diff --git a/.env.example b/.env.example
index c11d0a6..883f7e6 100644
--- a/.env.example
+++ b/.env.example
@@ -8,7 +8,7 @@ UPLOAD_DIR=./data/uploads
DEVICE=auto # auto | cpu | cuda
# CORS
-CORS_ORIGINS=http://localhost:1577
+CORS_ORIGINS=https://optical-dev.oliver.solutions
# Server
BACKEND_HOST=0.0.0.0
@@ -25,4 +25,4 @@ AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
# Frontend Azure AD (Vite env vars)
VITE_AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
VITE_AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
-VITE_AZURE_REDIRECT_URI=https://ai-sandbox.oliver.solutions/olivas
+VITE_AZURE_REDIRECT_URI=https://optical-dev.oliver.solutions/olivas
diff --git a/deploy.sh b/deploy.sh
index 94049d0..9d4cbae 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -21,11 +21,6 @@ success() { printf '\033[1;32m[OK]\033[0m %s\n' "$*"; }
# ---------------------------------------------------------------------------
# 1. Preflight checks
# ---------------------------------------------------------------------------
-if [[ $EUID -ne 0 ]]; then
- error "This script must be run as root."
- exit 1
-fi
-
if ! command -v docker &>/dev/null; then
error "docker is not installed."
exit 1
@@ -124,7 +119,7 @@ info "Deploying frontend to $WEB_DIR..."
mkdir -p "$WEB_DIR"
rm -rf "${WEB_DIR:?}"/*
cp -r "$REPO_DIR/frontend/dist/"* "$WEB_DIR/"
-chown -R www-data:www-data "$WEB_DIR"
+chmod -R a+rX "$WEB_DIR"
success "Frontend deployed."
# ---------------------------------------------------------------------------
diff --git a/docker-compose.yml b/docker-compose.yml
index 9128279..9602afc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,7 +23,7 @@ services:
DATABASE_URL: postgresql+asyncpg://olivas:olivas@postgres:5432/olivas
UPLOAD_DIR: /app/data/uploads
DEVICE: auto
- CORS_ORIGINS: http://localhost:1577
+ CORS_ORIGINS: ${CORS_ORIGINS:-http://localhost:1577}
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
# Google Cloud Run — set these to enable Cloud Run offloading
CLOUD_RUN_SALIENCY_URL: ${CLOUD_RUN_SALIENCY_URL:-}
diff --git a/olivas-apache.conf b/olivas-apache.conf
new file mode 100644
index 0000000..6c010fd
--- /dev/null
+++ b/olivas-apache.conf
@@ -0,0 +1,43 @@
+
+ ServerName optical-dev.oliver.solutions
+ Redirect permanent / https://optical-dev.oliver.solutions/
+
+
+
+ ServerName optical-dev.oliver.solutions
+
+ DocumentRoot /var/www/html/olivas
+
+ # Required Apache modules: mod_proxy mod_proxy_http mod_rewrite mod_ssl mod_headers
+
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/optical-dev.oliver.solutions/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/optical-dev.oliver.solutions/privkey.pem
+
+ # Proxy /api/ to FastAPI backend
+ ProxyPreserveHost On
+ ProxyPass /api/ http://127.0.0.1:8000/api/
+ ProxyPassReverse /api/ http://127.0.0.1:8000/api/
+
+ # Forward real IP to backend
+ RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+ RequestHeader set X-Forwarded-Proto https
+
+ # SPA routing — serve index.html for non-file requests
+
+ Options -Indexes +FollowSymLinks
+ AllowOverride None
+ Require all granted
+ RewriteEngine On
+ RewriteBase /
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^ index.html [L]
+
+
+ # Large file uploads (match nginx's 50M)
+ LimitRequestBody 52428800
+
+ ErrorLog ${APACHE_LOG_DIR}/olivas-error.log
+ CustomLog ${APACHE_LOG_DIR}/olivas-access.log combined
+