I'm trying to determine how to enable SSL communications with the BaseX server, I have a java server which communicates with BaseX over its REST API for running xquery's. I see in the BaseX changelog that SSL support was added to version 7.5 in 2012 but I haven't been able to find any references to it in the documentation.
I found some statements in the jetty.xml file which are commented out and would appear to enable SSL on port 8986. But I'm not at all familiar with jetty. Is there some documentation available for enabling this support?
Thanks in advance!
Giavanna Richards
Hi Giavanna,
The SSL features has not been maintained anymore for a while now. With BaseX 9.0, it will be completely removed, because the old solution is not compatible anymore with Jetty 9. We may introduce it in future once we find a good way to do. There is a StackOverflow question that relates to this issue [1], but no helpful answer was given so far. Suggestions from users who use Jetty and SSL are welcome.
All the best, Christian
[1] https://stackoverflow.com/questions/32734920/using-jetty-9-and-jetty-xml-wit...
On Wed, Mar 14, 2018 at 8:18 PM, Giavanna J Richards gjrichar@us.ibm.com wrote:
I'm trying to determine how to enable SSL communications with the BaseX server, I have a java server which communicates with BaseX over its REST API for running xquery's. I see in the BaseX changelog that SSL support was added to version 7.5 in 2012 but I haven't been able to find any references to it in the documentation.
I found some statements in the jetty.xml file which are commented out and would appear to enable SSL on port 8986. But I'm not at all familiar with jetty. Is there some documentation available for enabling this support?
Thanks in advance!
Giavanna Richards
Hi Christian
I was able to deploy basex.war (8.6.7) as expanded application under a server on WebSphere Liberty. The server is setup to use https with SSL. So I can run with success the BaseX Web Admin UI like https://localhost:9443/BaseX/dba/login?path=databases and I can run Xquery from there.
The question is that the web application starts an instance of BaseXServer that listen to 1984 port and that communication is not secure. I take that the BaseXServer will not change to provide a secure communication with the clients. is that correct?
thanks Stefania
From: "Christian Grün" christian.gruen@gmail.com To: Giavanna J Richards gjrichar@us.ibm.com Cc: BaseX basex-talk@mailman.uni-konstanz.de Date: 03/14/2018 04:07 PM Subject: Re: [basex-talk] SSL support for BaseX REST API Sent by: basex-talk-bounces@mailman.uni-konstanz.de
Hi Giavanna,
The SSL features has not been maintained anymore for a while now. With BaseX 9.0, it will be completely removed, because the old solution is not compatible anymore with Jetty 9. We may introduce it in future once we find a good way to do. There is a StackOverflow question that relates to this issue [1], but no helpful answer was given so far. Suggestions from users who use Jetty and SSL are welcome.
All the best, Christian
[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_quest...
On Wed, Mar 14, 2018 at 8:18 PM, Giavanna J Richards gjrichar@us.ibm.com wrote:
I'm trying to determine how to enable SSL communications with the BaseX server, I have a java server which communicates with BaseX over its
REST
API for running xquery's. I see in the BaseX changelog that SSL support
was
added to version 7.5 in 2012 but I haven't been able to find any
references
to it in the documentation.
I found some statements in the jetty.xml file which are commented out
and
would appear to enable SSL on port 8986. But I'm not at all familiar
with
jetty. Is there some documentation available for enabling this support?
Thanks in advance!
Giavanna Richards
Hi Stefania,
Exactly. If you have no need for the BaseX server instance, you can disable it by setting HTTOLOCAL to true [1].
Hope this helps, Christian
[1] http://docs.basex.org/wiki/Options#HTTPLOCAL
Stefania Axo stefy@us.ibm.com schrieb am Sa., 17. März 2018, 01:42:
Hi Christian
I was able to deploy basex.war (8.6.7) as expanded application under a server on WebSphere Liberty. The server is setup to use https with SSL. So I can run with success the BaseX Web Admin UI like https://localhost:9443/BaseX/dba/login?path=databasesand I can run Xquery from there.
The question is that the web application starts an instance of BaseXServerthat listen to 1984 port and that communication is not secure. I take that the BaseXServer will not change to provide a secure communication with the clients. is that correct?
thanks Stefania
From: "Christian Grün" christian.gruen@gmail.com To: Giavanna J Richards gjrichar@us.ibm.com Cc: BaseX basex-talk@mailman.uni-konstanz.de Date: 03/14/2018 04:07 PM Subject: Re: [basex-talk] SSL support for BaseX REST API Sent by: basex-talk-bounces@mailman.uni-konstanz.de
Hi Giavanna,
The SSL features has not been maintained anymore for a while now. With BaseX 9.0, it will be completely removed, because the old solution is not compatible anymore with Jetty 9. We may introduce it in future once we find a good way to do. There is a StackOverflow question that relates to this issue [1], but no helpful answer was given so far. Suggestions from users who use Jetty and SSL are welcome.
All the best, Christian
[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_quest...
