From 05979490ce43065c09ccdaceba836bc234fd0656 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 17:17:58 +0100
Subject: [PATCH 01/11] README.md - moved "Endpoints" below "Setup"

---
 README.md | 116 +++++++++++++++++++++++++++---------------------------
 1 file changed, 58 insertions(+), 58 deletions(-)

diff --git a/README.md b/README.md
index e97b8df..7f5288a 100644
--- a/README.md
+++ b/README.md
@@ -14,64 +14,6 @@ Only the clients need a connection to this service on configured port.
 - check why windows guests display "can't acquire license" although in log there is no message displayed and license is
   also acquired successfully
 
-## Endpoints
-
-### `GET /`
-
-Redirect to `/-/readme`.
-
-### `GET /-/health`
-
-Status endpoint, used for *healthcheck*.
-
-### `GET /-/config`
-
-Shows current runtime environment variables and their values.
-
-### `GET /-/readme`
-
-HTML rendered README.md.
-
-### `GET /-/docs`, `GET /-/redoc`
-
-OpenAPI specifications rendered from `GET /-/openapi.json`.
-
-### `GET /-/manage`
-
-Shows a very basic UI to delete origins or leases.
-
-### `GET /-/origins?leases=false`
-
-List registered origins.
-
-| Query Parameter | Default | Usage                                |
-|-----------------|---------|--------------------------------------|
-| `leases`        | `false` | Include referenced leases per origin |
-
-### `DELETE /-/origins`
-
-Deletes all origins and their leases.
-
-### `GET /-/leases?origin=false`
-
-List current leases.
-
-| Query Parameter | Default | Usage                               |
-|-----------------|---------|-------------------------------------|
-| `origin`        | `false` | Include referenced origin per lease |
-
-### `DELETE /-/lease/{lease_ref}`
-
-Deletes an lease.
-
-### `GET /-/client-token`
-
-Generate client token, (see [installation](#installation)).
-
-### Others
-
-There are some more internal api endpoints for handling authentication and lease process.
-
 # Setup (Service)
 
