xref: /openbmc/bmcweb/README.md (revision ed76121b) 
1# OpenBMC webserver #
2
3This component attempts to be a "do everything" embedded webserver for OpenBMC.
4
5
6## Features ##
7The webserver implements a few distinct interfaces:
8+ DBus event websocket.  Allows registering on changes to specific dbus paths,
9  properties, and will send an event from the websocket if those filters match.
10+ OpenBMC DBus REST api.  Allows direct, low interference, high fidelity access
11  to dbus and the objects it represents.
12+ Serial: A serial websocket for interacting with the host serial console
13  through websockets.
14+ Redfish: A protocol compliant, (Redfish.md)[DBus to Redfish translator].
15+ KVM: A websocket based implementation of the RFB (VNC) frame buffer protocol
16  intended to mate to webui-vue to provide a complete KVM implementation.
17
18## Protocols ##
19bmcweb at a protocol level supports http and https.  TLS is supported through
20OpenSSL.
21
22## AuthX ##
23### Authentication ###
24Bmcweb supports multiple authentication protocols:
25+ Basic authentication per RFC7617
26+ Cookie based authentication for authenticating against webui-vue
27+ Mutual TLS authentication based on OpenSSL
28+ Session authentication through webui-vue
29+ XToken based authentication conformant to Redfish DSP0266
30
31Each of these types of authentication is able to be enabled or disabled both via
32runtime policy changes (through the relevant Redfish APIs) or via configure time
33options.  All authentication mechanisms supporting username/password are routed
34to libpam, to allow for customization in authentication implementations.
35
36### Authorization ###
37All authorization in bmcweb is determined at routing time, and per route, and
38conform to the Redfish PrivilegeRegistry.
39
40*Note: Non-Redfish functions are mapped to the closest equivalent Redfish
41privilege level.
42
43## Configuration
44
45bmcweb is configured per the
46[meson build files](https://mesonbuild.com/Build-options.html).  Available
47options are documented in meson_options.txt
48
49## Compile bmcweb with default options:
50```ascii
51meson builddir
52ninja -C builddir
53```
54
55If any of the dependencies are not found on the host system during
56configuration, meson will automatically download them via its wrap dependencies
57mentioned in `bmcweb/subprojects`.
58
59## Debug logging
60bmcweb by default is compiled with runtime logging disabled, as a performance
61consideration.  To enable it in a standalone build, add the
62```ascii
63-Dlogging='enabled'
64```
65option to your configure flags.  If building within Yocto, add the following to your local.conf.
66```bash
67EXTRA_OEMESON:pn-bmcweb:append = "-Dbmcweb-logging='enabled'"
68```
69
70## Use of persistent data
71bmcweb relies on some on-system data for storage of persistent data that is
72internal to the process.  Details on the exact data stored and when it is
73read/written can seen from the persistent_data namespace.
74
75## TLS certificate generation
76When SSL support is enabled and a usable certificate is not found, bmcweb will
77generate a self-signed a certificate before launching the server.  Please see
78the bmcweb source code for details on the parameters this certificate is built
79with.
80
81