacks (and accidental attacks)
>>>>>>>>>>>>> Java web containers just aren't as good under silly load
>>>>>>>>>>>>> conditions.
>>>>>>>>>>>>> 3/ URL rewrite
>>>>>>>>>>>>> E.g don't need /dataset/query - can be any URL you like.
>>>>>>>>>>>>> 4/ Security
>>>>>>>>>>>>> integrate with local systems; rich choice of controls.
>>>>>>>>>>>>> Control who and what can update
>>>>>>>>>>>>> No need to restart for shiro chnages.
>>>>>>>>>>>>> 5/ Rate control (e.g. no more than N queries at a time)
>>>>>>>>>>>>> 6/ https (can be expensive so a C-implementation can help)
>>>>>>>>>>>>> 7/ Lots of add-ons and mods for all sorts of tasks.
>>>>>>>>>>>>> 8/ Lots of Q&A on stackoverflow!
>>>>>>>>>>>>>
>>>>>>>>>>>>> Fuseki has "--localhost" to only talk to the machine's localhost
>>>>>>>>>>>>> network
>>>>>>>>>>>>> interface. In an environment like AWS, where port control is
>>>>>>>>>>>>> easily,
>>>>>>>>>>>>> it's
>>>>>>>>>>>>> trivial to secure the Fuseki server to only talk to the local
>>>>>>>>>>>>> reverse
>>>>>>>>>>>>> proxy
>>>>>>>>>>>>> by blocking all ports except (22 and) 80+443.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Andy
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 18/08/15 20:21, A. Soroka wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I checked more carefully (should have done that before
>>>>>>>>>>>>>> replying)
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> it
>>>>>>>>>>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag for
>>>>>>>>>>>>>> using
>>>>>>>>>>>>>> a
>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>> configuration that supports HTTPS:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --jetty-config=FILE Set up the server (not services) with a
>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>> XML
>>>>>>>>>>>>>> file
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Aug 18, 2015, at 10:34 AM, ajs6f@virginia.edu
>>>>>>>>>>>>>> <aj...@email.virginia.edu> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Are you deploying Fuseki to your own servlet container (e.g.
>>>>>>>>>>>>>>> Tomcat
>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>> Jetty) or using the server included with Fuseki and is it
>>>>>>>>>>>>>>> Fuskei
>>>>>>>>>>>>>>> 1
>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>> 2?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If the former, you will need to supply configuration specific
>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>> container. If the latter and it is Fuseki 1, there is a Stack
>>>>>>>>>>>>>>> Overflow
>>>>>>>>>>>>>>> answer for it:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://stackoverflow.com/questions/28310045/enable-https-ssl-on-fuseki-server
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> but the links seems to be dead. The idea is to supply your own
>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>> configuration (Jetty is the servlet container that the Fuseki
>>>>>>>>>>>>>>> command
>>>>>>>>>>>>>>> uses).
>>>>>>>>>>>>>>> For Fuseki 2, I think it is still under development? You could
>>>>>>>>>>>>>>> use
>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>>> proxy in front of Fuseki, in that case.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt
>>>>>>>>>>>>>>> <sl...@gmail.com>
>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are
>>>>>>>>>>>>>>>> any guidelines online to setting up
>>>>>>>>>>>>>>>> Fuseki for HTTPS access?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Jason
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>
>>
Re: Fuseki over HTTPS?
Posted by Andy Seaborne <an...@apache.org>.
Jason,
> The error:
>
>> java.lang.IllegalStateException: No Method: <Call
>> name="addIfAbsentConnectionFactory"><Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
>> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
>> refid="sslContextFactory"/></Arg></New>
>> </Arg></Call> on class org.eclipse.jetty.server.Server
>
> says that the method addIfAbsentConnectionFactory is being called on Server. Server does not have that method but there is one on Connector.
>
> Maybe some kind of alignment problem in the configuration file?
I am not an expert in the Jetty configuration language which is, well,
"different" :-)
My current idea is that it needs a <Ref id="sslConnector"> to wrap the
<Call name="addIfAbsentConnectionFactory">
and
<Call name="addConnectionFactory">
to set the target object for the call. And maybe reordering to put after
the creation of "sslConnector".
I'm finding it error-prone to reconstruct the XML configuration file
after email has messed it up as I had to fix some things up. Also, the
file file jettyall has more in it than the files you listed?
(jetty-ssl.xml for example?)
Could we establish a baseline file? Either directly email a file
(sorry, no attachments here reliably) or put it on a gist/pastebin
somewhere.
Do you have a HTTP (only) setup that works? If we could work from a
version that adds http and adds https, and works with http only, https
commented out, then things might be clearer.
Andy
Re: Fuseki over HTTPS?
Posted by Jason Levitt <sl...@gmail.com>.
Hi Andy,
I've tried several permutations of the merged configuration file,
but I can't get your new build of Fuseki
to accept the config file. If you have some config file samples you'd
like me to try, I'd be happy to
do so since I have a server setup with a valid SSL cert (works fine
with Jetty 9.3.x).
Jason
On Thu, Sep 3, 2015 at 3:24 AM, Andy Seaborne <an...@apache.org> wrote:
> The error:
>
>> java.lang.IllegalStateException: No Method: <Call
>> name="addIfAbsentConnectionFactory"><Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
>> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
>> refid="sslContextFactory"/></Arg></New>
>> </Arg></Call> on class org.eclipse.jetty.server.Server
>
> says that the method addIfAbsentConnectionFactory is being called on Server.
> Server does not have that method but there is one on Connector.
>
> Maybe some kind of alignment problem in the configuration file?
>
> Andy
>
>
> On 02/09/15 23:39, Jason Levitt wrote:
>>
>> Below is the combined XML config file I'm trying to use. Fuseki (your
>> Jetty v9.3.3 build) spits this error out (also below).
>> The combined config files, separately, provide SSL fine in Jetty
>> v9.3.3 but I can't get it to work in Fuseki. The only change I had to
>> make, for XML
>> syntax purposes, was changing:
>>
>> <Configure id="sslContextFactory"
>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>
>> To this:
>>
>> <New id="sslContextFactory"
>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>
>> ====================================
>>
>> [2015-09-02 22:36:24] Server INFO Jetty server config file =
>> /home/ec2-user/fuseki/jettyconfig/jettyall.xml
>> [2015-09-02 22:36:24] XmlConfiguration WARN Config error at <Call
>> name="addIfAbsentConnectionFactory"><Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
>> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
>> refid="sslContextFactory"/></Arg></New>
>> </Arg></Call>
>> [2015-09-02 22:36:24] Server ERROR SPARQLServer: Failed to
>> configure server: No Method: <Call
>> name="addIfAbsentConnectionFactory"><Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
>> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
>> refid="sslContextFactory"/></Arg></New>
>> </Arg></Call> on class org.eclipse.jetty.server.Server
>> java.lang.IllegalStateException: No Method: <Call
>> name="addIfAbsentConnectionFactory"><Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
>> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
>> refid="sslContextFactory"/></Arg></New>
>> </Arg></Call> on class org.eclipse.jetty.server.Server
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:734)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:300)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:245)
>> at
>> org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:265)
>> at
>> org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
>> at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>> at
>> org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
>> at
>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>> at
>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>> Caused by: java.lang.NoSuchMethodException: addIfAbsentConnectionFactory
>> at org.eclipse.jetty.util.TypeUtil.call(TypeUtil.java:552)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:726)
>> ... 13 more
>> org.apache.jena.fuseki.FusekiException: Failed to configure a server
>> using configuration file
>> '/home/ec2-user/fuseki/jettyconfig/jettyall.xml'
>> at
>> org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269)
>> at
>> org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
>> at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>> at
>> org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
>> at
>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>> at
>> org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>
>> ============================
>>
>> jettyall.xml file:
>>
>>
>> <?xml version="1.0"?>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>
>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>
>> <Get name="ThreadPool">
>> <Set name="minThreads" type="int"><Property
>> name="jetty.threadPool.minThreads" deprecated="threads.min"
>> default="10"/></Set>
>> <Set name="maxThreads" type="int"><Property
>> name="jetty.threadPool.maxThreads" deprecated="threads.max"
>> default="200"/></Set>
>> <Set name="idleTimeout" type="int"><Property
>> name="jetty.threadPool.idleTimeout" deprecated="threads.timeout"
>> default="60000"/></Set>
>> <Set name="detailedDump">false</Set>
>> </Get>
>>
>> <!-- =========================================================== -->
>> <!-- Add shared Scheduler instance -->
>> <!-- =========================================================== -->
>> <Call name="addBean">
>> <Arg>
>> <New
>> class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
>> </Arg>
>> </Call>
>>
>> <!-- =========================================================== -->
>> <!-- Http Configuration. -->
>> <!-- This is a common configuration instance used by all -->
>> <!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
>> <!-- It configures the non wire protocol aspects of the HTTP -->
>> <!-- semantic. -->
>> <!-- -->
>> <!-- This configuration is only defined here and is used by -->
>> <!-- reference from other XML files such as jetty-http.xml, -->
>> <!-- jetty-https.xml and other configuration files which -->
>> <!-- instantiate the connectors. -->
>> <!-- -->
>> <!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
>> <!-- for all configuration that may be set here. -->
>> <!-- =========================================================== -->
>> <New id="httpConfig"
>> class="org.eclipse.jetty.server.HttpConfiguration">
>> <Set name="secureScheme"><Property
>> name="jetty.httpConfig.secureScheme" default="https" /></Set>
>> <Set name="securePort"><Property
>> name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
>> default="8443" /></Set>
>> <Set name="outputBufferSize"><Property
>> name="jetty.httpConfig.outputBufferSize"
>> deprecated="jetty.output.buffer.size" default="32768" /></Set>
>> <Set name="outputAggregationSize"><Property
>> name="jetty.httpConfig.outputAggregationSize"
>> deprecated="jetty.output.aggregation.size" default="8192" /></Set>
>> <Set name="requestHeaderSize"><Property
>> name="jetty.httpConfig.requestHeaderSize"
>> deprecated="jetty.request.header.size" default="8192" /></Set>
>> <Set name="responseHeaderSize"><Property
>> name="jetty.httpConfig.responseHeaderSize"
>> deprecated="jetty.response.header.size" default="8192" /></Set>
>> <Set name="sendServerVersion"><Property
>> name="jetty.httpConfig.sendServerVersion"
>> deprecated="jetty.send.server.version" default="true" /></Set>
>> <Set name="sendDateHeader"><Property
>> name="jetty.httpConfig.sendDateHeader"
>> deprecated="jetty.send.date.header" default="false" /></Set>
>> <Set name="headerCacheSize"><Property
>> name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
>> <Set name="delayDispatchUntilContent"><Property
>> name="jetty.httpConfig.delayDispatchUntilContent"
>> deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
>> <!-- Uncomment to enable handling of X-Forwarded- style headers
>> <Call name="addCustomizer">
>> <Arg><New
>> class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
>> </Call>
>> -->
>> </New>
>>
>> <!-- =========================================================== -->
>> <!-- Set the default handler structure for the Server -->
>> <!-- A handler collection is used to pass received requests to -->
>> <!-- both the ContextHandlerCollection, which selects the next -->
>> <!-- handler by context path and virtual host, and the -->
>> <!-- DefaultHandler, which handles any requests not handled by -->
>> <!-- the context handlers. -->
>> <!-- Other handlers may be added to the "Handlers" collection, -->
>> <!-- for example the jetty-requestlog.xml file adds the -->
>> <!-- RequestLogHandler after the default handler -->
>> <!-- =========================================================== -->
>> <Set name="handler">
>> <New id="Handlers"
>> class="org.eclipse.jetty.server.handler.HandlerCollection">
>> <Set name="handlers">
>> <Array type="org.eclipse.jetty.server.Handler">
>> <Item>
>> <New id="Contexts"
>> class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
>> </Item>
>> <Item>
>> <New id="DefaultHandler"
>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>> </Item>
>> </Array>
>> </Set>
>> </New>
>> </Set>
>>
>> <!-- =========================================================== -->
>> <!-- extra server options -->
>> <!-- =========================================================== -->
>> <Set name="stopAtShutdown"><Property
>> name="jetty.server.stopAtShutdown" default="true"/></Set>
>> <Set name="stopTimeout">5000</Set>
>> <Set name="dumpAfterStart"><Property
>> name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start"
>> default="false"/></Set>
>> <Set name="dumpBeforeStop"><Property
>> name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop"
>> default="false"/></Set>
>>
>> <!-- ============================================================= -->
>> <!-- Configure the Jetty Server instance with an ID "Server" -->
>> <!-- by adding a HTTP connector. -->
>> <!-- This configuration must be used in conjunction with jetty.xml -->
>> <!-- ============================================================= -->
>>
>> <!-- =========================================================== -->
>> <!-- Add a HTTP Connector. -->
>> <!-- Configure an o.e.j.server.ServerConnector with a single -->
>> <!-- HttpConnectionFactory instance using the common httpConfig -->
>> <!-- instance defined in jetty.xml -->
>> <!-- -->
>> <!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
>> <!-- o.e.j.server.HttpConnectionFactory for all configuration -->
>> <!-- that may be set here. -->
>> <!-- =========================================================== -->
>> <Call name="addConnector">
>> <Arg>
>> <New id="httpConnector"
>> class="org.eclipse.jetty.server.ServerConnector">
>> <Arg name="server"><Ref refid="Server" /></Arg>
>> <Arg name="acceptors" type="int"><Property
>> name="jetty.http.acceptors" deprecated="http.acceptors"
>> default="-1"/></Arg>
>> <Arg name="selectors" type="int"><Property
>> name="jetty.http.selectors" deprecated="http.selectors"
>> default="-1"/></Arg>
>> <Arg name="factories">
>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>> <!-- uncomment to support proxy protocol
>> <Item>
>> <New
>> class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
>> </Item>-->
>> <Item>
>> <New
>> class="org.eclipse.jetty.server.HttpConnectionFactory">
>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>> </New>
>> </Item>
>> </Array>
>> </Arg>
>> <Set name="host"><Property name="jetty.http.host"
>> deprecated="jetty.host" /></Set>
>> <Set name="port"><Property name="jetty.http.port"
>> deprecated="jetty.port" default="8080" /></Set>
>> <Set name="idleTimeout"><Property
>> name="jetty.http.idleTimeout" deprecated="http.timeout"
>> default="30000"/></Set>
>> <Set name="soLingerTime"><Property
>> name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
>> default="-1"/></Set>
>> <Set name="acceptorPriorityDelta"><Property
>> name="jetty.http.acceptorPriorityDelta"
>> deprecated="http.acceptorPriorityDelta" default="0"/></Set>
>> <Set name="acceptQueueSize"><Property
>> name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
>> default="0"/></Set>
>> </New>
>> </Arg>
>> </Call>
>>
>> <!-- ============================================================= -->
>> <!-- Configure a HTTPS connector. -->
>> <!-- This configuration must be used in conjunction with jetty.xml -->
>> <!-- and jetty-ssl.xml. -->
>> <!-- ============================================================= -->
>>
>> <Call name="addIfAbsentConnectionFactory">
>> <Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory">
>> <Arg name="next">http/1.1</Arg>
>> <Arg name="sslContextFactory"><Ref
>> refid="sslContextFactory"/></Arg>
>> </New>
>> </Arg>
>> </Call>
>>
>> <Call name="addConnectionFactory">
>> <Arg>
>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>> <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
>> </New>
>> </Arg>
>> </Call>
>>
>>
>> <!-- ============================================================= -->
>> <!-- Base SSL configuration -->
>> <!-- This configuration needs to be used together with 1 or more -->
>> <!-- of jetty-https.xml or jetty-http2.xml -->
>> <!-- ============================================================= -->
>>
>> <!-- =========================================================== -->
>> <!-- Add a SSL Connector with no protocol factories -->
>> <!-- =========================================================== -->
>> <Call name="addConnector">
>> <Arg>
>> <New id="sslConnector"
>> class="org.eclipse.jetty.server.ServerConnector">
>> <Arg name="server"><Ref refid="Server" /></Arg>
>> <Arg name="acceptors" type="int"><Property
>> name="jetty.ssl.acceptors" deprecated="ssl.acceptors"
>> default="-1"/></Arg>
>> <Arg name="selectors" type="int"><Property
>> name="jetty.ssl.selectors" deprecated="ssl.selectors"
>> default="-1"/></Arg>
>> <Arg name="factories">
>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>> <!-- uncomment to support proxy protocol
>> <Item>
>> <New
>> class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
>> </Item>-->
>> </Array>
>> </Arg>
>>
>> <Set name="host"><Property name="jetty.ssl.host"
>> deprecated="jetty.host" /></Set>
>> <Set name="port"><Property name="jetty.ssl.port"
>> deprecated="ssl.port" default="8443" /></Set>
>> <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout"
>> deprecated="ssl.timeout" default="30000"/></Set>
>> <Set name="soLingerTime"><Property
>> name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime"
>> default="-1"/></Set>
>> <Set name="acceptorPriorityDelta"><Property
>> name="jetty.ssl.acceptorPriorityDelta"
>> deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
>> <Set name="acceptQueueSize"><Property
>> name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize"
>> default="0"/></Set>
>> </New>
>> </Arg>
>> </Call>
>>
>> <!-- =========================================================== -->
>> <!-- Create a TLS specific HttpConfiguration based on the -->
>> <!-- common HttpConfiguration defined in jetty.xml -->
>> <!-- Add a SecureRequestCustomizer to extract certificate and -->
>> <!-- session information -->
>> <!-- =========================================================== -->
>> <New id="sslHttpConfig"
>> class="org.eclipse.jetty.server.HttpConfiguration">
>> <Arg><Ref refid="httpConfig"/></Arg>
>> <Call name="addCustomizer">
>> <Arg>
>> <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
>> <Arg type="boolean"><Property name="jetty.ssl.sniHostCheck"
>> default="true"/></Arg>
>> </New>
>> </Arg>
>> </Call>
>> </New>
>>
>> <!-- ============================================================= -->
>> <!-- SSL ContextFactory configuration -->
>> <!-- ============================================================= -->
>> <!-- Configure id="sslContextFactory"
>> class="org.eclipse.jetty.util.ssl.SslContextFactory" -->
>>
>> <New id="sslContextFactory"
>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>> <Set name="KeyStorePath"><Property name="jetty.base" default="."