 ## Docker
@@ -338,6 +280,64 @@ Restart-Service NVDisplay.ContainerLocalSystem
 'C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe' -q | Select-String "License"
 ```
 
+## Endpoints
+
+### `GET /`
+
+Redirect to `/-/readme`.
+
+### `GET /-/health`
+
+Status endpoint, used for *healthcheck*.
+
+### `GET /-/config`
+
+Shows current runtime environment variables and their values.
+
+### `GET /-/readme`
+
+HTML rendered README.md.
+
+### `GET /-/docs`, `GET /-/redoc`
+
+OpenAPI specifications rendered from `GET /-/openapi.json`.
+
+### `GET /-/manage`
+
+Shows a very basic UI to delete origins or leases.
+
+### `GET /-/origins?leases=false`
+
+List registered origins.
+
+| Query Parameter | Default | Usage                                |
+|-----------------|---------|--------------------------------------|
+| `leases`        | `false` | Include referenced leases per origin |
+
+### `DELETE /-/origins`
+
+Deletes all origins and their leases.
+
+### `GET /-/leases?origin=false`
+
+List current leases.
+
+| Query Parameter | Default | Usage                               |
+|-----------------|---------|-------------------------------------|
+| `origin`        | `false` | Include referenced origin per lease |
+
+### `DELETE /-/lease/{lease_ref}`
+
+Deletes an lease.
+
+### `GET /-/client-token`
+
+Generate client token, (see [installation](#installation)).
+
+### Others
+
+There are some more internal api endpoints for handling authentication and lease process.
+
 # Troubleshoot
 
 ## Linux

From 4325560ec4552ebd778f981698dd22d9670fd43a Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 17:18:13 +0100
Subject: [PATCH 02/11] README.md - added some collapses for logs

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 7f5288a..c1e127d 100644
--- a/README.md
+++ b/README.md
@@ -358,6 +358,9 @@ This message can be ignored.
 
 - Ref. https://github.com/encode/uvicorn/issues/441
 
+<details>
+  <summary>Log example</summary>
+
 ```
 WARNING:uvicorn.error:Invalid HTTP request received.
 Traceback (most recent call last):
@@ -376,6 +379,8 @@ Traceback (most recent call last):
 h11._util.RemoteProtocolError: no request line received
 ```
 
+</details>
+
 ## Windows
 
 ### Required cipher on Windows Guests (e.g. managed by domain controller with GPO)
@@ -452,6 +457,9 @@ The driver wants to release current leases on shutting down windows. This endpoi
 is currently not implemented. The error message looks like and safely can be ignored (since we have no license
 limitation :P):
 
+<details>
+  <summary>Log example</summary>
+
 ```
 <1>:NLS initialized
 <1>:License acquired successfully. (Info: 192.168.178.110, NVIDIA RTX Virtual Workstation; Expiry: 2023-3-30 23:0:22 GMT)
@@ -474,6 +482,8 @@ limitation :P):
 <0>:End Logging
 ```
 
+</details>
+
 # Credits
 
 Thanks to vGPU community and all who uses this project and report bugs.

From e8736c94eca7b501bee343fcaf4e4b99f8096593 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 17:46:02 +0100
Subject: [PATCH 03/11] docker-compose.yml - disabled internal ssl support

---
 docker-compose.yml | 46 +++++++++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 21 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 2ebd525..b52a58a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,13 +2,28 @@ version: '3.9'
 
 x-dls-variables: &dls-variables
   DLS_URL: localhost  # REQUIRED, change to your ip or hostname
-  DLS_PORT: 443  # must match nginx listen port
+  DLS_PORT: 443  # must match nginx listen & exposed port
   LEASE_EXPIRE_DAYS: 90
   DATABASE: sqlite:////app/database/db.sqlite
   DEBUG: false
 
 services:
-  web:
+  dls:
+    image: collinwebdesigns/fastapi-dls:latest
+    restart: always
+    environment:
+      <<: *dls-variables
+    volumes:
+      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
+      - db:/app/database
+    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
+    healthcheck:
+      test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
+  proxy:
     image: nginx
     ports:
       # thees are ports where nginx (!) is listen to
@@ -17,14 +32,14 @@ services:
     volumes:
       - /opt/docker/fastapi-dls/cert:/opt/cert
     healthcheck:
-      test: [ "CMD", "curl", "--insecure", "--fail", "https://localhost/-/health" ]
+      test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
       interval: 10s
       timeout: 5s
       retries: 3
       start_period: 30s
     command: |
-      bash -c 'bash -s <<"EOF"
-      cat > /etc/nginx/nginx.conf <<"EON"
+      bash -c "bash -s <<\"EOF\"
