adamf/web_server
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Add Open-WebUI service behind /openwebui/ admin gate
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 13m13s
Details

Browse Source 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Adam French
2026-04-30 15:51:27 +01:00
parent 3844a32751
commit 26a35719eb
4 changed files with 86 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docker-compose.yml
View File

@@ -14,6 +14,8 @@ volumes:
vue_dist: vue_dist:
# Searxng data # Searxng data
searxng_data: searxng_data:
# Open-WebUI data
openwebui_data:
services: services:
vue: vue:
@@ -41,6 +43,7 @@ services:
- hasura - hasura
- quartz - quartz
- searxng - searxng
- open-webui
networks: networks:
- app-network - app-network
ports: ports:
@@ -170,6 +173,21 @@ services:
volumes: volumes:
- searxng_data:/etc/searxng - searxng_data:/etc/searxng
open-webui:
image: ghcr.io/open-webui/open-webui:main
container_name: "${OPENWEBUI_HOST}"
restart: always
networks:
- app-network
env_file:
- ./.env
environment:
- OLLAMA_BASE_URL=${OLLAMA_BASE_URL}
- WEBUI_AUTH=False
- WEBUI_URL=https://www.${DOMAIN}/openwebui
volumes:
- openwebui_data:/app/backend/data
gitea: gitea:
image: docker.gitea.com/gitea:1.25.4-rootless image: docker.gitea.com/gitea:1.25.4-rootless
container_name: "${GITEA_HOST}" container_name: "${GITEA_HOST}"

4
nginx/entrypoint.sh
View File

@@ -13,13 +13,13 @@ if [ "$DEV_MODE" = "true" ]; then
-subj "/CN=localhost" 2>/dev/null -subj "/CN=localhost" 2>/dev/null
fi fi
# In dev mode, so use nginx_dev.conf.template # In dev mode, so use nginx_dev.conf.template
envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT} ${HASURA_HOST} ${HASURA_PORT} ${QUARTZ_HOST} ${QUARTZ_PORT} ${UPTIMEKUMA_HOST} ${UPTIMEKUMA_PORT} ${SEARXNG_HOST} ${SEARXNG_PORT} ${WALLABAG_HOST} ${WALLABAG_PORT}' \ envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT} ${HASURA_HOST} ${HASURA_PORT} ${QUARTZ_HOST} ${QUARTZ_PORT} ${UPTIMEKUMA_HOST} ${UPTIMEKUMA_PORT} ${SEARXNG_HOST} ${SEARXNG_PORT} ${WALLABAG_HOST} ${WALLABAG_PORT} ${OPENWEBUI_HOST} ${OPENWEBUI_PORT}' \
</etc/nginx/nginx_dev.conf.template \ </etc/nginx/nginx_dev.conf.template \
>/etc/nginx/nginx.conf >/etc/nginx/nginx.conf
elif [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then elif [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then
echo "Certificates found. Using production nginx config." echo "Certificates found. Using production nginx config."
# In production with certificates already existing, so use nginx.conf.template # In production with certificates already existing, so use nginx.conf.template
envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT} ${HASURA_HOST} ${HASURA_PORT} ${QUARTZ_HOST} ${QUARTZ_PORT} ${UPTIMEKUMA_HOST} ${UPTIMEKUMA_PORT} ${SEARXNG_HOST} ${SEARXNG_PORT} ${WALLABAG_HOST} ${WALLABAG_PORT}' \ envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT} ${HASURA_HOST} ${HASURA_PORT} ${QUARTZ_HOST} ${QUARTZ_PORT} ${UPTIMEKUMA_HOST} ${UPTIMEKUMA_PORT} ${SEARXNG_HOST} ${SEARXNG_PORT} ${WALLABAG_HOST} ${WALLABAG_PORT} ${OPENWEBUI_HOST} ${OPENWEBUI_PORT}' \
</etc/nginx/nginx.conf.template \ </etc/nginx/nginx.conf.template \
>/etc/nginx/nginx.conf >/etc/nginx/nginx.conf
else else

22
nginx/nginx.conf.template
View File

@@ -79,6 +79,7 @@ http {
set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT; set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT;
set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT; set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT;
set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT; set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT;
set $upstream_openwebui http://$OPENWEBUI_HOST:$OPENWEBUI_PORT;
root /etc/nginx/html; root /etc/nginx/html;
index index.html; index index.html;
@@ -288,6 +289,27 @@ http {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
location /openwebui {
return 301 /openwebui/;
}
location /openwebui/ {
auth_request /internal/auth/admin-validate;
error_page 401 403 = @auth_denied;
rewrite ^/openwebui/(.*)$ /$1 break;
proxy_pass $upstream_openwebui;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
} }

44
nginx/nginx_dev.conf.template
View File

@@ -52,6 +52,7 @@ http {
set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT; set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT;
set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT; set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT;
set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT; set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT;
set $upstream_openwebui http://$OPENWEBUI_HOST:$OPENWEBUI_PORT;
location /uploads/ { location /uploads/ {
alias /uploads/; alias /uploads/;
@@ -205,6 +206,27 @@ http {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
location /openwebui {
return 301 /openwebui/;
}
location /openwebui/ {
auth_request /internal/auth/admin-validate;
error_page 401 403 = @auth_denied;
rewrite ^/openwebui/(.*)$ /$1 break;
proxy_pass $upstream_openwebui;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
} }
@@ -221,6 +243,7 @@ http {
set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT; set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT;
set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT; set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT;
set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT; set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT;
set $upstream_openwebui http://$OPENWEBUI_HOST:$OPENWEBUI_PORT;
location /uploads/ { location /uploads/ {
alias /uploads/; alias /uploads/;
@@ -374,6 +397,27 @@ http {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
location /openwebui {
return 301 /openwebui/;
}
location /openwebui/ {
auth_request /internal/auth/admin-validate;
error_page 401 403 = @auth_denied;
rewrite ^/openwebui/(.*)$ /$1 break;
proxy_pass $upstream_openwebui;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
} }