You are Here
Step-by-Step Guide to Set Up HTTPS for Dockerized Open WebUI on Linux
Cyber Security DevOps Linux Method of Procedure Open Source Technologies Tech Guides

Step-by-Step Guide to Set Up HTTPS for Dockerized Open WebUI on Linux

Introduction

In this guide, i will walk you through the process of setting up HTTPS for your Dockerized Open WebUI application running on a linux server. By default, Open WebUI runs on port 8080 using plain HTTP, which is not secure. By configuring Nginx as a reverse proxy, we will enable HTTPS on port 443, ensuring that all traffic between the client and the server is encrypted. This setup enhances the security of your application by handling SSL/TLS encryption through Nginx, while Open WebUI continues to operate on port 8080 internally.

Objective

The objective of this guide is to provide a step-by-step procedure to:

  1. Install OpenSSL and generate SSL certificates.
  2. Configure Nginx to handle HTTPS traffic.
  3. Set up Docker containers for Nginx and Open WebUI.
  4. Ensure that the Nginx container automatically restarts if it stops or if the Docker daemon restarts.

By the end of this guide, you will have a secure HTTPS setup for your Open WebUI application, with Nginx acting as a reverse proxy to handle encrypted traffic.

Step 1: Organize Your Project Directory

  1. Create your project directory:
   # mkdir -p /path/to/your/project
  1. Navigate to your project directory:
   # cd /path/to/your/project
  1. Create the ssl subdirectory:
   # mkdir ssl

Step 2: Install OpenSSL

Install OpenSSL on your Linux server:

$ sudo apt-get update
$ sudo apt-get install openssl

Step 3: Generate SSL Certificates

Generate a self-signed SSL certificate using OpenSSL:

$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Step 4: Move the Certificate and Key Files

Move the SSL certificate and key files into the ssl subdirectory under your project directory:

# mv /etc/ssl/certs/nginx-selfsigned.crt /path/to/your/project/ssl/nginx-selfsigned.crt
# mv /etc/ssl/private/nginx-selfsigned.key /path/to/your/project/ssl/nginx-selfsigned.key

Step 5: Create an Nginx Configuration File

Create a configuration file for Nginx to handle HTTPS. Save this file as nginx.conf in your project directory:

server {
    listen 443 ssl;
    server_name your_domain_or_ip;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    location / {
        proxy_pass http://open-webui:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Step 6: Create a Dockerfile for Nginx

Create a file named Dockerfile to set up Nginx with the SSL configuration. Place this file in your project directory:

# Use the official Nginx image from the Docker Hub
FROM nginx:alpine

# Copy the Nginx configuration file to the container
COPY nginx.conf /etc/nginx/conf.d/default.conf

# Copy the SSL certificate and key to the container
COPY ssl/nginx-selfsigned.crt /etc/ssl/certs/nginx-selfsigned.crt
COPY ssl/nginx-selfsigned.key /etc/ssl/private/nginx-selfsigned.key

Step 7: Create a Docker Network

Create a Docker network to allow communication between the webui and nginx containers:

# docker network create webui-network

Step 8: Build and Run the Nginx Container

Navigate to your project directory and build the Nginx Docker image:

# cd /path/to/your/project
# docker build -t nginx-ssl .

Run the Nginx container, linking it to the Open WebUI container and ensuring it restarts automatically:

# docker run -d --network webui-network --name nginx-ssl -p 443:443 --restart always nginx-ssl

Step 9: Update Open WebUI Container

Run the Open WebUI container within the same network:

(Note: You might want to first stop, remove and run a fresh the open-webui container)

# docker run -d --network webui-network -v open-webui:/app/backend/data -e OLLAMA_BASE_URL=http://127.0.0.1:11434 --name open-webui --restart always ghcr.io/open-webui/open-webui:main

Step 10: Verify HTTPS Setup

Access your application via https://your_domain_or_ip to verify that HTTPS is working.

Summary

In this guide, i have walked you through the process of setting up HTTPS for your Dockerized Open WebUI application. By configuring Nginx as a reverse proxy, we enabled HTTPS on port 443, ensuring that all traffic between the client and the server is encrypted. Nginx handles the SSL/TLS encryption and forwards requests to Open WebUI running on port 8080 internally. This setup enhances the security of your application and ensures that the Nginx container automatically restarts if it stops or if the Docker daemon restarts.

About the Author

Joshua Makuru Nomwesigwa is a seasoned Telecommunications Engineer with vast experience in IP Technologies; he eats, drinks, and dreams IP packets. He is a passionate evangelist of the forth industrial revolution (4IR) a.k.a Industry 4.0 and all the technologies that it brings; 5G, Cloud Computing, BigData, Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT), Quantum Computing, etc. Basically, anything techie because a normal life is boring.

Read More
Spread the word:

Related Posts

Leave a Reply