Skip to main content

Overview

Open WebUI supports cloud storage backends for scalable file storage. Choose between local filesystem, Amazon S3, Google Cloud Storage, or Azure Blob Storage based on your deployment needs.

Storage Options

Local Storage

Default filesystem storage

Amazon S3

S3 and S3-compatible storage

Google Cloud Storage

GCS buckets

Azure Blob Storage

Azure Storage containers

Local Storage (Default)

Files are stored in the local filesystem.

Configuration

# Default - no configuration needed
STORAGE_PROVIDER=local
DATA_DIR=/app/backend/data

Directory Structure

data/
├── uploads/           # User-uploaded files
├── cache/             # Temporary cache
└── ...

Use Cases

Single-server deployments
Development environments
Small-scale production
Local storage is not recommended for:
  • Multi-node deployments
  • High-availability setups
  • Large file volumes

Amazon S3

Scalable object storage compatible with S3 API.

Installation

# Already included in requirements.txt
boto3==1.42.44
File: backend/requirements.txt:120

Configuration

STORAGE_PROVIDER=s3

# AWS Credentials
S3_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
S3_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

# S3 Configuration
S3_BUCKET_NAME=open-webui-storage
S3_REGION_NAME=us-east-1
S3_ENDPOINT_URL=  # Optional, for S3-compatible services
S3_KEY_PREFIX=uploads/  # Optional prefix for all keys

# Advanced Options
S3_USE_ACCELERATE_ENDPOINT=false
S3_ADDRESSING_STYLE=auto  # auto, path, or virtual
S3_ENABLE_TAGGING=false
File: backend/open_webui/config.py:953

S3-Compatible Services

STORAGE_PROVIDER=s3
S3_ENDPOINT_URL=http://minio:9000
S3_ACCESS_KEY_ID=minioadmin
S3_SECRET_ACCESS_KEY=minioadmin
S3_BUCKET_NAME=open-webui
S3_ADDRESSING_STYLE=path

IAM Policy

Minimum required permissions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::open-webui-storage",
        "arn:aws:s3:::open-webui-storage/*"
      ]
    }
  ]
}
With tagging enabled: 
{
  "Effect": "Allow",
  "Action": [
    "s3:GetObject",
    "s3:PutObject",
    "s3:DeleteObject",
    "s3:ListBucket",
    "s3:PutObjectTagging",
    "s3:GetObjectTagging"
  ],
  "Resource": [
    "arn:aws:s3:::open-webui-storage",
    "arn:aws:s3:::open-webui-storage/*"
  ]
}

Advanced Features

S3_USE_ACCELERATE_ENDPOINT=true
Requires S3 Transfer Acceleration to be enabled on the bucket.File: backend/open_webui/config.py:961
S3_ENABLE_TAGGING=true
Automatically tags objects with metadata for organization.File: backend/open_webui/config.py:965
S3_KEY_PREFIX=production/uploads/
Adds a prefix to all object keys for organization.File: backend/open_webui/config.py:959

Google Cloud Storage

Scalable object storage on Google Cloud Platform.

Installation

# Already included in requirements.txt
google-cloud-storage==3.9.0
File: backend/requirements.txt:112

Configuration

STORAGE_PROVIDER=gcs
GCS_BUCKET_NAME=open-webui-storage

# Authentication via JSON credentials
GOOGLE_APPLICATION_CREDENTIALS_JSON='{"type":"service_account",...}'
File: backend/open_webui/config.py:967

Service Account Setup

1

Create Service Account

In Google Cloud Console:
  1. Navigate to IAM & Admin > Service Accounts
  2. Create a new service account
  3. Grant “Storage Object Admin” role
2

Generate Key

  1. Click on the service account
  2. Go to Keys tab
  3. Add Key > Create new key
  4. Choose JSON format
3

Configure Open WebUI

Use the JSON key content in GOOGLE_APPLICATION_CREDENTIALS_JSON

Required IAM Roles

  • roles/storage.objectAdmin (or custom role with these permissions):
    • storage.objects.create
    • storage.objects.delete
    • storage.objects.get
    • storage.objects.list

Bucket Configuration

Recommended bucket settings: 
# Create bucket
gsutil mb -l us-central1 gs://open-webui-storage

# Set uniform bucket-level access
gsutil uniformbucketlevelaccess set on gs://open-webui-storage

# Optional: Enable versioning
gsutil versioning set on gs://open-webui-storage

Azure Blob Storage

Microsoft Azure’s object storage solution.

