2025-06-21 05:31:03 +08:00
6 changed files with 16 additions and 171 deletions
--- a/.DEBIAN/env.default
+++ b/.DEBIAN/env.default
@ -1,9 +1,6 @@
 # Toggle debug mode
 #DEBUG=false
 # Cert Path
 CERT_PATH="/etc/fastapi-dls/cert"
 # Where the client can find the DLS server
 DLS_URL=127.0.0.1
 DLS_PORT=443
--- a/.DEBIAN/postinst
+++ b/.DEBIAN/postinst
@ -3,8 +3,6 @@
 WORKING_DIR=/usr/share/fastapi-dls
 CONFIG_DIR=/etc/fastapi-dls
 source $CONFIG_DIR/env
 while true; do
  [ -f $CONFIG_DIR/webserver.key ] && default_answer="N" || default_answer="Y"
  [ $default_answer == "Y" ] && V="Y/n" || V="y/N"
@ -27,32 +25,27 @@ if [ -f $CONFIG_DIR/webserver.key ]; then
  if [ -x "$(command -v curl)" ]; then
    echo "> Testing API ..."
    source $CONFIG_DIR/env
    curl --insecure -X GET https://$DLS_URL:$DLS_PORT/-/health
  else
    echo "> Testing API failed, curl not available. Please test manually!"
  fi
 fi
 echo "> Create Certificate-Chain folder ..."
 mkdir -p $CERT_PATH
 echo "> Set permissions ..."
 chown -R www-data:www-data $CONFIG_DIR
 chown -R www-data:www-data $WORKING_DIR
 echo "> Done."
 cat <<EOF
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 #                                                                             #
 #    fastapi-dls is now installed.                                            #
 #                                                                             #
-#    Service should be up and running (if you choose to auto-generate         #
+#    Service should be up and running.                                        #
-#     self-signed webserver certificate).                                     #
+#      Webservice is listen to https://localhost                              #
 #                                                                             #
 #    Configuration is stored in /etc/fastapi-dls/env.                         #
 #                                                                             #
 #    - Webservice is listen to https://localhost                              #                                                                       #
 #    - Configuration is stored in /etc/fastapi-dls/env                        #
 #                                                                             #
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@ Minimal Delegated License Service (DLS).
 > [!warning] Branch support
 > FastAPI-DLS Version 1.x supports up to **`17.x`** releases. \
 > FastAPI-DLS Version 2.x is backwards compatible to `17.x` and supports **`18.x`** releases in combination
-> with [gridd-unlock-patcher](https://git.collinwebdesigns.de/vgpu/gridd-unlock-patcher).
+> with [gridd-unlock-patcher](https://git.collinwebdesigns.de/oscar.krause/gridd-unlock-patcher).
 > Other combinations of FastAPI-DLS and Driver-Branches may work but are not tested.
 > [!note] Compatibility
@ -18,6 +18,7 @@ Only the clients need a connection to this service on configured port.
 **Official Links**
 * https://git.collinwebdesigns.de/oscar.krause/fastapi-dls (Private Git)
 * https://gitea.publichub.eu/oscar.krause/fastapi-dls (Public Git)
 * https://hub.docker.com/r/collinwebdesigns/fastapi-dls (Docker-Hub `collinwebdesigns/fastapi-dls:latest`)
 *All other repositories are forks! (which  is no bad - just for information and bug reports)*
@ -415,141 +416,7 @@ acme.sh --issue -d example.com \
 After first success you have to replace `--issue` with `--renew`.
-## Nginx Reverse Proxy (experimental)
+# Configuration
 - This guide is written for Debian/Ubuntu systems, other may work, but you have to do your setup on your own
 - Uvicorn does no longer serve requests directly
 - NGINX is used as HTTP & HTTPS entrypoint
 - Assumes you already have set up webserver certificate and private-key
 **Install Nginx Webserver**
 ```shell
 apt-get install nginx-light
 ```
 **Remove default vhost**
 ```shell
 rm /etc/nginx/sites-enabled/default
 ```
 **Create fastapi-dls vhost**
 <details>
    <summary>`/etc/nginx/sites-available/fastapi-dls`</summary>
 ```
 upstream dls-backend {
        server 127.0.0.1:8000;  # must match dls listen port
 }
 server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        root /var/www/html;
        index index.html;
        server_name _;
        ssl_certificate "/etc/fastapi-dls/cert/webserver.crt";
        ssl_certificate_key "/etc/fastapi-dls/cert/webserver.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1.3 TLSv1.2;
        # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
        # ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;
        location / {
                # https://www.uvicorn.org/deployment/
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_redirect off;
                proxy_buffering off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_pass http://dls-backend$request_uri;
        }
        location = /-/health {
                access_log off;
                add_header 'Content-Type' 'application/json';
                return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
        }
 }
 map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
 }
 server {
        listen 80;
        listen [::]:80;
        root /var/www/html;
        index index.html;
        server_name _;
        location /leasing/v1/lessor/shutdown {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
        }
        location / {
                return 301 https://$host$request_uri;
        }
 }
 ```
 </details>
 **Enable and test vhost**
 ```shell
 ln -s /etc/nginx/sites-available/fastapi-dls /etc/nginx/sites-enabled/fastapi-dls
 nginx -t
 # nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
 # nginx: configuration file /etc/nginx/nginx.conf test is successful
 ```
 **Override default fastapi-dls systemd service**
 ```shell
 mkdir /etc/systemd/system/fastapi-dls.service.d
 ```
 <details>
    <summary>`/etc/systemd/system/fastapi-dls.service.d/override.conf`</summary>
 ```
 [Service]
 ExecStart=
 ExecStart=uvicorn main:app \
  --env-file /etc/fastapi-dls/env \
  --host 127.0.0.1 --port 8000 \
  --app-dir /usr/share/fastapi-dls/app \
  --proxy-headers
 ```
 </details>
 **Run**
 ```shell
 systemctl daemon-reload
 service nginx start
 service fastapi-dls start
 ```
 # Configuration (Service)
 | Variable               | Default                                | Usage                                                                                                |
 |------------------------|----------------------------------------|------------------------------------------------------------------------------------------------------|
@ -889,8 +756,7 @@ Successfully tested with this package versions.
