5 changed files with 111 additions and 141 deletions
--- a/2
+++ b/2
@ -10,7 +10,7 @@ RUN apk update \
 && apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev \
 && apk add --no-cache curl postgresql postgresql-dev mariadb-connector-c-dev sqlite-dev \
 && pip install --no-cache-dir --upgrade uvicorn \
- && pip install --no-cache-dir psycopg2==3.1.9 mysqlclient==2.2.0 pysqlite3==0.5.1 \
+ && pip install --no-cache-dir psycopg2==2.9.5 mysqlclient==2.1.1 pysqlite3==0.5.0 \
 && pip install --no-cache-dir -r /tmp/requirements.txt \
 && apk del build-deps
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 Minimal Delegated License Service (DLS).
-Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0.
+Compatibility tested with official DLS 2.0.1.
 This service can be used without internet connection.
 Only the clients need a connection to this service on configured port.
@ -65,7 +65,7 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
 **Docker-Compose / Deploy stack**
-See [`examples`](examples) directory for more advanced examples (with reverse proxy usage).
+Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with reverse proxy usage).
 ```yaml
 version: '3.9'
@ -417,7 +417,6 @@ Successfully tested with this package versions:
 | vGPU Suftware | vGPU Manager | Linux Driver | Windows Driver | Release Date  |
 |---------------|--------------|--------------|----------------|---------------|
 | `15.3`        | `525.125.03` | `525.125.06` | `529.11`       | June 2023     |
 | `15.2`        | `525.105.14` | `525.105.17` | `528.89`       | March 2023    |
 | `15.1`        | `525.85.07`  | `525.85.05`  | `528.24`       | January 2023  |
 | `15.0`        | `525.60.12`  | `525.60.13`  | `527.41`       | December 2022 |
@ -682,7 +681,7 @@ The error message can safely be ignored (since we have no license limitation :P)
 <0>:End Logging
 ```
-#### log with nginx as reverse proxy (see [docker-compose-http-and-https.yml](examples/docker-compose-http-and-https.yml))
+#### log with nginx as reverse proxy (see [docker-compose.yml](docker-compose.yml))
 ```
 <1>:NLS initialized
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,10 +1,9 @@
 version: '3.9'
 x-dls-variables: &dls-variables
  TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!!
  DLS_URL: localhost  # REQUIRED, change to your ip or hostname
-  DLS_PORT: 443
+  DLS_PORT: 443  # must match nginx listen & exposed port
-  LEASE_EXPIRE_DAYS: 90  # 90 days is maximum
+  LEASE_EXPIRE_DAYS: 90
  DATABASE: sqlite:////app/database/db.sqlite
  DEBUG: false
@ -14,16 +13,108 @@ services:
    restart: always
    environment:
      <<: *dls-variables
    ports:
      - "443:443"
    volumes:
-      - /opt/docker/fastapi-dls/cert:/app/cert
+      - /etc/timezone:/etc/timezone:ro
-      - dls-db:/app/database
+      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
-    logging: # optional, for those who do not need logs
+      - db:/app/database
-      driver: "json-file"
+    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
-      options:
+    healthcheck:
-        max-file: 5
+      test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
-        max-size: 10m
+      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
  proxy:
    image: nginx
    ports:
      # thees are ports where nginx (!) is listen to
      - "80:80"  # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed!
