Compare commits
7 Commits
e89401dbc1
...
1131f31c27
Author | SHA1 | Date | |
---|---|---|---|
1131f31c27 | |||
e84a7b3e8d | |||
00f6590a9f | |||
6afb121533 | |||
c5b6c79d1c | |||
4184731571 | |||
7eddb17862 |
@ -9,7 +9,7 @@ build:
|
|||||||
- if: $CI_COMMIT_BRANCH
|
- if: $CI_COMMIT_BRANCH
|
||||||
tags: [ docker ]
|
tags: [ docker ]
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=`git rev-parse HEAD`" >> version.env
|
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env # COMMIT=`git rev-parse HEAD`
|
||||||
script:
|
script:
|
||||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
||||||
@ -24,9 +24,13 @@ deploy:
|
|||||||
stage: deploy
|
stage: deploy
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||||
|
before_script:
|
||||||
|
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
|
||||||
|
- source version.env
|
||||||
|
- echo "Building docker image for commit ${COMMIT} with version ${VERSION}"
|
||||||
script:
|
script:
|
||||||
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
||||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF}
|
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
||||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
||||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF}
|
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
||||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
||||||
|
@ -11,6 +11,7 @@ RUN apk update \
|
|||||||
&& apk del build-deps
|
&& apk del build-deps
|
||||||
|
|
||||||
COPY app /app
|
COPY app /app
|
||||||
|
COPY version.env /version.env
|
||||||
COPY README.md /README.md
|
COPY README.md /README.md
|
||||||
|
|
||||||
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1
|
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1
|
||||||
|
99
README.md
99
README.md
@ -12,6 +12,10 @@ HTML rendered README.md.
|
|||||||
|
|
||||||
Status endpoint, used for *healthcheck*. Shows also current version and commit hash.
|
Status endpoint, used for *healthcheck*. Shows also current version and commit hash.
|
||||||
|
|
||||||
|
### `GET /docs`
|
||||||
|
|
||||||
|
OpenAPI specifications rendered from `GET /openapi.json`.
|
||||||
|
|
||||||
### `GET /-/origins`
|
### `GET /-/origins`
|
||||||
|
|
||||||
List registered origins.
|
List registered origins.
|
||||||
@ -28,7 +32,9 @@ Generate client token, (see [installation](#installation)).
|
|||||||
|
|
||||||
There are some more internal api endpoints for handling authentication and lease process.
|
There are some more internal api endpoints for handling authentication and lease process.
|
||||||
|
|
||||||
# Setup (Docker)
|
# Setup
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
|
||||||
**Run this on the Docker-Host**
|
**Run this on the Docker-Host**
|
||||||
|
|
||||||
@ -77,6 +83,97 @@ volumes:
|
|||||||
dls-db:
|
dls-db:
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Debian
|
||||||
|
|
||||||
|
Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
|
||||||
|
|
||||||
|
**Install requirements**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
apt-get update && apt-get install git python3-venv python3-pip
|
||||||
|
```
|
||||||
|
|
||||||
|
**Install FastAPI-DLS**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
WORKING_DIR=/opt/fastapi-dls
|
||||||
|
mkdir -p $WORKING_DIR
|
||||||
|
cd $WORKING_DIR
|
||||||
|
git clone https://git.collinwebdesigns.de/oscar.krause/fastapi-dls .
|
||||||
|
python3 -m venv venv
|
||||||
|
source venv/bin/activate
|
||||||
|
pip install -r requirements.txt
|
||||||
|
deactivate
|
||||||
|
```
|
||||||
|
|
||||||
|
**Create keypair and webserver certificate**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
WORKING_DIR=/opt/fastapi-dls/app/cert
|
||||||
|
mkdir $WORKING_DIR
|
||||||
|
cd $WORKING_DIR
|
||||||
|
# create instance private and public key for singing JWT's
|
||||||
|
openssl genrsa -out $WORKING_DIR/instance.private.pem 2048
|
||||||
|
openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem
|
||||||
|
# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt
|
||||||
|
```
|
||||||
|
|
||||||
|
**Test Service**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
cd /opt/fastapi-dls/app
|
||||||
|
/opt/fastapi-dls/venv/bin/uvicorn main:app \
|
||||||
|
--host 127.0.0.1 --port 443 \
|
||||||
|
--app-dir /opt/fastapi-dls/app \
|
||||||
|
--ssl-keyfile /opt/fastapi-dls/app/cert/webserver.key \
|
||||||
|
--ssl-certfile /opt/fastapi-dls/app/cert/webserver.crt \
|
||||||
|
--proxy-headers
|
||||||
|
```
|
||||||
|
|
||||||
|
**Create config file**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
cat <<EOF > /etc/fastapi-dls.env
|
||||||
|
DLS_URL=127.0.0.1
|
||||||
|
DLS_PORT=443
|
||||||
|
LEASE_EXPIRE_DAYS=90
|
||||||
|
DATABASE=sqlite:////opt/fastapi-dls/app/db.sqlite
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
**Create service**
|
||||||
|
|
||||||
|
```shell
|
||||||
|
cat <<EOF >/etc/systemd/system/fastapi-dls.service
|
||||||
|
[Unit]
|
||||||
|
Description=Service for fastapi-dls
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=www-data
|
||||||
|
Group=www-data
|
||||||
|
WorkingDirectory=/opt/fastapi-dls/app
|
||||||
|
ExecStart=/opt/fastapi-dls/venv/bin/uvicorn \
|
||||||
|
--host $DLS_URL --port $DLS_PORT \
|
||||||
|
--app-dir /opt/fastapi-dls/app \
|
||||||
|
--ssl-keyfile /opt/fastapi-dls/app/cert/webserver.key \
|
||||||
|
--ssl-certfile /opt/fastapi-dls/app/cert/webserver.crt \
|
||||||
|
--proxy-headers
|
||||||
|
EnvironmentFile=/etc/fastapi-dls.env
|
||||||
|
Restart=always
|
||||||
|
KillSignal=SIGQUIT
|
||||||
|
Type=notify
|
||||||
|
StandardError=syslog
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you have to run `systemctl daemon-reload`. After that you can start service with `systemctl start fastapi-dls.service`.
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
| Variable | Default | Usage |
|
| Variable | Default | Usage |
|
||||||
|
@ -5,7 +5,7 @@ from uuid import uuid4
|
|||||||
from os.path import join, dirname
|
from os.path import join, dirname
|
||||||
from os import getenv
|
from os import getenv
|
||||||
|
|
||||||
from dotenv import dotenv_values
|
from dotenv import load_dotenv
|
||||||
from fastapi import FastAPI, HTTPException
|
from fastapi import FastAPI, HTTPException
|
||||||
from fastapi.requests import Request
|
from fastapi.requests import Request
|
||||||
from fastapi.encoders import jsonable_encoder
|
from fastapi.encoders import jsonable_encoder
|
||||||
@ -22,7 +22,7 @@ from Crypto.PublicKey import RSA
|
|||||||
from Crypto.PublicKey.RSA import RsaKey
|
from Crypto.PublicKey.RSA import RsaKey
|
||||||
|
|
||||||
logger = logging.getLogger()
|
logger = logging.getLogger()
|
||||||
dotenv_values('version.env')
|
load_dotenv('../version.env')
|
||||||
|
|
||||||
VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False))
|
VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False))
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user