40 KiB
sidebar_position | title |
---|---|
4 | 🌍 Environment Variable Configuration |
Overview
Open WebUI provides a large range of environment variables that allow you to customize and configure various aspects of the application. This page serves as a comprehensive reference for all available environment variables, providing their types, default values, and descriptions. As new variables are introduced, this page will be updated to reflect the growing configuration options.
:::info This page is up to date with Open WebUI release version v0.5.1, but is still a work in progress to later include more accurate descriptions, listing out options available for environment variables, defaults, and improving descriptions. :::
App/Backend
The following environment variables are used by backend/config.py
to provide Open WebUI startup
configuration. Please note that some variables may have different default values depending on
whether you're running Open WebUI directly or via Docker. For more information on logging
environment variables, see our logging documentation).
General
ENV
- Type:
str
(enum:dev
,prod
) - Options:
dev
- Enables the FastAPI API docs on/docs
prod
- Automatically configures several environment variables
- Default:
- Backend Default:
dev
- Docker Default:
prod
- Backend Default:
- Description: Environment setting.
CUSTOM_NAME
- Type:
str
- Description: Sets
WEBUI_NAME
but polls api.openwebui.com for metadata.
WEBUI_NAME
- Type:
str
- Default:
Open WebUI
- Description: Sets the main WebUI name. Appends
(Open WebUI)
if overridden.
WEBUI_URL
- Type:
str
- Default:
http://localhost:3000
- Description: Specifies the URL where the Open WebUI is reachable. Currently used for search engine support.
PORT
- Type:
int
- Default:
8080
- Description: Sets the port to run Open WebUI from.
:::info
If installed via Python, you must instead pass --port
as a command line argument.
:::
ENABLE_SIGNUP
- Type:
bool
- Default:
True
- Description: Toggles user account creation.
ENABLE_LOGIN_FORM
- Type:
bool
- Default:
True
- Description: Toggles email, password, sign in and "or" (only when
ENABLE_OAUTH_SIGNUP
is set to True) elements.
:::danger
This should only ever be set to False
when ENABLE_OAUTH_SIGNUP
is also being used and set to True
. Failure to do so will result in the inability to login.
:::
ENABLE_ADMIN_EXPORT
- Type:
bool
- Default:
True
- Description: Controls whether admin users can export data.
ENABLE_ADMIN_CHAT_ACCESS
- Type:
bool
- Default:
True
- Description: Enables admin users to access all chats.
ENABLE_CHANNELS
- Type:
bool
- Default:
False
- Description: Enables or disables channel support.
ADMIN_EMAIL
- Type:
str
- Description: Sets the admin email shown by
SHOW_ADMIN_DETAILS
SHOW_ADMIN_DETAILS
- Type:
bool
- Default:
True
- Description: Toggles whether to show admin user details in the interface.
BYPASS_MODEL_ACCESS_CONTROL
- Type:
bool
- Default:
False
- Description: Bypasses model access control.
DEFAULT_MODELS
- Type:
str
- Description: Sets a default Language Model.
DEFAULT_USER_ROLE
- Type:
str
(enum:pending
,user
,admin
) - Options:
pending
- New users are pending until their accounts are manually activated by an admin.user
- New users are automatically activated with regular user permissions.admin
- New users are automatically activated with administrator permissions.
- Default:
pending
- Description: Sets the default role assigned to new users.
DEFAULT_LOCALE
- Type:
str
- Default:
en
- Description: Sets the default locale for the application.
WEBHOOK_URL
- Type:
str
- Description: Sets a webhook for integration with Slack/Microsoft Teams.
WEBUI_BUILD_HASH
- Type:
str
- Default:
dev-build
- Description: Used for identifying the Git SHA of the build for releases.
WEBUI_BANNERS
- Type:
list
ofdict
- Default:
[]
- Description: List of banners to show to users. Format of banners are:
[{"id": "string","type": "string [info, success, warning, error]","title": "string","content": "string","dismissible": False,"timestamp": 1000}]
:::note
When setting this environment variable in a .env
file, make sure to escape the quotes by wrapping the entire value in double quotes and using escaped quotes (\"
) for the inner quotes. Example:
WEBUI_BANNERS="[{\"id\": \"1\", \"type\": \"warning\", \"title\": \"Your messages are stored.\", \"content\": \"Your messages are stored and may be reviewed by human people. LLM's are prone to hallucinations, check sources.\", \"dismissible\": true, \"timestamp\": 1000}]"
:::
JWT_EXPIRES_IN
- Type:
int
- Default:
-1
- Description: Sets the JWT expiration time in seconds. Valid time units:
s
,m
,h
,d
,w
or-1
for no expiration.
USE_CUDA_DOCKER
- Type:
bool
- Default:
False
- Description: Builds the Docker image with NVIDIA CUDA support. Enables GPU acceleration for local Whisper and embeddings.
AIOHTTP Client
AIOHTTP_CLIENT_TIMEOUT
- Type:
int
- Default:
300
- Description: Specifies the timeout duration in seconds for the aiohttp client. This impacts things such as connections to Ollama and OpenAI endpoints.
