fix(conversation-assistant): resolve payload size and routing issues
- Add dedicated /api/sync location block with no rate limiting - Change upstream port from 3100 to 3105 (where updated server runs) - Add Mac public IP (67.188.49.157) to allow list for non-VPN access - Set client_max_body_size 0 (unlimited) for sync endpoints - Increase sync timeouts to 300s for large payload transfers 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
0167af841c
commit
8a31285265
1 changed files with 26 additions and 4 deletions
|
|
@ -16,7 +16,7 @@ limit_req_zone $binary_remote_addr zone=conversations_chat:10m rate=10r/m;
|
|||
|
||||
# Upstream definitions
|
||||
upstream conversation_server {
|
||||
server 127.0.0.1:3100 max_fails=3 fail_timeout=30s;
|
||||
server 127.0.0.1:3105 max_fails=3 fail_timeout=30s;
|
||||
}
|
||||
|
||||
upstream conversation_frontend {
|
||||
|
|
@ -72,10 +72,11 @@ server {
|
|||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
# VPN-Only Access Control
|
||||
# VPN-Only Access (Wireguard)
|
||||
# Access Control
|
||||
# VPN (Wireguard) + trusted devices
|
||||
allow 10.8.0.0/24;
|
||||
allow 10.9.0.0/24;
|
||||
allow 67.188.49.157; # Plum MacBook (Natalie's home)
|
||||
deny all;
|
||||
|
||||
# Logging
|
||||
|
|
@ -98,8 +99,29 @@ server {
|
|||
}
|
||||
|
||||
# =============================================================================
|
||||
# API Routes (with rate limiting)
|
||||
# API Routes
|
||||
# =============================================================================
|
||||
|
||||
# Sync endpoints - no rate limiting for bulk data transfer
|
||||
location /api/sync {
|
||||
# No rate limiting for sync - VPN-only access provides security
|
||||
client_max_body_size 0;
|
||||
|
||||
proxy_pass http://conversation_server;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
# Headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Longer timeouts for large syncs
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
}
|
||||
|
||||
location /api/chat {
|
||||
# Stricter rate limiting for chat endpoints
|
||||
limit_req zone=conversations_chat burst=5 nodelay;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue