helper.js - added "lease_renewal" to table

# Conflicts:
#	app/orm.py

.DEBIAN/postinst

@@ -3,7 +3,7 @@
 WORKING_DIR=/usr/share/fastapi-dls
 CONFIG_DIR=/etc/fastapi-dls
 
-if [[ ! -f $CONFIG_DIR/instance.private.pem ]]; then
+if [ ! -f $CONFIG_DIR/instance.private.pem ]; then
   echo "> Create dls-instance keypair ..."
   openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
   openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
@@ -12,8 +12,8 @@ else
 fi
 
 while true; do
-  [[ -f $CONFIG_DIR/webserver.key ]] && default_answer="N" || default_answer="Y"
-  [[ $default_answer == "Y" ]] && V="Y/n" || V="y/N"
+  [ -f $CONFIG_DIR/webserver.key ] && default_answer="N" || default_answer="Y"
+  [ $default_answer == "Y" ] && V="Y/n" || V="y/N"
   read -p "> Do you wish to create self-signed webserver certificate? [${V}]" yn
   yn=${yn:-$default_answer} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
   case $yn in
@@ -27,7 +27,7 @@ while true; do
   esac
 done
 
-if [[ -f $CONFIG_DIR/webserver.key ]]; then
+if [ -f $CONFIG_DIR/webserver.key ]; then
   echo "> Starting service ..."
   systemctl start fastapi-dls.service
 

.DEBIAN/postrm

@@ -1,8 +1,9 @@
 #!/bin/bash
 
-if [[ -f /etc/systemd/system/fastapi-dls.service ]]; then
-  echo "> Removing service file."
-  rm /etc/systemd/system/fastapi-dls.service
-fi
+# is removed automatically
+#if [ "$1" = purge ] && [ -d /usr/share/fastapi-dls ]; then
+#  echo "> Removing app."
+#  rm -r /usr/share/fastapi-dls
+#fi
 
-# todo
+echo -e "> Done."

.DEBIAN/prerm

@@ -1,5 +1,3 @@
 #!/bin/bash
 
 echo -e "> Starting uninstallation of 'fastapi-dls'!"
-
-# todo

.gitlab-ci.yml

@@ -50,7 +50,7 @@ build:apt:
     - cp .DEBIAN/env.default build/etc/fastapi-dls/env
     # create service file
     - mkdir -p build/etc/systemd/system
-    - cp .DEBIAN/fastapi-dls.service build/etc/systemd/system
+    - cp .DEBIAN/fastapi-dls.service build/etc/systemd/system/fastapi-dls.service
     # cd into "build/"
     - cd build/
   script:
@@ -98,7 +98,7 @@ build:pacman:
       - "*.pkg.tar.zst"
 
 test:
-  image: python:3.10-slim-bullseye
+  image: python:3.11-slim-bullseye
   stage: test
   rules:
     - if: $CI_COMMIT_BRANCH
@@ -114,6 +114,9 @@ test:
     - cd test
   script:
     - pytest main.py
+  artifacts:
+    reports:
+      dotenv: version.env
 
 .test:linux:
   stage: test
@@ -272,24 +275,11 @@ deploy:pacman:
     - 'echo "EXPORT_NAME:     ${EXPORT_NAME}"'
     - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
 
-release:prepare:
-  stage: .pre
-  rules:
-    - if: $CI_COMMIT_TAG
-      when: never
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-  script:
-    - source version.env
-    - echo &VERSION
-  artifacts:
-    reports:
-      dotenv: version.env
-
 release:
   image: registry.gitlab.com/gitlab-org/release-cli:latest
   stage: .post
   needs:
-    - job: release:prepare
+    - job: test
       artifacts: true
   rules:
     - if: $CI_COMMIT_TAG
@@ -298,7 +288,7 @@ release:
   script:
     - echo "Running release-job for $VERSION"
   release:
-    name: $CI_PROJECT_TITLE $version
+    name: $CI_PROJECT_TITLE $VERSION
     description: Release of $CI_PROJECT_TITLE version $VERSION
     tag_name: $VERSION
     ref: $CI_COMMIT_SHA

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.10-alpine
+FROM python:3.11-alpine
 