:::info
This is the maximum amount of time the client will wait for a response before timing out.
If set to an empty string (' '), the timeout will be set to None
, effectively disabling the timeout and
allowing the client to wait indefinitely.
:::
AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST
- Type:
int
- Description: Sets the timeout in seconds for fetching the OpenAI model list. This can be useful in cases where network latency requires a longer timeout duration to successfully retrieve the model list.
Directories
DATA_DIR
- Type:
str
- Default:
./data
- Description: Specifies the base directory for data storage, including uploads, cache, vector database, etc.
FONTS_DIR
- Type:
str
- Description: Specifies the directory for fonts.
FRONTEND_BUILD_DIR
- Type:
str
- Default:
../build
- Description: Specifies the location of the built frontend files.
STATIC_DIR
- Type:
str
- Default:
./static
- Description: Specifies the directory for static files, such as the favicon.
Ollama
ENABLE_OLLAMA_API
- Type:
bool
- Default:
True
- Description: Enables the use of Ollama APIs.
OLLAMA_BASE_URL
(OLLAMA_API_BASE_URL
is depreciated)
- Type:
str
- Default:
http://localhost:11434
- Docker Default:
- If
K8S_FLAG
is set:http://ollama-service.open-webui.svc.cluster.local:11434
- If
USE_OLLAMA_DOCKER=True
:http://localhost:11434
- Else
http://host.docker.internal:11434
- If
- Description: Configures the Ollama backend URL.
OLLAMA_BASE_URLS
- Type:
str
- Description: Configures load-balanced Ollama backend hosts, separated by
;
. SeeOLLAMA_BASE_URL
. Takes precedence overOLLAMA_BASE_URL
.
USE_OLLAMA_DOCKER
- Type:
bool
- Default:
False
- Description: Builds the Docker image with a bundled Ollama instance.
K8S_FLAG
- Type:
bool
- Default:
False
- Description: If set, assumes Helm chart deployment and sets
OLLAMA_BASE_URL
tohttp://ollama-service.open-webui.svc.cluster.local:11434
OpenAI
ENABLE_OPENAI_API
- Type:
bool
- Default:
True
- Description: Enables the use of OpenAI APIs.
OPENAI_API_BASE_URL
- Type:
str
- Default:
https://api.openai.com/v1
- Description: Configures the OpenAI base API URL.
OPENAI_API_BASE_URLS
- Type:
str
- Description: Supports balanced OpenAI base API URLs, semicolon-separated.
- Example:
http://host-one:11434;http://host-two:11434
OPENAI_API_KEY
- Type:
str
- Description: Sets the OpenAI API key.
OPENAI_API_KEYS
- Type:
str
- Description: Supports multiple OpenAI API keys, semicolon-separated.
- Example:
sk-124781258123;sk-4389759834759834
Tasks
TASK_MODEL
- Type:
str
- Description: The default model to use for tasks such as title and web search query generation when using Ollama models.
TASK_MODEL_EXTERNAL
- Type:
str
- Description: The default model to use for tasks such as title and web search query generation when using OpenAI-compatible endpoints.
TITLE_GENERATION_PROMPT_TEMPLATE
- Type:
str
- Description: Prompt to use when generating chat titles.
- Default:
Create a concise, 3-5 word title with an emoji as a title for the prompt in the given language. Suitable Emojis for the summary can be used to enhance understanding but avoid quotation marks or special formatting. RESPOND ONLY WITH THE TITLE TEXT.
Examples of titles:
📉 Stock Market Trends
🍪 Perfect Chocolate Chip Recipe
Evolution of Music Streaming
Remote Work Productivity Tips
Artificial Intelligence in Healthcare
🎮 Video Game Development Insights
Prompt: {{prompt:middletruncate:8000}}
TOOLS_FUNCTION_CALLING_PROMPT_TEMPLATE
- Type:
str
- Description: Prompt to use when calling tools.
- Default:
Available Tools: {{TOOLS}}\nReturn an empty string if no tools match the query. If a function tool matches, construct and return a JSON object in the format {\"name\": \"functionName\", \"parameters\": {\"requiredFunctionParamKey\": \"requiredFunctionParamValue\"}} using the appropriate tool and its parameters. Only return the object and limit the response to the JSON object without additional text.
Autocomplete
ENABLE_AUTOCOMPLETE_GENERATION
- Type:
bool
- Default:
False
- Description: Enables or disables autocomplete generation.
AUTOCOMPLETE_GENERATION_INPUT_MAX_LENGTH
- Type:
int
- Description: Sets the maximum input length for autocomplete generation.
AUTOCOMPLETE_GENERATION_PROMPT_TEMPLATE
- Type:
str
- Description: Sets the prompt template for autocomplete generation.
Evaluation Arena Model
ENABLE_EVALUATION_ARENA_MODELS
- Type:
bool
- Default:
True
- Description: Enables or disables evaluation arena models.
ENABLE_MESSAGE_RATING
- Type:
bool
- Default:
True
- Description: Enables message rating feature.
ENABLE_COMMUNITY_SHARING
- Type:
bool
- Default:
True
- Description: Controls whether users are shown the share to community button.
