2 files changed, 12 insertions, 10 deletions
diff --git a/src/config.rs b/src/config.rs
index 5c9303c..30e77ab 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -466,10 +466,9 @@ pub struct Config {
    #[arg(long, env = "NGIT_EVENT_BLACKLIST", default_value = "")]
    pub event_blacklist: String,
-    /// Maximum total connections to the relay (default: 4096)
+    /// Maximum total connections to the relay (default: unlimited, defers to OS/infrastructure limits)
-    /// Prevents connection exhaustion DoS attacks
+    #[arg(long, env = "NGIT_MAX_CONNECTIONS")]
-    #[arg(long, env = "NGIT_MAX_CONNECTIONS", default_value_t = 4096)]
+    pub max_connections: Option<usize>,
-    pub max_connections: usize,
    /// Log level for application logging
    #[arg(long, env = "NGIT_LOG_LEVEL", default_value = "info")]
@@ -755,7 +754,7 @@ impl Config {
            repository_whitelist: String::new(),
            repository_blacklist: String::new(),
            event_blacklist: String::new(),
-            max_connections: 500,
+            max_connections: None,
            log_level: "debug".to_string(),
        }
    }
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index 03132bf..02ba84b 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -736,7 +736,7 @@ pub async fn create_relay(
    let write_policy =
        Nip34WritePolicy::new(database.clone(), &git_data_path, purgatory, config.clone());
-    let relay = LocalRelayBuilder::default()
+    let mut builder = LocalRelayBuilder::default()
        .database(database.clone())
        .write_policy(write_policy.clone())
        // Explicitly set rate limits (make defaults visible in code)
@@ -744,10 +744,13 @@ pub async fn create_relay(
        .rate_limit(RateLimit {
            max_reqs: 500,        // Max concurrent subscriptions per connection
            notes_per_minute: 60, // Max events per minute per connection
-        })
+        });
-        // Total connection limit to prevent DoS attacks
-        .max_connections(config.max_connections)
+    if let Some(max) = config.max_connections {
-        .build();
+        builder = builder.max_connections(max);
+    }
+    let relay = builder.build();
    tracing::info!(
        "Relay configured with GRASP-01 validation for domain: {}",

diff --git a/src/config.rs b/src/config.rs index 5c9303c..30e77ab 100644 --- a/src/config.rs +++ b/src/config.rs
@@ -466,10 +466,9 @@ pub struct Config {
466	#[arg(long, env = "NGIT_EVENT_BLACKLIST", default_value = "")]	466	#[arg(long, env = "NGIT_EVENT_BLACKLIST", default_value = "")]
467	pub event_blacklist: String,	467	pub event_blacklist: String,
468		468
469	/// Maximum total connections to the relay (default: 4096)	469	/// Maximum total connections to the relay (default: unlimited, defers to OS/infrastructure limits)
470	/// Prevents connection exhaustion DoS attacks	470	#[arg(long, env = "NGIT_MAX_CONNECTIONS")]
471	#[arg(long, env = "NGIT_MAX_CONNECTIONS", default_value_t = 4096)]	471	pub max_connections: Option<usize>,
472	pub max_connections: usize,
473		472
474	/// Log level for application logging	473	/// Log level for application logging
475	#[arg(long, env = "NGIT_LOG_LEVEL", default_value = "info")]	474	#[arg(long, env = "NGIT_LOG_LEVEL", default_value = "info")]
@@ -755,7 +754,7 @@ impl Config {
755	repository_whitelist: String::new(),	754	repository_whitelist: String::new(),
756	repository_blacklist: String::new(),	755	repository_blacklist: String::new(),
757	event_blacklist: String::new(),	756	event_blacklist: String::new(),
758	max_connections: 500,	757	max_connections: None,
759	log_level: "debug".to_string(),	758	log_level: "debug".to_string(),
760	}	759	}
761	}	760	}


diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs index 03132bf..02ba84b 100644 --- a/src/nostr/builder.rs +++ b/src/nostr/builder.rs
@@ -736,7 +736,7 @@ pub async fn create_relay(
736	let write_policy =	736	let write_policy =
737	Nip34WritePolicy::new(database.clone(), &git_data_path, purgatory, config.clone());	737	Nip34WritePolicy::new(database.clone(), &git_data_path, purgatory, config.clone());
738		738
739	let relay = LocalRelayBuilder::default()	739	let mut builder = LocalRelayBuilder::default()
740	.database(database.clone())	740	.database(database.clone())
741	.write_policy(write_policy.clone())	741	.write_policy(write_policy.clone())
742	// Explicitly set rate limits (make defaults visible in code)	742	// Explicitly set rate limits (make defaults visible in code)
@@ -744,10 +744,13 @@ pub async fn create_relay(
744	.rate_limit(RateLimit {	744	.rate_limit(RateLimit {
745	max_reqs: 500, // Max concurrent subscriptions per connection	745	max_reqs: 500, // Max concurrent subscriptions per connection
746	notes_per_minute: 60, // Max events per minute per connection	746	notes_per_minute: 60, // Max events per minute per connection
747	})	747	});
748	// Total connection limit to prevent DoS attacks	748
749	.max_connections(config.max_connections)	749	if let Some(max) = config.max_connections {
750	.build();	750	builder = builder.max_connections(max);
		751	}
		752
		753	let relay = builder.build();
751		754
752	tracing::info!(	755	tracing::info!(
753	"Relay configured with GRASP-01 validation for domain: {}",	756	"Relay configured with GRASP-01 validation for domain: {}",