-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for SSL client certificate #136
Comments
@bhenriq I have an issue with iPhone app not connecting to my reverse proxy (Safari can connect just fine). Is your setup with iOS or Mac Enchanted app? If it's iOS do you mind sharing your reverse proxy setup (censored as needed of course)? |
My setup is the following:
Tested already:
My assumption is that the Enchanted app is not able to leverage the SSL client certificate that is installed on the iPhone. Hoping this helps. |
@bhenriq Thanks for the clarification. What you are proposing (client cert) is not a bad idea, but I am wondering whether (when you apparently know your way around routers) you could perhaps setup a VPN and then you wouldn't need client certificate since Ollama wouldn't be forwarded ouside of your LAN? Wireguard VPN works pretty well and it's not hard to setup on iOS if your router supports it. |
The approach that you are suggesting is indeed what I used to do (Wireguard). For instance, if I want to stream a movie and bypass geofencing, I use NordVPN. If I want to connect to ollama, I would have to use Wireguard. If I need to conduct business, I use yet another VPN etc. I found that having ollama directly available on the web, but protected by a reverse proxy, is both secure enough for my use case and more convenient accessible. Hoping this makes sense. |
@bhenriq I see, good luck with the feature request then. In the meantime, you can consider not using the app and instead using a browser (which as you say supports client certificate properly) together with say open-webui. I know it's not the same, but it's pretty decent and not too difficult to setup even manually. Don't get me wrong, I am not trying to dissuade you from pursuing the feature request, just offering a workaround until the dev(s) get around to considering and implementing it. |
Hi there,
I have an ollama server running behind an HTTP reverse proxy.
This reverse proxy is configured to request a SSL client certificate.
As a result, any incoming HTTPs request that does not have this client certificate is rejected.
I do this out of security concerns, because I consider it to be a lot more safe than just exposing directly ollama to the web.
I have also installed the SSL client certificate on my iPhone.
If I try to access the URL with Safari, it automatically detects that the server is requesting a client certificate and uses the one that is configured at the OS level.
But it seems that the Enchanted app is not able to do the same. Is there any plan to support SSL client certificate with Enchanted?
The text was updated successfully, but these errors were encountered: