1038c52e0SEd Tanous# OpenBMC webserver # 2038c52e0SEd Tanous 3038c52e0SEd TanousThis component attempts to be a "do everything" embedded webserver for openbmc. 4038c52e0SEd Tanous 5038c52e0SEd Tanous 6038c52e0SEd Tanous## Capabilities ## 7038c52e0SEd TanousAt this time, the webserver implements a few interfaces: 8038c52e0SEd Tanous+ Authentication middleware that supports cookie and token based authentication, as well as CSRF prevention backed by linux PAM authentication credentials. 9038c52e0SEd Tanous+ An (incomplete) attempt at replicating phosphor-dbus-rest interfaces in C++. Right now, a few of the endpoint definitions work as expected, but there is still a lot of work to be done. The portions of the interface that are functional are designed to work correctly for phosphor-webui, but may not yet be complete. 10038c52e0SEd Tanous+ Replication of the rest-dbus backend interfaces to allow bmc debug to logged in users. 11038c52e0SEd Tanous+ An initial attempt at a read-only redfish interface. Currently the redfish interface targets ServiceRoot, SessionService, AccountService, Roles, and ManagersService. Some functionality here has been shimmed to make development possible. For example, there exists only a single user role. 12976596bcSJoseph Reynolds+ SSL key generation at runtime. See the configuration section for details. 13038c52e0SEd Tanous+ Static file hosting. Currently, static files are hosted from the fixed location at /usr/share/www. This is intended to allow loose coupling with yocto projects, and allow overriding static files at build time. 14038c52e0SEd Tanous+ Dbus-monitor over websocket. A generic endpoint that allows UIs to open a websocket and register for notification of events to avoid polling in single page applications. (this interface may be modified in the future due to security concerns. 15038c52e0SEd Tanous 16976596bcSJoseph Reynolds## Configuration 17976596bcSJoseph Reynolds 18976596bcSJoseph ReynoldsBMCWeb is configured by setting `-D` flags that correspond to options 19af6298daSManojkiran Edain `bmcweb/meson_options.txt` and then compiling. For example, `meson 20af6298daSManojkiran Eda<builddir> -Dkvm=disabled ...` followed by `ninja` in build directory. 21af6298daSManojkiran EdaThe option names become C++ preprocessor symbols that control which code 22af6298daSManojkiran Edais compiled into the program. 23976596bcSJoseph Reynolds 24af6298daSManojkiran Eda### Compile bmcweb with default options: 25af6298daSManojkiran Eda```ascii 26af6298daSManojkiran Edameson builddir 27af6298daSManojkiran Edaninja -C builddir 28af6298daSManojkiran Eda``` 29af6298daSManojkiran Eda### Compile bmcweb with yocto defaults: 30af6298daSManojkiran Eda```ascii 31af6298daSManojkiran Edameson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled 32af6298daSManojkiran Edaninja -C buildir 33af6298daSManojkiran Eda``` 34af6298daSManojkiran EdaIf any of the dependencies are not found on the host system during 35af6298daSManojkiran Edaconfiguration, meson automatically gets them via its wrap dependencies 36af6298daSManojkiran Edamentioned in `bmcweb/subprojects`. 37af6298daSManojkiran Eda 38af6298daSManojkiran Eda### Enable/Disable meson wrap feature 39af6298daSManojkiran Eda```ascii 40af6298daSManojkiran Edameson builddir -Dwrap_mode=nofallback 41af6298daSManojkiran Edaninja -C builddir 42af6298daSManojkiran Eda``` 43*92696982SChris Cain### Enable debug traces 44*92696982SChris Cain```ascii 45*92696982SChris Cainmeson builddir -Dbuildtype=debug 46*92696982SChris Cainninja -C builddir 47*92696982SChris Cain``` 48af6298daSManojkiran Eda### Generate test coverage report: 49af6298daSManojkiran Eda```ascii 50af6298daSManojkiran Edameson builddir -Db_coverage=true -Dtests=enabled 51af6298daSManojkiran Edaninja coverage -C builddir test 52af6298daSManojkiran Eda``` 53976596bcSJoseph ReynoldsWhen BMCWeb starts running, it reads persistent configuration data 54976596bcSJoseph Reynolds(such as UUID and session data) from a local file. If this is not 55976596bcSJoseph Reynoldsusable, it generates a new configuration. 56976596bcSJoseph Reynolds 57976596bcSJoseph ReynoldsWhen BMCWeb SSL support is enabled and a usable certificate is not 58976596bcSJoseph Reynoldsfound, it will generate a self-sign a certificate before launching the 59aaf3206fSVernon Maueryserver. The keys are generated by the `secp384r1` algorithm. The 60976596bcSJoseph Reynoldscertificate 6185d2bb5bSBrad Bishop - is issued by `C=US, O=OpenBMC, CN=testhost`, 62976596bcSJoseph Reynolds - is valid for 10 years, 63976596bcSJoseph Reynolds - has a random serial number, and 64976596bcSJoseph Reynolds - is signed using the `SHA-256` algorithm. 65038c52e0SEd Tanous 66