>> />/<Property name="jetty.sslContext.keyStorePath"
>> deprecated="jetty.keystore" default="etc/keystore"/></Set>
>> <Set name="KeyStorePassword"><Property
>> name="jetty.sslContext.keyStorePassword"
>> deprecated="jetty.keystore.password" default="MyPassword" /></Set>
>> <Set name="KeyStoreType"><Property
>> name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
>> <Set name="KeyStoreProvider"><Property
>> name="jetty.sslContext.keyStoreProvider"/></Set>
>> <Set name="KeyManagerPassword"><Property
>> name="jetty.sslContext.keyManagerPassword"
>> deprecated="jetty.keymanager.password" default="MyPassword" /></Set>
>> <Set name="TrustStorePath"><Property name="jetty.base" default="."
>> />/<Property name="jetty.sslContext.trustStorePath"
>> deprecated="jetty.truststore" default="etc/keystore"/></Set>
>> <Set name="TrustStorePassword"><Property
>> name="jetty.sslContext.trustStorePassword"
>> deprecated="jetty.truststore.password" default="MyPassword" /></Set>
>> <Set name="TrustStoreType"><Property
>> name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
>> <Set name="TrustStoreProvider"><Property
>> name="jetty.sslContext.trustStoreProvider"/></Set>
>> <Set name="EndpointIdentificationAlgorithm"></Set>
>> <Set name="NeedClientAuth"><Property
>> name="jetty.sslContext.needClientAuth"
>> deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
>> <Set name="WantClientAuth"><Property
>> name="jetty.sslContext.wantClientAuth"
>> deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
>> <Set name="ExcludeCipherSuites">
>> <Array type="String">
>> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
>> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
>> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
>> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
>> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
>> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
>> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
>> </Array>
>> </Set>
>> <Set name="useCipherSuitesOrder"><Property
>> name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
>> </New>
>>
>> </Configure>
>>
>> ===================================
>>
>> On Wed, Sep 2, 2015 at 2:46 PM, Jason Levitt <sl...@gmail.com>
>> wrote:
>>>
>>> I can get Jetty 9.3.3 to work over SSL with these four files, but I
>>> cannot figure out a way to
>>> put them into one file (required by fuseki) to get SSL working with
>>> fuseki:
>>>
>>> jetty.xml
>>>
>>> <?xml version="1.0"?>
>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>>
>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>>
>>> <New id="httpConfig"
>>> class="org.eclipse.jetty.server.HttpConfiguration">
>>> <Set name="secureScheme"><Property
>>> name="jetty.httpConfig.secureScheme" default="https" /></Set>
>>> <Set name="securePort"><Property
>>> name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
>>> default="8443" /></Set>
>>> <Set name="outputBufferSize"><Property
>>> name="jetty.httpConfig.outputBufferSize"
>>> deprecated="jetty.output.buffer.size" default="32768" /></Set>
>>> <Set name="outputAggregationSize"><Property
>>> name="jetty.httpConfig.outputAggregationSize"
>>> deprecated="jetty.output.aggregation.size" default="8192" /></Set>
>>> <Set name="requestHeaderSize"><Property
>>> name="jetty.httpConfig.requestHeaderSize"
>>> deprecated="jetty.request.header.size" default="8192" /></Set>
>>> <Set name="responseHeaderSize"><Property
>>> name="jetty.httpConfig.responseHeaderSize"
>>> deprecated="jetty.response.header.size" default="8192" /></Set>
>>> <Set name="sendServerVersion"><Property
>>> name="jetty.httpConfig.sendServerVersion"
>>> deprecated="jetty.send.server.version" default="true" /></Set>
>>> <Set name="sendDateHeader"><Property
>>> name="jetty.httpConfig.sendDateHeader"
>>> deprecated="jetty.send.date.header" default="false" /></Set>
>>> <Set name="headerCacheSize"><Property
>>> name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
>>> <Set name="delayDispatchUntilContent"><Property
>>> name="jetty.httpConfig.delayDispatchUntilContent"
>>> deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
>>> </New>
>>>
>>> </Configure>
>>>
>>> jetty-http.xml
>>>
>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>>
>>> <Call name="addConnector">
>>> <Arg>
>>> <New id="httpConnector"
>>> class="org.eclipse.jetty.server.ServerConnector">
>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>> <Arg name="acceptors" type="int"><Property
>>> name="jetty.http.acceptors" deprecated="http.acceptors"
>>> default="-1"/></Arg>
>>> <Arg name="selectors" type="int"><Property
>>> name="jetty.http.selectors" deprecated="http.selectors"
>>> default="-1"/></Arg>
>>> <Arg name="factories">
>>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>>> <!-- uncomment to support proxy protocol
>>> <Item>
>>> <New
>>> class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
>>> </Item>-->
>>> <Item>
>>> <New
>>> class="org.eclipse.jetty.server.HttpConnectionFactory">
>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>> </New>
>>> </Item>
>>> </Array>
>>> </Arg>
>>> <Set name="host"><Property name="jetty.http.host"
>>> deprecated="jetty.host" /></Set>
>>> <Set name="port"><Property name="jetty.http.port"
>>> deprecated="jetty.port" default="8080" /></Set>
>>> <Set name="idleTimeout"><Property
>>> name="jetty.http.idleTimeout" deprecated="http.timeout"
>>> default="30000"/></Set>
>>> <Set name="soLingerTime"><Property
>>> name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
>>> default="-1"/></Set>
>>> <Set name="acceptorPriorityDelta"><Property
>>> name="jetty.http.acceptorPriorityDelta"
>>> deprecated="http.acceptorPriorityDelta" default="0"/></Set>
>>> <Set name="acceptQueueSize"><Property
>>> name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
>>> default="0"/></Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>> </Configure>
>>>
>>>
>>> jetty-https.xml
>>>
>>> <?xml version="1.0"?>
>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>>
>>> <Configure id="sslConnector"
>>> class="org.eclipse.jetty.server.ServerConnector">
>>>
>>> <Call name="addIfAbsentConnectionFactory">
>>> <Arg>
>>> <New class="org.eclipse.jetty.server.SslConnectionFactory">
>>> <Arg name="next">http/1.1</Arg>
>>> <Arg name="sslContextFactory"><Ref
>>> refid="sslContextFactory"/></Arg>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>> <Call name="addConnectionFactory">
>>> <Arg>
>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>> <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>> </Configure>
>>>
>>> jetty-ssl-context.xml
>>>
>>> <?xml version="1.0"?>
>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>>
>>> <Configure id="sslContextFactory"
>>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>>
>>> <Set name="KeyStorePath"><Property name="jetty.base" default="."
>>> />/<Property name="jetty.sslContext.keyStorePath"
>>> deprecated="jetty.keystore" default="etc/keystore"/></Set>
>>> <Set name="KeyStorePassword"><Property
>>> name="jetty.sslContext.keyStorePassword"
>>> deprecated="jetty.keystore.password" />MyPassword</Set>
>>> <Set name="KeyStoreType"><Property
>>> name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
>>> <Set name="KeyStoreProvider"><Property
>>> name="jetty.sslContext.keyStoreProvider"/></Set>
>>> <Set name="KeyManagerPassword"><Property
>>> name="jetty.sslContext.keyManagerPassword"
>>> deprecated="jetty.keymanager.password" />MyPassword</Set>
>>> <Set name="TrustStorePath"><Property name="jetty.base" default="."
>>> />/<Property name="jetty.sslContext.trustStorePath"
>>> deprecated="jetty.truststore" default="etc/keystore"/></Set>
>>> <Set name="TrustStorePassword"><Property
>>> name="jetty.sslContext.trustStorePassword"
>>> deprecated="jetty.truststore.password" />MyPassword</Set>
>>> <Set name="TrustStoreType"><Property
>>> name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
>>> <Set name="TrustStoreProvider"><Property
>>> name="jetty.sslContext.trustStoreProvider"/></Set>
>>> <Set name="EndpointIdentificationAlgorithm"></Set>
>>> <Set name="NeedClientAuth"><Property
>>> name="jetty.sslContext.needClientAuth"
>>> deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
>>> <Set name="WantClientAuth"><Property
>>> name="jetty.sslContext.wantClientAuth"
>>> deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
>>> <Set name="ExcludeCipherSuites">
>>> <Array type="String">
>>> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
>>> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
>>> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
>>> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
>>> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
>>> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
>>> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
>>> </Array>
>>> </Set>
>>> <Set name="useCipherSuitesOrder"><Property
>>> name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
>>> </Configure>
>>>
>>> ================
>>>
>>> On Wed, Sep 2, 2015 at 8:18 AM, Andy Seaborne <an...@apache.org> wrote:
>>>>
>>>> Hi Jason,
>>>>
>>>> I have made some progress with your config.
>>>>
>>>> 1/ I switched the development code to 9.3.3 so we have one target and
>>>> because I got that version to work with your config
>>>>
>>>> 9.3.3. was release 27/Aug/2015.
>>>>
>>>> Don't know if your working from the source or not so I did a development
>>>> build of Fuseki2 with 9.3.3.
>>>>
>>>>
>>>> https://repository.apache.org/content/repositories/snapshots/org/apache/jena/apache-jena-fuseki/2.3.1-SNAPSHOT/
>>>>
>>>> NB There are 2 builds for today - latest with Jetty 9.3.3 is
>>>>
>>>> 20150902.121407-19
>>>>
>>>> 2/ Fix for your config file below.
>>>> Needs some details from jetty.xml copied into it.
>>>>
>>>> Andy
>>>>
>>>> On 01/09/15 20:36, Jason Levitt wrote:
>>>>>
>>>>>
>>>>> Back to square one.
>>>>>
>>>>> This Jetty config file works fine with Jetty 9:
>>>>
>>>>
>>>>
>>>> Which jetty version? I'm seeing differences between 9.1.1 and 9.3.3
>>>>
>>>> With 9.3.2 I get a different error, more useful error (yes, I was using
>>>> 9.3.2 at that point)
>>>>
>>>> [2015-09-02 12:24:37] Server ERROR SPARQLServer: Failed to configure
>>>> server: null
>>>> java.lang.reflect.InvocationTargetException
>>>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>>>>
>>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>>>
>>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>>> java.lang.reflect.Constructor.newInstance(Constructor.java:422)
>>>> org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
>>>>
>>>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
>>>>
>>>> which looks to be caused by:
>>>>
>>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>>>> </New>
>>>>
>>>>
>>>> and httpConfig is not defined. (I debug traced the Jetty code).
>>>>
>>>> It says higher up:
>>>>
>>>> <!-- HttpConnectionFactory instance using the common httpConfig -->
>>>> <!-- instance defined in jetty.xml
>>>>
>>>>
>>>> I copied the block from jetty.xml 9.3.3 into you configuration:
>>>> <New id="httpConfig"
>>>> </New>
>>>>
>>>> Full copy below.
>>>>
>>>> This is for 9.3.3 only - I tried the same approach with 9.1.1 and it
>>>> didn't
>>>> work. Maybe my user error, maybe because your config makes a 9.3
>>>> specific
>>>> call. Rather than worry about that, I switched the development code
>>>> base to
>>>> 9.3.3.
>>>>
>>>> Hey presto - server runs for me. Confirmed it is using the config by
>>>> changing the port but that's all the testing I have time for ATM.
>>>> (Looking
>>>> for a job (= employment) can be quite time consuming!)
>>>>
>>>> Andy
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> Copy of new section, reformatted for email :-| , inserted before <Call>
>>>>
>>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>>> <New
>>>> ....
>>>> </New>
>>>>
>>>> <Call name="addConnector">
>>>> </Call>
>>>>
>>>>
>>>> </Configure>
>>>>
>>>> --------- Full insert
>>>>
>>>>
>>>> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
>>>> <Set name="secureScheme">
>>>> <Property name="jetty.httpConfig.secureScheme"
>>>> default="https" />
>>>> </Set>
>>>> <Set name="securePort">
>>>> <Property name="jetty.httpConfig.securePort"
>>>> deprecated="jetty.secure.port"
>>>> default="8443" />
>>>> </Set>
>>>> <Set name="outputBufferSize">
>>>> <Property name="jetty.httpConfig.outputBufferSize"
>>>> deprecated="jetty.output.buffer.size"
>>>> default="32768" />
>>>> </Set>
>>>> <Set name="outputAggregationSize">
>>>> <Property name="jetty.httpConfig.outputAggregationSize"
>>>> deprecated="jetty.output.aggregation.size"
>>>> default="8192" />
>>>> </Set>
>>>> <Set name="requestHeaderSize">
>>>> <Property name="jetty.httpConfig.requestHeaderSize"
>>>> deprecated="jetty.request.header.size"
>>>> default="8192" />
>>>> </Set>
>>>> <Set name="responseHeaderSize">
>>>> <Property name="jetty.httpConfig.responseHeaderSize"
>>>> deprecated="jetty.response.header.size"
>>>> default="8192" />
>>>> </Set>
>>>> <Set name="sendServerVersion">
>>>> <Property name="jetty.httpConfig.sendServerVersion"
>>>> deprecated="jetty.send.server.version"
>>>> default="true" />
>>>> </Set>
>>>> <Set name="sendDateHeader">
>>>> <Property name="jetty.httpConfig.sendDateHeader"
>>>> deprecated="jetty.send.date.header"
>>>> default="false" />
>>>> </Set>
>>>> <Set name="headerCacheSize">
>>>> <Property name="jetty.httpConfig.headerCacheSize"
>>>> default="512" />
>>>> </Set>
>>>> <Set name="delayDispatchUntilContent">
>>>> <Property name="jetty.httpConfig.delayDispatchUntilContent"
>>>> deprecated="jetty.delayDispatchUntilContent"
>>>> default="true"/>
>>>> </Set>
>>>> <Set name="maxErrorDispatches">
>>>> <Property name="jetty.httpConfig.maxErrorDispatches"
>>>> default="10"/>
>>>> </Set>
>>>> <!-- Uncomment to enable handling of X-Forwarded- style headers
>>>> <Call name="addCustomizer">
>>>> <Arg><New
>>>> class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
>>>> </Call>
>>>> -->
>>>> </New>
>>>>
>
Re: Fuseki over HTTPS?
Posted by Andy Seaborne <an...@apache.org>.
The error:
> java.lang.IllegalStateException: No Method: <Call
> name="addIfAbsentConnectionFactory"><Arg>
> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
> refid="sslContextFactory"/></Arg></New>
> </Arg></Call> on class org.eclipse.jetty.server.Server
says that the method addIfAbsentConnectionFactory is being called on
Server. Server does not have that method but there is one on Connector.
Maybe some kind of alignment problem in the configuration file?
Andy
On 02/09/15 23:39, Jason Levitt wrote:
> Below is the combined XML config file I'm trying to use. Fuseki (your
> Jetty v9.3.3 build) spits this error out (also below).
