轻舟 AIOpenAI API Proxy Setup Guide
OpenAI API Proxy and Relay Setup Guide
An API proxy or relay service sits between your application and the OpenAI API, providing benefits like improved reliability, access from restricted regions, load balancing, cost management, and enhanced security. This guide covers why you need a proxy, how to set one up, and how to use managed relay services.
Why Use an API Proxy?
- Regional access — Access OpenAI from countries where the API is not directly available
- Reliability — Automatic retries, failover, and load balancing across accounts
- Security — Hide upstream API keys from client applications
- Cost control — Per-user or per-project spending limits and usage tracking
- Rate limit pooling — Distribute requests across multiple API accounts
- Logging and monitoring — Centralized request logging and analytics
- Multi-provider routing — Route to different AI providers through one interface
Option 1: Use a Managed Relay Service (Recommended)
The fastest way to get started is with a managed relay service like claude4u.com. No server setup required:
# Just change the base URL - no other code changes needed
export OPENAI_BASE_URL="https://claude4u.com/v1"
export OPENAI_API_KEY="your-relay-api-key"
from openai import OpenAI
client = OpenAI(
api_key="your-relay-key",
base_url="https://claude4u.com/v1"
)
# Everything works exactly the same
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello!"}]
)
print(response.choices[0].message.content)
Tip: claude4u.com provides an OpenAI-compatible relay with automatic load balancing, multi-account pooling, rate limit management, and support for OpenAI, Claude, and Gemini models through a single endpoint. It is the simplest path to reliable API access.
Option 2: Nginx Reverse Proxy
Set up a basic Nginx reverse proxy on your own server:
# /etc/nginx/conf.d/openai-proxy.conf
server {
listen 443 ssl;
server_name api-proxy.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/api-proxy.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api-proxy.yourdomain.com/privkey.pem;
location /v1/ {
proxy_pass https://api.openai.com/v1/;
proxy_set_header Host api.openai.com;
proxy_set_header Authorization $http_authorization;
proxy_set_header Content-Type $http_content_type;
# SSE streaming support
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 300s;
# CORS headers (if needed for browser clients)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Content-Type";
}
}
Option 3: Cloudflare Workers Proxy
// Cloudflare Worker script
export default {
async fetch(request) {
const url = new URL(request.url);
url.hostname = 'api.openai.com';
const modifiedRequest = new Request(url, {
method: request.method,
headers: request.headers,
body: request.body
});
return fetch(modifiedRequest);
}
};
Option 4: Node.js Express Proxy
import express from 'express';
import { createProxyMiddleware } from 'http-proxy-middleware';
const app = express();
app.use('/v1', createProxyMiddleware({
target: 'https://api.openai.com',
changeOrigin: true,
onProxyReq: (proxyReq, req) => {
// Optionally inject a server-side API key
proxyReq.setHeader('Authorization', `Bearer ${process.env.OPENAI_API_KEY}`);
},
onProxyRes: (proxyRes) => {
// Disable buffering for streaming
proxyRes.headers['cache-control'] = 'no-cache';
}
}));
app.listen(3000, () => console.log('Proxy running on port 3000'));
Warning: Self-hosted proxies require you to manage SSL certificates, uptime monitoring, security patches, and scaling. For production workloads, a managed relay service is significantly less operational burden.
Docker Deployment
# Dockerfile for Node.js proxy
FROM node:20-slim
WORKDIR /app
COPY package*.json ./
RUN npm ci --production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]
# docker-compose.yml
version: '3.8'
services:
openai-proxy:
build: .
ports:
- "3000:3000"
environment:
- OPENAI_API_KEY=${OPENAI_API_KEY}
restart: unless-stopped
Adding Authentication to Your Proxy
// Simple API key authentication middleware
function authenticate(req, res, next) {
const clientKey = req.headers['authorization']?.replace('Bearer ', '');
const validKeys = new Set(process.env.ALLOWED_KEYS?.split(',') || []);
if (!clientKey || !validKeys.has(clientKey)) {
return res.status(401).json({ error: 'Invalid API key' });
}
// Replace client key with actual OpenAI key
req.headers['authorization'] = `Bearer ${process.env.OPENAI_API_KEY}`;
next();
}
app.use('/v1', authenticate, proxyMiddleware);
Testing Your Proxy
# Test with cURL
curl https://your-proxy.com/v1/chat/completions \
-H "Authorization: Bearer your-proxy-key" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'
# Test with Python
from openai import OpenAI
client = OpenAI(
api_key="your-proxy-key",
base_url="https://your-proxy.com/v1"
)
print(client.models.list())
Choosing the Right Approach
- Managed relay (claude4u.com) — Best for most teams. Zero maintenance, instant setup, multi-provider support.
- Nginx proxy — Good for simple forwarding when you already have server infrastructure.
- Cloudflare Worker — Great for edge deployment with minimal latency. Limited to 30-second request timeout.
- Custom Node.js proxy — Best when you need custom logic like authentication, logging, or request transformation.
Tip: Regardless of which approach you choose, ensure your proxy supports Server-Sent Events (SSE) for streaming. Many basic proxy configurations buffer responses, which breaks streaming and defeats its purpose.
Get Started with 轻舟 AI
Stable, fast AI API relay — supports Claude, OpenAI, Gemini and more
Sign Up Free