Tags Generation
ENABLE_TAGS_GENERATION
- Type:
bool
- Default:
True
- Description: Enables or disables tags generation.
TAGS_GENERATION_PROMPT_TEMPLATE
- Type:
str
- Description: Sets the prompt template for tags generation.
API Key Endpoint Restrictions
ENABLE_API_KEY_ENDPOINT_RESTRICTIONS
- Type:
bool
- Default:
False
- Description: Enables API key endpoint restrictions for added security and configurability.
API_KEY_ALLOWED_ENDPOINTS
- Type:
str
- Description: Specifies a comma-separated list of allowed API endpoints when API key endpoint restrictions are enabled.
:::note
The value of API_KEY_ALLOWED_ENDPOINTS
should be a comma-separated list of endpoint URLs, such as /api/v1/messages, /api/v1/channels
.
:::
Security Variables
ENABLE_FORWARD_USER_INFO_HEADERS
- type:
bool
- Default:
False
- Description: Forwards user information (name, id, email, and role) as X-headers to OpenAI API.
If enabled, the following headers are forwarded:
X-OpenWebUI-User-Name
X-OpenWebUI-User-Id
X-OpenWebUI-User-Email
X-OpenWebUI-User-Role
ENABLE_RAG_LOCAL_WEB_FETCH
- Type:
bool
- Default:
False
- Description: Enables local web fetching for RAG. Enabling this allows Server Side Request Forgery attacks against local network resources.
ENABLE_RAG_WEB_LOADER_SSL_VERIFICATION
- Type:
bool
- Default:
True
- Description: Bypass SSL Verification for RAG on Websites.
WEBUI_SESSION_COOKIE_SAME_SITE
- Type:
str
(enum:lax
,strict
,none
) - Options:
lax
- Sets theSameSite
attribute to lax, allowing session cookies to be sent with requests initiated by third-party websites.strict
- Sets theSameSite
attribute to strict, blocking session cookies from being sent with requests initiated by third-party websites.none
- Sets theSameSite
attribute to none, allowing session cookies to be sent with requests initiated by third-party websites, but only over HTTPS.
- Default:
lax
- Description: Sets the
SameSite
attribute for session cookies.
WEBUI_SESSION_COOKIE_SECURE
- Type:
bool
- Default:
False
- Description: Sets the
Secure
attribute for session cookies if set toTrue
.
WEBUI_AUTH
- Type:
bool
- Default:
True
- Description: This setting enables or disables authentication.
:::danger
If set to False
, authentication will be disabled for your Open WebUI instance. However, it's
important to note that turning off authentication is only possible for fresh installations without
any existing users. If there are already users registered, you cannot disable authentication
directly. Ensure that no users are present in the database, if you intend to turn off WEBUI_AUTH
.
:::
WEBUI_SECRET_KEY
- Type:
str
- Default:
t0p-s3cr3t
- Docker Default: Randomly generated on first start
- Description: Overrides the randomly generated string used for JSON Web Token.
OFFLINE_MODE
- Type:
bool
- Default:
False
- Description: Enables or disables offline mode.
RESET_CONFIG_ON_START
- Type:
bool
- Default:
False
- Description: Resets the
config.json
file on startup.
SAFE_MODE
- Type:
bool
- Default:
False
- Description: Enables safe mode, which disables potentially unsafe features, deactivating all functions.
CORS_ALLOW_ORIGIN
- Type:
str
- Default:
*
- Description: Sets the allowed origins for Cross-Origin Resource Sharing (CORS).
RAG_EMBEDDING_MODEL_TRUST_REMOTE_CODE
- Type:
bool
- Default:
False
- Description: Determines whether or not to allow custom models defined on the Hub in their own modeling files.
RAG_RERANKING_MODEL_TRUST_REMOTE_CODE
- Type:
bool
- Default:
False
- Description: Determines whether or not to allow custom models defined on the Hub in their own modeling files for reranking.
RAG_EMBEDDING_MODEL_AUTO_UPDATE
- Type:
bool
- Default:
False
- Description: Toggles automatic update of the Sentence-Transformer model.
RAG_RERANKING_MODEL_AUTO_UPDATE
- Type:
bool
- Default:
False
- Description: Toggles automatic update of the reranking model.
WHISPER_MODEL_AUTO_UPDATE
- Type:
bool
- Default:
False
- Description: Toggles automatic update of the Whisper model.
Retrieval Augmented Generation (RAG)
VECTOR_DB
- Type:
str
- Default:
chroma
- Description: Specifies which vector database system to use, either 'chroma' for ChromaDB or 'milvus' for Milvus. This setting determines which vector storage system will be used for managing embeddings.
RAG_EMBEDDING_ENGINE
- Type:
str
(enum:ollama
,openai
) - Options:
- Leave empty for
Default (SentenceTransformers)
- Uses SentenceTransformers for embeddings. ollama
- Uses the Ollama API for embeddings.openai
- Uses the OpenAI API for embeddings.
- Leave empty for
- Description: Selects an embedding engine to use for RAG.