> The combined config files, separately, provide SSL fine in Jetty
> v9.3.3 but I can't get it to work in Fuseki. The only change I had to
> make, for XML
> syntax purposes, was changing:
>
> <Configure id="sslContextFactory"
> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>
> To this:
>
> <New id="sslContextFactory"
> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>
> ====================================
>
> [2015-09-02 22:36:24] Server INFO Jetty server config file =
> /home/ec2-user/fuseki/jettyconfig/jettyall.xml
> [2015-09-02 22:36:24] XmlConfiguration WARN Config error at <Call
> name="addIfAbsentConnectionFactory"><Arg>
> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
> refid="sslContextFactory"/></Arg></New>
> </Arg></Call>
> [2015-09-02 22:36:24] Server ERROR SPARQLServer: Failed to
> configure server: No Method: <Call
> name="addIfAbsentConnectionFactory"><Arg>
> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
> refid="sslContextFactory"/></Arg></New>
> </Arg></Call> on class org.eclipse.jetty.server.Server
> java.lang.IllegalStateException: No Method: <Call
> name="addIfAbsentConnectionFactory"><Arg>
> <New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
> name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
> refid="sslContextFactory"/></Arg></New>
> </Arg></Call> on class org.eclipse.jetty.server.Server
> at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:734)
> at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417)
> at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:300)
> at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:245)
> at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:265)
> at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
> at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
> at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
> at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
> at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
> Caused by: java.lang.NoSuchMethodException: addIfAbsentConnectionFactory
> at org.eclipse.jetty.util.TypeUtil.call(TypeUtil.java:552)
> at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:726)
> ... 13 more
> org.apache.jena.fuseki.FusekiException: Failed to configure a server
> using configuration file
> '/home/ec2-user/fuseki/jettyconfig/jettyall.xml'
> at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269)
> at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
> at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
> at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
> at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
> at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>
> ============================
>
> jettyall.xml file:
>
>
> <?xml version="1.0"?>
> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>
> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>
> <Get name="ThreadPool">
> <Set name="minThreads" type="int"><Property
> name="jetty.threadPool.minThreads" deprecated="threads.min"
> default="10"/></Set>
> <Set name="maxThreads" type="int"><Property
> name="jetty.threadPool.maxThreads" deprecated="threads.max"
> default="200"/></Set>
> <Set name="idleTimeout" type="int"><Property
> name="jetty.threadPool.idleTimeout" deprecated="threads.timeout"
> default="60000"/></Set>
> <Set name="detailedDump">false</Set>
> </Get>
>
> <!-- =========================================================== -->
> <!-- Add shared Scheduler instance -->
> <!-- =========================================================== -->
> <Call name="addBean">
> <Arg>
> <New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
> </Arg>
> </Call>
>
> <!-- =========================================================== -->
> <!-- Http Configuration. -->
> <!-- This is a common configuration instance used by all -->
> <!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
> <!-- It configures the non wire protocol aspects of the HTTP -->
> <!-- semantic. -->
> <!-- -->
> <!-- This configuration is only defined here and is used by -->
> <!-- reference from other XML files such as jetty-http.xml, -->
> <!-- jetty-https.xml and other configuration files which -->
> <!-- instantiate the connectors. -->
> <!-- -->
> <!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
> <!-- for all configuration that may be set here. -->
> <!-- =========================================================== -->
> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
> <Set name="secureScheme"><Property
> name="jetty.httpConfig.secureScheme" default="https" /></Set>
> <Set name="securePort"><Property
> name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
> default="8443" /></Set>
> <Set name="outputBufferSize"><Property
> name="jetty.httpConfig.outputBufferSize"
> deprecated="jetty.output.buffer.size" default="32768" /></Set>
> <Set name="outputAggregationSize"><Property
> name="jetty.httpConfig.outputAggregationSize"
> deprecated="jetty.output.aggregation.size" default="8192" /></Set>
> <Set name="requestHeaderSize"><Property
> name="jetty.httpConfig.requestHeaderSize"
> deprecated="jetty.request.header.size" default="8192" /></Set>
> <Set name="responseHeaderSize"><Property
> name="jetty.httpConfig.responseHeaderSize"
> deprecated="jetty.response.header.size" default="8192" /></Set>
> <Set name="sendServerVersion"><Property
> name="jetty.httpConfig.sendServerVersion"
> deprecated="jetty.send.server.version" default="true" /></Set>
> <Set name="sendDateHeader"><Property
> name="jetty.httpConfig.sendDateHeader"
> deprecated="jetty.send.date.header" default="false" /></Set>
> <Set name="headerCacheSize"><Property
> name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
> <Set name="delayDispatchUntilContent"><Property
> name="jetty.httpConfig.delayDispatchUntilContent"
> deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
> <!-- Uncomment to enable handling of X-Forwarded- style headers
> <Call name="addCustomizer">
> <Arg><New
> class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
> </Call>
> -->
> </New>
>
> <!-- =========================================================== -->
> <!-- Set the default handler structure for the Server -->
> <!-- A handler collection is used to pass received requests to -->
> <!-- both the ContextHandlerCollection, which selects the next -->
> <!-- handler by context path and virtual host, and the -->
> <!-- DefaultHandler, which handles any requests not handled by -->
> <!-- the context handlers. -->
> <!-- Other handlers may be added to the "Handlers" collection, -->
> <!-- for example the jetty-requestlog.xml file adds the -->
> <!-- RequestLogHandler after the default handler -->
> <!-- =========================================================== -->
> <Set name="handler">
> <New id="Handlers"
> class="org.eclipse.jetty.server.handler.HandlerCollection">
> <Set name="handlers">
> <Array type="org.eclipse.jetty.server.Handler">
> <Item>
> <New id="Contexts"
> class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
> </Item>
> <Item>
> <New id="DefaultHandler"
> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
> </Item>
> </Array>
> </Set>
> </New>
> </Set>
>
> <!-- =========================================================== -->
> <!-- extra server options -->
> <!-- =========================================================== -->
> <Set name="stopAtShutdown"><Property
> name="jetty.server.stopAtShutdown" default="true"/></Set>
> <Set name="stopTimeout">5000</Set>
> <Set name="dumpAfterStart"><Property
> name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start"
> default="false"/></Set>
> <Set name="dumpBeforeStop"><Property
> name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop"
> default="false"/></Set>
>
> <!-- ============================================================= -->
> <!-- Configure the Jetty Server instance with an ID "Server" -->
> <!-- by adding a HTTP connector. -->
> <!-- This configuration must be used in conjunction with jetty.xml -->
> <!-- ============================================================= -->
>
> <!-- =========================================================== -->
> <!-- Add a HTTP Connector. -->
> <!-- Configure an o.e.j.server.ServerConnector with a single -->
> <!-- HttpConnectionFactory instance using the common httpConfig -->
> <!-- instance defined in jetty.xml -->
> <!-- -->
> <!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
> <!-- o.e.j.server.HttpConnectionFactory for all configuration -->
> <!-- that may be set here. -->
> <!-- =========================================================== -->
> <Call name="addConnector">
> <Arg>
> <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
> <Arg name="server"><Ref refid="Server" /></Arg>
> <Arg name="acceptors" type="int"><Property
> name="jetty.http.acceptors" deprecated="http.acceptors"
> default="-1"/></Arg>
> <Arg name="selectors" type="int"><Property
> name="jetty.http.selectors" deprecated="http.selectors"
> default="-1"/></Arg>
> <Arg name="factories">
> <Array type="org.eclipse.jetty.server.ConnectionFactory">
> <!-- uncomment to support proxy protocol
> <Item>
> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
> </Item>-->
> <Item>
> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
> <Arg name="config"><Ref refid="httpConfig" /></Arg>
> </New>
> </Item>
> </Array>
> </Arg>
> <Set name="host"><Property name="jetty.http.host"
> deprecated="jetty.host" /></Set>
> <Set name="port"><Property name="jetty.http.port"
> deprecated="jetty.port" default="8080" /></Set>
> <Set name="idleTimeout"><Property
> name="jetty.http.idleTimeout" deprecated="http.timeout"
> default="30000"/></Set>
> <Set name="soLingerTime"><Property
> name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
> default="-1"/></Set>
> <Set name="acceptorPriorityDelta"><Property
> name="jetty.http.acceptorPriorityDelta"
> deprecated="http.acceptorPriorityDelta" default="0"/></Set>
> <Set name="acceptQueueSize"><Property
> name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
> default="0"/></Set>
> </New>
> </Arg>
> </Call>
>
> <!-- ============================================================= -->
> <!-- Configure a HTTPS connector. -->
> <!-- This configuration must be used in conjunction with jetty.xml -->
> <!-- and jetty-ssl.xml. -->
> <!-- ============================================================= -->
>
> <Call name="addIfAbsentConnectionFactory">
> <Arg>
> <New class="org.eclipse.jetty.server.SslConnectionFactory">
> <Arg name="next">http/1.1</Arg>
> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
> </New>
> </Arg>
> </Call>
>
> <Call name="addConnectionFactory">
> <Arg>
> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
> <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
> </New>
> </Arg>
> </Call>
>
>
> <!-- ============================================================= -->
> <!-- Base SSL configuration -->
> <!-- This configuration needs to be used together with 1 or more -->
> <!-- of jetty-https.xml or jetty-http2.xml -->
> <!-- ============================================================= -->
>
> <!-- =========================================================== -->
> <!-- Add a SSL Connector with no protocol factories -->
> <!-- =========================================================== -->
> <Call name="addConnector">
> <Arg>
> <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
> <Arg name="server"><Ref refid="Server" /></Arg>
> <Arg name="acceptors" type="int"><Property
> name="jetty.ssl.acceptors" deprecated="ssl.acceptors"
> default="-1"/></Arg>
> <Arg name="selectors" type="int"><Property
> name="jetty.ssl.selectors" deprecated="ssl.selectors"
> default="-1"/></Arg>
> <Arg name="factories">
> <Array type="org.eclipse.jetty.server.ConnectionFactory">
> <!-- uncomment to support proxy protocol
> <Item>
> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
> </Item>-->
> </Array>
> </Arg>
>
> <Set name="host"><Property name="jetty.ssl.host"
> deprecated="jetty.host" /></Set>
> <Set name="port"><Property name="jetty.ssl.port"
> deprecated="ssl.port" default="8443" /></Set>
> <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout"
> deprecated="ssl.timeout" default="30000"/></Set>
> <Set name="soLingerTime"><Property
> name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime"
> default="-1"/></Set>
> <Set name="acceptorPriorityDelta"><Property
> name="jetty.ssl.acceptorPriorityDelta"
> deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
> <Set name="acceptQueueSize"><Property
> name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize"
> default="0"/></Set>
> </New>
> </Arg>
> </Call>
>
> <!-- =========================================================== -->
> <!-- Create a TLS specific HttpConfiguration based on the -->
> <!-- common HttpConfiguration defined in jetty.xml -->
> <!-- Add a SecureRequestCustomizer to extract certificate and -->
> <!-- session information -->
> <!-- =========================================================== -->
> <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
> <Arg><Ref refid="httpConfig"/></Arg>
> <Call name="addCustomizer">
> <Arg>
> <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
> <Arg type="boolean"><Property name="jetty.ssl.sniHostCheck"
> default="true"/></Arg>
> </New>
> </Arg>
> </Call>
> </New>
>
> <!-- ============================================================= -->
> <!-- SSL ContextFactory configuration -->
> <!-- ============================================================= -->
> <!-- Configure id="sslContextFactory"
> class="org.eclipse.jetty.util.ssl.SslContextFactory" -->
>
> <New id="sslContextFactory"
> class="org.eclipse.jetty.util.ssl.SslContextFactory">
> <Set name="KeyStorePath"><Property name="jetty.base" default="."
> />/<Property name="jetty.sslContext.keyStorePath"
> deprecated="jetty.keystore" default="etc/keystore"/></Set>
> <Set name="KeyStorePassword"><Property
> name="jetty.sslContext.keyStorePassword"
> deprecated="jetty.keystore.password" default="MyPassword" /></Set>
> <Set name="KeyStoreType"><Property
> name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
> <Set name="KeyStoreProvider"><Property
> name="jetty.sslContext.keyStoreProvider"/></Set>
> <Set name="KeyManagerPassword"><Property
> name="jetty.sslContext.keyManagerPassword"
> deprecated="jetty.keymanager.password" default="MyPassword" /></Set>
> <Set name="TrustStorePath"><Property name="jetty.base" default="."
> />/<Property name="jetty.sslContext.trustStorePath"
> deprecated="jetty.truststore" default="etc/keystore"/></Set>
> <Set name="TrustStorePassword"><Property
> name="jetty.sslContext.trustStorePassword"
> deprecated="jetty.truststore.password" default="MyPassword" /></Set>
> <Set name="TrustStoreType"><Property
> name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
> <Set name="TrustStoreProvider"><Property
> name="jetty.sslContext.trustStoreProvider"/></Set>
> <Set name="EndpointIdentificationAlgorithm"></Set>
> <Set name="NeedClientAuth"><Property
> name="jetty.sslContext.needClientAuth"
> deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
> <Set name="WantClientAuth"><Property
> name="jetty.sslContext.wantClientAuth"
> deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
> <Set name="ExcludeCipherSuites">
> <Array type="String">
> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
> </Array>
> </Set>
> <Set name="useCipherSuitesOrder"><Property
> name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
> </New>
>
> </Configure>
>
> ===================================
>
> On Wed, Sep 2, 2015 at 2:46 PM, Jason Levitt <sl...@gmail.com> wrote:
>> I can get Jetty 9.3.3 to work over SSL with these four files, but I
>> cannot figure out a way to
>> put them into one file (required by fuseki) to get SSL working with fuseki:
>>
>> jetty.xml
>>
>> <?xml version="1.0"?>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>
>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>
>> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
>> <Set name="secureScheme"><Property
>> name="jetty.httpConfig.secureScheme" default="https" /></Set>
>> <Set name="securePort"><Property
>> name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
>> default="8443" /></Set>
>> <Set name="outputBufferSize"><Property
>> name="jetty.httpConfig.outputBufferSize"
>> deprecated="jetty.output.buffer.size" default="32768" /></Set>
>> <Set name="outputAggregationSize"><Property
>> name="jetty.httpConfig.outputAggregationSize"
>> deprecated="jetty.output.aggregation.size" default="8192" /></Set>
>> <Set name="requestHeaderSize"><Property
>> name="jetty.httpConfig.requestHeaderSize"
>> deprecated="jetty.request.header.size" default="8192" /></Set>
>> <Set name="responseHeaderSize"><Property
>> name="jetty.httpConfig.responseHeaderSize"
>> deprecated="jetty.response.header.size" default="8192" /></Set>
>> <Set name="sendServerVersion"><Property
>> name="jetty.httpConfig.sendServerVersion"
>> deprecated="jetty.send.server.version" default="true" /></Set>
>> <Set name="sendDateHeader"><Property
>> name="jetty.httpConfig.sendDateHeader"
>> deprecated="jetty.send.date.header" default="false" /></Set>
>> <Set name="headerCacheSize"><Property
>> name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
>> <Set name="delayDispatchUntilContent"><Property
>> name="jetty.httpConfig.delayDispatchUntilContent"
>> deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
>> </New>
>>
>> </Configure>
>>
>> jetty-http.xml
>>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>
>> <Call name="addConnector">
>> <Arg>
>> <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
>> <Arg name="server"><Ref refid="Server" /></Arg>
>> <Arg name="acceptors" type="int"><Property
>> name="jetty.http.acceptors" deprecated="http.acceptors"
>> default="-1"/></Arg>
>> <Arg name="selectors" type="int"><Property
>> name="jetty.http.selectors" deprecated="http.selectors"
>> default="-1"/></Arg>
>> <Arg name="factories">
>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>> <!-- uncomment to support proxy protocol
>> <Item>
>> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
>> </Item>-->
>> <Item>
>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>> </New>
>> </Item>
>> </Array>
>> </Arg>
>> <Set name="host"><Property name="jetty.http.host"
>> deprecated="jetty.host" /></Set>
>> <Set name="port"><Property name="jetty.http.port"
>> deprecated="jetty.port" default="8080" /></Set>
>> <Set name="idleTimeout"><Property
>> name="jetty.http.idleTimeout" deprecated="http.timeout"
>> default="30000"/></Set>
>> <Set name="soLingerTime"><Property
>> name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
>> default="-1"/></Set>
>> <Set name="acceptorPriorityDelta"><Property
>> name="jetty.http.acceptorPriorityDelta"
>> deprecated="http.acceptorPriorityDelta" default="0"/></Set>
>> <Set name="acceptQueueSize"><Property
>> name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
>> default="0"/></Set>
>> </New>
>> </Arg>
>> </Call>
>>
>> </Configure>
>>
>>
>> jetty-https.xml
>>
>> <?xml version="1.0"?>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>
>> <Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
>>
>> <Call name="addIfAbsentConnectionFactory">
>> <Arg>
>> <New class="org.eclipse.jetty.server.SslConnectionFactory">
>> <Arg name="next">http/1.1</Arg>
>> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
>> </New>
>> </Arg>
>> </Call>
>>
>> <Call name="addConnectionFactory">
>> <Arg>
>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>> <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
>> </New>
>> </Arg>
>> </Call>
>>
>> </Configure>
>>
>> jetty-ssl-context.xml
>>
>> <?xml version="1.0"?>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>>
>> <Configure id="sslContextFactory"
>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>
>> <Set name="KeyStorePath"><Property name="jetty.base" default="."
