mirror of
https://github.com/tiennm99/litellm.git
synced 2026-06-17 20:48:32 +00:00
Harshit Jain
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
services:
|
|
# Hardened stack: for testing the proxy under non-root, read-only, proxy-enforced constraints.
|
|
# Keep this file focused on hardening/QA scenarios; leave the main docker-compose.yml for default dev usage.
|
|
litellm:
|
|
build:
|
|
context: .
|
|
dockerfile: docker/Dockerfile.non_root
|
|
target: runtime
|
|
args:
|
|
PROXY_EXTRAS_SOURCE: "local"
|
|
depends_on:
|
|
- squid
|
|
user: "101:101"
|
|
group_add:
|
|
- "2345"
|
|
read_only: true
|
|
cap_drop:
|
|
- ALL
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
tmpfs:
|
|
- /app/cache:rw,noexec,nosuid,nodev,size=128m,uid=101,gid=101,mode=1777
|
|
- /app/migrations:rw,noexec,nosuid,nodev,size=64m,uid=101,gid=101,mode=1777
|
|
volumes:
|
|
- ./proxy_server_config.yaml:/app/config.yaml:ro
|
|
environment:
|
|
LITELLM_NON_ROOT: "true"
|
|
PRISMA_BINARY_CACHE_DIR: "/app/cache/prisma-python/binaries"
|
|
XDG_CACHE_HOME: "/app/cache"
|
|
LITELLM_MIGRATION_DIR: "/app/migrations"
|
|
HTTP_PROXY: "http://squid:3128"
|
|
HTTPS_PROXY: "http://squid:3128"
|
|
NO_PROXY: "localhost,127.0.0.1,db"
|
|
command:
|
|
- "--port"
|
|
- "4000"
|
|
- "--config"
|
|
- "/app/config.yaml"
|
|
squid:
|
|
image: sameersbn/squid:3.5.27-2
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3128:3128"
|
|
tmpfs:
|
|
- /var/spool/squid:rw,noexec,nosuid,nodev,size=64m
|
|
- /var/log/squid:rw,noexec,nosuid,nodev,size=16m
|