RAG_EMBEDDING_MODEL
- Type:
str
- Default:
sentence-transformers/all-MiniLM-L6-v2
- Description: Sets a model for embeddings. Locally, a Sentence-Transformer model is used.
ENABLE_RAG_HYBRID_SEARCH
- Type:
bool
- Default:
False
- Description: Enables the use of ensemble search with
BM25
+ChromaDB
, with reranking usingsentence_transformers
models.
CONTENT_EXTRACTION_ENGINE
- Type:
str
(tika
) - Options:
- Leave empty to use default
tika
- Use a local Apache Tika server
- Description: Sets the content extraction engine to use for document ingestion.
RAG_TOP_K
- Type:
int
- Default:
5
- Description: Sets the default number of results to consider when using RAG.
RAG_RELEVANCE_THRESHOLD
- Type:
float
- Default:
0.0
- Description: Sets the relevance threshold to consider for documents when used with reranking.
RAG_TEMPLATE
- Type:
str
- Default:
You are given a user query, some textual context and rules, all inside xml tags. You have to answer the query based on the context while respecting the rules.
<context>
[context]
</context>
<rules>
- If you don't know, just say so.
- If you are not sure, ask for clarification.
- Answer in the same language as the user query.
- If the context appears unreadable or of poor quality, tell the user then answer as best as you can.
- If the answer is not in the context but you think you know the answer, explain that to the user then answer with your own knowledge.
- Answer directly and without using xml tags.
</rules>
<user_query>
[query]
</user_query>
- Description: Template to use when injecting RAG documents into chat completion
RAG_TEXT_SPLITTER
- Type:
str
- Description: Sets the text splitter for RAG models.
TIKTOKEN_CACHE_DIR
- Type:
str
- Description: Sets the directory for TikiToken cache.
TIKTOKEN_ENCODING_NAME
- Type:
str
- Description: Sets the encoding name for TikiToken.
CHUNK_SIZE
- Type:
int
- Default:
1500
- Description: Sets the document chunk size for embeddings.
CHUNK_OVERLAP
- Type:
int
- Default:
100
- Description: Specifies how much overlap there should be between chunks.
PDF_EXTRACT_IMAGES
- Type:
bool
- Default:
False
- Description: Extracts images from PDFs using OCR when loading documents.
RAG_FILE_MAX_SIZE
- Type:
int
- Default:
100
(100MB) - Description: Sets the maximum size of a file that can be uploaded for document ingestion.
RAG_FILE_MAX_COUNT
- Type:
int
- Default:
10
- Description: Sets the maximum number of files that can be uploaded at once for document ingestion.
RAG_RERANKING_MODEL
- Type:
str
- Description: Sets a model for reranking results. Locally, a Sentence-Transformer model is used.
RAG_OPENAI_API_BASE_URL
- Type:
str
- Default:
${OPENAI_API_BASE_URL}
- Description: Sets the OpenAI base API URL to use for RAG embeddings.
RAG_OPENAI_API_KEY
- Type:
str
- Default:
${OPENAI_API_KEY}
- Description: Sets the OpenAI API key to use for RAG embeddings.
RAG_EMBEDDING_OPENAI_BATCH_SIZE
- Type:
int
- Default:
1
- Description: Sets the batch size for OpenAI embeddings.
RAG_EMBEDDING_BATCH_SIZE
- Type:
int
- Description: Sets the batch size for embedding in RAG (Retrieval-Augmented Generator) models.
RAG_OLLAMA_API_KEY
- Type:
str
- Description: Sets the API key for Ollama API used in RAG models.
RAG_OLLAMA_BASE_URL
- Type:
str
- Description: Sets the base URL for Ollama API used in RAG models.
ENABLE_RETRIEVAL_QUERY_GENERATION
- Type:
bool
- Default:
True
- Description: Enables or disables retrieval query generation.
QUERY_GENERATION_PROMPT_TEMPLATE
- Type:
str
- Description: Sets the prompt template for query generation.
Apache Tika
TIKA_SERVER_URL
- Type:
str
- Default:
http://localhost:9998
- Description: Sets the URL for the Apache Tika server.
ChromaDB
CHROMA_TENANT
- Type:
str
- Default:
default_tenant
- Description: Sets the tenant for ChromaDB to use for RAG embeddings.
CHROMA_DATABASE
- Type:
str
- Default:
default_database
- Description: Sets the database in the ChromaDB tenant to use for RAG embeddings.
CHROMA_HTTP_HOST
- Type:
str
- Description: Specifies the hostname of a remote ChromaDB Server. Uses a local ChromaDB instance if not set.
CHROMA_HTTP_PORT
- Type:
int
- Default:
8000
- Description: Specifies the port of a remote ChromaDB Server.
CHROMA_HTTP_HEADERS
- Type:
str
- Description: Comma-separated list of HTTP headers to include with every ChromaDB request.
- Example:
Authorization=Bearer heuhagfuahefj,User-Agent=OpenWebUI
.
CHROMA_HTTP_SSL
- Type:
bool
- Default:
False
- Description: Controls whether or not SSL is used for ChromaDB Server connections.