>> />/<Property name="jetty.sslContext.keyStorePath"
>> deprecated="jetty.keystore" default="etc/keystore"/></Set>
>> <Set name="KeyStorePassword"><Property
>> name="jetty.sslContext.keyStorePassword"
>> deprecated="jetty.keystore.password" />MyPassword</Set>
>> <Set name="KeyStoreType"><Property
>> name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
>> <Set name="KeyStoreProvider"><Property
>> name="jetty.sslContext.keyStoreProvider"/></Set>
>> <Set name="KeyManagerPassword"><Property
>> name="jetty.sslContext.keyManagerPassword"
>> deprecated="jetty.keymanager.password" />MyPassword</Set>
>> <Set name="TrustStorePath"><Property name="jetty.base" default="."
>> />/<Property name="jetty.sslContext.trustStorePath"
>> deprecated="jetty.truststore" default="etc/keystore"/></Set>
>> <Set name="TrustStorePassword"><Property
>> name="jetty.sslContext.trustStorePassword"
>> deprecated="jetty.truststore.password" />MyPassword</Set>
>> <Set name="TrustStoreType"><Property
>> name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
>> <Set name="TrustStoreProvider"><Property
>> name="jetty.sslContext.trustStoreProvider"/></Set>
>> <Set name="EndpointIdentificationAlgorithm"></Set>
>> <Set name="NeedClientAuth"><Property
>> name="jetty.sslContext.needClientAuth"
>> deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
>> <Set name="WantClientAuth"><Property
>> name="jetty.sslContext.wantClientAuth"
>> deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
>> <Set name="ExcludeCipherSuites">
>> <Array type="String">
>> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
>> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
>> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
>> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
>> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
>> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
>> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
>> </Array>
>> </Set>
>> <Set name="useCipherSuitesOrder"><Property
>> name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
>> </Configure>
>>
>> ================
>>
>> On Wed, Sep 2, 2015 at 8:18 AM, Andy Seaborne <an...@apache.org> wrote:
>>> Hi Jason,
>>>
>>> I have made some progress with your config.
>>>
>>> 1/ I switched the development code to 9.3.3 so we have one target and
>>> because I got that version to work with your config
>>>
>>> 9.3.3. was release 27/Aug/2015.
>>>
>>> Don't know if your working from the source or not so I did a development
>>> build of Fuseki2 with 9.3.3.
>>>
>>> https://repository.apache.org/content/repositories/snapshots/org/apache/jena/apache-jena-fuseki/2.3.1-SNAPSHOT/
>>>
>>> NB There are 2 builds for today - latest with Jetty 9.3.3 is
>>>
>>> 20150902.121407-19
>>>
>>> 2/ Fix for your config file below.
>>> Needs some details from jetty.xml copied into it.
>>>
>>> Andy
>>>
>>> On 01/09/15 20:36, Jason Levitt wrote:
>>>>
>>>> Back to square one.
>>>>
>>>> This Jetty config file works fine with Jetty 9:
>>>
>>>
>>> Which jetty version? I'm seeing differences between 9.1.1 and 9.3.3
>>>
>>> With 9.3.2 I get a different error, more useful error (yes, I was using
>>> 9.3.2 at that point)
>>>
>>> [2015-09-02 12:24:37] Server ERROR SPARQLServer: Failed to configure
>>> server: null
>>> java.lang.reflect.InvocationTargetException
>>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>> java.lang.reflect.Constructor.newInstance(Constructor.java:422)
>>> org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
>>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
>>>
>>> which looks to be caused by:
>>>
>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>>> </New>
>>>
>>> and httpConfig is not defined. (I debug traced the Jetty code).
>>>
>>> It says higher up:
>>>
>>> <!-- HttpConnectionFactory instance using the common httpConfig -->
>>> <!-- instance defined in jetty.xml
>>>
>>>
>>> I copied the block from jetty.xml 9.3.3 into you configuration:
>>> <New id="httpConfig"
>>> </New>
>>>
>>> Full copy below.
>>>
>>> This is for 9.3.3 only - I tried the same approach with 9.1.1 and it didn't
>>> work. Maybe my user error, maybe because your config makes a 9.3 specific
>>> call. Rather than worry about that, I switched the development code base to
>>> 9.3.3.
>>>
>>> Hey presto - server runs for me. Confirmed it is using the config by
>>> changing the port but that's all the testing I have time for ATM. (Looking
>>> for a job (= employment) can be quite time consuming!)
>>>
>>> Andy
>>>
>>>
>>> ------------------------------------------------------------
>>> Copy of new section, reformatted for email :-| , inserted before <Call>
>>>
>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>> <New
>>> ....
>>> </New>
>>>
>>> <Call name="addConnector">
>>> </Call>
>>>
>>>
>>> </Configure>
>>>
>>> --------- Full insert
>>>
>>>
>>> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
>>> <Set name="secureScheme">
>>> <Property name="jetty.httpConfig.secureScheme"
>>> default="https" />
>>> </Set>
>>> <Set name="securePort">
>>> <Property name="jetty.httpConfig.securePort"
>>> deprecated="jetty.secure.port"
>>> default="8443" />
>>> </Set>
>>> <Set name="outputBufferSize">
>>> <Property name="jetty.httpConfig.outputBufferSize"
>>> deprecated="jetty.output.buffer.size"
>>> default="32768" />
>>> </Set>
>>> <Set name="outputAggregationSize">
>>> <Property name="jetty.httpConfig.outputAggregationSize"
>>> deprecated="jetty.output.aggregation.size"
>>> default="8192" />
>>> </Set>
>>> <Set name="requestHeaderSize">
>>> <Property name="jetty.httpConfig.requestHeaderSize"
>>> deprecated="jetty.request.header.size"
>>> default="8192" />
>>> </Set>
>>> <Set name="responseHeaderSize">
>>> <Property name="jetty.httpConfig.responseHeaderSize"
>>> deprecated="jetty.response.header.size"
>>> default="8192" />
>>> </Set>
>>> <Set name="sendServerVersion">
>>> <Property name="jetty.httpConfig.sendServerVersion"
>>> deprecated="jetty.send.server.version"
>>> default="true" />
>>> </Set>
>>> <Set name="sendDateHeader">
>>> <Property name="jetty.httpConfig.sendDateHeader"
>>> deprecated="jetty.send.date.header"
>>> default="false" />
>>> </Set>
>>> <Set name="headerCacheSize">
>>> <Property name="jetty.httpConfig.headerCacheSize"
>>> default="512" />
>>> </Set>
>>> <Set name="delayDispatchUntilContent">
>>> <Property name="jetty.httpConfig.delayDispatchUntilContent"
>>> deprecated="jetty.delayDispatchUntilContent"
>>> default="true"/>
>>> </Set>
>>> <Set name="maxErrorDispatches">
>>> <Property name="jetty.httpConfig.maxErrorDispatches"
>>> default="10"/>
>>> </Set>
>>> <!-- Uncomment to enable handling of X-Forwarded- style headers
>>> <Call name="addCustomizer">
>>> <Arg><New
>>> class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
>>> </Call>
>>> -->
>>> </New>
>>>
Re: Fuseki over HTTPS?
Posted by Jason Levitt <sl...@gmail.com>.
Below is the combined XML config file I'm trying to use. Fuseki (your
Jetty v9.3.3 build) spits this error out (also below).
The combined config files, separately, provide SSL fine in Jetty
v9.3.3 but I can't get it to work in Fuseki. The only change I had to
make, for XML
syntax purposes, was changing:
<Configure id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
To this:
<New id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
====================================
[2015-09-02 22:36:24] Server INFO Jetty server config file =
/home/ec2-user/fuseki/jettyconfig/jettyall.xml
[2015-09-02 22:36:24] XmlConfiguration WARN Config error at <Call
name="addIfAbsentConnectionFactory"><Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
refid="sslContextFactory"/></Arg></New>
</Arg></Call>
[2015-09-02 22:36:24] Server ERROR SPARQLServer: Failed to
configure server: No Method: <Call
name="addIfAbsentConnectionFactory"><Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
refid="sslContextFactory"/></Arg></New>
</Arg></Call> on class org.eclipse.jetty.server.Server
java.lang.IllegalStateException: No Method: <Call
name="addIfAbsentConnectionFactory"><Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory"><Arg
name="next">http/1.1</Arg><Arg name="sslContextFactory"><Ref
refid="sslContextFactory"/></Arg></New>
</Arg></Call> on class org.eclipse.jetty.server.Server
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:734)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:300)
at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:245)
at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:265)
at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
Caused by: java.lang.NoSuchMethodException: addIfAbsentConnectionFactory
at org.eclipse.jetty.util.TypeUtil.call(TypeUtil.java:552)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:726)
... 13 more
org.apache.jena.fuseki.FusekiException: Failed to configure a server
using configuration file
'/home/ec2-user/fuseki/jettyconfig/jettyall.xml'
at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269)
at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
============================
jettyall.xml file:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Get name="ThreadPool">
<Set name="minThreads" type="int"><Property
name="jetty.threadPool.minThreads" deprecated="threads.min"
default="10"/></Set>
<Set name="maxThreads" type="int"><Property
name="jetty.threadPool.maxThreads" deprecated="threads.max"
default="200"/></Set>
<Set name="idleTimeout" type="int"><Property
name="jetty.threadPool.idleTimeout" deprecated="threads.timeout"
default="60000"/></Set>
<Set name="detailedDump">false</Set>
</Get>
<!-- =========================================================== -->
<!-- Add shared Scheduler instance -->
<!-- =========================================================== -->
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Http Configuration. -->
<!-- This is a common configuration instance used by all -->
<!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
<!-- It configures the non wire protocol aspects of the HTTP -->
<!-- semantic. -->
<!-- -->
<!-- This configuration is only defined here and is used by -->
<!-- reference from other XML files such as jetty-http.xml, -->
<!-- jetty-https.xml and other configuration files which -->
<!-- instantiate the connectors. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
<!-- for all configuration that may be set here. -->
<!-- =========================================================== -->
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme"><Property
name="jetty.httpConfig.secureScheme" default="https" /></Set>
<Set name="securePort"><Property
name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
default="8443" /></Set>
<Set name="outputBufferSize"><Property
name="jetty.httpConfig.outputBufferSize"
deprecated="jetty.output.buffer.size" default="32768" /></Set>
<Set name="outputAggregationSize"><Property
name="jetty.httpConfig.outputAggregationSize"
deprecated="jetty.output.aggregation.size" default="8192" /></Set>
<Set name="requestHeaderSize"><Property
name="jetty.httpConfig.requestHeaderSize"
deprecated="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property
name="jetty.httpConfig.responseHeaderSize"
deprecated="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property
name="jetty.httpConfig.sendServerVersion"
deprecated="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property
name="jetty.httpConfig.sendDateHeader"
deprecated="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize"><Property
name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
<Set name="delayDispatchUntilContent"><Property
name="jetty.httpConfig.delayDispatchUntilContent"
deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
<!-- Uncomment to enable handling of X-Forwarded- style headers
<Call name="addCustomizer">
<Arg><New
class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
-->
</New>
<!-- =========================================================== -->
<!-- Set the default handler structure for the Server -->
<!-- A handler collection is used to pass received requests to -->
<!-- both the ContextHandlerCollection, which selects the next -->
<!-- handler by context path and virtual host, and the -->
<!-- DefaultHandler, which handles any requests not handled by -->
<!-- the context handlers. -->
<!-- Other handlers may be added to the "Handlers" collection, -->
<!-- for example the jetty-requestlog.xml file adds the -->
<!-- RequestLogHandler after the default handler -->
<!-- =========================================================== -->
<Set name="handler">
<New id="Handlers"
class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<New id="Contexts"
class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Item>
<Item>
<New id="DefaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
<!-- =========================================================== -->
<!-- extra server options -->
<!-- =========================================================== -->
<Set name="stopAtShutdown"><Property
name="jetty.server.stopAtShutdown" default="true"/></Set>
<Set name="stopTimeout">5000</Set>
<Set name="dumpAfterStart"><Property
name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start"
default="false"/></Set>
<Set name="dumpBeforeStop"><Property
name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop"
default="false"/></Set>
<!-- ============================================================= -->
<!-- Configure the Jetty Server instance with an ID "Server" -->
<!-- by adding a HTTP connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- ============================================================= -->
<!-- =========================================================== -->
<!-- Add a HTTP Connector. -->
<!-- Configure an o.e.j.server.ServerConnector with a single -->
<!-- HttpConnectionFactory instance using the common httpConfig -->
<!-- instance defined in jetty.xml -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
<!-- o.e.j.server.HttpConnectionFactory for all configuration -->
<!-- that may be set here. -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property
name="jetty.http.acceptors" deprecated="http.acceptors"
default="-1"/></Arg>
<Arg name="selectors" type="int"><Property
name="jetty.http.selectors" deprecated="http.selectors"
default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.http.port"
deprecated="jetty.port" default="8080" /></Set>
<Set name="idleTimeout"><Property
name="jetty.http.idleTimeout" deprecated="http.timeout"
default="30000"/></Set>
<Set name="soLingerTime"><Property
name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property
name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property
name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
default="0"/></Set>
</New>
</Arg>
</Call>
<!-- ============================================================= -->
<!-- Configure a HTTPS connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and jetty-ssl.xml. -->
<!-- ============================================================= -->
<Call name="addIfAbsentConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Arg>
</Call>
<Call name="addConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
</New>
</Arg>
</Call>
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property
name="jetty.ssl.acceptors" deprecated="ssl.acceptors"
default="-1"/></Arg>
<Arg name="selectors" type="int"><Property
name="jetty.ssl.selectors" deprecated="ssl.selectors"
default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host"
deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port"
deprecated="ssl.port" default="8443" /></Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout"
deprecated="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property
name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime"
default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property
name="jetty.ssl.acceptorPriorityDelta"
deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property
name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize"
default="0"/></Set>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Arg type="boolean"><Property name="jetty.ssl.sniHostCheck"
default="true"/></Arg>
</New>
</Arg>
</Call>
</New>
<!-- ============================================================= -->
<!-- SSL ContextFactory configuration -->
<!-- ============================================================= -->
<!-- Configure id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory" -->
<New id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="."
/>/<Property name="jetty.sslContext.keyStorePath"
deprecated="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property
name="jetty.sslContext.keyStorePassword"
deprecated="jetty.keystore.password" default="MyPassword" /></Set>
<Set name="KeyStoreType"><Property
name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
<Set name="KeyStoreProvider"><Property
name="jetty.sslContext.keyStoreProvider"/></Set>
<Set name="KeyManagerPassword"><Property
name="jetty.sslContext.keyManagerPassword"
deprecated="jetty.keymanager.password" default="MyPassword" /></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="."
