Deploy Behind a Proxy

If the Private AI Services Container vector index service is deployed behind a TLS or HTTP proxy, additional proxy configuration is required to support bidirectional HTTP/2 streaming between Oracle AI Database and the Private AI Services Container (for sending source data and receiving generated index artifacts).

System Requirements

The Private AI Services Container vector index service uses HTTP/2 streaming over TLS 1.3. Ensure the following are true for your proxy:

• Supports HTTP/2 end-to-end
• Is configured for TLS 1.3
• Preserves long-lived streaming connections without buffering or premature timeouts

Request and Response Size Restrictions

Ensure your proxy does not enforce restrictive request or response size limits, or at least sets them sufficiently high for your workloads.

Configure client_max_body_size to 0 for NGINX and LimitRequestBody to 0 for Apache HTTPD in order to disable request body size limits, or set a sufficiently high number based on your operational requirements.

Request and Response Buffering

Vector index creation offloading requires buffering to be disabled. For NGINX, set the value for both proxy_buffering and proxy_request_buffering to off in order to disable request and response buffering.

Timeouts

The Private AI Services Container vector index service relies on long-lived HTTP/2 bidirectional streaming for sending input data and receiving generated index artifacts. Proxies must be configured to keep connections open long enough for indexing operations to complete. Consider configuring the following timeouts to sufficiently large values, based on the expected input sizes and corresponding index creation times:

• Upstream keepalive/ connection reuse: Keep connections to the upstream (container) pooled and reusable where supported. Configure keepalive through keepalive for NGINX, and KeepAlive directives for Apache HTTPD.
• Keepalive timeout (client facing): Configure how long the proxy keeps an idle client connection open and the total lifetime of a keepalive connection. For example, these can be configured through keepalive_time and keepalive_timeout for NGINX, and KeepAliveTimeout for Apache HTTPD.
• Read/Send timeouts: These must be long enough to allow for periods of inactivity during streaming data or index results without disconnecting.

Other Considerations

In NGINX (and similar proxies), logs may show warnings or errors about invalid headers that start with orcl_*. This does not impact the Private AI Services Container vector index service functionality and can be safely suppressed by setting underscores_in_headers to on in NGINX.