fixed imports

# Conflicts:
#	app/main.py

.DEBIAN/env.default

@@ -1,6 +1,9 @@
 # Toggle debug mode
 #DEBUG=false
 
+# Cert Path
+CERT_PATH="/etc/fastapi-dls/cert"
+
 # Where the client can find the DLS server
 DLS_URL=127.0.0.1
 DLS_PORT=443

.DEBIAN/postinst

@@ -3,6 +3,8 @@
 WORKING_DIR=/usr/share/fastapi-dls
 CONFIG_DIR=/etc/fastapi-dls
 
+source $CONFIG_DIR/env
+
 while true; do
   [ -f $CONFIG_DIR/webserver.key ] && default_answer="N" || default_answer="Y"
   [ $default_answer == "Y" ] && V="Y/n" || V="y/N"
@@ -25,27 +27,32 @@ if [ -f $CONFIG_DIR/webserver.key ]; then
 
   if [ -x "$(command -v curl)" ]; then
     echo "> Testing API ..."
-    source $CONFIG_DIR/env
     curl --insecure -X GET https://$DLS_URL:$DLS_PORT/-/health
   else
     echo "> Testing API failed, curl not available. Please test manually!"
   fi
 fi
 
+echo "> Create Certificate-Chain folder ..."
+mkdir -p $CERT_PATH
+
+echo "> Set permissions ..."
 chown -R www-data:www-data $CONFIG_DIR
 chown -R www-data:www-data $WORKING_DIR
 
+echo "> Done."
+
 cat <<EOF
 
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 #                                                                             #
 #    fastapi-dls is now installed.                                            #
 #                                                                             #
-#    Service should be up and running.                                        #
-#      Webservice is listen to https://localhost                              #
-#                                                                             #
-#    Configuration is stored in /etc/fastapi-dls/env.                         #
+#    Service should be up and running (if you choose to auto-generate         #
+#     self-signed webserver certificate).                                     #
 #                                                                             #
+#    - Webservice is listen to https://localhost                              #                                                                       #
+#    - Configuration is stored in /etc/fastapi-dls/env                        #
 #                                                                             #
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 

README.md

@@ -5,12 +5,12 @@ Minimal Delegated License Service (DLS).
 > [!warning] Branch support
 > FastAPI-DLS Version 1.x supports up to **`17.x`** releases. \
 > FastAPI-DLS Version 2.x is backwards compatible to `17.x` and supports **`18.x`** releases in combination
-> with [gridd-unlock-patcher](https://git.collinwebdesigns.de/oscar.krause/gridd-unlock-patcher).
+> with [gridd-unlock-patcher](https://git.collinwebdesigns.de/vgpu/gridd-unlock-patcher).
 > Other combinations of FastAPI-DLS and Driver-Branches may work but are not tested.
 
 > [!note] Compatibility
-> Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1, 3.4.0. For Driver compatibility
-> see [compatibility matrix](#vgpu-software-compatibility-matrix).
+> Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1, 3.4.0. **For Driver compatibility
+> see [compatibility matrix](#vgpu-software-compatibility-matrix)**.
 
 This service can be used without internet connection.
 Only the clients need a connection to this service on configured port.
@@ -18,7 +18,6 @@ Only the clients need a connection to this service on configured port.
 **Official Links**
 
 * https://git.collinwebdesigns.de/oscar.krause/fastapi-dls (Private Git)
-* https://gitea.publichub.eu/oscar.krause/fastapi-dls (Public Git)
 * https://hub.docker.com/r/collinwebdesigns/fastapi-dls (Docker-Hub `collinwebdesigns/fastapi-dls:latest`)
 
 *All other repositories are forks! (which  is no bad - just for information and bug reports)*
@@ -416,7 +415,141 @@ acme.sh --issue -d example.com \
 
 After first success you have to replace `--issue` with `--renew`.
 
