4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/docs/features/ia-enso-nginx-proxy-ollama-anythingllm.md
Nicolas Cantu c4215044f0 Re-enable nginx Bearer auth on ia.enso /ollama 
**Motivations:**
- Restore gate on /ollama/; document Cursor streamFromAgentBackend note.

**Root causes:**
- N/A.

**Correctifs:**
- location /ollama/ if map + clear Authorization upstream; deploy script emits Bearer + websocket maps with retry bearer_only.

**Evolutions:**
- README Cursor subsection on streamFromAgentBackend (observed behavior); feature/services/infrastructure aligned.

**Pages affectées:**
- deploy/nginx/sites/ia.enso.4nkweb.com.conf
- deploy/nginx/deploy-ia-enso-to-proxy.sh
- deploy/nginx/README-ia-enso.md
- deploy/nginx/http-maps/ia-enso-ollama-bearer.map.conf.example
- docs/features/ia-enso-nginx-proxy-ollama-anythingllm.md
- docs/services.md
- docs/infrastructure.md
2026-03-23 07:49:06 +01:00

2.2 KiB
Raw Blame History

Feature: Reverse proxy ia.enso.4nkweb.com for Ollama and AnythingLLM

Author: 4NK team

Objective

Expose Ollama and AnythingLLM on the public proxy hostname with HTTPS, path prefixes /ollama and /anythingllm, and gate /ollama/ with a Bearer token at nginx (compatible with OpenAI clients that send Authorization: Bearer <key>). The secret is not forwarded to Ollama.

Public URLs (HTTPS)

  • AnythingLLM UI: https://ia.enso.4nkweb.com/anythingllm/
  • Ollama native API (example): https://ia.enso.4nkweb.com/ollama/api/tags — Bearer required at nginx
  • OpenAI-compatible base (Cursor): https://ia.enso.4nkweb.com/ollama/v1

Impacts

  • Proxy (nginx): server_name, TLS, locations; conf.d/ia-enso-http-maps.conf with map_hash_bucket_size, Bearer map, and WebSocket map (or Bearer-only if WebSocket map exists elsewhere).
  • Backend (192.168.1.164): must accept connections from the proxy on 11434 and 3001.
  • Clients: send Authorization: Bearer <secret> for /ollama/*; Cursor API key field = same secret as in the nginx map.

Repository layout

Path Purpose
deploy/nginx/sites/ia.enso.4nkweb.com.conf server blocks ; upstreams use __IA_ENSO_BACKEND_IP__
deploy/nginx/http-maps/ia-enso-ollama-bearer.map.conf.example Bearer map reference for manual installs
deploy/nginx/http-maps/websocket-connection.map.conf.example WebSocket map reference
deploy/nginx/deploy-ia-enso-to-proxy.sh SSH deploy; retry Bearer-only if duplicate WebSocket map
deploy/nginx/sites/ia.enso.4nkweb.com.http-only.conf TLS bootstrap HTTP-only vhost
deploy/nginx/README-ia-enso.md Operator reference (includes note on Cursor streamFromAgentBackend)

Deployment modalities

Run ./deploy/nginx/deploy-ia-enso-to-proxy.sh with optional IA_ENSO_OLLAMA_BEARER_TOKEN. See README-ia-enso.md.

Analysis modalities

  • curl to /ollama/v1/models with and without Bearer (200 / 401).
  • Browser: /anythingllm/.

Security notes

  • Bearer secret is equivalent to an API key; rotate in ia-enso-http-maps.conf and client configs together.
  • AnythingLLM uses its own application login on /anythingllm/.