 COPY requirements.txt /tmp/requirements.txt
 

FAQ.md

@@ -0,0 +1,17 @@
+# FAQ
+
+## `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
+
+- Did your timezone settings are correct on fastapi-dls **and your guest**?
+
+- Did you download the client-token more than an hour ago?
+
+Please download a new client-token. The guest have to register within an hour after client-token was created.
+
+
+## `jose.exceptions.JWTError: Signature verification failed.`
+
+- Did you recreated `instance.public.pem` / `instance.private.pem`?
+
+Then you have to download a **new** client-token on each of your guests.
+

README.md

@@ -9,68 +9,6 @@ Only the clients need a connection to this service on configured port.
 
 [[_TOC_]]
 
-## ToDo's
-
-- check why windows guests display "can't acquire license" although in log there is no message displayed and license is
-  also acquired successfully
-
-## Endpoints
-
-### `GET /`
-
-Redirect to `/-/readme`.
-
-### `GET /-/health`
-
-Status endpoint, used for *healthcheck*.
-
-### `GET /-/config`
-
-Shows current runtime environment variables and their values.
-
-### `GET /-/readme`
-
-HTML rendered README.md.
-
-### `GET /-/docs`, `GET /-/redoc`
-
-OpenAPI specifications rendered from `GET /-/openapi.json`.
-
-### `GET /-/manage`
-
-Shows a very basic UI to delete origins or leases.
-
-### `GET /-/origins?leases=false`
-
-List registered origins.
-
-| Query Parameter | Default | Usage                                |
-|-----------------|---------|--------------------------------------|
-| `leases`        | `false` | Include referenced leases per origin |
-
-### `DELETE /-/origins`
-
-Deletes all origins and their leases.
-
-### `GET /-/leases?origin=false`
-
-List current leases.
-
-| Query Parameter | Default | Usage                               |
-|-----------------|---------|-------------------------------------|
-| `origin`        | `false` | Include referenced origin per lease |
-
-### `DELETE /-/lease/{lease_ref}`
-
-Deletes an lease.
-
-### `GET /-/client-token`
-
-Generate client token, (see [installation](#installation)).
-
-### Others
-
-There are some more internal api endpoints for handling authentication and lease process.
 
 # Setup (Service)
 
@@ -96,6 +34,8 @@ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webse
 
 **Start container**
 
+To test if everything is set up properly you can start container as following:
+
 ```shell
 docker volume create dls-db
 docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert -v dls-db:/app/database collinwebdesigns/fastapi-dls:latest
@@ -103,7 +43,7 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
 
 **Docker-Compose / Deploy stack**
 
-Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example.
+Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with reverse proxy usage).
 
