From 13da2226c3d5a35fe5191d785605f9ebdb7d8663 Mon Sep 17 00:00:00 2001
From: gahusb <bgg8988@gmail.com>
Date: Fri, 15 May 2026 08:48:14 +0900
Subject: [PATCH] feat(nginx-webai): /api/webai/ location with rate limit +
 X-WebAI-Key forward

limit_req_zone webai:5m rate=60r/m, burst=20 nodelay, return 429 on
limit hit. Proxies to stock:8000 with X-Real-IP, X-Forwarded-For,
and X-WebAI-Key headers preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 nginx/default.conf | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/nginx/default.conf b/nginx/default.conf
index a6718b4..ebfa6e7 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -1,3 +1,6 @@
+# /api/webai/* rate limit — web-ai pull worker (60 req/min, burst 20)
+limit_req_zone $binary_remote_addr zone=webai:5m rate=60r/m;
+
 server {
   listen 80;
   server_name _;
@@ -132,6 +135,20 @@ server {
 	proxy_pass http://travel-proxy:8000/api/travel/;
   }
 
+  # webai API — rate limited web-ai pull worker
+  location /api/webai/ {
+    limit_req zone=webai burst=20 nodelay;
+    limit_req_status 429;
+
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-WebAI-Key $http_x_webai_key;
+    proxy_pass http://stock:8000;
+  }
+
   # stock API
   location /api/stock/ {
 	proxy_http_version 1.1;