Deploy to optical-dev.oliver.solutions

- Update Azure redirect URI and CORS origins to optical-dev - Remove root requirement from deploy.sh, use chmod instead of chown - Make CORS_ORIGINS configurable via env var in docker-compose - Add Apache VirtualHost config for optical-dev.oliver.solutions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-11 13:02:04 +00:00 · 2026-03-11 13:02:04 +00:00 · c6cd329c2f
commit c6cd329c2f
parent f217a5aea6
4 changed files with 47 additions and 9 deletions
--- a/.env.example
+++ b/.env.example
@ -8,7 +8,7 @@ UPLOAD_DIR=./data/uploads
 DEVICE=auto  # auto | cpu | cuda

 # CORS
-CORS_ORIGINS=http://localhost:1577
+CORS_ORIGINS=https://optical-dev.oliver.solutions

 # Server
 BACKEND_HOST=0.0.0.0
@ -25,4 +25,4 @@ AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
 # Frontend Azure AD (Vite env vars)
 VITE_AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
 VITE_AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
-VITE_AZURE_REDIRECT_URI=https://ai-sandbox.oliver.solutions/olivas
+VITE_AZURE_REDIRECT_URI=https://optical-dev.oliver.solutions/olivas
--- a/deploy.sh
+++ b/deploy.sh
@ -21,11 +21,6 @@ success() { printf '\033[1;32m[OK]\033[0m    %s\n' "$*"; }
 # ---------------------------------------------------------------------------
 # 1. Preflight checks
 # ---------------------------------------------------------------------------
-if [[ $EUID -ne 0 ]]; then
-  error "This script must be run as root."
-  exit 1
-fi
-
 if ! command -v docker &>/dev/null; then
  error "docker is not installed."
  exit 1
@ -124,7 +119,7 @@ info "Deploying frontend to $WEB_DIR..."
 mkdir -p "$WEB_DIR"
 rm -rf "${WEB_DIR:?}"/*
 cp -r "$REPO_DIR/frontend/dist/"* "$WEB_DIR/"
-chown -R www-data:www-data "$WEB_DIR"
+chmod -R a+rX "$WEB_DIR"
 success "Frontend deployed."

 # ---------------------------------------------------------------------------
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -23,7 +23,7 @@ services:
      DATABASE_URL: postgresql+asyncpg://olivas:olivas@postgres:5432/olivas
      UPLOAD_DIR: /app/data/uploads
      DEVICE: auto
-      CORS_ORIGINS: http://localhost:1577
+      CORS_ORIGINS: ${CORS_ORIGINS:-http://localhost:1577}
      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
      # Google Cloud Run — set these to enable Cloud Run offloading
      CLOUD_RUN_SALIENCY_URL: ${CLOUD_RUN_SALIENCY_URL:-}
--- a/olivas-apache.conf
+++ b/olivas-apache.conf
@ -0,0 +1,43 @@
+<VirtualHost *:80>
+    ServerName optical-dev.oliver.solutions
+    Redirect permanent / https://optical-dev.oliver.solutions/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName optical-dev.oliver.solutions
+
+    DocumentRoot /var/www/html/olivas
+
+    # Required Apache modules: mod_proxy mod_proxy_http mod_rewrite mod_ssl mod_headers
+
+    SSLEngine on
+    SSLCertificateFile    /etc/letsencrypt/live/optical-dev.oliver.solutions/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/optical-dev.oliver.solutions/privkey.pem
+
+    # Proxy /api/ to FastAPI backend
+    ProxyPreserveHost On
+    ProxyPass /api/ http://127.0.0.1:8000/api/
+    ProxyPassReverse /api/ http://127.0.0.1:8000/api/
+
+    # Forward real IP to backend
+    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+    RequestHeader set X-Forwarded-Proto https
+
+    # SPA routing — serve index.html for non-file requests
+    <Directory /var/www/html/olivas>
+        Options -Indexes +FollowSymLinks
+        AllowOverride None
+        Require all granted
+        RewriteEngine On
+        RewriteBase /
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteCond %{REQUEST_FILENAME} !-d
+        RewriteRule ^ index.html [L]
+    </Directory>
+
+    # Large file uploads (match nginx's 50M)
+    LimitRequestBody 52428800
+
+    ErrorLog ${APACHE_LOG_DIR}/olivas-error.log
+    CustomLog ${APACHE_LOG_DIR}/olivas-access.log combined
+</VirtualHost>