Open WebUI should be configured for gateway auth security, model provider isolation, and prompt data governance.
Current Stable Version: v0.8.9 (March 2026)
| Variable | Default | Description |
|---|---|---|
WEBUI_AUTH |
true |
Disable login for single-user mode (false). ⚠️ Cannot be changed after initial setup |
⚠️ Warning: You cannot switch between single-user and multi-account mode after initial setup.
| Variable | Default | Description |
|---|---|---|
DATA_DIR |
/app/backend/data |
Data storage directory for all user data |
DATABASE_URL |
sqlite:////app/backend/data/webui.db |
Database connection string (SQLite default) |
VECTOR_DB |
chroma |
Vector database backend: chroma, pgvector, milvus, qdrant, elasticsearch, opensearch, pinecone, s3vector, oracle23ai |
CHROMA_HTTP_HOST |
- | External ChromaDB HTTP host (required for multi-worker) |
CHROMA_HTTP_PORT |
8000 |
External ChromaDB HTTP port |
CHROMA_TENANT |
default_tenant |
ChromaDB tenant name |
⚠️ Critical for Production: The default ChromaDB uses SQLite-backed storage that is NOT fork-safe. For multi-worker or multi-replica deployments, you must:
CHROMA_HTTP_HOST), ORVECTOR_DB: pgvector/milvus/qdrant)| Variable | Default | Description |
|---|---|---|
OLLAMA_BASE_URL |
http://localhost:11434 |
Single Ollama server URL |
OLLAMA_BASE_URLS |
- | Multiple Ollama servers (comma-separated) for load balancing |
OPENAI_API_BASE_URL |
https://api.openai.com/v1 |
OpenAI API base URL |
OPENAI_API_KEY |
- | OpenAI API key |
| Variable | Default | Description |
|---|---|---|
UVICORN_WORKERS |
1 |
Number of worker processes |
WEBUI_SECRET_KEY |
- | Secret key for session encryption (generate random string) |
⚠️ Multi-Worker Update Procedure: If UVICORN_WORKERS > 1:
UVICORN_WORKERS=1 before updates⚠️ For Kubernetes multi-replica deployments: Redis is required for session consistency.
| Variable | Default | Description |
|---|---|---|
CORS_ALLOW_ORIGIN |
* |
Allowed CORS origins (restrict in production) |
ENABLE_SIGNUP |
true |
Allow user registration (set false for private deployments) |
| Variable | Default | Description |
|---|---|---|
RAG_EMBEDDING_ENGINE |
- | Embedding engine: ollama, openai, etc. |
RAG_EMBEDDING_MODEL |
nomic-embed-text-v1.5 |
Embedding model name |
RAG_EMBEDDING_MODEL_TRUST_REMOTE_CODE |
false |
Allow remote code execution in embedding models |
| Variable | Default | Description |
|---|---|---|
WEBUI_NAME |
Open WebUI |
Custom instance name |
DEFAULT_LOCALE |
en |
Default language locale |
# Instance Configuration
OPENWEBUI_URL=https://openwebui.example.com
WEBUI_NAME="My AI Platform"
WEBUI_SECRET_KEY=replace-with-32-char-random-string
# Authentication
ENABLE_SIGNUP=false
# Model Providers
OLLAMA_BASE_URL=http://ollama:11434
OPENAI_API_BASE_URL=https://api.openai.com/v1
OPENAI_API_KEY=sk-your-api-key
# Database & Vector Storage
DATABASE_URL=postgresql://user:pass@postgres:5432/openwebui
VECTOR_DB=pgvector
# Multi-Worker Configuration
UVICORN_WORKERS=4
CHROMA_HTTP_HOST=chromadb
CHROMA_HTTP_PORT=8000
# Security
CORS_ALLOW_ORIGIN=https://openwebui.example.com
ENABLE_SIGNUP=false)WEBUI_SECRET_KEY (32+ random characters)CORS_ALLOW_ORIGIN to your domain⚠️ Critical: Default ChromaDB is SQLite-backed and NOT fork-safe. Concurrent writes from multiple workers will cause instant crashes.
services:
open-webui:
image: ghcr.io/open-webui/open-webui:v0.8.9
environment:
- UVICORN_WORKERS=4
- VECTOR_DB=chroma
- CHROMA_HTTP_HOST=chromadb
- CHROMA_HTTP_PORT=8000
depends_on:
- chromadb
chromadb:
image: chromadb/chroma:latest
volumes:
- chromadb:/chroma/chroma
services:
open-webui:
image: ghcr.io/open-webui/open-webui:v0.8.9
environment:
- UVICORN_WORKERS=4
- VECTOR_DB=pgvector
- DATABASE_URL=postgresql://user:pass@postgres:5432/openwebui
depends_on:
- postgres
postgres:
image: pgvector/pgvector:pg16
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pass
- POSTGRES_DB=openwebui
volumes:
- postgres:/var/lib/postgresql/data
# Required environment variables
env:
- name: UVICORN_WORKERS
value: "1" # Use 1 worker per pod, scale pods instead
- name: VECTOR_DB
value: "pgvector"
- name: REDIS_URL
value: "redis://redis:6379"
⚠️ Redis is required for session consistency in multi-replica Kubernetes deployments.
| Component | Location | Priority |
|---|---|---|
| User data | /app/backend/data |
Critical |
| Database | webui.db or PostgreSQL dump |
Critical |
| Vector indexes | ChromaDB data directory or external DB | Critical |
| Model configurations | Application settings | High |
| Secret metadata | Environment variables, secrets manager | Critical |
# Stop container
docker stop open-webui
# Backup volume
docker run --rm -v open-webui:/data -v $(pwd):/backup alpine tar czf /backup/open-webui-backup.tar.gz /data
# Restart container
docker start open-webui
# Stop container
docker stop open-webui
# Remove existing volume
docker volume rm open-webui
# Create new volume and restore
docker volume create open-webui
docker run --rm -v open-webui:/data -v $(pwd):/backup alpine tar xzf /backup/open-webui-backup.tar.gz -C /
# Restart container
docker start open-webui
WEBUI_SECRET_KEY set to strong random valueENABLE_SIGNUP=false for private deploymentsCORS_ALLOW_ORIGIN restricted to your domainUVICORN_WORKERS=1 before update (if multi-worker)Any questions?
Feel free to contact us. Find all contact information on our contact page.