      - "443:443"  # first part must match "DLS_PORT"
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /opt/docker/fastapi-dls/cert:/opt/cert
    healthcheck:
      test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
    command: |
      bash -c "bash -s <<\"EOF\"
      cat > /etc/nginx/nginx.conf <<\"EON\"
      daemon off;
      user root;
      worker_processes auto;
      events {
        worker_connections 1024;
      }
      http {
        gzip on;
        gzip_disable "msie6";
        include /etc/nginx/mime.types;
        upstream dls-backend {
          server dls:8000;  # must match dls listen port
        }
        server {
          listen 443 ssl http2 default_server;
          listen [::]:443 ssl http2 default_server;
          root /var/www/html;
          index index.html;
          server_name _;
          ssl_certificate "/opt/cert/webserver.crt";
          ssl_certificate_key "/opt/cert/webserver.key";
          ssl_session_cache shared:SSL:1m;
          ssl_session_timeout  10m;
          ssl_protocols TLSv1.3 TLSv1.2;
          # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
          # ssl_ciphers PROFILE=SYSTEM;
          ssl_prefer_server_ciphers on;
          location / {
            proxy_set_header Host $$http_host;
            proxy_set_header X-Real-IP $$remote_addr;
            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $$scheme;
            proxy_pass http://dls-backend$$request_uri;
          }
          location = /-/health {
            access_log off;
            add_header 'Content-Type' 'application/json';
            return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
          }
        }
        server {
          listen 80;
          listen [::]:80;
          root /var/www/html;
          index index.html;
          server_name _;
          location /leasing/v1/lessor/shutdown {
            proxy_set_header Host $$http_host;
            proxy_set_header X-Real-IP $$remote_addr;
            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $$scheme;
            proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
          }
          location / {
            return 301 https://$$host$$request_uri;
          }
        }
      }
      EON
      nginx
      EOF"
 volumes:
-  dls-db:
+  db:
--- a/examples/docker-compose-http-and-https.yml
+++ b/examples/docker-compose-http-and-https.yml
@ -1,120 +0,0 @@
 version: '3.9'
 x-dls-variables: &dls-variables
  DLS_URL: localhost  # REQUIRED, change to your ip or hostname
  DLS_PORT: 443  # must match nginx listen & exposed port
  LEASE_EXPIRE_DAYS: 90
  DATABASE: sqlite:////app/database/db.sqlite
  DEBUG: false
 services:
  dls:
    image: collinwebdesigns/fastapi-dls:latest
    restart: always
    environment:
      <<: *dls-variables
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
      - db:/app/database
    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
    healthcheck:
      test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
  proxy:
    image: nginx
    ports:
      # thees are ports where nginx (!) is listen to
      - "80:80"  # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed!
      - "443:443"  # first part must match "DLS_PORT"
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /opt/docker/fastapi-dls/cert:/opt/cert
    healthcheck:
      test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
    command: |
      bash -c "bash -s <<\"EOF\"
      cat > /etc/nginx/nginx.conf <<\"EON\"
      daemon off;
      user root;
      worker_processes auto;
      events {
        worker_connections 1024;
      }
      http {
        gzip on;
        gzip_disable "msie6";
        include /etc/nginx/mime.types;
        upstream dls-backend {
          server dls:8000;  # must match dls listen port
        }
        server {
          listen 443 ssl http2 default_server;
          listen [::]:443 ssl http2 default_server;
          root /var/www/html;
          index index.html;
          server_name _;
          ssl_certificate "/opt/cert/webserver.crt";
          ssl_certificate_key "/opt/cert/webserver.key";
          ssl_session_cache shared:SSL:1m;
          ssl_session_timeout  10m;
          ssl_protocols TLSv1.3 TLSv1.2;
          # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
          # ssl_ciphers PROFILE=SYSTEM;
          ssl_prefer_server_ciphers on;
          location / {
            proxy_set_header Host $$http_host;
            proxy_set_header X-Real-IP $$remote_addr;
            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $$scheme;
            proxy_pass http://dls-backend$$request_uri;
          }
          location = /-/health {
            access_log off;
            add_header 'Content-Type' 'application/json';
            return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
          }
        }
        server {
          listen 80;
          listen [::]:80;
          root /var/www/html;
          index index.html;
          server_name _;
          location /leasing/v1/lessor/shutdown {
            proxy_set_header Host $$http_host;
            proxy_set_header X-Real-IP $$remote_addr;
            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $$scheme;
            proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
          }
          location / {
            return 301 https://$$host$$request_uri;
          }
        }
      }
      EON
      nginx
      EOF"
 volumes:
  db:
--- a/requirements.txt
+++ b/requirements.txt
@ -1,8 +1,8 @@
-fastapi==0.99.1
+fastapi==0.97.0
 uvicorn[standard]==0.22.0
 python-jose==3.3.0
 pycryptodome==3.18.0
 python-dateutil==2.8.2
-sqlalchemy==2.0.17
+sqlalchemy==2.0.16
 markdown==3.4.3
 python-dotenv==1.0.0