 ```yaml
 version: '3.9'
@@ -130,7 +70,7 @@ volumes:
   dls-db:
 ```
 
-## Debian/Ubuntu (manual method using `git clone`)
+## Debian/Ubuntu (manual method using `git clone` and python virtual environment)
 
 Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
 
@@ -235,6 +175,11 @@ Successful tested with:
 - Debian 12 (Bookworm) (works but not recommended because it is currently in *testing* state)
 - Ubuntu 22.10 (Kinetic Kudu)
 
+Not working with:
+
+- Debian 11 (Bullseye) and lower (missing `python-jose` dependency)
+- Ubuntu 22.04 (Jammy Jellyfish) (not supported as for 15.01.2023 due to [fastapi - uvicorn version missmatch](https://bugs.launchpad.net/ubuntu/+source/fastapi/+bug/1970557))
+
 **Run this on your server instance**
 
 First go to [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages) and select your
@@ -261,13 +206,17 @@ Packages are available here:
 ```shell
 pacman -Sy
 FILENAME=/opt/fastapi-dls.pkg.tar.zst
-url -o $FILENAME <download-url>
+
+curl -o $FILENAME <download-url>
+# or
+wget -O $FILENAME <download-url>
+
 pacman -U --noconfirm fastapi-dls.pkg.tar.zst
 ```
 
 Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
 
-## Let's Encrypt Certificate
+## Let's Encrypt Certificate (optional)
 
 If you're using installation via docker, you can use `traefik`. Please refer to their documentation.
 
@@ -298,8 +247,8 @@ After first success you have to replace `--issue` with `--renew`.
 | `SITE_KEY_XID`         | `00000000-0000-0000-0000-000000000000` | Site identification uuid                                                                             |
 | `INSTANCE_REF`         | `10000000-0000-0000-0000-000000000001` | Instance identification uuid                                                                         |
 | `ALLOTMENT_REF`        | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid                                                                        |
-| `INSTANCE_KEY_RSA`     | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs                                                           |
-| `INSTANCE_KEY_PUB`     | `<app-dir>/cert/instance.public.pem`   | Site-wide public key                                                                                 |
+| `INSTANCE_KEY_RSA`     | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs \*3                                                       |
+| `INSTANCE_KEY_PUB`     | `<app-dir>/cert/instance.public.pem`   | Site-wide public key \*3                                                                             |
 
 \*1 For example, if the lease period is one day and the renewal period is 20%, the client attempts to renew its license
 every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the
@@ -307,6 +256,8 @@ client has 19.2 hours in which to re-establish connectivity before its license e
 
 \*2 Always use `https`, since guest-drivers only support secure connections!
 
+\*3 If you recreate instance keys you need to **recreate client-token for each guest**!
+
 # Setup (Client)
 
 **The token file has to be copied! It's not enough to C&P file contents, because there can be special characters.**
@@ -319,27 +270,128 @@ Successfully tested with this package versions:
 
 ## Linux
 
+Download *client-token* and place it into `/etc/nvidia/ClientConfigToken`:
+
+```shell
+curl --insecure -L -X GET https://<dls-hostname-or-ip>/-/client-token -o /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok
+# or
+wget --no-check-certificate -O /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok https://<dls-hostname-or-ip>/-/client-token
+```
+
+Restart `nvidia-gridd` service:
+
 ```shell
-curl --insecure -L -X GET https://<dls-hostname-or-ip>/client-token -o /etc/nvidia/ClientConfigToken/client_configuration_token_$(date '+%d-%m-%Y-%H-%M-%S').tok
 service nvidia-gridd restart
+```
+
+Check licensing status:
+
+```shell
 nvidia-smi -q | grep "License"
 ```
 
-## Windows
+Output should be something like:
 
-Download file and place it into `C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken`.
-Now restart `NvContainerLocalSystem` service.
-
-**Power-Shell**
-
-```Shell
-curl.exe --insecure -L -X GET https://<dls-hostname-or-ip>/client-token -o "C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken\client_configuration_token_$($(Get-Date).tostring('dd-MM-yy-hh-mm-ss')).tok"
-Restart-Service NVDisplay.ContainerLocalSystem
-'C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe' -q | Select-String "License"
+```text
+vGPU Software Licensed Product
+    License Status                    : Licensed (Expiry: YYYY-M-DD hh:mm:ss GMT)
 ```
 
+Done. For more information check [troubleshoot section](#troubleshoot).
+
+## Windows
+
+**Power-Shell** (run as administrator!)
+
+Download *client-token* and place it into `C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken`:
+
+```shell
+curl.exe --insecure -L -X GET https://<dls-hostname-or-ip>/-/client-token -o "C:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken\client_configuration_token_$($(Get-Date).tostring('dd-MM-yy-hh-mm-ss')).tok"
+```
+
+Restart `NvContainerLocalSystem` service:
+
+```Shell
+Restart-Service NVDisplay.ContainerLocalSystem
+```
+
+Check licensing status:
+
+```shell
+& 'C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe' -q  | Select-String "License"
+```
+
+Output should be something like:
+
+```text
+vGPU Software Licensed Product
+    License Status                    : Licensed (Expiry: YYYY-M-DD hh:mm:ss GMT)
+```
+
+Done. For more information check [troubleshoot section](#troubleshoot).
+
+# Endpoints
+
+### `GET /`
+
+Redirect to `/-/readme`.
+
+### `GET /-/health`
+
+Status endpoint, used for *healthcheck*.
+
+### `GET /-/config`
+
+Shows current runtime environment variables and their values.
+
+### `GET /-/readme`
+
+HTML rendered README.md.
+
+### `GET /-/docs`, `GET /-/redoc`
+
+OpenAPI specifications rendered from `GET /-/openapi.json`.
+
+### `GET /-/manage`
+
+Shows a very basic UI to delete origins or leases.
+
+### `GET /-/origins?leases=false`
+
+List registered origins.
+
+| Query Parameter | Default | Usage                                |
+|-----------------|---------|--------------------------------------|
+| `leases`        | `false` | Include referenced leases per origin |
+
+### `DELETE /-/origins`
+
+Deletes all origins and their leases.
+
+### `GET /-/leases?origin=false`
+
+List current leases.
+
+| Query Parameter | Default | Usage                               |
+|-----------------|---------|-------------------------------------|
+| `origin`        | `false` | Include referenced origin per lease |
+
+### `DELETE /-/lease/{lease_ref}`
+
+Deletes an lease.
+
+### `GET /-/client-token`
+
+Generate client token, (see [installation](#installation)).
+
+### Others
+
+There are many other internal api endpoints for handling authentication and lease process.
+
 # Troubleshoot
 
