从 Open-WebUI 服务器本地部署 继续讨论
相较老帖,本帖将 postgres、nginx 和 open-webui 全部使用 docker 安装,为避免 nginx 镜像启动时与系统冲突,建议重置系统后或使用新机安装,对于已在服务器安装 nginx 的佬友,请先停止 nginx 服务再运行镜像。
快速部署
安装Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
域名解析
为域名添加一个A记录指向服务器ip地址
下载证书
domain.com 为实际的域名地址
mkdir -p ~/open-webui/ssl/domain.com
然后前往 ZeroSSL 下载90天证书解压到 ~/open-webui/ssl/domain.com
unzip domain.com.zip && rm -f domain.com.zip
cd ..
配置文件
在目录 ~/open-webui 新建两个文件: docker-compose.yaml , nginx.conf
- docker-compose.yaml
根据需要修改 docker-compose.yaml 中的环境变量, 注意 API_URL 须以 /v1 结尾
点击查看 docker-compose.yaml
services:
postgres:
image: postgres:latest
container_name: postgres
environment:
POSTGRES_USER: myuser
POSTGRES_PASSWORD: mypassword
POSTGRES_DB: mydb
volumes:
- pgdata:/var/lib/postgresql/data
nginx:
image: nginx:latest
container_name: nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
open-webui:
image: ghcr.io/open-webui/open-webui:main
container_name: open-webui
restart: always
environment:
# 网页设置
- WEBUI_NAME=WelcomeAboard
- WEBUI_SECRET_KEY=1234567abcdefg
- WEBUI_URL=http://open-webui:8080
- DEFAULT_LOCALE=zh
- WEBUI_SESSION_COOKIE_SECURE=True
- SHOW_ADMIN_DETAILS=False
- ENABLE_ADMIN_CHAT_ACCESS=False
# 数据库设置
- DATABASE_POOL_SIZE=10
- DATABASE_POOL_MAX_OVERFLOW=20
- DATABASE_URL=postgresql://myuser:mypassword@postgres:5432/mydb
# 登录设置
- ENABLE_SIGNUP=False
- WEBUI_AUTH=True
# 对话设置
- ENABLE_OPENAI_API=True
- OPENAI_API_BASE_URL=************************************
- OPENAI_API_KEY=********************************************
- DEFAULT_MODELS=******************************************
- ENABLE_MODEL_FILTER=False
- MODEL_FILTER_LIST=claude-3-5-sonnet-20241022,claude-3-5-haiku-20241022,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307
# 文本嵌入设置
- RAG_OPENAI_API_BASE_URL=********************************
- RAG_OPENAI_API_KEY=****************************************
- RAG_EMBEDDING_MODEL=************************************
- RAG_EMBEDDING_ENGINE=openai
- RAG_FILE_MAX_SIZE=5
- PDF_EXTRACT_IMAGES=True
- CHUNK_SIZE=8000
- RAG_EMBEDDING_OPENAI_BATCH_SIZE=1
# 语音设置
- AUDIO_OPENAI_API_BASE_URL=******************************
- AUDIO_OPENAI_API_KEY=***********************************
- AUDIO_TTS_ENGINE=openai
- AUDIO_TTS_MODEL=tts-1
- AUDIO_TTS_VOICE=alloy
- AUDIO_STT_OPENAI_API_BASE_URL=**************************
- AUDIO_STT_OPENAI_API_KEY=*******************************
- AUDIO_STT_ENGINE=openai
- AUDIO_STT_MODEL=whisper-1
# 绘图设置
- ENABLE_IMAGE_GENERATION=True
- IMAGES_OPENAI_API_BASE_URL=**************************
- IMAGES_OPENAI_API_KEY=**********************************
- IMAGE_GENERATION_ENGINE=openai
- IMAGE_GENERATION_MODEL=******************************
- IMAGE_SIZE=1024x1024
# 第三方认证设置
- ENABLE_OAUTH_SIGNUP=True
- GOOGLE_CLIENT_ID=***************************************
- GOOGLE_CLIENT_SECRET=***********************************
- MICROSOFT_CLIENT_ID=************************************
- MICROSOFT_CLIENT_SECRET=********************************
- MICROSOFT_CLIENT_TENANT_ID=*****************************
# Ollama设置
- ENABLE_OLLAMA_API=True
- OLLAMA_BASE_URL=*****************************************
volumes:
- ./data:/app/backend/data
推荐使用 Open-WebUI 快速配置工具 直接生成 docker-compose.yaml
- nginx.conf
注意替换所有的 Open-WebUI_URL 为实际域名地址
点击查看 nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
# 优化:增加文件描述符限制
worker_rlimit_nofile 65535;
events {
worker_connections 4096; # 增加连接数
multi_accept on; # 允许一个 worker 同时接受多个新连接
use epoll; # 使用 epoll 事件模型,提高性能
}
http {
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 1024m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志设置
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript;
gzip_min_length 256; # 只压缩大于 256 字节的内容
# SSL 全局设置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_buffer_size 4k;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# 添加 open_file_cache 以缓存文件描述符
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Open-WebUI 服务配置
server {
listen 80;
server_name Open-WebUI_URL;
return 301 https://$host$request_uri; # HTTP 重定向到 HTTPS
}
server {
listen 443 ssl;
http2 on;
server_name Openweb_URL;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/Open-WebUI_URL/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/Open-WebUI_URL/private.key;
ssl_trusted_certificate /etc/nginx/ssl/Open-WebUI_URL/ca_bundle.crt;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
# 启用 HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 其他安全头部
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
location / {
proxy_pass http://open-webui:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# 优化代理缓冲
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# 优化代理超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}
运行服务
- 运行服务
docker compose up -d
- 查看日志
docker compose logs -f
- 停止服务
docker compose down
