[GH-ISSUE #6679] HTTP_PROXY Not Being Used in Model Requests #4205

New Issue

GiteaMirror · 2026-04-12T15:08:15-05:00

GiteaMirror commented

2026-04-12 15:08:15 -05:00

Originally created by @cmilhaupt on GitHub (Sep 6, 2024).
Original GitHub issue: https://github.com/ollama/ollama/issues/6679

What is the issue?

The HTTP_PROXY and HTTPS_PROXY variables aren't being used when requesting the model manifest file and pulling of the model itself. The symptom that lead me to the extra debugging started when trying to pull a model and getting the following error:

$ ollama pull gemma2:27b
pulling manifest
Error: pull model manifest: invalid character '<' looking for beginning of value

This error occurred for any model I tried to pull. Cloning the software and building according to the developer instructions, I was able to print out the full body of the response which revealed an HTML page (starting with <html>) being returned by my corporate proxy. I have both HTTP_PROXY and HTTPS_PROXY set in /etc/environments and other Go programs are able to see them. What ended up working for me was hard-coding the proxy directly into ollama:

diff --git a/server/download.go b/server/download.go
index 02f7ae88..71ae8329 100644
--- a/server/download.go
+++ b/server/download.go
@@ -330,7 +330,12 @@ func (b *blobDownload) downloadChunk(ctx context.Context, requestURL *url.URL, w
                        return err
                }
                req.Header.Set("Range", fmt.Sprintf("bytes=%d-%d", part.StartsAt(), part.StopsAt()-1))
-               resp, err := http.DefaultClient.Do(req)
+
+               u, err := url.Parse("http://myproxy:port")
+               http_client := &http.Client{
+                       Transport: &http.Transport{Proxy: http.ProxyURL(u)},
+               }
+               resp, err := http_client.Do(req)
                if err != nil {
                        return err
                }
diff --git a/server/images.go b/server/images.go
index b5bf7ad6..bdbd01fd 100644
--- a/server/images.go
+++ b/server/images.go
@@ -1098,9 +1098,14 @@ func makeRequest(ctx context.Context, method string, requestURL *url.URL, header
                req.ContentLength = contentLength
        }

-       resp, err := (&http.Client{
+       u, err := url.Parse("http://myproxy:port")
+       http_client := &http.Client{
+               Transport: &http.Transport{Proxy: http.ProxyURL(u)},
                CheckRedirect: regOpts.CheckRedirect,
-       }).Do(req)
+       }
+
+       resp, err := http_client.Do(req)
+
        if err != nil {
                return nil, err
        }

I'm still new-ish to golang so I'm not sure what the proper fix is here besides knowing it isn't what I've provided. If it helps, I'm using go v1.23.0. Some light googling pointed me to the idea that it's possible to instantiate a default http.Transport struct which should include the proxy information, so I'm sure there are more generic ways to apply this patch. I'm happy to open the MR with a little guidance on what the generic solution would be.

OS

Linux

GPU

Nvidia

CPU

AMD

Ollama version

v0.3.9

Originally created by @cmilhaupt on GitHub (Sep 6, 2024). Original GitHub issue: https://github.com/ollama/ollama/issues/6679 ### What is the issue? The `HTTP_PROXY` and `HTTPS_PROXY` variables aren't being used when requesting the model manifest file and pulling of the model itself. The symptom that lead me to the extra debugging started when trying to pull a model and getting the following error: ``` $ ollama pull gemma2:27b pulling manifest Error: pull model manifest: invalid character '<' looking for beginning of value ``` This error occurred for any model I tried to pull. Cloning the software and building according to the developer instructions, I was able to print out the full body of the response which revealed an HTML page (starting with `<html>`) being returned by my corporate proxy. I have both `HTTP_PROXY` and `HTTPS_PROXY` set in /etc/environments and other Go programs are able to see them. What ended up working for me was hard-coding the proxy directly into ollama: ``` diff --git a/server/download.go b/server/download.go index 02f7ae88..71ae8329 100644 --- a/server/download.go +++ b/server/download.go @@ -330,7 +330,12 @@ func (b *blobDownload) downloadChunk(ctx context.Context, requestURL *url.URL, w return err } req.Header.Set("Range", fmt.Sprintf("bytes=%d-%d", part.StartsAt(), part.StopsAt()-1)) - resp, err := http.DefaultClient.Do(req) + + u, err := url.Parse("http://myproxy:port") + http_client := &http.Client{ + Transport: &http.Transport{Proxy: http.ProxyURL(u)}, + } + resp, err := http_client.Do(req) if err != nil { return err } diff --git a/server/images.go b/server/images.go index b5bf7ad6..bdbd01fd 100644 --- a/server/images.go +++ b/server/images.go @@ -1098,9 +1098,14 @@ func makeRequest(ctx context.Context, method string, requestURL *url.URL, header req.ContentLength = contentLength } - resp, err := (&http.Client{ + u, err := url.Parse("http://myproxy:port") + http_client := &http.Client{ + Transport: &http.Transport{Proxy: http.ProxyURL(u)}, CheckRedirect: regOpts.CheckRedirect, - }).Do(req) + } + + resp, err := http_client.Do(req) + if err != nil { return nil, err } ``` I'm still new-ish to golang so I'm not sure what the proper fix is here besides knowing it isn't what I've provided. If it helps, I'm using go v1.23.0. Some light googling pointed me to the idea that it's possible to instantiate a default http.Transport struct which should include the proxy information, so I'm sure there are more generic ways to apply this patch. I'm happy to open the MR with a little guidance on what the generic solution would be. ### OS Linux ### GPU Nvidia ### CPU AMD ### Ollama version v0.3.9

GiteaMirror added the bug label 2026-04-12 15:08:15 -05:00

GiteaMirror closed this issue

2026-04-12 15:08:16 -05:00

GiteaMirror commented

2026-04-12 15:08:16 -05:00

@rick-github commented on GitHub (Sep 6, 2024):

Have you set HTTPS_PROXY in the ollama service file (not /etc/environments)? sudo systemctl edit ollama.service and add

[Service]
Environment="HTTPS_PROXY=http://your.proxy.name.here:port"

Quick&dirty local test shows proxying working as expected:

$ curl https://icanhazip.com
80.218.136.70
# proxy server on local lan enabled
$ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com
34.171.115.155
# start olllama server with proxy
$ HTTPS_PROXY=http://proxy-usa:8080 ollama serve 2>/dev/null &
[1] 3700606
$ ollama list
NAME      	ID          	SIZE  	MODIFIED       
# pull a model
$ ollama pull qwen2:0.5b
pulling manifest 
pulling 8de95da68dc4... 100% ▕██████████████████████████████████████████████▏ 352 MB                         
pulling 62fbfd9ed093... 100% ▕██████████████████████████████████████████████▏  182 B                         
pulling c156170b718e... 100% ▕██████████████████████████████████████████████▏  11 KB                         
pulling f02dd72bb242... 100% ▕██████████████████████████████████████████████▏   59 B                         
pulling 2184ab82477b... 100% ▕██████████████████████████████████████████████▏  488 B                         
verifying sha256 digest 
writing manifest 
success 
# proxy turned off, try using it
$ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com
curl: (5) Could not resolve proxy: proxy-usa
# try pulling a model with the proxy down
$ ollama pull qwen2:0.5b
pulling manifest 
Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b": proxyconnect tcp: dial tcp: lookup proxy-usa: no such host

@rick-github commented on GitHub (Sep 6, 2024): Have you [set](https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-linux) HTTPS_PROXY in the ollama service file (not /etc/environments)? `sudo systemctl edit ollama.service` and add ``` [Service] Environment="HTTPS_PROXY=http://your.proxy.name.here:port" ``` Quick&dirty local test shows proxying working as expected: ```sh $ curl https://icanhazip.com 80.218.136.70 # proxy server on local lan enabled $ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com 34.171.115.155 # start olllama server with proxy $ HTTPS_PROXY=http://proxy-usa:8080 ollama serve 2>/dev/null & [1] 3700606 $ ollama list NAME ID SIZE MODIFIED # pull a model $ ollama pull qwen2:0.5b pulling manifest pulling 8de95da68dc4... 100% ▕██████████████████████████████████████████████▏ 352 MB pulling 62fbfd9ed093... 100% ▕██████████████████████████████████████████████▏ 182 B pulling c156170b718e... 100% ▕██████████████████████████████████████████████▏ 11 KB pulling f02dd72bb242... 100% ▕██████████████████████████████████████████████▏ 59 B pulling 2184ab82477b... 100% ▕██████████████████████████████████████████████▏ 488 B verifying sha256 digest writing manifest success # proxy turned off, try using it $ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com curl: (5) Could not resolve proxy: proxy-usa # try pulling a model with the proxy down $ ollama pull qwen2:0.5b pulling manifest Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b": proxyconnect tcp: dial tcp: lookup proxy-usa: no such host ```

GiteaMirror commented

2026-04-12 15:08:17 -05:00

@KhazAkar commented on GitHub (Sep 10, 2024):

I have same issue with newest ollama version with set HTTPS_PROXY variable when doing an ollama serve
It seems that those values are not handled properly.

@KhazAkar commented on GitHub (Sep 10, 2024): I have same issue with newest ollama version with set `HTTPS_PROXY` variable when doing an `ollama serve` It seems that those values are not handled properly.

GiteaMirror commented

2026-04-12 15:08:17 -05:00

@rick-github commented on GitHub (Sep 10, 2024):

I performed the same test as above with 0.3.10, with the same results: HTTPS_PROXY works as expected for me. If you could provide server logs, the contents of your ollama service and overrides files, errors returned by ollama pull, and the results of your tests of proxy connectivity, that will aid in debugging.

@rick-github commented on GitHub (Sep 10, 2024): I performed the same test as above with 0.3.10, with the same results: HTTPS_PROXY works as expected for me. If you could provide [server logs](https://github.com/ollama/ollama/blob/main/docs/troubleshooting.md#how-to-troubleshoot-issues), the contents of your ollama service and overrides files, errors returned by `ollama pull`, and the results of your tests of proxy connectivity, that will aid in debugging.

