We began with the basic Websocket server install in theprevious blog post. It’s time to secure our server by adding a special user to the database that will be responsible for running the WebSocket server.
- Basic WebSocket Server Installation Guide for IBM Domino Server
- Setting up the websocket user
- Securing your WebSocket server with TLS
- Your first non-chat websocket app
- Adding server-side listener for persistence
Register a new user
Open your IBM Domino admin application and in the People & Groups tab Register a new user
Change the security settings of the Domino Server
Configuration tab > Current Server Document > Security
Add the websocket user to the Programmability Restrictions as shown below:
Change of ACLs
We need to update the websocketupdate.nsf, the websocket.nsf and the applications that use websocket, in our case the chat.nsf. Add the Websocket User to the websocketupdate and websocket.nsf ACL and give the user editor access with deletion (or higher).
The chat.nsf or any other application that you write and uses websocket, add the Websocket user to the ACL list and add designer or or higher access.
WebSocket server configuration using profile config document
Open the websocket.nsf in your IBM Domino Admin application and go to Action > Admin > 1) Edit Config
Paste these lines into the Config Data field:
Edit the values according to your needs. More server setting values can be found in the official xocket.iodocumentation.
Make sure that you add your admin user, server and the websocket user to the Other Readers field:
And with that, we are done.
Testing the WebSocket sever
Restart the Domino server and check your startup log. It should look like this:
- The websocket config is read from the websocket.nsf
- The server is running under the Websocket user id.
- The server uses a single port for http and websocket traffic.
- Anonymous websocket access is disabled.
There’s a single error message near the end of the log. I was not able to get rid of that, but it does not seem to affect the server’s functionality.
Open the chat.nsf in your browser and test that it works. You should see these messages in your console.log
Congratulations. Your WebSocket server is already more secure and functional. In the next post we will encrypt WebSocket traffic using TLS certificates, to make it even more secure.