This component attempts to be a "do everything" embedded webserver for OpenBMC.
The webserver implements a few distinct interfaces:
- DBus event websocket. Allows registering on changes to specific dbus paths, properties, and will send an event from the websocket if those filters match.
- OpenBMC DBus REST api. Allows direct, low interference, high fidelity access to dbus and the objects it represents.
- Serial: A serial websocket for interacting with the host serial console through websockets.
- Redfish: A protocol compliant, DBus to Redfish translator.
- KVM: A websocket based implementation of the RFB (VNC) frame buffer protocol intended to mate to webui-vue to provide a complete KVM implementation.
bmcweb at a protocol level supports http and https. TLS is supported through OpenSSL.
Bmcweb supports multiple authentication protocols:
- Basic authentication per RFC7617
- Cookie based authentication for authenticating against webui-vue
- Mutual TLS authentication based on OpenSSL
- Session authentication through webui-vue
- XToken based authentication conformant to Redfish DSP0266
Each of these types of authentication is able to be enabled or disabled both via runtime policy change 7974 s (through the relevant Redfish APIs) or via configure time options. All authentication mechanisms supporting username/password are routed to libpam, to allow for customization in authentication implementations.
All authorization in bmcweb is determined at routing time, and per route, and conform to the Redfish PrivilegeRegistry.
*Note: Non-Redfish functions are mapped to the closest equivalent Redfish privilege level.
bmcweb is configured per the
meson build files. Available
options are documented in meson_options.txt
meson builddir
ninja -C builddir
If any of the dependencies are not found on the host system during
configuration, meson will automatically download them via its wrap dependencies
mentioned in bmcweb/subprojects.
bmcweb by default is compiled with runtime logging disabled, as a performance consideration. To enable it in a standalone build, add the
-Dlogging='enabled'
option to your configure flags. If building within Yocto, add the following to your local.conf.
EXTRA_OEMESON:pn-bmcweb:append = "-Dbmcweb-logging='enabled'"bmcweb relies on some on-system data for storage of persistent data that is
internal to the process. Details on the exact data stored and when it is
read/written can seen from the persistent_data namespace.
When SSL support is enabled and a usable certificate is not found, bmcweb will generate a self-signed a certificate before launching the server. Please see the bmcweb source code for details on the parameters this certificate is built with.