The low-code Knowledge Graph application platform

LinkedDataHub (LDH) is open source software you can use to manage data, create visualizations and build apps on RDF Knowledge Graphs.

What's new in LinkedDataHub v5? Watch this video for a feature overview:

We started the project with the intention to use it for Linked Data publishing, but gradually realized that we've built a multi-purpose data-driven platform.

We are building LinkedDataHub primarily for:

• researchers who need an RDF-native FAIR data environment that can consume and collect Linked Data and SPARQL documents and follows the FAIR principles
• developers who are looking for a declarative full stack framework for Knowledge Graph application development, with out-of-the-box UI and API

What makes LinkedDataHub unique is its completely data-driven architecture: applications and documents are defined as data, managed using a single generic HTTP API and presented using declarative technologies. The default application structure and user interface are provided, but they can be completely overridden and customized. Unless a custom server-side processing is required, no imperative code such as Java or JavaScript needs to be involved at all.

Follow the Get started guide to LinkedDataHub. The setup and basic configuration sections are provided below and should get you running.

LinkedDataHub is also available as a free AWS Marketplace product! <a href="https://aws.amazon.com/marketplace/pp/prodview-vqbeztc3f2nni" target="_blank"><img src="https://github.com/AtomGraph/LinkedDataHub/raw/master/AWS%20Marketplace.svg" width="160" alt="AWS Marketplace"/></a>
It takes a few clicks and filling out a form to install the product into your own AWS account. No manual setup or configuration necessary!

Setup

<details> <summary>Click to expand</summary>

Prerequisites

• bash shell 4.x. It should be included by default on Linux. On Windows you can install the Windows Subsystem for Linux.
• Docker installed. At least 8GB of memory dedicated to Docker is recommended.
• Docker Compose installed

CLI scripts

The following tools are required for CLI scripts in the bin/ directory:

• curl
• openssl
• python 3.x

Steps

1. Fork this repository and clone the fork into a folder
2. In the folder, create an .env file and fill out the missing values (you can use .env_sample as a template). For example:

   COMPOSE_CONVERT_WINDOWS_PATHS=1
   COMPOSE_PROJECT_NAME=linkeddatahub
   
   PROTOCOL=https
   HTTP_PORT=81
   HTTPS_PORT=4443
   HOST=localhost
   ABS_PATH=/
   
   OWNER_MBOX=john@doe.com
   OWNER_GIVEN_NAME=John
   OWNER_FAMILY_NAME=Doe
   OWNER_ORG_UNIT=My unit
   OWNER_ORGANIZATION=My org
   OWNER_LOCALITY=Copenhagen
   OWNER_STATE_OR_PROVINCE=Denmark
   OWNER_COUNTRY_NAME=DK
   

3. Setup server's SSL certificates by running this from command line:

   ./bin/server-cert-gen.sh .env nginx ssl
   

   The script will create an ssl sub-folder where the SSL certificates and/or public keys will be placed.
4. Create the following secrets with certificate/truststore passwords:
   • secrets/client_truststore_password.txt
   • secrets/owner_cert_password.txt
   • secrets/secretary_cert_password.txt The one you will need to remember in order to authenticate with LinkedDataHub using WebID client certificate is owner_cert_password.
5. Launch the application services by running this from command line:

   docker-compose up --build
   

   It will build LinkedDataHub's Docker image, start its container and mount the following sub-folders:
   • ssl
     • owner stores root owner's WebID certificate, keystore, and public key
     • secretary stores root application's WebID certificate, keystore, and public key
     • server stores the server's certificate (also used by nginx)
   • data where the triplestore(s) will persist RDF data
   • datasets where LDH persists agent metadata files
   • uploads where LDH stores content-hashed file uploads It should take up to half a minute as datasets are being loaded into triplestores. After a successful startup you should see periodic healtcheck requests being made to the https://localhost:4443/ns URL.
6. Install ssl/owner/keystore.p12 into a web browser of your choice (password is the owner_cert_password secret value)
   • Google Chrome: Settings > Advanced > Manage Certificates > Import...
   • Mozilla Firefox: Options > Privacy > Security > View Certificates... > Import...
   • Apple Safari: The file is installed directly into the operating system. Open the file and import it using the Keychain Access tool (drag it to the local section).
   • Microsoft Edge: Does not support certificate management, you need to install the file into Windows. Read more here.
7. For authenticated API access use the ssl/owner/cert.pem HTTPS client certificate. If you are running Linux with user other than root, you might need to fix the certificate permissions because Docker bind mounts are owned by root by default. For example:

   sudo setfacl -m u:$(whoami):r ./ssl/owner/*
   

8. Open https://localhost:4443/ in the web browser or use curl for API access, for example:

   curl -k -E ./ssl/owner/cert.pem:<your cert password> -H "Accept: text/turtle" 'https://localhost:4443/'
   

Notes

• There might go up to a minute before the web server is available because the nginx server depends on healthy LinkedDataHub and the healthcheck is done every 20s

• You will likely get a browser warning such as Your connection is not private in Chrome or Warning: Potential Security Risk Ahead in Firefox due to the self-signed server certificate. Ignore it: click Advanced and Proceed or Accept the risk to proceed.

  • If this option does not appear in Chrome (as observed on some MacOS), you can open chrome://flags/#allow-insecure-localhost, switch Allow invalid certificates for resources loaded from localhost to Enabled and restart Chrome

• MacOS: Chrome subdomain support: Chrome on macOS requires the server certificate to be installed to the System keychain to properly load resources from dataspace subdomains (e.g., admin.localhost:4443). Firefox is more lenient and will work without this step.

  1. Open Keychain Access (Applications > Utilities > Keychain Access)
  2. Select System keychain in the left sidebar
  3. File → Import Items → select ssl/server/server.crt
  4. Enter your admin password when prompted
  5. Double-click the "localhost" certificate
  6. Expand the Trust section
  7. Set "When using this certificate:" to Always Trust
  8. Close the window (enter password again)
  9. Completely quit Chrome (Cmd+Q) and restart

  Alternatively, use the command line:

  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ssl/server/server.crt
  

• .env_sample and .env files might be invisible in MacOS Finder which hides filenames starting with a dot. You should be able to create it using Terminal however.

• On Linux your user may need to be a member of the docker group. Add it using

sudo usermod -aG docker ${USER}

and re-login with your user. An alternative, but not recommended, is to run

sudo docker-compose up

</details>

Configuration

<details> <summary>Click to expand</summary>

Base URI

A common case is changing the base URI from the default https://localhost:4443/ to your own.

Lets use https://ec2-54-235-229-141.compute-1.amazonaws.com/linkeddatahub/ as an example. We need to split the URI into components and set them in the .env file using the following parameters:

PROTOCOL=https
HTTP_PORT=80
HTTPS_PORT=443
HOST=ec2-54-235-229-141.compute-1.amazonaws.com
ABS_PATH=/linkeddatahub/

ABS_PATH is required, even if it's just /.

Dataspaces

Dataspaces are configured in config/system.trig. Relative URIs will be resolved against the base URI configured in the .env file.

:warning: Do not use blank nodes to identify applications or services. We recommend using the urn: URI scheme, since LinkedDataHub application resources are not accessible under their own dataspace.

Secrets

Secrets used in docker-compose.yml:

<dl> <dt><code>owner_cert_password</code></dt> <dd>Password of the owner's WebID certificate</dd> <dt><code>secretary_cert_password</code></dt> <dd>Password of the secretary's WebID certificate</dd> <dt><code>client_truststore_password</code></dt> <dd>Password of the client truststore</dd> <dt><code>go