+      cat > /etc/nginx/nginx.conf <<\"EON\"
       daemon off;
       user root;
       worker_processes auto;
@@ -39,7 +54,7 @@ services:
         include /etc/nginx/mime.types;
       
         upstream dls-backend {
-          server dls:443;
+          server dls:8000;  # must match dls listen port
         }
       
         server {
@@ -60,18 +75,17 @@ services:
           ssl_prefer_server_ciphers on;
       
           location / {
-            proxy_ssl_verify off;
             proxy_set_header Host $$http_host;
             proxy_set_header X-Real-IP $$remote_addr;
             proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $$scheme;
-            proxy_pass https://dls-backend$$request_uri;
+            proxy_pass http://dls-backend$$request_uri;
           }
       
           location = /-/health {
             access_log off;
             add_header 'Content-Type' 'application/json';
-            return 200; # '{\"status\":\"up\",\"service\":\"nginx\"}';
+            return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
           }
         }
       
@@ -84,12 +98,11 @@ services:
           server_name _;
       
           location /leasing/v1/lessor/shutdown {
-            proxy_ssl_verify off;
             proxy_set_header Host $$http_host;
             proxy_set_header X-Real-IP $$remote_addr;
             proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $$scheme;
-            proxy_pass https://dls-backend/leasing/v1/lessor/shutdown;
+            proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
           }
       
           location / {
@@ -99,16 +112,7 @@ services:
       }
       EON
       nginx
-      EOF'
-
-  dls:
-    image: collinwebdesigns/fastapi-dls:latest
-    restart: always
-    environment:
-      <<: *dls-variables
-    volumes:
-      - /opt/docker/fastapi-dls/cert:/app/cert
-      - db:/app/database
+      EOF"
 
 volumes:
   db:

From f5557a5ccd4711e341c8b5b17de72cfb7647ab94 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 17:46:19 +0100
Subject: [PATCH 04/11] README.md

---
 README.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c1e127d..2343585 100644
--- a/README.md
+++ b/README.md
@@ -336,10 +336,12 @@ Generate client token, (see [installation](#installation)).
 
 ### Others
 
-There are some more internal api endpoints for handling authentication and lease process.
+There are many other internal api endpoints for handling authentication and lease process.
 
 # Troubleshoot
 
+**Please make sure that fastapi-dls and your guests are on the same timezone!**
+
 ## Linux
 
 Logs are available with `journalctl -u nvidia-gridd -f`.
@@ -448,10 +450,7 @@ Dec 20 17:53:34 ubuntu-grid-server nvidia-gridd[10354]: License acquired success
 
 </details>
 
-### Error on releasing leases on shutdown (fixed in 1.3 by using reverse proxy)
-
-**UPDATE for version `1.3`**: This issue can be fixed by using a reverse proxy (e.g. `nginx`). Please read section
-below.
+### Error on releasing leases on shutdown (can be fixed with reverse proxy)
 
 The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint and
 is currently not implemented. The error message looks like and safely can be ignored (since we have no license

From 24dba89dbecee884af8b3f298a62bfc15e36b1fc Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 17:58:23 +0100
Subject: [PATCH 05/11] removed todos, currently all done or there is a branch
 for it

---
 README.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/README.md b/README.md
index 2343585..0ff38a2 100644
--- a/README.md
+++ b/README.md
@@ -9,10 +9,6 @@ Only the clients need a connection to this service on configured port.
 
 [[_TOC_]]
 
-## ToDo's
-
-- check why windows guests display "can't acquire license" although in log there is no message displayed and license is
-  also acquired successfully
 
 # Setup (Service)
 

From 02fccb3605e08787ff54a464fe0eb9bb7e21e121 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 18:05:07 +0100
Subject: [PATCH 06/11] README.md

---
 README.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 0ff38a2..6af952d 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,8 @@ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webse
 
 **Start container**
 
+To test if everything is set up properly you can start container as following:
+
 ```shell
 docker volume create dls-db
 docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert -v dls-db:/app/database collinwebdesigns/fastapi-dls:latest
@@ -41,7 +43,7 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
 
