发布于Ollama访问限制 | Eucalyptushttps://blog.mingliangstar.com/2026/05/21/Ollama%E8%AE%BF%E9%97%AE%E9%99%90%E5%88%B6/NginxBasic Auth认证生成密码文件# 安装工具 yum install httpd-tools -y # 创建密码文件用户名 admin htpasswd -c /www/server/pass/ollama.pass admin # 输入密码比如 MySecurePass123修改nginx配置文件在之前配置ollama的反向代理的nginx配置文件中设置Basic Auth认证实现访问限制#BASICAUTH START auth_basic Ollama API Auth; auth_basic_user_file /www/server/pass/ollama.pass; #BASICAUTH END重启nginxnginx -t systemctl reload nginx测试# 不带认证 → 401 Unauthorized curl https://ollama.mingliangstar.com/api/tags # 带认证 → 成功 curl https://admin:MySecurePass123ollama.mingliangstar.com/api/tags后端Node.js代理但是这样的话再前端调用的时候需要把账号和密码写到前端js中还是有泄露的风险这时我们可以使用后端代理。前端 JS 直接调用后端代理后端代理内部带 Basic Auth 访问 Ollama。架构图用户浏览器 → Hexo 博客页面 → JS 调用 https://ollama.mingliangstar.com ↓ ECS Nginx (无认证或简单限流) ↓ Node.js 代理 (localhost:3001) ↓ 带 Basic Auth 调 Ollama (127.0.0.1:11434) ↓ frps → frp隧道 → 本地虚拟机 Ollama部署步骤ces安装node.js# CentOS 7 curl -fsSL https://rpm.nodesource.com/setup_18.x | bash - yum install -y nodejs # 验证 node -v npm -v创建代理服务mkdir -p /opt/ollama-proxy cd /opt/ollama-proxy npm init -y npm install express node-fetch2创建proxy.js记得配置CORS不然会出现跨域访问问题const express require(express); const fetch require(node-fetch); const app express(); // CORS 中间件 app.use((req, res, next) { res.header(Access-Control-Allow-Origin, https://blog.mingliangstar.com); res.header(Access-Control-Allow-Methods, GET, POST, OPTIONS); res.header(Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, Authorization); if (req.method OPTIONS) { return res.sendStatus(204); } next(); }); // app.use(express.json({ limit: 10mb })); // Ollama 配置 const OLLAMA_HOST http://127.0.0.1:11434; const AUTH_USER admin; const AUTH_PASS MySecurePass123; // 生成 Basic Auth 头 const basicAuth Basic Buffer.from(${AUTH_USER}:${AUTH_PASS}).toString(base64); // 健康检查 app.get(/health, (req, res) { res.json({ status: ok }); }); // 代理 /api/generate app.post(/api/generate, async (req, res) { try { const response await fetch(${OLLAMA_HOST}/api/generate, { method: POST, headers: { Content-Type: application/json, Authorization: basicAuth }, body: JSON.stringify(req.body), timeout: 60000 }); if (!response.ok) { const text await response.text(); return res.status(response.status).json({ error: text }); } const data await response.json(); res.json(data); } catch (err) { console.error(Proxy error:, err); res.status(500).json({ error: err.message }); } }); // 代理 /api/tags app.get(/api/tags, async (req, res) { try { const response await fetch(${OLLAMA_HOST}/api/tags, { headers: { Authorization: basicAuth } }); const data await response.json(); res.json(data); } catch (err) { res.status(500).json({ error: err.message }); } }); const PORT 3001; app.listen(PORT, 127.0.0.1, () { console.log(Ollama proxy running on http://127.0.0.1:${PORT}); });用PM2守护进程npm install -g pm2 # 启动 pm2 start proxy.js --name ollama-proxy # 开机自启 pm2 startup pm2 save # 查看状态 pm2 status pm2 logs ollama-proxy修改ollama反向代理nginx的配置文件#PROXY-CONF-START location ^~ / { proxy_pass http://127.0.0.1:3001; # 改成代理端口 proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-Port $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header REMOTE-HOST $remote_addr; proxy_connect_timeout 60s; proxy_send_timeout 600s; proxy_read_timeout 600s; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } #PROXY-CONF-END重启nginxnginx -t systemctl reload nginx测试验证# 测试代理健康 curl http://127.0.0.1:3001/health # 测试生成 curl -X POST http://127.0.0.1:3001/api/generate \ -H Content-Type: application/json \ -d {model:qwen2.5:0.5b,prompt:你好,stream:false}
Ollama访问限制
