xref: /openbmc/bmcweb/README.md (revision af6298da)

# OpenBMC webserver #

This component attempts to be a "do everything" embedded webserver for openbmc.


## Capabilities ##
At this time, the webserver implements a few interfaces:
+ Authentication middleware that supports cookie and token based authentication, as well as CSRF prevention backed by linux PAM authentication credentials.
+ An (incomplete) attempt at replicating phosphor-dbus-rest interfaces in C++.  Right now, a few of the endpoint definitions work as expected, but there is still a lot of work to be done.  The portions of the interface that are functional are designed to work correctly for phosphor-webui, but may not yet be complete.
+ Replication of the rest-dbus backend interfaces to allow bmc debug to logged in users.
+ An initial attempt at a read-only redfish interface.  Currently the redfish interface targets ServiceRoot, SessionService, AccountService, Roles, and ManagersService.  Some functionality here has been shimmed to make development possible.  For example, there exists only a single user role.
+ SSL key generation at runtime.  See the configuration section for details.
+ Static file hosting.  Currently, static files are hosted from the fixed location at /usr/share/www.  This is intended to allow loose coupling with yocto projects, and allow overriding static files at build time.
+ Dbus-monitor over websocket.  A generic endpoint that allows UIs to open a websocket and register for notification of events to avoid polling in single page applications.  (this interface may be modified in the future due to security concerns.

## Configuration

BMCWeb is configured by setting `-D` flags that correspond to options
in `bmcweb/meson_options.txt` and then compiling.  For example, `meson
<builddir> -Dkvm=disabled ...` followed by `ninja` in build directory.
The option names become C++ preprocessor symbols that control which code
is compiled into the program.

### Compile bmcweb with default options:
```ascii
meson builddir
ninja -C builddir
```
### Compile bmcweb with yocto defaults:
```ascii
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled
ninja -C buildir
```
If any of the dependencies are not found on the host system during
configuration, meson automatically gets them via its wrap dependencies
mentioned in `bmcweb/subprojects`.

### Enable/Disable meson wrap feature
```ascii
meson builddir -Dwrap_mode=nofallback
ninja -C builddir
```
### Generate test coverage report:
```ascii
meson builddir -Db_coverage=true -Dtests=enabled
ninja coverage -C builddir test
```
When BMCWeb starts running, it reads persistent configuration data
(such as UUID and session data) from a local file.  If this is not
usable, it generates a new configuration.

When BMCWeb SSL support is enabled and a usable certificate is not
found, it will generate a self-sign a certificate before launching the
server.  The keys are generated by the `secp384r1` algorithm.  The
certificate
 - is issued by `C=US, O=OpenBMC, CN=testhost`,
 - is valid for 10 years,
 - has a random serial number, and
 - is signed using the `SHA-256` algorithm.