On Wed, Mar 14, 2018 at 8:18 PM, Giavanna J Richards gjrichar@us.ibm.com wrote:
I'm trying to determine how to enable SSL communications with the BaseX server, I have a java server which communicates with BaseX over its REST API for running xquery's. I see in the BaseX changelog that SSL support
was
added to version 7.5 in 2012 but I haven't been able to find any
references
to it in the documentation.
I found some statements in the jetty.xml file which are commented out and would appear to enable SSL on port 8986. But I'm not at all familiar
with
jetty. Is there some documentation available for enabling this support?
Thanks in advance!
Giavanna Richards
Hi Christian, I am a little confused on where to set this property HTTOLOCAL ? I would like to test it out.
thanks Stefania
From: "Christian Grün" christian.gruen@gmail.com To: Stefania Axo stefy@us.ibm.com Cc: BaseX basex-talk@mailman.uni-konstanz.de, basex-talk-bounces@mailman.uni-konstanz.de, Giavanna J Richards gjrichar@us.ibm.com Date: 03/17/2018 06:38 AM Subject: Re: [basex-talk] SSL support for BaseX REST API
Hi Stefania,
Exactly. If you have no need for the BaseX server instance, you can disable it by setting HTTOLOCAL to true [1].
Hope this helps, Christian
[1] http://docs.basex.org/wiki/Options#HTTPLOCAL
Stefania Axo stefy@us.ibm.com schrieb am Sa., 17. März 2018, 01:42: Hi Christian
I was able to deploy basex.war (8.6.7) as expanded application under a server on WebSphere Liberty. The server is setup to use https with SSL. So I can run with success the BaseX Web Admin UI like https://localhost:9443/BaseX/dba/login?path=databasesand I can run Xquery from there.
The question is that the web application starts an instance of BaseXServer that listen to 1984 port and that communication is not secure. I take that the BaseXServer will not change to provide a secure communication with the clients. is that correct?
thanks Stefania
From: "Christian Grün" christian.gruen@gmail.com To: Giavanna J Richards gjrichar@us.ibm.com Cc: BaseX basex-talk@mailman.uni-konstanz.de Date: 03/14/2018 04:07 PM Subject: Re: [basex-talk] SSL support for BaseX REST API Sent by: basex-talk-bounces@mailman.uni-konstanz.de
Hi Giavanna,
The SSL features has not been maintained anymore for a while now. With BaseX 9.0, it will be completely removed, because the old solution is not compatible anymore with Jetty 9. We may introduce it in future once we find a good way to do. There is a StackOverflow question that relates to this issue [1], but no helpful answer was given so far. Suggestions from users who use Jetty and SSL are welcome.
All the best, Christian
[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_quest...
On Wed, Mar 14, 2018 at 8:18 PM, Giavanna J Richards gjrichar@us.ibm.com wrote:
I'm trying to determine how to enable SSL communications with the BaseX server, I have a java server which communicates with BaseX over its
REST
API for running xquery's. I see in the BaseX changelog that SSL support
was
added to version 7.5 in 2012 but I haven't been able to find any
references
to it in the documentation.
I found some statements in the jetty.xml file which are commented out
and
would appear to enable SSL on port 8986. But I'm not at all familiar
with
jetty. Is there some documentation available for enabling this support?
Thanks in advance!
Giavanna Richards
Hi Stefania,
Did you already follow the steps described in our documentation [1]?
Best, Christian
[1] http://docs.basex.org/wiki/Web_Application
Stefania Axo stefy@us.ibm.com schrieb am Mi., 21. März 2018, 22:45:
Hi Christian, I am a little confused on where to set this property HTTOLOCAL ? I would like to test it out.
thanks Stefania
From: "Christian Grün" christian.gruen@gmail.com To: Stefania Axo stefy@us.ibm.com Cc: BaseX basex-talk@mailman.uni-konstanz.de, basex-talk-bounces@mailman.uni-konstanz.de, Giavanna J Richards < gjrichar@us.ibm.com> Date: 03/17/2018 06:38 AM Subject: Re: [basex-talk] SSL support for BaseX REST API
Hi Stefania,
Exactly. If you have no need for the BaseX server instance, you can disable it by setting HTTOLOCAL to true [1].
Hope this helps, Christian
[1] *http://docs.basex.org/wiki/Options#HTTPLOCAL* https://urldefense.proofpoint.com/v2/url?u=http-3A__docs.basex.org_wiki_Options-23HTTPLOCAL&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=oRDtJNjvHAlLIcU_p2eWUQ&m=00llvJVAjAGaRcfwljAWW9udbGremKB875UyFziCyUo&s=FGZbYWx4ENlId2GBVQ5twLz4fkJl_Iyy8SazZfwmdg8&e=
Stefania Axo <*stefy@us.ibm.com* stefy@us.ibm.com> schrieb am Sa., 17. März 2018, 01:42: Hi Christian
I was able to deploy basex.war (8.6.7) as expanded application under a server on WebSphere Liberty. The server is setup to use https with SSL. So I can run with success the BaseX Web Admin UI like *https://localhost:9443/BaseX/dba/login?path=databases* https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A9443_BaseX_dba_login-3Fpath-3Ddatabases&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=oRDtJNjvHAlLIcU_p2eWUQ&m=00llvJVAjAGaRcfwljAWW9udbGremKB875UyFziCyUo&s=UErFluQjQda64C5YND1wwG8am_vbC82fCE4osuid9wc&e=and I can run Xquery from there.
