-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathenv.example
More file actions
218 lines (163 loc) · 6.06 KB
/
env.example
File metadata and controls
218 lines (163 loc) · 6.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
# Open-WebUI Environment Configuration
# Copy this file to .env and modify the values as needed
# =============================================================================
# BASIC CONFIGURATION
# =============================================================================
# Container naming prefix
CONTAINER_NAME_PREFIX=openwebui
# Timezone configuration
TZ=America/New_York
# User and Group IDs for file permissions
PUID=3020
PGID=3020
# =============================================================================
# OPEN-WEBUI CONFIGURATION
# =============================================================================
# Open-WebUI version/tag
OPEN_WEBUI_VERSION=main
# Port for Open-WebUI web interface
OPEN_WEBUI_PORT=3000
# Secret key for sessions (generate a random string)
WEBUI_SECRET_KEY=your-secret-key-here
# Authentication settings
WEBUI_AUTH=true
ENABLE_SIGNUP=true
DEFAULT_USER_ROLE=user
# =============================================================================
# OAUTH / SSO AUTHENTICATION
# =============================================================================
# OAuth General Settings
ENABLE_OAUTH_SIGNUP=false
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=false
OAUTH_UPDATE_PICTURE_ON_LOGIN=false
ENABLE_LOGIN_FORM=true
# Generic OAuth/OIDC Provider (for custom providers like Keycloak, Okta, etc.)
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
OPENID_PROVIDER_URL=
OAUTH_PROVIDER_NAME=SSO
OAUTH_SCOPES=openid email profile
OPENID_REDIRECT_URI=
# Google OAuth
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_OAUTH_SCOPE=openid email profile
GOOGLE_REDIRECT_URI=
# Microsoft OAuth
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=
MICROSOFT_CLIENT_TENANT_ID=
MICROSOFT_OAUTH_SCOPE=openid email profile
MICROSOFT_REDIRECT_URI=
# GitHub OAuth
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_CLIENT_SCOPE=user:email
GITHUB_CLIENT_REDIRECT_URI=
# OAuth Role and Group Management
ENABLE_OAUTH_ROLE_MANAGEMENT=false
ENABLE_OAUTH_GROUP_MANAGEMENT=false
ENABLE_OAUTH_GROUP_CREATION=false
OAUTH_USERNAME_CLAIM=name
OAUTH_EMAIL_CLAIM=email
OAUTH_PICTURE_CLAIM=picture
OAUTH_GROUP_CLAIM=groups
OAUTH_ROLES_CLAIM=roles
OAUTH_ALLOWED_ROLES=user,admin
OAUTH_ADMIN_ROLES=admin
OAUTH_ALLOWED_DOMAINS=*
OAUTH_CODE_CHALLENGE_METHOD=
# Trusted Header Authentication (for reverse proxy SSO like Traefik, Authelia, etc.)
WEBUI_AUTH_TRUSTED_EMAIL_HEADER=
WEBUI_AUTH_TRUSTED_NAME_HEADER=
WEBUI_AUTH_TRUSTED_GROUPS_HEADER=
# Memory limit for Open-WebUI container
OPEN_WEBUI_MEMORY_LIMIT=2G
# =============================================================================
# AI MODEL PROVIDER API KEYS
# =============================================================================
# OpenAI API Key (optional)
OPENAI_API_KEY=
# Anthropic API Key (optional)
ANTHROPIC_API_KEY=
# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================
# Enable/disable PostgreSQL (1 to enable, 0 to disable - uses SQLite by default)
ENABLE_POSTGRES=1
# PostgreSQL version
POSTGRES_VERSION=15-alpine
# PostgreSQL credentials
POSTGRES_USER=openwebui
POSTGRES_PASSWORD=changeme
POSTGRES_DB=openwebui
# =============================================================================
# REDIS CONFIGURATION
# =============================================================================
# Enable/disable Redis (1 to enable, 0 to disable)
ENABLE_REDIS=1
# =============================================================================
# OAUTH/OPENID CONFIGURATION
# =============================================================================
# OAuth Client ID (from your identity provider)
OAUTH_CLIENT_ID=your_oauth_client_id
# OAuth Client Secret (from your identity provider)
OAUTH_CLIENT_SECRET=your_oauth_client_secret
# OpenID Provider Discovery URL
OPENID_PROVIDER_URL=https://your-auth-server.com/.well-known/openid-configuration
# OAuth Scopes to request
OAUTH_SCOPES=openid email profile
# Provider display name
OAUTH_PROVIDER_NAME=Your ID Provider
# OAuth Claim Mapping
OAUTH_USERNAME_CLAIM=preferred_username
OAUTH_EMAIL_CLAIM=email
OAUTH_PICTURE_CLAIM=picture
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
# Authentication Settings
ENABLE_OAUTH_SIGNUP=true
ENABLE_LOGIN_FORM=true
# =============================================================================
# NETWORK CONFIGURATION
# =============================================================================
# Swarm stack overlay network name
STACK_NETWORK_NAME=openwebui_stack
# External Traefik network name (must exist in the Swarm)
TRAEFIK_PUBLIC_NETWORK=traefik_public
# =============================================================================
# TRAEFIK DOMAIN CONFIGURATION
# =============================================================================
# Public domain (accessible from anywhere)
OPEN_WEBUI_PUBLIC_DOMAIN=chat.yourdomain.com
# Private domain (accessible only from whitelisted IPs)
OPEN_WEBUI_PRIVATE_DOMAIN=chat.home.yourdomain.com
# Certificate resolver (default: letsencrypt)
OPEN_WEBUI_CERT_RESOLVER=letsencrypt
# Number of Open-WebUI replicas in Swarm
OPEN_WEBUI_REPLICAS=1
# Custom network names for Open-WebUI stack
OPEN_WEBUI_APP_NETWORK=openwebui_app
OPEN_WEBUI_MODELS_NETWORK=openwebui_models
OPEN_WEBUI_DB_NETWORK=openwebui_db
# =============================================================================
# CLOUDFLARE TUNNEL CONFIGURATION (OPTIONAL)
# =============================================================================
# Enable/disable Cloudflare tunnel (1 to enable, 0 to disable)
ENABLE_OPEN_WEBUI_CLOUDFLARED=0
# Cloudflare tunnel token
OPEN_WEBUI_CLOUDFLARE_TUNNEL_TOKEN=
# =============================================================================
# VOLUME CONFIGURATION
# =============================================================================
# Open-WebUI data volume
OPEN_WEBUI_DATA_VOLUME_TYPE=
OPEN_WEBUI_DATA_VOLUME_OPTIONS=
OPEN_WEBUI_DATA_BASE=
# Redis data volume
REDIS_DATA_VOLUME_TYPE=
REDIS_DATA_VOLUME_OPTIONS=
REDIS_DATA_BASE=
# PostgreSQL data volume
POSTGRES_DATA_VOLUME_TYPE=
POSTGRES_DATA_VOLUME_OPTIONS=
POSTGRES_DATA_BASE=