nginx-default.conf.template

server {
    listen 80;
    server_name localhost;

    location / {
        set $expected_token "Bearer ${OLLAMA_SECRET_API_KEY}";

        # Check if the Authorization header is present and matches the expected token
        if ($http_authorization != $expected_token) {
            return 401;
        }

        # Handle preflight OPTIONS requests
        if ($request_method = OPTIONS ) {
            # Add CORS headers for preflight request
            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
            add_header 'Access-Control-Max-Age' 1728000;
            return 204;
        }

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow_Credentials' 'true' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;

        # Proxy the request to the local service
        proxy_pass http://host.docker.internal:11434;
        proxy_set_header Host $host;

        proxy_connect_timeout       300;
        proxy_send_timeout          300;
        proxy_read_timeout          300;
        send_timeout                300;

        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
    }
}

# vim: set syntax=nginx ft=nginx