summaryrefslogtreecommitdiff
path: root/meta-ibm/recipes-httpd
AgeCommit message (Collapse)AuthorFilesLines
2018-10-23Nginx allow secure websocket connectionsJoseph Reynolds1-1/+1
This changes the nginx configuration so the HTTP response headers for the phosphor-webui web applicaton will allow wss (secure WebSocket) connections back to the host. This is needed for the Serial Over Lan (SOL) function. A recent fix used Content-Security-Policy default-src 'self' which unfortunately does not allow to wss connections. For details see https://github.com/openbmc/openbmc/issues/3409 Tested: The web app SOL function works Resolves: openbmc/openbmc#3409 (From meta-ibm rev: ba115c67c50b8e9691bbdbc4132dfef563c327c0) Change-Id: Ic46693c1c17ce83f422bc388ef1338894eeadb4d Signed-off-by: Joseph Reynolds <jrey@us.ibm.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
2018-10-02nginx: generate certificate on reloadDeepak Kodihalli1-1/+1
The nginx service would generate a self-certificate upon restart (if there's not already an existing certificate), but not upon reload. Enable this for reload as well : the phosphor certificate management app requires services that want to generate self-signed certificates to do it upon reload (if reload is supported). (From meta-ibm rev: bbcf9e563c1a1215434c89fc1cc626a7b3d7fdb6) Change-Id: Ib3625f256fbae1721e4a9f8ac318287a2b6c03fd Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
2018-09-24Nginx adds http security headersJoseph Reynolds1-0/+13
Nginx now adds security-related headers to HTTP responses per https://www.owasp.org/index.php/OWASP_Secure_Headers_Project and consistent with openbmc/bmcweb (see header file include/security_headers_middleware.hpp). Tested: curl -D headers http://${bmc} redirects to https No security headers apply, and none are sent curl https://${bmc} contains security headers and works properly curl https://${bmc}/xyz/openbmc_project/software contains Strict-Transport-Security header, and works curl ... -X POST -T ${image} https://${bmc}/upload/image" works firefox http redirects to https firefox https://${bmc}/ logs in and works Resolves openbmc/openbmc#3195 (From meta-ibm rev: 8202b2639cba28a71640db48e38f6b7f1d3eaed0) Change-Id: Ie20169abbca02471fa5dc89bebba8a6cdf722cd6 Signed-off-by: Joseph Reynolds <jrey@us.ibm.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
2018-09-13phosphor-rest: fix remote address in log messagesAlexander Filippov1-0/+1
When we use the webui/rest from the remote host, we connect to the nginx and the system log at the BMC always contains `127.0.0.1` as the remote address in corresponded records. This commit resolve it. Tested: - Login to the WebUI - `journalctl` should contain record like: ``` Sep 12 11:11:33 phosphor-gevent[1374]: YOR-IP-ADDRESS user:root POST http://127.0.0.1:8081/login json:None 200 OK ``` (From meta-ibm rev: 77722e5c97faf43c6f41b52bfcadc140273eab5c) Change-Id: Ib9a5bdaec5c5f07eceb0ba2b0ee4d572a85e889d Signed-off-by: Alexander Filippov <a.filippov@yadro.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
2018-08-23[Subtree] Bring openbmc machines to top levelDave Cobbley5-0/+184
The new subtree model brings the subtrees up from the openbmc-machines layer. Change-Id: I58a03ae1be374bc79ae1438e65e888375d12d0c0 Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
generated by cgit v1.2.3 (git 2.39.0) at 2024-10-12 15:07:58 +0300