[webserverjs]

Defines options for webserver.js, the Node.js-based web server running inside a JavaScript Manager.

[webserverjs] accessControlAllowOrigin

Type
string

Defines a list of URLs that are allowed origins for a CORS request. For each allowed URL, a separate line has to be added.

Example:

accessControlAllowOrigin = "https://redu1:8443"
accessControlAllowOrigin = "https://redu2:8443"

If this config entry is used, the config entry "httpHeader" must not used for HTTP header "Access-Control-Allow-Origin:".

[webserverjs] allowExternalResources

Type
bool
Default
0
Range
0|1
Defines if webserver.js allows embedding external resources (e.g. ULC UX frames) from a different host and/or port into the Dashboard.

[webserverjs] canEditPermissionBit

Type
int
Default
3
Range
1..32
Defines the permission bit which is required by a Dashboard user to edit dashboards.

[webserverjs] canPublishPermissionBit

Type
int
Default
4
Range
1..32
Defines the permission bit which is required by a Dashboard user to publish dashboards.

[webserverjs] canWritePermissionBit

Type
int
Default
4
Range
0..32
Defines the permission bit which is required by a Dashboard user to get write access to datapoints. If this is set to 0, write access is blocked for all Dashboard users.

[webserverjs] dashboardSharedLicenses

Type
uint
Default
0
Range
>=0
Defines the number of Dashboard Desktop licenses that can be used for mobile clients when no more Dashboard Mobile licenses are available.

[webserverjs] diskCheckDp

Type
string
Default
"_ArchivDisk"
Defines the name of the datapoint that is used to check available disk space for files uploaded using the WebSocket server. Has to be of datapoint type _DiskSpaceCheck. See also DP_DiskCheck in section [data].

[webserverjs] diskCheckLimit

Type
int
Defines the space in kB on the server disk that has to be avaiable to upload files using the WebSocket server. If this value is not configured, the warning limit configured for the datapoint defined in diskCheckDp is used.

[webserverjs] favIcon

Type
string
Default
/pictures/StandardIcons/Console_20.png
Defines the relative path for the icon which is delivered when the server is asked for "/favicon.ico".

[webserverjs] heartbeatSeconds

Type
int
Default
5
Specifies the interval (in seconds) in which heartbeat messages are sent from webserver.js to all connected clients. This allows to detect interrupted connections faster also if no regular messages are sent. If set to 0, no heartbeat messages will be sent.

[webserverjs] httpHeader

Type
string
Default
See Description
The entry allows to set the content of the HTTP header entries. HTTP header specific settings can be configured for the HTTPS communication. The httpHeader entry can be set multiple times to apply addional settings. Each entry creates a new HTTP header for the HTTPS Requests. Default:

  httpHeader = "X-XSS-Protection: 1; mode=block"
  httpHeader = "X-Content-Type-Options: nosniff"
  httpHeader = "Cache-Control: private"
  httpHeader = "Cache-Control: must-revalidate"

To remove all entrys of the HTTP header (including the default values) following entry can be used:


  httpHeader = "-empty list-"

Note: Mandatory header entries will not be removed.

[webserverjs] httpsPort

Type
int
Default
8443
Defines the port that is used by webserver.js to listen for incoming HTTPS and WSS connections. webserver.js only supports encrypted connections, therefore there is no config entry for an unsecured HTTP port.

[webserverjs] indexPage

Type
string
Default
/data/index.html
Defines the start page which webserver.js delivers when the root URL "/" is requested.

[webserverjs] jwtWssPort

Type
uint
Default
8443
Range
>0
The token issued by webserver.js which is used by the client to authenticate with the WebSocket server contains the port number where the server listens for new connections. The default is the port number configured for webserver.js. This entry allows to define a different port number that is put into the token instead. This is necessary e.g. when webserver.js is behind a gateway or proxy and therefore must be contacted using a different port number.

[webserverjs] loginPermissionBit

Type
int
Default
1
Range
1..32
Defines the permission bit which is required by a Dashboard user to login.

[webserverjs] resourceName

Type
string
Default
/websocket
Defines the path (part of URL) to the WebSocket server for incoming connections.

[webserverjs] strictTransportSecurityMaxAge

Type
uint
Default
31536000 (= ~1 year)
Defines the value for the "max-age" parameter that should be used for the Strict-Transport-Security of webserver.js. If a value of 0 or no value is set the Strict-Transport-Security is not used. Note: If there are problems with untrusted certificates, this value can be set to 0. However, this will open a security leak.

[webserverjs] tokenAutoRefresh

Type
bool
Default
0
Range
0|1
If "tokenExpireWarning" is set to a value different from 0, a connection will be closed after a warning when a token expires and the client does not send a refreshed token. A simple automatic refresh can be activated with this entry: if the client sends a still valid token to the server when it receives the warning, the token will be refreshed automatically. NB: in a typical configuration, more elaborate checks will be implemented before a token is refreshed.

[webserverjs] tokenExpire

Type
uint
Default
600
Range
5..28800
Defines the time range in seconds in which a token issued by webserver.js is valid for authentification. Default value is 10 minutes, possible range is from 5 seconds to 8 hours.

[webserverjs] tokenExpireWarning

Type
uint
Default
0
Range
0, 5..600
webserver.js can close a connection automatically when the validity of the authentification token expires. Before this happens, a warning is sent to the client to allow it to update the token. This setting defines how many seconds (approximately) before closing the connection this warning is sent. If set to 0 (default), the connection is not closed automatically and therefore no warning is sent. In this case, the validity of the token is only verified when the connection is established.

[webserverjs] ulcUxHost

Type
string
Default
localhost
Defines the hostname of the HTTP server running webclient_http.ctl to which ULC UX requests are forwarded. The default is the hostname of the server where webserver.js is running.

[webserverjs] ulcUxPort

Type
int
Defines the port of the HTTP server running webclient_http.ctl to which ULC UX requests are forwarded.

[webserverjs] useSharedWorker

Type
bool
Default
0
Range
0|1
Specifies whether frontends connecting to this server should use a SharedWorker (1) or WebWorker (0).

[webserverjs] wssServerAddress

Type
string

This entry defines external addresses where webserver.js can be reached (e.g. behind a proxy). This entry can be used more than once. The first address will be included in the authentification token and should correspond to the server that is running on the local system. All addresses will be used by clients to find alternative servers in case of a connection interruption.

If no such entry exists, the list of available servers will be kept up-to-date dynamically using the local server addresses.

[webserverjs] XFrameOptions

Type
string
Default
SAMEORIGIN
Range
none

A security measurement prevents to load content from a different website. This is called "clickjacking" protection.

To nevertheless load the content of the foreign server inside your own website the HTML Header parameter X-Frame-Options can be used to configure the expected behavior.

This parameter must be set on the remote server and contain the URL of your server to display the foreign content on your server.

There are 4 different options available for the XFrameOptions config entry:

  • "none": is used to completely deactivate this option
  • "DENY": Foreign content is not loaded.
  • "SAMEORIGIN": Only content from your own server is loaded.
  • "ALLOW-FROM": Only the content is loaded for which the X-Frame-Options HTML Header parameter is set correctly. Must be configured on the foreign server!

Example:

First server: www.myFirstServer.com

Second server: www.mySecondServer.com

To display the content from the second server within the first server (e.g. using an iframe) the second server must state the parameter "XFrameOptions: ALLOW-FROM http://www.myFirstServer.com" within the HTML header. This can be configured by setting following config entry within the config of the second webserver.

[webserverjs]
XFrameOptions = "ALLOW-FROM http://www.myFirstServer.com"