Configuration Guide Open WebUI can be configured through environment variables, providing flexibility for different deployment scenarios. This guide covers all major configuration options.
Setting Environment Variables Docker
Docker Compose
.env File
Python/pip
Use the -e flag to set environment variables: docker run -d -p 3000:8080 \ -e OLLAMA_BASE_URL=http://ollama:11434 \ -e WEBUI_SECRET_KEY=your_secret_key \ -e ENABLE_SIGNUP=False \ -v open-webui:/app/backend/data \ --name open-webui \ ghcr.io/open-webui/open-webui:main
Add variables to the environment section: services : open-webui : image : ghcr.io/open-webui/open-webui:main environment : - OLLAMA_BASE_URL=http://ollama:11434 - WEBUI_SECRET_KEY=your_secret_key - ENABLE_SIGNUP=False
Create a .env file in your project directory: OLLAMA_BASE_URL = http://localhost:11434 OPENAI_API_BASE_URL = OPENAI_API_KEY = WEBUI_SECRET_KEY = CORS_ALLOW_ORIGIN = * SCARF_NO_ANALYTICS = true DO_NOT_TRACK = true ANONYMIZED_TELEMETRY = false
Reference it in Docker Compose: services : open-webui : env_file : - .env
Export variables before running: export OLLAMA_BASE_URL = http :// localhost : 11434 export WEBUI_SECRET_KEY = your_secret_key open-webui serve
Core Configuration Application Settings Variable Description Default WEBUI_NAMEApplication name displayed in UI Open WebUIWEBUI_URLBase URL for the application - ENVEnvironment mode (dev, test, prod) devDATA_DIRDirectory for storing data /app/backend/dataFRONTEND_BUILD_DIRFrontend build directory /app/buildENABLE_SIGNUPAllow new user registrations TrueENABLE_LOGIN_FORMShow login form TrueDEFAULT_LOCALEDefault UI language -
Always set ENABLE_SIGNUP=False after creating your admin account to prevent unauthorized access.
Security Settings Variable Description Default WEBUI_SECRET_KEYSecret key for sessions (required in production) t0p-s3cr3tWEBUI_AUTHEnable authentication TrueJWT_EXPIRES_INJWT token expiration time 4wENABLE_API_KEYSAllow users to create API keys FalseWEBUI_SESSION_COOKIE_SAME_SITECookie SameSite attribute laxWEBUI_SESSION_COOKIE_SECURERequire HTTPS for cookies false
Production Security
Development
# Secure configuration for production WEBUI_SECRET_KEY = $( openssl rand -base64 32 ) WEBUI_AUTH = True ENABLE_SIGNUP = False WEBUI_SESSION_COOKIE_SECURE = True JWT_EXPIRES_IN = 1w
Model Provider Configuration Ollama Settings Variable Description Default ENABLE_OLLAMA_APIEnable Ollama integration TrueOLLAMA_BASE_URLOllama server URL http://localhost:11434OLLAMA_BASE_URLSMultiple Ollama servers (semicolon-separated) - OLLAMA_API_CONFIGSAPI configurations per server {}
Single Server
Multiple Servers
Remote Server
OLLAMA_BASE_URL = http://localhost:11434
OpenAI API Settings Variable Description Default ENABLE_OPENAI_APIEnable OpenAI integration TrueOPENAI_API_KEYOpenAI API key - OPENAI_API_BASE_URLOpenAI API endpoint https://api.openai.com/v1OPENAI_API_KEYSMultiple API keys (semicolon-separated) - OPENAI_API_BASE_URLSMultiple API endpoints -
OpenAI
Azure OpenAI
Multiple Providers
OPENAI_API_KEY = sk-... OPENAI_API_BASE_URL = https://api.openai.com/v1
Database Configuration SQLite (Default) DATABASE_URL = sqlite:///app/backend/data/webui.db DATABASE_ENABLE_SQLITE_WAL = False
PostgreSQL DATABASE_URL = postgresql://user:password@host:5432/database
Or use individual variables:
DATABASE_TYPE = postgresql DATABASE_USER = openwebui DATABASE_PASSWORD = your_password DATABASE_HOST = postgres DATABASE_PORT = 5432 DATABASE_NAME = openwebui
Database Pool Settings Variable Description Default DATABASE_POOL_SIZEConnection pool size - DATABASE_POOL_MAX_OVERFLOWMax overflow connections 0DATABASE_POOL_TIMEOUTConnection timeout (seconds) 30DATABASE_POOL_RECYCLEConnection recycle time (seconds) 3600ENABLE_DB_MIGRATIONSAuto-run database migrations True
For production PostgreSQL deployments, configure pool settings based on your load: DATABASE_POOL_SIZE = 20 DATABASE_POOL_MAX_OVERFLOW = 10 DATABASE_POOL_TIMEOUT = 30
Redis Configuration Redis is required for horizontal scaling and multi-worker deployments.
