Django and Flask have been the long running Python web frameworks that everyone chooses. FastAPI is a newish micro framework that allows for quick REST API development. We've been using FastAPI to write most of our microservices and it's working out pretty well. One catch is everything being asynchronous, but since FastAPI exposes a decorator for startup events, you can add them there vs manually creating tasks on the loop.

To get started it's pretty simple. Create a file named main.py

from fastapi import FastAPI

app = FastAPI()


@app.get("/testing/{id}")
async def get_test(id: int):
    data = {"id": id}
    return data

Then just run your app with Uvicorn: uvicorn "main:app" --reload

--reload adds live reloading for when you make changes.

The handler methods are defined through the decorators @app.get, @app.post, etc. This method makes a nice quick way to define endpoints. Decorators also control startup and shutdown events and even middleware. So adding middleware to your requests is pretty trivial:

@app.middleware("http")
async def timer(request: Request, call_next):
    start = time.time()
    resp = await call_next(request)
    total_time = time.time() - start
    print(f'request took {total_time} seconds')

    return resp

So to put that all together it looks like this:

from fastapi import FastAPI, Request
import time


app = FastAPI()


@app.middleware("http")
async def timer(request: Request, call_next):
    start = time.time()
    resp = await call_next(request)
    total_time = time.time() - start
    print(f'request took {total_time} seconds')

    return resp


@app.get("/testing/{id}")
async def get_test(id: int):
    data = {"id": id}
    return data

https://www.manageengine.com/products/desktop-central/help/computer_configuration/executing_custom_scripts.html

@gjacobse said in WinRM: Security Question:

While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.

https://www.manageengine.com/products/free-windows-tools/free-remote-command-prompt-tool.html

Just have PAM verify the cert if you want the perceived second layer of auth.

https://github.com/uber/pam-ussh

@scottalanmiller said in What does your desk look like?:

@stacksofplates said in What does your desk look like?:

@scottalanmiller said in What does your desk look like?:

#ThrowBackThursday

NTG employee #1, John Stephens, working from the NTG Geneseo Offices in 2006.

Didn't NTG start like in the 90's?

Yup. Why?

Well employee #1 sounded like it just started around 2006.

@scottalanmiller said in What does your desk look like?:

#ThrowBackThursday

NTG employee #1, John Stephens, working from the NTG Geneseo Offices in 2006.

Didn't NTG start like in the 90's?

@dashrender said in How to Secure a Website at Home:

@stacksofplates said in How to Secure a Website at Home:

@dashrender said in How to Secure a Website at Home:

@obsolesce said in How to Secure a Website at Home:

@hobbit666 said in How to Secure a Website at Home:

@JaredBusch thanks for the detailed example

Thanks all for the input. Will look at Azure/AWS etc for hosting if I will only be under a £1

Why not GitHub or GitLab for free?

That's the part of JB's explanation I didn't get - will GitHub/GitLab actually host your static page for free? can you point your own domain name at it?

Yes.

It's an artifact from a pipeline build. So pages just points to that artifact directory. You just define a CNAME to point to the generated URL. They will handle HTTPS with LetsEncrypt for you.

What does the URL look like to the end user?

My blog's generated URL is this https://john-hooks.gitlab.io/sites/site/ but you just create a CNAME and the URL everyone would use is https://hooks.technology.

My project https://gophemeral.com is also a static site hosted at Vercel. It's built with Hugo and there's an API that's a serverless function hosted with them which does the work and returns it to the Hugo site. That's also all free.

I recommend Vercel. It has a ton of features, builds are quick, and DNS is pretty easy with them. You also get multiple deployments so you can have different versions of the site which is something you don't get with GitLab (not sure about GitHub). And you can easily roll back to a version if there's an issue.

@dashrender said in How to Secure a Website at Home:

@obsolesce said in How to Secure a Website at Home:

@hobbit666 said in How to Secure a Website at Home:

@JaredBusch thanks for the detailed example

Thanks all for the input. Will look at Azure/AWS etc for hosting if I will only be under a £1

Why not GitHub or GitLab for free?

That's the part of JB's explanation I didn't get - will GitHub/GitLab actually host your static page for free? can you point your own domain name at it?

Yes.

It's an artifact from a pipeline build. So pages just points to that artifact directory. You just define a CNAME to point to the generated URL. They will handle HTTPS with LetsEncrypt for you.

@dashrender said in Technologies Begging to be Ransomwared:

@stacksofplates said in Technologies Begging to be Ransomwared:

@dashrender said in Technologies Begging to be Ransomwared:

@travisdh1 said in Technologies Begging to be Ransomwared:

@hobbit666 said in Technologies Begging to be Ransomwared:

@scottalanmiller said in Technologies Begging to be Ransomwared:

If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.

So how does that create the 20 users on all 100 machines?

Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.

yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.

But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.

I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.

it's jumpcloud just an AD replacement? If not - forgive because I've never used it.

