[GH-ISSUE #9114] APIkey #5931

Open
opened 2026-04-12 17:16:13 -05:00 by GiteaMirror · 7 comments
Owner

Originally created by @gsm1258 on GitHub (Feb 14, 2025).
Original GitHub issue: https://github.com/ollama/ollama/issues/9114

Currently, there are many scanning tools on the internet that perform port scans. For security reasons, please add an API key setting.

Originally created by @gsm1258 on GitHub (Feb 14, 2025). Original GitHub issue: https://github.com/ollama/ollama/issues/9114 Currently, there are many scanning tools on the internet that perform port scans. For security reasons, please add an API key setting.
GiteaMirror added the feature request label 2026-04-12 17:16:13 -05:00
Author
Owner

@FelisDwan commented on GitHub (Feb 15, 2025):

I also require this feature. My ollama api has been discovered and used (even I've changed ollama port), so I can only turn off ollama temporarily and turn it on when I need to use it.

<!-- gh-comment-id:2660760352 --> @FelisDwan commented on GitHub (Feb 15, 2025): I also require this feature. My ollama api has been discovered and used (even I've changed ollama port), so I can only turn off ollama temporarily and turn it on when I need to use it.
Author
Owner

@Hashem-Qaryouti commented on GitHub (Feb 15, 2025):

Hello, I would like to work on adding this feature, could you assign me?

<!-- gh-comment-id:2660826697 --> @Hashem-Qaryouti commented on GitHub (Feb 15, 2025): Hello, I would like to work on adding this feature, could you assign me?
Author
Owner

@gsm1258 commented on GitHub (Feb 15, 2025):

Hello, I would like to work on adding this feature, could you assign me?

If the next version of Ollama updates to include an API key feature, please ensure that Open-WebUI also adds a corresponding setting option to input the Ollama API key.

<!-- gh-comment-id:2660837070 --> @gsm1258 commented on GitHub (Feb 15, 2025): > Hello, I would like to work on adding this feature, could you assign me? If the next version of Ollama updates to include an API key feature, please ensure that Open-WebUI also adds a corresponding setting option to input the Ollama API key.
Author
Owner

@Hashem-Qaryouti commented on GitHub (Feb 16, 2025):

Hey, is this feature something the maintainers would like to add? I’d be happy to work on it if approved.

<!-- gh-comment-id:2661305749 --> @Hashem-Qaryouti commented on GitHub (Feb 16, 2025): Hey, is this feature something the maintainers would like to add? I’d be happy to work on it if approved.
Author
Owner

@rick-github commented on GitHub (Feb 16, 2025):

https://github.com/ollama/ollama/issues/1053#issuecomment-2558705136

<!-- gh-comment-id:2661513213 --> @rick-github commented on GitHub (Feb 16, 2025): https://github.com/ollama/ollama/issues/1053#issuecomment-2558705136
Author
Owner

@lemassykoi commented on GitHub (Mar 4, 2025):

don't expose your instances to WAN, use a VPN, and if you can't, restrict the source IP

PiVPN can help you

<!-- gh-comment-id:2697315560 --> @lemassykoi commented on GitHub (Mar 4, 2025): don't expose your instances to WAN, use a VPN, and if you can't, restrict the source IP PiVPN can help you
Author
Owner

@jejbq commented on GitHub (Feb 25, 2026):

It's sad that OLLAMA_API_KEY is only implemented for Ollama public service (misleading if you ask any AI if you can create an API_KEY for Ollama) and not ollama serve; Ollama on-premises deserve better protection for Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning.

My workaround in Docker Stack (RFC) allow /v1 only when authenticated (/api is too dangerous and maybe need another privileged key OLLAMA_ADMIN_API_KEY):

# ENV:
# OLLAMA_SERVER_NAME=ollama.company
# OLLAMA_API_KEY=b33fb33f-b33f-b33f-b33f-b33fb33fb33f
# OLLAMA_ACL=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