/>/<Property name="jetty.sslContext.trustStorePath"
deprecated="jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property
name="jetty.sslContext.trustStorePassword"
deprecated="jetty.truststore.password" default="MyPassword" /></Set>
<Set name="TrustStoreType"><Property
name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
<Set name="TrustStoreProvider"><Property
name="jetty.sslContext.trustStoreProvider"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property
name="jetty.sslContext.needClientAuth"
deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property
name="jetty.sslContext.wantClientAuth"
deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<Set name="useCipherSuitesOrder"><Property
name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
</New>
</Configure>
===================================
On Wed, Sep 2, 2015 at 2:46 PM, Jason Levitt <sl...@gmail.com> wrote:
> I can get Jetty 9.3.3 to work over SSL with these four files, but I
> cannot figure out a way to
> put them into one file (required by fuseki) to get SSL working with fuseki:
>
> jetty.xml
>
> <?xml version="1.0"?>
> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>
> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>
> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
> <Set name="secureScheme"><Property
> name="jetty.httpConfig.secureScheme" default="https" /></Set>
> <Set name="securePort"><Property
> name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
> default="8443" /></Set>
> <Set name="outputBufferSize"><Property
> name="jetty.httpConfig.outputBufferSize"
> deprecated="jetty.output.buffer.size" default="32768" /></Set>
> <Set name="outputAggregationSize"><Property
> name="jetty.httpConfig.outputAggregationSize"
> deprecated="jetty.output.aggregation.size" default="8192" /></Set>
> <Set name="requestHeaderSize"><Property
> name="jetty.httpConfig.requestHeaderSize"
> deprecated="jetty.request.header.size" default="8192" /></Set>
> <Set name="responseHeaderSize"><Property
> name="jetty.httpConfig.responseHeaderSize"
> deprecated="jetty.response.header.size" default="8192" /></Set>
> <Set name="sendServerVersion"><Property
> name="jetty.httpConfig.sendServerVersion"
> deprecated="jetty.send.server.version" default="true" /></Set>
> <Set name="sendDateHeader"><Property
> name="jetty.httpConfig.sendDateHeader"
> deprecated="jetty.send.date.header" default="false" /></Set>
> <Set name="headerCacheSize"><Property
> name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
> <Set name="delayDispatchUntilContent"><Property
> name="jetty.httpConfig.delayDispatchUntilContent"
> deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
> </New>
>
> </Configure>
>
> jetty-http.xml
>
> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>
> <Call name="addConnector">
> <Arg>
> <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
> <Arg name="server"><Ref refid="Server" /></Arg>
> <Arg name="acceptors" type="int"><Property
> name="jetty.http.acceptors" deprecated="http.acceptors"
> default="-1"/></Arg>
> <Arg name="selectors" type="int"><Property
> name="jetty.http.selectors" deprecated="http.selectors"
> default="-1"/></Arg>
> <Arg name="factories">
> <Array type="org.eclipse.jetty.server.ConnectionFactory">
> <!-- uncomment to support proxy protocol
> <Item>
> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
> </Item>-->
> <Item>
> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
> <Arg name="config"><Ref refid="httpConfig" /></Arg>
> </New>
> </Item>
> </Array>
> </Arg>
> <Set name="host"><Property name="jetty.http.host"
> deprecated="jetty.host" /></Set>
> <Set name="port"><Property name="jetty.http.port"
> deprecated="jetty.port" default="8080" /></Set>
> <Set name="idleTimeout"><Property
> name="jetty.http.idleTimeout" deprecated="http.timeout"
> default="30000"/></Set>
> <Set name="soLingerTime"><Property
> name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
> default="-1"/></Set>
> <Set name="acceptorPriorityDelta"><Property
> name="jetty.http.acceptorPriorityDelta"
> deprecated="http.acceptorPriorityDelta" default="0"/></Set>
> <Set name="acceptQueueSize"><Property
> name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
> default="0"/></Set>
> </New>
> </Arg>
> </Call>
>
> </Configure>
>
>
> jetty-https.xml
>
> <?xml version="1.0"?>
> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>
> <Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
>
> <Call name="addIfAbsentConnectionFactory">
> <Arg>
> <New class="org.eclipse.jetty.server.SslConnectionFactory">
> <Arg name="next">http/1.1</Arg>
> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
> </New>
> </Arg>
> </Call>
>
> <Call name="addConnectionFactory">
> <Arg>
> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
> <Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
> </New>
> </Arg>
> </Call>
>
> </Configure>
>
> jetty-ssl-context.xml
>
> <?xml version="1.0"?>
> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
> "http://www.eclipse.org/jetty/configure_9_3.dtd">
>
> <Configure id="sslContextFactory"
> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>
> <Set name="KeyStorePath"><Property name="jetty.base" default="."
> />/<Property name="jetty.sslContext.keyStorePath"
> deprecated="jetty.keystore" default="etc/keystore"/></Set>
> <Set name="KeyStorePassword"><Property
> name="jetty.sslContext.keyStorePassword"
> deprecated="jetty.keystore.password" />MyPassword</Set>
> <Set name="KeyStoreType"><Property
> name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
> <Set name="KeyStoreProvider"><Property
> name="jetty.sslContext.keyStoreProvider"/></Set>
> <Set name="KeyManagerPassword"><Property
> name="jetty.sslContext.keyManagerPassword"
> deprecated="jetty.keymanager.password" />MyPassword</Set>
> <Set name="TrustStorePath"><Property name="jetty.base" default="."
> />/<Property name="jetty.sslContext.trustStorePath"
> deprecated="jetty.truststore" default="etc/keystore"/></Set>
> <Set name="TrustStorePassword"><Property
> name="jetty.sslContext.trustStorePassword"
> deprecated="jetty.truststore.password" />MyPassword</Set>
> <Set name="TrustStoreType"><Property
> name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
> <Set name="TrustStoreProvider"><Property
> name="jetty.sslContext.trustStoreProvider"/></Set>
> <Set name="EndpointIdentificationAlgorithm"></Set>
> <Set name="NeedClientAuth"><Property
> name="jetty.sslContext.needClientAuth"
> deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
> <Set name="WantClientAuth"><Property
> name="jetty.sslContext.wantClientAuth"
> deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
> <Set name="ExcludeCipherSuites">
> <Array type="String">
> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
> </Array>
> </Set>
> <Set name="useCipherSuitesOrder"><Property
> name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
> </Configure>
>
> ================
>
> On Wed, Sep 2, 2015 at 8:18 AM, Andy Seaborne <an...@apache.org> wrote:
>> Hi Jason,
>>
>> I have made some progress with your config.
>>
>> 1/ I switched the development code to 9.3.3 so we have one target and
>> because I got that version to work with your config
>>
>> 9.3.3. was release 27/Aug/2015.
>>
>> Don't know if your working from the source or not so I did a development
>> build of Fuseki2 with 9.3.3.
>>
>> https://repository.apache.org/content/repositories/snapshots/org/apache/jena/apache-jena-fuseki/2.3.1-SNAPSHOT/
>>
>> NB There are 2 builds for today - latest with Jetty 9.3.3 is
>>
>> 20150902.121407-19
>>
>> 2/ Fix for your config file below.
>> Needs some details from jetty.xml copied into it.
>>
>> Andy
>>
>> On 01/09/15 20:36, Jason Levitt wrote:
>>>
>>> Back to square one.
>>>
>>> This Jetty config file works fine with Jetty 9:
>>
>>
>> Which jetty version? I'm seeing differences between 9.1.1 and 9.3.3
>>
>> With 9.3.2 I get a different error, more useful error (yes, I was using
>> 9.3.2 at that point)
>>
>> [2015-09-02 12:24:37] Server ERROR SPARQLServer: Failed to configure
>> server: null
>> java.lang.reflect.InvocationTargetException
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>> java.lang.reflect.Constructor.newInstance(Constructor.java:422)
>> org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
>>
>> which looks to be caused by:
>>
>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>> </New>
>>
>> and httpConfig is not defined. (I debug traced the Jetty code).
>>
>> It says higher up:
>>
>> <!-- HttpConnectionFactory instance using the common httpConfig -->
>> <!-- instance defined in jetty.xml
>>
>>
>> I copied the block from jetty.xml 9.3.3 into you configuration:
>> <New id="httpConfig"
>> </New>
>>
>> Full copy below.
>>
>> This is for 9.3.3 only - I tried the same approach with 9.1.1 and it didn't
>> work. Maybe my user error, maybe because your config makes a 9.3 specific
>> call. Rather than worry about that, I switched the development code base to
>> 9.3.3.
>>
>> Hey presto - server runs for me. Confirmed it is using the config by
>> changing the port but that's all the testing I have time for ATM. (Looking
>> for a job (= employment) can be quite time consuming!)
>>
>> Andy
>>
>>
>> ------------------------------------------------------------
>> Copy of new section, reformatted for email :-| , inserted before <Call>
>>
>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>> <New
>> ....
>> </New>
>>
>> <Call name="addConnector">
>> </Call>
>>
>>
>> </Configure>
>>
>> --------- Full insert
>>
>>
>> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
>> <Set name="secureScheme">
>> <Property name="jetty.httpConfig.secureScheme"
>> default="https" />
>> </Set>
>> <Set name="securePort">
>> <Property name="jetty.httpConfig.securePort"
>> deprecated="jetty.secure.port"
>> default="8443" />
>> </Set>
>> <Set name="outputBufferSize">
>> <Property name="jetty.httpConfig.outputBufferSize"
>> deprecated="jetty.output.buffer.size"
>> default="32768" />
>> </Set>
>> <Set name="outputAggregationSize">
>> <Property name="jetty.httpConfig.outputAggregationSize"
>> deprecated="jetty.output.aggregation.size"
>> default="8192" />
>> </Set>
>> <Set name="requestHeaderSize">
>> <Property name="jetty.httpConfig.requestHeaderSize"
>> deprecated="jetty.request.header.size"
>> default="8192" />
>> </Set>
>> <Set name="responseHeaderSize">
>> <Property name="jetty.httpConfig.responseHeaderSize"
>> deprecated="jetty.response.header.size"
>> default="8192" />
>> </Set>
>> <Set name="sendServerVersion">
>> <Property name="jetty.httpConfig.sendServerVersion"
>> deprecated="jetty.send.server.version"
>> default="true" />
>> </Set>
>> <Set name="sendDateHeader">
>> <Property name="jetty.httpConfig.sendDateHeader"
>> deprecated="jetty.send.date.header"
>> default="false" />
>> </Set>
>> <Set name="headerCacheSize">
>> <Property name="jetty.httpConfig.headerCacheSize"
>> default="512" />
>> </Set>
>> <Set name="delayDispatchUntilContent">
>> <Property name="jetty.httpConfig.delayDispatchUntilContent"
>> deprecated="jetty.delayDispatchUntilContent"
>> default="true"/>
>> </Set>
>> <Set name="maxErrorDispatches">
>> <Property name="jetty.httpConfig.maxErrorDispatches"
>> default="10"/>
>> </Set>
>> <!-- Uncomment to enable handling of X-Forwarded- style headers
>> <Call name="addCustomizer">
>> <Arg><New
>> class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
>> </Call>
>> -->
>> </New>
>>
Re: Fuseki over HTTPS?
Posted by Jason Levitt <sl...@gmail.com>.
I can get Jetty 9.3.3 to work over SSL with these four files, but I
cannot figure out a way to
put them into one file (required by fuseki) to get SSL working with fuseki:
jetty.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme"><Property
name="jetty.httpConfig.secureScheme" default="https" /></Set>
<Set name="securePort"><Property
name="jetty.httpConfig.securePort" deprecated="jetty.secure.port"
default="8443" /></Set>
<Set name="outputBufferSize"><Property
name="jetty.httpConfig.outputBufferSize"
deprecated="jetty.output.buffer.size" default="32768" /></Set>
<Set name="outputAggregationSize"><Property
name="jetty.httpConfig.outputAggregationSize"
deprecated="jetty.output.aggregation.size" default="8192" /></Set>
<Set name="requestHeaderSize"><Property
name="jetty.httpConfig.requestHeaderSize"
deprecated="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property
name="jetty.httpConfig.responseHeaderSize"
deprecated="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property
name="jetty.httpConfig.sendServerVersion"
deprecated="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property
name="jetty.httpConfig.sendDateHeader"
deprecated="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize"><Property
name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
<Set name="delayDispatchUntilContent"><Property
name="jetty.httpConfig.delayDispatchUntilContent"
deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
</New>
</Configure>
jetty-http.xml
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Call name="addConnector">
<Arg>
<New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property
name="jetty.http.acceptors" deprecated="http.acceptors"
default="-1"/></Arg>
<Arg name="selectors" type="int"><Property
name="jetty.http.selectors" deprecated="http.selectors"
default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.http.port"
deprecated="jetty.port" default="8080" /></Set>
<Set name="idleTimeout"><Property
name="jetty.http.idleTimeout" deprecated="http.timeout"
default="30000"/></Set>
<Set name="soLingerTime"><Property
name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property
name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property
name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
default="0"/></Set>
</New>
</Arg>
</Call>
</Configure>
jetty-https.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Call name="addIfAbsentConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Arg>
</Call>
<Call name="addConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
</New>
</Arg>
</Call>
</Configure>
jetty-ssl-context.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="."
/>/<Property name="jetty.sslContext.keyStorePath"
deprecated="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property
name="jetty.sslContext.keyStorePassword"
deprecated="jetty.keystore.password" />MyPassword</Set>
<Set name="KeyStoreType"><Property
name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
<Set name="KeyStoreProvider"><Property
name="jetty.sslContext.keyStoreProvider"/></Set>
<Set name="KeyManagerPassword"><Property
name="jetty.sslContext.keyManagerPassword"
deprecated="jetty.keymanager.password" />MyPassword</Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="."
/>/<Property name="jetty.sslContext.trustStorePath"
deprecated="jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property
name="jetty.sslContext.trustStorePassword"
deprecated="jetty.truststore.password" />MyPassword</Set>
<Set name="TrustStoreType"><Property
name="jetty.sslContext.trustStoreType" default="JKS"/></Set>
<Set name="TrustStoreProvider"><Property
name="jetty.sslContext.trustStoreProvider"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property
name="jetty.sslContext.needClientAuth"
deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property
name="jetty.sslContext.wantClientAuth"
deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<Set name="useCipherSuitesOrder"><Property
name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
</Configure>
================
On Wed, Sep 2, 2015 at 8:18 AM, Andy Seaborne <an...@apache.org> wrote:
> Hi Jason,
>
> I have made some progress with your config.
>
> 1/ I switched the development code to 9.3.3 so we have one target and
> because I got that version to work with your config
>
> 9.3.3. was release 27/Aug/2015.
>
> Don't know if your working from the source or not so I did a development
> build of Fuseki2 with 9.3.3.
>
> https://repository.apache.org/content/repositories/snapshots/org/apache/jena/apache-jena-fuseki/2.3.1-SNAPSHOT/
>
> NB There are 2 builds for today - latest with Jetty 9.3.3 is
>
> 20150902.121407-19
>
> 2/ Fix for your config file below.
> Needs some details from jetty.xml copied into it.
>
> Andy
>
> On 01/09/15 20:36, Jason Levitt wrote:
>>
>> Back to square one.
>>
>> This Jetty config file works fine with Jetty 9:
>
>
> Which jetty version? I'm seeing differences between 9.1.1 and 9.3.3
>
> With 9.3.2 I get a different error, more useful error (yes, I was using
> 9.3.2 at that point)
>
> [2015-09-02 12:24:37] Server ERROR SPARQLServer: Failed to configure
> server: null
> java.lang.reflect.InvocationTargetException
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
>
> which looks to be caused by:
>
>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>> </New>
>
> and httpConfig is not defined. (I debug traced the Jetty code).
>
> It says higher up:
>
> <!-- HttpConnectionFactory instance using the common httpConfig -->
> <!-- instance defined in jetty.xml
>
>
> I copied the block from jetty.xml 9.3.3 into you configuration:
> <New id="httpConfig"
> </New>
>
> Full copy below.
>
> This is for 9.3.3 only - I tried the same approach with 9.1.1 and it didn't
> work. Maybe my user error, maybe because your config makes a 9.3 specific
> call. Rather than worry about that, I switched the development code base to
> 9.3.3.
>
> Hey presto - server runs for me. Confirmed it is using the config by
> changing the port but that's all the testing I have time for ATM. (Looking
> for a job (= employment) can be quite time consuming!)
>
> Andy
>
>
> ------------------------------------------------------------
> Copy of new section, reformatted for email :-| , inserted before <Call>
>
> <Configure id="Server" class="org.eclipse.jetty.server.Server">
> <New
> ....
> </New>
>
> <Call name="addConnector">
> </Call>
>
>
> </Configure>
>
> --------- Full insert
>
>
> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
> <Set name="secureScheme">
> <Property name="jetty.httpConfig.secureScheme"
> default="https" />
> </Set>
> <Set name="securePort">
> <Property name="jetty.httpConfig.securePort"
> deprecated="jetty.secure.port"
> default="8443" />
> </Set>
> <Set name="outputBufferSize">
> <Property name="jetty.httpConfig.outputBufferSize"
> deprecated="jetty.output.buffer.size"
> default="32768" />
> </Set>
> <Set name="outputAggregationSize">
> <Property name="jetty.httpConfig.outputAggregationSize"
> deprecated="jetty.output.aggregation.size"
> default="8192" />
> </Set>
> <Set name="requestHeaderSize">
> <Property name="jetty.httpConfig.requestHeaderSize"
> deprecated="jetty.request.header.size"
> default="8192" />
> </Set>
> <Set name="responseHeaderSize">
> <Property name="jetty.httpConfig.responseHeaderSize"
> deprecated="jetty.response.header.size"
> default="8192" />
> </Set>
> <Set name="sendServerVersion">
> <Property name="jetty.httpConfig.sendServerVersion"
> deprecated="jetty.send.server.version"
> default="true" />
> </Set>
> <Set name="sendDateHeader">
> <Property name="jetty.httpConfig.sendDateHeader"
> deprecated="jetty.send.date.header"
> default="false" />
> </Set>
> <Set name="headerCacheSize">
> <Property name="jetty.httpConfig.headerCacheSize"
> default="512" />
> </Set>
> <Set name="delayDispatchUntilContent">
> <Property name="jetty.httpConfig.delayDispatchUntilContent"
> deprecated="jetty.delayDispatchUntilContent"
> default="true"/>
> </Set>
> <Set name="maxErrorDispatches">
> <Property name="jetty.httpConfig.maxErrorDispatches"
> default="10"/>
> </Set>
> <!-- Uncomment to enable handling of X-Forwarded- style headers
> <Call name="addCustomizer">
> <Arg><New
> class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
> </Call>
> -->
> </New>
>
Re: Fuseki over HTTPS?
