This tutorial is a community contribution and is not supported by the OpenWebUI team. It serves only as a demonstration on how to customize OpenWebUI for your specific use case. Want to contribute? Check out the contributing tutorial.
HTTPS using Nginx
Ensuring secure communication between your users and the Open WebUI is paramount. HTTPS (HyperText Transfer Protocol Secure) encrypts the data transmitted, protecting it from eavesdroppers and tampering. By configuring Nginx as a reverse proxy, you can seamlessly add HTTPS to your Open WebUI deployment, enhancing both security and trustworthiness.
This guide provides two methods to set up HTTPS:
- Self-Signed Certificates: Ideal for development and internal use.
- Let's Encrypt: Perfect for production environments requiring trusted SSL certificates.
Choose the method that best fits your deployment needs.
- Self-Signed Certificate
- Let's Encrypt
Self-Signed Certificate
Using self-signed certificates is suitable for development or internal use where trust is not a critical concern.
Steps
-
Create Directories for Nginx Files:
mkdir -p conf.d ssl
-
Create Nginx Configuration File:
conf.d/open-webui.conf
:server {
listen 443 ssl;
server_name your_domain_or_IP;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://host.docker.internal:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
} -
Generate Self-Signed SSL Certificates:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout ssl/nginx.key \
-out ssl/nginx.crt \
-subj "/CN=your_domain_or_IP" -
Update Docker Compose Configuration:
Add the Nginx service to your
docker-compose.yml
:services:
nginx:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./ssl:/etc/nginx/ssl
depends_on:
- open-webui -
Start Nginx Service:
docker compose up -d nginx
Access the WebUI
Access Open WebUI via HTTPS at:
Let's Encrypt
Let's Encrypt provides free SSL certificates trusted by most browsers, ideal for production environments.
Prerequisites
- Certbot installed on your system.
- DNS records properly configured to point to your server.
Steps
-
Create Directories for Nginx Files:
mkdir -p conf.d ssl
-
Create Nginx Configuration File:
conf.d/open-webui.conf
:server {
listen 80;
server_name your_domain_or_IP;
location / {
proxy_pass http://host.docker.internal:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
} -
Simplified Let's Encrypt Script:
enable_letsencrypt.sh
:#!/bin/bash
# Description: Simplified script to obtain and install Let's Encrypt SSL certificates using Certbot.
DOMAIN="your_domain_or_IP"
EMAIL="your_email@example.com"
# Install Certbot if not installed
if ! command -v certbot &> /dev/null; then
echo "Certbot not found. Installing..."
sudo apt-get update
sudo apt-get install -y certbot python3-certbot-nginx
fi
# Obtain SSL certificate
sudo certbot --nginx -d "$DOMAIN" --non-interactive --agree-tos -m "$EMAIL"
# Reload Nginx to apply changes
sudo systemctl reload nginx
echo "Let's Encrypt SSL certificate has been installed and Nginx reloaded."Make the script executable:
chmod +x enable_letsencrypt.sh
-
Update Docker Compose Configuration:
Add the Nginx service to your
docker-compose.yml
:services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./ssl:/etc/nginx/ssl
depends_on:
- open-webui -
Start Nginx Service:
docker compose up -d nginx
-
Run the Let's Encrypt Script:
Execute the script to obtain and install the SSL certificate:
./enable_letsencrypt.sh
Access the WebUI
Access Open WebUI via HTTPS at:
Next Steps
After setting up HTTPS, access Open WebUI securely at:
Ensure that your DNS records are correctly configured if you're using a domain name. For production environments, it's recommended to use Let's Encrypt for trusted SSL certificates.