Server Configuration

Esta página aún no está disponible en tu idioma.

Command-Line Flags

Connection Flags

Flag	Default	Description
`-http`	`0.0.0.0:8080`	Bind address and port for the admin web UI
`-tcp`	`0.0.0.0:9000`	Bind address and port for client TCP connections
`-db`	`./woho.db`	Path to the SQLite database file

WebAuthn Flags

Flag	Default	Description
`-rpid`	`localhost`	Relying Party ID — the domain where Woho is hosted
`-rporigin`	(derived)	Full origin URL including protocol, e.g. `https://admin.example.com`

Other Flags

Flag	Description
`-version`	Print version information and exit
`-help`	Print help message and exit

Examples

# Minimal (development / local use)
woho-server -http :8080 -tcp :9000 -db /var/lib/woho/woho.db

# Full production configuration
woho-server \
    -http 0.0.0.0:8080 \
    -tcp 0.0.0.0:9000 \
    -db /var/lib/woho/woho.db \
    -rpid admin.example.com \
    -rporigin https://admin.example.com

# Listen on a specific interface only
woho-server -http 192.168.1.100:8080 -tcp 192.168.1.100:9000

Environment Variables

Variable	Values	Description
`DEV_MODE`	`true`, `1`	Enable development mode

Development mode effects:

Disables minified asset bundles (uses individual JS files)
Enables source maps
Verbose logging
Disables secure cookies (allows HTTP)

DEV_MODE=true woho-server -http :8080 -tcp :9000

WebAuthn Configuration

Passwordless authentication using hardware security keys, platform authenticators (Windows Hello, Touch ID), or passkeys.

Rules

-rpid must be a domain name — IP addresses are not supported.
-rpid must match (or be a parent of) the origin domain.
HTTPS is required in production — WebAuthn only works in a secure context.

Valid Examples

# Domain matches exactly
-rpid admin.example.com -rporigin https://admin.example.com

# Parent domain (credentials work on all subdomains)
-rpid example.com -rporigin https://admin.example.com

# Non-standard port
-rpid admin.example.com -rporigin https://admin.example.com:8443

Invalid Examples

# ❌ IP address not allowed
-rpid 192.168.1.100 -rporigin https://192.168.1.100

# ❌ Domain mismatch
-rpid other.com -rporigin https://admin.example.com

Database

Woho uses SQLite (woho.db). The database is created automatically on first start with the default admin/admin user and all schema migrations.

Maintenance

# Backup while the server is running
sqlite3 /var/lib/woho/woho.db ".backup /backup/woho-$(date +%Y%m%d).db"

# Recover space after bulk deletes
sqlite3 /var/lib/woho/woho.db "VACUUM;"

# Check integrity
sqlite3 /var/lib/woho/woho.db "PRAGMA integrity_check;"

Reverse Proxy (nginx)

To expose Woho over HTTPS, place it behind nginx:

server {
    listen 443 ssl;
    server_name admin.example.com;

    ssl_certificate     /etc/letsencrypt/live/admin.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout 3600s;
    }
}

The TCP client port (9000) must stay directly accessible; it cannot go through a standard HTTP reverse proxy.

Security Hardening Checklist

Change the default admin password immediately after first login
Use HTTPS (nginx + Let’s Encrypt) for the admin panel
Bind TCP to a specific interface if clients are on a private network
Enable Pre-Shared Keys when deploying to untrusted networks
Register a passkey / WebAuthn credential for your admin account
Restrict access to port 8080 via firewall (allow only trusted IPs)