EHER/slm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Local infrastructure for exploring and consuming open language models in an ethical and sustainable way. https://slm.eher.com.br
31 commits 1 branch 0 tags 127 KiB
Find a file
Exact
💻 Eher bbb40bc3c4
 refactor: simplify stack and enforce proxy egress 
Remove legacy OpenClaw, firewall, and IRC artifacts, rename terminal service, and streamline docs/config around OpenWebUI + Ollama + Tinyproxy. Keep app traffic on an internal LAN and route outbound internet through Tinyproxy with a dedicated WAN network.
2026-03-18 23:42:56 +01:00
open-terminal refactor: simplify stack and enforce proxy egress 2026-03-18 23:42:56 +01:00
tinyproxy refactor: simplify stack and enforce proxy egress 2026-03-18 23:42:56 +01:00
.env.dist refactor: simplify stack and enforce proxy egress 2026-03-18 23:42:56 +01:00
.gitignore feat: fully offline AI assistant stack with OpenClaw, Ollama ROCm, and intranet proxy 2026-03-04 02:31:43 +01:00
docker-compose.yml refactor: simplify stack and enforce proxy egress 2026-03-18 23:42:56 +01:00
README.md refactor: simplify stack and enforce proxy egress 2026-03-18 23:42:56 +01:00

README.md

slm

Small Language Models local stack with Open WebUI, Ollama, Open Terminal, and a constrained outbound proxy.

Services

Service Image / Build Function
ollama ollama/ollama:rocm Local LLM backend (AMD/ROCm).
openwebui ghcr.io/open-webui/open-webui:main Web chat UI connected to ollama.
terminal Local build (open-terminal/Dockerfile) Development terminal for Open WebUI workflows.
tinyproxy Local build (tinyproxy/Dockerfile) HTTP/HTTPS proxy with domain allowlist in tinyproxy/filter.

Network

  • lan: internal-only bridge for app-to-app traffic
  • wan: egress bridge used only by tinyproxy for outbound internet access
  • OpenWebUI exposed on host port ${OPENWEBUI_PORT} (default 8080)

Outbound policy

  • Services use HTTP_PROXY and HTTPS_PROXY pointing to http://tinyproxy:8888.
  • Allowed destinations are controlled by tinyproxy/filter.
  • Internal service-to-service traffic bypasses proxy via NO_PROXY.

Quick start

  1. Create environment file:
cp .env.dist .env
  1. Generate terminal API key:
echo "OPEN_TERMINAL_API_KEY=$(openssl rand -hex 32)" >> .env
  1. Start the stack:
docker-compose up -d
  1. Access Open WebUI:
  • http://<host>:${OPENWEBUI_PORT} (default 8080)

Day-to-day commands

# Start
docker-compose up -d

# Logs
docker-compose logs -f openwebui
docker-compose logs -f ollama
docker-compose logs -f terminal
docker-compose logs -f tinyproxy

# Status
docker-compose ps

# Stop
docker-compose down

Proxy allowlist updates

  1. Edit tinyproxy/filter.
  2. Rebuild only proxy service:
docker-compose up -d --build tinyproxy