Skip to main content

Server Connectivity Issues

We're here to help you get everything set up and running smoothly. Below, you'll find step-by-step instructions tailored for different scenarios to solve common connection issues.

πŸ” HTTPS, TLS, CORS & WebSocket Issues​

If you're experiencing connectivity problems with Open WebUI, especially when using reverse proxies or HTTPS, these issues often stem from improper CORS, TLS, WebSocket, or cookie configuration. Here's how to diagnose and fix them.

Common Symptoms​

You might be experiencing these issues if you see:

  • Empty responses like "{}" in the chat
  • Errors like "Unexpected token 'd', "data: {"id"... is not valid JSON"
  • WebSocket connection failures in browser console
  • WebSocket connection failures in CLI logs
  • Login problems or session issues
  • CORS errors in browser developer tools
  • Mixed content warnings when accessing over HTTPS

Required Configuration for HTTPS & Reverse Proxies​

Critical Environment Variables

When running Open WebUI behind a reverse proxy with HTTPS, you must configure these settings:

# Set this to your actual domain BEFORE FIRST STARTUP (required for OAuth/SSO and proper operation)
WEBUI_URL=https://your-open-webui-domain.com
# If you already started Open WebUI, don't worry, you can set this config from the admin panel as well!

# CORS configuration - CRITICAL for WebSocket functionality
# Include ALL ways users might access your instance
# Make sure to include all IPs, hostnames and domains users can and could access Open WebUI and how requests are going to your Open WebUI instance
# e.g. localhost, 127.0.0.1, 0.0.0.0, <ip of your server/computer>, public domain - all in http and https with the correct ports
CORS_ALLOW_ORIGIN="https://yourdomain.com;http://yourdomain.com;https://yourip;http://localhost:3000"

# Cookie security settings for HTTPS
# Disable if you do not use HTTPS
WEBUI_SESSION_COOKIE_SECURE=true
WEBUI_AUTH_COOKIE_SECURE=true

# For OAuth/SSO, you will probably have to use 'lax' (strict can break OAuth callbacks)
WEBUI_SESSION_COOKIE_SAME_SITE=lax
WEBUI_AUTH_COOKIE_SAME_SITE=lax

# WebSocket support (if using Redis)
# If you experience websocket related issues, even after configuring all of the above, you can try turning OFF ENABLE_WEBSOCKET_SUPPORT
# But this is not recommended for production and also not officially supported!
# If you experience websocket issues, you should ideally provide websocket support through reverse proxies.
ENABLE_WEBSOCKET_SUPPORT=true
WEBSOCKET_MANAGER=redis
WEBSOCKET_REDIS_URL=redis://redis:6379/1

WEBUI_URL Configuration

The WEBUI_URL must be set correctly BEFORE using OAuth/SSO. Since it's a persistent config variable, you can only change it by:

  • Disabling persistent config temporarily with ENABLE_PERSISTENT_CONFIG=false
  • Changing it in Admin Panel > Settings > WebUI URL
  • Setting it correctly before first launch

CORS Configuration Details

The CORS_ALLOW_ORIGIN setting is crucial for WebSocket functionality. If you see errors in the logs like "https://yourdomain.com is not an accepted origin" or "http://127.0.0.1:3000 is not an accepted origin", you need to add that URL to your CORS configuration. Use semicolons to separate multiple origins, and include every possible way users access your instance (domain, IP, localhost).

Reverse Proxy / SSL/TLS Configuration​

For reverse proxy and TLS setups, check our tutorials here.

WebSocket Troubleshooting​

WebSocket support is required for Open WebUI v0.5.0 and later. If WebSockets aren't working:

  1. Check your reverse proxy configuration - Ensure Upgrade and Connection headers are properly set
  2. Verify CORS settings - WebSocket connections respect CORS policies
  3. Check browser console - Look for WebSocket connection errors
  4. Test direct connection - Try connecting directly to Open WebUI without the proxy to isolate the issue

For multi-instance deployments, configure Redis for WebSocket management:

ENABLE_WEBSOCKET_SUPPORT=true
WEBSOCKET_MANAGER=redis
WEBSOCKET_REDIS_URL=redis://redis:6379/1

Testing Your Configuration​

To verify your setup is working:

  1. Check HTTPS: Visit your domain and ensure you see a valid certificate with no browser warnings
  2. Test WebSockets: Open browser developer tools, go to Network tab, filter by "WS", and verify WebSocket connections are established
  3. Verify CORS: Check browser console for any CORS-related errors
  4. Test functionality: Send a message and ensure streaming responses work properly

Quick Fixes Checklist​

  • βœ“ Set WEBUI_URL to your actual HTTPS domain before enabling OAuth
  • βœ“ Configure CORS_ALLOW_ORIGIN with all possible access URLs
  • βœ“ Enable WEBUI_SESSION_COOKIE_SECURE=true for HTTPS
  • βœ“ Add WebSocket headers to your reverse proxy configuration
  • βœ“ Use TLSv1.2 or TLSv1.3 in your SSL configuration
  • βœ“ Set proper X-Forwarded-Proto headers in your reverse proxy
  • βœ“ Ensure HTTP to HTTPS redirects are in place
  • βœ“ Configure Let's Encrypt for automatic certificate renewal

🌟 Connection to Ollama Server​

πŸš€ Accessing Ollama from Open WebUI​

Struggling to connect to Ollama from Open WebUI? It could be because Ollama isn’t listening on a network interface that allows external connections. Let’s sort that out:

  1. Configure Ollama to Listen Broadly 🎧: Set OLLAMA_HOST to 0.0.0.0 to make Ollama listen on all network interfaces.

  2. Update Environment Variables: Ensure that the OLLAMA_HOST is accurately set within your deployment environment.

  3. Restart OllamaπŸ”„: A restart is needed for the changes to take effect.

πŸ’‘ After setting up, verify that Ollama is accessible by visiting the WebUI interface.

For more detailed instructions on configuring Ollama, please refer to the Ollama's Official Documentation.

🐳 Docker Connection Error​

If you're seeing a connection error when trying to access Ollama, it might be because the WebUI docker container can't talk to the Ollama server running on your host. Let’s fix that:

  1. Adjust the Network Settings πŸ› οΈ: Use the --network=host flag in your Docker command. This links your container directly to your host’s network.

  2. Change the Port: Remember that the internal port changes from 3000 to 8080.

Example Docker Command:

docker run -d --network=host -v open-webui:/app/backend/data -e OLLAMA_BASE_URL=http://127.0.0.1:11434 --name open-webui --restart always ghcr.io/open-webui/open-webui:main

πŸ”— After running the above, your WebUI should be available at http://localhost:8080.

πŸ”’ SSL Connection Issue with Hugging Face​

Encountered an SSL error? It could be an issue with the Hugging Face server. Here's what to do:

  1. Check Hugging Face Server Status: Verify if there's a known outage or issue on their end.

  2. Switch Endpoint: If Hugging Face is down, switch the endpoint in your Docker command.

Example Docker Command for Connected Issues:

docker run -d -p 3000:8080 -e HF_ENDPOINT=https://hf-mirror.com/ --add-host=host.docker.internal:host-gateway -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main

🍏 Podman on MacOS​

Running on MacOS with Podman? Here’s how to ensure connectivity:

  1. Enable Host Loopback: Use --network slirp4netns:allow_host_loopback=true in your command.

  2. Set OLLAMA_BASE_URL: Ensure it points to http://host.containers.internal:11434.

Example Podman Command:

podman run -d --network slirp4netns:allow_host_loopback=true -p 3000:8080 -e OLLAMA_BASE_URL=http://host.containers.internal:11434 -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main