perf: optimize LiteLLM for better performance

Reduce database logging overhead and enable prompt caching: - Disabled verbose logging (set_verbose: false) - Disabled spend tracking logs to reduce DB writes - Disabled tag tracking and daily spend logs - Removed success/failure callbacks - Enabled prompt caching for claude-sonnet-4.5 - Set log level to ERROR only - Removed --detailed_debug flag from command This should significantly improve response times by eliminating unnecessary database writes for every request. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
feat: replace Basic Auth with Authelia
2025-11-16 16:03:19 +01:00 · 2025-11-15 21:54:27 +01:00 · 2025-11-15 21:32:55 +01:00
5 changed files with 24 additions and 21 deletions
--- a/ai/compose.yaml
+++ b/ai/compose.yaml
@@ -99,6 +99,9 @@ services:
      LITELLM_DROP_PARAMS: 'true'
      NO_DOCS: 'true'
      NO_REDOC: 'true'
+      # Performance optimizations
+      LITELLM_LOG: 'ERROR'  # Only log errors
+      LITELLM_MODE: 'PRODUCTION'  # Production mode for better performance
    volumes:
      - ./litellm-config.yaml:/app/litellm-config.yaml:ro
    command:
@@ -109,7 +112,6 @@ services:
        '0.0.0.0',
        '--port',
        '4000',
-        '--detailed_debug',
        '--drop_params'
      ]
    depends_on:
@@ -176,19 +178,17 @@ services:
      - compose_network
    labels:
      - 'traefik.enable=${AI_FACEFUSION_TRAEFIK_ENABLED}'
-      # HTTP Basic Auth middleware
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-auth.basicauth.users=${AUTH_USERS}'
      # HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.entrypoints=web'
-      # HTTPS router with auth
+      # HTTPS router with Authelia
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-auth,${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress,security-headers@file'
+      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress,net-authelia,security-headers@file'
      # Service
      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.loadbalancer.server.port=7860'
      - 'traefik.docker.network=${NETWORK_NAME}'
--- a/ai/litellm-config.yaml
+++ b/ai/litellm-config.yaml
@@ -9,7 +9,8 @@ model_list:
      model: anthropic/claude-sonnet-4-5-20250929
      api_key: os.environ/ANTHROPIC_API_KEY
      drop_params: true
-      additional_drop_params: ["prompt_cache_key"]
+      # Enable prompt caching for better performance
+      supports_prompt_caching: true

  - model_name: claude-3-5-sonnet
    litellm_params:
@@ -28,15 +29,16 @@ model_list:

 litellm_settings:
  drop_params: true
-  set_verbose: true
-  # Disable prompt caching features
-  cache: false
+  set_verbose: false  # Disable verbose logging for better performance
+  # Enable prompt caching for better performance
+  cache: true
  # Force strip specific parameters globally
  allowed_fails: 0
  # Modify params before sending to provider
  modify_params: true
-  # Drop prompt_cache_key globally for all models
-  additional_drop_params: ["prompt_cache_key"]
+  # Enable success and failure logging but minimize overhead
+  success_callback: []  # Disable all success callbacks to reduce DB writes
+  failure_callback: []  # Disable all failure callbacks

 router_settings:
  allowed_fails: 0
@@ -47,3 +49,9 @@ default_litellm_params:

 general_settings:
  disable_responses_id_security: true
+  # Disable spend tracking to reduce database overhead
+  disable_spend_logs: true
+  # Disable tag tracking
+  disable_tag_tracking: true
+  # Disable daily spend updates
+  disable_daily_spend_logs: true
--- a/dev/compose.yaml
+++ b/dev/compose.yaml
@@ -269,12 +269,11 @@ services:
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.rule=Host(`admin.${DEV_ASCIINEMA_TRAEFIK_HOST}`)"
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.entrypoints=web"
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.service=${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin"
-      # Admin interface - HTTPS router with Basic Auth
-      - "traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-asciinema-auth.basicauth.users=${AUTH_USERS}"
+      # Admin interface - HTTPS router with Authelia
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.rule=Host(`admin.${DEV_ASCIINEMA_TRAEFIK_HOST}`)"
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.tls.certresolver=resolver"
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.entrypoints=web-secure"
-      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.middlewares=${DEV_COMPOSE_PROJECT_NAME}-asciinema-auth,${DEV_COMPOSE_PROJECT_NAME}-asciinema-compress,security-headers@file"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.middlewares=${DEV_COMPOSE_PROJECT_NAME}-asciinema-compress,net-authelia,security-headers@file"
      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.service=${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin"
      - "traefik.http.services.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin.loadbalancer.server.port=4002"
      # Network
--- a/net/authelia/configuration.yml
+++ b/net/authelia/configuration.yml
@@ -71,15 +71,10 @@ access_control:
        - "scrapy.pivoine.art"
        - "restic.pivoine.art"
        - "proxy.pivoine.art"
+        - "admin.asciinema.dev.pivoine.art"
+        - "facefusion.ai.pivoine.art"
      policy: one_factor

-    # Development services
-    - domain:
-        - "dev.pivoine.art"
-        - "n8n.pivoine.art"
-        - "asciinema.pivoine.art"
-        - "coolify.pivoine.art"
-      policy: two_factor

 # session secret set via environment variable: AUTHELIA_SESSION_SECRET
 session:
--- a/net/compose.yaml
+++ b/net/compose.yaml
@@ -218,6 +218,7 @@ services:
      - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.rule=Host(`${NET_TRACK_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.entrypoints=web-secure'
+      - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.middlewares=security-headers@file'
      - 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.loadbalancer.server.port=3000'
      - 'traefik.docker.network=${NETWORK_NAME}'