Updating Open WebUI

Overview

Keeping Open WebUI updated ensures you have the latest features, security patches, and bug fixes. You can update manually or automate the process using container update tools.

Before Updating

Backup your data — especially before releases that include database migrations, since they can be hard to undo. Check release notes for breaking changes
Clear browser cache after updating (Ctrl+F5 / Cmd+Shift+R)
Multiple workers/replicas? Run migrations with UVICORN_WORKERS=1 first, or set ENABLE_DB_MIGRATIONS=False on all but one instance

Manual Update

Docker Run
Docker Compose

# 1. Stop and remove the container (data in the volume is preserved)
docker rm -f open-webui

# 2. Pull the latest image
docker pull ghcr.io/open-webui/open-webui:main

# 3. Recreate the container
docker run -d -p 3000:8080 \
  -v open-webui:/app/backend/data \
  -e WEBUI_SECRET_KEY="your-secret-key" \
  --name open-webui --restart always \
  ghcr.io/open-webui/open-webui:main

For NVIDIA GPU support, add --gpus all to the docker run command.

docker compose pull
docker compose up -d

Make sure your docker-compose.yml includes WEBUI_SECRET_KEY:

docker-compose.yml
services:
  open-webui:
    image: ghcr.io/open-webui/open-webui:main
    ports:
      - "3000:8080"
    volumes:
      - open-webui:/app/backend/data
    environment:
      - WEBUI_SECRET_KEY=your-secret-key
    restart: unless-stopped

volumes:
  open-webui:

Set WEBUI_SECRET_KEY to avoid logout on every update

Without a persistent WEBUI_SECRET_KEY, a new key is generated each time the container is recreated, invalidating all sessions. Generate one with openssl rand -hex 32 and keep it across updates.

Pinning a Version

By default the :main tag always points to the latest build. For production, pin a specific release:

ghcr.io/open-webui/open-webui:v0.8.5
ghcr.io/open-webui/open-webui:v0.8.5-cuda
ghcr.io/open-webui/open-webui:v0.8.5-ollama

Rolling Back

If an update causes problems, pin the previous version:

docker rm -f open-webui
docker pull ghcr.io/open-webui/open-webui:v0.8.3
docker run -d -p 3000:8080 -v open-webui:/app/backend/data \
  -e WEBUI_SECRET_KEY="your-secret-key" \
  --name open-webui ghcr.io/open-webui/open-webui:v0.8.3

Automated Updates

warning

Automated updates can break your deployment if a release includes breaking changes or migration issues. Review release notes before auto-updating production systems, and always have a backup.

Choosing a Tool

Feature	Watchtower	WUD	Diun
Auto-updates containers	✅	❌ (manual via UI)	❌
Web interface	❌	✅	❌
Notifications	✅	✅	✅
Docker 29+	✅ (forks)	✅	✅
Resource usage	Low	Medium	Very Low
Best for	Homelabs	Visual monitoring	Notification-only

Recommendation

For homelabs/personal use: nicholas-fedor/watchtower (automated)
For managed environments: WUD (visual + manual control)
For production/critical systems: Diun (notifications only) + manual updates

Watchtower

The original Watchtower project hasn't received updates in over two years and fails with Docker version 29.0.0 or newer due to API version incompatibility. Two maintained forks are available: nicholas-fedor/watchtower and Marrrrrrrrry/watchtower, both compatible with Docker 29+.

One-time update:

docker run --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  nickfedor/watchtower --run-once open-webui

Continuous (check every 6 hours):

docker run -d --name watchtower --restart unless-stopped \
  -v /var/run/docker.sock:/var/run/docker.sock \
  nickfedor/watchtower --interval 21600 open-webui

Set WATCHTOWER_CLEANUP=true to auto-remove old images. See Watchtower docs for scheduling, notifications, and monitor-only mode.

What's Up Docker (WUD)

Web UI for monitoring container updates and triggering them manually. See WUD documentation for setup.

Diun

Notification-only — alerts you when updates are available (email, Slack, Discord, Telegram, etc.) without touching your containers.

docker-compose.yml
services:
  diun:
    image: crazymax/diun:latest
    container_name: diun
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data:/data
    environment:
      - TZ=America/New_York
      - LOG_LEVEL=info
      - DIUN_WATCH_WORKERS=10
      - DIUN_WATCH_SCHEDULE=0 */6 * * *  # Every 6 hours
      - DIUN_PROVIDERS_DOCKER=true
      - DIUN_NOTIF_MAIL_HOST=smtp.gmail.com
      - DIUN_NOTIF_MAIL_PORT=587
      - DIUN_NOTIF_MAIL_USERNAME=your-email@gmail.com
      - DIUN_NOTIF_MAIL_PASSWORD=your-app-password
      - DIUN_NOTIF_MAIL_FROM=your-email@gmail.com
      - DIUN_NOTIF_MAIL_TO=your-email@gmail.com
    restart: unless-stopped

See Diun documentation for full setup and notification options.

Backup & Restore

All data (chats, users, uploads) lives in the open-webui Docker volume.

Backup:

docker run --rm -v open-webui:/data -v $(pwd):/backup \
  alpine tar czf /backup/openwebui-$(date +%Y%m%d).tar.gz /data

Restore:

docker stop open-webui
docker run --rm -v open-webui:/data -v $(pwd):/backup \
  alpine sh -c "rm -rf /data/* && tar xzf /backup/openwebui-20250216.tar.gz -C /"
docker start open-webui

For database-specific recovery, see the Manual Database Migration guide.

Overview​

Manual Update​

Pinning a Version​

Rolling Back​

Automated Updates​

Choosing a Tool​

Watchtower​

What's Up Docker (WUD)​

Diun​

Backup & Restore​