Installation

# Already included in requirements.txt
azure-storage-blob==12.28.0
azure-identity==1.25.1
File: backend/requirements.txt:103

Configuration

STORAGE_PROVIDER=azure

# Azure Storage Account
AZURE_STORAGE_ENDPOINT=https://mystorageaccount.blob.core.windows.net
AZURE_STORAGE_CONTAINER_NAME=open-webui
AZURE_STORAGE_KEY=your-storage-account-key
File: backend/open_webui/config.py:972

Authentication Methods

AZURE_STORAGE_KEY=your-64-char-key==
Find in Azure Portal > Storage Account > Access Keys

Container Setup

1

Create Storage Account

az storage account create \
  --name openwebuistorage \
  --resource-group open-webui-rg \
  --location eastus \
  --sku Standard_LRS
2

Create Container

az storage container create \
  --name open-webui \
  --account-name openwebuistorage
3

Configure Access

For managed identity:
az role assignment create \
  --role "Storage Blob Data Contributor" \
  --assignee <managed-identity-id> \
  --scope /subscriptions/<sub-id>/resourceGroups/open-webui-rg/providers/Microsoft.Storage/storageAccounts/openwebuistorage

Migration Between Storage Providers

Migrating storage providers requires manual file transfer. Plan for downtime during migration.

Migration Steps

1

Backup Current Storage

# For local storage
tar -czf backup.tar.gz /app/backend/data/uploads

# For S3
aws s3 sync s3://old-bucket ./backup/
2

Setup New Storage

Configure the new storage provider (create bucket/container, set permissions)
3

Transfer Files

aws s3 sync /app/backend/data/uploads s3://new-bucket/uploads/
4

Update Configuration

# Update environment variables
STORAGE_PROVIDER=s3  # or gcs, azure
# Add provider-specific configuration
5

Restart and Verify

docker restart open-webui

# Test file upload and retrieval

Cost Optimization

Lifecycle Policies

Configure automatic archival or deletion of old files

Storage Classes

Use infrequent access tiers for rarely accessed files

Compression

Enable compression for text files before upload

Deduplication

Implement file hashing to avoid duplicate uploads

S3 Lifecycle Example

<LifecycleConfiguration>
  <Rule>
    <ID>MoveToIA</ID>
    <Status>Enabled</Status>
    <Transition>
      <Days>90</Days>
      <StorageClass>STANDARD_IA</StorageClass>
    </Transition>
  </Rule>
</LifecycleConfiguration>

Troubleshooting

S3:
  • Verify IAM policy permissions
  • Check bucket policy
  • Ensure credentials are correct
GCS:
  • Verify service account has Storage Object Admin role
  • Check JSON credentials format
  • Ensure bucket exists and is accessible
Azure:
  • Verify storage account key or SAS token
  • Check container exists
  • Verify managed identity role assignment
  • Check network connectivity
  • Verify endpoint URL is correct
  • Check firewall rules
  • For S3: Verify region is correct
  • Check file size limits
  • Verify sufficient permissions
  • Check storage quota
  • Review application logs

Best Practices

  1. Security:
    • Use IAM roles instead of access keys when possible
    • Enable bucket/container encryption
    • Restrict public access
    • Rotate credentials regularly
  2. Performance:
    • Choose region close to your users/servers
    • Enable CDN for frequently accessed files
    • Use multipart uploads for large files
  3. Reliability:
    • Enable versioning
    • Configure backup/replication
    • Monitor storage metrics
    • Set up alerts for failures
  4. Cost:
    • Use lifecycle policies
    • Choose appropriate storage class
    • Monitor and optimize access patterns
    • Clean up unused files

References