From 7c226848cba987bb7862017ee8ef96861acb4611 Mon Sep 17 00:00:00 2001
From: dsyoon <dosangyoon@gmail.com>
Date: Fri, 30 Jan 2026 14:39:36 +0900
Subject: [PATCH] =?UTF-8?q?Harden=20Apache=20SSL=20proxy=20and=20uvicorn?=
 =?UTF-8?q?=20=D0=B7=D0=B0=D0=BF=D1=83=D1=81=D0=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add HTTP->HTTPS redirect, SSL settings, and run uvicorn via Python module for compatibility.
---
 apache/tts.conf | 17 +++++++++++++----
 server/run.sh   |  2 +-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/apache/tts.conf b/apache/tts.conf
index f44ac13..ba00459 100644
--- a/apache/tts.conf
+++ b/apache/tts.conf
@@ -1,12 +1,21 @@
 <VirtualHost *:80>
   ServerName tts.ncue.net
+  Redirect permanent / https://tts.ncue.net/
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName tts.ncue.net
+
+  SSLEngine on
+  SSLCertificateFile /etc/letsencrypt/live/ncue.net/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/ncue.net/privkey.pem
+  # 선택: 체인 파일이 필요하면 아래 경로 사용
+  # SSLCertificateChainFile /etc/letsencrypt/live/ncue.net/chain.pem
 
-  ProxyPreserveHost On
   ProxyRequests Off
+  ProxyPreserveHost On
 
+  # 전체 프록시 (FastAPI가 정적/템플릿 포함 제공)
   ProxyPass / http://127.0.0.1:8019/
   ProxyPassReverse / http://127.0.0.1:8019/
-
-  ErrorLog ${APACHE_LOG_DIR}/tts_error.log
-  CustomLog ${APACHE_LOG_DIR}/tts_access.log combined
 </VirtualHost>
diff --git a/server/run.sh b/server/run.sh
index bf46112..b54c10f 100644
--- a/server/run.sh
+++ b/server/run.sh
@@ -13,5 +13,5 @@ fi
 
 python -m pip install -r requirements.txt
 
-PORT="${PORT}" nohup uvicorn server.main:app --host 0.0.0.0 --port "${PORT}" > server.log 2>&1 &
+PORT="${PORT}" nohup python -m uvicorn server.main:app --host 0.0.0.0 --port "${PORT}" > server.log 2>&1 &
 echo "Server started (PID: $!). Logs: server.log"