1# OpenBMC webserver # 2 3This component attempts to be a "do everything" embedded webserver for openbmc. 4 5 6## Capabilities ## 7At this time, the webserver implements a few interfaces: 8+ Authentication middleware that supports cookie and token based authentication, as well as CSRF prevention backed by linux PAM authentication credentials. 9+ An (incomplete) attempt at replicating phosphor-dbus-rest interfaces in C++. Right now, a few of the endpoint definitions work as expected, but there is still a lot of work to be done. The portions of the interface that are functional are designed to work correctly for phosphor-webui, but may not yet be complete. 10+ Replication of the rest-dbus backend interfaces to allow bmc debug to logged in users. 11+ An initial attempt at a read-only redfish interface. Currently the redfish interface targets ServiceRoot, SessionService, AccountService, Roles, and ManagersService. Some functionality here has been shimmed to make development possible. For example, there exists only a single user role. 12+ SSL key generation at runtime. See the configuration section for details. 13+ Static file hosting. Currently, static files are hosted from the fixed location at /usr/share/www. This is intended to allow loose coupling with yocto projects, and allow overriding static files at build time. 14+ Dbus-monitor over websocket. A generic endpoint that allows UIs to open a websocket and register for notification of events to avoid polling in single page applications. (this interface may be modified in the future due to security concerns. 15 16## Configuration 17 18BMCWeb is configured by setting `-D` flags that correspond to options 19in `bmcweb/CMakeLists.txt` and then compiling. For example, `cmake 20-DBMCWEB_ENABLE_KVM=NO ...` followed by `make`. The option names 21become C++ preprocessor symbols that control which code is compiled 22into the program. 23 24When BMCWeb starts running, it reads persistent configuration data 25(such as UUID and session data) from a local file. If this is not 26usable, it generates a new configuration. 27 28When BMCWeb SSL support is enabled and a usable certificate is not 29found, it will generate a self-sign a certificate before launching the 30server. The keys are generated by the `secp384r1` algorithm. The 31certificate 32 - is issued by `C=US, O=OpenBMC, CN=testhost`, 33 - is valid for 10 years, 34 - has a random serial number, and 35 - is signed using the `SHA-256` algorithm. 36 37