Skip to content
/ Ollama-gateway Public

A lightweight program to add auth for ollama service

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zyazhb/Ollama-gateway

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Ollama Gateway

A secure API gateway for Ollama that adds authentication, IP whitelisting, and access control to your Ollama server.

Overview

Ollama Gateway is a lightweight proxy server that sits in front of your Ollama instance, providing:

  • API Key Authentication: Secure your Ollama server with API key authentication
  • IP Whitelisting: Restrict access to specific IP addresses or ranges
  • Trusted IPs: Allow certain IPs to bypass authentication
  • Request Logging: Log all requests to your Ollama server
  • Debug Mode: Detailed logging for troubleshooting

This gateway is particularly useful when you want to expose your Ollama server to a network while maintaining security and access control.

Installation

Prerequisites

  • Go 1.16 or higher (if building from source)
  • An Ollama server running locally or remotely

Building from Source

git clone https://github.com/zyazhb/ollama-gateway.git
cd ollama-gateway
go build -o ollama-gateway main.go

Usage

Basic Usage

Run the gateway with default settings:

./ollama-gateway

This will:

  • Listen on 0.0.0.0:11434
  • Forward requests to a local Ollama server at 127.0.0.1:11434
  • Require the default API key ollama-gateway

Command Line Options

Usage of ollama-gateway:
  -listen string
        Address to listen on (default "0.0.0.0:11434")
  -target string
        Target Ollama server address (default "127.0.0.1:11434")
  -apikey string
        API key for authentication (default "ollama-gateway")
  -apikey-param string
        URL parameter name for API key (default "api_key")
  -apikey-header string
        Header name for API key (default "X-API-Key")
  -whitelist string
        Comma-separated list of IP addresses/ranges in CIDR notation (e.g. 127.0.0.1/32,192.168.0.1/24)
  -trusted-ips string
        Comma-separated list of IP addresses/ranges in CIDR notation that can bypass authentication
  -debug
        Enable debug logging

Examples

Custom API Key and Port

./ollama-gateway -listen 0.0.0.0:8080 -apikey my-secret-key

Connect to Remote Ollama Server

./ollama-gateway -target ollama-server.internal:11434

IP Whitelisting

./ollama-gateway -whitelist "192.168.1.0/24,10.0.0.5/32"

Trusted IPs (Bypass Authentication)

./ollama-gateway -trusted-ips "10.0.0.0/8,192.168.1.10/32"

Debug Mode

./ollama-gateway -debug

Client Usage

When connecting to the gateway, clients must provide the API key in one of two ways:

  1. As a URL parameter:

    http://gateway-address:11434/api/generate?api_key=ollama-gateway

  2. As an HTTP header:

    X-API-Key: ollama-gateway

Security Considerations

  • Change the default API key when deploying in production
  • Regularly review access logs for unauthorized access attempts
  • Consider using both IP whitelisting and API key authentication for sensitive deployments

About

A lightweight program to add auth for ollama service

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

V0.1 Latest
Mar 12, 2025

Languages