Portfolio Chatbot (RAG)

Simple RAG setup using Ollama embeddings, Qdrant and Redis rate limiting.

Reverse Proxy Requirement (Important)

This API is designed to run behind a reverse proxy (e.g. Nginx) in production.

The rate limiting mechanism relies on the client IP address. Without a trusted proxy, headers such as X-Forwarded-For can be spoofed by clients, allowing them to bypass rate limits or causing incorrect behavior.

Recommended Nginx configuration

location / {
    proxy_pass http://app:8000;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Backend behavior

The backend reads the client IP from the X-Real-IP header:

return request.headers.get("x-real-ip") or request.client.host

Without a reverse proxy

• All requests may appear to originate from the same IP (e.g. 127.0.0.1)
• Rate limiting will not work correctly
• IP-based protections can be bypassed

Development note

When running locally without Nginx, the application falls back to request.client.host. This usually resolves to 127.0.0.1, meaning all requests share the same rate limit.

For realistic testing, run the full stack (including Nginx).

Setup

make setup
make up
make ingest

Usage

API

curl -N -X POST http://localhost:8000/chat \
  -H "Content-Type: application/json" \
  -d '{"query": "Hast du Erfahrung mit Docker?"}'
# Only works if ENABLE_TURNSTILE is set to False

Retrieval (debug)

make search q="Hast du Erfahrung mit Docker?"

Generation

make generate q="Hast du Erfahrung mit Docker?"

Rate limit CLI

make rate-limit

Available commands:

• list
• delete
• delete-all
• exit

The CLI can be used to inspect current rate limit keys, delete a single key or reset all rate limits.

Stop

make down

Notes

• Example data: data/cv.dummy.md
• Real data is not included in this repository
• Retrieval and generation are implemented separately for easier debugging
• Redis is used for API rate limiting