Variable Description Default REDIS_URLRedis connection URL - REDIS_CLUSTERUse Redis Cluster FalseREDIS_KEY_PREFIXKey prefix for namespacing open-webuiREDIS_SENTINEL_HOSTSSentinel hosts (comma-separated) - REDIS_SENTINEL_PORTSentinel port 26379
Single Redis
Redis Cluster
Redis Sentinel
REDIS_URL = redis://localhost:6379/0 REDIS_KEY_PREFIX = open-webui
Storage Configuration Local Storage (Default) STORAGE_PROVIDER = local DATA_DIR = /app/backend/data
Amazon S3 STORAGE_PROVIDER = s3 S3_ACCESS_KEY_ID = your_access_key S3_SECRET_ACCESS_KEY = your_secret_key S3_REGION_NAME = us-east-1 S3_BUCKET_NAME = open-webui S3_ENDPOINT_URL = https://s3.amazonaws.com
Google Cloud Storage STORAGE_PROVIDER = gcs GCS_BUCKET_NAME = open-webui GOOGLE_APPLICATION_CREDENTIALS_JSON = '{"type":"service_account",...}'
Azure Blob Storage STORAGE_PROVIDER = azure AZURE_STORAGE_ENDPOINT = https://account.blob.core.windows.net AZURE_STORAGE_CONTAINER_NAME = open-webui AZURE_STORAGE_KEY = your_storage_key
RAG & Vector Database Vector Database Options Open WebUI supports multiple vector databases for RAG:
ChromaDB (default)
PGVector
Qdrant
Milvus
Elasticsearch
OpenSearch
Pinecone
S3Vector
Oracle 23ai
Configuration is typically done through the Admin Panel UI.
RAG Settings Variable Description Default RAG_EMBEDDING_TIMEOUTEmbedding generation timeout - RAG_SYSTEM_CONTEXTInclude RAG context in system messages FalseENABLE_QUERIES_CACHECache query results False
Authentication & OAuth OAuth Providers Google OAuth
Microsoft OAuth
GitHub OAuth
Generic OIDC
GOOGLE_CLIENT_ID = your_client_id.apps.googleusercontent.com GOOGLE_CLIENT_SECRET = your_client_secret GOOGLE_REDIRECT_URI = http://localhost:3000/oauth/google/callback ENABLE_OAUTH_SIGNUP = True
MICROSOFT_CLIENT_ID = your_client_id MICROSOFT_CLIENT_SECRET = your_client_secret MICROSOFT_CLIENT_TENANT_ID = your_tenant_id MICROSOFT_REDIRECT_URI = http://localhost:3000/oauth/microsoft/callback ENABLE_OAUTH_SIGNUP = True
GITHUB_CLIENT_ID = your_client_id GITHUB_CLIENT_SECRET = your_client_secret GITHUB_CLIENT_REDIRECT_URI = http://localhost:3000/oauth/github/callback ENABLE_OAUTH_SIGNUP = True
OAUTH_CLIENT_ID = your_client_id OAUTH_CLIENT_SECRET = your_client_secret OPENID_PROVIDER_URL = https://auth.example.com/.well-known/openid-configuration OPENID_REDIRECT_URI = http://localhost:3000/oauth/oidc/callback OAUTH_PROVIDER_NAME = SSO ENABLE_OAUTH_SIGNUP = True
LDAP/Active Directory LDAP integration is configured through the Admin Panel UI.
