initial commit

Author: j4ys0n

.github/workflows/build.yaml

@@ -0,0 +1,18 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - '*'
+      - '!main'
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        run: |
+          docker build .

.github/workflows/docker-build-push-release.yml

@@ -0,0 +1,131 @@
+name: Docker Build, Push, and Release
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  KEEP_RELEASES: 10
+  KEEP_IMAGES: 10
+
+jobs:
+  build-push-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      pull-requests: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get version from package.json
+        id: package-version
+        run: echo "VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ steps.package-version.outputs.VERSION }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      # - name: Scan Docker image for vulnerabilities
+      #   uses: aquasecurity/trivy-action@master
+      #   env:
+      #     TRIVY_USERNAME: ${{ github.actor }}
+      #     TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+      #   with:
+      #     image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.package-version.outputs.VERSION }}
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
+
+      - name: Get Pull Request Messages
+        id: pr-messages
+        run: |
+          PR_MESSAGES=$(git log --merges --format="%b" @~1..HEAD | sed 's/^/* /')
+          echo "PR_MESSAGES<<EOF" >> $GITHUB_OUTPUT
+          echo "$PR_MESSAGES" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Get Commit Messages
+        id: commit-messages
+        run: |
+          COMMIT_MESSAGES=$(git log --no-merges --format="* %s" @~1..HEAD)
+          echo "COMMIT_MESSAGES<<EOF" >> $GITHUB_OUTPUT
+          echo "$COMMIT_MESSAGES" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.package-version.outputs.VERSION }}
+          release_name: Release v${{ steps.package-version.outputs.VERSION }}
+          body: |
+            ## Docker Image
+            Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.package-version.outputs.VERSION }}
+
+            ## Pull Request Messages
+            ${{ steps.pr-messages.outputs.PR_MESSAGES }}
+
+            ## Commit Messages
+            ${{ steps.commit-messages.outputs.COMMIT_MESSAGES }}
+
+            ## Security Scan
+            A security scan was performed on this Docker image. Any critical or high vulnerabilities would have prevented this release.
+          draft: false
+          prerelease: false

.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+node_modules
+.env
+dist

.prettierrc

@@ -0,0 +1,7 @@
+{
+  "printWidth": 120,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "none",
+  "semi": false
+}

Dockerfile

@@ -0,0 +1,31 @@
+# Use an official Node.js runtime as the base image
+FROM node:18
+
+# Install Nginx
+RUN apt-get update && apt-get install -y nginx certbot python3-certbot-nginx
+
+# Create app directory
+WORKDIR /usr/src/app
+
+# Bundle app source
+COPY . .
+
+RUN yarn && yarn build
+
+# Expose port 80 & 443
+EXPOSE 8080 443
+
+# Remove the default Nginx configuration file
+RUN rm /etc/nginx/sites-enabled/default
+
+# Copy a custom Nginx configuration file
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Make sure Nginx has the right permissions to run
+RUN chown -R www-data:www-data /var/lib/nginx
+
+# Create directory for Let's Encrypt certificates
+RUN mkdir -p /etc/letsencrypt
+
+# Start Node.js app
+CMD ["node", "dist/index.js"]

README.md

@@ -0,0 +1,10 @@
+# LLM Proxy
+
+Manages Nginx for reverse proxy to multiple LLMs, with TLS & Bearer Auth tokens. Deployed with docker.
+
+- Aggregates multiple OpenAI-type LLM APIs
+- Supports cloudflare domains
+- Uses Let's Encrypt for TLS certificates
+- Uses certbot for certificate issuance and renewal
+- Uses Nginx as a public-domain reverse proxy to add TLS
+- Uses JWT for bearer authentication

docker-compose.yml

@@ -0,0 +1,16 @@
+version: '3.6'
+
+services:
+  llmp:
+    image: ghcr.io/j4ys0n/llm-proxy:1.0.0
+    container_name: llmp
+    hostname: llmp
+    restart: unless-stopped
+    ports:
+      - 8080:8080
+      - 443:443
+    logging:
+      driver: 'json-file'
+      options:
+        max-size: 100m
+        max-file: '2'

example.env

@@ -0,0 +1,5 @@
+PORT=3000
+TARGET_URLS=http://localhost:1234/v1
+JWT_SECRET=your-jwt-secret-key-here
+AUTH_USERNAME=admin
+AUTH_PASSWORD=secure_password

nginx.conf

@@ -0,0 +1,38 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    types_hash_max_size 2048;
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    gzip on;
+
+    server {
+        listen 80;
+        server_name localhost;
+
+        location / {
+            proxy_pass http://localhost:3000;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+        }
+    }
+}

package.json

@@ -0,0 +1,34 @@
+{
+  "name": "llm-proxy",
+  "version": "1.0.0",
+  "description": "A Node.js application that manages Nginx",
+  "main": "dist/index.js",
+  "scripts": {
+    "start": "node dist/index.js",
+    "build": "tsc",
+    "dev": "ts-node-dev --respawn --transpile-only src/index.ts",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "node",
+    "nginx",
+    "typescript"
+  ],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "axios": "^1.7.2",
+    "dotenv": "^10.0.0",
+    "express": "^4.19.2",
+    "fs-extra": "^11.2.0",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/fs-extra": "^11.0.4",
+    "@types/jsonwebtoken": "^9.0.2",
+    "@types/node": "^20.12.7",
+    "ts-node-dev": "^2.0.0",
+    "typescript": "^5.4.5"
+  }
+}

src/controllers/auth.ts

@@ -0,0 +1,31 @@
+import { Express, Request, Response } from 'express'
+import jwt from 'jsonwebtoken'
+import { log } from '../utils/general'
+
+const jwtSecret = process.env.JWT_SECRET || 'your-jwt-secret'
+const authUsername = process.env.AUTH_USERNAME || 'admin'
+const authPassword = process.env.AUTH_PASSWORD || 'secure_password'
+
+export class AuthController {
+  private app: Express
+
+  constructor({ app }: { app: Express }) {
+    this.app = app
+  }
+
+  public registerRoutes(): void {
+    this.app.post('/auth/token', this.getToken.bind(this))
+    log('info', 'AuthController initialized')
+  }
+
+  private getToken(req: Request, res: Response): void {
+    const { username, password } = req.body
+    if (username === authUsername && password === authPassword) {
+      const token = jwt.sign({ username }, jwtSecret, { algorithm: 'HS256' })
+      log('info', `token generated for ${username}`)
+      res.json({ token })
+    } else {
+      res.status(401).json({ error: 'Invalid credentials' })
+    }
+  }
+}