Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Yes.
Yes. I'd like to confirm that that is not happening, in fact.
Hmm. Okay, thanks for mentioning the IPv6 thing. It is possible to have ollama reachable from the Internet via IPv6, if it's forwarded. I should have thought of that too and mentioned that. Shouldn't need to open an IPv6 hole in the Windows Firewall, but would rather not rely on the Windows Firewall at all.
It shouldn't be an issue if ollama is only listening on an IPv4 address. You only see the "0.0.0.0:11434" line, right? No other lines, probably with brackets in the address, that have a ":11434", right? That could be an IPv6 address.
goes to look for an example of Windows netstat output showing a listening IPv6 socket
Here:
https://www.configserverfirewall.com/windows-10/netstat-command-to-check-open-ports-in-windows/
Can you just make sure that there's nothing like
0:[::]:11434in there? That'd be what you'd see if it were listening for IPv6 connections.Sorry, just don't know oollama's behavior off the top of my head and want to be sure on this before moving ahead, don't want to create any security issues.
Yeah, that's expected and good. The one from the website is your public IP address, anf the one from ipconfig your private one, that you'll use to talk to the machine wirh your phone.
Great, yeah, that was the right move.
Okay, then just want to sanity check that your iOS device is in the same address range on your WiFi network, that the 10.x.x.x address on your LLM PC isn't from a VPN or something (since it's a little unusual to use a 10.x.x.x address on a home broadband router, and I want to make sure that that's where the address is from). Go ahead and put the iOS device on your WiFi network if you have not already.
This describes how to check the IP address on an iOS device.
https://servicehub.ucdavis.edu/servicehub?id=ucd_kb_article&sys_id=063498196f082100bc4f8a20af3ee45d&spa=1
You should also be seeing a 10.x.x.x address there. If you don't, then let's stop and sort that out.
If that's a 10.x.x.x address as well, then should be good to go.
Oh, one last thing. In the ipconfig output, can you make sure that the "Subnet Mask" reads "255.0.0.0"? If it's something different, can you provide that? It'll affect the "/8" thst I'm listing below.
Okay, if you've got that set up and there are no other ":11434" lines and the Subnet Mask is "255.0.0.0", the next is to poke a hole in Windows Firewall on IPv4 TCP port 11434.
kagis for screenshots of someone doing this on Windows 11
https://windowsreport.com/windows-firewall-allow-ip-range/
I'm assuming that this is Windows 11 on your PC, should have asked.
You're going to want a new inbound rule, Protocol TCP, Port 11434.
For "local IP addresses", you want "These IP Addresses", and enter
10.0.0.0/8. That'll be every IPv4 address on your Windows LLM that has "10" as its first numberyou said that you had a "10." from ipconfig.
For "remote IP addresses", you want "These IP Addresses", and enter
10.0.0.0/8. Same thing all addresses that start with a "10.", which should include your iOS device.And you want to select "Allow this connection".
Okay. Now you should have a hole in Windows Firewall. Just to confirm that port 11434 isn't reachable from the Internet, I'm gonna use one of the port-open-testing services online. My first hit is for one that only does IPv4 and another that only does IPv6, but I guess doing two sites is okay. Can you go to this site (or another, if you know of a site that does port testing that you prefer)
https://www.yougetsignal.com/tools/open-ports/
Plug in your public IPv4 address there (not the private one from ipconfig, the one from that website thst I listed earlier) and port 11434. It should say "closed" or "blocked" or something that isn't "open". If it's "open", go back and pull that firewall rule out, because your router is forwarding incoming IPv4 connections to your LLM PC in some way that's getting to ollama, and we gotta work out how to stop that.
https://port.tools/port-checker-ipv6/
Here's an IPv6 port tester. Plug in your IPv6 address there (which you said was the same from both the website and ipconfig) and port 11434. It should also say "closed" or "blocked" or similar. If it says "open"
I very much doubt this
then go back and pull out the firewall rule.
If both say "closed", then go ahead and install Reins.
Based on this:
https://www.reddit.com/r/ollama/comments/1ijdp1e/reins/
It'll let you input an "endpoint".
Plug in the private IPv4 address from your LLM PC, what was in ipconfig, in the form of an http URL on the ollama port, like "http://10.something.something.something:11434/" and you should, hopefully, be able to chat.
If all this is working and you've given your Windows PC a name, you might want to go back to that endpoint setting and replace the IP address there with the name of your LLM PC. I don't know for sure what the mDNS situation is on iOS or Windows, but if that works, that way, if your Windows PC loses its DCHP lease and gets a new IP address at some point from your broadband router, it won't break connectivity for Reins as Reins tries to use the old IP address.
There are 3 lines with the :11434 in them. No brackets or anything like that. -1 has 0.0.0.0 in front -2 has 10.#.#.# in front and has a foreign address that is something other than 0.0.0 -3 is like the 2nd but a slightly different foreign address
The iPhone does have a 10.#.#.# ip number that is slightly different than the PCs.
The subnet mask is 255.255.255.0
Oh yes. I’m on windows 10 as well.
I have taken a pause here while we trouble shoot the subnet mask. We’re getting close!!
Okay, that....should be okay. As long as all of the addresses that it's listening on are IPv4
of the format "x.x.x.x". No colons in them (other than the colon preceeding "11434"). Not IPv6.
