fix(conversation-assistant): resolve payload size and routing issues

- Add dedicated /api/sync location block with no rate limiting
- Change upstream port from 3100 to 3105 (where updated server runs)
- Add Mac public IP (67.188.49.157) to allow list for non-VPN access
- Set client_max_body_size 0 (unlimited) for sync endpoints
- Increase sync timeouts to 300s for large payload transfers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Quinn Ftw 2025-12-30 04:37:27 -08:00
parent 0167af841c
commit 8a31285265

View file

@ -16,7 +16,7 @@ limit_req_zone $binary_remote_addr zone=conversations_chat:10m rate=10r/m;
# Upstream definitions
upstream conversation_server {
server 127.0.0.1:3100 max_fails=3 fail_timeout=30s;
server 127.0.0.1:3105 max_fails=3 fail_timeout=30s;
}
upstream conversation_frontend {
@ -72,10 +72,11 @@ server {
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# VPN-Only Access Control
# VPN-Only Access (Wireguard)
# Access Control
# VPN (Wireguard) + trusted devices
allow 10.8.0.0/24;
allow 10.9.0.0/24;
allow 67.188.49.157; # Plum MacBook (Natalie's home)
deny all;
# Logging
@ -98,8 +99,29 @@ server {
}
# =============================================================================
# API Routes (with rate limiting)
# API Routes
# =============================================================================
# Sync endpoints - no rate limiting for bulk data transfer
location /api/sync {
# No rate limiting for sync - VPN-only access provides security
client_max_body_size 0;
proxy_pass http://conversation_server;
proxy_http_version 1.1;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Longer timeouts for large syncs
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
location /api/chat {
# Stricter rate limiting for chat endpoints
limit_req zone=conversations_chat burst=5 nodelay;