mirror/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2026-06-03 22:07:58 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
415b56194752d2d80576f050d462beaaea993d7f
LocalAI/docs/content/advanced/reverse-proxy-tls.md
LocalAI [bot] 7e59a5c7c5 docs: architecture & feature diagrams (blueprint style) (#10137) 
* docs: add 'how LocalAI works' architecture diagram

Add a blueprint-style architecture diagram: clients -> small core (API,
router, WebUI, agents) -> gRPC -> backend processes pulled on demand as
OCI images. Place it on the overview page and replace the stale external
architecture image on the reference page.

Assisted-by: Claude:claude-opus-4-8 [Claude Code]
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>

* docs: add blueprint diagrams across feature, distributed & getting-started docs

Add 24 architecture/flow/comparison diagrams (PNG + HTML source) under
docs/static/images/diagrams/, wired into their docs pages, from an
impact-vs-effort audit of the docs. Broaden the API surface on the
overview architecture diagram (OpenAI, Anthropic, ElevenLabs, Ollama,
and LocalAI's own API) and move the gRPC boundary label clear of the arrows.

Pages: distributed mode (architecture, scheduling, ds4 layer-split),
distributed inferencing, MLX, realtime, quantization, MCP, agents,
mitm & cloud proxy, middleware, reverse-proxy TLS, VRAM, voice & face
recognition, reranker, function calling, fine-tuning (recipe + jobs),
diarization, audio transform, quickstart, model resolution.

Assisted-by: Claude:claude-opus-4-8 [Claude Code]
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>

* docs: add composable-core diagram to README hero

Commit the composable-core card (small core + on-demand backend tiles)
alongside the other diagrams and reference it from the README hero via a
repo-relative path, so it renders on GitHub.

Assisted-by: Claude:claude-opus-4-8 [Claude Code]
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>

* docs: fix composable-core connectors/badge and federated-vs-worker layout

- composable-core: thicken the plug-in connectors so they read clearly, and
  widen the SEPARATE IMAGE badge so its text no longer overflows the box.
- federated-vs-worker: shorten the WHOLE/SPLIT REQUEST pills to fit, and
  replace the tangled node-to-node activation arrows with a clean fan-out
  (request split across all sharded nodes), mirroring the federated panel.

Assisted-by: Claude:claude-opus-4-8 [Claude Code]
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>

---------

Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Co-authored-by: Ettore Di Giacinto <mudler@localai.io>
2026-06-02 18:43:22 +02:00

4.5 KiB
Raw Blame History

title, description, weight
title description weight
TLS Reverse Proxy Configuration Configure LocalAI behind a TLS termination reverse proxy (HAProxy, Apache, Nginx) 100

TLS at the edge: terminate TLS at the reverse proxy and forward headers so LocalAI emits correct https URLs

TLS Reverse Proxy Configuration

When running LocalAI behind a TLS termination reverse proxy, the Web UI may fail to load static assets (CSS, JS) correctly because the application doesn't automatically detect that it's being served over HTTPS. This guide explains how to properly configure your reverse proxy to work with LocalAI.

How It Works

LocalAI uses the X-Forwarded-Proto HTTP header to determine the protocol used by clients. When this header is set to https, LocalAI will generate HTTPS URLs for static assets in the Web UI.

Required Headers

Your reverse proxy must forward these headers to LocalAI:

Header Purpose
X-Forwarded-Proto Set to https when TLS is terminated at the proxy
X-Forwarded-Host The original host requested by the client
X-Forwarded-Prefix Any path prefix if LocalAI is served under a sub-path

HAProxy Configuration

frontend https-in
    bind *:443 ssl crt /path/to/cert.pem
    mode http
    
    # Set the X-Forwarded-Proto header
    http-request set-header X-Forwarded-Proto https
    
    # Pass the original host
    http-request set-header X-Forwarded-Host %[hdr(host)]
    
    # If serving under a sub-path, set the prefix
    # http-request set-header X-Forwarded-Prefix /localai
    
    default_backend localai

backend localai
    mode http
    server localai1 127.0.0.1:8080 check

Apache Configuration

<VirtualHost *:443>
    ServerName your-domain.com
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
    
    # Enable proxy and headers modules
    ProxyRequests Off
    ProxyPreserveHost On
    
    <Proxy *>
        Require all granted
    </Proxy>
    
    # Set the X-Forwarded-Proto header
    RequestHeader set X-Forwarded-Proto "https"
    
    # Set the X-Forwarded-Host header (optional, usually automatic)
    RequestHeader set X-Forwarded-Host "%{HTTP_HOST}s"
    
    # If serving under a sub-path
    # RequestHeader set X-Forwarded-Prefix "/localai"
    
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

Nginx Configuration

server {
    listen 443 ssl;
    server_name your-domain.com;
    
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    # Set the X-Forwarded-Proto header
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Pass the original host
    proxy_set_header X-Forwarded-Host $host;
    
    # If serving under a sub-path
    # proxy_set_header X-Forwarded-Prefix /localai;
    
    # Other proxy settings
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

Serving Under a Sub-Path

If you serve LocalAI under a sub-path (e.g., https://your-domain.com/localai), you need to:

  1. Configure your reverse proxy to set the X-Forwarded-Prefix header

Example with Nginx:

proxy_set_header X-Forwarded-Prefix /localai;

Testing Your Configuration

  1. Start LocalAI: localai
  2. Configure your reverse proxy as shown above
  3. Access the Web UI through the proxy
  4. Check the browser's developer console for any mixed content warnings or failed asset loads
  5. Verify that the HTML source contains https:// URLs for static assets

Troubleshooting

Static Assets Not Loading

  • Verify the X-Forwarded-Proto header is being forwarded
  • Check that the header value is exactly https (lowercase)
  • Inspect the network tab in your browser to see which requests are failing

Mixed Content Warnings

  • Ensure LocalAI is generating HTTPS URLs (check the BaseURL middleware is working)
  • Verify the X-Forwarded-Proto header is set before LocalAI processes the request

Redirect Loops

  • Check that your proxy is not adding duplicate headers
  • Verify X-Forwarded-Proto is not being set to both http and https

Security Note

When using reverse proxies, ensure your proxy only accepts connections from trusted sources and properly validates SSL certificates. Never expose LocalAI directly to the internet without TLS termination.

Reference in New Issue View Git Blame Copy Permalink