À��À��À��À��@°¤Ã��@°¤Ã��-4522-96e3-6e54e4d3e8bc---
COMING SOON!
t intelligence](https://github.com/crowdsecurity/crowdsec).\nAdditionally, it's strongly recommended to enable HSTS possibly like `Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"` within your **HTTPS** configuration and a redirect of some kind to your **HTTPS URL** within your **HTTP** configuration. For free SSL certification, [Let's Encrypt](https://letsencrypt.org/) is a good option coupled with [Certbot](https://github.com/certbot/certbot) management.\n:::\n\nSometimes, its beneficial to host Ollama, separate from the UI, but retain the RAG and RBAC support features shared across users:\n\n## UI Configuration\n\nFor the UI configuration, you can set up the Apache VirtualHost as follows:\n\n```\n# Assuming you have a website hosting this UI at \"server.com\"\n\n ServerName server.com\n DocumentRoot /home/server/public_html\n\n ProxyPass / http://server.com:3000/ nocanon\n ProxyPassReverse / http://server.com:3000/\n\n RewriteEngine on\n RewriteCond %{HTTP:Upgrade} websocket [NC]\n RewriteCond %{HTTP:Connection} upgrade [NC]\n RewriteRule ^/?(.*) \"ws://server.com:3000/$1\" [P,L]\n\n```\n\nEnable the site first before you can request SSL:\n\n:::warning\nUse of the `nocanon` option may [affect the security of your backend](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass). It's recommended to enable this only if required by your configuration.\n_Normally, mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon keyword suppresses this and passes the URL path \"raw\" to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy._\n:::\n\n`a2ensite server.com.conf` # this will enable the site. a2ensite is short for \"Apache 2 Enable Site\"\n\n```\n# For SSL\n\n ServerName server.com\n DocumentRoot /home/server/public_html\n\n ProxyPass / http://server.com:3000/ nocanon\n ProxyPassReverse / http://server.com:3000/\n\n RewriteEngine on\n RewriteCond %{HTTP:Upgrade} websocket [NC]\n RewriteCond %{HTTP:Connection} upgrade [NC]\n RewriteRule ^/?(.*) \"ws://server.com:3000/$1\" [P,L]\n\n SSLEngine on\n SSLCertificateFile /etc/ssl/virtualmin/170514456861234/ssl.cert\n SSLCertificateKeyFile /etc/ssl/virtualmin/170514456861234/ssl.key\n SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n\n SSLProxyEngine on\n SSLCACertificateFile /etc/ssl/virtualmin/170514456865864/ssl.ca\n\n\n```\n\nI'm using virtualmin here for my SSL clusters, but you can also use certbot directly or your preferred SSL method. To use SSL:\n\n### Prerequisites\n\nRun the following commands:\n\n`snap install certbot --classic`\n`snap apt install python3-certbot-apache` (this will install the apache plugin).\n\nNavigate to the apache sites-available directory:\n\n`cd /etc/apache2/sites-available/`\n\nCreate server.com.conf if it is not yet already created, containing the above `` configuration (it should match your case. Modify as necessary). Use the one without the SSL:\n\nOnce it's created, run `certbot --apache -d server.com`, this will request and add/create an SSL keys for you as well as create the server.com.le-ssl.conf\n\n# Configuring Ollama Server\n\nOn your latest installation of Ollama, make sure that you have setup your api server from the official Ollama reference:\n\n[Ollama FAQ](https://github.com/jmorganca/ollama/blob/main/docs/faq.md)\n\n### TL;DR\n\nThe guide doesn't seem to match the current updated service file on linux. So, we will address it here:\n\nUnless when you're compiling Ollama from source, installing with the standard install `curl https://ollama