Part II, Chapter 5, Section 1. Starting xxeserver on Linux or on macOS

1. Starting `xxeserver` on Linux or on macOS

Let's suppose XMLmind XML Editor Web Edition (XXEW) has been installed in /opt/xxe/ and that SSL certificate cert_192_168_1_203.pfx (where 192.168.1.203 is the IP address of your computer) has been copied to /opt/xxe/web/etc/.

/opt/xxe/web/bin$ nohup xxeserver -pid ../var/xxeserver.pid \
      -keystore ../etc/cert_192_168_1_203.pfx \
      -storepass changeit -keypass changeit \
      -logserver ../var/srv \
      > /dev/null 2>&1 &

Unix command nohup lets you close the terminal used to execute the above command and logout from the computer without shutting down xxeserver.
It would be clearly preferable to deploy xxeserver as a service but explaining how to do this depends on the operating system used to run xxeserver and is out of the scope of this documentation.

Option "-pid ../var/xxeserver.pid" creates text file ../var/xxeserver.pid containing the process ID of xxeserver.

xxeserver can then be stopped as follows:

/opt/xxe/web/bin$ kill -SIGTERM `cat ../var/xxeserver.pid`

Remember

Do not forget to delete file ../var/xxeserver.pid otherwise you'll not be able to restart xxeserver.

Options "-keystore ../etc/cert_192_168_1_203.pfx -storepass changeit -keypass changeit" let you specify which SSL certificate to use.
Any option used to specify an SSL certificate will cause xxeserver to establish secure connections. Because option -port has not been explicitly used, xxeserver URLs will be wss://192.168.1.203:18079/xxe/ws and https://192.168.1.203:18079/xxe/.
Option "-logserver ../var/srv" creates log files related to xxeserver as a WebSocket server in directory ../var/srv/ (which will be created if it does not already exist). Such log files should be rather empty because the default value of option -loglevel is "WARN,WARN", meaning just log warnings and errors.
Option "-logrequest ../var/req", not specified in above example, creates log files related to xxeserver as an HTTP server in directory ../var/req/. These log files which contains records such as "GET https://192.168.1.203:18079/xxe/index.html" and are rarely useful.

If you don't have an actual SSL certificate, option -selfsign lets you quickly generate a self-signed one.

/opt/xxe/web/bin$ nohup xxeserver -pid ../var/xxeserver.pid \
      -selfsign "CN=192.168.1.203,O=ACME Corp." ../etc/selfsign_192_168_1_203.pfx \
      -logserver ../var/srv \
      > /dev/null 2>&1 &

Of course, with a self-signed SSL certificate, all web browsers will report a security issue.

Figure 5-2. Google Chrome reporting a security issue related to an SSL certificate

The user of the web browser will have to click Advanced and then "Proceed to xxeserver_address (unsafe)" to be able to load the HTML page containing xxeserver client (which is the sample XML Editor in this example). Generally this confirmation must be made just once, the first time you'll load the HTML page containing the client. After that, the web browser will store your self-signed SSL certificate as a “security exception”.

1. Starting xxeserver on Linux or on macOS

Remember

Figure 5-2. Google Chrome reporting a security issue related to an SSL certificate

Figure 5-3. Google Chrome letting you accept the self-signed SSL certificate

1. Starting `xxeserver` on Linux or on macOS