linux下的ollama的代理设置

需要在/etc/systemd/system/ollama.service的内容修改如下：

[Unit]

Description=Ollama Service

After=network-online.target

[Service]

ExecStart=/usr/local/bin/ollama serve

User=ollama

Group=ollama

Restart=always

RestartSec=3

Environment="PATH=/home/abc/.local/bin"

Environment="PATH=$PATH"

Environment="CUDA_VISIBLE_DEVICES=0,1,2,3"

Environment="OLLAMA_SCHED_SPREAD=1"

Environment="OLLAMA_KEEP_ALIVE=-1"

Environment="OLLAMA_HOST=0.0.0.0"

Environment="OLLAMA_NUM_PARALLEL=10"

Environment="OLLAMA_ORIGINS=*"

Environment="https_proxy=http://abc.com:80"

Environment="http_proxy=http://abc.com:80"

[Install]

WantedBy=default.target

openwrt中使用dnsmasq+nft实现按域名分流

 以前一直使用dnsmasq+iptables进行分流，现在都流行nft了。目前我还搞不清楚nft对比iptables到底好处在哪里。

dnsmasq需要安装dnsmasq-full，否则不支持nft功能。

dnsmasq的配置如下：

server=/discord.com/1.1.1.1

nftset=/discord.com/4#ip#mangle#gfwlist,6#ip6#mangle#gfwlist6

这样将dns查询时，将ip地址分别添加到gfwlist，和gfwlist6

其中这两个变量的定义是：

nft list table ip mangle &>/dev/null || nft add table ip mangle

nft list table ip6 mangle &>/dev/null || nft add table ip6 mangle

nft list set ip mangle gfwlist &>/dev/null || nft add set ip mangle gfwlist { type ipv4_addr\; flags interval\; }

nft list set ip6 mangle gfwlist6 &>/dev/null || nft add set ip6 mangle gfwlist6 { type ipv6_addr\; flags interval\;}

记住，需要先定义mangle，再定义gfwlist，和gfwlist6

添加链到mangle中：

# Add chains if they don't exist

nft list chain ip mangle PREROUTING &>/dev/null || nft add chain ip mangle PREROUTING { type filter hook prerouting priority mangle\; policy accept\; }

nft list chain ip mangle OUTPUT &>/dev/null || nft add chain ip mangle OUTPUT { type filter hook output priority mangle\; policy accept\; }

nft list chain ip6 mangle PREROUTING &>/dev/null || nft add chain ip6 mangle PREROUTING { type filter hook prerouting priority mangle\; policy accept\; }

nft list chain ip6 mangle OUTPUT &>/dev/null || nft add chain ip6 mangle OUTPUT { type filter hook output priority mangle\; policy accept\; }

分流使用tproxy：

# Add TPROXY rules

nft add rule ip mangle PREROUTING ip protocol tcp ip daddr @gfwlist tproxy to 127.0.0.1:1237 meta mark set 0x2

nft add rule ip mangle PREROUTING ip protocol udp ip daddr @gfwlist tproxy to 127.0.0.1:1237 meta mark set 0x2

nft add rule ip6 mangle PREROUTING ip6 nexthdr tcp ip6 daddr @gfwlist6 tproxy to [::1]:1237 meta mark set 0x2

nft add rule ip6 mangle PREROUTING ip6 nexthdr udp ip6 daddr @gfwlist6 tproxy to [::1]:1237 meta mark set 0x2

需要使用tproxy，记得需要安装kmod-nft-tproxy，否则不支持。

为什么使用tproxy，因为udp只支持tproxy，不支持redirect。

如果是本机，还需要在OUTPUT链添加mark：

# Add mark rules for OUTPUT

nft add rule ip mangle OUTPUT ip protocol tcp ip daddr @gfwlist mark set 0x4

nft add rule ip mangle OUTPUT ip protocol udp ip daddr @gfwlist mark set 0x4

nft add rule ip6 mangle OUTPUT ip6 nexthdr tcp ip6 daddr @gfwlist6 mark set 0x4

nft add rule ip6 mangle OUTPUT ip6 nexthdr udp ip6 daddr @gfwlist6 mark set 0x4

当然ip route还需要用原来的：

ip route add local 0.0.0.0/0 dev lo table 110

ip -6 route add local ::/0 dev lo table 111

ip rule add fwmark 2 lookup 110

ip rule add fwmark 4 lookup 110

ip -6 rule add fwmark 2 table 111

ip -6 rule add fwmark 4 table 111