APISIX Reference Deployment
APISIX Reference Deployment
Section titled “APISIX Reference Deployment”This deployment is the fastest path for teams who do not currently run APISIX and want to evaluate SafeLLM with a real gateway flow.
It is intentionally minimal:
- APISIX as the ingress gateway.
- SafeLLM sidecar as the prompt security decision engine.
- Redis for cache.
- httpbin as test upstream.
Reference deployment source:
safellm-oss/examples/apisix-reference/
What This Gives You
Section titled “What This Gives You”- A working gateway + security-layer integration in minutes.
- Concrete request flow:
Client -> APISIX -> SafeLLM /auth -> Upstream. - A reproducible baseline for demos, presales, and architecture discussions.
Quick Start
Section titled “Quick Start”git clone https://github.com/safellmio/safellm-apisix-gateway-sidecar.gitcd safellm-apisix-gateway-sidecar/safellm-oss/examples/apisix-referencecp .env.example .envdocker compose up -dCheck services:
docker compose psRun smoke tests:
bash smoke-test.shDefault endpoint:
http://127.0.0.1:19080
Routes
Section titled “Routes”GET /health-> sidecar health through APISIX.POST /v1/guard-> direct decision endpoint through APISIX.POST /api/*-> protected upstream traffic (APISIX pre-check + proxy rewrite).GET /direct/*-> bypass route for comparison.
Security Behavior
Section titled “Security Behavior”The reference stack supports both modes:
SHADOW_MODE=true(default): suspicious input is logged as would-block, request still passes.SHADOW_MODE=false: suspicious input is blocked.
To enable block mode:
- Edit
.env:Terminal window SHADOW_MODE=false - Restart:
Terminal window docker compose up -d --force-recreate
Request Filtering Path (APISIX Side)
Section titled “Request Filtering Path (APISIX Side)”/api/* route uses APISIX serverless-pre-function:
- Read request body.
- POST body to
http://sidecar:8000/auth. - Interpret decision:
200: continue to upstream.403: block.- sidecar failure: controlled by
SAFELLM_FAIL_OPEN.
This is the critical pattern for LLM security because the gateway needs body-level inspection, not only headers.
Configuration Knobs
Section titled “Configuration Knobs”APISIX_HTTP_PORT: host port for APISIX (19080default in reference stack).SAFELLM_TIMEOUT_MS: APISIX to sidecar timeout.SAFELLM_MAX_BODY_SIZE: body limit in APISIX pre-check.SAFELLM_FAIL_OPEN:false: safer default (fail-closed).true: higher availability, weaker security posture during sidecar outages.
Operations Checklist (Before Production)
Section titled “Operations Checklist (Before Production)”Reference stack is for evaluation. For production, add:
- TLS termination and cert automation.
- APISIX admin plane hardening and auth.
- Secret management (not plain env files).
- Logs/metrics shipping to your observability backend.
- Replica and failure-domain strategy for gateway, sidecar, and Redis.
- Policy decisions on fail-open/fail-closed with incident runbooks.
Troubleshooting
Section titled “Troubleshooting”Port already in use
Section titled “Port already in use”Change .env:
APISIX_HTTP_PORT=29080Sidecar cannot reach Redis
Section titled “Sidecar cannot reach Redis”Validate container health:
docker compose psdocker compose logs --tail=100 redis sidecarRequests not blocked in malicious tests
Section titled “Requests not blocked in malicious tests”Verify mode:
docker compose exec sidecar printenv SHADOW_MODEIf it is true, behavior is expected: log-only mode.
Cleanup
Section titled “Cleanup”docker compose down -v