PS. and now I am really confused. This, which I think is doing http calls from a https-served page appears to work :
https://hyperdata.it/sparql-diamonds/html/bookmarks.html unless there's a localhost:3030 somewhere I've overlooked... On Mon, 27 Sept 2021 at 20:52, Danny Ayers <danny.ay...@gmail.com> wrote: > Hiya, > > For the first time in ages I've got a host, want Fuseki as my main backend > but am struggling with aspects related to security. Some specific issues, > but broader problems, seems likely other folks have dealt with them > already. (I have no idea of current best practices, even less on security > in general). Mostly not Fuseki-specific... > > I've got Fuseki running happily on the server - behind a reverse proxy on > Apache, a XAMPP* install on Ubuntu. I would like to leave the endpoints > open for read, restricted write. > Right now may be totally visible at http://hyperdata.it:3030, creds: > admin sasha. > > The twistiest issue: > I'm serving a page, https://hyperdata.it/newsmonitor/river.html which > includes an Ajax query to a SPARQL endpoint on Fuseki. > I have an SSL certificate on the server. Browser balks. Straight http > called inside page served over https not liked. Something like 'mixed > messages'. > Do I really have to pay for another certificate to cover port 3030? > Workaround? > > More general question is how to manage sitewide access control. Ideally > I'd like something that behaves like common sites, with read-only for > anonymous and some writing available for registered users. Hooks into > OAuth2 or whatever would be nice, sign in via Google or whatever... > > Has anyone used (bits of) Solid as a manager for these things? > > Yeah, I want it to be magic. > > Cheers, > Danny. > > * Although I found the XAMPP install very easy for setting up a Wordpress > blog, the Apache setup is not like the standard Ubuntu version. Very > confusing when I wanted to go beyond that, seemingly arbitrary config > files included in unfamiliar places. > > > > > > > > > > > > -- > ---- > > http://hyperdata.it <http://hyperdata.it/danja> > -- ---- http://hyperdata.it <http://hyperdata.it/danja>
