xref: /openbmc/bmcweb/README.md (revision aaf3206f) 
1# OpenBMC webserver #
2
3This component attempts to be a "do everything" embedded webserver for openbmc.
4
5
6## Capabilities ##
7At this time, the webserver implements a few interfaces:
8+ Authentication middleware that supports cookie and token based authentication, as well as CSRF prevention backed by linux PAM authentication credentials.
9+ An (incomplete) attempt at replicating phosphor-dbus-rest interfaces in C++.  Right now, a few of the endpoint definitions work as expected, but there is still a lot of work to be done.  The portions of the interface that are functional are designed to work correctly for phosphor-webui, but may not yet be complete.
10+ Replication of the rest-dbus backend interfaces to allow bmc debug to logged in users.
11+ An initial attempt at a read-only redfish interface.  Currently the redfish interface targets ServiceRoot, SessionService, AccountService, Roles, and ManagersService.  Some functionality here has been shimmed to make development possible.  For example, there exists only a single user role.
12+ SSL key generation at runtime.  See the configuration section for details.
13+ Static file hosting.  Currently, static files are hosted from the fixed location at /usr/share/www.  This is intended to allow loose coupling with yocto projects, and allow overriding static files at build time.
14+ Dbus-monitor over websocket.  A generic endpoint that allows UIs to open a websocket and register for notification of events to avoid polling in single page applications.  (this interface may be modified in the future due to security concerns.
15
16## Configuration
17
18BMCWeb is configured by setting `-D` flags that correspond to options
19in `bmcweb/CMakeLists.txt` and then compiling.  For example, `cmake
20-DBMCWEB_ENABLE_KVM=NO ...` followed by `make`.  The option names
21become C++ preprocessor symbols that control which code is compiled
22into the program.
23
24When BMCWeb starts running, it reads persistent configuration data
25(such as UUID and session data) from a local file.  If this is not
26usable, it generates a new configuration.
27
28When BMCWeb SSL support is enabled and a usable certificate is not
29found, it will generate a self-sign a certificate before launching the
30server.  The keys are generated by the `secp384r1` algorithm.  The
31certificate
32 - is issued by `C=US, O=OpenBMC, CN=testhost`,
33 - is valid for 10 years,
34 - has a random serial number, and
35 - is signed using the `SHA-256` algorithm.
36
37