The question is that the web application starts an instance of BaseXServerthat listen to 1984 port and that communication is not secure. I take that the BaseXServer will not change to provide a secure communication with the clients. is that correct?
thanks Stefania
From: "Christian Grün" <*christian.gruen@gmail.com* christian.gruen@gmail.com> To: Giavanna J Richards <*gjrichar@us.ibm.com* gjrichar@us.ibm.com> Cc: BaseX <*basex-talk@mailman.uni-konstanz.de* basex-talk@mailman.uni-konstanz.de> Date: 03/14/2018 04:07 PM Subject: Re: [basex-talk] SSL support for BaseX REST API Sent by: *basex-talk-bounces@mailman.uni-konstanz.de*
basex-talk-bounces@mailman.uni-konstanz.de
Hi Giavanna,
The SSL features has not been maintained anymore for a while now. With BaseX 9.0, it will be completely removed, because the old solution is not compatible anymore with Jetty 9. We may introduce it in future once we find a good way to do. There is a StackOverflow question that relates to this issue [1], but no helpful answer was given so far. Suggestions from users who use Jetty and SSL are welcome.
All the best, Christian
[1] *https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_quest... https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_questions_32734920_using-2Djetty-2D9-2Dand-2Djetty-2Dxml-2Dwith-2Dbasex&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=oRDtJNjvHAlLIcU_p2eWUQ&m=0zOMGLkzQSB6QaWTNy6iglmqul82FpjptqdbW_cd-C4&s=MrN3jqfbFo0BjpvF2-MVajpuZBNOeAp7D1KFAiQQy5k&e=
On Wed, Mar 14, 2018 at 8:18 PM, Giavanna J Richards <*gjrichar@us.ibm.com* gjrichar@us.ibm.com> wrote:
I'm trying to determine how to enable SSL communications with the BaseX server, I have a java server which communicates with BaseX over its REST API for running xquery's. I see in the BaseX changelog that SSL support
was
added to version 7.5 in 2012 but I haven't been able to find any
references
to it in the documentation.
I found some statements in the jetty.xml file which are commented out and would appear to enable SSL on port 8986. But I'm not at all familiar
with
jetty. Is there some documentation available for enabling this support?
Thanks in advance!
Giavanna Richards
On Wed, 2018-03-14 at 14:18 -0500, Giavanna J Richards wrote:
I'm trying to determine how to enable SSL communications with the BaseX server
I don't know if this helps, but I run BaseX listening only to "localhost" so that SSL isn't an issue (as a connection to localhost doesn't normally go over a network), and connect (on the same system) from PHP or Perl (!) or you can proxy via apache.
If BaseX is running on a different computer, you could also proxy on the system running BaseX e.g. with apache and .htaccess or the server conf & mod_rewrite. That way you'd use SSL to get to apache and then an in-memory connection from there to BaseX.
Liam
I have been trying this out recently, in part to look at service workers [1] I am using BaseX 9 betas for this. This has a newer jetty version. I have put a jetty.xml that is working for me as a gist [2]
You will need to change the keystore location [3] to something that points to your keystore. It is based on the jetty9 article [4]
/Andy
https://w3c.github.io/ServiceWorker/ https://gist.github.com/apb2006/b24e92f84c42838ec7ef7de2cf937835 https://gist.github.com/apb2006/b24e92f84c42838ec7ef7de2cf937835#file-jetty-... https://www.blackpepper.co.uk/what-we-think/blog/jetty-runner-https-xml-conf...
On 14 March 2018 at 20:59, Liam R. E. Quin liam@w3.org wrote:
On Wed, 2018-03-14 at 14:18 -0500, Giavanna J Richards wrote:
I'm trying to determine how to enable SSL communications with the BaseX server
I don't know if this helps, but I run BaseX listening only to "localhost" so that SSL isn't an issue (as a connection to localhost doesn't normally go over a network), and connect (on the same system) from PHP or Perl (!) or you can proxy via apache.
If BaseX is running on a different computer, you could also proxy on the system running BaseX e.g. with apache and .htaccess or the server conf & mod_rewrite. That way you'd use SSL to get to apache and then an in-memory connection from there to BaseX.
Liam
-- Liam Quin, W3C, http://www.w3.org/People/Quin/ Staff contact for Verifiable Claims WG, SVG WG, XQuery WG Improving Web Advertising: https://www.w3.org/community/web-adv/ Personal: awesome vintage art: http://www.fromoldbooks.org/
basex-talk@mailman.uni-konstanz.de
-
Andy Bunce -
Christian Grün -
Giavanna J Richards -
Liam R. E. Quin -
Stefania Axo