close
Skip to content

add environment variable configuration for Open WebUI to disable auth #781

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ericcurtin merged 1 commit into from
Mar 24, 2026
Merged

add environment variable configuration for Open WebUI to disable auth #781

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion cmd/cli/commands/launch.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ var containerApps = map[string]containerApp{
envFn: anythingllmEnv,
extraDockerArgs: []string{"-v", "anythingllm_storage:/app/server/storage"},
},
"openwebui": {defaultImage: "ghcr.io/open-webui/open-webui:latest", defaultHostPort: 3000, containerPort: 8080, envFn: openaiEnv(openaiPathSuffix)},
"openwebui": {defaultImage: "ghcr.io/open-webui/open-webui:latest", defaultHostPort: 3000, containerPort: 8080, envFn: openwebuiEnv},
}

// hostApp describes a native CLI app launched on the host.
Expand Down Expand Up @@ -397,6 +397,11 @@ func openaiEnv(suffix string) func(string) []string {
}
}

// openwebuiEnv returns environment variables for Open WebUI with Docker Model Runner.
func openwebuiEnv(baseURL string) []string {
return append(openaiEnv(openaiPathSuffix)(baseURL), "WEBUI_AUTH=false")
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

Setting WEBUI_AUTH=false by default significantly impacts the security posture of the Open WebUI application by disabling authentication. While this aligns with the pull request's objective, it's crucial to ensure that users are explicitly aware of this default behavior and its security implications, especially if the application is exposed to untrusted networks. Consider adding a prominent note in the documentation or CLI output when launching Open WebUI with this setting, advising users on how to re-enable authentication if needed for production environments.

}

// anythingllmEnv returns environment variables for AnythingLLM with Docker Model Runner provider.
func anythingllmEnv(baseURL string) []string {
return []string{
Expand Down
8 changes: 8 additions & 0 deletions cmd/cli/commands/launch_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -551,6 +551,13 @@ func TestListSupportedApps(t *testing.T) {
require.Contains(t, output, "openwebui")
}

func TestOpenWebuiEnvIncludesWebuiAuth(t *testing.T) {
env := openwebuiEnv(testBaseURL)
require.Contains(t, env, "WEBUI_AUTH=false")
require.Contains(t, env, "OPENAI_API_BASE="+testBaseURL+openaiPathSuffix)
require.Contains(t, env, "OPENAI_API_KEY="+dummyAPIKey)
}

func TestPrintAppConfigContainerApp(t *testing.T) {
buf := new(bytes.Buffer)
cmd := newTestCmd(buf)
Expand All @@ -564,6 +571,7 @@ func TestPrintAppConfigContainerApp(t *testing.T) {
require.Contains(t, output, "container app")
require.Contains(t, output, "ghcr.io/open-webui/open-webui:latest")
require.Contains(t, output, "OPENAI_API_BASE")
require.Contains(t, output, "WEBUI_AUTH=false")
}

func TestPrintAppConfigContainerAppOverrides(t *testing.T) {
Expand Down
Loading