GiteaMirror commented

2026-04-12 15:08:18 -05:00

@KhazAkar commented on GitHub (Sep 10, 2024):

Sure:
ollama pull:

x@y:~$ ollama pull llama3.1:latest
pulling manifest 
Error: pull model manifest: invalid character '<' looking for beginning of value

ollama serve:

x@y:~$ OLLAMA_DEBUG=1 HTTPS_PROXY=http://company-proxy.com:8080 ollama serve
2024/09/10 12:47:26 routes.go:1125: INFO server config env="map[CUDA_VISIBLE_DEVICES: GPU_DEVICE_ORDINAL: HIP_VISIBLE_DEVICES: HSA_OVERRIDE_GFX_VERSION: OLLAMA_DEBUG:true OLLAMA_FLASH_ATTENTION:false OLLAMA_GPU_OVERHEAD:0 OLLAMA_HOST:http://127.0.0.1:11434 OLLAMA_INTEL_GPU:false OLLAMA_KEEP_ALIVE:5m0s OLLAMA_LLM_LIBRARY: OLLAMA_LOAD_TIMEOUT:5m0s OLLAMA_MAX_LOADED_MODELS:0 OLLAMA_MAX_QUEUE:512 OLLAMA_MODELS:/home/z0022112/.ollama/models OLLAMA_NOHISTORY:false OLLAMA_NOPRUNE:false OLLAMA_NUM_PARALLEL:0 OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://*] OLLAMA_RUNNERS_DIR: OLLAMA_SCHED_SPREAD:false OLLAMA_TMPDIR: ROCR_VISIBLE_DEVICES:]"
time=2024-09-10T12:47:26.622+02:00 level=INFO source=images.go:753 msg="total blobs: 0"
time=2024-09-10T12:47:26.622+02:00 level=INFO source=images.go:760 msg="total unused blobs removed: 0"
time=2024-09-10T12:47:26.622+02:00 level=INFO source=routes.go:1172 msg="Listening on 127.0.0.1:11434 (version 0.3.10)"
time=2024-09-10T12:47:26.623+02:00 level=INFO source=payload.go:30 msg="extracting embedded files" dir=/tmp/ollama2148258639/runners
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libggml.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libllama.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/ollama_llama_server.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libggml.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libllama.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/ollama_llama_server.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libggml.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libllama.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/ollama_llama_server.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libggml.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libllama.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/ollama_llama_server.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libggml.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libllama.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/ollama_llama_server.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libggml.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libllama.so.gz
time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/ollama_llama_server.gz
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cpu/ollama_llama_server
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cpu_avx/ollama_llama_server
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cpu_avx2/ollama_llama_server
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cuda_v11/ollama_llama_server
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cuda_v12/ollama_llama_server
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/rocm_v60102/ollama_llama_server
time=2024-09-10T12:47:37.097+02:00 level=INFO source=payload.go:44 msg="Dynamic LLM libraries [cuda_v12 rocm_v60102 cpu cpu_avx cpu_avx2 cuda_v11]"
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:45 msg="Override detection logic by setting OLLAMA_LLM_LIBRARY"
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=sched.go:105 msg="starting llm scheduler"
time=2024-09-10T12:47:37.097+02:00 level=INFO source=gpu.go:200 msg="looking for compatible GPUs"
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=gpu.go:86 msg="searching for GPU discovery libraries for NVIDIA"
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=gpu.go:468 msg="Searching for GPU library" name=libcuda.so*
time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=gpu.go:491 msg="gpu library search" globs="[/usr/local/lib/ollama/libcuda.so* /home/x/libcuda.so* /usr/local/cuda*/targets/*/lib/libcuda.so* /usr/lib/*-linux-gnu/nvidia/current/libcuda.so* /usr/lib/*-linux-gnu/libcuda.so* /usr/lib/wsl/lib/libcuda.so* /usr/lib/wsl/drivers/*/libcuda.so* /opt/cuda/lib*/libcuda.so* /usr/local/cuda/lib*/libcuda.so* /usr/lib*/libcuda.so* /usr/local/lib*/libcuda.so*]"
time=2024-09-10T12:47:37.105+02:00 level=DEBUG source=gpu.go:525 msg="discovered GPU libraries" paths="[/usr/lib/i386-linux-gnu/libcuda.so.535.161.08 /usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08]"
library /usr/lib/i386-linux-gnu/libcuda.so.535.161.08 load err: /usr/lib/i386-linux-gnu/libcuda.so.535.161.08: wrong ELF class: ELFCLASS32
time=2024-09-10T12:47:37.105+02:00 level=DEBUG source=gpu.go:566 msg="skipping 32bit library" library=/usr/lib/i386-linux-gnu/libcuda.so.535.161.08
CUDA driver version: 12.2
time=2024-09-10T12:47:37.110+02:00 level=DEBUG source=gpu.go:119 msg="detected GPUs" count=1 library=/usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08
[GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA totalMem 2048 mb
[GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA freeMem 1729 mb
[GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] Compute Capability 7.5
time=2024-09-10T12:47:37.321+02:00 level=DEBUG source=amd_linux.go:371 msg="amdgpu driver not detected /sys/module/amdgpu"
releasing cuda driver library
time=2024-09-10T12:47:37.321+02:00 level=INFO source=types.go:107 msg="inference compute" id=GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b library=cuda variant=v12 compute=7.5 driver=12.2 name="GRID RTX6000-2Q" total="2.0 GiB" available="1.7 GiB"
[GIN] 2024/09/10 - 12:48:11 | 200 |      36.037µs |       127.0.0.1 | HEAD     "/"
[GIN] 2024/09/10 - 12:48:12 | 200 |  331.917651ms |       127.0.0.1 | POST     "/api/pull"

@KhazAkar commented on GitHub (Sep 10, 2024): Sure: ollama pull: ``` x@y:~$ ollama pull llama3.1:latest pulling manifest Error: pull model manifest: invalid character '<' looking for beginning of value ``` ollama serve: ``` x@y:~$ OLLAMA_DEBUG=1 HTTPS_PROXY=http://company-proxy.com:8080 ollama serve 2024/09/10 12:47:26 routes.go:1125: INFO server config env="map[CUDA_VISIBLE_DEVICES: GPU_DEVICE_ORDINAL: HIP_VISIBLE_DEVICES: HSA_OVERRIDE_GFX_VERSION: OLLAMA_DEBUG:true OLLAMA_FLASH_ATTENTION:false OLLAMA_GPU_OVERHEAD:0 OLLAMA_HOST:http://127.0.0.1:11434 OLLAMA_INTEL_GPU:false OLLAMA_KEEP_ALIVE:5m0s OLLAMA_LLM_LIBRARY: OLLAMA_LOAD_TIMEOUT:5m0s OLLAMA_MAX_LOADED_MODELS:0 OLLAMA_MAX_QUEUE:512 OLLAMA_MODELS:/home/z0022112/.ollama/models OLLAMA_NOHISTORY:false OLLAMA_NOPRUNE:false OLLAMA_NUM_PARALLEL:0 OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://*] OLLAMA_RUNNERS_DIR: OLLAMA_SCHED_SPREAD:false OLLAMA_TMPDIR: ROCR_VISIBLE_DEVICES:]" time=2024-09-10T12:47:26.622+02:00 level=INFO source=images.go:753 msg="total blobs: 0" time=2024-09-10T12:47:26.622+02:00 level=INFO source=images.go:760 msg="total unused blobs removed: 0" time=2024-09-10T12:47:26.622+02:00 level=INFO source=routes.go:1172 msg="Listening on 127.0.0.1:11434 (version 0.3.10)" time=2024-09-10T12:47:26.623+02:00 level=INFO source=payload.go:30 msg="extracting embedded files" dir=/tmp/ollama2148258639/runners time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libggml.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libllama.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/ollama_llama_server.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libggml.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libllama.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/ollama_llama_server.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libggml.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libllama.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/ollama_llama_server.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libggml.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libllama.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/ollama_llama_server.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libggml.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libllama.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/ollama_llama_server.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libggml.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libllama.so.gz time=2024-09-10T12:47:26.623+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/ollama_llama_server.gz time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cpu/ollama_llama_server time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cpu_avx/ollama_llama_server time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cpu_avx2/ollama_llama_server time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cuda_v11/ollama_llama_server time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/cuda_v12/ollama_llama_server time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama2148258639/runners/rocm_v60102/ollama_llama_server time=2024-09-10T12:47:37.097+02:00 level=INFO source=payload.go:44 msg="Dynamic LLM libraries [cuda_v12 rocm_v60102 cpu cpu_avx cpu_avx2 cuda_v11]" time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=payload.go:45 msg="Override detection logic by setting OLLAMA_LLM_LIBRARY" time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=sched.go:105 msg="starting llm scheduler" time=2024-09-10T12:47:37.097+02:00 level=INFO source=gpu.go:200 msg="looking for compatible GPUs" time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=gpu.go:86 msg="searching for GPU discovery libraries for NVIDIA" time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=gpu.go:468 msg="Searching for GPU library" name=libcuda.so* time=2024-09-10T12:47:37.097+02:00 level=DEBUG source=gpu.go:491 msg="gpu library search" globs="[/usr/local/lib/ollama/libcuda.so* /home/x/libcuda.so* /usr/local/cuda*/targets/*/lib/libcuda.so* /usr/lib/*-linux-gnu/nvidia/current/libcuda.so* /usr/lib/*-linux-gnu/libcuda.so* /usr/lib/wsl/lib/libcuda.so* /usr/lib/wsl/drivers/*/libcuda.so* /opt/cuda/lib*/libcuda.so* /usr/local/cuda/lib*/libcuda.so* /usr/lib*/libcuda.so* /usr/local/lib*/libcuda.so*]" time=2024-09-10T12:47:37.105+02:00 level=DEBUG source=gpu.go:525 msg="discovered GPU libraries" paths="[/usr/lib/i386-linux-gnu/libcuda.so.535.161.08 /usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08]" library /usr/lib/i386-linux-gnu/libcuda.so.535.161.08 load err: /usr/lib/i386-linux-gnu/libcuda.so.535.161.08: wrong ELF class: ELFCLASS32 time=2024-09-10T12:47:37.105+02:00 level=DEBUG source=gpu.go:566 msg="skipping 32bit library" library=/usr/lib/i386-linux-gnu/libcuda.so.535.161.08 CUDA driver version: 12.2 time=2024-09-10T12:47:37.110+02:00 level=DEBUG source=gpu.go:119 msg="detected GPUs" count=1 library=/usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08 [GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA totalMem 2048 mb [GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA freeMem 1729 mb [GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] Compute Capability 7.5 time=2024-09-10T12:47:37.321+02:00 level=DEBUG source=amd_linux.go:371 msg="amdgpu driver not detected /sys/module/amdgpu" releasing cuda driver library time=2024-09-10T12:47:37.321+02:00 level=INFO source=types.go:107 msg="inference compute" id=GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b library=cuda variant=v12 compute=7.5 driver=12.2 name="GRID RTX6000-2Q" total="2.0 GiB" available="1.7 GiB" [GIN] 2024/09/10 - 12:48:11 | 200 | 36.037µs | 127.0.0.1 | HEAD "/" [GIN] 2024/09/10 - 12:48:12 | 200 | 331.917651ms | 127.0.0.1 | POST "/api/pull" ```

GiteaMirror commented

2026-04-12 15:08:19 -05:00

@KhazAkar commented on GitHub (Sep 10, 2024):

As of curl https://icanhazip.com - it's blocked in my company as security risk :)
But other, like curl https://www.google.com, works:

curl https://www.google.com
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="de"><head><meta content="text/html; [...]

with proxy, also works:

HTTPS_PROXY=http://company-proxy.com:8080 curl https://www.google.com
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="de"><head><meta content="text/html; [...]

