playbooks/roles/vhosts/litellm/templates/api.svc.plus.caddy.j2

{{ litellm_api_domain }} {
    encode zstd gzip

    # ------------------------------------------------------------------------
    # OpenAI/Anthropic Path Compatibility Rewrites
    # ------------------------------------------------------------------------
    rewrite /v1/openai/chat/completions /v1/chat/completions
    rewrite /v1/openai/embeddings /v1/embeddings
    rewrite /v1/anthropic/messages /v1/messages

{% if litellm_api_caddy_strict_whitelist %}
    # ------------------------------------------------------------------------
    # Minimal AI API Gateway Mode (STRICT WHITELIST)
    # ------------------------------------------------------------------------
    @allowed_api {
        path /v1/chat/completions
        path /v1/embeddings
        path /v1/messages
        path /v1/models
    }

    handle @allowed_api {
        reverse_proxy {{ litellm_listen_host }}:{{ litellm_listen_port }} {
            flush_interval -1
            transport http {
                dial_timeout 30s
                read_timeout 600s
                write_timeout 600s
            }
        }
    }

    # Admin UI Backend APIs (allowed via Referer to fix UI loading)
    @ui_api {
        header Referer *api.svc.plus/ui*
    }
    handle @ui_api {
        reverse_proxy {{ litellm_listen_host }}:{{ litellm_listen_port }} {
            flush_interval -1
        }
    }

    # Default Catch-all block for unapproved paths
    handle {
        respond "{\"error\":{\"message\":\"Invalid path passed or not enabled by Minimal Gateway.\",\"type\":\"api_error\",\"param\":null,\"code\":null}}" 404 {
            close
        }
    }
{% else %}
    # ------------------------------------------------------------------------
    # Proxy ALL requests to LiteLLM Backend (PERMISSIVE)
    # ------------------------------------------------------------------------
    reverse_proxy {{ litellm_listen_host }}:{{ litellm_listen_port }} {
        flush_interval -1
        transport http {
            dial_timeout 30s
            read_timeout 600s
            write_timeout 600s
        }
    }
{% endif %}

    log {
        output file /var/log/caddy/{{ litellm_api_domain }}.access.log
    }
}