1# OpenBMC webserver # 2 3This component attempts to be a "do everything" embedded webserver for OpenBMC. 4 5 6## Features ## 7The webserver implements a few distinct interfaces: 8+ DBus event websocket. Allows registering on changes to specific dbus paths, 9 properties, and will send an event from the websocket if those filters match. 10+ OpenBMC DBus REST api. Allows direct, low interference, high fidelity access 11 to dbus and the objects it represents. 12+ Serial: A serial websocket for interacting with the host serial console 13 through websockets. 14+ Redfish: A protocol compliant, (Redfish.md)[DBus to Redfish translator]. 15+ KVM: A websocket based implementation of the RFB (VNC) frame buffer protocol 16 intended to mate to webui-vue to provide a complete KVM implementation. 17 18## Protocols ## 19bmcweb at a protocol level supports http and https. TLS is supported through 20OpenSSL. 21 22## AuthX ## 23### Authentication ### 24Bmcweb supports multiple authentication protocols: 25+ Basic authentication per RFC7617 26+ Cookie based authentication for authenticating against webui-vue 27+ Mutual TLS authentication based on OpenSSL 28+ Session authentication through webui-vue 29+ XToken based authentication conformant to Redfish DSP0266 30 31Each of these types of authentication is able to be enabled or disabled both via 32runtime policy changes (through the relevant Redfish APIs) or via configure time 33options. All authentication mechanisms supporting username/password are routed 34to libpam, to allow for customization in authentication implementations. 35 36### Authorization ### 37All authorization in bmcweb is determined at routing time, and per route, and 38conform to the Redfish PrivilegeRegistry. 39 40*Note: Non-Redfish functions are mapped to the closest equivalent Redfish 41privilege level. 42 43## Configuration 44 45bmcweb is configured per the 46[meson build files](https://mesonbuild.com/Build-options.html). Available 47options are documented in meson_options.txt 48 49## Compile bmcweb with default options: 50```ascii 51meson builddir 52ninja -C builddir 53``` 54 55If any of the dependencies are not found on the host system during 56configuration, meson will automatically download them via its wrap dependencies 57mentioned in `bmcweb/subprojects`. 58 59## Debug logging 60bmcweb by default is compiled with runtime logging disabled, as a performance 61consideration. To enable it in a standalone build, add the 62```ascii 63-Dlogging='enabled' 64``` 65option to your configure flags. If building within Yocto, add the following to your local.conf. 66```bash 67EXTRA_OEMESON:pn-bmcweb:append = "-Dbmcweb-logging='enabled'" 68``` 69 70## Use of persistent data 71bmcweb relies on some on-system data for storage of persistent data that is 72internal to the process. Details on the exact data stored and when it is 73read/written can seen from the persistent_data namespace. 74 75## TLS certificate generation 76When SSL support is enabled and a usable certificate is not found, bmcweb will 77generate a self-signed a certificate before launching the server. Please see 78the bmcweb source code for details on the parameters this certificate is built 79with. 80 81