Nginx adds http security headers

Nginx now adds security-related headers to HTTP responses per
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project
and consistent with openbmc/bmcweb (see header file
include/security_headers_middleware.hpp).

Tested:
 curl -D headers http://${bmc}
   redirects to https
   No security headers apply, and none are sent
 curl https://${bmc}
   contains security headers and works properly
 curl https://${bmc}/xyz/openbmc_project/software
   contains Strict-Transport-Security header, and works
 curl ... -X POST -T ${image} https://${bmc}/upload/image"
   works
 firefox http redirects to https
 firefox https://${bmc}/ logs in and works

Resolves openbmc/openbmc#3195

(From meta-ibm rev: 8202b2639cba28a71640db48e38f6b7f1d3eaed0)

Change-Id: Ie20169abbca02471fa5dc89bebba8a6cdf722cd6
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
1 file changed
tree: 661d70a90bc809b28d859bf35aae8a35d756ed51
  1. meta-arm/
  2. meta-aspeed/
  3. meta-evb/
  4. meta-google/
  5. meta-ibm/
  6. meta-ingrasys/
  7. meta-intel/
  8. meta-inventec/
  9. meta-mellanox/
  10. meta-nuvoton/
  11. meta-openembedded/
  12. meta-openpower/
  13. meta-phosphor/
  14. meta-portwell/
  15. meta-qualcomm/
  16. meta-quanta/
  17. meta-raspberrypi/
  18. meta-security/
  19. meta-x86/
  20. poky/
  21. .gitignore
  22. .gitreview
  23. .templateconf
  24. MAINTAINERS
  25. openbmc-env
  26. README.md
  27. setup
README.md

OpenBMC

Build Status

The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.

Setting up your OpenBMC project

1) Prerequisite

  • Ubuntu 14.04
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
  • Fedora 23
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake
sudo dnf groupinstall "C Development Tools and Libraries"

2) Download the source

git clone git@github.com:openbmc/openbmc.git
cd openbmc

3) Target your hardware

Any build requires an environment variable known as TEMPLATECONF to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet

MachineTEMPLATECONF
Palmettometa-ibm/meta-palmetto/conf
Zaiusmeta-ingrasys/meta-zaius/conf
Witherspoonmeta-ibm/meta-witherspoon/conf

As an example target Palmetto

export TEMPLATECONF=meta-ibm/meta-palmetto/conf

4) Build

. openbmc-env
bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.

Features of OpenBMC

Feature List

  • REST Management
  • IPMI
  • SSH based SOL
  • Power and Cooling Management
  • Event Logs
  • Zeroconf discoverable
  • Sensors
  • Inventory
  • LED Management
  • Host Watchdog
  • Simulation
  • Code Update Support for multiple BMC/BIOS images
  • POWER On Chip Controller (OCC) Support

Features In Progress

  • Full IPMI 2.0 Compliance with DCMI
  • Verified Boot
  • HTML5 Java Script Web User Interface
  • BMC RAS

Features Requested but need help

  • OpenCompute Redfish Compliance
  • OpenBMC performance monitoring
  • cgroup user management and policies
  • Remote KVM
  • Remote USB
  • OpenStack Ironic Integration
  • QEMU enhancements

Finding out more

Dive deeper in to OpenBMC by opening the docs repository.

Contact