CHROMA_CLIENT_AUTH_PROVIDER
- Type:
str
- Description: Specifies auth provider for remote ChromaDB Server.
- Example:
chromadb.auth.basic_authn.BasicAuthClientProvider
CHROMA_CLIENT_AUTH_CREDENTIALS
- Type:
str
- Description: Specifies auth credentials for remote ChromaDB Server.
- Example:
username:password
Google Drive
ENABLE_GOOGLE_DRIVE_INTEGRATION
- Type:
bool
- Default:
False
- Description: Enables or disables Google Drive integration. If set to true, and
GOOGLE_DRIVE_CLIENT_ID
&GOOGLE_DRIVE_API_KEY
are both configured, Google Drive will appear as an upload option in the chat UI.
GOOGLE_DRIVE_CLIENT_ID
- Type:
str
- Description: Sets the client ID for Google Drive (client must be configured with Drive API and Picker API enabled).
GOOGLE_DRIVE_API_KEY
- Type:
str
- Description: Sets the API key for Google Drive integration.
Milvus
MILVUS_URI
- Type:
str
- Default:
${DATA_DIR}/vector_db/milvus.db
- Description: Specifies the URI for connecting to the Milvus vector database. This can point to a local or remote Milvus server based on the deployment configuration.
OpenSearch
OPENSEARCH_CERT_VERIFY
- Type:
bool
- Default:
False
- Description: Enables or disables OpenSearch certificate verification.
OPENSEARCH_PASSWORD
- Type:
str
- Description: Sets the password for OpenSearch.
OPENSEARCH_SSL
- Type:
bool
- Default:
False
- Description: Enables or disables SSL for OpenSearch.
OPENSEARCH_URI
- Type:
str
- Description: Sets the URI for OpenSearch.
OPENSEARCH_USERNAME
- Type:
str
- Description: Sets the username for OpenSearch.
PGVector
PGVECTOR_DB_URL
- Type:
str
- Description: Sets the database URL for model storage.
Qdrant
QDRANT_API_KEY
- Type:
str
- Description: Sets the API key for Qdrant.
QDRANT_URI
- Type:
str
- Description: Sets the URI for Qdrant.
Web Search
ENABLE_RAG_WEB_SEARCH
- Type:
bool
- Default:
False
- Description: Enable web search toggle
ENABLE_SEARCH_QUERY_GENERATION
- Type:
bool
- Default:
True
- Description: Enables or disables search query generation.
RAG_WEB_SEARCH_RESULT_COUNT
- Type:
int
- Default:
3
- Description: Maximum number of search results to crawl.
RAG_WEB_SEARCH_CONCURRENT_REQUESTS
- Type:
int
- Default:
10
- Description: Number of concurrent requests to crawl web pages returned from search results.
RAG_WEB_SEARCH_ENGINE
- Type:
str
(enum:searxng
,google_pse
,brave
,kagi
,mojeek
,serpstack
,serper
,serply
,searchapi
,duckduckgo
,tavily
,jina
,bing
) - Options:
searxng
- Uses the SearXNG search engine.google_pse
- Uses the Google Programmable Search Engine.brave
- Uses the Brave search engine.kagi
- Uses the Kagi search engine.mojeek
- Uses the Mojeek search engine.serpstack
- Uses the Serpstack search engine.serper
- Uses the Serper search engine.serply
- Uses the Serply search engine.searchapi
- Uses the SearchAPI search engine.duckduckgo
- Uses the DuckDuckGo search engine.tavily
- Uses the Tavily search engine.jina
- Uses the Jina search engine.bing
- Uses the Bing search engine.
SEARXNG_QUERY_URL
- Type:
str
- Description: The SearXNG search API URL supporting JSON output.
<query>
is replaced with the search query. Example:http://searxng.local/search?q=<query>
GOOGLE_PSE_API_KEY
- Type:
str
- Description: Sets the API key for the Google Programmable Search Engine (PSE) service.
GOOGLE_PSE_ENGINE_ID
- Type:
str
- Description: The engine ID for the Google Programmable Search Engine (PSE) service.
BRAVE_SEARCH_API_KEY
- Type:
str
- Description: Sets the API key for the Brave Search API.
KAGI_SEARCH_API_KEY
- Type:
str
- Description: Sets the API key for Kagi Search API.
MOJEEK_SEARCH_API_KEY
- Type:
str
- Description: Sets the API key for Mojeek Search API.
SERPSTACK_API_KEY
- Type:
str
- Description: Sets the API key for Serpstack search API.
SERPSTACK_HTTPS
- Type:
bool
- Default:
True
- Description: Configures the use of HTTPS for Serpstack requests. Free tier requests are restricted to HTTP only.
SERPER_API_KEY
- Type:
str
- Description: Sets the API key for Serper search API.
SERPLY_API_KEY
- Type:
str
- Description: Sets the API key for Serply search API.
SEARCHAPI_API_KEY
- Type:
str
- Description: Sets the API key for SearchAPI.
SEARCHAPI_ENGINE
- Type:
str
- Description: Sets the SearchAPI engine.
TAVILY_API_KEY
- Type:
str
- Description: Sets the API key for Tavily search API.