+**Please make sure that fastapi-dls and your guests are on the same timezone!**
+
 ## Linux
 
 Logs are available with `journalctl -u nvidia-gridd -f`.
@@ -358,6 +410,9 @@ This message can be ignored.
 
 - Ref. https://github.com/encode/uvicorn/issues/441
 
+<details>
+  <summary>Log example</summary>
+
 ```
 WARNING:uvicorn.error:Invalid HTTP request received.
 Traceback (most recent call last):
@@ -376,6 +431,8 @@ Traceback (most recent call last):
 h11._util.RemoteProtocolError: no request line received
 ```
 
+</details>
+
 ## Windows
 
 ### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
@@ -443,14 +500,13 @@ Dec 20 17:53:34 ubuntu-grid-server nvidia-gridd[10354]: License acquired success
 
 </details>
 
-### Error on releasing leases on shutdown (fixed in 1.3 by using reverse proxy)
+### Error on releasing leases on shutdown (can be ignored and/or fixed with reverse proxy)
 
-**UPDATE for version `1.3`**: This issue can be fixed by using a reverse proxy (e.g. `nginx`). Please read section
-below.
+The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint.
+The error message can safely be ignored (since we have no license limitation :P) and looks like this:
 
-The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint and
-is currently not implemented. The error message looks like and safely can be ignored (since we have no license
-limitation :P):
+<details>
+  <summary>Log example</summary>
 
 ```
 <1>:NLS initialized
@@ -459,7 +515,7 @@ limitation :P):
 <0>:End Logging
 ```
 
-#### log with 1.3 and nginx as reverse proxy
+#### log with nginx as reverse proxy (see [docker-compose.yml](docker-compose.yml))
 
 ```
 <1>:NLS initialized
@@ -474,6 +530,8 @@ limitation :P):
 <0>:End Logging
 ```
 
+</details>
+
 # Credits
 
 Thanks to vGPU community and all who uses this project and report bugs.

app/main.py

@@ -9,7 +9,7 @@ from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.requests import Request
 from json import loads as json_loads
-from datetime import datetime
+from datetime import datetime, timedelta
 from dateutil.relativedelta import relativedelta
 from calendar import timegm
 from jose import jws, jwk, jwt, JWTError
@@ -50,6 +50,7 @@ INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__),
 TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0)))
 LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
+LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
 
 jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
@@ -143,7 +144,8 @@ async def _origins(request: Request, leases: bool = False):
     for origin in session.query(Origin).all():
         x = origin.serialize()
         if leases:
-            x['leases'] = list(map(lambda _: _.serialize(), Lease.find_by_origin_ref(db, origin.origin_ref)))
+            serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
+            x['leases'] = list(map(lambda _: _.serialize(**serialize), Lease.find_by_origin_ref(db, origin.origin_ref)))
         response.append(x)
     session.close()
     return JSONr(response)
@@ -159,7 +161,7 @@ async def _origins_delete(request: Request):
 async def _origins_delete_origin_ref(request: Request, origin_ref: str):
     if Origin.delete(db, origin_ref) == 1:
         return Response(status_code=201)
-    raise JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
+    return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
 
