2026-04-01 21:31:12 +00:00
|
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
|
# OpenWebUI – core image / container
|
|
|
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
|
WEBUI_IMAGE=ghcr.io/open-webui/open-webui:main # default image
|
|
|
|
|
|
WEBUI_NAME=open-webui # container name
|
|
|
|
|
|
WEBUI_PORT=3000 # host port to expose
|
|
|
|
|
|
WEBUI_VOLUME=open-webui_data # persistent data volume
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
|
# OpenAI API key
|
|
|
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
|
OPENAI_API_KEY=sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------
|
|
|
|
|
|
# OIDC / Keycloak configuration
|
|
|
|
|
|
# ------------------------------------------------------------------
|
2026-04-01 22:23:12 +00:00
|
|
|
|
# General
|
|
|
|
|
|
WEBUI_URL=https://ai.example.com
|
|
|
|
|
|
|
|
|
|
|
|
# Keycloak / OIDC Settings
|
|
|
|
|
|
OAUTH_CLIENT_ID=open-webui
|
|
|
|
|
|
OAUTH_CLIENT_SECRET=your_keycloak_client_secret_here
|
|
|
|
|
|
OPENID_PROVIDER_URL=https://auth.example.com/realms/your-realm/.well-known/openid-configuration
|
|
|
|
|
|
OAUTH_PROVIDER_NAME=Keycloak
|
2026-04-01 22:36:20 +00:00
|
|
|
|
OPENID_REDIRECT_URI=https://open.example.com/oauth/oidc/callback
|
2026-04-01 22:23:12 +00:00
|
|
|
|
|
|
|
|
|
|
# Logic & Scopes
|
|
|
|
|
|
ENABLE_OAUTH_SIGNUP=true
|
|
|
|
|
|
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
|
|
|
|
|
|
OAUTH_SCOPES=openid email profile groups
|
|
|
|
|
|
OAUTH_CODE_CHALLENGE_METHOD=S256
|
|
|
|
|
|
|
|
|
|
|
|
# Role Management
|
|
|
|
|
|
ENABLE_OAUTH_ROLE_MANAGEMENT=true
|
|
|
|
|
|
OAUTH_ROLES_CLAIM=groups
|
|
|
|
|
|
OAUTH_ALLOWED_ROLES=openwebui,openwebui-admin
|
|
|
|
|
|
OAUTH_ADMIN_ROLES=openwebui-admin
|
2026-04-01 22:13:12 +00:00
|
|
|
|
LOG_LEVEL=debug
|