Setting up the websocket user

Datetime:2016-08-22 22:30:28          Topic: WebSocket           Share

We began with the basic Websocket server install in theprevious blog post. It’s time to secure our server by adding a special user to the database that will be responsible for running the WebSocket server.

Series Content

  1. Basic WebSocket Server Installation Guide for IBM Domino Server
  2. Setting up the websocket user
  3. Securing your WebSocket server with TLS
  4. Your first non-chat websocket app
  5. Adding server-side listener for persistence

Register a new user

Open your IBM Domino admin application and in the People & Groups tab Register a new user

Change the security settings of the Domino Server

Configuration tab > Current Server Document > Security

Add the websocket user to the Programmability Restrictions as shown below:

Change of ACLs

We need to update the websocketupdate.nsf, the websocket.nsf and the applications that use websocket, in our case the chat.nsf. Add the Websocket User to the websocketupdate and websocket.nsf ACL and give the user editor access with deletion (or higher).

The chat.nsf or any other application that you write and uses websocket, add the Websocket user to the ACL list and add designer or or higher access.

WebSocket server configuration using profile config document

Open the websocket.nsf in your IBM Domino Admin application and go to Action > Admin > 1) Edit Config

Paste these lines into the Config Data field:

WEBSOCKET_PORT=8889

WEBSOCKET_PROXY_BACKEND_HOST=127.0.0.1

WEBSOCKET_PROXY_BACKEND_PORT=80

WEBSOCKET_REDIRECT_PORTS=80

WEBSOCKET_USER=Websocket User/home

WEBSOCKET_PASSWORD=wsuser

WEBSOCKET_ALLOW_ANONYMOUS=false

WEBSOCKET_ALLOWED_ORIGINS=127.0.0.1, localhost

WEBSOCKET_THREAD_COUNT=1

WEBSOCKET_EVENT_LOOP_THREADS=2

WEBSOCKET_MAX_CONNECTIONS=8000

WEBSOCKET_DEBUG=false

WEBSOCKET_TEST_MODE=false

WEBSOCKET_MAX_MSG_SIZE=15977336

WEBSOCKET_COMPRESSION_ENABLED=false

WEBSOCKET_SEND_BUFFER=16384

WEBSOCKET_RECEIVE_BUFFER=16384

Edit the values according to your needs. More server setting values can be found in the official xocket.iodocumentation.

Make sure that you add your admin user, server and the websocket user to the Other Readers field:

And with that, we are done.

Testing the WebSocket sever

Restart the Domino server and check your startup log. It should look like this:

  1. The websocket config is read from the websocket.nsf
  2. The server is running under the Websocket user id.
  3. The server uses a single port for http and websocket traffic.
  4. Anonymous websocket access is disabled.

There’s a single error message near the end of the log. I was not able to get rid of that, but it does not seem to affect the server’s functionality.

Open the chat.nsf in your browser and test that it works. You should see these messages in your console.log

Congratulations. Your WebSocket server is already more secure and functional.  In the next post we will encrypt WebSocket traffic using TLS certificates, to make it even more secure.





About List