Use Sinbad2 production ports 8068 (backend) and 8069 (frontend).

Apache ProxyPass targets host port 8069; update compose, CI, CORS defaults, deployment docs, and production .env files for https://sinbad2.ujaen.es/generadorexamenesllm/.

backend/.env

@@ -1,23 +1,36 @@
-# --- Aplicación ---
+# --- Aplicación (producción Sinbad2) ---
 APP_NAME=GenExamenes IA
-ENVIRONMENT=local
-# Clave legacy (reservada; las rutas /exam usan JWT de usuario).
+ENVIRONMENT=production
+
+PUBLIC_BASE_URL=https://sinbad2.ujaen.es/generadorexamenesllm
+TRUSTED_HOSTS=sinbad2.ujaen.es,localhost,127.0.0.1
+SECURITY_HSTS_SECONDS=31536000
+
 API_KEY=change-me-in-production-min-16-chars
-# --- Base de datos (Docker: host "db") ---
+
 DATABASE_URL=postgresql+psycopg://genexamenes:genexamenes@db:5432/genexamenes
-# --- CORS (orígenes del frontend, separados por coma) ---
-ALLOWED_ORIGINS=http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8075
-# --- Rate limiting y tamaño de petición ---
+
+ALLOWED_ORIGINS=https://sinbad2.ujaen.es,http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8069
+
 RATE_LIMIT_REQUESTS=60
 RATE_LIMIT_WINDOW_SECONDS=60
-MAX_REQUEST_BYTES=1048576
-# --- JWT (login email/contraseña y sesión tras Google) ---
+MAX_REQUEST_BYTES=25165824
+
+UPLOAD_DIR=/app/uploads
+MAX_UPLOAD_BYTES=20971520
+MAX_MATERIALS_PER_TEMPLATE=10
+MAX_REFERENCE_CHARS=12000
+
+MAX_IMAGE_BYTES=5242880
+MAX_IMAGES_PER_TEMPLATE=20
+MAX_STORAGE_BYTES_PER_TEMPLATE=52428800
+
 JWT_SECRET_KEY=f3c9e7a1b4d8c2f6a9e1d3b7c5f2e8a4d1c7b9e3f6a2c4e8b1d7f3a9c6e2b4d8
 JWT_ALGORITHM=HS256
 JWT_EXPIRE_MINUTES=1440
-# --- Google Sign-In ---
+
 GOOGLE_CLIENT_ID=123456789012-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com
-# --- LLM (Sinbad2IA UJA — sin clave) ---
+
 LLM_BASE_URL=
 LLM_MODEL=qwen3.5:35b
 LLM_TIMEOUT_SECONDS=180

backend/.env.example

@@ -18,7 +18,7 @@ API_KEY=change-me-in-production-min-16-chars
 DATABASE_URL=postgresql+psycopg://genexamenes:genexamenes@db:5432/genexamenes
 
 # --- CORS (orígenes HTTPS del frontend; separados por coma) ---
-ALLOWED_ORIGINS=https://sinbad2.ujaen.es,http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8075
+ALLOWED_ORIGINS=https://sinbad2.ujaen.es,http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8069
 
 # --- Rate limiting y tamaño de petición ---
 RATE_LIMIT_REQUESTS=60

backend/app/core/config.py

@@ -13,7 +13,7 @@ class Settings(BaseSettings):
     api_prefix: str = ""
     api_key: str = Field(min_length=16)
     database_url: str = "postgresql+psycopg://genexamenes:genexamenes@localhost:5432/genexamenes"
-    allowed_origins: str = "https://sinbad2.ujaen.es,http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8075"
+    allowed_origins: str = "https://sinbad2.ujaen.es,http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8069"
     rate_limit_requests: int = Field(default=60, ge=1)
     rate_limit_window_seconds: int = Field(default=60, ge=1)
     max_request_bytes: int = Field(default=1_048_576, ge=1_024)