 | FastAPI-DLS Version | vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver |  Release Date |      EOL Date |
 |---------------------|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
-| `2.x`               |    `18.2`     |   **R570**    | `570.148.06`       | `570.148.08` | `573.07`       |      May 2025 |    March 2026 |
+| `2.x`               |    `18.1`     |   **R570**    | `570.133.08`       | `570.133.07` | `572.83`       |    April 2025 |    March 2026 |
 |                     |    `18.1`     |   **R570**    | `570.133.08`       | `570.133.07` | `572.83`       |    April 2025 |    March 2026 |
 |                     |    `18.0`     |   **R570**    | `570.124.03`       | `570.124.06` | `572.60`       |    March 2025 |    March 2026 |
 | `1.x` & `2.x`       |    `17.6`     |   **R550**    | `550.163.02`       | `550.63.01`  | `553.74`       |    April 2025 |     June 2025 |
 |                     |    `17.5`     |               | `550.144.02`       | `550.144.03` | `553.62`       |  January 2025 |               |
@ -925,6 +791,6 @@ Special thanks to:
 - `Krutav Shah` who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
 - `Wim van 't Hoog` for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
 - `mrzenc` who wrote [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos)
- `electricsheep49` who wrote [gridd-unlock-patcher](https://git.collinwebdesigns.de/vgpu/gridd-unlock-patcher)
+- `electricsheep49` who wrote [gridd-unlock-patcher](https://git.collinwebdesigns.de/oscar.krause/gridd-unlock-patcher)
 And thanks to all people who contributed to all these libraries!
--- a/ROADMAP.md
+++ b/ROADMAP.md
@ -2,17 +2,6 @@
 I am planning to implement the following features in the future.
 ## Patching Endpoint
 A (optional) Path-Variable to `gridd-unlock-patcher` which enables an additional endpoint.
 Here you can upload your `nvidia-gridd` binary or `nvxdapix.dll` which then will be patched and responded.
 ## All-In-One Installer Script Endpoint
 A new all-in-one installer endpoint
 (here a script is returned for linux or windows which then could be called like
 curl https://<fastapi-dls>/-/install/deb | sh which then
 download and place a client-token in the right directory, patch your girdd / dll and restart nvidia-gridd service)
 ## HA - High Availability
--- a/app/util.py
+++ b/app/util.py
@ -45,11 +45,11 @@ class CASetup:
        self.service_instance_ref = service_instance_ref
        self.root_private_key_filename = join(cert_path_prefix, CASetup.ROOT_PRIVATE_KEY_FILENAME)
-        self.root_certificate_filename = join(cert_path_prefix, CASetup.ROOT_CERTIFICATE_FILENAME)
+        self.root_certificate_filename = join(dirname(__file__), 'cert', CASetup.ROOT_CERTIFICATE_FILENAME)
-        self.ca_private_key_filename = join(cert_path_prefix, CASetup.CA_PRIVATE_KEY_FILENAME)
+        self.ca_private_key_filename = join(dirname(__file__), 'cert', CASetup.CA_PRIVATE_KEY_FILENAME)
-        self.ca_certificate_filename = join(cert_path_prefix, CASetup.CA_CERTIFICATE_FILENAME)
+        self.ca_certificate_filename = join(dirname(__file__), 'cert', CASetup.CA_CERTIFICATE_FILENAME)
-        self.si_private_key_filename = join(cert_path_prefix, CASetup.SI_PRIVATE_KEY_FILENAME)
+        self.si_private_key_filename = join(dirname(__file__), 'cert', CASetup.SI_PRIVATE_KEY_FILENAME)
-        self.si_certificate_filename = join(cert_path_prefix, CASetup.SI_CERTIFICATE_FILENAME)
+        self.si_certificate_filename = join(dirname(__file__), 'cert', CASetup.SI_CERTIFICATE_FILENAME)
        if not (isfile(self.root_private_key_filename)
                and isfile(self.root_certificate_filename)
--- a/requirements.txt
+++ b/requirements.txt
@ -3,6 +3,6 @@ uvicorn[standard]==0.34.2
 python-jose[cryptography]==3.4.0
 cryptography==44.0.3
 python-dateutil==2.9.0
-sqlalchemy==2.0.41
+sqlalchemy==2.0.40
 markdown==3.8
 python-dotenv==1.1.0