Linux - Ollama Installation

A comprehensive step-by-step guide for installing Ollama on Debian 12 with Apache2 reverse proxy, SSL encryption and HTTP Basic Authentication for secure public API usage.

Debian 12OllamaApache2SSL/TLSAPI

Important Notes

Please note these important points before setup

Root Access Required

Root access or sudo permissions are required for all installation steps

Domain Required

Valid domain with DNS configuration is necessary for SSL certificates

Firewall Configuration

Open ports 80 and 443 in your firewall for HTTP/HTTPS access

Secure Password

Use a strong password for API authentication

Create Backup

Backup all configuration files before making important changes

Hardware Requirements

At least 8GB RAM is recommended for running Ollama models

Setup Steps

Update package lists again

apt update -y && apt upgrade -y

Install basic packages

apt install sudo curl

Download and install Ollama

curl -fsSL https://ollama.com/install.sh | sh

Download and test small test model

ollama run gemma3:4b

Open Ollama service configuration

systemctl edit ollama.service

Add the following environment variables

INI

/etc/systemd/system/ollama.service.d/override.confoverride.conf

[Service]Environment="OLLAMA_NUM_PARALLEL=6"Environment="OLLAMA_MAX_QUEUE=512"Environment="OLLAMA_MAX_LOADED_MODELS=3"

Reload systemd manager

sudo systemctl daemon-reexec

Reload Ollama service

sudo systemctl daemon-reload

Restart Ollama service

sudo systemctl restart ollama

Install Apache2 and SSL modules

sudo apt update && sudo apt install apache2 apache2-utils -y

Enable required Apache modules

sudo a2enmod proxy proxy_http ssl headers rewrite

Restart Apache2

sudo systemctl restart apache2

Install Certbot for Let's Encrypt

sudo apt install certbot python3-certbot-apache -y

Request SSL certificate for domain

sudo certbot --apache -d server.chad.lu --register-unsafely-without-email

Create directory for auth files

sudo mkdir -p /etc/apache2/htpasswd

Create user with password for HTTP Basic Auth

sudo htpasswd -c /etc/apache2/htpasswd/ollama-api.htpasswd apiuser

Enter a secure password when prompted

Create the Apache Virtual Host configuration file

Apache

/etc/apache2/sites-available/server.chad.lu.confserver.chad.lu.conf

<VirtualHost *:80>    ServerName server.chad.lu    Redirect permanent / https://server.chad.lu/</VirtualHost> <VirtualHost *:443>    ServerName server.chad.lu    DocumentRoot /var/www/server.chad.lu     <Directory /var/www/server.chad.lu>        Options Indexes FollowSymLinks        AllowOverride All        Require all granted    </Directory>     # Rewrite-Rule for redirect outside of /ollama/    RewriteEngine On    RewriteCond %{REQUEST_URI} !^/ollama/    RewriteRule ^ https://www.chad.lu%{REQUEST_URI} [R=301,L]     # Proxy Ollama API    ProxyPreserveHost On    ProxyPass "/ollama/" "http://localhost:11434/"    ProxyPassReverse "/ollama/" "http://localhost:11434/"     <Location "/ollama/">        AuthType Basic        AuthName "Ollama API"        AuthUserFile /etc/apache2/htpasswd/ollama-api.htpasswd        Require valid-user    </Location>     # SSL configuration    Include /etc/letsencrypt/options-ssl-apache.conf    SSLCertificateFile /etc/letsencrypt/live/server.chad.lu/fullchain.pem    SSLCertificateKeyFile /etc/letsencrypt/live/server.chad.lu/privkey.pem     # Security headers    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"    Header always set X-Content-Type-Options "nosniff"    Header always set X-Frame-Options "DENY"    Header always set X-XSS-Protection "1; mode=block"</VirtualHost>

Enable new site configuration

sudo a2ensite server.chad.lu.conf

Disable default Apache site

sudo a2dissite 000-default.conf

Disable default SSL site

sudo a2dissite 000-default-le-ssl.conf

Reload Apache configuration

sudo systemctl reload apache2

Test API endpoint with curl

curl -u apiuser https://server.chad.lu/ollama/api/generate -H "Content-Type: application/json" -d '{"model": "gemma3:4b", "prompt": "Erzähl mir eine Geschichte.", "stream": true}'

You will be prompted for the 'apiuser' password. On successful test, you will receive JSON responses with generated text fragments.

Troubleshooting

Common issues and their solutions

Installation Complete!

Your Ollama server is now fully configured and secured with HTTPS and Basic Authentication. You can now safely access the API.

Linux - Ollama Installation

Important Notes

Root Access Required

Domain Required

Firewall Configuration

Secure Password

Create Backup

Hardware Requirements

Setup Steps

Install Dependencies

Install Ollama

Configure Apache2

Setup SSL Certificate

HTTP Basic Authentication

Enable Virtual Host

Test Installation

Troubleshooting

Ollama Issues

Apache Issues

SSL Issues

Installation Complete!