13. RDFox Endpoint¶
13.1. Starting and Stopping the Endpoint¶
The endpoint can be started in the following ways:
By launching the RDFox process in
daemonmode (see Section 16.1).
endpoint startwithin the RDFox shell (see Section 220.127.116.11). When started in this manner, the endpoint accesses the same RDFox server as the shell, so the effects of any commands that affect the state of the server (e.g.,
dstore create) will be immediately visible on the endpoint.
daemonwithin the RDFox shell (see Section 18.104.22.168).
13.2. Endpoint Parameters¶
The configuration of the endpoint is determined by the parameters below. It is not possible to modify the configuration of the endpoint once it is listening however, in the shell, the endpoint can be stopped and restarted with new parameter values.
portdetermines the port at which the endpoint is started. The port can be specified as a verbatim port number or as a TCP service name. The default is
12110. For legacy reasons, the port can also be specified using
service-name; moreover, if both options are present, then
num-threadsdetermines the number of threads that endpoint will use to process RESTful requests. The default value is one less than the number of logical processors of the machine on which RDFox is run.
channeldetermines the connection type that the endpoint should use.
unsecuremeans the endpoint will use the unsecured HTTP connection. This is the default value.
open-sslmeans the endpoint will use SSL/TLS implemented using the openSSL package. This option is available on all platforms.
secure-transportmeans the endpoint will use SSL/TLS implemented using the Secure Transport library. This option is available only on macOS 10.8 or later.
The following parameters determine the SSL/TLS configuration for the endpoint.
credentialsspecifies the server certificate and private key, and the intermediate certificates as a verbatim string in PEM format. The string must contain the server’s private key, the server’s certificate, and zero or more intermediate certificates. For example, this file could look as follows:
-----BEGIN RSA PRIVATE KEY----- ... server key ... -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... server certificate ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... 1st intermediate certificate ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... 2st intermediate certificate ... -----END CERTIFICATE-----
credentials-filespecifies the name of the file whose content contains the credentials. The file content must have the same format as the
credentials-namespecifies the comma-separated list of names of items in the system’s keystore. The first name must identify a certificate and a private key, which are used as a main identity of the server. The remaining names identify intermediate certificates. This option is available only on macOS, where the keystore is the system’s keychain.
credentials-passphraseprovides the passphrase that can be used to unlock the credentials in case they are encrypted. This parameter is optional.
min-secure-protocoldetermines the minimum protocol version that the server should use. The allowed values are
tls13. The default value is
listening-backlogdetermines the TCP listening backlog for the socket accepting the connection. The default value is 10.
send-bufferdetermine the sizes in bytes of the receive and send buffers for the sockets servicing the requests. The default values are zero, which means that the system will determine the buffer sizes depending on the properties of the connection. For more information, please refer to the SO_RCVBUF and SO_SNDBUF socket options.
sweeps-to-reclaimgovern the reclamation of unused objects. During its operation, the endpoint retains certain objects between requests either for performance reasons (e.g., the endpoint may cache cursors of partially evaluated queries) or to ensure its operation (e.g., the endpoint will maintain objects associated with transactions). In order to prevent these objects from accumulating, every
sweep-periodseconds the endpoint will sweep through all retained objects, and it will delete all objects (including transactions) that have not been used in the last
sweeps-to-reclaimsweeps. The default values for these parameters are 60 and 5, respectively.
access-control-allow-originconfigures the RDFox endpoint to include the
Access-Control-Allow-Originheader in responses with the specified origin. If unset (the default), the header is omitted.
protocoldetermines which network layer protocol the endpoint will use.
IPv4means the endpoint will use Internet Protocol version 4.
IPv6means the endpoint will use Internet Procotol version 6.
IPv6-v4means the endpoint will use Internet Protocol version 6 if possible or Internet Protocol version 4 if not. This is the default value.
The following parameters determine the configuration for HTTP request logging.
request-loggerdetermines how each serviced HTTP request is logged. All logging goes to standard output.
nonedisables request logging. This is the default value.
clfenables request logging using the Common Log Format.
elfenables request logging using the Extended Log Format. The exact content of each log entry is determined by the
elf-logger-fieldsparameter. Each log entry is limited to 10 KiB. Where an entry would exceed this limit, the elided fields are indicated with
elf-logger-fieldsdetermines which fields are logged by the extended log format logger. This parameter has no effect unless
request-loggeris set to
elf. The value for this parameter must be a space-delimited list of the following field identifiers:
x-role-name. The identifier
x-role-namespecifies the role name with which the request was made. All other identifiers have the meanings defined in the draft specification. The default value for this parameter is
date time cs-method cs-uri-stem sc-status sc-bytes time-taken.