-# Configuration
+## Nginx Reverse Proxy (experimental)
+
+- This guide is written for Debian/Ubuntu systems, other may work, but you have to do your setup on your own
+- Uvicorn does no longer serve requests directly
+- NGINX is used as HTTP & HTTPS entrypoint
+- Assumes you already have set up webserver certificate and private-key
+
+**Install Nginx Webserver**
+
+```shell
+apt-get install nginx-light
+```
+
+**Remove default vhost**
+
+```shell
+rm /etc/nginx/sites-enabled/default
+```
+
+**Create fastapi-dls vhost**
+
+<details>
+    <summary>`/etc/nginx/sites-available/fastapi-dls`</summary>
+
+```
+upstream dls-backend {
+        server 127.0.0.1:8000;  # must match dls listen port
+}
+
+server {
+        listen 443 ssl http2 default_server;
+        listen [::]:443 ssl http2 default_server;
+
+        root /var/www/html;
+        index index.html;
+        server_name _;
+
+        ssl_certificate "/etc/fastapi-dls/cert/webserver.crt";
+        ssl_certificate_key "/etc/fastapi-dls/cert/webserver.key";
+        ssl_session_cache shared:SSL:1m;
+        ssl_session_timeout 10m;
+        ssl_protocols TLSv1.3 TLSv1.2;
+        # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
+        # ssl_ciphers PROFILE=SYSTEM;
+        ssl_prefer_server_ciphers on;
+
+        location / {
+                # https://www.uvicorn.org/deployment/
+                proxy_set_header Host $http_host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection $connection_upgrade;
+                proxy_redirect off;
+                proxy_buffering off;
+
+                proxy_set_header X-Real-IP $remote_addr;
+
+                proxy_pass http://dls-backend$request_uri;
+        }
+
+        location = /-/health {
+                access_log off;
+                add_header 'Content-Type' 'application/json';
+                return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
+        }
+}
+
+map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+}
+
+server {
+        listen 80;
+        listen [::]:80;
+
+        root /var/www/html;
+        index index.html;
+        server_name _;
+
+        location /leasing/v1/lessor/shutdown {
+                proxy_set_header Host $http_host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
+        }
+
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+```
+</details>
+
+**Enable and test vhost**
+
+```shell
+ln -s /etc/nginx/sites-available/fastapi-dls /etc/nginx/sites-enabled/fastapi-dls
+
+nginx -t
+# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+# nginx: configuration file /etc/nginx/nginx.conf test is successful
+```
+
+**Override default fastapi-dls systemd service**
+
+```shell
+mkdir /etc/systemd/system/fastapi-dls.service.d
+```
+
+<details>
+    <summary>`/etc/systemd/system/fastapi-dls.service.d/override.conf`</summary>
+
+```
+[Service]
+ExecStart=
+ExecStart=uvicorn main:app \
+  --env-file /etc/fastapi-dls/env \
+  --host 127.0.0.1 --port 8000 \
+  --app-dir /usr/share/fastapi-dls/app \
+  --proxy-headers
+```
+</details>
+
+**Run**
+
+```shell
+systemctl daemon-reload
+service nginx start
+service fastapi-dls start
+```
+
+# Configuration (Service)
 
 | Variable               | Default                                | Usage                                                                                                |
 |------------------------|----------------------------------------|------------------------------------------------------------------------------------------------------|
@@ -750,14 +883,14 @@ The error message can safely be ignored (since we have no license limitation :P)
 # vGPU Software Compatibility Matrix
 
 <details>
-  <summary>Show Table</summary>
-
-Successfully tested with this package versions.
+  <summary>Successfully tested with this package versions: Show Table</summary>
 
 | FastAPI-DLS Version | vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver |  Release Date |      EOL Date |
 |---------------------|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
-| `2.x`               |    `18.1`     |   **R570**    | `570.133.08`       | `570.133.07` | `572.83`       |    April 2025 |    March 2026 |
-|                     |    `18.0`     |   **R570**    | `570.124.03`       | `570.124.06` | `572.60`       |    March 2025 |    March 2026 |
+| `2.x`               |    `18.3`     |   **R570**    | `570.158.02`       | `570.158.01` | `573.36`       |     June 2025 |    March 2026 |
+|                     |    `18.2`     |   **R570**    | `570.148.06`       | `570.148.08` | `573.07`       |      May 2025 |               |
+|                     |    `18.1`     |   **R570**    | `570.133.08`       | `570.133.07` | `572.83`       |    April 2025 |               |
+|                     |    `18.0`     |   **R570**    | `570.124.03`       | `570.124.06` | `572.60`       |    March 2025 |               |
 | `1.x` & `2.x`       |    `17.6`     |   **R550**    | `550.163.02`       | `550.63.01`  | `553.74`       |    April 2025 |     June 2025 |
 |                     |    `17.5`     |               | `550.144.02`       | `550.144.03` | `553.62`       |  January 2025 |               |
 |                     |    `17.4`     |               | `550.127.06`       | `550.127.05` | `553.24`       |  October 2024 |               |
@@ -791,6 +924,6 @@ Special thanks to:
 - `Krutav Shah` who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
 - `Wim van 't Hoog` for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
 - `mrzenc` who wrote [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos)
-- `electricsheep49` who wrote [gridd-unlock-patcher](https://git.collinwebdesigns.de/oscar.krause/gridd-unlock-patcher)
+- `electricsheep49` who wrote [gridd-unlock-patcher](https://git.collinwebdesigns.de/vgpu/gridd-unlock-patcher)
 
 And thanks to all people who contributed to all these libraries!

