Aller au contenu
Chad Feierstein

Linux - Installation Ollama

Un guide complet étape par étape pour installer Ollama sur Debian 12 avec un reverse proxy Apache2, le chiffrement SSL et l'authentification HTTP Basic pour un usage d'API publique sécurisé.

Debian 12OllamaApache2SSL/TLSAPI

Étapes d'Installation

Update package lists again

apt update -y && apt upgrade -y

Install basic packages

apt install sudo curl

Download and install Ollama

curl -fsSL https://ollama.com/install.sh | sh

Download and test small test model

ollama run gemma3:4b

Open Ollama service configuration

systemctl edit ollama.service

Add the following environment variables

override.conf
1
2
3
4
[Service]Environment="OLLAMA_NUM_PARALLEL=6"Environment="OLLAMA_MAX_QUEUE=512"Environment="OLLAMA_MAX_LOADED_MODELS=3"

Reload systemd manager

sudo systemctl daemon-reexec

Reload Ollama service

sudo systemctl daemon-reload

Restart Ollama service

sudo systemctl restart ollama

Install Apache2 and SSL modules

sudo apt update && sudo apt install apache2 apache2-utils -y

Enable required Apache modules

sudo a2enmod proxy proxy_http ssl headers rewrite

Restart Apache2

sudo systemctl restart apache2

Install Certbot for Let's Encrypt

sudo apt install certbot python3-certbot-apache -y

Request SSL certificate for domain

sudo certbot --apache -d server.chad.lu --register-unsafely-without-email

Create directory for auth files

sudo mkdir -p /etc/apache2/htpasswd

Create user with password for HTTP Basic Auth

sudo htpasswd -c /etc/apache2/htpasswd/ollama-api.htpasswd apiuser

Enter a secure password when prompted

Create the Apache Virtual Host configuration file

server.chad.lu.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<VirtualHost *:80>    ServerName server.chad.lu    Redirect permanent / https://server.chad.lu/</VirtualHost> <VirtualHost *:443>    ServerName server.chad.lu    DocumentRoot /var/www/server.chad.lu     <Directory /var/www/server.chad.lu>        Options Indexes FollowSymLinks        AllowOverride All        Require all granted    </Directory>     # Rewrite-Rule for redirect outside of /ollama/    RewriteEngine On    RewriteCond %{REQUEST_URI} !^/ollama/    RewriteRule ^ https://www.chad.lu%{REQUEST_URI} [R=301,L]     # Proxy Ollama API    ProxyPreserveHost On    ProxyPass "/ollama/" "http://localhost:11434/"    ProxyPassReverse "/ollama/" "http://localhost:11434/"     <Location "/ollama/">        AuthType Basic        AuthName "Ollama API"        AuthUserFile /etc/apache2/htpasswd/ollama-api.htpasswd        Require valid-user    </Location>     # SSL configuration    Include /etc/letsencrypt/options-ssl-apache.conf    SSLCertificateFile /etc/letsencrypt/live/server.chad.lu/fullchain.pem    SSLCertificateKeyFile /etc/letsencrypt/live/server.chad.lu/privkey.pem     # Security headers    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"    Header always set X-Content-Type-Options "nosniff"    Header always set X-Frame-Options "DENY"    Header always set X-XSS-Protection "1; mode=block"</VirtualHost>

Enable new site configuration

sudo a2ensite server.chad.lu.conf

Disable default Apache site

sudo a2dissite 000-default.conf

Disable default SSL site

sudo a2dissite 000-default-le-ssl.conf

Reload Apache configuration

sudo systemctl reload apache2

Test API endpoint with curl

curl -u apiuser https://server.chad.lu/ollama/api/generate -H "Content-Type: application/json" -d '{"model": "gemma3:4b", "prompt": "Erzähl mir eine Geschichte.", "stream": true}'

You will be prompted for the 'apiuser' password. On successful test, you will receive JSON responses with generated text fragments.

Dépannage

Problèmes courants et leurs solutions

Installation Terminée !

Votre serveur Ollama est maintenant entièrement configuré et sécurisé avec HTTPS et l'authentification Basic. Vous pouvez maintenant accéder à l'API en toute sécurité.