oscar.krause/fastapi-dls
2
3
Fork 1
Code Issues 5 Pull Requests Releases Activity

Compare commits

base: oscar.krause:a95126f51da4e9d457da75ba6ae7369044e35ea9
Branches Tags
oscar.krause:main
oscar.krause:db
oscar.krause:ui
oscar.krause:dev
oscar.krause:ha
oscar.krause:set-dependency-scanning-config-1
oscar.krause:archlinux-makepkg
oscar.krause:1.3.12
oscar.krause:1.3.11
oscar.krause:1.3.10
oscar.krause:1.3.9
oscar.krause:1.3.8
oscar.krause:1.3.7
oscar.krause:1.3.6
oscar.krause:1.3.5
oscar.krause:1.3.4
oscar.krause:1.3.3
oscar.krause:1.3.2
oscar.krause:1.3.1
oscar.krause:1.3
oscar.krause:1.2
oscar.krause:1.1
oscar.krause:1.0
oscar.krause:legacy
oscar.krause:0.6
oscar.krause:0.5
..
compare: oscar.krause:65937b153e07fc3fc8826d3f556f4cff8c85616f
Branches Tags
oscar.krause:db
oscar.krause:ui
oscar.krause:dev
oscar.krause:main
oscar.krause:ha
oscar.krause:set-dependency-scanning-config-1
oscar.krause:archlinux-makepkg
oscar.krause:1.3.12
oscar.krause:1.3.11
oscar.krause:1.3.10
oscar.krause:1.3.9
oscar.krause:1.3.8
oscar.krause:1.3.7
oscar.krause:1.3.6
oscar.krause:1.3.5
oscar.krause:1.3.4
oscar.krause:1.3.3
oscar.krause:1.3.2
oscar.krause:1.3.1
oscar.krause:1.3
oscar.krause:1.2
oscar.krause:1.1
oscar.krause:1.0
oscar.krause:legacy
oscar.krause:0.6
oscar.krause:0.5

No commits in common. "a95126f51da4e9d457da75ba6ae7369044e35ea9" and "65937b153e07fc3fc8826d3f556f4cff8c85616f" have entirely different histories.
a95126f51d ... 65937b153e

2 changed files with 13 additions and 18 deletions
Show Stats Expand all files Collapse all files

27
README.md
View File

@ -150,7 +150,7 @@ su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fast
**Create config file** **Create config file**
```shell ```shell
cat <<EOF >/etc/fastapi-dls/env cat <<EOF > /etc/fastapi-dls/env
DLS_URL=127.0.0.1 DLS_URL=127.0.0.1
DLS_PORT=443 DLS_PORT=443
LEASE_EXPIRE_DAYS=90 LEASE_EXPIRE_DAYS=90
@ -162,7 +162,7 @@ EOF
**Create service** **Create service**
```shell ```shell
cat <<EOF >/etc/systemd/system/fastapi-dls.service cat <<EOF > /etc/systemd/system/fastapi-dls.service
[Unit] [Unit]
Description=Service for fastapi-dls Description=Service for fastapi-dls
After=network.target After=network.target
@ -197,18 +197,14 @@ with `systemctl start fastapi-dls.service` (and enable autostart with `systemctl
# Configuration # Configuration
| Variable | Default | Usage | | Variable | Default | Usage |
|---------------------|----------------------------------------|---------------------------------------------------------------------------------------| |---------------------|-----------------------|---------------------------------------------------------------------------------------|
| `DEBUG` | `false` | Toggles `fastapi` debug mode | | `DEBUG` | `false` | Toggles `fastapi` debug mode |
| `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable | | `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable |
| `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable | | `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable |
| `LEASE_EXPIRE_DAYS` | `90` | Lease time in days | | `LEASE_EXPIRE_DAYS` | `90` | Lease time in days |
| `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) | | `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) |
| `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) | | `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) |
| `SITE_KEY_XID` | `00000000-0000-0000-0000-000000000000` | Site identification uuid |
| `INSTANCE_REF` | `00000000-0000-0000-0000-000000000000` | Instance identification uuid |
| `INSTANCE_KEY_RSA` | `<app-dir>/cert/instance.private.pem` | Site-wide private RSA key for singing JWTs |
| `INSTANCE_KEY_PUB` | `<app-dir>/cert/instance.public.pem` | Site-wide public key |
# Setup (Client) # Setup (Client)
@ -253,8 +249,7 @@ Currently, there are no known issues.
### Required cipher on Windows Guests (e.g. managed by domain controller with GPO) ### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
It is required to enable `SHA1` (`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521`) It is required to enable `SHA1` (`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521`) in [windows cipher suite](https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls).
in [windows cipher suite](https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls).
### Multiple Display Container LS Instances ### Multiple Display Container LS Instances

4
app/main.py
View File

@ -54,8 +54,8 @@ DLS_URL = str(getenv('DLS_URL', 'localhost'))
DLS_PORT = int(getenv('DLS_PORT', '443')) DLS_PORT = int(getenv('DLS_PORT', '443'))
SITE_KEY_XID = str(getenv('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000')) SITE_KEY_XID = str(getenv('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
INSTANCE_REF = str(getenv('INSTANCE_REF', '00000000-0000-0000-0000-000000000000')) INSTANCE_REF = str(getenv('INSTANCE_REF', '00000000-0000-0000-0000-000000000000'))
INSTANCE_KEY_RSA = load_key(str(getenv('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem')))) INSTANCE_KEY_RSA = load_key(join(dirname(__file__), 'cert/instance.private.pem'))
INSTANCE_KEY_PUB = load_key(str(getenv('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem')))) INSTANCE_KEY_PUB = load_key(join(dirname(__file__), 'cert/instance.public.pem'))
CORS_ORIGINS = getenv('CORS_ORIGINS').split(',') if (getenv('CORS_ORIGINS')) else f'https://{DLS_URL}' # todo: prevent static https CORS_ORIGINS = getenv('CORS_ORIGINS').split(',') if (getenv('CORS_ORIGINS')) else f'https://{DLS_URL}' # todo: prevent static https