Raspberry Pi as a secure websocket chat server

CAUTION! This guide is for advanced users only! If any of the terms nginx, port forwarding, DNS record, SSL certificate, DHCP server, static IP, systemd sounds foreign and unfamiliar you'd better stop now. It is useless to skip steps unless you know what you are doing.


Step 1   Domain/Subdomain

If you do not have a domain name to spare, create a subdomain from the control panel provided by your domain registrar. In short, if you own mydomain123.com you have to add a new A record chatserver that points to the public (external) IP of your home router so that when you navigate to chatserver.mydomain123.com your browser pings your home router. The terminology might be slightly different - you'd better Google / Google for details.

Step 2   Raspberry Pi: Static IP (wired)

sudo nano /etc/dhcpcd.conf uncomment and modify the following lines:

interface eth0
static ip_address=
static routers=
static domain_name_servers=

and reboot. must be outside the range used by the DHCP server of your router.

( nano: save with CTRL+o - confirm with Enter - exit with CTRL+x )

In detail: WiFi · StackExchange · Google

Step 3   Router: Port Forwarding

Using the admin panel of your home router forward ports 80 and 443 to the static IP address of the Raspberry Pi so that when you navigate to chatserver.mydomain123.com or chatserver.mydomain123.com your browser pings your Raspberry Pi (through your home router) on ports 80 and 443 respectively. If there's a conflict with the remote management of the router (TP-Link) you'll have to change the remote management port to something else beforehand (e.g. 12000) and load the remote management with chatserver.mydomain123.com:12000.

Step 4   Raspberry Pi: Nginx & Let'sEncrypt SSL certificate

Install Nginx: sudo apt install nginx. Nginx will be used as a frontend websocket proxy. The default configuration file of Nginx is /etc/nginx/nginx.conf, many other files within this directory are included as well and amongst them /etc/nginx/sites-available/default where the default Nginx virtual server is set.

sudo nano /etc/nginx/sites-available/default and add a new location within the server block:

location /MyWsServer/ {
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
    proxy_read_timeout 1200s;

In the same file replace: server_name _; with server_name chatserver.mydomain123.com;

( nano: save with CTRL+o - confirm with Enter - exit with CTRL+x )

The official method of installing a Let'sEncrypt SSL certificate on Nginx / DebianStretch did not work at the time of writing this due to a missing dependency but you can test it anyway. If it doesn't work remember to sudo apt remove certbot before continuing with this guide: https://certbot.eff.org/lets-encrypt/otherpip-nginx.

Reload Nginx with the following command sudo systemctl reload nginx and check that both chatserver.mydomain123.com and chatserver.mydomain123.com load the start page of Nginx.

Step 5   Raspberry Pi: blabws-server

Download blabws-server {ARM7-32bit - RaspberryPi} from the product page, unzip and upload to your Raspberry Pi so that the full filepath to the server executable file is: /opt/blabws-server/blabws-server. You can put the server in your home folder first: /home/pi and then move the server folder and its content with:

sudo mv /home/pi/blabws-server /opt/blabws-server

Step 6   Raspberry Pi: systemd service

Create a systemd service file with nano to start your blabws-server on boot.

sudo nano /lib/systemd/system/blabws.service (replace MyAccessKey321 with a random string with letters/digits only):



ExecStart=/opt/blabws-server/blabws-server MyAccessKey321 9002


( nano: save with CTRL+o - confirm with Enter - exit with CTRL+x )

Step 7   Website: BlaB! WS (client)

Save with OKAY, hit EXIT to go to chat.


Page updated: 2021-05-14