Posted by Andy Seaborne <an...@apache.org>.
Hi Jason,
I have made some progress with your config.
1/ I switched the development code to 9.3.3 so we have one target and
because I got that version to work with your config
9.3.3. was release 27/Aug/2015.
Don't know if your working from the source or not so I did a development
build of Fuseki2 with 9.3.3.
https://repository.apache.org/content/repositories/snapshots/org/apache/jena/apache-jena-fuseki/2.3.1-SNAPSHOT/
NB There are 2 builds for today - latest with Jetty 9.3.3 is
20150902.121407-19
2/ Fix for your config file below.
Needs some details from jetty.xml copied into it.
Andy
On 01/09/15 20:36, Jason Levitt wrote:
> Back to square one.
>
> This Jetty config file works fine with Jetty 9:
Which jetty version? I'm seeing differences between 9.1.1 and 9.3.3
With 9.3.2 I get a different error, more useful error (yes, I was using
9.3.2 at that point)
[2015-09-02 12:24:37] Server ERROR SPARQLServer: Failed to configure
server: null
java.lang.reflect.InvocationTargetException
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
java.lang.reflect.Constructor.newInstance(Constructor.java:422)
org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
which looks to be caused by:
> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
> <Arg name="config"><Ref refid="httpConfig" /></Arg>
> </New>
and httpConfig is not defined. (I debug traced the Jetty code).
It says higher up:
<!-- HttpConnectionFactory instance using the common httpConfig -->
<!-- instance defined in jetty.xml
I copied the block from jetty.xml 9.3.3 into you configuration:
<New id="httpConfig"
</New>
Full copy below.
This is for 9.3.3 only - I tried the same approach with 9.1.1 and it
didn't work. Maybe my user error, maybe because your config makes a 9.3
specific call. Rather than worry about that, I switched the development
code base to 9.3.3.
Hey presto - server runs for me. Confirmed it is using the config by
changing the port but that's all the testing I have time for ATM.
(Looking for a job (= employment) can be quite time consuming!)
Andy
------------------------------------------------------------
Copy of new section, reformatted for email :-| , inserted before <Call>
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New
....
</New>
<Call name="addConnector">
</Call>
</Configure>
--------- Full insert
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">
<Property name="jetty.httpConfig.secureScheme"
default="https" />
</Set>
<Set name="securePort">
<Property name="jetty.httpConfig.securePort"
deprecated="jetty.secure.port"
default="8443" />
</Set>
<Set name="outputBufferSize">
<Property name="jetty.httpConfig.outputBufferSize"
deprecated="jetty.output.buffer.size"
default="32768" />
</Set>
<Set name="outputAggregationSize">
<Property name="jetty.httpConfig.outputAggregationSize"
deprecated="jetty.output.aggregation.size"
default="8192" />
</Set>
<Set name="requestHeaderSize">
<Property name="jetty.httpConfig.requestHeaderSize"
deprecated="jetty.request.header.size"
default="8192" />
</Set>
<Set name="responseHeaderSize">
<Property name="jetty.httpConfig.responseHeaderSize"
deprecated="jetty.response.header.size"
default="8192" />
</Set>
<Set name="sendServerVersion">
<Property name="jetty.httpConfig.sendServerVersion"
deprecated="jetty.send.server.version"
default="true" />
</Set>
<Set name="sendDateHeader">
<Property name="jetty.httpConfig.sendDateHeader"
deprecated="jetty.send.date.header"
default="false" />
</Set>
<Set name="headerCacheSize">
<Property name="jetty.httpConfig.headerCacheSize"
default="512" />
</Set>
<Set name="delayDispatchUntilContent">
<Property name="jetty.httpConfig.delayDispatchUntilContent"
deprecated="jetty.delayDispatchUntilContent"
default="true"/>
</Set>
<Set name="maxErrorDispatches">
<Property name="jetty.httpConfig.maxErrorDispatches"
default="10"/>
</Set>
<!-- Uncomment to enable handling of X-Forwarded- style headers
<Call name="addCustomizer">
<Arg><New
class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
-->
</New>
Re: Fuseki over HTTPS?
Posted by Jason Levitt <sl...@gmail.com>.
Back to square one.
This Jetty config file works fine with Jetty 9:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Configure the Jetty Server instance with an ID "Server" -->
<!-- by adding a HTTP connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a HTTP Connector. -->
<!-- Configure an o.e.j.server.ServerConnector with a single -->
<!-- HttpConnectionFactory instance using the common httpConfig -->
<!-- instance defined in jetty.xml -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
<!-- o.e.j.server.HttpConnectionFactory for all configuration -->
<!-- that may be set here. -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property
name="jetty.http.acceptors" deprecated="http.acceptors"
default="-1"/></Arg>
<Arg name="selectors" type="int"><Property
name="jetty.http.selectors" deprecated="http.selectors"
default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.http.port"
deprecated="jetty.port" default="3030" /></Set>
<Set name="idleTimeout"><Property
name="jetty.http.idleTimeout" deprecated="http.timeout"
default="30000"/></Set>
<Set name="soLingerTime"><Property
name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property
name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property
name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize"
default="0"/></Set>
</New>
</Arg>
</Call>
</Configure>
But when I feed it to fuseki:
$ ./fuseki-server --update --jetty-config=jetty-http.xml --loc=ds /ds
I get this:
[2015-09-01 19:32:39] Server INFO Jetty server config file =
/home/ec2-user/fuseki/etc/jetty-http.xml
[2015-09-01 19:32:39] XmlConfiguration WARN Config error at <Call
name="addConnector"><Arg>
<New id="httpConnector"
class="org.eclipse.jetty.server.ServerConnector"><Arg
name="server"><Ref refid="Server"/></Arg><Arg name="acceptors"
type="int"><Property name="jetty.http.acceptors"
deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors"
type="int"><Property name="jetty.http.selectors"
deprecated="http.selectors" default="-1"/></Arg><Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory"><Item>
<New
class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg
name="config"><Ref refid="httpConfig"/></Arg></New>
</Item></Array>
</Arg><Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host"/></Set><Set name="port"><Property
name="jetty.http.port" deprecated="jetty.port"
default="3030"/></Set><Set name="idleTimeout"><Property
name="jetty.http.idleTimeout" deprecated="http.timeout"
default="30000"/></Set><Set name="soLingerTime"><Property
name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
default="-1"/></Set><Set name="acceptorPriorityDelta"><Property
name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set
name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize"
deprecated="http.acceptQueueSize" default="0"/></Set></New>
</Arg></Call>
[2015-09-01 19:32:39] Server ERROR SPARQLServer: Failed to
configure server: No suitable constructor: <New id="httpConnector"
class="org.eclipse.jetty.server.ServerConnector"><Arg
name="server"><Ref refid="Server"/></Arg><Arg name="acceptors"
type="int"><Property name="jetty.http.acceptors"
deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors"
type="int"><Property name="jetty.http.selectors"
deprecated="http.selectors" default="-1"/></Arg><Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory"><Item>
<New
class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg
name="config"><Ref refid="httpConfig"/></Arg></New>
</Item></Array>
</Arg><Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host"/></Set><Set name="port"><Property
name="jetty.http.port" deprecated="jetty.port"
default="3030"/></Set><Set name="idleTimeout"><Property
name="jetty.http.idleTimeout" deprecated="http.timeout"
default="30000"/></Set><Set name="soLingerTime"><Property
name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
default="-1"/></Set><Set name="acceptorPriorityDelta"><Property
name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set
name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize"
deprecated="http.acceptQueueSize" default="0"/></Set></New> on
org.eclipse.jetty.server.Server@9b0314
java.lang.IllegalStateException: No suitable constructor: <New
id="httpConnector"
class="org.eclipse.jetty.server.ServerConnector"><Arg
name="server"><Ref refid="Server"/></Arg><Arg name="acceptors"
type="int"><Property name="jetty.http.acceptors"
deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors"
type="int"><Property name="jetty.http.selectors"
deprecated="http.selectors" default="-1"/></Arg><Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory"><Item>
<New
class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg
name="config"><Ref refid="httpConfig"/></Arg></New>
</Item></Array>
</Arg><Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host"/></Set><Set name="port"><Property
name="jetty.http.port" deprecated="jetty.port"
default="3030"/></Set><Set name="idleTimeout"><Property
name="jetty.http.idleTimeout" deprecated="http.timeout"
default="30000"/></Set><Set name="soLingerTime"><Property
name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
default="-1"/></Set><Set name="acceptorPriorityDelta"><Property
name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set
name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize"
deprecated="http.acceptQueueSize" default="0"/></Set></New> on
org.eclipse.jetty.server.Server@9b0314
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:811)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1125)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1030)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:721)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:298)
at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:248)
at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:265)
at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
org.apache.jena.fuseki.FusekiException: Failed to configure a server
using configuration file '/home/ec2-user/fuseki/etc/jetty-http.xml'
at org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.java:269)
at org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuseki.java:222)
at org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
at org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFuseki.java:86)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.java:335)
at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
at org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(FusekiCmd.java:96)
at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
On Tue, Sep 1, 2015 at 4:47 AM, Rob Vesse <rv...@dotnetrdf.org> wrote:
> I would suggest it is worth turning on DEBUG level logging for Jetty and
> reviewing the output carefully
>
> This is especially true if you are specifying a Jetty configuration where
> you are locking down the SSL configuration to disable the older insecure
> SSL protocols.
>
> I recently had an issue where on one JVM excluding the older protocols
> left only the newer secure protocols whereas on another JVM it removed all
> protocols and I needed to explicitly include the newer secure protocols to
> get things to work. This manifested as a very similar error about the SSL
> handshake failing.
>
> The other thing to watch out for if you are getting this kind of error and
> you are limiting the set of SSL protocls and ciphers is that depending on
> your system the libraries and tools installed may be outdated enough to
> not support the more recent protocols and ciphers (I ran into an ancient
> curl version on some systems that didn't support TLS 1.1 or TLS 1.2)
>
> Rob
>
> On 01/09/2015 10:12, "Andy Seaborne" <an...@apache.org> wrote:
>
>>On 27/08/15 16:56, Jason Levitt wrote:
>>> If I remove that line from my config file:
>>>
>>> <Set name="host">mysite.com</Set>
>>>
>>> And then run fuseki and try to connect, using openssl, I get:
>>>
>>> $ openssl s_client -connect mysite.com:8443
>>> CONNECTED(00000003)
>>> 5546:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
>>>
>>>failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185:
>>>
>>> I have no idea what this means -- probably a certificate mismatch(?).
>>
>>That could be what's happening - if the handshake is failing, I think it
>>means the operation hasn't got near the level of dispatching to the
>>index page.
>>
>> Andy
>>
>>>
>>> J
>>>
>>> On Thu, Aug 27, 2015 at 10:46 AM, Andy Seaborne <an...@apache.org> wrote:
>>>> On 27/08/15 15:20, Jason Levitt wrote:
>>>>>
>>>>> Hi Andy,
>>>>>
>>>>> Not only is Jetty 9.1 fairly different than Jetty 8, but the
>>>>>current
>>>>> version of Jetty, 9.3 is somewhat different
>>>>> than 9.1. I will investigate further.
>>>>
>>>>
>>>> I just tried out 9.3 by flipping the version to 9.3.2.v20150730 and it
>>>>seem
>>>> OK (after 5 mins playing with it....). So looks like the codebase can
>>>> switch if that helps simplifies things.
>>>>
>>>> Andy
>>>>
>>>>
>>>>
>>>>>
>>>>> J
>>>>>
>>>>> On Thu, Aug 27, 2015 at 6:42 AM, Andy Seaborne <an...@apache.org>
>>>>>wrote:
>>>>>>
>>>>>> Jason - thank you for pushing on with this. It seems a lot of Jetty
>>>>>>has
>>>>>> changed Jetty8->Jetty9.1 in this area which is all news to me.
>>>>>>
>>>>>> On 27/08/15 06:09, Jason Levitt wrote:
>>>>>>>
>>>>>>>
>>>>>>> Making some progress but things still don't work.
>>>>>>>
>>>>>>> The startup log (edited) looks like this (domain name changed to
>>>>>>> mysite.com):
>>>>>>
>>>>>>
>>>>>>
>>>>>> This looks like it is because its asking to run on an address that
>>>>>>isn't
>>>>>> the
>>>>>> local machine for some reason. It does not look like something on
>>>>>>the
>>>>>> same
>>>>>> port because it is (usually)
>>>>>>
>>>>>> "java.net.BindException: Address already in use"
>>>>>>
>>>>>> but it's might be worth checking. On Linux, "sudo lsof -i:8443"
>>>>>>
>>>>>> Your config does not set the host but maybe the IP config is getting
>>>>>>in
>>>>>> the
>>>>>> way. This is EC2 so does the real DNS name resolve to the IP address
>>>>>>of a
>>>>>> local interface? Does using "localhost" work (= do something
>>>>>>different)?
>>>>>>
>>>>>> That's the best clue I could find on StackOverflow. I haven't found
>>>>>>a
>>>>>> way
>>>>>> to get the same error message using plan HTTP on a non-EC2 machine
>>>>>> though.
>>>>>>
>>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>>>> to start server: Cannot assign requested address
>>>>>>
>>>>>>
>>>>>> port=0 looks weird though if you are taking control with the config
>>>>>>file
>>>>>> that is possible due to the earlier error.
>>>>>>
>>>>>> What is printed is serverConnector.getPort() and serverConnector is
>>>>>>the
>>>>>> first/only configured ServerConnector.
>>>>>>
>>>>>> Andy
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> [2015-08-27 03:56:03] Server INFO Jetty server config file =
>>>>>>> myconfig.xml
>>>>>>> [2015-08-27 03:56:03] Server INFO Fuseki 2.3.0
>>>>>>> 2015-07-25T17:11:28+0000
>>>>>>> [2015-08-27 03:56:03] Config INFO
>>>>>>>FUSEKI_HOME=/home/ec2-user/fuseki
>>>>>>> [2015-08-27 03:56:03] Config INFO
>>>>>>> FUSEKI_BASE=/home/ec2-user/fuseki/run
>>>>>>> [2015-08-27 03:56:03] Servlet INFO Initializing Shiro
>>>>>>>environment
>>>>>>> [2015-08-27 03:56:03] Config INFO Shiro file:
>>>>>>> file:///home/ec2-user/fuseki/run/shiro.ini
>>>>>>> [2015-08-27 03:56:03] Config INFO Template file:
>>>>>>> templates/config-tdb-dir
>>>>>>> [2015-08-27 03:56:03] Config INFO TDB dataset: directory=ds
>>>>>>> [2015-08-27 03:56:03] Config INFO Register: /ds
>>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>>>> ServerConnector@7e5441{SSL-http/1.1}{mysite.com:8443}:
>>>>>>> java.net.BindException: Cannot assign requested address
>>>>>>> java.net.BindException: Cannot assign requested address
>>>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>>>> ....
>>>>>>> ....
>>>>>>> ....
>>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>>>> org.eclipse.jetty.server.Server@f9ed3e: java.net.BindException:
>>>>>>>Cannot
>>>>>>> assign requested address
>>>>>>> java.net.BindException: Cannot assign requested address
>>>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>>>> ....
>>>>>>> ....
>>>>>>> ....
