HN Showcase
Back to browse
GitHub Repository

Docker image to run an Ollama local LLM server. Secure by default, all API requests require a Bearer token (auto-generated on first start). OpenAI-compatible API. Supports first-start model pre-pull, NVIDIA GPU (CUDA) acceleration, and persistent model storage. Multi-arch: amd64, arm64.

7 starsShell

Secure-by-default Ollama Docker image with built-in auth, only ~70MB

by hwdsl2·Apr 30, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemCozy

Auto-generates API keys to block the 175k exposed Ollama instances.

Strengths
  • Caddy reverse proxy enforces auth before requests ever hit Ollama.
  • Tiny 70MB image size with multi-arch support for ARM and AMD.
  • Helper script simplifies model management and first-start pre-pulling.
Weaknesses
  • No built-in HTTPS termination; requires external reverse proxy for SSL.
  • Limited to single-node deployment; no clustering or load balancing.
Target Audience

DevOps engineers and self-hosted AI enthusiasts

Similar To

Zolotix/docker-ollama · Ollama official Docker images

Similar Projects

Infrastructure●●Solid

Secure-by-default Ollama Docker image with built-in auth, only 70MB

Auto-generated tokens block the 175k exposed Ollama servers found online.

Solve My ProblemShip It
hwdsl2
101mo ago
Developer Tools●●Solid

Nuvix – An Open Source Back End Where Every Table Is Secure by Default

Auto-generated Row-Level Security plus a three-schema model (document / managed / unmanaged) is the concrete feature that makes this more than yet another BaaS rewrite — you can prototype like NoSQL then flip to managed tables with permission tables and RLS without hand-writing policies. It bundles auth, permission-aware file storage, messaging and embeddings storage which is useful for ML workflows, but it's entering a crowded field (Supabase/Hasura/Appwrite) and would benefit from clearer migration stories, performance numbers, and a hosted roadmap.

Ship ItNiche Gem
ravikantsaini
104mo ago
Security●●Solid

NixOS flake for hardened OpenClaw deployment

Two lines in your flake flip OpenClaw from alarmingly exposed to locked-down: gateway auth, localhost binding, Caddy auto-TLS, strict systemd directives, tool allowlists, and fail2ban are all wired in. It's a pragmatic, opinionated safety wrapper that saves you from the default footguns — just expect it to be useful only if you already live in the NixOS/OpenClaw world.

Niche GemSolve My Problem
scout_agent
104mo ago