{"id":44378372,"url":"https://github.com/mhajder/openwebui-stack","last_synced_at":"2026-02-11T21:35:53.529Z","repository":{"id":331374053,"uuid":"1126370332","full_name":"mhajder/openwebui-stack","owner":"mhajder","description":"Docker Compose stack for Open WebUI with LiteLLM proxy, observability, and security best practices.","archived":false,"fork":false,"pushed_at":"2026-01-01T20:03:57.000Z","size":69,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-07T04:20:28.152Z","etag":null,"topics":["ai","docker","docker-compose","litellm","open-webui","openwebui","otel","qdrant","traefik"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhajder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-01T19:07:34.000Z","updated_at":"2026-01-05T10:42:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mhajder/openwebui-stack","commit_stats":null,"previous_names":["mhajder/openwebui-stack"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/mhajder/openwebui-stack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhajder%2Fopenwebui-stack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhajder%2Fopenwebui-stack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhajder%2Fopenwebui-stack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhajder%2Fopenwebui-stack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhajder","download_url":"https://codeload.github.com/mhajder/openwebui-stack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhajder%2Fopenwebui-stack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29345635,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T20:11:40.865Z","status":"ssl_error","status_checked_at":"2026-02-11T20:10:41.637Z","response_time":97,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","docker","docker-compose","litellm","open-webui","openwebui","otel","qdrant","traefik"],"created_at":"2026-02-11T21:35:51.003Z","updated_at":"2026-02-11T21:35:53.524Z","avatar_url":"https://github.com/mhajder.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Open WebUI Stack\n\nDocker Compose stack for [Open WebUI](https://github.com/open-webui/open-webui) with LiteLLM proxy, observability, and security best practices.\n\n## Architecture\n\n```mermaid\ngraph TB\n    Internet[Internet]\n    Traefik[Traefik\u003cbr/\u003eReverse Proxy]\n    OpenWebUI[Open WebUI]\n    LiteLLM[LiteLLM\u003cbr/\u003eProxy]\n    LGTM[LGTM Stack\u003cbr/\u003eGrafana/Loki/Tempo/Mimir]\n    Qdrant[Qdrant\u003cbr/\u003eVector DB]\n    Valkey[Valkey\u003cbr/\u003eShared Cache]\n    PostgreSQL[PostgreSQL\u003cbr/\u003eShared DB]\n    OTEL[OpenTelemetry\u003cbr/\u003eCollector]\n    Exporters[Exporters\u003cbr/\u003eNode/PostgreSQL/GPU]\n    \n    Internet --\u003e|HTTPS| Traefik\n    Traefik --\u003e OpenWebUI\n    Traefik --\u003e LiteLLM\n    Traefik --\u003e LGTM\n    \n    OpenWebUI --\u003e Qdrant\n    OpenWebUI --\u003e Valkey\n    OpenWebUI --\u003e LiteLLM\n    \n    LiteLLM --\u003e Valkey\n    LiteLLM --\u003e PostgreSQL\n    \n    Exporters --\u003e PostgreSQL\n    Exporters --\u003e OTEL\n    OTEL --\u003e LGTM\n```\n\n## Features\n\n- **Traefik Reverse Proxy**: Automatic HTTPS with self-signed certificates generated by Traefik, HTTP to HTTPS redirect\n- **LiteLLM Proxy**: Unified gateway for multiple LLM providers (OpenAI, Anthropic, Gemini, Ollama)\n- **LGTM Observability Stack**: Grafana, Loki, Tempo, Mimir for logs, traces, and metrics\n- **Qdrant Vector Database**: Production-ready vector search for RAG\n- **PostgreSQL**: Shared database for Open WebUI and LiteLLM\n- **OpenTelemetry**: Full observability with distributed tracing\n- **Security**: Network isolation, secure headers, rate limiting\n\n##  Quick Start\n\n### Prerequisites\n\n- Docker Engine 24.0+\n- Docker Compose v2.20+\n- 8GB+ RAM recommended\n- (Optional) NVIDIA GPU with drivers for GPU metrics\n\n### Installation\n\n1. **Clone the repository**\n   ```bash\n   git clone https://github.com/mhajder/openwebui-stack.git\n   cd openwebui-stack\n   ```\n\n2. **Run the setup script**\n   ```bash\n   chmod +x scripts/*.sh\n   ./scripts/setup.sh\n   ```\n\nIn `docker-compose.yml` change `ENABLE_SIGNUP` to `true` if you want to register the first admin user via Open WebUI. You can disable it again after the first user is created.