>>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>>>> to start server: Cannot assign requested address
>>>>>>>
>>>>>>>
>>>>>>> And I'm running fuseki 2.3.0 with this command:
>>>>>>>
>>>>>>> nohup ./fuseki-server --port 8443 --update
>>>>>>> --jetty-config=myconfig.xml --loc=ds /ds
>>>>>>>
>>>>>>>
>>>>>>> The "myconfig.xml" file is below (I've already added my certificate
>>>>>>> and key to the Java 8 JSSE):
>>>>>>>
>>>>>>> <?xml version="1.0"?>
>>>>>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>>>>>> "http://www.eclipse.org/jetty/configure.dtd">
>>>>>>>
>>>>>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>>>>>> <Call name="addConnector">
>>>>>>> <Arg>
>>>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>>>> <Arg name="factories">
>>>>>>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>>>>>>> <Item>
>>>>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>>>>>> </New>
>>>>>>> </Item>
>>>>>>> </Array>
>>>>>>> </Arg>
>>>>>>> </New>
>>>>>>> </Arg>
>>>>>>> </Call>
>>>>>>>
>>>>>>> <New id="sslContextFactory"
>>>>>>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>>>>>> <Set name="KeyStorePath">/home/ec2-user/keystore</Set>
>>>>>>> <Set name="KeyStorePassword">somepassword</Set>
>>>>>>> <Set name="KeyManagerPassword">somepassword</Set>
>>>>>>> <Set name="TrustStorePath">/home/ec2-user/keystore</Set>
>>>>>>> <Set name="TrustStorePassword">somepassword</Set>
>>>>>>> </New>
>>>>>>>
>>>>>>> <Call id="sslConnector" name="addConnector">
>>>>>>> <Arg>
>>>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>>>> <Arg name="factories">
>>>>>>> <Array
>>>>>>>type="org.eclipse.jetty.server.ConnectionFactory">
>>>>>>> <Item>
>>>>>>> <New
>>>>>>> class="org.eclipse.jetty.server.SslConnectionFactory">
>>>>>>> <Arg name="next">http/1.1</Arg>
>>>>>>> <Arg name="sslContextFactory"><Ref
>>>>>>> refid="sslContextFactory"/></Arg>
>>>>>>> </New>
>>>>>>> </Item>
>>>>>>> <Item>
>>>>>>> <New
>>>>>>> class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>>>> <Arg name="config"><Ref
>>>>>>>refid="tlsHttpConfig"/></Arg>
>>>>>>> </New>
>>>>>>> </Item>
>>>>>>> </Array>
>>>>>>> </Arg>
>>>>>>> <Set name="host"><Property name="jetty.host"/></Set>
>>>>>>> <Set name="port"><Property name="jetty.tls.port"
>>>>>>> default="8443"
>>>>>>> /></Set>
>>>>>>> <Set name="idleTimeout">30000</Set>
>>>>>>> <Set name="host">mysite.com</Set>
>>>>>>> </New>
>>>>>>> </Arg>
>>>>>>> </Call>
>>>>>>>
>>>>>>> </Configure>
>>>>>>>
>>>>>>> ===================================
>>>>>>>
>>>>>>> On Tue, Aug 25, 2015 at 5:17 PM, Jason Levitt
>>>>>>><sl...@gmail.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> I can't find any examples of the file that you hand to
>>>>>>>> "--jetty-config"
>>>>>>>>
>>>>>>>> The "official" jetty docs for configuring SSL imply that there are
>>>>>>>>two
>>>>>>>> configuration files,
>>>>>>>> jetty-ssl-context.xml and jetty-https.xml.
>>>>>>>>
>>>>>>>>
>>>>>>>>(http://www.eclipse.org/jetty/documentation/current/configuring-ssl.
>>>>>>>>html)
>>>>>>>>
>>>>>>>> The example that you cite:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/j
>>>>>>>>etty-server/src/main/config/etc/jetty-https.xml
>>>>>>>>
>>>>>>>> says that: "This configuration must be used in conjunction with
>>>>>>>> jetty.xml and jetty-ssl.xml"
>>>>>>>>
>>>>>>>> Where do these files go? The Fuseki download does not have any
>>>>>>>>"etc"
>>>>>>>> directory or
>>>>>>>> any xml configuration files at all.
>>>>>>>>
>>>>>>>> So, I tried handing some XML config files to Fuseki using
>>>>>>>> --jetty-config and it gives very little
>>>>>>>> info in the error (see below). Has anyone actually successfully run
>>>>>>>> Fuseki over SSL?
>>>>>>>>
>>>>>>>> [2015-08-25 22:13:34] Server INFO Jetty server config file =
>>>>>>>> ./jetty-https.xml
>>>>>>>> [2015-08-25 22:13:34] Server ERROR SPARQLServer: Failed to
>>>>>>>> configure server: Unknown configuration type: Call in
>>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>>>> java.lang.IllegalStateException: Unknown configuration type: Call
>>>>>>>>in
>>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.setConfig(XmlConfiguration.ja
>>>>>>>>va:198)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.<init>(XmlConfiguration.java:
>>>>>>>>177)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja
>>>>>>>>va:264)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse
>>>>>>>>ki.java:222)
>>>>>>>> at
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek
>>>>>>>>i.java:86)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j
>>>>>>>>ava:335)
>>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki
>>>>>>>>Cmd.java:96)
>>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>>> org.apache.jena.fuseki.FusekiException: Failed to configure a
>>>>>>>>server
>>>>>>>> using configuration file './jetty-https.xml'
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja
>>>>>>>>va:269)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse
>>>>>>>>ki.java:222)
>>>>>>>> at
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek
>>>>>>>>i.java:86)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j
>>>>>>>>ava:335)
>>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>>>> at
>>>>>>>>
>>>>>>>>
>>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki
>>>>>>>>Cmd.java:96)
>>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>>>
>>>>>>>> J
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Aug 21, 2015 at 4:14 AM, Andy Seaborne <an...@apache.org>
>>>>>>>>wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 20/08/15 22:37, Jason Levitt wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks. So I can still use the "--jetty-config" option with
>>>>>>>>>>Fuseki
>>>>>>>>>> v2.30 ?
>>>>>>>>>>
>>>>>>>>>> J
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Yes, should work to pass in the file. There was a major jetty
>>>>>>>>>version
>>>>>>>>> change (8 to 9) and what effect that has had on that option is
>>>>>>>>>unclear
>>>>>>>>> to
>>>>>>>>> me. Connector changed Jetty 8->9
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>http://www.eclipse.org/jetty/documentation/current/configuring-ssl.
>>>>>>>>>html
>>>>>>>>>
>>>>>>>>> and their example:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/
>>>>>>>>>jetty-server/src/main/config/etc/jetty-https.xml
>>>>>>>>>
>>>>>>>>> It would be good to add this to the distribution - if you or
>>>>>>>>>anyone
>>>>>>>>> else
>>>>>>>>> has
>>>>>>>>> a working version, I'd be very grateful to get a copy.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Andy
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <an...@apache.org>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 20/08/15 21:24, Jason Levitt wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Which version of Jetty does Fuseki 2.30 (the latest version)
>>>>>>>>>>>>use?
>>>>>>>>>>>>
>>>>>>>>>>>> J
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0
>>>>>>>>>>>/jena-fuseki-2.3.0.pom
>>>>>>>>>>>
>>>>>>>>>>> ==> Jetty 9.1.1.v20140108
>>>>>>>>>>>
>>>>>>>>>>> Andy
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne
>>>>>>>>>>>><an...@apache.org>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> The Jetty documentation is the best place to go for details of
>>>>>>>>>>>>> setting
>>>>>>>>>>>>> up
>>>>>>>>>>>>> Jetty.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here's one in the examples/ area but as far as I can tell it's
>>>>>>>>>>>>> more
>>>>>>>>>>>>> int
>>>>>>>>>>>>> he
>>>>>>>>>>>>> category of "should work" (it is from Fuseki1 and that was a
>>>>>>>>>>>>> different
>>>>>>>>>>>>> version of Jetty) rather than tested.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>https://github.com/apache/jena/blob/master/jena-fuseki2/example
>>>>>>>>>>>>>s/jetty-fuseki.xml
>>>>>>>>>>>>>
>>>>>>>>>>>>> If you, or anyone else, has a better example - please send it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Andy
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 20/08/15 02:54, Jason Levitt wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> We're in an AWS environment using Fuseki 2 with built-in
>>>>>>>>>>>>>>Jetty.
>>>>>>>>>>>>>> It
>>>>>>>>>>>>>> only talks to internal machines so there
>>>>>>>>>>>>>> is no need to protect it from external exposure. So that
>>>>>>>>>>>>>>means
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> the easiest way is to use the
>>>>>>>>>>>>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any
>>>>>>>>>>>>>> docs
>>>>>>>>>>>>>> on
>>>>>>>>>>>>>> what the options are for that
>>>>>>>>>>>>>> config file (e.g. what goes into the config file)?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> J
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne
>>>>>>>>>>>>>><an...@apache.org>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Right. In a production environment, a reverse proxy is
>>>>>>>>>>>>>>>useful
>>>>>>>>>>>>>>> for
>>>>>>>>>>>>>>> several
>>>>>>>>>>>>>>> things and while there is nothing that force a reverse
>>>>>>>>>>>>>>>proxy,
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> weight
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>> features can mean it's a useful and flexible thing to put
>>>>>>>>>>>>>>>into a
>>>>>>>>>>>>>>> production
>>>>>>>>>>>>>>> system.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 1/ Blocking undesirable clients
>>>>>>>>>>>>>>> (manic crawlers, badly written PHP scripts)
>>>>>>>>>>>>>>> 2/ more robust to DOS attacks (and accidental attacks)
>>>>>>>>>>>>>>> Java web containers just aren't as good under
>>>>>>>>>>>>>>>silly load
>>>>>>>>>>>>>>> conditions.
>>>>>>>>>>>>>>> 3/ URL rewrite
>>>>>>>>>>>>>>> E.g don't need /dataset/query - can be any URL you
>>>>>>>>>>>>>>>like.
>>>>>>>>>>>>>>> 4/ Security
>>>>>>>>>>>>>>> integrate with local systems; rich choice of
>>>>>>>>>>>>>>>controls.
>>>>>>>>>>>>>>> Control who and what can update
>>>>>>>>>>>>>>> No need to restart for shiro chnages.
>>>>>>>>>>>>>>> 5/ Rate control (e.g. no more than N queries at a time)
>>>>>>>>>>>>>>> 6/ https (can be expensive so a C-implementation can help)
>>>>>>>>>>>>>>> 7/ Lots of add-ons and mods for all sorts of tasks.
>>>>>>>>>>>>>>> 8/ Lots of Q&A on stackoverflow!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Fuseki has "--localhost" to only talk to the machine's
>>>>>>>>>>>>>>>localhost
>>>>>>>>>>>>>>> network
>>>>>>>>>>>>>>> interface. In an environment like AWS, where port control is
>>>>>>>>>>>>>>> easily,
>>>>>>>>>>>>>>> it's
>>>>>>>>>>>>>>> trivial to secure the Fuseki server to only talk to the
>>>>>>>>>>>>>>>local
>>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>>> proxy
>>>>>>>>>>>>>>> by blocking all ports except (22 and) 80+443.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Andy
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 18/08/15 20:21, A. Soroka wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I checked more carefully (should have done that before
>>>>>>>>>>>>>>>> replying)
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> it
>>>>>>>>>>>>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag
>>>>>>>>>>>>>>>>for
>>>>>>>>>>>>>>>> using
>>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>>> configuration that supports HTTPS:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --jetty-config=FILE Set up the server (not services)
>>>>>>>>>>>>>>>>with a
>>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>>> XML
>>>>>>>>>>>>>>>> file
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Aug 18, 2015, at 10:34 AM, ajs6f@virginia.edu
>>>>>>>>>>>>>>>> <aj...@email.virginia.edu> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Are you deploying Fuseki to your own servlet container
>>>>>>>>>>>>>>>>>(e.g.
>>>>>>>>>>>>>>>>> Tomcat
>>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>>> Jetty) or using the server included with Fuseki and is it
>>>>>>>>>>>>>>>>> Fuskei
>>>>>>>>>>>>>>>>> 1
>>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>>> 2?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If the former, you will need to supply configuration
>>>>>>>>>>>>>>>>>specific
>>>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>>> container. If the latter and it is Fuseki 1, there is a
>>>>>>>>>>>>>>>>>Stack
>>>>>>>>>>>>>>>>> Overflow
>>>>>>>>>>>>>>>>> answer for it:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>https://stackoverflow.com/questions/28310045/enable-https-s
>>>>>>>>>>>>>>>>>sl-on-fuseki-server
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> but the links seems to be dead. The idea is to supply
>>>>>>>>>>>>>>>>>your own
>>>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>>>> configuration (Jetty is the servlet container that the
>>>>>>>>>>>>>>>>>Fuseki
>>>>>>>>>>>>>>>>> command
>>>>>>>>>>>>>>>>> uses).
>>>>>>>>>>>>>>>>> For Fuseki 2, I think it is still under development? You
>>>>>>>>>>>>>>>>>could
>>>>>>>>>>>>>>>>> use
>>>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>>>>> proxy in front of Fuseki, in that case.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt
>>>>>>>>>>>>>>>>> <sl...@gmail.com>
>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are
>>>>>>>>>>>>>>>>>> any guidelines online to setting up
>>>>>>>>>>>>>>>>>> Fuseki for HTTPS access?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Jason
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>
>>>>>>
>>>>
>>
>
>
>
>
Re: Fuseki over HTTPS?
Posted by Rob Vesse <rv...@dotnetrdf.org>.
I would suggest it is worth turning on DEBUG level logging for Jetty and
reviewing the output carefully
This is especially true if you are specifying a Jetty configuration where
you are locking down the SSL configuration to disable the older insecure
SSL protocols.
I recently had an issue where on one JVM excluding the older protocols
left only the newer secure protocols whereas on another JVM it removed all
protocols and I needed to explicitly include the newer secure protocols to
get things to work. This manifested as a very similar error about the SSL
handshake failing.
The other thing to watch out for if you are getting this kind of error and
you are limiting the set of SSL protocls and ciphers is that depending on
your system the libraries and tools installed may be outdated enough to
not support the more recent protocols and ciphers (I ran into an ancient
curl version on some systems that didn't support TLS 1.1 or TLS 1.2)
Rob
On 01/09/2015 10:12, "Andy Seaborne" <an...@apache.org> wrote:
>On 27/08/15 16:56, Jason Levitt wrote:
>> If I remove that line from my config file:
>>
>> <Set name="host">mysite.com</Set>
>>
>> And then run fuseki and try to connect, using openssl, I get:
>>
>> $ openssl s_client -connect mysite.com:8443
>> CONNECTED(00000003)
>> 5546:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
>>
>>failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185:
>>
>> I have no idea what this means -- probably a certificate mismatch(?).
>
>That could be what's happening - if the handshake is failing, I think it
>means the operation hasn't got near the level of dispatching to the
>index page.
>
> Andy
>
>>
>> J
>>
>> On Thu, Aug 27, 2015 at 10:46 AM, Andy Seaborne <an...@apache.org> wrote:
>>> On 27/08/15 15:20, Jason Levitt wrote:
>>>>
>>>> Hi Andy,
>>>>
>>>> Not only is Jetty 9.1 fairly different than Jetty 8, but the
>>>>current
>>>> version of Jetty, 9.3 is somewhat different
>>>> than 9.1. I will investigate further.
>>>
>>>
>>> I just tried out 9.3 by flipping the version to 9.3.2.v20150730 and it
>>>seem
>>> OK (after 5 mins playing with it....). So looks like the codebase can
>>> switch if that helps simplifies things.
>>>
>>> Andy
>>>
>>>
>>>
>>>>
>>>> J
>>>>
>>>> On Thu, Aug 27, 2015 at 6:42 AM, Andy Seaborne <an...@apache.org>
>>>>wrote:
>>>>>
>>>>> Jason - thank you for pushing on with this. It seems a lot of Jetty
>>>>>has
>>>>> changed Jetty8->Jetty9.1 in this area which is all news to me.
>>>>>
>>>>> On 27/08/15 06:09, Jason Levitt wrote:
>>>>>>
>>>>>>
>>>>>> Making some progress but things still don't work.
>>>>>>
>>>>>> The startup log (edited) looks like this (domain name changed to
>>>>>> mysite.com):
>>>>>
>>>>>
>>>>>
>>>>> This looks like it is because its asking to run on an address that
>>>>>isn't
>>>>> the
>>>>> local machine for some reason. It does not look like something on
>>>>>the
>>>>> same
>>>>> port because it is (usually)
>>>>>
>>>>> "java.net.BindException: Address already in use"
>>>>>
>>>>> but it's might be worth checking. On Linux, "sudo lsof -i:8443"
>>>>>
>>>>> Your config does not set the host but maybe the IP config is getting
>>>>>in
>>>>> the
>>>>> way. This is EC2 so does the real DNS name resolve to the IP address
>>>>>of a
>>>>> local interface? Does using "localhost" work (= do something
>>>>>different)?
>>>>>
>>>>> That's the best clue I could find on StackOverflow. I haven't found
>>>>>a
>>>>> way
>>>>> to get the same error message using plan HTTP on a non-EC2 machine
>>>>> though.
>>>>>
>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>>> to start server: Cannot assign requested address
>>>>>
>>>>>
>>>>> port=0 looks weird though if you are taking control with the config
>>>>>file
>>>>> that is possible due to the earlier error.
>>>>>
>>>>> What is printed is serverConnector.getPort() and serverConnector is
>>>>>the
>>>>> first/only configured ServerConnector.
