LockLLM
Go back

Reverse Proxy

Overview

A reverse proxy integration allows you to scan all LLM requests automatically by setting up your own proxy infrastructure with Nginx, Apache, or Node.js. LockLLM sits between your application and the LLM provider, inspecting and filtering requests in real-time.

This approach is for advanced or enterprise users who need on-premise deployment, complex custom routing logic, or integration with existing proxy infrastructure. For most users, Proxy Mode is the better choice.

When to Use Custom Reverse Proxy

Use a custom reverse proxy only if you need:

  • Complex custom routing logic
  • On-premise deployment requirements
  • Integration with existing proxy infrastructure
  • advanced or enterprise caching or rate limiting beyond LockLLM
  • Custom modifications to requests/responses

Setup Options

You can set up a custom reverse proxy using several popular web server technologies:

  • Nginx with OpenResty: High-performance, production-ready solution with Lua scripting
  • Apache with mod_lua: Flexible solution for existing Apache infrastructure
  • Node.js proxy: Lightweight solution with Express and http-proxy-middleware
  • Docker Compose: Complete containerized setup for easy deployment

Basic Architecture

Your App → Your Reverse Proxy (with LockLLM scanning) → LLM Provider

The proxy:
1. Receives requests from your application
2. Scans the prompt with LockLLM API
3. Blocks malicious requests or forwards safe ones
4. Returns the LLM response to your application

Key Features

  • Full Control: Complete control over proxy infrastructure and configuration
  • On-Premise Deployment: Run entirely within your own network
  • Custom Logic: Add custom routing, caching, or rate limiting
  • Multi-Provider: Works with OpenAI, Anthropic, Google, Cohere, and more
  • Caching Options: Implement Redis caching for scan results
  • Fail-Safe Modes: Choose fail-open or fail-closed behavior

Configuration Requirements

To set up a custom reverse proxy, you'll need:

  • Web Server: Nginx with OpenResty, Apache with mod_lua, or Node.js
  • LockLLM API Key: To authenticate scanning requests
  • SSL Certificates: For HTTPS connections
  • Optional: Redis for caching scan results

Best Practices

  • Use HTTPS: Always use SSL/TLS for proxy connections
  • Enable Caching: Cache scan results to reduce latency and API calls
  • Implement Retries: Retry failed scans with exponential backoff
  • Monitor Performance: Track scan latency and adjust timeouts
  • Log Blocked Requests: Keep audit logs of blocked requests
  • Set Appropriate Timeouts: Configure reasonable timeouts (e.g., 5 seconds)

Getting Started

Generate your LockLLM API key in the dashboard, then follow the complete setup guides in the reverse proxy documentation. The guide includes detailed configurations for Nginx, Apache, Node.js, and Docker Compose setups.