Okay, gotcha. In that case, go ahead with the instructions above, just instead of "/8", do "/24". So:
Okay. I think that the interface to add the firewall rule there looks the same as the one I Iinked to above. I went searching for screenshots of adding a hole for a port on Windows 10, and the control panel looks identical to me.
So, yeah, should be good to go ahead with the above instructions, just using "/24" instead of "/8" in the two places where I mention "/8". Hopefully after that it'll be working; if not, then we'll need to troubleshoot.
Hate to say it but it didn’t work. I listed below the things I double checked. I really appreciate you helping me troubleshoot this, but it seems like I may have bitten off more than I can chew. I choose Ollama because it was supposed to be one of the easier loca AIs to set up. Do you have any recommendations for alternatives? Or do you think I should incorporate a docker or open web ui as some others have said ?
-when I went to the ollama app and entered the http://10.#.#.#:11434 , it didn’t work. Also tried the enchanted app and that didn’t work as well.
-I double checked the rule I made to make sure that was inputted properly. The 10.0.0.0/24 for the local and remote ip addresses.
-the sanity check went well. The ipv4 said closed. The ipv6 said failed.
-I checked the netstat -abn thing and 0.0.0.0:11434 is still listening.
Well, the ollama bit is up, which is why you can use it on the PC. The problem is network connectivity between the Windows PC and the phone.
Opening a port between two things on the local network is going to be pretty much the same for anything. Some software packages
I dunno about LLM chat stuff
make use of a third, outside system as a point to coordinate, so that software only has to open outbound TCP connections to the Internet. But for local communication, it's gonna look pretty similar. If you put koboldcpp or llama.cpp or whatever on your machine, you need the same connectivity, though it might default to using a different port number.
I'm happy to keep banging away if you're also willing, though. I mean, this does kinda narrow it down. If you don't want to do so though, remove that firewall rule that we added earlier from the Windows PC. If you do:
considers
The next step is seeing where the break in connectivity is.
I'm not familiar with iOS, but let me see if there's a software package for it that will let it open a TCP connection and preferably ping (and ideally show the ARP cache to see whether Ethernet packets are getting from the phone to the Windows machine at all, though that may not be viable).
Basically, would be nice to see whether packets can currently get from the phone to the PC and back.
kagis
Looks like Windows Firewall blocks ICMP by default, which is traditionally used by ping, the simple protocol to see if one host can reach another on the network. Mmmmf.
And it sounds like ARP isn't available on a non-jailbroken iPhone, which would be the simplest way to see whether a packet is making it from the iPhone to the PC. I was worried would be the case.
Hmm. This is a little less convenient in that I don't have tools that I normally would when trying to troubleshoot network problems on a Linux system.
thinks
I guess the simplest thing available, cuts things down as far as possible in terms of connectivity between the two that should be able to reach from the iPhone to the PC should be a TCP connection.
I don't know the iOS software library well, but lemme search for a telnet client. I'm sure that it'll have one; every platform does.
searches
Oh, this is even better. It looks like there's some iOS app, "iSH", with a tiny Alpine Linux environment for iOS, kinda like Termux on Android. That'll have telnet and probably other network diagnostic tools, and those I am familiar with, so I don't have to guess from screenshots how things work. You should be able to try to open a TCP connection from the phone to the PC with the Linux telnet client in that.
goes looking around
Okay. If you're willing to give this a shot, it sounds like the way this works is:
https://apps.apple.com/us/app/ish-shell/id1436902243
Install that from the iOS store.
When opened, it should show a Linux terminal. If it works like Termux, it'll have basically nothing from Alpine Linux installed, no telnet client, just a few simple commands. You'll be looking at a prompt that probably looks something like
iPhone:~#.Then if you run (don't type the pound sign
it's just a convention to include it, to show that it's something to type at a prompt):
That should install the Linux telnet client inside the iSH app using the Alpine Linux package manager.
Then to try to open a TCP connection from the phone to the Windows PC, you want the private IP of the Windows PC, the thing you see in ipconfig (which I'll type as 10.1.1.2 here, but replace with yours):
That'll try to open a TCP connection from the phone to port 11434 on the PC.
Now, what would happen if everything were working correctly, is that the phone would send an ARP request saying "what is the MAC address
the Ethernet address
of the machine with IP address 10.1.1.2 on the local network?" The wireless access point would hand this to the PC. The PC would respond. The phone would then send a series of packets to that IP address to open a TCP connection on port 11434.
My guess is that you'll see one of several things at this point.
First, it might be that the wireless access point is refusing to let packets from the phone reach the PC at all
they only let the phone talk to the Internet, not to the PC. Some wireless access points can be configured to do this or have a "guest" wireless network that impose this constraint. Then the phone won't get an ARP response, since the PC will never see the ARP query. That'll look like this (using a network I'm on at the moment to demonstrate):
Second, it might fail because I dicked up in some way and Windows Firewall is still blocking the phone from connecting to the PC. The ARP request is going out, the response comes back from the PC, the phone tries to open a TCP connection to the IP address on the host with the specified MAC address, and never gets a response. If that's the case, it'll probably look like this:
If that's what you get, the problem is likely the Windows Firewall configuration (well or theoretically the wireless access point could be configured to do that, but I doubt it).
Third, it might succeed. That'll look like this:
If you see that, you can open a TCP connection from the phone to the PC, and whatever issue you're hitting with Reins isn't a network problem. Maybe I gave the endpoint syntax wrong, for example. But the issue will be at the application level, not the network level.