Ollama serves model inference over a local API and can be connected to multiple chat or agent frontends. Harden host binding, model provenance, and API access before production use.
- Keep the Ollama API bound to localhost or a private network interface.
- Front external access with authenticated reverse proxy and HTTPS.
- Do not expose raw API port publicly without access controls.
- Apply request limits to generation and embedding endpoints.
- Configure
OLLAMA_HOST=127.0.0.1:11434 to bind to localhost only (default).
- Pull models from trusted registries only.
- Pin model versions used by production applications.
- Validate custom
Modelfile changes before deployment.
- Remove stale or unapproved models from runtime nodes.
- Run Ollama under a dedicated service account with least privilege.
- Protect model cache directories with strict filesystem permissions.
- Monitor API logs for unusual token usage or abuse patterns.
- Keep Ollama binaries and dependencies updated.
# Restrict CORS origins (comma-separated list)
OLLAMA_ORIGINS=https://webui.example.com
# Enable authentication between client and server
OLLAMA_AUTH=1
# Disable cloud features for full data privacy
OLLAMA_NO_CLOUD=1
# Bind to localhost only
OLLAMA_HOST=127.0.0.1:11434
- Set
OLLAMA_ORIGINS to explicitly allowed domains.
- Default allows:
localhost, 0.0.0.0, 127.0.0.1.
- For browser extensions:
OLLAMA_ORIGINS=chrome-extension://*,moz-extension://*.
- Set
OLLAMA_NO_CLOUD=1 to disable remote inference and web search.
- Ollama runs locally - prompts and data are not sent externally when cloud features are disabled.
- When using cloud-hosted models, content is processed but not stored or used for training.
- Use
HTTPS_PROXY for model downloads through corporate proxies.
- Avoid
HTTP_PROXY - Ollama uses HTTPS for model pulls; HTTP proxy may interrupt connections.
- For self-signed certificates in Docker, create custom image with CA certificate.
- AMD GPU containers may require
sudo setsebool container_use_devices=1 on SELinux systems.
- Vulkan requires elevated permissions for VRAM detection.
- Ollama docs: https://docs.ollama.com/
- Ollama source repository: https://github.com/ollama/ollama
- GPU documentation: https://docs.ollama.com/linux#manual-install
Any questions?
Feel free to contact us. Find all contact information on our contact page.