← All Guides
🤖
How to Secure Exposed Ollama
Secure your exposed Ollama LLM server
Port 11434 · AI/LLM
Step 1.Bind to localhost
By default Ollama listens on 0.0.0.0. Change it to only accept local connections.
OLLAMA_HOST=127.0.0.1:11434 ollama serve
Step 2.Use a reverse proxy with auth
Put Nginx in front with basic auth or OAuth2 proxy for remote access.
sudo apt install nginx apache2-utils htpasswd -c /etc/nginx/.htpasswd admin
Step 3.Firewall the port
Block port 11434 from the internet, allow only from your private network.
sudo ufw deny 11434 sudo ufw allow from 10.0.0.0/8 to any port 11434
Step 4.Use WireGuard for remote access
Set up a WireGuard VPN tunnel instead of exposing the port publicly.
sudo apt install wireguard
After fixing:Use our Self-Check Tool to verify the port is no longer exposed.