@KhazAkar commented on GitHub (Sep 10, 2024): As of `curl https://icanhazip.com` - it's blocked in my company as security risk :) But other, like `curl https://www.google.com`, works: ``` curl https://www.google.com <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="de"><head><meta content="text/html; [...] ``` with proxy, also works: ``` HTTPS_PROXY=http://company-proxy.com:8080 curl https://www.google.com <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="de"><head><meta content="text/html; [...] ```

GiteaMirror commented

2026-04-12 15:08:19 -05:00

@rick-github commented on GitHub (Sep 10, 2024):

What do the following commands return:

curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b

HTTPS_PROXY=http://company-proxy.com:8080 curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b

@rick-github commented on GitHub (Sep 10, 2024): What do the following commands return: ``` curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b ``` ``` HTTPS_PROXY=http://company-proxy.com:8080 curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b ```

GiteaMirror commented

2026-04-12 15:08:20 -05:00

@KhazAkar commented on GitHub (Sep 10, 2024):

x@y:~$ curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b
{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"digest":"sha256:2184ab82477bc33a5e08fa209df88f0631a19e686320cce2cfe9e00695b2f0e6","mediaType":"application/vnd.docker.container.image.v1+json","size":488},"layers":[{"digest":"sha256:8de95da68dc485c0889c205384c24642f83ca18d089559c977ffc6a3972a71a8","mediaType":"application/vnd.ollama.image.model","size":352151968},{"digest":"sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef","mediaType":"application/vnd.ollama.image.template","size":182},{"digest":"sha256:c156170b718ec29139d3653d40ed1986fd92fb7e0959b5c71f3c48f62e6636f4","mediaType":"application/vnd.ollama.image.license","size":11344},{"digest":"sha256:f02dd72bb2423204352eabc5637b44d79d17f109fdb510a7c51455892aa2d216","mediaType":"application/vnd.ollama.image.params","size":59}]}
x@y:~$ HTTPS_PROXY=http://company-proxy.com:8080 curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b
{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"digest":"sha256:2184ab82477bc33a5e08fa209df88f0631a19e686320cce2cfe9e00695b2f0e6","mediaType":"application/vnd.docker.container.image.v1+json","size":488},"layers":[{"digest":"sha256:8de95da68dc485c0889c205384c24642f83ca18d089559c977ffc6a3972a71a8","mediaType":"application/vnd.ollama.image.model","size":352151968},{"digest":"sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef","mediaType":"application/vnd.ollama.image.template","size":182},{"digest":"sha256:c156170b718ec29139d3653d40ed1986fd92fb7e0959b5c71f3c48f62e6636f4","mediaType":"application/vnd.ollama.image.license","size":11344},{"digest":"sha256:f02dd72bb2423204352eabc5637b44d79d17f109fdb510a7c51455892aa2d216","mediaType":"application/vnd.ollama.image.params","size":59}]}

Additional note: system runs software called netskope.
ollama serve without proxy:

x@y:~$ OLLAMA_DEBUG=1 ollama serve
2024/09/10 12:58:57 routes.go:1125: INFO server config env="map[CUDA_VISIBLE_DEVICES: GPU_DEVICE_ORDINAL: HIP_VISIBLE_DEVICES: HSA_OVERRIDE_GFX_VERSION: OLLAMA_DEBUG:true OLLAMA_FLASH_ATTENTION:false OLLAMA_GPU_OVERHEAD:0 OLLAMA_HOST:http://127.0.0.1:11434 OLLAMA_INTEL_GPU:false OLLAMA_KEEP_ALIVE:5m0s OLLAMA_LLM_LIBRARY: OLLAMA_LOAD_TIMEOUT:5m0s OLLAMA_MAX_LOADED_MODELS:0 OLLAMA_MAX_QUEUE:512 OLLAMA_MODELS:/home/z0022112/.ollama/models OLLAMA_NOHISTORY:false OLLAMA_NOPRUNE:false OLLAMA_NUM_PARALLEL:0 OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://*] OLLAMA_RUNNERS_DIR: OLLAMA_SCHED_SPREAD:false OLLAMA_TMPDIR: ROCR_VISIBLE_DEVICES:]"
time=2024-09-10T12:58:57.658+02:00 level=INFO source=images.go:753 msg="total blobs: 0"
time=2024-09-10T12:58:57.659+02:00 level=INFO source=images.go:760 msg="total unused blobs removed: 0"
time=2024-09-10T12:58:57.659+02:00 level=INFO source=routes.go:1172 msg="Listening on 127.0.0.1:11434 (version 0.3.10)"
time=2024-09-10T12:58:57.659+02:00 level=INFO source=payload.go:30 msg="extracting embedded files" dir=/tmp/ollama310528903/runners
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libggml.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libllama.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/ollama_llama_server.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libggml.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libllama.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/ollama_llama_server.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libggml.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libllama.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/ollama_llama_server.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libggml.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libllama.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/ollama_llama_server.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libggml.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libllama.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/ollama_llama_server.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libggml.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libllama.so.gz
time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/ollama_llama_server.gz
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cpu/ollama_llama_server
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cpu_avx/ollama_llama_server
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cpu_avx2/ollama_llama_server
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cuda_v11/ollama_llama_server
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cuda_v12/ollama_llama_server
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/rocm_v60102/ollama_llama_server
time=2024-09-10T12:59:08.173+02:00 level=INFO source=payload.go:44 msg="Dynamic LLM libraries [cpu cpu_avx cpu_avx2 cuda_v11 cuda_v12 rocm_v60102]"
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:45 msg="Override detection logic by setting OLLAMA_LLM_LIBRARY"
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=sched.go:105 msg="starting llm scheduler"
time=2024-09-10T12:59:08.173+02:00 level=INFO source=gpu.go:200 msg="looking for compatible GPUs"
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=gpu.go:86 msg="searching for GPU discovery libraries for NVIDIA"
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=gpu.go:468 msg="Searching for GPU library" name=libcuda.so*
time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=gpu.go:491 msg="gpu library search" globs="[/usr/local/lib/ollama/libcuda.so* /home/x/libcuda.so* /usr/local/cuda*/targets/*/lib/libcuda.so* /usr/lib/*-linux-gnu/nvidia/current/libcuda.so* /usr/lib/*-linux-gnu/libcuda.so* /usr/lib/wsl/lib/libcuda.so* /usr/lib/wsl/drivers/*/libcuda.so* /opt/cuda/lib*/libcuda.so* /usr/local/cuda/lib*/libcuda.so* /usr/lib*/libcuda.so* /usr/local/lib*/libcuda.so*]"
time=2024-09-10T12:59:08.181+02:00 level=DEBUG source=gpu.go:525 msg="discovered GPU libraries" paths="[/usr/lib/i386-linux-gnu/libcuda.so.535.161.08 /usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08]"
library /usr/lib/i386-linux-gnu/libcuda.so.535.161.08 load err: /usr/lib/i386-linux-gnu/libcuda.so.535.161.08: wrong ELF class: ELFCLASS32
time=2024-09-10T12:59:08.181+02:00 level=DEBUG source=gpu.go:566 msg="skipping 32bit library" library=/usr/lib/i386-linux-gnu/libcuda.so.535.161.08
CUDA driver version: 12.2
time=2024-09-10T12:59:08.186+02:00 level=DEBUG source=gpu.go:119 msg="detected GPUs" count=1 library=/usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08
[GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA totalMem 2048 mb
[GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA freeMem 1729 mb
[GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] Compute Capability 7.5
time=2024-09-10T12:59:08.385+02:00 level=DEBUG source=amd_linux.go:371 msg="amdgpu driver not detected /sys/module/amdgpu"
releasing cuda driver library
time=2024-09-10T12:59:08.385+02:00 level=INFO source=types.go:107 msg="inference compute" id=GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b library=cuda variant=v12 compute=7.5 driver=12.2 name="GRID RTX6000-2Q" total="2.0 GiB" available="1.7 GiB"
[GIN] 2024/09/10 - 12:59:08 | 200 |      40.586µs |       127.0.0.1 | HEAD     "/"
time=2024-09-10T12:59:38.401+02:00 level=INFO source=images.go:1020 msg="request failed: Get \"https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b\": dial tcp 104.21.75.227:443: i/o timeout"
[GIN] 2024/09/10 - 12:59:38 | 200 | 30.015266502s |       127.0.0.1 | POST     "/api/pull"

ollama pull w/o proxy:

x@y:~$ ollama pull qwen2:0.5b
pulling manifest 
Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b": dial tcp 104.21.75.227:443: i/o timeout

@KhazAkar commented on GitHub (Sep 10, 2024): ``` x@y:~$ curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b {"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"digest":"sha256:2184ab82477bc33a5e08fa209df88f0631a19e686320cce2cfe9e00695b2f0e6","mediaType":"application/vnd.docker.container.image.v1+json","size":488},"layers":[{"digest":"sha256:8de95da68dc485c0889c205384c24642f83ca18d089559c977ffc6a3972a71a8","mediaType":"application/vnd.ollama.image.model","size":352151968},{"digest":"sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef","mediaType":"application/vnd.ollama.image.template","size":182},{"digest":"sha256:c156170b718ec29139d3653d40ed1986fd92fb7e0959b5c71f3c48f62e6636f4","mediaType":"application/vnd.ollama.image.license","size":11344},{"digest":"sha256:f02dd72bb2423204352eabc5637b44d79d17f109fdb510a7c51455892aa2d216","mediaType":"application/vnd.ollama.image.params","size":59}]} x@y:~$ HTTPS_PROXY=http://company-proxy.com:8080 curl https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b {"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"digest":"sha256:2184ab82477bc33a5e08fa209df88f0631a19e686320cce2cfe9e00695b2f0e6","mediaType":"application/vnd.docker.container.image.v1+json","size":488},"layers":[{"digest":"sha256:8de95da68dc485c0889c205384c24642f83ca18d089559c977ffc6a3972a71a8","mediaType":"application/vnd.ollama.image.model","size":352151968},{"digest":"sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef","mediaType":"application/vnd.ollama.image.template","size":182},{"digest":"sha256:c156170b718ec29139d3653d40ed1986fd92fb7e0959b5c71f3c48f62e6636f4","mediaType":"application/vnd.ollama.image.license","size":11344},{"digest":"sha256:f02dd72bb2423204352eabc5637b44d79d17f109fdb510a7c51455892aa2d216","mediaType":"application/vnd.ollama.image.params","size":59}]} ``` Additional note: system runs software called netskope. ollama serve without proxy: ``` x@y:~$ OLLAMA_DEBUG=1 ollama serve 2024/09/10 12:58:57 routes.go:1125: INFO server config env="map[CUDA_VISIBLE_DEVICES: GPU_DEVICE_ORDINAL: HIP_VISIBLE_DEVICES: HSA_OVERRIDE_GFX_VERSION: OLLAMA_DEBUG:true OLLAMA_FLASH_ATTENTION:false OLLAMA_GPU_OVERHEAD:0 OLLAMA_HOST:http://127.0.0.1:11434 OLLAMA_INTEL_GPU:false OLLAMA_KEEP_ALIVE:5m0s OLLAMA_LLM_LIBRARY: OLLAMA_LOAD_TIMEOUT:5m0s OLLAMA_MAX_LOADED_MODELS:0 OLLAMA_MAX_QUEUE:512 OLLAMA_MODELS:/home/z0022112/.ollama/models OLLAMA_NOHISTORY:false OLLAMA_NOPRUNE:false OLLAMA_NUM_PARALLEL:0 OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://*] OLLAMA_RUNNERS_DIR: OLLAMA_SCHED_SPREAD:false OLLAMA_TMPDIR: ROCR_VISIBLE_DEVICES:]" time=2024-09-10T12:58:57.658+02:00 level=INFO source=images.go:753 msg="total blobs: 0" time=2024-09-10T12:58:57.659+02:00 level=INFO source=images.go:760 msg="total unused blobs removed: 0" time=2024-09-10T12:58:57.659+02:00 level=INFO source=routes.go:1172 msg="Listening on 127.0.0.1:11434 (version 0.3.10)" time=2024-09-10T12:58:57.659+02:00 level=INFO source=payload.go:30 msg="extracting embedded files" dir=/tmp/ollama310528903/runners time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libggml.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/libllama.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu file=build/linux/x86_64/cpu/bin/ollama_llama_server.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libggml.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/libllama.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx file=build/linux/x86_64/cpu_avx/bin/ollama_llama_server.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libggml.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/libllama.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cpu_avx2 file=build/linux/x86_64/cpu_avx2/bin/ollama_llama_server.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libggml.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/libllama.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v11 file=build/linux/x86_64/cuda_v11/bin/ollama_llama_server.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libggml.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/libllama.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=cuda_v12 file=build/linux/x86_64/cuda_v12/bin/ollama_llama_server.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libggml.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/libllama.so.gz time=2024-09-10T12:58:57.659+02:00 level=DEBUG source=payload.go:182 msg=extracting variant=rocm_v60102 file=build/linux/x86_64/rocm_v60102/bin/ollama_llama_server.gz time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cpu/ollama_llama_server time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cpu_avx/ollama_llama_server time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cpu_avx2/ollama_llama_server time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cuda_v11/ollama_llama_server time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/cuda_v12/ollama_llama_server time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:71 msg="availableServers : found" file=/tmp/ollama310528903/runners/rocm_v60102/ollama_llama_server time=2024-09-10T12:59:08.173+02:00 level=INFO source=payload.go:44 msg="Dynamic LLM libraries [cpu cpu_avx cpu_avx2 cuda_v11 cuda_v12 rocm_v60102]" time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=payload.go:45 msg="Override detection logic by setting OLLAMA_LLM_LIBRARY" time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=sched.go:105 msg="starting llm scheduler" time=2024-09-10T12:59:08.173+02:00 level=INFO source=gpu.go:200 msg="looking for compatible GPUs" time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=gpu.go:86 msg="searching for GPU discovery libraries for NVIDIA" time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=gpu.go:468 msg="Searching for GPU library" name=libcuda.so* time=2024-09-10T12:59:08.173+02:00 level=DEBUG source=gpu.go:491 msg="gpu library search" globs="[/usr/local/lib/ollama/libcuda.so* /home/x/libcuda.so* /usr/local/cuda*/targets/*/lib/libcuda.so* /usr/lib/*-linux-gnu/nvidia/current/libcuda.so* /usr/lib/*-linux-gnu/libcuda.so* /usr/lib/wsl/lib/libcuda.so* /usr/lib/wsl/drivers/*/libcuda.so* /opt/cuda/lib*/libcuda.so* /usr/local/cuda/lib*/libcuda.so* /usr/lib*/libcuda.so* /usr/local/lib*/libcuda.so*]" time=2024-09-10T12:59:08.181+02:00 level=DEBUG source=gpu.go:525 msg="discovered GPU libraries" paths="[/usr/lib/i386-linux-gnu/libcuda.so.535.161.08 /usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08]" library /usr/lib/i386-linux-gnu/libcuda.so.535.161.08 load err: /usr/lib/i386-linux-gnu/libcuda.so.535.161.08: wrong ELF class: ELFCLASS32 time=2024-09-10T12:59:08.181+02:00 level=DEBUG source=gpu.go:566 msg="skipping 32bit library" library=/usr/lib/i386-linux-gnu/libcuda.so.535.161.08 CUDA driver version: 12.2 time=2024-09-10T12:59:08.186+02:00 level=DEBUG source=gpu.go:119 msg="detected GPUs" count=1 library=/usr/lib/x86_64-linux-gnu/libcuda.so.535.161.08 [GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA totalMem 2048 mb [GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] CUDA freeMem 1729 mb [GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b] Compute Capability 7.5 time=2024-09-10T12:59:08.385+02:00 level=DEBUG source=amd_linux.go:371 msg="amdgpu driver not detected /sys/module/amdgpu" releasing cuda driver library time=2024-09-10T12:59:08.385+02:00 level=INFO source=types.go:107 msg="inference compute" id=GPU-a651a7db-37aa-11b2-ad97-b5f26a68d90b library=cuda variant=v12 compute=7.5 driver=12.2 name="GRID RTX6000-2Q" total="2.0 GiB" available="1.7 GiB" [GIN] 2024/09/10 - 12:59:08 | 200 | 40.586µs | 127.0.0.1 | HEAD "/" time=2024-09-10T12:59:38.401+02:00 level=INFO source=images.go:1020 msg="request failed: Get \"https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b\": dial tcp 104.21.75.227:443: i/o timeout" [GIN] 2024/09/10 - 12:59:38 | 200 | 30.015266502s | 127.0.0.1 | POST "/api/pull" ``` ollama pull w/o proxy: ``` x@y:~$ ollama pull qwen2:0.5b pulling manifest Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b": dial tcp 104.21.75.227:443: i/o timeout ```

