• Skip to secondary menu
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Projects
  • Products
  • Themes
  • Tools
  • Request for Quote

Vengala Vinay

Having 12+ Years of Experience in Software Development

  • Home
  • WordPress
  • PHP
    • Codeigniter
  • Django
  • Magento
  • Selenium
  • Server
Home » Advanced Server Management: Setting Up an Ollama Reverse Proxy

Advanced Server Management: Setting Up an Ollama Reverse Proxy

If you’re running Ollama on your Ubuntu server, you likely know it defaults to 127.0.0.1:11434. While this works for local testing, exposing it securely to external platforms requires a robust reverse proxy. In this guide, we’ll use Apache to bridge that gap and secure your firewall.


Step 1: Enable Necessary Apache Modules

To act as a proxy, Apache needs its proxy and proxy_http modules enabled. Run the following commands:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo systemctl restart apache2

Step 2: Configure the VirtualHost

Create or edit your site configuration file (e.g., /etc/apache2/sites-available/qwen7b.vengalavinay.com.conf). This setup handles the internal rerouting and security layers.

<VirtualHost *:80>
    ServerName qwen7b.vengalavinay.com

    # Reroute traffic to the local Ollama instance
    ProxyPreserveHost Off
    ProxyPass / http://127.0.0.1:11434/
    ProxyPassReverse / http://127.0.0.1:11434/

    # Security: Basic Authentication
    <Location />
        AuthType Basic
        AuthName "Restricted AI Access"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Location>

    # Important: Prevent Ollama from parsing the Auth header
    RequestHeader unset Authorization
</VirtualHost>

💡 Pro Tip: ProxyPreserveHost Off. Setting this to Off ensures that Ollama sees the request as coming from localhost. Since Ollama is configured to trust local traffic, this prevents cross-origin rejection (CORS) errors.


Step 3: Secure Your Firewall (UFW)

One of the most critical steps in any reverse proxy setup is ensuring your internal ports are not accessible from the outside. You want all traffic to go through Apache (Port 80/443), where your authentication and SSL are handled.

1. Deny Remote Access to Ollama

By default, Ollama only listens on 127.0.0.1, but if you’ve ever changed that setting, you must ensure the firewall blocks external attempts to reach port 11434:

sudo ufw deny 11434/tcp

2. Only Allow Standard Web Ports

Ensure that only the standard HTTP and HTTPS ports are open globally:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw status verbose

With these rules, anyone attempting to reach http://your-ip:11434 will be blocked, forcing them to use https://qwen7b.vengalavinay.com where they will be prompted for your Basic Auth credentials.


Step 4: Handling Authorization Conflicts

One common “gotcha” when proxying Ollama is that Ollama’s built-in API parser might try to interpret the Authorization header you’re using for Apache. This often leads to a 401 Unauthorized response even if your credentials are correct.

The solution is to use RequestHeader unset Authorization within your Apache config. This strips the header after Apache has verified the user but before it hands the request over to Ollama.


✅ Verification

After saving your configuration and restarting Apache, try to access your endpoint using curl:

curl -u your_username:your_password https://qwen7b.vengalavinay.com/v1/chat/completions

You should now have a fully functional, secure gateway to your local AI models!

Primary Sidebar

A little about the Author

Having 12+ Years of Experience in Software Development, Vinay is a principal software architect, senior systems engineer, and elite technical consultant. He specializes in bespoke PHP/WordPress development, high-performance Magento 2 & Shopify architectures, custom plugin/theme development from scratch, and legacy code modernization (including VB6, VB.NET, PyQt, and Crystal Reports). Known for solving complex database bottlenecks, speed optimization (Core Web Vitals), and advanced security code auditing, Vinay engineers production-ready systems designed to scale under heavy concurrent load conditions.



Chat on WhatsApp

Recent Posts

  • Install PHP 5.6 , Mysql , phpMyAdmin, Apache Server using XAMPP 5.6.40
  • Creating your first plugin
  • Implementing automated compliance reporting for custom member profile directories ledgers using native PHP ZipArchive streams
  • Performance Optimization: Tuning PHP-FPM and opcache pools for high-concurrency Twilio SMS Gateway handlers
  • Advanced Diagnostics: Locating slow Active Record Wrapper query bottlenecks in WooCommerce custom checkout pipelines

Categories

  • apache (1)
  • Business & Monetization (390)
  • Centos (4)
  • Comparisons & Decision Making (55)
  • Debian (2)
  • Debugging & Troubleshooting (663)
  • Desktop Applications (14)
  • DevOps (7)
  • DevOps & Cloud Scaling (962)
  • Django (1)
  • Laravel (4)
  • Migration & Architecture (192)
  • Mobile Applications (24)
  • MySQL (1)
  • Performance & Optimization (873)
  • PHP (5)
  • PHP Development (49)
  • Plugins & Themes (244)
  • Programming Languages (10)
  • Python (20)
  • Ruby on Rails (1)
  • Security & Compliance (650)
  • SEO & Growth (492)
  • Server (118)
  • Softwares (1)
  • Ubuntu (9)
  • VB6 & VB.NET (8)
  • Web Applications & Frontend (19)
  • Web Assembly (Wasm) (2)
  • WordPress (22)
  • WordPress Plugin Development (728)
  • WordPress Theme Development (357)

Recent Posts

  • Install PHP 5.6 , Mysql , phpMyAdmin, Apache Server using XAMPP 5.6.40
  • Creating your first plugin
  • Implementing automated compliance reporting for custom member profile directories ledgers using native PHP ZipArchive streams

Top Categories

  • DevOps & Cloud Scaling (962)
  • Performance & Optimization (873)
  • WordPress Plugin Development (728)
  • Debugging & Troubleshooting (663)
  • Security & Compliance (650)
  • SEO & Growth (492)

Our Products

  • ERP & LMS Systems (4)
  • Directories & Marketplaces (4)
  • Healthcare Portals (3)
  • Point of Sale (POS) (2)
  • E-Commerce Engines (2)

Our Services

  • E-Commerce Development (10)
  • WordPress Development (8)
  • Python & Desktop GUI (7)
  • General Consulting (7)
  • Legacy Modernization (5)
  • Mobile App Development (4)

Copyright © 2026 · Vinay Vengala