Skip to main content

Gateway Architecture

A deep dive into the technical stack and design of the LibreApps Gateway.

Overview

The LibreApps Gateway is built on Apache APISIX, a high-performance, cloud-native API gateway.

Technical Stack

  • Apache APISIX: The core gateway engine built on NGINX and OpenResty.
  • etcd: Distributed key-value store for configuration.
  • Keycloak: Identity provider for OIDC/JWT authentication.
  • LiteLLM: FastAPI-based proxy for AI model routing.

Request Lifecycle

  1. Incoming Request: A request from LibreApps Desktop frontend arrives at the Gateway.
  2. Route Matching: APISIX matches the request against its etcd-stored configuration.
  3. Plugin Execution: APISIX executes plugins for authentication, rate limiting, and transformation.
  4. Upstream Routing: APISIX forwards the request to the appropriate service (e.g., LiteLLM, Keycloak).
  5. Response Handling: The response is sent back to the client, potentially after being modified by post-plugins.

Security Layer

The Gateway integrates with Keycloak to secure all routes. It validates the Authorization header of incoming requests and ensures that the user has the necessary roles to access the requested resource.

Best Practices

  • Do this: Keep your Gateway filters simple and efficient to minimize latency.
  • Do this: Use Hystrix dashboards to monitor the health of your backend services.
  • Don't do this: Perform heavy business logic inside the Gateway; delegate that to the backend microservices.