JINA_API_KEY
- Type:
str
- Description: Sets the API key for Jina.
BING_SEARCH_V7_ENDPOINT
- Type:
str
- Description: Sets the endpoint for Bing Search API.
BING_SEARCH_V7_SUBSCRIPTION_KEY
- Type:
str
- Description: Sets the subscription key for Bing Search API.
YouTube Loader
YOUTUBE_LOADER_PROXY_URL
- Type:
str
- Description: Sets the proxy URL for YouTube loader.
YOUTUBE_LOADER_LANGUAGE
- Type:
str
- Default:
en
- Description: Sets the language to use for YouTube video loading.
Audio
Whisper Speech-to-Text (Local)
WHISPER_MODEL
- Type:
str
- Default:
base
- Description: Sets the Whisper model to use for Speech-to-Text. The backend used is faster_whisper with quantization to
int8
.
WHISPER_MODEL_DIR
- Type:
str
- Default:
${DATA_DIR}/cache/whisper/models
- Description: Specifies the directory to store Whisper model files.
Speech-to-Text (OpenAI)
AUDIO_STT_ENGINE
- Type:
str
(enum:openai
) - Options:
- Leave empty to use local Whisper engine for Speech-to-Text.
openai
- Uses OpenAI engine for Speech-to-Text.
- Description: Specifies the Speech-to-Text engine to use.
AUDIO_STT_MODEL
- Type:
str
- Default:
whisper-1
- Description: Specifies the Speech-to-Text model to use for OpenAI-compatible endpoints.
AUDIO_STT_OPENAI_API_BASE_URL
- Type:
str
- Default:
${OPENAI_API_BASE_URL}
- Description: Sets the OpenAI-compatible base URL to use for Speech-to-Text.
AUDIO_STT_OPENAI_API_KEY
- Type:
str
- Default:
${OPENAI_API_KEY}
- Description: Sets the OpenAI API key to use for Speech-to-Text.
Text-to-Speech
AUDIO_TTS_API_KEY
- Type:
str
- Description: Sets the API key for Text-to-Speech.
AUDIO_TTS_ENGINE
- Type:
str
(enum:elevenlabs
,openai
) - Options:
- Leave empty to use built-in WebAPI engine for Text-to-Speech.
elevenlabs
- Uses ElevenLabs engine for Text-to-Speechopenai
- Uses OpenAI engine for Text-to-Speech.
- Description: Specifies the Text-to-Speech engine to use.
AUDIO_TTS_MODEL
- Type:
str
- Default:
tts-1
- Description: Specifies the OpenAI text-to-speech model to use.
Azure Text-to-Speech
AUDIO_TTS_AZURE_SPEECH_OUTPUT_FORMAT
- Type:
str
- Description: Sets the output format for Azure Text to Speech.
AUDIO_TTS_AZURE_SPEECH_REGION
- Type:
str
- Description: Sets the region for Azure Text to Speech.
OpenAI Text-to-Speech
AUDIO_TTS_OPENAI_API_BASE_URL
- Type:
str
- Default:
${OPENAI_API_BASE_URL}
- Description: Sets the OpenAI-compatible base URL to use for text-to-speech.
AUDIO_TTS_OPENAI_API_KEY
- Type:
str
- Default:
${OPENAI_API_KEY}
- Description: Sets the API key to use for text-to-speech.
AUDIO_TTS_SPLIT_ON
- Type:
str
- Default:
punctuation
- Description: Sets the OpenAI text-to-speech split on to use.
AUDIO_TTS_VOICE
- Type:
str
- Default:
alloy
- Description: Sets the OpenAI text-to-speech voice to use.
Image Generation
ENABLE_IMAGE_GENERATION
- Type:
bool
- Default:
False
- Description: Enables or disables image generation features.
IMAGE_GENERATION_ENGINE
- Type:
str
(enum:openai
,comfyui
,automatic1111
) - Options:
openai
- Uses OpenAI DALL-E for image generation.comfyui
- Uses ComfyUI engine for image generation.automatic1111
- Uses Automatic1111 engine for image generation (default).
- Default:
automatic1111
- Description: Specifies the engine to use for image generation.
IMAGE_GENERATION_MODEL
- Type:
str
- Description: Default model to use for image generation
IMAGE_SIZE
- Type:
str
- Default:
512x512
- Description: Sets the default image size to generate.
IMAGE_STEPS
- Type:
int
- Default:
50
- Description: Sets the default iteration steps for image generation. Used for ComfyUI and AUTOMATIC1111.
AUTOMATIC1111
AUTOMATIC1111_API_AUTH
- Type:
str
- Description: Sets the Automatic1111 API authentication.
AUTOMATIC1111_BASE_URL
- Type:
str
- Description: Specifies the URL to Automatic1111's Stable Diffusion API.
AUTOMATIC1111_CFG_SCALE
- Type:
float
- Description: Sets the scale for Automatic1111 inference.
AUTOMATIC1111_SAMPLER
- Type:
str
- Description: Sets the sampler for Automatic1111 inference.