It creates local users/groups on the systems using an agent. It also does limited configuration management.

@hobbit666 said in How to Secure a Website at Home:

@obsolesce said in How to Secure a Website at Home:

I thought static as in literally static html pages. If you are talking about WordPress and PHP pages, that won't work on anything I mentioned, unless you have something running somewhere else that converts them to static HTML pages and pushes them to there.

It was going to be static but wanted to upload larger images but not have them taking up the page, and just clicking to enlarge for full view. Hence thinking a CMS with light box.
But happy if there's a simple was to do it with just HTML and PHP

As I mentioned my coding skills were lost 20+ years ago

The image enlarging would most likely be JavaScript. Just use a theme with Hugo or some other store generator that ha a gallery display that you want.

@travisdh1 said in Technologies Begging to be Ransomwared:

@stacksofplates said in Technologies Begging to be Ransomwared:

@dashrender said in Technologies Begging to be Ransomwared:

@travisdh1 said in Technologies Begging to be Ransomwared:

@hobbit666 said in Technologies Begging to be Ransomwared:

@scottalanmiller said in Technologies Begging to be Ransomwared:

If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.

So how does that create the 20 users on all 100 machines?

Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.

yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.

But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.

I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.

I haven't used Jumpcloud because the free tier is so limited, even for my home lab I'd have to pay.

Why use it for anything other than laptops/workstations? I wouldn't use it for server logins. I assumed this discussion was about client devices not servers.

@hobbit666 said in How to Secure a Website at Home:

@obsolesce said in How to Secure a Website at Home:

You can do that for free at Gitlab, GitHub, AWS, Azure, GCP, etc...

Why wast time and resources doing it at home?

I tried WordPress free hosting, but to use plugins you have to pay

Never heard of Gitlab before until Jared mentioned it. AWS / Azure wasn't aware of any free teirs after trial periods have finished, but will look closer see what I can find.

GCP has an always free tier. GitLab pages and GitHub pages will host static sites for free.

I have my wife's business site on gitlab pages and I have a static site for documentation for an API I wrote on GitHub pages and I have a project I wrote on Vercel. Vercel is by far the most featureful and IMO better than the others. It will host the static sites and server less functions.

They work really well.

The reverse proxy aspect only really adds benefit when you need to load balance across multiple services.

@pete-s said in How to Secure a Website at Home:

@stacksofplates said in How to Secure a Website at Home:

@pete-s said in How to Secure a Website at Home:

@stacksofplates said in How to Secure a Website at Home:

@stacksofplates said in How to Secure a Website at Home:

You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

Krakend is just a json config: https://www.krakend.io/docs/authorization/client-credentials/

Kong has an open source plugin for oidc.

They're both easy to configure. Then you could just limit logins by Google account or whatever through something like Auth0.

You could do that on wordpress directly too I believe.

This blocks you before you even hit that though, so you don't need to worry about vulnerabilities in WordPress. Then just pass the JWT through to WP.

True, but you can authenticate directly on apache too - before wordpress is involved. Apache can do both oidc and saml. Nginx can only do oidc afaik.

Only nginx plus can do oidc. Apache can but it's more difficult which is why I mentioned the gateways. It's much easier to configure auth and things like rate limiting with an API gateway.

@pete-s said in How to Secure a Website at Home:

@stacksofplates said in How to Secure a Website at Home:

@stacksofplates said in How to Secure a Website at Home:

You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

Krakend is just a json config: https://www.krakend.io/docs/authorization/client-credentials/

Kong has an open source plugin for oidc.

They're both easy to configure. Then you could just limit logins by Google account or whatever through something like Auth0.

You could do that on wordpress directly too I believe.

This blocks you before you even hit that though, so you don't need to worry about vulnerabilities in WordPress. Then just pass the JWT through to WP.

@dashrender said in Technologies Begging to be Ransomwared:

@travisdh1 said in Technologies Begging to be Ransomwared:

@hobbit666 said in Technologies Begging to be Ransomwared:

@scottalanmiller said in Technologies Begging to be Ransomwared:

If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.

So how does that create the 20 users on all 100 machines?

Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.

yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.

But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.

I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.

@stacksofplates said in How to Secure a Website at Home:

You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

Krakend is just a json config: https://www.krakend.io/docs/authorization/client-credentials/

Kong has an open source plugin for oidc.

They're both easy to configure. Then you could just limit logins by Google account or whatever through something like Auth0.

You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

@dustinb3403 said in So Windows 11??:

@irj said in So Windows 11??:

I disagree. Desktop as a service has no money in it.

It absolutely does have money in it, specifically so ads can be targeted to people who use said desktop. What other reason could there be for this push to need a Microsoft account to use a desktop?

It's all driven by money and to believe that there is no money in DaaS is looking at a tree but ignoring the forest...

They can use ads without it being a service. Look at what Ubuntu did how many years ago with Amazon.