forked from oscar.krause/fastapi-dls
Merge branch 'dev' into debian
This commit is contained in:
commit
ddb1299f5c
31
README.md
31
README.md
@ -5,7 +5,9 @@ Minimal Delegated License Service (DLS).
|
|||||||
This service can be used without internet connection.
|
This service can be used without internet connection.
|
||||||
Only the clients need a connection to this service on configured port.
|
Only the clients need a connection to this service on configured port.
|
||||||
|
|
||||||
## ToDo#'s
|
[[_TOC_]]
|
||||||
|
|
||||||
|
## ToDo's
|
||||||
|
|
||||||
- provide `.deb` package (WIP)
|
- provide `.deb` package (WIP)
|
||||||
- migrate from `dataset` to `sqlalchemy` (WIP)
|
- migrate from `dataset` to `sqlalchemy` (WIP)
|
||||||
@ -148,7 +150,7 @@ su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fast
|
|||||||
**Create config file**
|
**Create config file**
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
cat <<EOF > /etc/fastapi-dls/env
|
cat <<EOF >/etc/fastapi-dls/env
|
||||||
DLS_URL=127.0.0.1
|
DLS_URL=127.0.0.1
|
||||||
DLS_PORT=443
|
DLS_PORT=443
|
||||||
LEASE_EXPIRE_DAYS=90
|
LEASE_EXPIRE_DAYS=90
|
||||||
@ -160,7 +162,7 @@ EOF
|
|||||||
**Create service**
|
**Create service**
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
cat <<EOF > /etc/systemd/system/fastapi-dls.service
|
cat <<EOF >/etc/systemd/system/fastapi-dls.service
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Service for fastapi-dls
|
Description=Service for fastapi-dls
|
||||||
After=network.target
|
After=network.target
|
||||||
@ -215,14 +217,18 @@ apt-get install -f --fix-missing
|
|||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
| Variable | Default | Usage |
|
| Variable | Default | Usage |
|
||||||
|---------------------|-----------------------|---------------------------------------------------------------------------------------|
|
|---------------------|----------------------------------------|---------------------------------------------------------------------------------------|
|
||||||
| `DEBUG` | `false` | Toggles `fastapi` debug mode |
|
| `DEBUG` | `false` | Toggles `fastapi` debug mode |
|
||||||
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
|
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||||
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
|
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
|
||||||
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
|
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
|
||||||
| `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
|
| `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
|
||||||
| `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) |
|
| `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) |
|
||||||
|
| `SITE_KEY_XID` | `00000000-0000-0000-0000-000000000000` | Site identification uuid |
|
||||||
|
| `INSTANCE_REF` | `00000000-0000-0000-0000-000000000000` | Instance identification uuid |
|
||||||
|
| `INSTANCE_KEY_RSA` | `<app-dir>/cert/instance.private.pem` | Site-wide private RSA key for singing JWTs |
|
||||||
|
| `INSTANCE_KEY_PUB` | `<app-dir>/cert/instance.public.pem` | Site-wide public key |
|
||||||
|
|
||||||
# Setup (Client)
|
# Setup (Client)
|
||||||
|
|
||||||
@ -267,7 +273,8 @@ Currently, there are no known issues.
|
|||||||
|
|
||||||
### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
|
### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
|
||||||
|
|
||||||
It is required to enable `SHA1` (`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521`) in [windows cipher suite](https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls).
|
It is required to enable `SHA1` (`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521`)
|
||||||
|
in [windows cipher suite](https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls).
|
||||||
|
|
||||||
### Multiple Display Container LS Instances
|
### Multiple Display Container LS Instances
|
||||||
|
|
||||||
|
@ -63,8 +63,8 @@ DLS_URL = str(getenv('DLS_URL', 'localhost'))
|
|||||||
DLS_PORT = int(getenv('DLS_PORT', '443'))
|
DLS_PORT = int(getenv('DLS_PORT', '443'))
|
||||||
SITE_KEY_XID = str(getenv('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
|
SITE_KEY_XID = str(getenv('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
|
||||||
INSTANCE_REF = str(getenv('INSTANCE_REF', '00000000-0000-0000-0000-000000000000'))
|
INSTANCE_REF = str(getenv('INSTANCE_REF', '00000000-0000-0000-0000-000000000000'))
|
||||||
INSTANCE_KEY_RSA = load_key(join(dirname(__file__), 'cert/instance.private.pem'))
|
INSTANCE_KEY_RSA = load_key(str(getenv('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
|
||||||
INSTANCE_KEY_PUB = load_key(join(dirname(__file__), 'cert/instance.public.pem'))
|
INSTANCE_KEY_PUB = load_key(str(getenv('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
|
||||||
|
|
||||||
CORS_ORIGINS = getenv('CORS_ORIGINS').split(',') if (getenv('CORS_ORIGINS')) else f'https://{DLS_URL}' # todo: prevent static https
|
CORS_ORIGINS = getenv('CORS_ORIGINS').split(',') if (getenv('CORS_ORIGINS')) else f'https://{DLS_URL}' # todo: prevent static https
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user