 **Docker-Compose / Deploy stack**
 
-Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example.
+Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with reverse proxy usage).
 
 ```yaml
 version: '3.9'
@@ -446,11 +448,10 @@ Dec 20 17:53:34 ubuntu-grid-server nvidia-gridd[10354]: License acquired success
 
 </details>
 
-### Error on releasing leases on shutdown (can be fixed with reverse proxy)
+### Error on releasing leases on shutdown (can be ignored and/or fixed with reverse proxy)
 
-The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint and
-is currently not implemented. The error message looks like and safely can be ignored (since we have no license
-limitation :P):
+The driver wants to release current leases on shutting down windows. This endpoint needs to be a http endpoint.
+The error message can safely be ignored (since we have no license limitation :P) and looks like this:
 
 <details>
   <summary>Log example</summary>
@@ -462,7 +463,7 @@ limitation :P):
 <0>:End Logging
 ```
 
-#### log with 1.3 and nginx as reverse proxy
+#### log with nginx as reverse proxy (see [docker-compose.yml](docker-compose.yml))
 
 ```
 <1>:NLS initialized

From aecad829143f9a0fafce3927f7dd83a4695b644b Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 18:12:59 +0100
Subject: [PATCH 07/11] main.py - added confirmation to deleteOrigins()

---
 app/main.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/main.py b/app/main.py
index 3bb2a3a..573cb42 100644
--- a/app/main.py
+++ b/app/main.py
@@ -115,14 +115,18 @@ async def _manage(request: Request):
             <title>FastAPI-DLS Management</title>
         </head>
         <body>
-            <button onclick="deleteOrigins()">delete origins and their leases</button>
+            <button onclick="deleteOrigins()">delete ALL origins and their leases</button>
             <button onclick="deleteLease()">delete specific lease</button>
             
             <script>
                 function deleteOrigins() {
-                    var xhr = new XMLHttpRequest();
-                    xhr.open("DELETE", '/-/origins', true);
-                    xhr.send();
+                    const response = confirm('Are you sure you want to delete all origins and their leases?');
+
+                    if (response) {
+                        var xhr = new XMLHttpRequest();
+                        xhr.open("DELETE", '/-/origins', true);
+                        xhr.send();
+                    }
                 }
                 function deleteLease(lease_ref) {
                     if(lease_ref === undefined)

From e71d4c4f4e02c943ba75ae5673a20184eabe44cc Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 18:27:57 +0100
Subject: [PATCH 08/11] fixed missing servie file for DEBIAN

---
 .DEBIAN/conffiles | 1 +
 .gitlab-ci.yml    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.DEBIAN/conffiles b/.DEBIAN/conffiles
index 008d731..cd8fdd7 100644
--- a/.DEBIAN/conffiles
+++ b/.DEBIAN/conffiles
@@ -1 +1,2 @@
 /etc/fastapi-dls/env
+/etc/systemd/system/fastapi-dls.service
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 95b343a..99bdf6e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -49,7 +49,7 @@ build:apt:
     - cp .DEBIAN/env.default build/etc/fastapi-dls/env
     # create service file
     - mkdir -p build/etc/systemd/system
-    - cp .DEBIAN/fastapi-dls.service build/etc/systemd/system
+    - cp .DEBIAN/fastapi-dls.service build/etc/systemd/system/fastapi-dls.service
     # cd into "build/"
     - cd build/
   script:

From 918022216953ede9a736b027e598f5bcfe2625c4 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 4 Jan 2023 21:46:02 +0100
Subject: [PATCH 09/11] README.md

---
 README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6af952d..c07deb3 100644
--- a/README.md
+++ b/README.md
@@ -238,8 +238,8 @@ After first success you have to replace `--issue` with `--renew`.
 | `SITE_KEY_XID`         | `00000000-0000-0000-0000-000000000000` | Site identification uuid                                                                             |
 | `INSTANCE_REF`         | `10000000-0000-0000-0000-000000000001` | Instance identification uuid                                                                         |
 | `ALLOTMENT_REF`        | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid                                                                        |
-| `INSTANCE_KEY_RSA`     | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs                                                           |
-| `INSTANCE_KEY_PUB`     | `<app-dir>/cert/instance.public.pem`   | Site-wide public key                                                                                 |
+| `INSTANCE_KEY_RSA`     | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs \*3                                                       |
+| `INSTANCE_KEY_PUB`     | `<app-dir>/cert/instance.public.pem`   | Site-wide public key \*3                                                                             |
 
 \*1 For example, if the lease period is one day and the renewal period is 20%, the client attempts to renew its license
 every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the
@@ -247,6 +247,8 @@ client has 19.2 hours in which to re-establish connectivity before its license e
 
 \*2 Always use `https`, since guest-drivers only support secure connections!
 
+\*3 If you recreate instance keys you need to **recreate client-token for each guest**!
+
 # Setup (Client)
 
 **The token file has to be copied! It's not enough to C&P file contents, because there can be special characters.**

From 851ec1a5c6f7359274aca5b752fc59c33ebcfe6a Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Thu, 5 Jan 2023 06:56:56 +0100
Subject: [PATCH 10/11] requirements.txt updated

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index cceb6a7..e505de0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,6 +3,6 @@ uvicorn[standard]==0.20.0
 python-jose==3.3.0
 pycryptodome==3.16.0
 python-dateutil==2.8.2
-sqlalchemy==1.4.45
+sqlalchemy==1.4.46
 markdown==3.4.1
 python-dotenv==0.21.0

From 1f3bc8b4afc190b30a198d5e6ed62de9b2833ffb Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Thu, 5 Jan 2023 07:22:25 +0100
Subject: [PATCH 11/11] .gitlab-ci.yml

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 99bdf6e..d87f25d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -279,7 +279,7 @@ release:prepare:
     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
   script:
     - source version.env
-    - echo &VERSION
+    - echo $VERSION
   artifacts:
     reports:
       dotenv: version.env