From 7622b650afce31e4bbee06c0c31d0c8a8171257b Mon Sep 17 00:00:00 2001 From: nickviljoen Date: Sat, 9 May 2026 17:05:39 +0200 Subject: [PATCH] Apache: consolidate dev+prod into single Include-style snippet Match the convention used by every other app on optical-{dev,prod}: each app ships one /opt//deploy/.conf, and the per-host vhost adds a single `Include` line. Combines apache-dev.conf and apache-prod.conf (which were identical) into apache-hm-aiqc.conf. Drops X-Forwarded-Proto and ProxyPreserveHost since the parent vhost already sets them globally. Raises the body size to 500MB inside /hm-aiqc/ for video uploads. --- deploy/apache-dev.conf | 28 ---------------------------- deploy/apache-hm-aiqc.conf | 37 +++++++++++++++++++++++++++++++++++++ deploy/apache-prod.conf | 28 ---------------------------- 3 files changed, 37 insertions(+), 56 deletions(-) delete mode 100644 deploy/apache-dev.conf create mode 100644 deploy/apache-hm-aiqc.conf delete mode 100644 deploy/apache-prod.conf diff --git a/deploy/apache-dev.conf b/deploy/apache-dev.conf deleted file mode 100644 index 00b8e1f..0000000 --- a/deploy/apache-dev.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Apache Location block for HM AI QC on optical-dev. -# -# Insert inside the existing for -# ServerName optical-dev.oliver.solutions -# and reload: -# sudo systemctl reload apache2 -# -# Required modules (enable once if not already): -# sudo a2enmod proxy proxy_http headers -# -# The X-Script-Name header is read by wsgi.py's ReverseProxied middleware -# so url_for() generates URLs prefixed with /hm-aiqc. - -ProxyPass /hm-aiqc/ http://127.0.0.1:5050/ -ProxyPassReverse /hm-aiqc/ http://127.0.0.1:5050/ - -# Bare /hm-aiqc (no trailing slash) → redirect with slash so the prefix matches -RewriteEngine On -RewriteRule ^/hm-aiqc$ /hm-aiqc/ [R=301,L] - - - RequestHeader set X-Script-Name "/hm-aiqc" - RequestHeader set X-Forwarded-Proto "https" - ProxyPreserveHost On - - # Long-running endpoints (QC execution, Box searches, video analysis) - ProxyTimeout 600 - diff --git a/deploy/apache-hm-aiqc.conf b/deploy/apache-hm-aiqc.conf new file mode 100644 index 0000000..626a1a0 --- /dev/null +++ b/deploy/apache-hm-aiqc.conf @@ -0,0 +1,37 @@ +# HM AI QC — Apache snippet (Include'd into the per-host vhost). +# +# Wire-up on each server: +# /etc/apache2/sites-enabled/.conf — already exists for OliVAS etc. +# Add inside the existing block (next to the other +# per-app Include lines): +# +# Include /opt/hm-aiqc/deploy/apache-hm-aiqc.conf +# +# Then: sudo apache2ctl configtest && sudo systemctl reload apache2 +# +# Required modules (enable once if not already): +# sudo a2enmod proxy proxy_http headers rewrite +# +# This server fronts plain HTTP only — SSL is terminated by the upstream +# load balancer. The parent vhost already sets X-Forwarded-Proto: https +# and ProxyPreserveHost On globally, so we don't repeat them here. +# +# X-Script-Name is read by wsgi.py's ReverseProxied middleware so Flask's +# url_for() emits /hm-aiqc/... prefixes correctly. + +ProxyPass /hm-aiqc/ http://127.0.0.1:5050/ +ProxyPassReverse /hm-aiqc/ http://127.0.0.1:5050/ + +# /hm-aiqc (no trailing slash) → /hm-aiqc/ +RewriteEngine On +RewriteRule ^/hm-aiqc$ /hm-aiqc/ [R=301,L] + + + RequestHeader set X-Script-Name "/hm-aiqc" + + # Video uploads can exceed the 100MB vhost-wide cap — raise to 500MB here + LimitRequestBody 524288000 + + # Long-running endpoints (QC execution, Box searches, video analysis) + ProxyTimeout 600 + diff --git a/deploy/apache-prod.conf b/deploy/apache-prod.conf deleted file mode 100644 index d6565c0..0000000 --- a/deploy/apache-prod.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Apache Location block for HM AI QC on optical-prod. -# -# Insert inside the existing for -# ServerName optical-prod.oliver.solutions -# and reload: -# sudo systemctl reload apache2 -# -# Required modules (enable once if not already): -# sudo a2enmod proxy proxy_http headers -# -# The X-Script-Name header is read by wsgi.py's ReverseProxied middleware -# so url_for() generates URLs prefixed with /hm-aiqc. - -ProxyPass /hm-aiqc/ http://127.0.0.1:5050/ -ProxyPassReverse /hm-aiqc/ http://127.0.0.1:5050/ - -# Bare /hm-aiqc (no trailing slash) → redirect with slash so the prefix matches -RewriteEngine On -RewriteRule ^/hm-aiqc$ /hm-aiqc/ [R=301,L] - - - RequestHeader set X-Script-Name "/hm-aiqc" - RequestHeader set X-Forwarded-Proto "https" - ProxyPreserveHost On - - # Long-running endpoints (QC execution, Box searches, video analysis) - ProxyTimeout 600 -