Skip to Content
GuidesTLS Setup

TLS Setup

Secure your node endpoint with HTTPS. TLS is required for all production nodes on the INFER network.

Why TLS?

  • All inference requests contain potentially sensitive data
  • INFER routes traffic over HTTPS to protect data in transit
  • Nodes without TLS cannot receive traffic from the network

The easiest way to expose your local LLM runtime to the internet with automatic HTTPS.

Setup

  1. Install cloudflared:
# macOS
brew install cloudflared
 
# Linux
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared
chmod +x cloudflared
  1. Authenticate with Cloudflare:
cloudflared tunnel login
  1. Create a tunnel:
cloudflared tunnel create infer-node
  1. Configure the tunnel to point to your LLM runtime:
# ~/.cloudflared/config.yml
tunnel: YOUR_TUNNEL_ID
credentials-file: /path/to/credentials.json
 
ingress:
  - hostname: node.yourdomain.com
    service: http://localhost:11434  # Ollama
  - service: http_status:404
  1. Route DNS:
cloudflared tunnel route dns YOUR_TUNNEL_ID node.yourdomain.com
  1. Start the tunnel:
cloudflared tunnel run infer-node

Your node is now accessible at https://node.yourdomain.com with automatic TLS.

Option 2: Let’s Encrypt with Caddy

For servers with a public IP address:

# Install Caddy
sudo apt install -y caddy
 
# Configure reverse proxy
echo 'node.yourdomain.com {
  reverse_proxy localhost:11434
}' | sudo tee /etc/caddy/Caddyfile
 
# Restart Caddy (auto-obtains TLS cert)
sudo systemctl restart caddy

Option 3: Nginx with Certbot

sudo apt install -y nginx certbot python3-certbot-nginx
 
# Configure Nginx
sudo tee /etc/nginx/sites-available/infer-node << 'EOF'
server {
    server_name node.yourdomain.com;
    location / {
        proxy_pass http://localhost:11434;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
}
EOF
 
sudo ln -s /etc/nginx/sites-available/infer-node /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
 
# Obtain TLS certificate
sudo certbot --nginx -d node.yourdomain.com

Registering Your Secure Endpoint

Once TLS is configured, register your node in the INFER dashboard with your HTTPS endpoint:

https://node.yourdomain.com

The INFER network will verify the TLS certificate before routing traffic to your node.

Troubleshooting

  • Certificate errors: Ensure your domain’s DNS records point to your server
  • Connection refused: Check that your LLM runtime is listening on the configured port
  • Timeouts: Verify firewall rules allow inbound HTTPS (port 443)
OverviewNode Registration