发布时间:2026/5/22 3:36:50
发布于Ollama访问限制 | Eucalyptushttps://blog.mingliangstar.com/2026/05/21/Ollama%E8%AE%BF%E9%97%AE%E9%99%90%E5%88%B6/NginxBasic Auth认证生成密码文件# 安装工具 yum install httpd-tools -y # 创建密码文件用户名 admin htpasswd -c /www/server/pass/ollama.pass admin # 输入密码比如 MySecurePass123修改nginx配置文件在之前配置ollama的反向代理的nginx配置文件中设置Basic Auth认证实现访问限制#BASICAUTH START auth_basic Ollama API Auth; auth_basic_user_file /www/server/pass/ollama.pass; #BASICAUTH END重启nginxnginx -t systemctl reload nginx测试# 不带认证 → 401 Unauthorized curl https://ollama.mingliangstar.com/api/tags # 带认证 → 成功 curl https://admin:MySecurePass123ollama.mingliangstar.com/api/tags后端Node.js代理但是这样的话再前端调用的时候需要把账号和密码写到前端js中还是有泄露的风险这时我们可以使用后端代理。前端 JS 直接调用后端代理后端代理内部带 Basic Auth 访问 Ollama。架构图用户浏览器 → Hexo 博客页面 → JS 调用 https://ollama.mingliangstar.com ↓ ECS Nginx (无认证或简单限流) ↓ Node.js 代理 (localhost:3001) ↓ 带 Basic Auth 调 Ollama (127.0.0.1:11434) ↓ frps → frp隧道 → 本地虚拟机 Ollama部署步骤ces安装node.js# CentOS 7 curl -fsSL https://rpm.nodesource.com/setup_18.x | bash - yum install -y nodejs # 验证 node -v npm -v创建代理服务mkdir -p /opt/ollama-proxy cd /opt/ollama-proxy npm init -y npm install express node-fetch2创建proxy.js记得配置CORS不然会出现跨域访问问题const express require(express); const fetch require(node-fetch); const app express(); // CORS 中间件 app.use((req, res, next) { res.header(Access-Control-Allow-Origin, https://blog.mingliangstar.com); res.header(Access-Control-Allow-Methods, GET, POST, OPTIONS); res.header(Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, Authorization); if (req.method OPTIONS) { return res.sendStatus(204); } next(); }); // app.use(express.json({ limit: 10mb })); // Ollama 配置 const OLLAMA_HOST http://127.0.0.1:11434; const AUTH_USER admin; const AUTH_PASS MySecurePass123; // 生成 Basic Auth 头 const basicAuth Basic Buffer.from(${AUTH_USER}:${AUTH_PASS}).toString(base64); // 健康检查 app.get(/health, (req, res) { res.json({ status: ok }); }); // 代理 /api/generate app.post(/api/generate, async (req, res) { try { const response await fetch(${OLLAMA_HOST}/api/generate, { method: POST, headers: { Content-Type: application/json, Authorization: basicAuth }, body: JSON.stringify(req.body), timeout: 60000 }); if (!response.ok) { const text await response.text(); return res.status(response.status).json({ error: text }); } const data await response.json(); res.json(data); } catch (err) { console.error(Proxy error:, err); res.status(500).json({ error: err.message }); } }); // 代理 /api/tags app.get(/api/tags, async (req, res) { try { const response await fetch(${OLLAMA_HOST}/api/tags, { headers: { Authorization: basicAuth } }); const data await response.json(); res.json(data); } catch (err) { res.status(500).json({ error: err.message }); } }); const PORT 3001; app.listen(PORT, 127.0.0.1, () { console.log(Ollama proxy running on http://127.0.0.1:${PORT}); });用PM2守护进程npm install -g pm2 # 启动 pm2 start proxy.js --name ollama-proxy # 开机自启 pm2 startup pm2 save # 查看状态 pm2 status pm2 logs ollama-proxy修改ollama反向代理nginx的配置文件#PROXY-CONF-START location ^~ / { proxy_pass http://127.0.0.1:3001; # 改成代理端口 proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-Port $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header REMOTE-HOST $remote_addr; proxy_connect_timeout 60s; proxy_send_timeout 600s; proxy_read_timeout 600s; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } #PROXY-CONF-END重启nginxnginx -t systemctl reload nginx测试验证# 测试代理健康 curl http://127.0.0.1:3001/health # 测试生成 curl -X POST http://127.0.0.1:3001/api/generate \ -H Content-Type: application/json \ -d {model:qwen2.5:0.5b,prompt:你好,stream:false}
)
)
