Advanced
Deployment
Production deployment guidance for UPAS
This guide covers production deployment considerations for UPAS.
Hosting Requirements
UPAS requires:
- HTTPS: Service workers require secure contexts in production
- Static file serving: No server-side runtime required
- Appropriate headers: Cache-Control, Content-Type, CORS (if needed)
Recommended Headers
Configure your hosting to set appropriate headers:
# Nginx configuration example
location / {
# Cache static assets
location ~* \.(js|css|png|jpg|webp|svg|ico)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Service worker: no cache
location = /sw.js {
expires off;
add_header Cache-Control "no-store, no-cache, must-revalidate";
}
# HTML: short cache
location ~* \.html$ {
expires 1h;
add_header Cache-Control "public";
}
}Container Deployment
Docker configuration for UPAS:
FROM nginx:alpine
# Copy application files
COPY upas-app/web /usr/share/nginx/html
# Copy nginx configuration
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
# Healthcheck
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost/ || exit 1server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Enable gzip
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# SPA fallback
location / {
try_files $uri $uri/ /index.html;
}
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
}CDN Configuration
For global distribution, consider a CDN:
- Model artefacts: Cache aggressively (immutable content)
- Procedure packs: Cache with revalidation
- Application shell: Short TTL for updates
Example Cloudflare rules:
{
"rules": [
{
"match": "*.gguf",
"cache": { "ttl": 31536000 }
},
{
"match": "/packs/*",
"cache": { "ttl": 86400, "revalidate": true }
},
{
"match": "*.html",
"cache": { "ttl": 3600 }
}
]
}Security Considerations
Content Security Policy
Recommended CSP for UPAS:
Content-Security-Policy:
default-src 'self';
script-src 'self' 'wasm-unsafe-eval';
worker-src 'self';
connect-src 'self' https://huggingface.co;
style-src 'self' 'unsafe-inline';WASM Requirement: The 'wasm-unsafe-eval' directive is required
for WASM execution. This is distinct from 'unsafe-eval' and is
necessary for the WASM fallback runtime.
Model Source Verification
Ensure model artefacts are fetched from trusted sources:
- Verify Hugging Face repository ownership
- Check model file hashes before caching
- Consider self-hosting models for production
Monitoring
Service Worker Status
Monitor service worker lifecycle:
if ('serviceWorker' in navigator) {
navigator.serviceWorker.ready.then((registration) => {
console.log('Service Worker ready:', registration.active?.state);
});
navigator.serviceWorker.addEventListener('controllerchange', () => {
console.log('Service Worker updated');
});
}Cache Statistics
Track cache usage:
async function getCacheStats() {
const estimate = await navigator.storage.estimate();
return {
used: estimate.usage,
quota: estimate.quota,
percent: (estimate.usage / estimate.quota * 100).toFixed(2),
};
}Offline-First Verification
Before production deployment, verify:
- Service worker installs and activates
- All critical assets are cached
- Model artefacts are cached
- Procedure packs are cached
- Application works offline after caching
- Queries return results offline
- Updates sync when connectivity returns
Next Steps
- Performance — Optimisation strategies
- Configuration — Runtime settings