Open WebUI is a front-end gateway for local or remote model backends. Harden admin controls, model-provider secrets, and optional features like tools/functions before enabling multi-user access.
Current Stable Version: v0.8.9 (March 2026)
¶ 1) Authentication and Admin Scope
For private deployments, disable user registration:
ENABLE_SIGNUP=false
⚠️ Critical: The first account created during setup becomes the administrator.
- Restrict first-admin bootstrap path by controlling initial access
- Rotate default credentials immediately after setup
- Create additional admin accounts only when necessary
Open WebUI includes built-in RBAC:
| Role |
Permissions |
| Administrator |
Full system access, user management, settings |
| User |
Chat access, personal prompts, model selection (as permitted) |
| Pending |
No access until approved by administrator |
Best Practices:
- Limit administrator accounts to essential personnel
- Review admin access routinely
- Use principle of least privilege for user roles
- First account = Administrator; subsequent accounts = Pending approval
¶ MFA and SSO
- Enforce MFA/SSO where supported through your identity layer
- LDAP/Active Directory integration available
- OAuth providers supported (Google, GitHub, etc.)
- SCIM 2.0 automated provisioning for enterprise
¶ 2) Protect Provider Keys and Model Routing
Store OpenAI/Ollama/other provider keys in environment variables or secrets manager:
# Docker Compose example
services:
open-webui:
environment:
- OPENAI_API_KEY=${OPENAI_API_KEY} # Use .env file or secrets manager
- OLLAMA_BASE_URL=http://ollama:11434
- Restrict outbound network access to approved model endpoints
- Use firewall rules to limit egress traffic
- Separate staging and production instances with different credentials
- Run model backends (Ollama, etc.) on isolated network segments
- Sanitize shared prompts that might leak secrets in conversation history
- Review conversation logs before sharing externally
- Implement content filtering for sensitive data patterns
- Enable only required tools/functions
- Review community integrations before activation
- Log tool invocations and abnormal actions
- Disable native Python function calling if not needed
- Keep Open WebUI and backend connectors patched
- Review plugin permissions before installation
- Monitor plugin behavior for anomalies
- Use official plugins when available
¶ 4) Database and Data Security
Critical for Multi-Worker Deployments:
The default ChromaDB uses SQLite-backed storage that is NOT fork-safe.
Risks:
- Concurrent writes from multiple workers cause instant crashes
- Database corruption can occur during schema migrations
- Rolling updates are NOT supported due to schema incompatibility
Mitigation:
- Use external ChromaDB HTTP server for multi-worker setups
- Switch to PGVector, Milvus, or Qdrant for production
- Scale to
UVICORN_WORKERS=1 before updates
- Wait for migrations to complete before scaling up
- SQLite encryption available (configure via
DATABASE_URL)
- Use PostgreSQL with SSL for production
- Encrypt database backups at rest and in transit
- Set retention policy for chat logs and shared conversations
- Implement data purging for compliance (GDPR, etc.)
- Document data lifecycle management procedures
- Always use HTTPS for production deployments
- Terminate TLS at reverse proxy (nginx, traefik, caddy)
- Use strong cipher suites and TLS 1.2+ minimum
- Enable HSTS headers
CORS_ALLOW_ORIGIN=https://openwebui.example.com
- Restrict to your domain in production
- Never use
* in production environments
- Configure proper CORS headers at reverse proxy level
- Rate limit API endpoints
- Use API keys for programmatic access
- Monitor API usage for anomalies
- Implement request throttling
- Use versioned image tags (not
:main) for reproducibility
- Verify SBOM attestation (available v0.8.6+)
- Scan images for vulnerabilities before deployment
- Pull from trusted registries only
# Docker Compose security options
services:
open-webui:
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp
cap_drop:
- ALL
- Use named volumes instead of bind mounts when possible
- Set appropriate permissions on volume mounts
- Backup volumes regularly and test restore procedures
¶ 7) Monitoring and Logging
- OpenTelemetry native tracing enabled
- Monitor model inference errors, queue depth, and latency
- Set up alerts for authentication failures
- Track API usage and quota consumption
- Centralize logs for security analysis
- Retain logs per compliance requirements
- Redact sensitive information from logs
- Monitor for suspicious patterns
| Resource |
URL |
| Open WebUI Docs |
https://docs.openwebui.com/getting-started/quick-start/ |
| Open WebUI Source |
https://github.com/open-webui/open-webui |
| Open WebUI Security |
https://docs.openwebui.com/ |
Any questions?
Feel free to contact us. Find all contact information on our contact page.