GiteaMirror commented

2026-04-12 15:08:21 -05:00

@rick-github commented on GitHub (Sep 10, 2024):

What's the result of

curl --noproxy "*" https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b

curl -v -D - https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b

@rick-github commented on GitHub (Sep 10, 2024): What's the result of ``` curl --noproxy "*" https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b ``` ``` curl -v -D - https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b ```

GiteaMirror commented

2026-04-12 15:08:21 -05:00

@KhazAkar commented on GitHub (Sep 10, 2024):

I forgot that I had on client side proxy set, hence why previous options worked fine :D

curl -v -D - https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b
*   Trying 172.67.182.229:443...
*   Trying 2606:4700:3036::6815:4be3:443...
* Immediate connect fail for 2606:4700:3036::6815:4be3: Network is unreachable
*   Trying 2606:4700:3034::ac43:b6e5:443...
* Immediate connect fail for 2606:4700:3034::ac43:b6e5: Network is unreachable

with proxy enabled same call:

curl -v -D - https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b
* Uses proxy env variable https_proxy == 'http://company-proxy.com:8080'
*   Trying 163.116.128.80:8080...
* Connected to (nil) (163.116.128.80) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to registry.ollama.ai:443
> CONNECT registry.ollama.ai:443 HTTP/1.1
> Host: registry.ollama.ai:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection Established
HTTP/1.1 200 Connection Established
< 

* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=registry.ollama.ai
*  start date: Aug 11 10:48:11 2024 GMT
*  expire date: Sep 10 10:48:11 2025 GMT
*  subjectAltName: host "registry.ollama.ai" matched cert's "registry.ollama.ai"
*  issuer: C=DE; ST=DE; L=PLACE; O=COMPANY; OU=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; CN=ca.company.de.goskope.com; emailAddress=certadmin@netskope.com
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55bd86fdfeb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /v2/library/qwen2/manifests/0.5b HTTP/2
> Host: registry.ollama.ai
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200 
HTTP/2 200 
< date: Tue, 10 Sep 2024 11:11:25 GMT
date: Tue, 10 Sep 2024 11:11:25 GMT
< content-type: text/plain; charset=utf-8
content-type: text/plain; charset=utf-8
< content-length: 857
content-length: 857
< via: 1.1 google
via: 1.1 google
< cf-cache-status: DYNAMIC
cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=688UAOb7Uv12k%2BPdBeHnALQJTBXtNZ%2BKdoRlQHW9PSpyIsQU06QjpTdT0X7Nke2mFAPWUcxwdmQ8D3gMV8B51M4Hs1p9p8zVVYppD9jFwVMqR2LKUJ8ADipN9HFkHoPfi%2FTxwTY%3D"}],"group":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=688UAOb7Uv12k%2BPdBeHnALQJTBXtNZ%2BKdoRlQHW9PSpyIsQU06QjpTdT0X7Nke2mFAPWUcxwdmQ8D3gMV8B51M4Hs1p9p8zVVYppD9jFwVMqR2LKUJ8ADipN9HFkHoPfi%2FTxwTY%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
server: cloudflare
< cf-ray: 8c0efa276a3d7174-DUS
cf-ray: 8c0efa276a3d7174-DUS

< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"digest":"sha256:2184ab82477bc33a5e08fa209df88f0631a19e686320cce2cfe9e00695b2f0e6","mediaType":"application/vnd.docker.container.image.v1+json","size":488},"layers":[{"digest":"sha256:8de95da68dc485c0889c205384c24642f83ca18d089559c977ffc6a3972a71a8","mediaType":"application/vnd.ollama.image.model","size":352151968},{"digest":"sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef","mediaType":"application/vnd.ollama.image.template","size":182},{"digest":"sha256:c156170b718ec29139d3653d40ed1986fd92fb7e0959b5c71f3c48f62e6636f4","mediaType":"application/vnd.ollama.image.license","size":11344},{"digest":"sha256:f02dd72bb2423204352eabc5637b44d79d17f109fdb510a7c51455892aa2d216","mediaType":"application/vnd.ollama.image.params","size":59}]}
* Connection #0 to host (nil) left intact

@KhazAkar commented on GitHub (Sep 10, 2024): I forgot that I had on client side proxy set, hence why previous options worked fine :D ``` curl -v -D - https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b * Trying 172.67.182.229:443... * Trying 2606:4700:3036::6815:4be3:443... * Immediate connect fail for 2606:4700:3036::6815:4be3: Network is unreachable * Trying 2606:4700:3034::ac43:b6e5:443... * Immediate connect fail for 2606:4700:3034::ac43:b6e5: Network is unreachable ``` with proxy enabled same call: ``` curl -v -D - https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b * Uses proxy env variable https_proxy == 'http://company-proxy.com:8080' * Trying 163.116.128.80:8080... * Connected to (nil) (163.116.128.80) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to registry.ollama.ai:443 > CONNECT registry.ollama.ai:443 HTTP/1.1 > Host: registry.ollama.ai:443 > User-Agent: curl/7.81.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection Established HTTP/1.1 200 Connection Established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=registry.ollama.ai * start date: Aug 11 10:48:11 2024 GMT * expire date: Sep 10 10:48:11 2025 GMT * subjectAltName: host "registry.ollama.ai" matched cert's "registry.ollama.ai" * issuer: C=DE; ST=DE; L=PLACE; O=COMPANY; OU=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; CN=ca.company.de.goskope.com; emailAddress=certadmin@netskope.com * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * Using Stream ID: 1 (easy handle 0x55bd86fdfeb0) * TLSv1.2 (OUT), TLS header, Supplemental data (23): > GET /v2/library/qwen2/manifests/0.5b HTTP/2 > Host: registry.ollama.ai > user-agent: curl/7.81.0 > accept: */* > * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): < HTTP/2 200 HTTP/2 200 < date: Tue, 10 Sep 2024 11:11:25 GMT date: Tue, 10 Sep 2024 11:11:25 GMT < content-type: text/plain; charset=utf-8 content-type: text/plain; charset=utf-8 < content-length: 857 content-length: 857 < via: 1.1 google via: 1.1 google < cf-cache-status: DYNAMIC cf-cache-status: DYNAMIC < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=688UAOb7Uv12k%2BPdBeHnALQJTBXtNZ%2BKdoRlQHW9PSpyIsQU06QjpTdT0X7Nke2mFAPWUcxwdmQ8D3gMV8B51M4Hs1p9p8zVVYppD9jFwVMqR2LKUJ8ADipN9HFkHoPfi%2FTxwTY%3D"}],"group":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=688UAOb7Uv12k%2BPdBeHnALQJTBXtNZ%2BKdoRlQHW9PSpyIsQU06QjpTdT0X7Nke2mFAPWUcxwdmQ8D3gMV8B51M4Hs1p9p8zVVYppD9jFwVMqR2LKUJ8ADipN9HFkHoPfi%2FTxwTY%3D"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < server: cloudflare server: cloudflare < cf-ray: 8c0efa276a3d7174-DUS cf-ray: 8c0efa276a3d7174-DUS < * TLSv1.2 (IN), TLS header, Supplemental data (23): {"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"digest":"sha256:2184ab82477bc33a5e08fa209df88f0631a19e686320cce2cfe9e00695b2f0e6","mediaType":"application/vnd.docker.container.image.v1+json","size":488},"layers":[{"digest":"sha256:8de95da68dc485c0889c205384c24642f83ca18d089559c977ffc6a3972a71a8","mediaType":"application/vnd.ollama.image.model","size":352151968},{"digest":"sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef","mediaType":"application/vnd.ollama.image.template","size":182},{"digest":"sha256:c156170b718ec29139d3653d40ed1986fd92fb7e0959b5c71f3c48f62e6636f4","mediaType":"application/vnd.ollama.image.license","size":11344},{"digest":"sha256:f02dd72bb2423204352eabc5637b44d79d17f109fdb510a7c51455892aa2d216","mediaType":"application/vnd.ollama.image.params","size":59}]} * Connection #0 to host (nil) left intact ```

GiteaMirror commented

2026-04-12 15:08:22 -05:00

@rick-github commented on GitHub (Sep 10, 2024):

So it looks like your firewall/proxy product does cert forging and MITM, presumably for deep packet inspection. This should be transparent to the client but perhaps it's not interacting well with the network libraries that ollama uses. I can't find anything on the interwebs about it so it's not a common issue. I also couldn't find any demo version of the netskope software for testing. Colin's fix of hacking the proxy directly in to the Go code means there's a workaround, we just need to figure out what it is.

