Danny, Have you checked https://jena.apache.org/documentation/fuseki2/fuseki-security.html
Re. the first part, your Fuseki runs on http:// but your links lead to https://. If you fix the links to be http://, the data from Fuseki will still not load because the browser will not load insecure content for a secure page. So yes you need to put Fuseki on https:// and you need a certificate for it. You can get them free using LetsEncrypt: https://letsencrypt.org/ If you want to consider AWS, we are currently working on pre-packaged Fuseki that takes one click to install, with HTTPS and all. https://twitter.com/namedgraph/status/1442497225444126722 Martynas atomgraph.com On Mon, Sep 27, 2021 at 8:52 PM Danny Ayers <danny.ay...@gmail.com> wrote: > > Hiya, > > For the first time in ages I've got a host, want Fuseki as my main backend > but am struggling with aspects related to security. Some specific issues, > but broader problems, seems likely other folks have dealt with them > already. (I have no idea of current best practices, even less on security > in general). Mostly not Fuseki-specific... > > I've got Fuseki running happily on the server - behind a reverse proxy on > Apache, a XAMPP* install on Ubuntu. I would like to leave the endpoints > open for read, restricted write. > Right now may be totally visible at http://hyperdata.it:3030, creds: admin > sasha. > > The twistiest issue: > I'm serving a page, https://hyperdata.it/newsmonitor/river.html which > includes an Ajax query to a SPARQL endpoint on Fuseki. > I have an SSL certificate on the server. Browser balks. Straight http > called inside page served over https not liked. Something like 'mixed > messages'. > Do I really have to pay for another certificate to cover port 3030? > Workaround? > > More general question is how to manage sitewide access control. Ideally I'd > like something that behaves like common sites, with read-only for anonymous > and some writing available for registered users. Hooks into OAuth2 or > whatever would be nice, sign in via Google or whatever... > > Has anyone used (bits of) Solid as a manager for these things? > > Yeah, I want it to be magic. > > Cheers, > Danny. > > * Although I found the XAMPP install very easy for setting up a Wordpress > blog, the Apache setup is not like the standard Ubuntu version. Very > confusing when I wanted to go beyond that, seemingly arbitrary config > files included in unfamiliar places. > > > > > > > > > > > > -- > ---- > > http://hyperdata.it <http://hyperdata.it/danja>
