From 7fc91fa19929182fdd66dcc63e6d5d0fc2db5888 Mon Sep 17 00:00:00 2001
From: Untone <anton.rewin@gmail.com>
Date: Sun, 5 Oct 2025 11:45:21 +0300
Subject: [PATCH] limit-nginx-fix

---
 CHANGELOG.md     |  11 ++++
 Cargo.lock       |   2 +-
 Cargo.toml       |   2 +-
 nginx.conf.sigil | 161 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 174 insertions(+), 2 deletions(-)
 create mode 100644 nginx.conf.sigil

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 05ffd0e..3ccd10c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,14 @@
+## [0.6.11] - 2025-10-05
+
+### 🔧 FIX: Nginx 413 Content Too Large
+- **✅ Создан `nginx.conf.sigil` для Dokku**: Увеличены лимиты для больших файлов
+  - `client_max_body_size 500M` (было: 1M default)
+  - `client_body_timeout 300s` (5 минут для больших файлов)
+  - `proxy_request_buffering off` (не буферим в Nginx, стримим напрямую)
+  - `proxy_buffering off` (экономия памяти)
+  - Увеличены timeouts: connect/send/read до 300s
+  - Решает 413 ошибку при загрузке файлов >1MB на v3.dscrs.site
+
 ## [0.6.10] - 2025-10-04
 
 ### 🧹 Code Quality: Clippy Fixes
diff --git a/Cargo.lock b/Cargo.lock
index 8959271..7e2c59f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2890,7 +2890,7 @@ dependencies = [
 
 [[package]]
 name = "quoter"
-version = "0.6.9"
+version = "0.6.10"
 dependencies = [
  "actix",
  "actix-cors",
diff --git a/Cargo.toml b/Cargo.toml
index 31ac60f..e7f9bdd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "quoter"
-version = "0.6.9"
+version = "0.6.10"
 edition = "2024"
 
 [dependencies]
diff --git a/nginx.conf.sigil b/nginx.conf.sigil
new file mode 100644
index 0000000..08dc131
--- /dev/null
+++ b/nginx.conf.sigil
@@ -0,0 +1,161 @@
+{{ range $port_map := .PROXY_PORT_MAP | split " " }}
+{{ $port_map_list := $port_map | split ":" }}
+{{ $scheme := index $port_map_list 0 }}
+{{ $listen_port := index $port_map_list 1 }}
+{{ $upstream_port := index $port_map_list 2 }}
+
+{{ if eq $scheme "http" }}
+server {
+  listen      [::]:{{ $listen_port }};
+  listen      {{ $listen_port }};
+  {{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }}
+  access_log  /var/log/nginx/{{ $.APP }}-access.log;
+  error_log   /var/log/nginx/{{ $.APP }}-error.log;
+
+  # Увеличенные лимиты для загрузки файлов
+  client_max_body_size 500M;
+  client_body_timeout 300s;
+  client_header_timeout 300s;
+  
+  # Увеличенные buffer размеры
+  client_body_buffer_size 1M;
+  client_header_buffer_size 4k;
+  large_client_header_buffers 8 8k;
+
+  # Timeouts для больших файлов
+  proxy_connect_timeout 300s;
+  proxy_send_timeout 300s;
+  proxy_read_timeout 300s;
+  send_timeout 300s;
+
+  # Buffering для больших тел запросов
+  proxy_request_buffering off;
+  proxy_buffering off;
+
+  location / {
+    proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
+    {{ if $.PROXY_PROTOCOL_PORT_MAP }}
+    proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+    proxy_set_header X-Forwarded-Proto $proxy_protocol_scheme;
+    {{ else }}
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    {{ end }}
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header X-Request-Start $msec;
+    proxy_set_header Host $http_host;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
+  include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
+
+  error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
+  location /400-error.html {
+    root {{ $.DOKKU_LIB_ROOT }}/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 404 /404-error.html;
+  location /404-error.html {
+    root {{ $.DOKKU_LIB_ROOT }}/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 500 501 502 503 504 505 506 507 508 509 510 511 /500-error.html;
+  location /500-error.html {
+    root {{ $.DOKKU_LIB_ROOT }}/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+}
+{{ else if eq $scheme "https"}}
+server {
+  listen      [::]:{{ $listen_port }} ssl {{ if eq $.HTTP2_SUPPORTED "true" }}http2{{ else if eq $.HTTP2_SUPPORTED "false"}}{{ else }}http2{{ end }};
+  listen      {{ $listen_port }} ssl {{ if eq $.HTTP2_SUPPORTED "true" }}http2{{ else if eq $.HTTP2_SUPPORTED "false"}}{{ else }}http2{{ end }};
+  {{ if $.SSL_SERVER_NAME }}server_name {{ $.SSL_SERVER_NAME }}; {{ end }}
+  {{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }}
+  access_log  /var/log/nginx/{{ $.APP }}-access.log;
+  error_log   /var/log/nginx/{{ $.APP }}-error.log;
+
+  ssl_certificate           {{ $.APP_SSL_PATH }}/server.crt;
+  ssl_certificate_key       {{ $.APP_SSL_PATH }}/server.key;
+  ssl_protocols             TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers off;
+
+  keepalive_timeout   70;
+
+  # Увеличенные лимиты для загрузки файлов
+  client_max_body_size 500M;
+  client_body_timeout 300s;
+  client_header_timeout 300s;
+  
+  # Увеличенные buffer размеры
+  client_body_buffer_size 1M;
+  client_header_buffer_size 4k;
+  large_client_header_buffers 8 8k;
+
+  # Timeouts для больших файлов
+  proxy_connect_timeout 300s;
+  proxy_send_timeout 300s;
+  proxy_read_timeout 300s;
+  send_timeout 300s;
+
+  # Buffering для больших тел запросов
+  proxy_request_buffering off;
+  proxy_buffering off;
+
+  location / {
+    proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
+    {{ if $.PROXY_PROTOCOL_PORT_MAP }}
+    proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+    proxy_set_header X-Forwarded-Proto $proxy_protocol_scheme;
+    {{ else }}
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    {{ end }}
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header X-Request-Start $msec;
+    proxy_set_header Host $http_host;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
+  include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
+
+  error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
+  location /400-error.html {
+    root {{ $.DOKKU_LIB_ROOT }}/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 404 /404-error.html;
+  location /404-error.html {
+    root {{ $.DOKKU_LIB_ROOT }}/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 500 501 502 503 504 505 506 507 508 509 510 511 /500-error.html;
+  location /500-error.html {
+    root {{ $.DOKKU_LIB_ROOT }}/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+}
+{{ end }}
+
+{{ if $.DOKKU_APP_WEB_LISTENERS }}
+{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }}
+upstream {{ $.APP }}-{{ $upstream_port }} {
+{{ range $listeners := $.DOKKU_APP_WEB_LISTENERS | split " " }}
+{{ $listener_list := $listeners | split ":" }}
+{{ $listener_ip := index $listener_list 0 }}
+{{ $listener_port := index $listener_list 1 }}
+  server {{ $listener_ip }}:{{ $upstream_port }};{{ end }}
+}
+{{ end }}{{ end }}
+
+{{ end }}
+