@rick-github commented on GitHub (Sep 10, 2024): So it looks like your firewall/proxy product does cert forging and MITM, presumably for deep packet inspection. This should be transparent to the client but perhaps it's not interacting well with the network libraries that ollama uses. I can't find anything on the interwebs about it so it's not a common issue. I also couldn't find any demo version of the netskope software for testing. Colin's fix of hacking the proxy directly in to the Go code means there's a workaround, we just need to figure out what it is.

GiteaMirror commented

2026-04-12 15:08:23 -05:00

@rick-github commented on GitHub (Sep 10, 2024):

What's the result of env|grep -i proxy?

@rick-github commented on GitHub (Sep 10, 2024): What's the result of ` env|grep -i proxy`?

GiteaMirror commented

2026-04-12 15:08:23 -05:00

@WeiguangHan commented on GitHub (Sep 11, 2024):

Have you set HTTPS_PROXY in the ollama service file (not /etc/environments)? sudo systemctl edit ollama.service and add

[Service]
Environment="HTTPS_PROXY=http://your.proxy.name.here:port"

Quick&dirty local test shows proxying working as expected:

$ curl https://icanhazip.com
80.218.136.70
# proxy server on local lan enabled
$ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com
34.171.115.155
# start olllama server with proxy
$ HTTPS_PROXY=http://proxy-usa:8080 ollama serve 2>/dev/null &
[1] 3700606
$ ollama list
NAME      	ID          	SIZE  	MODIFIED       
# pull a model
$ ollama pull qwen2:0.5b
pulling manifest 
pulling 8de95da68dc4... 100% ▕██████████████████████████████████████████████▏ 352 MB                         
pulling 62fbfd9ed093... 100% ▕██████████████████████████████████████████████▏  182 B                         
pulling c156170b718e... 100% ▕██████████████████████████████████████████████▏  11 KB                         
pulling f02dd72bb242... 100% ▕██████████████████████████████████████████████▏   59 B                         
pulling 2184ab82477b... 100% ▕██████████████████████████████████████████████▏  488 B                         
verifying sha256 digest 
writing manifest 
success 
# proxy turned off, try using it
$ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com
curl: (5) Could not resolve proxy: proxy-usa
# try pulling a model with the proxy down
$ ollama pull qwen2:0.5b
pulling manifest 
Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b": proxyconnect tcp: dial tcp: lookup proxy-usa: no such host

It makes sense on my linux machine after I add the env variable. So how can I perform the similar operation on my windows computer? Thanks a lot in advance! @rick-github

@WeiguangHan commented on GitHub (Sep 11, 2024): > Have you [set](https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-linux) HTTPS_PROXY in the ollama service file (not /etc/environments)? `sudo systemctl edit ollama.service` and add > > ``` > [Service] > Environment="HTTPS_PROXY=http://your.proxy.name.here:port" > ``` > > Quick&dirty local test shows proxying working as expected: > > ```shell > $ curl https://icanhazip.com > 80.218.136.70 > # proxy server on local lan enabled > $ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com > 34.171.115.155 > # start olllama server with proxy > $ HTTPS_PROXY=http://proxy-usa:8080 ollama serve 2>/dev/null & > [1] 3700606 > $ ollama list > NAME ID SIZE MODIFIED > # pull a model > $ ollama pull qwen2:0.5b > pulling manifest > pulling 8de95da68dc4... 100% ▕██████████████████████████████████████████████▏ 352 MB > pulling 62fbfd9ed093... 100% ▕██████████████████████████████████████████████▏ 182 B > pulling c156170b718e... 100% ▕██████████████████████████████████████████████▏ 11 KB > pulling f02dd72bb242... 100% ▕██████████████████████████████████████████████▏ 59 B > pulling 2184ab82477b... 100% ▕██████████████████████████████████████████████▏ 488 B > verifying sha256 digest > writing manifest > success > # proxy turned off, try using it > $ HTTPS_PROXY=http://proxy-usa:8080 curl https://icanhazip.com > curl: (5) Could not resolve proxy: proxy-usa > # try pulling a model with the proxy down > $ ollama pull qwen2:0.5b > pulling manifest > Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/qwen2/manifests/0.5b": proxyconnect tcp: dial tcp: lookup proxy-usa: no such host > ``` It makes sense on my linux machine after I add the env variable. So how can I perform the similar operation on my windows computer? Thanks a lot in advance! @rick-github

GiteaMirror commented

2026-04-12 15:08:24 -05:00

@KhazAkar commented on GitHub (Sep 11, 2024):

What's the result of env|grep -i proxy?

@rick-github

After fresh reboot:

http_proxy=http://company-proxy.com:8080
https_proxy=http://company-proxy.com:8080
ftp_proxy=http://company-proxy.com:8080
no_proxy=company.com,old.company.com,login.cloud.company.com,localhost
NO_PROXY=company.com,old.company.com,login.cloud.company.com,localhost

Commented those out on that machine now, did reboot. What to do next?

@KhazAkar commented on GitHub (Sep 11, 2024): > What's the result of ` env|grep -i proxy`? @rick-github After fresh reboot: ``` http_proxy=http://company-proxy.com:8080 https_proxy=http://company-proxy.com:8080 ftp_proxy=http://company-proxy.com:8080 no_proxy=company.com,old.company.com,login.cloud.company.com,localhost NO_PROXY=company.com,old.company.com,login.cloud.company.com,localhost ``` Commented those out on that machine now, did reboot. What to do next?

GiteaMirror commented

2026-04-12 15:08:25 -05:00

@mxyng commented on GitHub (Sep 11, 2024):

I haven't been able to reproduce this but I've added some debugging into ollama which should validate if the proxy is set correctly.

Go's default HTTP transport, which clients will automatically use if transport isn't set, already gets proxy configurations (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) from environment variables

@mxyng commented on GitHub (Sep 11, 2024): I haven't been able to reproduce this but I've added some debugging into ollama which should validate if the proxy is set correctly. Go's [default HTTP transport](https://pkg.go.dev/net/http#DefaultTransport), which clients will automatically use if transport isn't set, already gets proxy configurations (`HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY`) from environment variables

GiteaMirror commented

2026-04-12 15:08:25 -05:00

@rick-github commented on GitHub (Sep 12, 2024):

@WeiguangHan https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-windows

@rick-github commented on GitHub (Sep 12, 2024): @WeiguangHan https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-windows

GiteaMirror commented

2026-04-12 15:08:26 -05:00

@rick-github commented on GitHub (Sep 12, 2024):

Wanted to see the value of no_proxy, the go proxy handler has a bunch of rules for skipping using the proxy, but I can't see how these would affect the outcome in this case. Still a mystery as to what's happening.

@rick-github commented on GitHub (Sep 12, 2024): Wanted to see the value of `no_proxy`, the go [proxy handler](https://cs.opensource.google/go/x/net/+/refs/tags/v0.29.0:http/httpproxy/proxy.go;drc=8c07e20f924fb9dec8d39d2793f72a42c3261a7c;l=169) has a bunch of rules for skipping using the proxy, but I can't see how these would affect the outcome in this case. Still a mystery as to what's happening.

GiteaMirror commented

2026-04-12 15:08:26 -05:00

@WeiguangHan commented on GitHub (Sep 12, 2024):

@WeiguangHan https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-windows

I set the environment variables according to your suggestion. I still can't using commands ollama pull xxx although I have set the HTTPS_PROXY and https_proxy in my command line. The result is still timeout. I thinks the HTTPS_PROXY are not used in model requests on my windows computer.

@WeiguangHan commented on GitHub (Sep 12, 2024): > @WeiguangHan https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-windows I set the environment variables according to your suggestion. I still can't using commands ```ollama pull xxx``` although I have set the ```HTTPS_PROXY and https_proxy``` in my command line. The result is still ```timeout```. I thinks the ```HTTPS_PROXY``` are not used in model requests on my windows computer.

GiteaMirror commented

2026-04-12 15:08:27 -05:00

@rick-github commented on GitHub (Sep 12, 2024):

HTTPS_PROXY, not HTTP_PROXY.

On Thu, Sep 12, 2024, 10:29 WeiguangHan @.***> wrote:

@WeiguangHan https://github.com/WeiguangHan
https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-windows

I set the environment variables according to your suggestion. But I still
can't using commands ollama pull xxx. The result is still timeout. I
thinks the HTTP_PROXY are not used in model requests on my windows
computer.

—
Reply to this email directly, view it on GitHub
https://github.com/ollama/ollama/issues/6679#issuecomment-2345140537,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ADSBEJTHVQ2RAGLB67P3P5DZWD36ZAVCNFSM6AAAAABNYZFKI2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNBVGE2DANJTG4
.
You are receiving this because you were mentioned.Message ID:
@.***>

@rick-github commented on GitHub (Sep 12, 2024): HTTPS_PROXY, not HTTP_PROXY. On Thu, Sep 12, 2024, 10:29 WeiguangHan ***@***.***> wrote: > @WeiguangHan <https://github.com/WeiguangHan> > https://github.com/ollama/ollama/blob/main/docs/faq.md#setting-environment-variables-on-windows > > I set the environment variables according to your suggestion. But I still > can't using commands ollama pull xxx. The result is still timeout. I > thinks the HTTP_PROXY are not used in model requests on my windows > computer. > > — > Reply to this email directly, view it on GitHub > <https://github.com/ollama/ollama/issues/6679#issuecomment-2345140537>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ADSBEJTHVQ2RAGLB67P3P5DZWD36ZAVCNFSM6AAAAABNYZFKI2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNBVGE2DANJTG4> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

GiteaMirror commented

2026-04-12 15:08:27 -05:00

@WeiguangHan commented on GitHub (Sep 12, 2024):

Got it. Now it works. Thanks a lot!

@WeiguangHan commented on GitHub (Sep 12, 2024): Got it. Now it works. Thanks a lot!

GiteaMirror commented

2026-04-12 15:08:28 -05:00

@KhazAkar commented on GitHub (Sep 12, 2024):

Wanted to see the value of no_proxy, the go proxy handler has a bunch of rules for skipping using the proxy, but I can't see how these would affect the outcome in this case. Still a mystery as to what's happening.

I've tried cURL on IP returned directly and I get some page that this page doesn't exist. Maybe go proxy code doesn't handle redirects that well? It's a tough nut to crack

@KhazAkar commented on GitHub (Sep 12, 2024): > Wanted to see the value of `no_proxy`, the go [proxy handler](https://cs.opensource.google/go/x/net/+/refs/tags/v0.29.0:http/httpproxy/proxy.go;drc=8c07e20f924fb9dec8d39d2793f72a42c3261a7c;l=169) has a bunch of rules for skipping using the proxy, but I can't see how these would affect the outcome in this case. Still a mystery as to what's happening. I've tried cURL on IP returned directly and I get some page that this page doesn't exist. Maybe go proxy code doesn't handle redirects that well? It's a tough nut to crack

GiteaMirror commented

2026-04-12 15:08:28 -05:00

@mxyng commented on GitHub (Sep 12, 2024):

I've tried cURL on IP returned directly and I get some page that this page doesn't exist. Maybe go proxy code doesn't handle redirects that well?

