# Example Apache Reverse Proxy Configuration for Streamlit Training Monitor
# This config handles WebSocket connections needed for Streamlit's real-time updates
#
# Required Apache modules:
# - mod_ssl (for HTTPS)
# - mod_proxy
# - mod_proxy_http
# - mod_proxy_wstunnel
# - mod_headers (for CORS headers)
# - mod_rewrite (for HTTP to HTTPS redirect)
# Enable necessary modules if not already loaded
# LoadModule ssl_module modules/mod_ssl.so
# LoadModule proxy_module modules/mod_proxy.so
# LoadModule proxy_http_module modules/mod_proxy_http.so
# LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
# LoadModule headers_module modules/mod_headers.so
# LoadModule rewrite_module modules/mod_rewrite.so
# HTTP to HTTPS redirect
ServerName llm.winkinshly.site # Replace with your domain
ServerAdmin admin@example.com
# Redirect all HTTP traffic to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
# Optional: Logging
ErrorLog ${APACHE_LOG_DIR}/llm_http_error.log
CustomLog ${APACHE_LOG_DIR}/llm_http_access.log combined
# HTTPS configuration
ServerName llm.winkinshly.site # Replace with your domain
ServerAdmin admin@example.com
# SSL configuration - replace with your actual certificate paths
SSLEngine on
SSLCertificateFile /etc/ssl/certs/llm.winkinshly.site.crt
SSLCertificateKeyFile /etc/ssl/private/llm.winkinshly.site.key
# If using intermediate certificate:
# SSLCertificateChainFile /etc/ssl/certs/llm.winkinshly.site-chain.crt
# SSL protocol and cipher configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
# Security headers
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# CORS headers - important for cross-origin requests
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
Header always set Access-Control-Expose-Headers "Content-Length,Content-Range"
# Handle OPTIONS requests for CORS preflight
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
# Logging
ErrorLog ${APACHE_LOG_DIR}/llm_https_error.log
CustomLog ${APACHE_LOG_DIR}/llm_https_access.log combined
# Proxy to Streamlit server (adjust port if needed)
ProxyPreserveHost On
# Main proxy configuration for all requests
ProxyPass / http://localhost:8501/
ProxyPassReverse / http://localhost:8501/
# WebSocket support for Streamlit's _stcore endpoint
# This is CRITICAL for Streamlit's real-time updates
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/_stcore/(.*) ws://localhost:8501/_stcore/$1 [P,L]
# Alternative WebSocket configuration using ProxyPass
ProxyPass ws://localhost:8501/_stcore/
ProxyPassReverse ws://localhost:8501/_stcore/
# WebSocket specific settings
ProxySet connectiontimeout=604800
ProxySet timeout=604800
# Remove any buffering
SetEnv proxy-nokeepalive 1
SetEnv proxy-sendchunks 1
# Proxy settings for WebSocket connections
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) ws://localhost:8501/$1 [P,L]
# Proxy timeout settings (important for long-running connections)
ProxyTimeout 604800
# Additional proxy headers
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# Disable buffering for better real-time performance
SetEnv proxy-sendchunks 1
# Health check endpoint (optional)
SetHandler none
Require all granted
ErrorDocument 200 "healthy"
# HTTP-only configuration (if you don't want SSL)
#
# ServerName llm.winkinshly.site
# ServerAdmin admin@example.com
#
# # CORS headers
# Header always set Access-Control-Allow-Origin "*"
# Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
# Header always set Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
#
# # Handle OPTIONS requests
# RewriteEngine On
# RewriteCond %{REQUEST_METHOD} OPTIONS
# RewriteRule ^(.*)$ $1 [R=200,L]
#
# ErrorLog ${APACHE_LOG_DIR}/llm_http_error.log
# CustomLog ${APACHE_LOG_DIR}/llm_http_access.log combined
#
# # Proxy configuration
# ProxyPreserveHost On
# ProxyPass / http://localhost:8501/
# ProxyPassReverse / http://localhost:8501/
#
# # WebSocket support
# RewriteEngine On
# RewriteCond %{HTTP:Upgrade} websocket [NC]
# RewriteCond %{HTTP:Connection} upgrade [NC]
# RewriteRule ^/_stcore/(.*) ws://localhost:8501/_stcore/$1 [P,L]
#
#
# ProxyPass ws://localhost:8501/_stcore/
# ProxyPassReverse ws://localhost:8501/_stcore/
# ProxySet connectiontimeout=604800
# ProxySet timeout=604800
# SetEnv proxy-nokeepalive 1
# SetEnv proxy-sendchunks 1
#
#
# ProxyTimeout 604800
#
# # Health check
#
# SetHandler none
# Require all granted
# ErrorDocument 200 "healthy"
#
#
# Additional global settings that can be added to main Apache config
#
# Increase timeout for long-running WebSocket connections
# Timeout 604800
#
# Increase buffer sizes for better performance
# ProxyIOBufferSize 65536
#
# Enable connection pooling
# ProxyMaxConns 100
#
# Disable forward proxy
# ProxyRequests Off