Skip to main content
warning

This tutorial is a community contribution and is not supported by the Open WebUI team. It serves only as a demonstration on how to customize Open WebUI for your specific use case. Want to contribute? Check out the contributing tutorial.

HTTPS using Nginx

Ensuring secure communication between your users and the Open WebUI is paramount. HTTPS (HyperText Transfer Protocol Secure) encrypts the data transmitted, protecting it from eavesdroppers and tampering. By configuring Nginx as a reverse proxy, you can seamlessly add HTTPS to your Open WebUI deployment, enhancing both security and trustworthiness.

This guide provides three methods to set up HTTPS:

  • Self-Signed Certificates: Ideal for development and internal use, using docker.
  • Let's Encrypt: Perfect for production environments requiring trusted SSL certificates, using docker.
  • Windows+Self-Signed: Simplified instructions for development and internal use on windows, no docker required.

Choose the method that best fits your deployment needs.

Nginx Proxy Manager​

Nginx Proxy Manager (NPM) allows you to easily manage reverse proxies and secure your local applications, like Open WebUI, with valid SSL certificates from Let's Encrypt. This setup enables HTTPS access, which is necessary for using voice input features on many mobile browsers due to their security requirements, without exposing the application's specific port directly to the internet.

Prerequisites​

  • A home server running Docker and open-webui container running.
  • A domain name (free options like DuckDNS or paid ones like Namecheap/GoDaddy).
  • Basic knowledge of Docker and DNS configuration.

Steps​

  1. Create Directories for Nginx Files:

    mkdir ~/nginx_config
    cd ~/nginx_config
  2. Set Up Nginx Proxy Manager with Docker:

    nano docker-compose.yml
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt

Run the container:

docker-compose up -d
  1. Configure DNS and Domain:

    • Log in to your domain provider (e.g., DuckDNS) and create a domain.
    • Point the domain to your proxy’s local IP (e.g., 192.168.0.6).
    • If using DuckDNS, get an API token from their dashboard.
Here is a simple example how it's done in https://www.duckdns.org/domains :​
  1. Set Up SSL Certificates:
  • Access Nginx Proxy Manager at http://server_ip:81. For example: 192.168.0.6:81
  • Log in with the default credentials (admin@example.com / changeme). Change them as asked.
  • Go to SSL Certificates β†’ Add SSL Certificate β†’ Let's Encrypt.
  • Write your email and domain name you got from DuckDNS. One domain name contains an asterisk and another does not. Example: *.hello.duckdns.org and hello.duckdns.org.
  • Select Use a DNS challenge, choose DuckDNS, and paste your API token. example: dns_duckdns_token=f4e2a1b9-c78d-e593-b0d7-67f2e1c9a5b8
  • Agree to Let’s Encrypt terms and save. Change propagation time if needed (120 seconds).
  1. Create Proxy Hosts:
  • For each service (e.g., openwebui, nextcloud), go to Hosts β†’ Proxy Hosts β†’ Add Proxy Host.
  • Fill in the domain name (e.g., openwebui.hello.duckdns.org).
  • Set the scheme to HTTP (default), enable Websockets support and point to your Docker IP (if docker with open-webui is running on the same computer as NGINX manager, this will be the same IP as earlier (example: 192.168.0.6)
  • Select the SSL certificate generated earlier, force SSL, and enable HTTP/2.
  1. Add your url to open-webui (otherwise getting HTTPS error):
  • Go to your open-webui β†’ Admin Panel β†’ Settings β†’ General
  • In the Webhook URL text field, enter your URL through which you will connect to your open-webui via Nginx reverse proxy. Example: hello.duckdns.org (not essential with this one) or openwebui.hello.duckdns.org (essential with this one).

Access the WebUI:​

Access Open WebUI via HTTPS at either hello.duckdns.org or openwebui.hello.duckdns.org (in whatever way you set it up).

Firewall Note: Be aware that local firewall software (like Portmaster) might block internal Docker network traffic or required ports. If you experience issues, check your firewall rules to ensure necessary communication for this setup is allowed.​

Next Steps​

After setting up HTTPS, access Open WebUI securely at:

Ensure that your DNS records are correctly configured if you're using a domain name. For production environments, it's recommended to use Let's Encrypt for trusted SSL certificates.