662fbfb442
Two production-hardening changes triggered by real issues found on the
first prod attempt against neuronetz-ai-01.
1. Upstream auth (the production Ollama is fronted by an auth proxy):
- New config: OLLAMA_AUTH_TOKEN (pydantic SecretStr — never appears in
repr/logs/errors), plus OLLAMA_AUTH_HEADER (default "Authorization")
and OLLAMA_AUTH_SCHEME (default "Bearer") for stacks that expect a
non-standard header like X-API-Key.
- lifespan._build_upstream_headers() injects the configured header into
the single shared httpx client used by both the proxy hot path AND
the discovery poller, so /api/tags + /api/chat both authenticate
against the upstream automatically.
- New CLI: `neuronetz-gateway probe-ollama` — uses the same client
config to GET /api/version and /api/tags, reports success/transport-
error/HTTP-status, lists the first few discovered models, exits 1 on
any failure. The token itself is never printed (only whether one
was attached). Lets ops verify upstream reachability before letting
real traffic through.
- docker-compose.yml passes OLLAMA_AUTH_TOKEN/HEADER/SCHEME through;
.env.example documents them with a leave-blank-for-internal-Ollama
default.
2. Volume adoption (don't lose existing model data on re-deploy):
- docker-compose.yml now pins absolute Docker volume NAMES for both
postgres_data and ollama_data, configurable via POSTGRES_DATA_VOLUME
and OLLAMA_DATA_VOLUME. Defaults preserve the previous per-project
names so existing deployments aren't disturbed.
- This addresses the scenario where deploying this compose under a new
project directory created fresh, empty volumes alongside an existing
`neuro-ollama_ollama-data` volume containing pre-pulled models (incl.
deepseek-r1:14b, qwen2.5:14b, gemma3:12b, ...). Setting
OLLAMA_DATA_VOLUME=neuro-ollama_ollama-data in .env tells the new
stack to mount the existing volume in place — no copy, no downtime.
- .env.example documents the override with the exact host's volume name
as an example.
Both changes are ruff + mypy --strict clean.
neuronetz-gateway
A secure, multi-tenant API gateway in front of an Ollama instance. It is the hot path of the Neuronetz API: every request to the models flows through here, authenticated, rate-limited, budgeted, and audited.
The Ollama backend is never reachable from the public internet. It is bound to an internal Docker network with no published ports. All access is via this gateway, behind TLS terminated by Caddy.
Status: v0.1.0 — in development. See
scope-docs/SPEC.mdfor the full specification andscope-docs/AGENT_PROMPT.mdfor the phased build plan.SPEC.mdis the source of truth.
What it does
- Auth — API keys as Bearer tokens, stored as Argon2id hashes, verified in constant time.
- Multi-tenant — tenants own keys; limits and budgets inherit tenant → key.
- Rate limiting — per-key and per-tenant RPM / TPM / concurrent connections.
- Budgets — daily / monthly / total token budgets, enforced fail-closed.
- Dual API surface — native Ollama (
/api/*) and OpenAI-compatible (/v1/*), both streaming. - Hard-blocked mutations —
/api/pull,/api/push,/api/create,/api/copy,/api/delete,/api/blobs/*always return 403. Not configurable. - Audit log — always-on request metadata; opt-in, TTL'd prompt logging per key.
Administration (dashboards, tenant self-service) lives in a separate service,
neuronetz-console; it is not part of this repository.
Architecture
Internet ──TLS──> Caddy ──HTTP──> gateway ──┬──> Postgres (keys, budgets, audit)
├──> Redis (key cache, rate limits)
└──> Ollama (internal network only)
Quickstart (dev)
Requires Docker + Docker Compose. The dev stack runs Postgres, Redis, and the gateway —
no Caddy and no Ollama (so /readyz reports 503 until a real Ollama backend is wired
in; that is expected).
git clone <repo> neuronetz-gateway && cd neuronetz-gateway
cp .env.example .env # adjust if you like; defaults work for local dev
docker compose -f docker-compose.dev.yml up --build
The gateway runs alembic upgrade head on startup, then serves on http://localhost:8080.
curl -i http://localhost:8080/healthz # -> 200 {"status":"ok"}
curl -i http://localhost:8080/readyz # -> 503 (no Ollama backend in the dev stack)
Production
docker-compose.yml brings up the full stack — Caddy (TLS via Let's Encrypt for
api.neuronetz.ai), the gateway, Postgres, Redis, and Ollama. The ollama service has
no ports: mapping and is reachable only on the internal Docker network. See
docs/DEPLOYMENT.md (added in a later phase) and
ops/caddy/Caddyfile.example.
Managing tenants and keys
Use the bootstrap CLI (Typer). Keys have the form nz_<prefix><secret>; the full key is
printed exactly once at creation and only its Argon2id hash is stored.
neuronetz-gateway create-tenant --name acme
neuronetz-gateway create-key --tenant acme --name prod-server-1
neuronetz-gateway list-keys --tenant acme
neuronetz-gateway revoke-key --prefix nz_abc12345
Development
just dev # run the dev stack
just test # pytest + coverage
just lint # ruff
just typecheck # mypy --strict
just migrate # alembic upgrade head
Tooling: Python 3.12, uv, FastAPI + uvicorn, SQLAlchemy 2.0 (async) + asyncpg, Redis,
httpx, structlog, Pydantic. Lint/type/security gates: ruff, mypy --strict, bandit,
pip-audit.
License
Apache 2.0 — see LICENSE. Owner: Stephan Berbig / Neuronetz.