It's unclear what you mean by this. A proxy is not the same thing as a redirect. A request must pass through a forward proxy to reach the Internet. There's no redirect involved here. Something in the proxy is preventing more data from being transferred.

At this point, everything indicates there isn't a bug in Ollama and proxy configurations is working as expected. Since there hasn't any updates from the issue creator @cmilhaupt, the most likely cause of the original issue is misconfiguration:

I have both HTTP_PROXY and HTTPS_PROXY set in /etc/environments and other Go programs are able to see them.

/etc/environment is only applicable to login sessions and ollama server, (likely) running as a systemd service, is unaffected.

FWIW manifests are downloaded directly from the registry and the logs seem to indicate this was successful. Once the manifest is downloaded, it downloads each blob which does contain a redirect to Cloudflare. You should verify this operation:

$ curl -v -L https://registry.ollama.ai/v2/library/qwen2/blobs/sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef

@mxyng commented on GitHub (Sep 12, 2024): > I've tried cURL on IP returned directly and I get some page that this page doesn't exist. Maybe go proxy code doesn't handle redirects that well? It's unclear what you mean by this. A proxy is not the same thing as a redirect. A request must pass _through_ a forward proxy to reach the Internet. There's no redirect involved here. Something in the proxy is preventing more data from being transferred. At this point, everything indicates there isn't a bug in Ollama and proxy configurations is working as expected. Since there hasn't any updates from the issue creator @cmilhaupt, the most likely cause of the original issue is misconfiguration: > I have both HTTP_PROXY and HTTPS_PROXY set in /etc/environments and other Go programs are able to see them. `/etc/environment` is only applicable to login sessions and ollama server, (likely) running as a systemd service, is unaffected. FWIW manifests are downloaded directly from the registry and the logs seem to indicate this was successful. Once the manifest is downloaded, it downloads each blob which _does_ contain a redirect to Cloudflare. You should verify this operation: ``` $ curl -v -L https://registry.ollama.ai/v2/library/qwen2/blobs/sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef ```

GiteaMirror commented

2026-04-12 15:08:29 -05:00

@KhazAkar commented on GitHub (Sep 18, 2024):

With proxy it seems to work, at least this curl call, but I'm not fully sure...

x@y:~$ curl -v -L https://registry.ollama.ai/v2/library/qwen2/blobs/sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef
* Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost'
* Uses proxy env variable https_proxy == 'http://company-proxy.com:8080'
*   Trying 163.116.128.80:8080...
* Connected to (nil) (163.116.128.80) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to registry.ollama.ai:443
> CONNECT registry.ollama.ai:443 HTTP/1.1
> Host: registry.ollama.ai:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection Established
< 
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=registry.ollama.ai
*  start date: Aug 19 09:38:04 2024 GMT
*  expire date: Sep 18 09:38:04 2025 GMT
*  subjectAltName: host "registry.ollama.ai" matched cert's "registry.ollama.ai"
*  issuer: C=DE; ST=DE; L=X; O=COMPANY; OU=XXXXXXXxXXXXXXXXXXXXXXXXXXXXXXXX; CN=ca.XXX.XXX.goskope.com; emailAddress=certadmin@netskope.com
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x5568251f7eb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /v2/library/qwen2/blobs/sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef HTTP/2
> Host: registry.ollama.ai
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 307 
< date: Wed, 18 Sep 2024 09:38:04 GMT
< content-type: text/html; charset=utf-8
< location: https://dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com/ollama/docker/registry/v2/blobs/sha256/62/62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=66040c77ac1b787c3af820529859349a%2F20240918%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240918T093804Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=44fc0f5f281a376e1504c87d111f6bd977529345a72cb4292d70ec8215f99a3e
< via: 1.1 google
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bya%2Fun3UWMvJfKIPj7HDjQ48phwyLL2nfzD19aycptBde1CPr4tmtJkDD%2BTXhaDwDZFxrkX6%2FmZWkxieXenIdFtqUZSizGxZRrXDwEP7qlnwbNcsBmswjDUgvhEjNGOGlfg%2Bw%2B4%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< speculation-rules: "/cdn-cgi/speculation"
< server: cloudflare
< cf-ray: 8c505c69cb8ccb1e-DUS
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Ignoring the response-body
* Connection #0 to host (nil) left intact
* Issue another request to this URL: 'https://dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com/ollama/docker/registry/v2/blobs/sha256/62/62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=66040c77ac1b787c3af820529859349a%2F20240918%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240918T093804Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=44fc0f5f281a376e1504c87d111f6bd977529345a72cb4292d70ec8215f99a3e'
* Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost'
* Uses proxy env variable https_proxy == 'http://company-proxy.com:8080'
* Hostname company-proxy.com was found in DNS cache
*   Trying 163.116.128.80:8080...
* Connected to (nil) (163.116.128.80) port 8080 (#1)
* allocate connect buffer!
* Establish HTTP proxy tunnel to dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com:443
> CONNECT dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com:443 HTTP/1.1
> Host: dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection Established
< 
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com
*  start date: Aug 19 09:38:04 2024 GMT
*  expire date: Sep 18 09:38:04 2025 GMT
*  subjectAltName: host "dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com" matched cert's "dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com"
*  issuer: C=DE; ST=DE; L=X; O=COMPANY; OU=XXXXXXXxXXXXXXXXXXXXXXXXXXXXXXXX; CN=ca.XXX.XXX.goskope.com; emailAddress=certadmin@netskope.com
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /ollama/docker/registry/v2/blobs/sha256/62/62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=66040c77ac1b787c3af820529859349a%2F20240918%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240918T093804Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=44fc0f5f281a376e1504c87d111f6bd977529345a72cb4292d70ec8215f99a3e HTTP/1.1
> Host: dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com
> User-Agent: curl/7.81.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 18 Sep 2024 09:38:05 GMT
< Content-Type: application/octet-stream
< Connection: keep-alive
< Accept-Ranges: bytes
< ETag: "b6a10447e4503d042d486fca41f65161"
< Last-Modified: Sat, 17 Feb 2024 22:53:05 GMT
< Server: cloudflare
< CF-RAY: 8c505c6c4da0cb2f-DUS
< Content-Length: 182
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{{ if .System }}<|im_start|>system
{{ .System }}<|im_end|>
{{ end }}{{ if .Prompt }}<|im_start|>user
{{ .Prompt }}<|im_end|>
{{ end }}<|im_start|>assistant
{{ .Response }}<|im_end|>
* Connection #1 to host (nil) left intact

@KhazAkar commented on GitHub (Sep 18, 2024): With proxy it seems to work, at least this curl call, but I'm not fully sure... ``` x@y:~$ curl -v -L https://registry.ollama.ai/v2/library/qwen2/blobs/sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef * Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost' * Uses proxy env variable https_proxy == 'http://company-proxy.com:8080' * Trying 163.116.128.80:8080... * Connected to (nil) (163.116.128.80) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to registry.ollama.ai:443 > CONNECT registry.ollama.ai:443 HTTP/1.1 > Host: registry.ollama.ai:443 > User-Agent: curl/7.81.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection Established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=registry.ollama.ai * start date: Aug 19 09:38:04 2024 GMT * expire date: Sep 18 09:38:04 2025 GMT * subjectAltName: host "registry.ollama.ai" matched cert's "registry.ollama.ai" * issuer: C=DE; ST=DE; L=X; O=COMPANY; OU=XXXXXXXxXXXXXXXXXXXXXXXXXXXXXXXX; CN=ca.XXX.XXX.goskope.com; emailAddress=certadmin@netskope.com * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * Using Stream ID: 1 (easy handle 0x5568251f7eb0) * TLSv1.2 (OUT), TLS header, Supplemental data (23): > GET /v2/library/qwen2/blobs/sha256:62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef HTTP/2 > Host: registry.ollama.ai > user-agent: curl/7.81.0 > accept: */* > * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.2 (IN), TLS header, Supplemental data (23): < HTTP/2 307 < date: Wed, 18 Sep 2024 09:38:04 GMT < content-type: text/html; charset=utf-8 < location: https://dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com/ollama/docker/registry/v2/blobs/sha256/62/62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=66040c77ac1b787c3af820529859349a%2F20240918%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240918T093804Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=44fc0f5f281a376e1504c87d111f6bd977529345a72cb4292d70ec8215f99a3e < via: 1.1 google < cf-cache-status: DYNAMIC < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bya%2Fun3UWMvJfKIPj7HDjQ48phwyLL2nfzD19aycptBde1CPr4tmtJkDD%2BTXhaDwDZFxrkX6%2FmZWkxieXenIdFtqUZSizGxZRrXDwEP7qlnwbNcsBmswjDUgvhEjNGOGlfg%2Bw%2B4%3D"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < speculation-rules: "/cdn-cgi/speculation" < server: cloudflare < cf-ray: 8c505c69cb8ccb1e-DUS < * TLSv1.2 (IN), TLS header, Supplemental data (23): * Ignoring the response-body * Connection #0 to host (nil) left intact * Issue another request to this URL: 'https://dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com/ollama/docker/registry/v2/blobs/sha256/62/62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=66040c77ac1b787c3af820529859349a%2F20240918%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240918T093804Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=44fc0f5f281a376e1504c87d111f6bd977529345a72cb4292d70ec8215f99a3e' * Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost' * Uses proxy env variable https_proxy == 'http://company-proxy.com:8080' * Hostname company-proxy.com was found in DNS cache * Trying 163.116.128.80:8080... * Connected to (nil) (163.116.128.80) port 8080 (#1) * allocate connect buffer! * Establish HTTP proxy tunnel to dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com:443 > CONNECT dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com:443 HTTP/1.1 > Host: dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com:443 > User-Agent: curl/7.81.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection Established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com * start date: Aug 19 09:38:04 2024 GMT * expire date: Sep 18 09:38:04 2025 GMT * subjectAltName: host "dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com" matched cert's "dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com" * issuer: C=DE; ST=DE; L=X; O=COMPANY; OU=XXXXXXXxXXXXXXXXXXXXXXXXXXXXXXXX; CN=ca.XXX.XXX.goskope.com; emailAddress=certadmin@netskope.com * SSL certificate verify ok. * TLSv1.2 (OUT), TLS header, Supplemental data (23): > GET /ollama/docker/registry/v2/blobs/sha256/62/62fbfd9ed093d6e5ac83190c86eec5369317919f4b149598d2dbb38900e9faef/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=66040c77ac1b787c3af820529859349a%2F20240918%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240918T093804Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=44fc0f5f281a376e1504c87d111f6bd977529345a72cb4292d70ec8215f99a3e HTTP/1.1 > Host: dd20bb891979d25aebc8bec07b2b3bbc.r2.cloudflarestorage.com > User-Agent: curl/7.81.0 > Accept: */* > * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Supplemental data (23): * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Wed, 18 Sep 2024 09:38:05 GMT < Content-Type: application/octet-stream < Connection: keep-alive < Accept-Ranges: bytes < ETag: "b6a10447e4503d042d486fca41f65161" < Last-Modified: Sat, 17 Feb 2024 22:53:05 GMT < Server: cloudflare < CF-RAY: 8c505c6c4da0cb2f-DUS < Content-Length: 182 < * TLSv1.2 (IN), TLS header, Supplemental data (23): {{ if .System }}<|im_start|>system {{ .System }}<|im_end|> {{ end }}{{ if .Prompt }}<|im_start|>user {{ .Prompt }}<|im_end|> {{ end }}<|im_start|>assistant {{ .Response }}<|im_end|> * Connection #1 to host (nil) left intact ```

GiteaMirror commented

2026-04-12 15:08:29 -05:00

@KhazAkar commented on GitHub (Sep 18, 2024):

Its unclear what you mean by this. A proxy is not the same thing as a redirect. A request must pass through a forward proxy to reach the Internet. There's no redirect involved here. Something in the proxy is preventing more data from being transferred.

Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/llama3.1/manifests/8b": dial tcp 104.21.75.227:443: i/o timeout
If I do curl to this IP address pointed by ollama when it fails, with proxy enabled, this is what I get:

x@y:~$ curl -v -L 104.21.75.227:443
* Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost'
* Uses proxy env variable https_proxy == 'http://company-proxy.com:8080'
*   Trying 163.116.128.80:8080...
* Connected to (nil) (163.116.128.80) port 8080 (#0)
> GET http://104.21.75.227:443/ HTTP/1.1
> Host: 104.21.75.227:443
> User-Agent: curl/7.81.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 502 Bad Gateway
< Content-Length: 1219
< Connection: close
< 
<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Bad Gateway</title>
<style type="text/css">
body {
    font-family: Lato, Arial, sans-serif;
    margin: 0;
    padding: 0;
}
#notification {
    padding: 32px;
}
h1 {
    font-size: 20px;
    line-height: 24px;
    font-weight: normal;
    color: black;
    margin: 0 0 16px 0;
}
h2 {
    font-size: 14px;
    line-height: 20px;
    font-weight: normal;
    color: black;
    margin: 0 0 16px 0;
}
p {
    font-size: 12px;
    line-height: 16px;
    color: #646464;
    margin: 0 0 16px 0;
}
</style>
</head>

<body>
<div id="notification">
    <h1>HsFailure (error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure)</h1>

    <h2>The destination 104.21.75.227 is not reachable.<br />Contact your IT administrator with the following error:</h2>

    <p>mode='CLIENT', lname='gre-gateway-proxy', rip='104.21.75.227', rp='443', oip='', op='0', lip='163.116.173.54', lp='60994', sni='104.21.75.227', fd='33346', SSL handshake error '-1' sslerr='1' sslerrdesc='error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure' sslerrfunc='148' sslerrreason='1040'</p>
</div>
</body></html>
* Closing connection 0

If I try https://ip:

x@y:~$ curl -v -L https://104.21.75.227
* Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost'
* Uses proxy env variable https_proxy == 'http://company-proxy.com:8080'
*   Trying 163.116.128.80:8080...
* Connected to (nil) (163.116.128.80) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to 104.21.75.227:443
> CONNECT 104.21.75.227:443 HTTP/1.1
> Host: 104.21.75.227:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection Established
< 
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:0A000410:SSL routines::sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:0A000410:SSL routines::sslv3 alert handshake failure

@KhazAkar commented on GitHub (Sep 18, 2024): > Its unclear what you mean by this. A proxy is not the same thing as a redirect. A request must pass _through_ a forward proxy to reach the Internet. There's no redirect involved here. Something in the proxy is preventing more data from being transferred. `Error: pull model manifest: Get "https://registry.ollama.ai/v2/library/llama3.1/manifests/8b": dial tcp 104.21.75.227:443: i/o timeout` If I do curl to this IP address pointed by ollama when it fails, with proxy enabled, this is what I get: ``` x@y:~$ curl -v -L 104.21.75.227:443 * Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost' * Uses proxy env variable https_proxy == 'http://company-proxy.com:8080' * Trying 163.116.128.80:8080... * Connected to (nil) (163.116.128.80) port 8080 (#0) > GET http://104.21.75.227:443/ HTTP/1.1 > Host: 104.21.75.227:443 > User-Agent: curl/7.81.0 > Accept: */* > Proxy-Connection: Keep-Alive > * Mark bundle as not supporting multiuse < HTTP/1.1 502 Bad Gateway < Content-Length: 1219 < Connection: close < <!DOCTYPE html> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Bad Gateway</title> <style type="text/css"> body { font-family: Lato, Arial, sans-serif; margin: 0; padding: 0; } #notification { padding: 32px; } h1 { font-size: 20px; line-height: 24px; font-weight: normal; color: black; margin: 0 0 16px 0; } h2 { font-size: 14px; line-height: 20px; font-weight: normal; color: black; margin: 0 0 16px 0; } p { font-size: 12px; line-height: 16px; color: #646464; margin: 0 0 16px 0; } </style> </head> <body> <div id="notification"> <h1>HsFailure (error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure)</h1> <h2>The destination 104.21.75.227 is not reachable.<br />Contact your IT administrator with the following error:</h2> <p>mode='CLIENT', lname='gre-gateway-proxy', rip='104.21.75.227', rp='443', oip='', op='0', lip='163.116.173.54', lp='60994', sni='104.21.75.227', fd='33346', SSL handshake error '-1' sslerr='1' sslerrdesc='error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure' sslerrfunc='148' sslerrreason='1040'</p> </div> </body></html> * Closing connection 0 ``` If I try `https://ip`: ``` x@y:~$ curl -v -L https://104.21.75.227 * Uses proxy env variable no_proxy == 'company.com,old.company.com,login.cloud.company.com,other.company.com,another.company.io,localhost' * Uses proxy env variable https_proxy == 'http://company-proxy.com:8080' * Trying 163.116.128.80:8080... * Connected to (nil) (163.116.128.80) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to 104.21.75.227:443 > CONNECT 104.21.75.227:443 HTTP/1.1 > Host: 104.21.75.227:443 > User-Agent: curl/7.81.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection Established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.0 (IN), TLS header, Unknown (21): * TLSv1.3 (IN), TLS alert, handshake failure (552): * error:0A000410:SSL routines::sslv3 alert handshake failure * Closing connection 0 curl: (35) error:0A000410:SSL routines::sslv3 alert handshake failure ```

GiteaMirror commented

2026-04-12 15:08:30 -05:00

@rick-github commented on GitHub (Sep 18, 2024):

That's the problem, fetching the manifest with curl via proxy works, but apparently the same config doesn't work for your ollama server. Proxying works for others, and looking at the source code hasn't turned up a reason for why proxying in your particular config (company proxy using netskope) doesn't.

Trying just the IP address doesn't work because ollama.com is using a Cloudfare load balancer and it needs a Host header to determine what website to connect to.

As Michael pointed out the most likely cause of the initial post was mis-configuration. In your case this is likely the same, but so far we haven't been able to pinpoint what the actual misconfig is.

Based on your last post, your HTTPS_PROXY is un-encrypted, so it might be useful to see that portion of the handshake that's in cleartext.

sudo apt install tcpflow
sudo tcpflow -c -i any port 8080

Now in a new terminal,, run ollama pull llama3.1:latest and in the tcpflow terminal you should see ollama try to connect to the ollama website via the proxy on port 8080. I don't know if there will be anything useful there, but at this point we've exhausted the debugging possibilities without access to an environment the same as yours.

@rick-github commented on GitHub (Sep 18, 2024): That's the problem, fetching the manifest with curl via proxy works, but apparently the same config [doesn't work](https://github.com/ollama/ollama/issues/6679#issuecomment-2340325465) for your ollama server. Proxying works for others, and looking at the source code hasn't turned up a reason for why proxying in your particular config (company proxy using netskope) doesn't. Trying just the IP address doesn't work because ollama.com is using a Cloudfare load balancer and it needs a `Host` header to determine what website to connect to. As Michael pointed out the most likely cause of the initial post was mis-configuration. In your case this is likely the same, but so far we haven't been able to pinpoint what the actual misconfig is. Based on your last post, your HTTPS_PROXY is un-encrypted, so it might be useful to see that portion of the handshake that's in cleartext. ``` sudo apt install tcpflow sudo tcpflow -c -i any port 8080 ``` Now in a new terminal,, run `ollama pull llama3.1:latest` and in the `tcpflow` terminal you should see ollama try to connect to the ollama website via the proxy on port 8080. I don't know if there will be anything useful there, but at this point we've exhausted the debugging possibilities without access to an environment the same as yours.

GiteaMirror commented

2026-04-12 15:08:30 -05:00

@KhazAkar commented on GitHub (Sep 18, 2024):

You know what? I think I got this. Apparently I need to open web browser and click some stupid button in order to make it work with proxy, periodically. I've run tcpflow command and got output. Should I send it or what? :)

'you must log in to this network before you can access the internet'... yeah.

So it also acts as captive portal. Is there any way to accept it from CLI?

@KhazAkar commented on GitHub (Sep 18, 2024): You know what? I think I got this. Apparently I need to open web browser and click some stupid button in order to make it work with proxy, periodically. I've run tcpflow command and got output. Should I send it or what? :) 'you must log in to this network before you can access the internet'... yeah. So it also acts as captive portal. Is there any way to accept it from CLI?

GiteaMirror commented

2026-04-12 15:08:30 -05:00

@rick-github commented on GitHub (Sep 18, 2024):

Ah, that would explain it. AFAIK there's no way for a client like ollama to negotiate a captive portal, you probably need to talk to your IT folk about whitelisting or some other solution.

@rick-github commented on GitHub (Sep 18, 2024): Ah, that would explain it. AFAIK there's no way for a client like ollama to negotiate a captive portal, you probably need to talk to your IT folk about whitelisting or some other solution.

GiteaMirror commented

2026-04-12 15:08:31 -05:00

@KhazAkar commented on GitHub (Sep 18, 2024):

I know that ollama won't be able to do so, it's understandable :)
I've asked in internal communication if somebody have cURL way of negotiating captive portal :)
Thanks a lot! Signing out :)

@KhazAkar commented on GitHub (Sep 18, 2024): I know that ollama won't be able to do so, it's understandable :) I've asked in internal communication if somebody have cURL way of negotiating captive portal :) Thanks a lot! Signing out :)

GiteaMirror commented

2026-04-12 15:08:31 -05:00

@rick-github commented on GitHub (Sep 18, 2024):

If it's just a button press, you could write a simple script run out of crontab to just hit the button every 30 minutes with whatever arguments are required to grant access.

@rick-github commented on GitHub (Sep 18, 2024): If it's just a button press, you could write a simple script run out of crontab to just hit the button every 30 minutes with whatever arguments are required to grant access.

GiteaMirror commented

2026-04-12 15:08:31 -05:00

@KhazAkar commented on GitHub (Sep 18, 2024):

If it's just a button press, you could write a simple script run out of crontab to just hit the button every 30 minutes with whatever arguments are required to grant access.

Will try to write such script, now with ollama help :D
For now I just installed lynx browser, enter any url, accept cookie and works fine for now.

@KhazAkar commented on GitHub (Sep 18, 2024): > If it's just a button press, you could write a simple script run out of crontab to just hit the button every 30 minutes with whatever arguments are required to grant access. Will try to write such script, now with ollama help :D For now I just installed lynx browser, enter any url, accept cookie and works fine for now.

GiteaMirror commented

2026-04-12 15:08:32 -05:00

@mxyng commented on GitHub (Sep 18, 2024):

@KhazAkar it seems like your issue has been resolved. Since OP hasn't responded in some time, I'm going to close this issue.

@mxyng commented on GitHub (Sep 18, 2024): @KhazAkar it seems like your issue has been resolved. Since OP hasn't responded in some time, I'm going to close this issue.

