HTTP redirect to HTTPS for web UI

Lei YU mine260309 at gmail.com
Fri Nov 1 14:26:50 AEDT 2019


On Thu, Oct 31, 2019 at 9:48 PM George Liu <liuxiwei1013 at gmail.com> wrote:
>
> Hi All:
> I'm working on http redirect to https task(https://github.com/ibm-openbmc/dev/issues/895).
> I took a cursory look at the design(https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/24173) and did some testing.
>
> In bmcweb, I find it the current communication logic can only listen to one communication protocol (http or https). If you listen to both protocols at the same time, you need to change a lot of code and communication logic.
> If we are going to implement this feature in bmcweb, it costs extra effort and it's likely the implementation is no better than Nginx. so I prefer to use Nginx.
>

>From Ed's [mail in June][1], one approach is to use boost asio async_detect_ssl.

But I agree with George here that it costs extra and unnecessary
effort, because with nginx it is so easy to config the http->https
redirection, and it is easy to get all the https related configs
right, including HSTS.
In other words, we got such features for free (except for a few binary
size), why bother re-write it?

Considering the binary size, maybe it's worth the effort to check how
many bytes are increased compared between:
1. Current implement that bmcweb handles https only
2. Enable BMCWEB_INSECURE, opt-out all https related code in bmcweb,
adding a basic nginx and a configure file that does the https
redirect.

We could check the binary size to see if it's acceptable. Be noted
that implementing this feature in bmcweb increases the binary size as
well.


[1]: https://lists.ozlabs.org/pipermail/openbmc/2019-June/016557.html


More information about the openbmc mailing list