 
 @app.get('/-/leases', summary='* Leases')
@@ -167,10 +169,12 @@ async def _leases(request: Request, origin: bool = False):
     session = sessionmaker(bind=db)()
     response = []
     for lease in session.query(Lease).all():
-        x = lease.serialize()
+        serialize = dict(renewal_period=LEASE_RENEWAL_PERIOD, renewal_delta=LEASE_RENEWAL_DELTA)
+        x = lease.serialize(**serialize)
         if origin:
-            # assume that each lease has a valid origin record
-            x['origin'] = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first().serialize()
+            lease_origin = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first()
+            if lease_origin is not None:
+                x['origin'] = lease_origin.serialize()
         response.append(x)
     session.close()
     return JSONr(response)

app/orm.py

@@ -1,4 +1,5 @@
-from datetime import datetime, timezone
+from datetime import datetime, timedelta, timezone
+from dateutil.relativedelta import relativedelta
 
 from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect
 from sqlalchemy.ext.declarative import declarative_base
@@ -56,12 +57,12 @@ class Origin(Base):
         session.close()
 
     @staticmethod
-    def delete(engine: Engine, origin_ref: str = None) -> int:
+    def delete(engine: Engine, origins: ["Origin"] = None) -> int:
         session = sessionmaker(bind=engine)()
-        if origin_ref is None:
+        if origins is None:
             deletions = session.query(Origin).delete()
         else:
-            deletions = session.query(Origin).filter(Origin.origin_ref == origin_ref).delete()
+            deletions = session.query(Origin).filter(Origin.origin_ref in origins).delete()
         session.commit()
         session.close()
         return deletions
@@ -81,7 +82,10 @@ class Lease(Base):
     def __repr__(self):
         return f'Lease(origin_ref={self.origin_ref}, lease_ref={self.lease_ref}, expires={self.lease_expires})'
 
-    def serialize(self) -> dict:
+    def serialize(self, renewal_period: float, renewal_delta: timedelta) -> dict:
+        lease_renewal = int(Lease.calculate_renewal(renewal_period, renewal_delta).total_seconds())
+        lease_renewal = self.lease_updated + relativedelta(seconds=lease_renewal)
+
         return {
             'lease_ref': self.lease_ref,
             'origin_ref': self.origin_ref,
@@ -89,6 +93,7 @@ class Lease(Base):
             'lease_created': self.lease_created.replace(tzinfo=timezone.utc).isoformat(),
             'lease_expires': self.lease_expires.replace(tzinfo=timezone.utc).isoformat(),
             'lease_updated': self.lease_updated.replace(tzinfo=timezone.utc).isoformat(),
+            'lease_renewal': lease_renewal.replace(tzinfo=timezone.utc).isoformat(),
         }
 
     @staticmethod
@@ -156,6 +161,20 @@ class Lease(Base):
         session.close()
         return deletions
 
+    @staticmethod
+    def calculate_renewal(renewal_period: float, delta: timedelta) -> timedelta:
+        """
+        import datetime
+        LEASE_RENEWAL_PERIOD=0.2  # 20%
+        delta = datetime.timedelta(days=1)
+        renew = delta.total_seconds() * LEASE_RENEWAL_PERIOD
+        renew = datetime.timedelta(seconds=renew)
+        expires = delta - renew  # 19.2
+        """
+        renew = delta.total_seconds() * renewal_period
+        renew = timedelta(seconds=renew)
+        return renew
+
 
 def init(engine: Engine):
     tables = [Origin, Lease]

app/static/assets/js/helper.js

@@ -76,6 +76,7 @@ async function fetchLeases(element) {
                         <th scope="col">lease</th>
                         <th scope="col">created</th>
                         <th scope="col">updated</th>
+                        <th scope="col">next renew</th>
                         <th scope="col">expires</th>
                         <th scope="col">origin</th>
                     </tr>`
@@ -87,8 +88,9 @@ async function fetchLeases(element) {
                         <td><code>${o.lease_ref}</code></td>
                         <td>${new Date(o.lease_created).toLocaleDateString('system', dtc)}</td>
                         <td>${new Date(o.lease_updated).toLocaleDateString('system', dtc)}</td>
+                        <td>${new Date(o.lease_renewal).toLocaleDateString('system', dtc)}</td>
                         <td>${new Date(o.lease_expires).toLocaleDateString('system', dtc)}</td>
-                        <td><code title="hostname: ${o.origin.hostname}">${o.origin_ref}</code></td>`
+                        <td><code title="hostname: ${o.origin?.hostname}">${o.origin_ref}</code></td>`
                 tbody.appendChild(row);
             })
             table.appendChild(tbody)

