-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Running HTTPS
The HTTPS secured protocol of the HTTP server is activated by the option –https.
The options –https-cert and –htps-key can be used to tell the binder what file to use for its certificate and private key.
Quick start with HTTPS
To run an HTTPS instance of afb-binder you need a private key and a certificate.
If you don’t have one, you can create a self signed one for testing. This can be done using OPENSSL in the following way:
openssl req -x509 -days 30 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem
That creates in the current directory the private key file ‘key.pem’ and the self-signed certificate file ‘cert.pem’ attached to that key. The certificate is avalaible for 30 days (see option -days).
Having the certificate and the key, the command to run the binder is:
afb-binder --https --https-key key.pem --https-cert cert.pem
You can connect to that binder with a browser at https://localhost:1234/.
Because the certificate is self signed, your browser will complain and emit warnings.
Settings of HTTPS
The binder start HTTPS if one of the following condition is met:
- the option –https is set
- the environment variable AFB_HTTPS has one of the following values: 1, true, on, yes
If the HTTPS is started, the binder will search for the key and the certificate files.
That search is done using the following order:
- the option if set (–https-key or –https-cert)
- the environment variable if set (AFB_HTTPS_CERT or AFB_HTTPS_KEY)
- the files Xkey.pem or Xcert.pem where X is the value of the environment variable AFB_HTTPS_PREFIX if set, or /etc/afb/.https/