AUTOMATIC1111_SCHEDULER
- Type:
str
- Description: Sets the scheduler for Automatic1111 inference.
ComfyUI
COMFYUI_BASE_URL
- Type:
str
- Description: Specifies the URL to the ComfyUI image generation API.
COMFYUI_API_KEY
- Type:
str
- Description: Sets the API key for ComfyUI.
COMFYUI_WORKFLOW
- Type:
str
- Description: Sets the ComfyUI workflow.
OpenAI DALL-E
IMAGES_OPENAI_API_BASE_URL
- Type:
str
- Default:
${OPENAI_API_BASE_URL}
- Description: Sets the OpenAI-compatible base URL to use for DALL-E image generation.
IMAGES_OPENAI_API_KEY
- Type:
str
- Default:
${OPENAI_API_KEY}
- Description: Sets the API key to use for DALL-E image generation.
OAuth
ENABLE_OAUTH_SIGNUP
- Type:
bool
- Default:
False
- Description: Enables account creation when sighting up via OAuth. Distinct from
ENABLE_SIGNUP
.
ENABLE_API_KEY
- Type:
bool
- Default:
False
- Description: Enables API key authentication.
ENABLE_OAUTH_ROLE_MANAGEMENT
- Type:
bool
- Default:
False
- Description: Enables role management to oauth delegation.
ENABLE_OAUTH_GROUP_MANAGEMENT
- Type:
bool
- Default:
False
- Description: Enables or disables OAUTH group management.
OAUTH_MERGE_ACCOUNTS_BY_EMAIL
- Type:
bool
- Default:
False
- Description: If enabled, merges OAuth accounts with existing accounts using the same email address. This is considered unsafe as not all OAuth providers will verify email addresses and can lead to potential account takeovers.
OAUTH_USERNAME_CLAIM
- Type:
str
- Default:
name
- Description: Set username claim for OpenID.
OAUTH_EMAIL_CLAIM
- Type:
str
- Default:
email
- Description: Set email claim for OpenID.
OAUTH_PICTURE_CLAIM
- Type:
str
- Default:
picture
- Description: Set picture (avatar) claim for OpenID.
OAUTH_GROUP_CLAIM
- Type:
str
- Description: Specifies the group claim for OAUTH authentication.
OAUTH_ROLES_CLAIM
- Type:
str
- Default:
roles
- Description: Sets the roles claim to look for in the OIDC token.
OAUTH_SCOPES
- Type:
str
- Default:
openid email profile
- Description: Sets the scope for OIDC authentication.
openid
andemail
are required.
OAUTH_ALLOWED_DOMAINS
- Type:
str
- Description: Specifies the allowed domains for OAUTH authentication. (e.g. "example1.com,example2.com").
OAUTH_ALLOWED_ROLES
- Type:
str
- Default:
user,admin
- Description: Sets the roles that are allowed access to the platform.
OAUTH_ADMIN_ROLES
- Type:
str
- Default:
admin
- Description: Sets the roles that are considered administrators.
WEBUI_AUTH_TRUSTED_EMAIL_HEADER
- Type:
str
- Description: Defines the trusted request header for authentication. See SSO docs.
WEBUI_AUTH_TRUSTED_NAME_HEADER
- Type:
str
- Description: Defines the trusted request header for the username of anyone registering with the
WEBUI_AUTH_TRUSTED_EMAIL_HEADER
header. See SSO docs.
See https://support.google.com/cloud/answer/6158849?hl=en
GOOGLE_CLIENT_ID
- Type:
str
- Description: Sets the client ID for Google OAuth
GOOGLE_CLIENT_SECRET
- Type:
str
- Description: Sets the client secret for Google OAuth
GOOGLE_OAUTH_SCOPE
- Type:
str
- Default:
openid email profile
- Description: Sets the scope for Google OAuth authentication.
GOOGLE_REDIRECT_URI
- Type:
str
- Default:
<backend>/oauth/google/callback
- Description: Sets the redirect URI for Google OAuth
Microsoft
See https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
MICROSOFT_CLIENT_ID
- Type:
str
- Description: Sets the client ID for Microsoft OAuth
MICROSOFT_CLIENT_SECRET
- Type:
str
- Description: Sets the client secret for Microsoft OAuth
MICROSOFT_CLIENT_TENANT_ID
- Type:
str
- Description: Sets the tenant ID for Microsoft OAuth
MICROSOFT_OAUTH_SCOPE
- Type:
str
- Default:
openid email profile
- Description: Sets the scope for Microsoft OAuth authentication.
MICROSOFT_REDIRECT_URI
- Type:
str
- Default:
<backend>/oauth/microsoft/callback
- Description: Sets the redirect URI for Microsoft OAuth
OpenID (OIDC)
OAUTH_CLIENT_ID
- Type:
str
- Description: Sets the client ID for OIDC
OAUTH_CLIENT_SECRET
- Type:
str
- Description: Sets the client secret for OIDC
OPENID_PROVIDER_URL
- Type:
str
- Description: Path to the
.well-known/openid-configuration
endpoint
OAUTH_PROVIDER_NAME
- Type:
str
- Default:
SSO
- Description: Sets the name for the OIDC provider.
