ollama-auth-proxy
This tool is a small HTTP reverse proxy that adds authentication headers to outgoing HTTP requests. It is intended to provide access to an Ollama instance that is behind authentication, while the ollama client still has no direct auth support.
Save your ollama secret API key in a file somewhere, say ~/.ollama-api-key, and then run:
go install git.autistici.org/ula/ollama-auth-proxy@latest
~/go/bin/ollama-auth-proxy --token=$(cat ~/.ollama-api-key) --target=https://my.server.com &The tool will bind to port 11434 on localhost and forward requests to the remote authenticated API. Now you can use the ollama CLI tool as if you had a locally running server.
Usage with systemd
Having to run the above command whenever you want to connect is annoying, it's better to set up a systemd service to automatically start the proxy when you run "ollama". To do so, one can use the files in the systemd/ directory in this repository:
First, create the configuration directory where you'll store your private API key:
mkdir -p ~/.config/ollama-auth-proxy
chmod 700 ~/.config/ollama-auth-proxyThen write your API key in the config file in that directory, either with an editor or:
echo TOKEN="my-secret-api-key" > ~/.config/ollama-auth-proxy/configInstall the systemd units to the user systemd configuration directory. Making them "user" units means they'll start when you log in and terminate upon logging out:
mkdir -p ~/.config/systemd/user
cp systemd/ollama-auth-proxy.* ~/.config/systemd/userFinally reload systemd and start the service:
systemctl --user daemon-reload
systemctl --user enable ollama-auth-proxy.socket
systemctl --user start ollama-auth-proxy.socketNow systemd will be listening on localhost:11434, and the proxy will automatically be started at the first connection attempt.