From eb4a025c20f6b19aaa49d37b101a2e8175de67b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Sun, 9 Nov 2025 18:04:09 +0100 Subject: [PATCH] feat: add HTTP Basic Auth to LiteLLM for enhanced security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added Traefik Basic Auth middleware to LiteLLM public endpoint for two-layer security: 1. HTTP Basic Auth (Traefik level) 2. API Key authentication (LiteLLM level) Changes: - Added basicauth middleware using AUTH_USERS credentials - Chained auth middleware before compression and security headers - Prevents unauthorized access to public LiteLLM endpoint Usage with Codex: export OPENAI_BASE_URL=https://username:password@llm.ai.pivoine.art export OPENAI_API_KEY=sk-1234 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- ai/compose.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ai/compose.yaml b/ai/compose.yaml index bcac9ae..851e812 100644 --- a/ai/compose.yaml +++ b/ai/compose.yaml @@ -119,7 +119,8 @@ services: - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.tls.certresolver=resolver' - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.entrypoints=web-secure' - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress.compress=true' - - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress,security-headers@file' + - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-litellm-auth.basicauth.users=${AUTH_USERS}' + - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-litellm-auth,${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure-compress,security-headers@file' # Service - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-litellm-web-secure.loadbalancer.server.port=4000' - 'traefik.docker.network=${NETWORK_NAME}'