OPENID_REDIRECT_URI
- Type:
str
- Default:
<backend>/oauth/oidc/callback
- Description: Sets the redirect URI for OIDC
LDAP
ENABLE_LDAP
- Type:
bool
- Default:
False
- Description: Enables or disables LDAP authentication.
LDAP_APP_DN
- Type:
str
- Description: Sets the distinguished name for LDAP application.
LDAP_APP_PASSWORD
- Type:
str
- Description: Sets the password for LDAP application.
LDAP_ATTRIBUTE_FOR_USERNAME
- Type:
str
- Description: Sets the attribute to use as username for LDAP authentication.
LDAP_CA_CERT_FILE
- Type:
str
- Description: Sets the path to LDAP CA certificate file.
LDAP_CIPHERS
- Type:
str
- Description: Sets the ciphers to use for LDAP connection.
LDAP_SEARCH_BASE
- Type:
str
- Description: Sets the base to search for LDAP authentication.
LDAP_SEARCH_FILTER
- Type:
str
- Description: Sets the filter to use for LDAP search.
LDAP_SERVER_HOST
- Type:
str
- Description: Sets the hostname of LDAP server.
LDAP_SERVER_LABEL
- Type:
str
- Description: Sets the label of LDAP server.
LDAP_SERVER_PORT
- Type:
int
- Description: Sets the port number of LDAP server.
LDAP_USE_TLS
- Type:
bool
- Default:
False
- Description: Enables or disables TLS for LDAP connection.
Workspace Permissions
USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to access workspace models.
USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ACCESS
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to access workspace knowledge.
USER_PERMISSIONS_WORKSPACE_PROMPTS_ACCESS
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to access workspace prompts.
USER_PERMISSIONS_WORKSPACE_TOOLS_ACCESS
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to access workspace tools.
Chat Permissions
USER_PERMISSIONS_CHAT_FILE_UPLOAD
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to upload files to chats.
USER_PERMISSIONS_CHAT_DELETE
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to delete chats.
USER_PERMISSIONS_CHAT_EDIT
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to edit chats.
USER_PERMISSIONS_CHAT_TEMPORARY
- Type:
bool
- Default:
True
- Description: Enables or disables user permission to create temporary chats.
Misc Environment Variables
These variables are not specific to Open WebUI but can still be valuable in certain contexts.
Amazon S3 Storage
STORAGE_PROVIDER
- Type:
str
- Description: Sets the storage provider.
S3_ACCESS_KEY_ID
- Type:
str
- Description: Sets the access key ID for S3 storage.
S3_BUCKET_NAME
- Type:
str
- Description: Sets the bucket name for S3 storage.
S3_ENDPOINT_URL
- Type:
str
- Description: Sets the endpoint URL for S3 storage.
S3_REGION_NAME
- Type:
str
- Description: Sets the region name for S3 storage.
S3_SECRET_ACCESS_KEY
- Type:
str
- Description: Sets the secret access key for S3 storage.
Database Pool
DATABASE_URL
- Type:
str
- Default:
sqlite:///${DATA_DIR}/webui.db
- Description: Specifies the database URL to connect to.
:::info Supports SQLite and Postgres. Changing the URL does not migrate data between databases. Documentation on URL scheme available here. :::
DATABASE_POOL_SIZE
- Type:
int
- Default:
0
- Description: Specifies the size of the database pool. A value of
0
disables pooling.
DATABASE_POOL_MAX_OVERFLOW
- Type:
int
- Default:
0
- Description: Specifies the database pool max overflow.
:::info More information about this setting can be found here. :::
DATABASE_POOL_TIMEOUT
- Type:
int
- Default:
30
- Description: Specifies the database pool timeout in seconds to get a connection.
:::info More information about this setting can be found here. :::
DATABASE_POOL_RECYCLE
- Type:
int
- Default:
3600
- Description: Specifies the database pool recycle time in seconds.
:::info More information about this setting can be found here. :::
Redis
ENABLE_WEBSOCKET_SUPPORT
- Type:
bool
- Default:
False
- Description: Enables websocket support in Open WebUI (used with Redis).
WEBSOCKET_MANAGER
- Type:
str
- Default:
redis
- Description: Specifies the websocket manager to use (in this case, Redis).
WEBSOCKET_REDIS_URL
(REDIS_URL
exists for potential future use cases. In practice, it is recommended to set both.)
- Type:
str
- Default:
redis://localhost:6379/0
- Description: Specifies the URL of the Redis instance for websocket communication.
Proxy Settings
Open WebUI supports using proxies for HTTP and HTTPS retrievals. To specify proxy settings, Open WebUI uses the following environment variables:
http_proxy
- Type:
str
- Description: Sets the URL for the HTTP proxy.
https_proxy
- Type:
str
- Description: Sets the URL for the HTTPS proxy.
no_proxy
- Type:
str
- Description: Lists domain extensions (or IP addresses) for which the proxy should not be used, separated by commas. For example, setting no_proxy to '.mit.edu' ensures that the proxy is bypassed when accessing documents from MIT.