>>>>>
>>>>> Andy
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> [2015-08-27 03:56:03] Server INFO Jetty server config file =
>>>>>> myconfig.xml
>>>>>> [2015-08-27 03:56:03] Server INFO Fuseki 2.3.0
>>>>>> 2015-07-25T17:11:28+0000
>>>>>> [2015-08-27 03:56:03] Config INFO
>>>>>>FUSEKI_HOME=/home/ec2-user/fuseki
>>>>>> [2015-08-27 03:56:03] Config INFO
>>>>>> FUSEKI_BASE=/home/ec2-user/fuseki/run
>>>>>> [2015-08-27 03:56:03] Servlet INFO Initializing Shiro
>>>>>>environment
>>>>>> [2015-08-27 03:56:03] Config INFO Shiro file:
>>>>>> file:///home/ec2-user/fuseki/run/shiro.ini
>>>>>> [2015-08-27 03:56:03] Config INFO Template file:
>>>>>> templates/config-tdb-dir
>>>>>> [2015-08-27 03:56:03] Config INFO TDB dataset: directory=ds
>>>>>> [2015-08-27 03:56:03] Config INFO Register: /ds
>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>>> ServerConnector@7e5441{SSL-http/1.1}{mysite.com:8443}:
>>>>>> java.net.BindException: Cannot assign requested address
>>>>>> java.net.BindException: Cannot assign requested address
>>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>>> ....
>>>>>> ....
>>>>>> ....
>>>>>> [2015-08-27 03:56:03] AbstractLifeCycle WARN FAILED
>>>>>> org.eclipse.jetty.server.Server@f9ed3e: java.net.BindException:
>>>>>>Cannot
>>>>>> assign requested address
>>>>>> java.net.BindException: Cannot assign requested address
>>>>>> at sun.nio.ch.Net.bind0(Native Method)
>>>>>> at sun.nio.ch.Net.bind(Net.java:433)
>>>>>> at sun.nio.ch.Net.bind(Net.java:425)
>>>>>> ....
>>>>>> ....
>>>>>> ....
>>>>>> [2015-08-27 03:56:03] Server ERROR SPARQLServer (port=0): Failed
>>>>>> to start server: Cannot assign requested address
>>>>>>
>>>>>>
>>>>>> And I'm running fuseki 2.3.0 with this command:
>>>>>>
>>>>>> nohup ./fuseki-server --port 8443 --update
>>>>>> --jetty-config=myconfig.xml --loc=ds /ds
>>>>>>
>>>>>>
>>>>>> The "myconfig.xml" file is below (I've already added my certificate
>>>>>> and key to the Java 8 JSSE):
>>>>>>
>>>>>> <?xml version="1.0"?>
>>>>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>>>>> "http://www.eclipse.org/jetty/configure.dtd">
>>>>>>
>>>>>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>>>>> <Call name="addConnector">
>>>>>> <Arg>
>>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>>> <Arg name="factories">
>>>>>> <Array type="org.eclipse.jetty.server.ConnectionFactory">
>>>>>> <Item>
>>>>>> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>>> <Arg name="config"><Ref refid="httpConfig" /></Arg>
>>>>>> </New>
>>>>>> </Item>
>>>>>> </Array>
>>>>>> </Arg>
>>>>>> </New>
>>>>>> </Arg>
>>>>>> </Call>
>>>>>>
>>>>>> <New id="sslContextFactory"
>>>>>> class="org.eclipse.jetty.util.ssl.SslContextFactory">
>>>>>> <Set name="KeyStorePath">/home/ec2-user/keystore</Set>
>>>>>> <Set name="KeyStorePassword">somepassword</Set>
>>>>>> <Set name="KeyManagerPassword">somepassword</Set>
>>>>>> <Set name="TrustStorePath">/home/ec2-user/keystore</Set>
>>>>>> <Set name="TrustStorePassword">somepassword</Set>
>>>>>> </New>
>>>>>>
>>>>>> <Call id="sslConnector" name="addConnector">
>>>>>> <Arg>
>>>>>> <New class="org.eclipse.jetty.server.ServerConnector">
>>>>>> <Arg name="server"><Ref refid="Server" /></Arg>
>>>>>> <Arg name="factories">
>>>>>> <Array
>>>>>>type="org.eclipse.jetty.server.ConnectionFactory">
>>>>>> <Item>
>>>>>> <New
>>>>>> class="org.eclipse.jetty.server.SslConnectionFactory">
>>>>>> <Arg name="next">http/1.1</Arg>
>>>>>> <Arg name="sslContextFactory"><Ref
>>>>>> refid="sslContextFactory"/></Arg>
>>>>>> </New>
>>>>>> </Item>
>>>>>> <Item>
>>>>>> <New
>>>>>> class="org.eclipse.jetty.server.HttpConnectionFactory">
>>>>>> <Arg name="config"><Ref
>>>>>>refid="tlsHttpConfig"/></Arg>
>>>>>> </New>
>>>>>> </Item>
>>>>>> </Array>
>>>>>> </Arg>
>>>>>> <Set name="host"><Property name="jetty.host"/></Set>
>>>>>> <Set name="port"><Property name="jetty.tls.port"
>>>>>> default="8443"
>>>>>> /></Set>
>>>>>> <Set name="idleTimeout">30000</Set>
>>>>>> <Set name="host">mysite.com</Set>
>>>>>> </New>
>>>>>> </Arg>
>>>>>> </Call>
>>>>>>
>>>>>> </Configure>
>>>>>>
>>>>>> ===================================
>>>>>>
>>>>>> On Tue, Aug 25, 2015 at 5:17 PM, Jason Levitt
>>>>>><sl...@gmail.com>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> I can't find any examples of the file that you hand to
>>>>>>> "--jetty-config"
>>>>>>>
>>>>>>> The "official" jetty docs for configuring SSL imply that there are
>>>>>>>two
>>>>>>> configuration files,
>>>>>>> jetty-ssl-context.xml and jetty-https.xml.
>>>>>>>
>>>>>>>
>>>>>>>(http://www.eclipse.org/jetty/documentation/current/configuring-ssl.
>>>>>>>html)
>>>>>>>
>>>>>>> The example that you cite:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/j
>>>>>>>etty-server/src/main/config/etc/jetty-https.xml
>>>>>>>
>>>>>>> says that: "This configuration must be used in conjunction with
>>>>>>> jetty.xml and jetty-ssl.xml"
>>>>>>>
>>>>>>> Where do these files go? The Fuseki download does not have any
>>>>>>>"etc"
>>>>>>> directory or
>>>>>>> any xml configuration files at all.
>>>>>>>
>>>>>>> So, I tried handing some XML config files to Fuseki using
>>>>>>> --jetty-config and it gives very little
>>>>>>> info in the error (see below). Has anyone actually successfully run
>>>>>>> Fuseki over SSL?
>>>>>>>
>>>>>>> [2015-08-25 22:13:34] Server INFO Jetty server config file =
>>>>>>> ./jetty-https.xml
>>>>>>> [2015-08-25 22:13:34] Server ERROR SPARQLServer: Failed to
>>>>>>> configure server: Unknown configuration type: Call in
>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>>> java.lang.IllegalStateException: Unknown configuration type: Call
>>>>>>>in
>>>>>>> org.eclipse.jetty.xml.XmlConfiguration@1d80d2b
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.setConfig(XmlConfiguration.ja
>>>>>>>va:198)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.eclipse.jetty.xml.XmlConfiguration.<init>(XmlConfiguration.java:
>>>>>>>177)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja
>>>>>>>va:264)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse
>>>>>>>ki.java:222)
>>>>>>> at
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek
>>>>>>>i.java:86)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j
>>>>>>>ava:335)
>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki
>>>>>>>Cmd.java:96)
>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>> org.apache.jena.fuseki.FusekiException: Failed to configure a
>>>>>>>server
>>>>>>> using configuration file './jetty-https.xml'
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.configServer(JettyFuseki.ja
>>>>>>>va:269)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.buildServerWebapp(JettyFuse
>>>>>>>ki.java:222)
>>>>>>> at
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.<init>(JettyFuseki.java:91)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.jetty.JettyFuseki.initializeServer(JettyFusek
>>>>>>>i.java:86)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.exec(FusekiCmd.j
>>>>>>>ava:335)
>>>>>>> at jena.cmd.CmdMain.mainMethod(CmdMain.java:93)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:58)
>>>>>>> at jena.cmd.CmdMain.mainRun(CmdMain.java:45)
>>>>>>> at
>>>>>>>
>>>>>>>
>>>>>>>org.apache.jena.fuseki.cmd.FusekiCmd$FusekiCmdInner.innerMain(Fuseki
>>>>>>>Cmd.java:96)
>>>>>>> at org.apache.jena.fuseki.cmd.FusekiCmd.main(FusekiCmd.java:59)
>>>>>>>
>>>>>>> J
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Aug 21, 2015 at 4:14 AM, Andy Seaborne <an...@apache.org>
>>>>>>>wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 20/08/15 22:37, Jason Levitt wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks. So I can still use the "--jetty-config" option with
>>>>>>>>>Fuseki
>>>>>>>>> v2.30 ?
>>>>>>>>>
>>>>>>>>> J
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Yes, should work to pass in the file. There was a major jetty
>>>>>>>>version
>>>>>>>> change (8 to 9) and what effect that has had on that option is
>>>>>>>>unclear
>>>>>>>> to
>>>>>>>> me. Connector changed Jetty 8->9
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>http://www.eclipse.org/jetty/documentation/current/configuring-ssl.
>>>>>>>>html
>>>>>>>>
>>>>>>>> and their example:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/
>>>>>>>>jetty-server/src/main/config/etc/jetty-https.xml
>>>>>>>>
>>>>>>>> It would be good to add this to the distribution - if you or
>>>>>>>>anyone
>>>>>>>> else
>>>>>>>> has
>>>>>>>> a working version, I'd be very grateful to get a copy.
>>>>>>>>
>>>>>>>>
>>>>>>>> Andy
>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Aug 20, 2015 at 3:46 PM, Andy Seaborne <an...@apache.org>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 20/08/15 21:24, Jason Levitt wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Which version of Jetty does Fuseki 2.30 (the latest version)
>>>>>>>>>>>use?
>>>>>>>>>>>
>>>>>>>>>>> J
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>http://central.maven.org/maven2/org/apache/jena/jena-fuseki/2.3.0
>>>>>>>>>>/jena-fuseki-2.3.0.pom
>>>>>>>>>>
>>>>>>>>>> ==> Jetty 9.1.1.v20140108
>>>>>>>>>>
>>>>>>>>>> Andy
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Aug 20, 2015 at 6:14 AM, Andy Seaborne
>>>>>>>>>>><an...@apache.org>
>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> The Jetty documentation is the best place to go for details of
>>>>>>>>>>>> setting
>>>>>>>>>>>> up
>>>>>>>>>>>> Jetty.
>>>>>>>>>>>>
>>>>>>>>>>>> Here's one in the examples/ area but as far as I can tell it's
>>>>>>>>>>>> more
>>>>>>>>>>>> int
>>>>>>>>>>>> he
>>>>>>>>>>>> category of "should work" (it is from Fuseki1 and that was a
>>>>>>>>>>>> different
>>>>>>>>>>>> version of Jetty) rather than tested.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>https://github.com/apache/jena/blob/master/jena-fuseki2/example
>>>>>>>>>>>>s/jetty-fuseki.xml
>>>>>>>>>>>>
>>>>>>>>>>>> If you, or anyone else, has a better example - please send it.
>>>>>>>>>>>>
>>>>>>>>>>>> Andy
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 20/08/15 02:54, Jason Levitt wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> We're in an AWS environment using Fuseki 2 with built-in
>>>>>>>>>>>>>Jetty.
>>>>>>>>>>>>> It
>>>>>>>>>>>>> only talks to internal machines so there
>>>>>>>>>>>>> is no need to protect it from external exposure. So that
>>>>>>>>>>>>>means
>>>>>>>>>>>>> that
>>>>>>>>>>>>> the easiest way is to use the
>>>>>>>>>>>>> `--jetty-config` flag to setup HTTPS to Jetty? Are there any
>>>>>>>>>>>>> docs
>>>>>>>>>>>>> on
>>>>>>>>>>>>> what the options are for that
>>>>>>>>>>>>> config file (e.g. what goes into the config file)?
>>>>>>>>>>>>>
>>>>>>>>>>>>> J
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Aug 18, 2015 at 3:21 PM, Andy Seaborne
>>>>>>>>>>>>><an...@apache.org>
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Right. In a production environment, a reverse proxy is
>>>>>>>>>>>>>>useful
>>>>>>>>>>>>>> for
>>>>>>>>>>>>>> several
>>>>>>>>>>>>>> things and while there is nothing that force a reverse
>>>>>>>>>>>>>>proxy,
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> weight
>>>>>>>>>>>>>> of
>>>>>>>>>>>>>> features can mean it's a useful and flexible thing to put
>>>>>>>>>>>>>>into a
>>>>>>>>>>>>>> production
>>>>>>>>>>>>>> system.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1/ Blocking undesirable clients
>>>>>>>>>>>>>> (manic crawlers, badly written PHP scripts)
>>>>>>>>>>>>>> 2/ more robust to DOS attacks (and accidental attacks)
>>>>>>>>>>>>>> Java web containers just aren't as good under
>>>>>>>>>>>>>>silly load
>>>>>>>>>>>>>> conditions.
>>>>>>>>>>>>>> 3/ URL rewrite
>>>>>>>>>>>>>> E.g don't need /dataset/query - can be any URL you
>>>>>>>>>>>>>>like.
>>>>>>>>>>>>>> 4/ Security
>>>>>>>>>>>>>> integrate with local systems; rich choice of
>>>>>>>>>>>>>>controls.
>>>>>>>>>>>>>> Control who and what can update
>>>>>>>>>>>>>> No need to restart for shiro chnages.
>>>>>>>>>>>>>> 5/ Rate control (e.g. no more than N queries at a time)
>>>>>>>>>>>>>> 6/ https (can be expensive so a C-implementation can help)
>>>>>>>>>>>>>> 7/ Lots of add-ons and mods for all sorts of tasks.
>>>>>>>>>>>>>> 8/ Lots of Q&A on stackoverflow!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Fuseki has "--localhost" to only talk to the machine's
>>>>>>>>>>>>>>localhost
>>>>>>>>>>>>>> network
>>>>>>>>>>>>>> interface. In an environment like AWS, where port control is
>>>>>>>>>>>>>> easily,
>>>>>>>>>>>>>> it's
>>>>>>>>>>>>>> trivial to secure the Fuseki server to only talk to the
>>>>>>>>>>>>>>local
>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>> proxy
>>>>>>>>>>>>>> by blocking all ports except (22 and) 80+443.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Andy
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 18/08/15 20:21, A. Soroka wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I checked more carefully (should have done that before
>>>>>>>>>>>>>>> replying)
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> it
>>>>>>>>>>>>>>> seems that Fuseki 2 also offers the `--jetty-config` flag
>>>>>>>>>>>>>>>for
>>>>>>>>>>>>>>> using
>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>> configuration that supports HTTPS:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --jetty-config=FILE Set up the server (not services)
>>>>>>>>>>>>>>>with a
>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>> XML
>>>>>>>>>>>>>>> file
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Aug 18, 2015, at 10:34 AM, ajs6f@virginia.edu
>>>>>>>>>>>>>>> <aj...@email.virginia.edu> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Are you deploying Fuseki to your own servlet container
>>>>>>>>>>>>>>>>(e.g.
>>>>>>>>>>>>>>>> Tomcat
>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>> Jetty) or using the server included with Fuseki and is it
>>>>>>>>>>>>>>>> Fuskei
>>>>>>>>>>>>>>>> 1
>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>> 2?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If the former, you will need to supply configuration
>>>>>>>>>>>>>>>>specific
>>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>> container. If the latter and it is Fuseki 1, there is a
>>>>>>>>>>>>>>>>Stack
>>>>>>>>>>>>>>>> Overflow
>>>>>>>>>>>>>>>> answer for it:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>https://stackoverflow.com/questions/28310045/enable-https-s
>>>>>>>>>>>>>>>>sl-on-fuseki-server
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> but the links seems to be dead. The idea is to supply
>>>>>>>>>>>>>>>>your own
>>>>>>>>>>>>>>>> Jetty
>>>>>>>>>>>>>>>> configuration (Jetty is the servlet container that the
>>>>>>>>>>>>>>>>Fuseki
>>>>>>>>>>>>>>>> command
>>>>>>>>>>>>>>>> uses).
>>>>>>>>>>>>>>>> For Fuseki 2, I think it is still under development? You
>>>>>>>>>>>>>>>>could
>>>>>>>>>>>>>>>> use
>>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>>> reverse
>>>>>>>>>>>>>>>> proxy in front of Fuseki, in that case.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>> A. Soroka
>>>>>>>>>>>>>>>> The University of Virginia Library
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Aug 17, 2015, at 7:07 PM, Jason Levitt
>>>>>>>>>>>>>>>> <sl...@gmail.com>
>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Sorry if this is a FAQ, but I'm wondering if there are
>>>>>>>>>>>>>>>>> any guidelines online to setting up
>>>>>>>>>>>>>>>>> Fuseki for HTTPS access?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Jason
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>
>>>
>