开始之前
服务器
- 购买的服务器地区选择东亚地区
- 服务器配置推荐4核4g,至少2核2g
- 开放ipv6和udp
- 开放需要的端口
域名
- 购买的域名选择简短方便记忆的
- 添加 A 记录指向服务器的ip地址
系统
- 本教程使用的是 Debian
- 请先了解 Linux 系统简单操作,知道 ssh 和 vi 以及 docker 等的基本操作
安装 Postgres
请务必替换 myuser、mypassword 和 mydb 分别为数据库的 用户名、密码 以及 数据库名
sudo apt update && sudo apt install -y postgresql postgresql-contrib && sudo systemctl start postgresql && sudo systemctl enable postgresql && sudo -u postgres psql -c "CREATE USER myuser WITH ENCRYPTED PASSWORD 'mypassword';" && sudo -u postgres psql -c "CREATE DATABASE mydb;" && sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE mydb TO myuser;" && sudo sed -i "/^#listen_addresses/i\listen_addresses = '*'" /etc/postgresql/$(ls /etc/postgresql)/main/postgresql.conf && echo "host all all 0.0.0.0/0 md5" | sudo tee -a /etc/postgresql/$(ls /etc/postgresql)/main/pg_hba.conf && sudo systemctl restart postgresql
该步骤涉及到环境变量 :
DATABASE_URL=postgresql://myuser:mypassword@ip:5432/mydb
安装 Nginx
前往 ZeroSSL 下载90天免费证书并将压缩包复制到服务器当前目录
以下代码主要参考了 Nginx官网 Linux 包安装指南,请务必替换 domain.com 为您的域名
sudo apt-get update && sudo apt-get install -y ufw && sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring && curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list && echo -e "Package: *\nPin: origin nginx.org\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx && sudo apt update && sudo apt install -y nginx && sudo ufw allow 22 && sudo ufw allow 80&& sudo ufw allow 443 && sudo ufw reload && sudo systemctl start nginx && sudo systemctl enable nginx && unzip domain.com && sudo mkdir -p /etc/nginx/ssl/domain.com && sudo cp ./*.crt /etc/nginx/ssl/domain.com && sudo cp ./*.key /etc/nginx/ssl/domain.com/ && sudo nginx -t && sudo systemctl reload nginx
安装 Docker
请务必替换 user@2024 为您的用户名,2024@user 为您的密码
sudo adduser --disabled-password --gecos "" user@2024 && echo "user@2024:2024@user" | sudo chpasswd && sudo usermod -aG sudo user@2024 && sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && sudo apt-get update && sudo apt-get install -y docker-ce && sudo usermod -aG docker user@2024
完成后需要等待一段时间,中途卡住就摁Enter键,安装完成后退出使用新的用户名登录
安装 Open-WebUI
使用 docker compose 直接安装,以下代码主要参考了 OpenWeb-UI 环境变量参数
注意 BASE_URL 都要以 /v1 结尾,如:https://api.openai.com/v1
docker-compose.yaml
services:
open-webui:
image: ghcr.io/open-webui/open-webui:main
container_name: open-webui
restart: always
ports:
- "127.0.0.1:3000:8080"
environment:
# 网页设置
- WEBUI_NAME=WelcomeAboard
- WEBUI_SECRET_KEY=1234567abcdefg
- WEBUI_URL=http://localhost:3000
- DEFAULT_LOCALE=zh
- WEBUI_SESSION_COOKIE_SECURE=True
- SHOW_ADMIN_DETAILS=False
- ENABLE_ADMIN_CHAT_ACCESS=False
# 数据库设置
- DATABASE_POOL_SIZE=10
- DATABASE_POOL_MAX_OVERFLOW=20
- DATABASE_URL=postgresql://myuser:mypassword@ip:5432/mydb
# 登录设置
- ENABLE_SIGNUP=False
- WEBUI_AUTH=True
# 对话设置
- ENABLE_OPENAI_API=True
- OPENAI_API_BASE_URL=************************************
- OPENAI_API_KEY=********************************************
- DEFAULT_MODELS=******************************************
- ENABLE_MODEL_FILTER=False
- MODEL_FILTER_LIST=claude-3-5-sonnet-20241022,claude-3-5-haiku-20241022,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307
# 文本嵌入设置
- RAG_OPENAI_API_BASE_URL=********************************
- RAG_OPENAI_API_KEY=****************************************
- RAG_EMBEDDING_MODEL=************************************
- RAG_EMBEDDING_ENGINE=openai
- RAG_FILE_MAX_SIZE=5
- PDF_EXTRACT_IMAGES=True
- CHUNK_SIZE=8000
- RAG_EMBEDDING_OPENAI_BATCH_SIZE=1
# 语音设置
- AUDIO_OPENAI_API_BASE_URL=******************************
- AUDIO_OPENAI_API_KEY=***********************************
- AUDIO_TTS_ENGINE=openai
- AUDIO_TTS_MODEL=tts-1
- AUDIO_TTS_VOICE=alloy
- AUDIO_STT_OPENAI_API_BASE_URL=**************************
- AUDIO_STT_OPENAI_API_KEY=*******************************
- AUDIO_STT_ENGINE=openai
- AUDIO_STT_MODEL=whisper-1
# 绘图设置
- ENABLE_IMAGE_GENERATION=True
- IMAGES_OPENAI_API_BASE_URL=**************************
- IMAGES_OPENAI_API_KEY=**********************************
- IMAGE_GENERATION_ENGINE=openai
- IMAGE_GENERATION_MODEL=******************************
- IMAGE_SIZE=1024x1024
# 第三方认证设置
- ENABLE_OAUTH_SIGNUP=True
- GOOGLE_CLIENT_ID=***************************************
- GOOGLE_CLIENT_SECRET=***********************************
- MICROSOFT_CLIENT_ID=************************************
- MICROSOFT_CLIENT_SECRET=********************************
- MICROSOFT_CLIENT_TENANT_ID=*****************************
# Ollama设置
- ENABLE_OLLAMA_API=True
- OLLAMA_BASE_URL=*****************************************
volumes:
- ./data:/app/backend/data
配置 Nginx
这里直接引用了 有关OpenWebUI响应速度的优化-nginx配置
请替换 /etc/nginx/nginx.conf 为如下,注意替换CHAT_URL为您的域名
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
# 优化:增加文件描述符限制
worker_rlimit_nofile 65535;
events {
worker_connections 4096; # 增加连接数
multi_accept on; # 允许一个 worker 同时接受多个新连接
use epoll; # 使用 epoll 事件模型,提高性能
}
http {
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 1024m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志设置
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript;
gzip_min_length 256; # 只压缩大于 256 字节的内容
# SSL 全局设置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_buffer_size 4k;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# 添加 open_file_cache 以缓存文件描述符
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Open-WebUI 服务配置
server {
listen 80;
server_name Open-WebUI_URL;
return 301 https://$host$request_uri; # HTTP 重定向到 HTTPS
}
server {
listen 443 ssl;
server_name Open-WebUI_URL;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/Open-WebUI_URL/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/Open-WebUI_URL/private.key;
ssl_trusted_certificate /etc/nginx/ssl/Open-WebUI_URL/ca_bundle.crt;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
# 启用 HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 其他安全头部
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
location / {
proxy_pass http://localhost:3000; # 替换为Open-WebUI服务的地址
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# 优化代理缓冲
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# 优化代理超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}
