diff --git a/ai/compose.yaml b/ai/compose.yaml index 4df7f7d..bcac9ae 100644 --- a/ai/compose.yaml +++ b/ai/compose.yaml @@ -108,8 +108,21 @@ services: retries: 3 start_period: 20s labels: - # No Traefik exposure - internal only - - 'traefik.enable=false' + - 'traefik.enable=${AI_TRAEFIK_ENABLED}' + # HTTP to HTTPS redirect + - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-redirect-web-secure' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.rule=Host(`${AI_LITELLM_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web.entrypoints=web' + # HTTPS router + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.rule=Host(`${AI_LITELLM_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress.compress=true' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress,security-headers@file' + # Service + - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.loadbalancer.server.port=4000' + - 'traefik.docker.network=${NETWORK_NAME}' # Watchtower - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' diff --git a/arty.yml b/arty.yml index 86b2f92..1e090d9 100644 --- a/arty.yml +++ b/arty.yml @@ -182,6 +182,7 @@ envs: AI_VECTOR_DB: pgvector AI_CRAWL4AI_PORT: 11235 AI_OPENAI_API_BASE_URLS: https://api.anthropic.com/v1 + AI_LITELLM_TRAEFIK_HOST: llm.ai.pivoine.art # Asciinema ASCIINEMA_TRAEFIK_ENABLED: true ASCIINEMA_COMPOSE_PROJECT_NAME: asciinema