current configuration

open-webui/docker-compose.yml

@@ -1,9 +1,26 @@
 services:
   openwebui:
-    image: ghcr.io/open-webui/open-webui:main
-    ports:
-      - "3000:8080"
+    image: ghcr.io/open-webui/open-webui:cuda
+    # ports:
+      # - "3000:8080"
     volumes:
       - open-webui:/app/backend/data
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: all
+              capabilities: [gpu]
+    env_file: ".env"
+    networks:
+      - caddynet
+
 volumes:
   open-webui:
+
+networks:
+  caddynet:
+    external: true

open-webui/env.example

@@ -0,0 +1,47 @@
+WEBUI_SECRET_KEY=
+
+ENABLE_PERSISTENT_CONFIG=true
+
+CORS_ALLOW_ORIGIN=
+
+
+# OAuth settings
+
+ENABLE_OAUTH_SIGNUP=True # If set to True, must pair with ENABLE_LOGIN_FORM=False
+ENABLE_LOGIN_FORM=False
+ENABLE_OAUTH_PERSISTENT_CONFIG=False
+# OAUTH_SUB_CLAIM=
+OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True
+# ENABLE_OAUTH_WITHOUT_EMAIL=False
+# OAUTH_UPDATE_PICTURE_ON_LOGIN=False
+# ENABLE_OAUTH_ID_TOKEN_COOKIE=True
+# ENABLE_OAUTH_TOKEN_EXCHANGE=False
+OAUTH_CLIENT_INFO_ENCRYPTION_KEY=
+
+ENABLE_PASSWORD_AUTH=False # this is labeled as a 'general' setting, but placed here because it implies ENABLE_OAUTH_SIGNUP=True (or login will be disabled completely).
+
+
+## OIDC specific settings
+
+OAUTH_CLIENT_ID=
+OAUTH_CLIENT_SECRET=
+OPENID_PROVIDER_URL=
+OPENID_REDIRECT_URI=
+OAUTH_SCOPES="openid email profile open-webui"
+# OAUTH_CODE_CHALLENGE_METHOD=""
+OAUTH_PROVIDER_NAME="Authentik"
+# OAUTH_USERNAME_CLAIM="name"
+# OAUTH_EMAIL_CLAIM="email"
+# OAUTH_PICTURE_CLAIM="picture"
+# OAUTH_GROUP_CLAIM="groups"
+# ENABLE_OAUTH_ROLE_MANAGEMENT=False
+# ENABLE_OAUTH_GROUP_MANAGEMENT=False
+# ENABLE_OAUTH_GROUP_CREATION=False
+# OAUTH_BLOCKED_GROUPS="[]"
+# OAUTH_ROLES_CLAIM="roles"
+# OAUTH_ALLOWED_ROLES="user,admin"
+# OAUTH_ADMIN_ROLES="admin"
+# OAUTH_ROLES_SEPARATOR=";"
+# OAUTH_ALLOWED_DOMAINS="*"
+# OAUTH_AUDIENCE=""
+