docker-compose.yml

@@ -2,13 +2,28 @@ version: '3.9'
 
 x-dls-variables: &dls-variables
   DLS_URL: localhost  # REQUIRED, change to your ip or hostname
-  DLS_PORT: 443  # must match nginx listen port
+  DLS_PORT: 443  # must match nginx listen & exposed port
   LEASE_EXPIRE_DAYS: 90
   DATABASE: sqlite:////app/database/db.sqlite
   DEBUG: false
 
 services:
-  web:
+  dls:
+    image: collinwebdesigns/fastapi-dls:latest
+    restart: always
+    environment:
+      <<: *dls-variables
+    volumes:
+      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
+      - db:/app/database
+    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
+    healthcheck:
+      test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
+  proxy:
     image: nginx
     ports:
       # thees are ports where nginx (!) is listen to
@@ -17,14 +32,14 @@ services:
     volumes:
       - /opt/docker/fastapi-dls/cert:/opt/cert
     healthcheck:
-      test: [ "CMD", "curl", "--insecure", "--fail", "https://localhost/-/health" ]
+      test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
       interval: 10s
       timeout: 5s
       retries: 3
       start_period: 30s
     command: |
-      bash -c 'bash -s <<"EOF"
-      cat > /etc/nginx/nginx.conf <<"EON"
+      bash -c "bash -s <<\"EOF\"
+      cat > /etc/nginx/nginx.conf <<\"EON\"
       daemon off;
       user root;
       worker_processes auto;
@@ -39,7 +54,7 @@ services:
         include /etc/nginx/mime.types;
       
         upstream dls-backend {
-          server dls:443;
+          server dls:8000;  # must match dls listen port
         }
       
         server {
@@ -60,18 +75,17 @@ services:
           ssl_prefer_server_ciphers on;
       
           location / {
-            proxy_ssl_verify off;
             proxy_set_header Host $$http_host;
             proxy_set_header X-Real-IP $$remote_addr;
             proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $$scheme;
-            proxy_pass https://dls-backend$$request_uri;
+            proxy_pass http://dls-backend$$request_uri;
           }
       
           location = /-/health {
             access_log off;
             add_header 'Content-Type' 'application/json';
-            return 200; # '{\"status\":\"up\",\"service\":\"nginx\"}';
+            return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
           }
         }
       
@@ -84,12 +98,11 @@ services:
           server_name _;
       
           location /leasing/v1/lessor/shutdown {
-            proxy_ssl_verify off;
             proxy_set_header Host $$http_host;
             proxy_set_header X-Real-IP $$remote_addr;
             proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $$scheme;
-            proxy_pass https://dls-backend/leasing/v1/lessor/shutdown;
+            proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
           }
       
           location / {
@@ -99,16 +112,7 @@ services:
       }
       EON
       nginx
-      EOF'
-
-  dls:
-    image: collinwebdesigns/fastapi-dls:latest
-    restart: always
-    environment:
-      <<: *dls-variables
-    volumes:
-      - /opt/docker/fastapi-dls/cert:/app/cert
-      - db:/app/database
+      EOF"
 
 volumes:
   db:

requirements.txt

@@ -1,9 +1,9 @@
-fastapi==0.88.0
+fastapi==0.89.1
 uvicorn[standard]==0.20.0
 python-jose==3.3.0
 pycryptodome==3.16.0
 python-dateutil==2.8.2
-sqlalchemy==1.4.45
+sqlalchemy==1.4.46
 markdown==3.4.1
 python-dotenv==0.21.0
 jinja2==3.1.2

version.env

@@ -1 +1 @@
-VERSION=1.3
+VERSION=1.3.3