Compare commits
7 Commits
e89401dbc1
...
1131f31c27
Author | SHA1 | Date | |
---|---|---|---|
1131f31c27 | |||
e84a7b3e8d | |||
00f6590a9f | |||
6afb121533 | |||
c5b6c79d1c | |||
4184731571 | |||
7eddb17862 |
@ -9,7 +9,7 @@ build:
|
||||
- if: $CI_COMMIT_BRANCH
|
||||
tags: [ docker ]
|
||||
before_script:
|
||||
- echo "COMMIT=`git rev-parse HEAD`" >> version.env
|
||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env # COMMIT=`git rev-parse HEAD`
|
||||
script:
|
||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
||||
@ -24,9 +24,13 @@ deploy:
|
||||
stage: deploy
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
before_script:
|
||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
|
||||
- source version.env
|
||||
- echo "Building docker image for commit ${COMMIT} with version ${VERSION}"
|
||||
script:
|
||||
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF}
|
||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF}
|
||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
||||
|
@ -11,6 +11,7 @@ RUN apk update \
|
||||
&& apk del build-deps
|
||||
|
||||
COPY app /app
|
||||
COPY version.env /version.env
|
||||
COPY README.md /README.md
|
||||
|
||||
HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1
|
||||
|
99
README.md
99
README.md
@ -12,6 +12,10 @@ HTML rendered README.md.
|
||||
|
||||
Status endpoint, used for *healthcheck*. Shows also current version and commit hash.
|
||||
|
||||
### `GET /docs`
|
||||
|
||||
OpenAPI specifications rendered from `GET /openapi.json`.
|
||||
|
||||
### `GET /-/origins`
|
||||
|
||||
List registered origins.
|
||||
@ -28,7 +32,9 @@ Generate client token, (see [installation](#installation)).
|
||||
|
||||
There are some more internal api endpoints for handling authentication and lease process.
|
||||
|
||||
# Setup (Docker)
|
||||
# Setup
|
||||
|
||||
## Docker
|
||||
|
||||
**Run this on the Docker-Host**
|
||||
|
||||
@ -77,6 +83,97 @@ volumes:
|
||||
dls-db:
|
||||
```
|
||||
|
||||
## Debian
|
||||
|
||||
Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
|
||||
|
||||
**Install requirements**
|
||||
|
||||
```shell
|
||||
apt-get update && apt-get install git python3-venv python3-pip
|
||||
```
|
||||
|
||||
**Install FastAPI-DLS**
|
||||
|
||||
```shell
|
||||
WORKING_DIR=/opt/fastapi-dls
|
||||
mkdir -p $WORKING_DIR
|
||||
cd $WORKING_DIR
|
||||
git clone https://git.collinwebdesigns.de/oscar.krause/fastapi-dls .
|
||||
python3 -m venv venv
|
||||
source venv/bin/activate
|
||||
pip install -r requirements.txt
|
||||
deactivate
|
||||
```
|
||||
|
||||
**Create keypair and webserver certificate**
|
||||
|
||||
```shell
|
||||
WORKING_DIR=/opt/fastapi-dls/app/cert
|
||||
mkdir $WORKING_DIR
|
||||
cd $WORKING_DIR
|
||||
# create instance private and public key for singing JWT's
|
||||
openssl genrsa -out $WORKING_DIR/instance.private.pem 2048
|
||||
openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem
|
||||
# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
|
||||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt
|
||||
```
|
||||
|
||||
**Test Service**
|
||||
|
||||
```shell
|
||||
cd /opt/fastapi-dls/app
|
||||
/opt/fastapi-dls/venv/bin/uvicorn main:app \
|
||||
--host 127.0.0.1 --port 443 \
|
||||
--app-dir /opt/fastapi-dls/app \
|
||||
--ssl-keyfile /opt/fastapi-dls/app/cert/webserver.key \
|
||||
--ssl-certfile /opt/fastapi-dls/app/cert/webserver.crt \
|
||||
--proxy-headers
|
||||
```
|
||||
|
||||
**Create config file**
|
||||
|
||||
```shell
|
||||
cat <<EOF > /etc/fastapi-dls.env
|
||||
DLS_URL=127.0.0.1
|
||||
DLS_PORT=443
|
||||
LEASE_EXPIRE_DAYS=90
|
||||
DATABASE=sqlite:////opt/fastapi-dls/app/db.sqlite
|
||||
EOF
|
||||
```
|
||||
|
||||
**Create service**
|
||||
|
||||
```shell
|
||||
cat <<EOF >/etc/systemd/system/fastapi-dls.service
|
||||
[Unit]
|
||||
Description=Service for fastapi-dls
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=www-data
|
||||
Group=www-data
|
||||
WorkingDirectory=/opt/fastapi-dls/app
|
||||
ExecStart=/opt/fastapi-dls/venv/bin/uvicorn \
|
||||
--host $DLS_URL --port $DLS_PORT \
|
||||
--app-dir /opt/fastapi-dls/app \
|
||||
--ssl-keyfile /opt/fastapi-dls/app/cert/webserver.key \
|
||||
--ssl-certfile /opt/fastapi-dls/app/cert/webserver.crt \
|
||||
--proxy-headers
|
||||
EnvironmentFile=/etc/fastapi-dls.env
|
||||
Restart=always
|
||||
KillSignal=SIGQUIT
|
||||
Type=notify
|
||||
StandardError=syslog
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
```
|
||||
|
||||
Now you have to run `systemctl daemon-reload`. After that you can start service with `systemctl start fastapi-dls.service`.
|
||||
|
||||
# Configuration
|
||||
|
||||
| Variable | Default | Usage |
|
||||
|
@ -5,7 +5,7 @@ from uuid import uuid4
|
||||
from os.path import join, dirname
|
||||
from os import getenv
|
||||
|
||||
from dotenv import dotenv_values
|
||||
from dotenv import load_dotenv
|
||||
from fastapi import FastAPI, HTTPException
|
||||
from fastapi.requests import Request
|
||||
from fastapi.encoders import jsonable_encoder
|
||||
@ -22,7 +22,7 @@ from Crypto.PublicKey import RSA
|
||||
from Crypto.PublicKey.RSA import RsaKey
|
||||
|
||||
logger = logging.getLogger()
|
||||
dotenv_values('version.env')
|
||||
load_dotenv('../version.env')
|
||||
|
||||
VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user