  # curl -sL -w "\nHTTP Code: %{http_code}\n" https://ollama.company/api/tags # 451
  # curl -sL -w "\nHTTP Code: %{http_code}\n" -H "Authorization: Bearer bad-key" https://ollama.company/v1/models # 401
  # curl -sL -w "\nHTTP Code: %{http_code}\n" -H "Authorization: Bearer ${OLLAMA_API_KEY}" https://ollama.company/v2/models # 451
  # curl -sL -H "Authorization: Bearer ${OLLAMA_API_KEY}" https://ollama.company/v1/models | jq -r '.data[].id' # 200
  caddy:
    image: caddy:2.11
    hostname: caddy
    environment:
      OLLAMA_API_KEY: '${OLLAMA_API_KEY}'
    entrypoint: ["/bin/sh", "-xc"]
    command:
      - |
        printf '%s\n' \
          ':80 {' \
          '  @not_v1 not path /v1/*' \
          '  respond @not_v1 "Unavailable For Legal Reasons" 451' \
          '' \
          '  @unauth not header Authorization "Bearer {env.OLLAMA_API_KEY}"' \
          '  respond @unauth "Unauthorized" 401' \
          '' \
          '  reverse_proxy http://ollama:11434 {' \
          '    header_up -Authorization' \
          '    flush_interval -1' \
          '  }' \
          '}' \
          > /tmp/Caddyfile
        caddy run --config /tmp/Caddyfile --adapter caddyfile
    depends_on:
      - ollama
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      labels:
        traefik.enable: 'true'
        traefik.http.routers.caddy.rule: 'Host(`${OLLAMA_SERVER_NAME}`)'
        traefik.http.routers.caddy.entrypoints: 'websecure'
        traefik.http.routers.caddy.tls: 'true'
        traefik.http.routers.caddy.tls.certresolver: 'letsencrypt'
        traefik.http.middlewares.caddy-acl.ipallowlist.sourceRange: '${OLLAMA_ACL}'
        traefik.http.routers.caddy.middlewares: 'caddy-acl, default-https@file'
        traefik.http.services.caddy.loadbalancer.server.port: '80'
<!-- gh-comment-id:3960228228 --> @jejbq commented on GitHub (Feb 25, 2026): It's sad that `OLLAMA_API_KEY` is only implemented for [Ollama public service](https://docs.ollama.com/api/authentication) (misleading if you ask any AI if you can create an API_KEY for Ollama) and not `ollama serve`; Ollama on-premises deserve better protection for [Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning](https://thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html). My workaround in Docker Stack (RFC) allow /v1 only when authenticated (/api is too dangerous and maybe need another privileged key `OLLAMA_ADMIN_API_KEY`): ``` yaml # ENV: # OLLAMA_SERVER_NAME=ollama.company # OLLAMA_API_KEY=b33fb33f-b33f-b33f-b33f-b33fb33fb33f # OLLAMA_ACL=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 # curl -sL -w "\nHTTP Code: %{http_code}\n" https://ollama.company/api/tags # 451 # curl -sL -w "\nHTTP Code: %{http_code}\n" -H "Authorization: Bearer bad-key" https://ollama.company/v1/models # 401 # curl -sL -w "\nHTTP Code: %{http_code}\n" -H "Authorization: Bearer ${OLLAMA_API_KEY}" https://ollama.company/v2/models # 451 # curl -sL -H "Authorization: Bearer ${OLLAMA_API_KEY}" https://ollama.company/v1/models | jq -r '.data[].id' # 200 caddy: image: caddy:2.11 hostname: caddy environment: OLLAMA_API_KEY: '${OLLAMA_API_KEY}' entrypoint: ["/bin/sh", "-xc"] command: - | printf '%s\n' \ ':80 {' \ ' @not_v1 not path /v1/*' \ ' respond @not_v1 "Unavailable For Legal Reasons" 451' \ '' \ ' @unauth not header Authorization "Bearer {env.OLLAMA_API_KEY}"' \ ' respond @unauth "Unauthorized" 401' \ '' \ ' reverse_proxy http://ollama:11434 {' \ ' header_up -Authorization' \ ' flush_interval -1' \ ' }' \ '}' \ > /tmp/Caddyfile caddy run --config /tmp/Caddyfile --adapter caddyfile depends_on: - ollama deploy: replicas: 1 restart_policy: condition: on-failure labels: traefik.enable: 'true' traefik.http.routers.caddy.rule: 'Host(`${OLLAMA_SERVER_NAME}`)' traefik.http.routers.caddy.entrypoints: 'websecure' traefik.http.routers.caddy.tls: 'true' traefik.http.routers.caddy.tls.certresolver: 'letsencrypt' traefik.http.middlewares.caddy-acl.ipallowlist.sourceRange: '${OLLAMA_ACL}' traefik.http.routers.caddy.middlewares: 'caddy-acl, default-https@file' traefik.http.services.caddy.loadbalancer.server.port: '80' ```
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/ollama#5931