search

bricks-cloud / BricksLLM

🔒 Enterprise-grade API gateway that helps you monitor and impose cost or rate limits per API key. Get fine-grained access control and monitoring per user, application, or environment. Supports OpenAI, Azure OpenAI, Anthropic, vLLM, and open-source LLMs.
https://trybricks.ai/
MIT License
917 stars 64 forks source link

Add SSL support #65

Open spikelu2016 opened 5 months ago

spikelu2016 commented 5 months ago

Currently, BricksLLM does not have a feature to provide SSL support

sscotter commented 1 month ago

Putting nginx in front of bricksllm and configuring that to handle the SSL works..

server {
    listen 443 ssl;

    server_name        bricksllm.example.local;

    access_log /var/log/nginx/access-vhost-local.example.bricksllm.log;
    error_log /var/log/nginx/error-vhost-local.example.bricksllm.log;

    ssl_certificate     /etc/nginx/ssl/bricksllm.example.local.cer;
    ssl_certificate_key /etc/nginx/ssl/bricksllm.example.local.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers off;
    ssl_dhparam ssl/dhparams;

    ssl_ecdh_curve secp384r1:X25519:prime256v1;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    client_max_body_size 100M;

    location / {
        try_files $uri @bricksllm;
    }

    location @bricksllm {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_http_version 1.1;
        proxy_pass        http://127.0.0.1:8001;
    }
}