The default 2-worker gunicorn could only serve 2 concurrent tablet requests,
queueing the rest, and the rate limiter saw every tablet as the same Nginx
container IP, so 20 users would have collectively burned through the
100 req/min general bucket.
- gunicorn: 5 workers x 4 gthread, --forwarded-allow-ips=*, access log
- uvicorn: 4 workers, --proxy-headers, --forwarded-allow-ips=*
- RateLimitMiddleware: resolve real client IP from
X-Forwarded-For -> X-Real-IP -> request.client.host
- Bump rate_limit_general 100 -> 300 req/min/IP (per tablet now)
- Flask: ProxyFix(x_for=1, x_proto=1, x_host=1) so request.remote_addr
is the tablet IP, not the Nginx IP
- APIClient: forward X-Forwarded-For + X-Real-IP to FastAPI for both
JSON and multipart/files calls; safe no-op outside request context
- 12 new tests (7 server + 5 client) covering header precedence,
forwarding behavior and ProxyFix install
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Pin tailwindcss@3 in client Dockerfile (v4 removed standalone CLI)
- Replace gunicorn --factory with callable syntax app:create_app()
- Fix Alembic config path with -c flag and %(here)s script_location
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add password-protected setup page (/api/setup) for DB initialization,
admin creation, and demo data seeding. Dockerize the full stack with
server, client, nginx reverse proxy, and MySQL services. Add project
README with architecture overview, quick start, and VPS deployment guide.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adriano
Adriano