ROADMAP.md

@@ -2,6 +2,17 @@
 
 I am planning to implement the following features in the future.
 
+## Patching Endpoint
+
+A (optional) Path-Variable to `gridd-unlock-patcher` which enables an additional endpoint.
+Here you can upload your `nvidia-gridd` binary or `nvxdapix.dll` which then will be patched and responded.
+
+## All-In-One Installer Script Endpoint
+
+A new all-in-one installer endpoint
+(here a script is returned for linux or windows which then could be called like
+curl https://<fastapi-dls>/-/install/deb | sh which then
+download and place a client-token in the right directory, patch your girdd / dll and restart nvidia-gridd service)
 
 ## HA - High Availability
 

app/main.py

@@ -6,7 +6,7 @@ from datetime import datetime, timedelta, UTC
 from hashlib import sha256
 from json import loads as json_loads, dumps as json_dumps
 from os import getenv as env
-from os.path import join, dirname
+from os.path import join, dirname, exists, isdir, isfile
 from textwrap import wrap
 from uuid import uuid4
 
@@ -20,6 +20,7 @@ from jose.constants import ALGORITHMS
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker
 from starlette.middleware.cors import CORSMiddleware
+from starlette.staticfiles import StaticFiles
 
 from orm import Origin, Lease, init as db_init, migrate
 from util import CASetup, PrivateKey, Cert, ProductMapping, load_file
@@ -50,6 +51,7 @@ LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
 LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
 CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
+DRIVERS_DIR = env('DRIVERS_DIR', None)
 DT_FORMAT = '%Y-%m-%dT%H:%M:%S.%fZ'
 PRODUCT_MAPPING = ProductMapping(filename=join(dirname(__file__), 'static/product_mapping.json'))
 
@@ -100,6 +102,9 @@ async def lifespan(_: FastAPI):
 config = dict(openapi_url=None, docs_url=None, redoc_url=None)  # dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
 app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, lifespan=lifespan, **config)
 
+if DRIVERS_DIR is not None:
+    app.mount('/-/static-drivers', StaticFiles(directory=str(DRIVERS_DIR), html=False), name='drivers')
+
 app.debug = DEBUG
 app.add_middleware(
     CORSMiddleware,
@@ -206,6 +211,25 @@ async def _manage(request: Request):
     return Response(response, media_type='text/html', status_code=200)
 
 
+@app.get('/-/drivers/{directory:path}', summary='* List drivers directory')
+async def _drivers(request: Request, directory: str | None):
+    if DRIVERS_DIR is None:
+        return Response(status_code=404, content=f'Variable "DRIVERS_DIR" not set.')
+
+    path = join(DRIVERS_DIR, directory)
+
+    if not exists(path) and not isfile(path):
+        return Response(status_code=404, content=f'Resource "{path}" not found!')
+
+    content = [{
+        "type": "file" if isfile(f'{path}/{_}') else "folder" if isdir(f'{path}/{_}') else "unknown",
+        "name": _,
+        "link": f'/-/static-drivers/{directory}{_}',
+    } for _ in listdir(path)]
+
+    return Response(content=json_dumps({"directory": path, "content": content}), media_type='application/json', status_code=200)
+
+
 @app.get('/-/origins', summary='* Origins')
 async def _origins(request: Request, leases: bool = False):
     session = sessionmaker(bind=db)()

requirements.txt

@@ -1,8 +1,8 @@
-fastapi==0.115.12
-uvicorn[standard]==0.34.2
-python-jose[cryptography]==3.4.0
-cryptography==44.0.3
+fastapi==0.115.14
+uvicorn[standard]==0.35.0
+python-jose[cryptography]==3.5.0
+cryptography==45.0.5
 python-dateutil==2.9.0
-sqlalchemy==2.0.40
-markdown==3.8
-python-dotenv==1.1.0
+sqlalchemy==2.0.41
+markdown==3.8.2
+python-dotenv==1.1.1