38 lines
1.5 KiB
Bash
38 lines
1.5 KiB
Bash
# ------------------------------------------------------------------
|
||
# OpenWebUI – core image / container
|
||
# ------------------------------------------------------------------
|
||
WEBUI_IMAGE=ghcr.io/open-webui/open-webui:main # default image
|
||
WEBUI_NAME=open-webui # container name
|
||
WEBUI_PORT=3000 # host port to expose
|
||
WEBUI_VOLUME=open-webui_data # persistent data volume
|
||
|
||
# ------------------------------------------------------------------
|
||
# OpenAI API key
|
||
# ------------------------------------------------------------------
|
||
OPENAI_API_KEY=sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||
|
||
# ------------------------------------------------------------------
|
||
# OIDC / Keycloak configuration
|
||
# ------------------------------------------------------------------
|
||
# General
|
||
WEBUI_URL=https://ai.example.com
|
||
|
||
# Keycloak / OIDC Settings
|
||
OAUTH_CLIENT_ID=open-webui
|
||
OAUTH_CLIENT_SECRET=your_keycloak_client_secret_here
|
||
OPENID_PROVIDER_URL=https://auth.example.com/realms/your-realm/.well-known/openid-configuration
|
||
OAUTH_PROVIDER_NAME=Keycloak
|
||
OPENID_REDIRECT_URI=https://open.example.com/oauth/oidc/callback
|
||
|
||
# Logic & Scopes
|
||
ENABLE_OAUTH_SIGNUP=true
|
||
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
|
||
OAUTH_SCOPES=openid email profile groups
|
||
OAUTH_CODE_CHALLENGE_METHOD=S256
|
||
|
||
# Role Management
|
||
ENABLE_OAUTH_ROLE_MANAGEMENT=true
|
||
OAUTH_ROLES_CLAIM=groups
|
||
OAUTH_ALLOWED_ROLES=openwebui,openwebui-admin
|
||
OAUTH_ADMIN_ROLES=openwebui-admin
|
||
LOG_LEVEL=debug |