SCIM 2.0 Provisioning ENABLE_SCIM = True SCIM_TOKEN = your_scim_bearer_token SCIM_AUTH_PROVIDER = oidc
User Permissions Default User Role # Options: admin, user, pending DEFAULT_USER_ROLE = pending
Chat Permissions # Chat controls USER_PERMISSIONS_CHAT_FILE_UPLOAD = True USER_PERMISSIONS_CHAT_DELETE = True USER_PERMISSIONS_CHAT_EDIT = True USER_PERMISSIONS_CHAT_TEMPORARY = True # Advanced features USER_PERMISSIONS_CHAT_MULTIPLE_MODELS = True USER_PERMISSIONS_CHAT_CALL = True
Workspace Permissions # Access to workspace features USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS = False USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ACCESS = False USER_PERMISSIONS_WORKSPACE_PROMPTS_ACCESS = False USER_PERMISSIONS_WORKSPACE_TOOLS_ACCESS = False # Sharing permissions USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING = False USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_SHARING = False
Worker Configuration # Number of uvicorn worker processes UVICORN_WORKERS = 1
When using multiple workers (UVICORN_WORKERS > 1), you must configure Redis for session management: UVICORN_WORKERS = 4 REDIS_URL = redis://localhost:6379/0
WebSocket Configuration ENABLE_WEBSOCKET_SUPPORT = True WEBSOCKET_MANAGER = WEBSOCKET_REDIS_URL = redis://localhost:6379/0
Caching # Model list caching (seconds) MODELS_CACHE_TTL = 1 # Query caching ENABLE_QUERIES_CACHE = False # Base models cache ENABLE_BASE_MODELS_CACHE = False
Observability OpenTelemetry ENABLE_OTEL = True ENABLE_OTEL_TRACES = True ENABLE_OTEL_METRICS = True ENABLE_OTEL_LOGS = True OTEL_EXPORTER_OTLP_ENDPOINT = http://localhost:4317 OTEL_SERVICE_NAME = open-webui OTEL_TRACES_SAMPLER = parentbased_always_on
Audit Logging ENABLE_AUDIT_LOGS_FILE = True AUDIT_LOGS_FILE_PATH = /app/backend/data/audit.log AUDIT_LOG_FILE_ROTATION_SIZE = 10MB AUDIT_LOG_LEVEL = METADATA
General Logging GLOBAL_LOG_LEVEL = INFO LOG_FORMAT = json
Network & CORS # CORS configuration CORS_ALLOW_ORIGIN = * # Forwarded IPs (for proxy setups) FORWARDED_ALLOW_IPS = * # Forward user info headers ENABLE_FORWARD_USER_INFO_HEADERS = False
Advanced Features Image Generation Configure through Admin Panel UI. Supports:
OpenAI DALL-E
Google Gemini
ComfyUI (local)
AUTOMATIC1111 (local)
Web Search Configure search providers through Admin Panel UI. Supports 15+ providers including:
SearXNG
Google Programmable Search Engine
Brave Search
DuckDuckGo
Tavily
Perplexity
# Enable pip install for function requirements ENABLE_PIP_INSTALL_FRONTMATTER_REQUIREMENTS = True # Pip options PIP_OPTIONS = --no-cache-dir
Environment-Specific Examples Development
Production (Single Instance)
Production (Multi-Worker)
Enterprise
# Development environment ENV = dev WEBUI_SECRET_KEY = dev_secret ENABLE_SIGNUP = True OLLAMA_BASE_URL = http://localhost:11434 DATABASE_URL = sqlite:///app/backend/data/webui.db GLOBAL_LOG_LEVEL = DEBUG
Next Steps
User Management Set up roles, permissions, and access control
Model Configuration Configure and manage AI models
API Reference Integrate Open WebUI programmatically
Troubleshooting Common issues and solutions
For a complete list of all environment variables, see the source code or check your .env.example file.