GiteaMirror referenced this issue

2026-04-22 06:31:48 -05:00

[GH-ISSUE #4205] please support deepseek-ai/DeepSeek-V2-Chat #28378

GiteaMirror referenced this issue

2026-04-28 10:46:59 -05:00

[GH-ISSUE #4205] please support deepseek-ai/DeepSeek-V2-Chat #49130

GiteaMirror referenced this issue

2026-05-03 18:27:05 -05:00

[GH-ISSUE #4205] please support deepseek-ai/DeepSeek-V2-Chat #64656

GiteaMirror referenced this issue

2026-05-09 08:38:46 -05:00

[GH-ISSUE #4205] please support deepseek-ai/DeepSeek-V2-Chat #80299

Sign in to join this conversation.

Branches Tags

main

dhiltgen/llama-runner

parth-migrate-pi

codex/make-integration-hidden-and-lunchable

hoyyeva/migrate-pi

hoyyeva/opencode-thinking

hoyyeva/anthropic-local-image-path

parth-launch-codex-app

hoyyeva/anthropic-reference-images-path

parth-anthropic-reference-images-path

brucemacd/download-before-remove

hoyyeva/editor-config-repair

parth-mlx-decode-checkpoints

hoyyeva/qwen

parth/hide-claude-desktop-till-release

parth-add-claude-code-autoinstall

release_v0.22.0

pdevine/manifest-list

codex/fix-codex-model-metadata-warning

pdevine/addressable-manifest

brucemacd/launch-fetch-reccomended

jmorganca/llama-compat

launch-copilot-cli

release_v0.20.7

parth-auto-save-backup

parth-test

jmorganca/gemma4-audio-replacements

fix-manifest-digest-on-pull

hoyyeva/vscode-improve

brucemacd/install-server-wait

parth/update-claude-docs

brucemac/start-ap-install

pdevine/mlx-update

pdevine/qwen35_vision

drifkin/api-show-fallback

mintlify/image-generation-1773352582

hoyyeva/server-context-length-local-config

jmorganca/faster-reptition-penalties

jmorganca/convert-nemotron

parth-pi-thinking

pdevine/sampling-penalties

jmorganca/fix-create-quantization-memory

dongchen/resumable_transfer_fix

pdevine/sampling-cache-error

jessegross/mlx-usage

hoyyeva/openclaw-config

hoyyeva/app-html

pdevine/qwen3next

brucemacd/sign-sh-install

brucemacd/tui-update

brucemacd/usage-api

jmorganca/launch-empty

fix-app-dist-embed

mxyng/mlx-compile

mxyng/mlx-quant

mxyng/mlx-glm4.7

mxyng/mlx

brucemacd/simplify-model-picker

jmorganca/qwen3-concurrent

fix-glm-4.7-flash-mla-config

drifkin/qwen3-coder-opening-tag

brucemacd/usage-cli

fix-cuda12-fattn-shmem

ollama-imagegen-docs

parth/fix-multiline-inputs

brucemacd/config-docs

mxyng/model-files

mxyng/simple-execute

fix-imagegen-ollama-models

mxyng/async-upload

jmorganca/lazy-no-dtype-changes

imagegen-auto-detect-create

parth/decrease-concurrent-download-hf

fix-mlx-quantize-init

jmorganca/x-cleanup

usage

imagegen-readme

jmorganca/glm-image

mlx-gpu-cd

jmorganca/imagegen-modelfile

parth/agent-skills

parth/agent-allowlist

parth/signed-in-offline

parth/agents

parth/fix-context-chopping

improve-cloud-flow

parth/add-models-websearch

parth/prompt-renderer-mcp

jmorganca/native-settings

jmorganca/download-stream-hash

jmorganca/client2-rebased

brucemacd/oai-chat-req-multipart

jessegross/multi_chunk_reserve

grace/additional-omit-empty

grace/mistral-3-large

mxyng/tokenizer2

mxyng/tokenizer

jessegross/flash

hoyyeva/windows-nacked-app

mxyng/cleanup-attention

grace/deepseek-parser

hoyyeva/remember-unsent-prompt

parth/add-lfs-pointer-error-conversion

parth/olmo2-test2

hoyyeva/ollama-launchagent-plist

nicole/olmo-model

parth/olmo-test

mxyng/remove-embedded

parth/render-template

jmorganca/intellect-3

parth/remove-prealloc-linter

jmorganca/cmd-eval

nicole/nomic-embed-text-fix

mxyng/lint-2

hoyyeva/add-gemini-3-pro-preview

hoyyeva/load-model-list

mxyng/expand-path

mxyng/environ-2

hoyyeva/deeplink-json-encoding

parth/improve-tool-calling-tests

hoyyeva/conversation

hoyyeva/assistant-edit-response

hoyyeva/thinking

origin/brucemacd/invalid-char-i-err

parth/improve-tool-calling

jmorganca/required-omitempty

grace/qwen3-vl-tests

mxyng/iter-client

parth/docs-readme

nicole/embed-test

pdevine/integration-benchstat

parth/remove-generate-cmd

parth/add-toolcall-id

mxyng/server-tests

jmorganca/glm-4.6

jmorganca/gin-h-compat

drifkin/stable-tool-args

pdevine/qwen3-more-thinking

parth/add-websearch-client

nicole/websearch_local

jmorganca/qwen3-coder-updates

grace/deepseek-v3-migration-tests

mxyng/fix-create

jmorganca/cloud-errors

pdevine/parser-tidy

revert-12233-parth/simplify-entrypoints-runner

parth/enable-so-gpt-oss

brucemacd/qwen3vl

jmorganca/readme-simplify

parth/gpt-oss-structured-outputs

revert-12039-jmorganca/tools-braces

mxyng/embeddings

mxyng/gguf

mxyng/benchmark

mxyng/types-null

parth/move-parsing

mxyng/gemma2

jmorganca/docs

mxyng/16-bit

mxyng/create-stdin

pdevine/authorizedkeys

mxyng/quant

parth/opt-in-error-context-window

brucemacd/cache-models

brucemacd/runner-completion

jmorganca/llama-update-6

brucemacd/benchmark-list

brucemacd/partial-read-caps

parth/deepseek-r1-tools

mxyng/omit-array

parth/tool-prefix-temp

brucemacd/runner-test

jmorganca/qwen25vl

brucemacd/model-forward-test-ext

parth/python-function-parsing

jmorganca/cuda-compression-none

drifkin/num-parallel

drifkin/chat-truncation-fix

jmorganca/sync

parth/python-tools-calling

drifkin/array-head-count

brucemacd/create-no-loop

parth/server-enable-content-stream-with-tools

qwen25omni

mxyng/v3

brucemacd/ropeconfig

jmorganca/silence-tokenizer

parth/sample-so-test

parth/sampling-structured-outputs

brucemacd/doc-go-engine

parth/constrained-sampling-json

jmorganca/mistral-wip

brucemacd/mistral-small-convert

parth/sample-unmarshal-json-for-params

brucemacd/jomorganca/mistral

pdevine/bfloat16

jmorganca/mistral

brucemacd/mistral

pdevine/logging

parth/sample-correctness-fix

parth/sample-fix-sorting

jmorgan/sample-fix-sorting-extras

jmorganca/temp-0-images

brucemacd/parallel-embed-models

brucemacd/shim-grammar

jmorganca/fix-gguf-error

bmizerany/nameswork

jmorganca/faster-releases

bmizerany/validatenames

brucemacd/err-no-vocab

brucemacd/rope-config

brucemacd/err-hint

brucemacd/qwen2_5

brucemacd/logprobs

brucemacd/new_runner_graph_bench

progress-flicker

brucemacd/forward-test

brucemacd/go_qwen2

pdevine/gemma2

jmorganca/add-missing-symlink-eval

mxyng/next-debug

parth/set-context-size-openai

brucemacd/next-bpe-bench

brucemacd/next-bpe-test

brucemacd/new_runner_e2e

brucemacd/new_runner_qwen2

pdevine/convert-cohere2

brucemacd/convert-cli

parth/log-probs

mxyng/next-mlx

mxyng/cmd-history

parth/templating

parth/tokenize-detokenize

brucemacd/check-key-register

bmizerany/grammar

jmorganca/vendor-081b29bd

mxyng/func-checks

jmorganca/fix-null-format

parth/fix-default-to-warn-json

jmorganca/qwen2vl

jmorganca/no-concat

parth/cmd-cleanup-SO

brucemacd/check-key-register-structured-err

parth/openai-stream-usage

parth/fix-referencing-so

stream-tools-stop

jmorganca/degin-1

brucemacd/install-path-clean

brucemacd/push-name-validation

brucemacd/browser-key-register

jmorganca/openai-fix-first-message

jmorganca/fix-proxy

jessegross/sample

parth/disallow-streaming-tools

dhiltgen/remove_submodule

jmorganca/ga

jmorganca/mllama

pdevine/newlines

pdevine/geems-2b

jmorganca/llama-bump

mxyng/modelname-7

mxyng/gin-slog

mxyng/modelname-6

jyan/convert-prog

jyan/quant5

paligemma-support

pdevine/import-docs

jmorganca/openai-context

jyan/paligemma

jyan/p2

jyan/palitest

bmizerany/embedspeedup

jmorganca/llama-vit

brucemacd/allow-ollama

royh/ep-methods

royh/whisper

mxyng/api-models

mxyng/fix-memory

jyan/q4_4/8

jyan/ollama-v

royh/stream-tools

roy-embed-parallel

bmizerany/hrm

revert-5963-revert-5924-mxyng/llama3.1-rope

royh/embed-viz

jyan/local2

jyan/auth

jyan/local

jyan/parse-temp

jmorganca/template-mistral

jyan/reord-g

royh-openai-suffixdocs

royh-imgembed

royh-embed-parallel

jyan/quant4

royh-precision

jyan/progress

pdevine/fix-template

jyan/quant3

pdevine/ggla

mxyng/update-registry-domain

jmorganca/ggml-static

mxyng/create-context

jyan/v0.146

mxyng/layers-from-files

build_dist

bmizerany/noseek

royh-ls

royh-name

timeout

mxyng/server-timestamp

bmizerany/nosillyggufslurps

royh-params

jmorganca/llama-cpp-7c26775

royh-openai-delete

royh-show-rigid

jmorganca/enable-fa

jmorganca/no-error-template

jyan/format

royh-testdelete

bmizerany/fastverify

language_support

pdevine/ps-glitches

brucemacd/tokenize

bruce/iq-quants

bmizerany/filepathwithcoloninhost

mxyng/split-bin

bmizerany/client-registry

jmorganca/if-none-match

native

jmorganca/native

jmorganca/batch-embeddings

jmorganca/initcmake

jmorganca/mm

pdevine/showggmlinfo

modenameenforcealphanum

bmizerany/modenameenforcealphanum

jmorganca/done-reason

jmorganca/llama-cpp-8960fe8

ollama.com

bmizerany/filepathnobuild

bmizerany/types/model/defaultfix

rmdisplaylong

nogogen

bmizerany/x

modelfile-readme

bmizerany/replacecolon

jmorganca/limit

jmorganca/execstack

jmorganca/replace-assets

mxyng/tune-concurrency

jmorganca/testing

whitespace-detection

jmorganca/options

upgrade-all

scratch

cuda-search

mattw/airenamer

mattw/allmodelsonhuggingface

mattw/quantcontext

mattw/whatneedstorun

brucemacd/llama-mem-calc

mattw/faq-context

mattw/communitylinks

mattw/noprune

mattw/python-functioncalling

rename

mxyng/install

pulse

remove-first

editor

mattw/selfqueryingretrieval

cgo

mattw/howtoquant

api

matt/streamingapi

format-config

mxyng/extra-args

shell

update-nous-hermes

cp-model

upload-progress

fix-unknown-model

fix-model-names

delete-fix

insecure-registry

ls

deletemodels

progressbar

readme-updates

license-layers

skip-list

list-models

modelpath

matt/examplemodelfiles

distribution

go-opts

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/ollama#4205