Zum Inhalt springen
Chad Feierstein

Linux - Ollama Installation

Eine umfassende Schritt-für-Schritt Anleitung zur Installation von Ollama auf Debian 12 mit Apache2 Reverse Proxy, SSL-Verschlüsselung und HTTP Basic Authentication für sichere öffentliche API-Nutzung.

Debian 12OllamaApache2SSL/TLSAPI

Setup Schritte

1

Install Dependencies

Installation of required system packages and dependencies for Ollama and Apache2.

Update package lists again

apt update -y && apt upgrade -y

Install basic packages

apt install sudo curl
2

Install Ollama

Installation of Ollama and initial configuration with a test model.

Download and install Ollama

curl -fsSL https://ollama.com/install.sh | sh

Download and test small test model

ollama run gemma3:4b

Open Ollama service configuration

systemctl edit ollama.service

Add the following environment variables

override.conf
1
2
3
4
[Service]Environment="OLLAMA_NUM_PARALLEL=6"Environment="OLLAMA_MAX_QUEUE=512"Environment="OLLAMA_MAX_LOADED_MODELS=3"

Reload systemd manager

sudo systemctl daemon-reexec

Reload Ollama service

sudo systemctl daemon-reload

Restart Ollama service

sudo systemctl restart ollama
3

Configure Apache2

Installation and configuration of Apache2 as reverse proxy for Ollama.

Install Apache2 and SSL modules

sudo apt update && sudo apt install apache2 apache2-utils -y

Enable required Apache modules

sudo a2enmod proxy proxy_http ssl headers rewrite

Restart Apache2

sudo systemctl restart apache2
4

Setup SSL Certificate

Setting up Let's Encrypt SSL certificates for secure HTTPS connections.

Install Certbot for Let's Encrypt

sudo apt install certbot python3-certbot-apache -y

Request SSL certificate for domain

sudo certbot --apache -d server.chad.lu --register-unsafely-without-email
5

HTTP Basic Authentication

Configuration of HTTP Basic Authentication for secure API access.

Create directory for auth files

sudo mkdir -p /etc/apache2/htpasswd

Create user with password for HTTP Basic Auth

sudo htpasswd -c /etc/apache2/htpasswd/ollama-api.htpasswd apiuser

Enter a secure password when prompted

6

Enable Virtual Host

Enabling the Virtual Host and restarting Apache services.

Create the Apache Virtual Host configuration file

server.chad.lu.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<VirtualHost *:80>    ServerName server.chad.lu    Redirect permanent / https://server.chad.lu/</VirtualHost> <VirtualHost *:443>    ServerName server.chad.lu    DocumentRoot /var/www/server.chad.lu     <Directory /var/www/server.chad.lu>        Options Indexes FollowSymLinks        AllowOverride All        Require all granted    </Directory>     # Rewrite-Rule for redirect outside of /ollama/    RewriteEngine On    RewriteCond %{REQUEST_URI} !^/ollama/    RewriteRule ^ https://www.chad.lu%{REQUEST_URI} [R=301,L]     # Proxy Ollama API    ProxyPreserveHost On    ProxyPass "/ollama/" "http://localhost:11434/"    ProxyPassReverse "/ollama/" "http://localhost:11434/"     <Location "/ollama/">        AuthType Basic        AuthName "Ollama API"        AuthUserFile /etc/apache2/htpasswd/ollama-api.htpasswd        Require valid-user    </Location>     # SSL configuration    Include /etc/letsencrypt/options-ssl-apache.conf    SSLCertificateFile /etc/letsencrypt/live/server.chad.lu/fullchain.pem    SSLCertificateKeyFile /etc/letsencrypt/live/server.chad.lu/privkey.pem     # Security headers    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"    Header always set X-Content-Type-Options "nosniff"    Header always set X-Frame-Options "DENY"    Header always set X-XSS-Protection "1; mode=block"</VirtualHost>

Enable new site configuration

sudo a2ensite server.chad.lu.conf

Disable default Apache site

sudo a2dissite 000-default.conf

Disable default SSL site

sudo a2dissite 000-default-le-ssl.conf

Reload Apache configuration

sudo systemctl reload apache2
7

Test Installation

Verification of the installation and testing API functionality.

Test API endpoint with curl

curl -u apiuser https://server.chad.lu/ollama/api/generate -H "Content-Type: application/json" -d '{"model": "gemma3:4b", "prompt": "Erzähl mir eine Geschichte.", "stream": true}'

You will be prompted for the 'apiuser' password. On successful test, you will receive JSON responses with generated text fragments.

Fehlerbehebung

Häufige Probleme und ihre Lösungen

Ollama Issues

Check which service is running on port 11434

sudo ss -tulpen | grep 11434

Check Ollama service status

sudo systemctl status ollama

Show Ollama service logs

sudo journalctl -u ollama -f

Apache Issues

Test Apache configuration

sudo apache2ctl configtest

Check Apache service status

sudo systemctl status apache2

Show Apache error logs

sudo tail -f /var/log/apache2/error.log

SSL Issues

List all Certbot certificates

sudo certbot certificates

Test certificate renewal

sudo certbot renew --dry-run

Test SSL connection with OpenSSL

openssl s_client -connect server.chad.lu:443

Zusätzliche Ressourcen

Offizielle Dokumentation und hilfreiche Links

Ollama Documentation

Official Ollama documentation and API reference.

Ollama Model Library

Browse and discover available models for Ollama.

Apache Reverse Proxy Guide

Apache HTTP Server reverse proxy documentation.