Secure Ollama API Deployment with Nginx Reverse Proxy

🚀 Secure Ollama API with Nginx — Deployment Guide

Deploy Ollama behind Nginx with HTTPS (SSL) and Basic Authentication using Docker Compose.

🔧 Step 1: Create Certificates and Auth

mkdir -p nginx/certs nginx/auth
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout nginx/certs/server.key \
  -out nginx/certs/server.crt \
  -subj "/CN=192.168.0.6"

htpasswd -cb nginx/auth/.htpasswd admin yourpassword

🧩 Step 2: Nginx Configuration

events {}
http {
  server {
    listen 443 ssl;

    ssl_certificate     /etc/nginx/certs/server.crt;
    ssl_certificate_key /etc/nginx/certs/server.key;

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/auth/.htpasswd;

    location / {
      proxy_pass http://ollama:11434;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }
}

📦 Step 3: Docker Compose Setup

version: '3'
services:
  ollama:
    image: ollama/ollama
    container_name: ollama
    restart: unless-stopped
    networks:
      - internal
    volumes:
      - ollama-data:/root/.ollama

  nginx:
    image: nginx:alpine
    container_name: nginx-secure
    restart: unless-stopped
    ports:
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/auth:/etc/nginx/auth:ro
      - ./nginx/certs:/etc/nginx/certs:ro
    depends_on:
      - ollama
    networks:
      - internal

volumes:
  ollama-data:

networks:
  internal:
    driver: bridge

⚙️ Step 4: Run & Test

docker-compose up -d
docker exec -it ollama ollama pull llama3

curl -k -u admin:yourpassword https://192.168.0.6/api/generate -d '{
  "model": "llama3",
  "prompt": "What is the capital of France?"
}'

Expected Output: The capital of France is Paris.

🔍 Health Check Summary

ComponentCommandExpected
Nginxdocker ps | grep nginx-secureContainer running
Ollamadocker ps | grep ollamaContainer running
Modeldocker exec ollama ollama listShows llama3
SSL Accesscurl -k https://192.168.0.6403 Forbidden
Auth Accesscurl -k -u admin:yourpassword https://192.168.0.6Success

💡 Pro Tip: For public deployments, replace self-signed SSL with Let's Encrypt and rotate passwords frequently.

© 2025 • Secure Ollama API Deployment • Made with 💚 by Sidhesh

Comments

Post a Comment

Popular posts from this blog

Install & Configure GLPI on Ubuntu (Nginx + MariaDB + PHP 8.3) — Full SOP 2025

🧭 Install & Configure GLPI on Ubuntu (Nginx + MariaDB + PHP 8.3) — Full SOP 2025 Comprehensive setup guide for GLPI 10.x using Nginx , MariaDB , and PHP 8.3 on Ubuntu 22.04/24.04 LTS. 📋 1. Prerequisites Ubuntu 22.04/24.04 with sudo/root privileges DNS record or hostname (e.g. glpi.localhost or glpi.example.com ) Updated system packages sudo apt update && sudo apt upgrade -y ⚙️ 2. Install Required Packages 2.1 Nginx Web Server sudo apt install -y nginx sudo nano /etc/nginx/sites-available/glpi.conf server { listen 80; listen [::]:80; server_name glpi.localhost; root /var/www/glpi/public; location / { try_files $uri /index.php$is_args$args; } location ~ ^/index\.php$ { fastcgi_pass unix:/run/php/php8.3-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } sudo ln -s /etc/...
Read more

Basic Linux Commands

🐧 Linux Basic Commands — Quick Reference A comprehensive yet compact beginner's guide to Linux file system, commands, permissions, networking, users, and more. 📘 Why Learn Linux? Linux powers everything from servers and clouds to IoT devices. Whether you’re a developer, sysadmin, or cloud engineer, Linux skills are essential . Works seamlessly with Windows and macOS. Hosts most cloud workloads and containers. Open source, modular, and secure. 📂 1. Linux File System Hierarchy / ├── bin ├── boot ├── dev ├── etc ├── home │ ├── alice │ ├── bob │ └── eve ├── root ├── run ├── sbin ├── tmp ├── usr │ ├── bin │ ├── local │ │ ├── bin │ │ ├── sbin │ └── sbin └── var /boot – Kernel & bootloader files /etc – System configuration /home – User directories /usr – Installed software /var – Logs, spools /tmp – Temporary data 📁 2. File Management & Navigation Absolute vs Relative Paths Absolute: /var/log/syslog Relative: log/s...
Read more