OpenWebUI - 251128-justin
OpenWebUI Docker Compose Configuration
Reference ID: 251128-justin
Author: Justin
This page contains the docker-compose.yml configuration for Open WebUI, designed to run in front of a local or remote LLM backend (Ollama, llama.cpp, LM Studio, etc.).
Notes
- Typically placed behind an NGINX reverse proxy on a separate "edge" host that terminates HTTPS for your personal domain using Let's Encrypt and forwards traffic to this service on port 3000.
- The named volume
open-webui-datais bind-mounted to a specific host path on a backup-managed storage pool (TrueNAS/Synology). - Application data (users, chat history, uploads, settings, etc.) is expected to grow over time — easily 2–3 GB per year, especially if used for contract and document analysis.
docker-compose.yml
# docker-compose.yml for Open WebUI in front of a local/remote LLM backend
# - Designed to work with Ollama, llama.cpp servers, LM Studio, etc. via HTTP API
# - Typically placed behind an NGINX reverse proxy on a separate "edge" host
# that terminates HTTPS for your personal domain using Let's Encrypt and
# forwards traffic to this service on port 3000.
services:
open-webui:
image: ghcr.io/open-webui/open-webui:${WEBUI_DOCKER_TAG-main} # Use WEBUI_DOCKER_TAG env var; defaults to 'main' if not set
container_name: open-webui
ports:
- "3000:8080" # Expose container port 8080 on host port 3000; NGINX reverse proxy points here
environment:
# URL of your LLM backend:
# - For Ollama: use the HTTP endpoint reachable from this container.
# If Ollama is running as a Docker service on the same Docker network,
# you can reference it by service name, e.g. http://ollama:11434
# - For llama.cpp / LM Studio / other backends: point to their HTTP API
# URL (for example, http://llama-server:8080) as long as this
# container can reach it.
- OLLAMA_BASE_URL=http://ollama:11434
# Optional secret key for Open WebUI.
# - If **unset/empty**, Open WebUI will auto-generate a key on first start.
# - If **set**, all session cookies and tokens are signed with this value.
# Recommended for multi-user and production deployments.
# Best practice: set WEBUI_SECRET_KEY via your .env file or environment,
# not hard-coded here, e.g. WEBUI_SECRET_KEY=$(openssl rand -hex 32)
- WEBUI_SECRET_KEY=${WEBUI_SECRET_KEY:-}
volumes:
# Application data (users, chat history, uploads, settings, etc.).
# Expect this to grow over time, especially if used for contract and
# document analysis (easily 2-3 GB per year).
#
# We attach a *named* volume here, but map that named volume to a
# specific host path on a backup-managed storage pool (TrueNAS/Synology).
# See the `volumes:` section below for the bind configuration.
- open-webui-data:/app/backend/data
extra_hosts:
- host.docker.internal:host-gateway # Lets the container reach services on the Docker host
restart: unless-stopped # Auto-restart on crash or host reboot
volumes:
open-webui-data:
driver: local
driver_opts:
# Bind-mount this named volume to a specific host directory instead of
# using Docker's default volume location. This directory should live on
# storage that is:
# - regularly backed up (e.g., TrueNAS/Synology dataset or share)
# - easy to grow/migrate as data usage increases.
#
# Example: /mnt/truenas/open-webui-data is a ZFS dataset exported to the
# Docker host, or a mounted NFS/SMB share from a NAS.
type: none
o: bind
device: /mnt/truenas/open-webui-data
# To move or expand storage later:
# 1. Stop the stack: docker compose down
# 2. Copy data to a new path on your NAS/TrueNAS/Synology
# 3. Update `device:` to point to the new path
# 4. Start the stack again: docker compose up -d