13. RDFox Endpoint

The RDFox Endpoint provides REST access to the process’s RDFox server (see Section 4) and also serves the HTML, JavaScript and other static assets for the RDFox Console. For a description of the RDFox REST API, see Section 14.

13.1. Starting and Stopping the Endpoint

The endpoint can be started in the following ways:

  • By launching the RDFox process in daemon mode (see Section 16.1).

  • By issuing endpoint start within the RDFox shell (see Section When started in this manner, the endpoint accesses the same RDFox server as the shell, so the effects of any commands that affect the state of the server (e.g., dstore create) will be immediately visible on the endpoint.

  • By issuing daemon within the RDFox shell (see Section

13.2. Endpoint Parameters

The configuration of the endpoint is determined by the parameters below. It is not possible to modify the configuration of the endpoint once it is listening however, in the shell, the endpoint can be stopped and restarted with new parameter values.

  • port determines the port at which the endpoint is started. The port can be specified as a verbatim port number or as a TCP service name. The default is 12110. For legacy reasons, the port can also be specified using service-name; moreover, if both options are present, then port takes precedence.

  • num-threads determines the number of threads that endpoint will use to process RESTful requests. The default value is one less than the number of logical processors of the machine on which RDFox is run.

  • channel determines the connection type that the endpoint should use.

    • unsecure means the endpoint will use the unsecured HTTP connection. This is the default value.

    • ssl means the endpoint will use SSL/TLS using the platform’s native secure communication package. On macOS this is Secure Transport, and on Linux and Windows this is openSSL.

    • open-ssl means the endpoint will use SSL/TLS implemented using the openSSL package. This option is available on all platforms.

    • secure-transport means the endpoint will use SSL/TLS implemented using the Secure Transport library. This option is available only on macOS 10.8 or later.

  • The following parameters determine the SSL/TLS configuration for the endpoint.

    • credentials specifies the server certificate and private key, and the intermediate certificates as a verbatim string in PEM format. The string must contain the server’s private key, the server’s certificate, and zero or more intermediate certificates. For example, this file could look as follows:

      -----BEGIN RSA PRIVATE KEY-----
      ... server key ...
      -----END RSA PRIVATE KEY-----
      -----BEGIN CERTIFICATE-----
      ... server certificate ...
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      ... 1st intermediate certificate ...
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      ... 2st intermediate certificate ...
      -----END CERTIFICATE-----
    • credentials-file specifies the name of the file whose content contains the credentials. The file content must have the same format as the credentials parameters.

    • credentials-name specifies the comma-separated list of names of items in the system’s keystore. The first name must identify a certificate and a private key, which are used as a main identity of the server. The remaining names identify intermediate certificates. This option is available only on macOS, where the keystore is the system’s keychain.

    • credentials-passphrase provides the passphrase that can be used to unlock the credentials in case they are encrypted. This parameter is optional.

    • min-secure-protocol determines the minimum protocol version that the server should use. The allowed values are ssl2, ssl3, tls1, tls11, tls12, and tls13. The default value is tls12.

  • listening-backlog determines the TCP listening backlog for the socket accepting the connection. The default value is 10.

  • receive-buffer and send-buffer determine the sizes in bytes of the receive and send buffers for the sockets servicing the requests. The default values are zero, which means that the system will determine the buffer sizes depending on the properties of the connection. For more information, please refer to the SO_RCVBUF and SO_SNDBUF socket options.

  • sweep-period and sweeps-to-reclaim govern the reclamation of unused objects. During its operation, the endpoint retains certain objects between requests either for performance reasons (e.g., the endpoint may cache cursors of partially evaluated queries) or to ensure its operation (e.g., the endpoint will maintain objects associated with transactions). In order to prevent these objects from accumulating, every sweep-period seconds the endpoint will sweep through all retained objects, and it will delete all objects (including transactions) that have not been used in the last sweeps-to-reclaim sweeps. The default values for these parameters are 60 and 5, respectively.

  • access-control-allow-origin configures the RDFox endpoint to include the Access-Control-Allow-Origin header in responses with the specified origin. If unset (the default), the header is omitted.

  • protocol determines which network layer protocol the endpoint will use.

    • IPv4 means the endpoint will use Internet Protocol version 4.

    • IPv6 means the endpoint will use Internet Procotol version 6.

    • IPv6-v4 means the endpoint will use Internet Protocol version 6 if possible or Internet Protocol version 4 if not. This is the default value.

  • The following parameters determine the configuration for HTTP request logging.

    • request-logger determines how each serviced HTTP request is logged. All logging goes to standard output.

      • none disables request logging. This is the default value.

      • clf enables request logging using the Common Log Format.

      • elf enables request logging using the Extended Log Format. The exact content of each log entry is determined by the elf-logger-fields parameter. Each log entry is limited to 10 KiB. Where an entry would exceed this limit, the elided fields are indicated with ....

    • elf-logger-fields determines which fields are logged by the extended log format logger. This parameter has no effect unless request-logger is set to elf. The value for this parameter must be a space-delimited list of the following field identifiers: date, time, time-taken, c-ip, c-port, cs({HEADER}), cs-bytes, cs-method, cs-uri, cs-uri-query, cs-uri-stem, sc({HEADER}), sc-bytes, sc-status, x-role-name. The identifier x-role-name specifies the role name with which the request was made. All other identifiers have the meanings defined in the draft specification. The default value for this parameter is date time cs-method cs-uri-stem sc-status sc-bytes time-taken.