\n\n3. **Start the stack**\n   ```bash\n   docker compose --profile monitoring --profile gpu up -d\n   ```\n\n4. **Access the services**\n   - Open WebUI: https://localhost\n   - Grafana: https://grafana.localhost\n   - LiteLLM: https://litellm.localhost\n\n### Local Domain Resolution\n\nAdd these entries to your `/etc/hosts`:\n```\n127.0.0.1 localhost grafana.localhost litellm.localhost traefik.localhost\n```\n\n## Configuration\n\n### Environment Variables\n\nKey environment variables in `.env`:\n\n| Variable | Description | Example |\n|----------|-------------|---------|\n| `COMPOSE_PROJECT_NAME` | Docker Compose project name | `openwebui-stack` |\n| `DOMAIN` | Base domain for services | `localhost` or `example.com` |\n| `POSTGRES_USER` | PostgreSQL admin user | `postgres` |\n| `POSTGRES_PASSWORD` | PostgreSQL admin password | Generated by setup script |\n| `OPENWEBUI_DB_NAME` | Open WebUI database name | `openwebui` |\n| `OPENWEBUI_DB_USER` | Open WebUI database user | `openwebui` |\n| `OPENWEBUI_DB_PASSWORD` | Open WebUI database password | Generated by setup script |\n| `LITELLM_DB_NAME` | LiteLLM database name | `litellm` |\n| `LITELLM_DB_USER` | LiteLLM database user | `litellm` |\n| `LITELLM_DB_PASSWORD` | LiteLLM database password | Generated by setup script |\n| `OPENWEBUI_SECRET_KEY` | Secret key for Open WebUI sessions | Generated by setup script |\n| `LITELLM_MASTER_KEY` | Master API key for LiteLLM | Generated by setup script |\n| `LITELLM_SALT_KEY` | Salt key for LiteLLM encryption | Generated by setup script |\n| `TRAEFIK_DASHBOARD_USER` | Traefik dashboard username | `admin` |\n| `TRAEFIK_DASHBOARD_PASSWORD` | Traefik dashboard password (plain) | Generated by setup script |\n| `TRAEFIK_DASHBOARD_PASSWORD_HASH` | Traefik dashboard password (apr1 hash) | Auto-generated by setup script |\n| `GF_SECURITY_ADMIN_PASSWORD` | Grafana admin password | Generated by setup script |\n\n### Services Overview\n\n#### Core Services\n\n- **Traefik**: Reverse proxy with automatic HTTPS, routing, and load balancing\n- **Open WebUI**: Web UI for interacting with LLMs\n- **LiteLLM**: Unified gateway for multiple LLM providers\n- **PostgreSQL**: Shared relational database for Open WebUI and LiteLLM\n- **Valkey**: High-performance Redis alternative for caching and sessions\n\n#### Storage \u0026 Search\n\n- **Qdrant**: Vector database for semantic search and RAG operations\n\n#### Observability (LGTM Stack)\n\n- **LGTM** (Grafana OTel): Integrated stack providing:\n  - **Prometheus/Mimir**: Metrics collection and storage\n  - **Loki**: Centralized log aggregation\n  - **Tempo**: Distributed tracing\n  - **Grafana**: Visualization and dashboards\n\n#### Exporters \u0026 Collectors\n\n- **Node Exporter**: System-level metrics (CPU, memory, disk, network)\n- **OpenTelemetry Collector**: Collects and forwards metrics, logs, and traces\n- **PostgreSQL Exporter** (optional profile): Database metrics\n- **NVIDIA GPU Exporter** (optional profile): GPU metrics (requires GPU)\n\n### Production Deployment\n\nFor production environments:\n\n1. **Use proper certificates**\n   - Replace self-signed certs with Let's Encrypt or CA-signed certificates\n   - Update [traefik/traefik.yml](traefik/traefik.yml) for ACME configuration (Let's Encrypt)\n   - Example ACME configuration:\n   ```yaml\n   certificatesResolvers:\n     letsencrypt:\n       acme:\n         email: admin@example.com\n         storage: /data/acme.json\n         httpChallenge:\n           entryPoint: web\n   ```\n\n2. **Update security settings**\n   - Change default passwords in `.env` (setup script generates strong ones automatically)\n   - Enable authentication on all service dashboards\n   - Configure rate limiting and WAF rules in Traefik\n\n3. **Enable GPU support** (if available)\n   ```bash\n   docker compose --profile gpu up -d\n   ```\n   This activates the NVIDIA GPU Exporter for monitoring GPU metrics.\n\n4. **Configure persistent backups**\n   - Use external volume drivers for data persistence\n   - Set up automated backup scripts using cron\n   - Store backups in secure, off-site locations\n\n5. **Network security**\n   - Use VPN or IP whitelisting for external access\n   - Configure firewall rules (UFW, iptables)\n   - Use private networks when possible\n\n6. **Database optimization**\n   - Configure PostgreSQL replication for HA\n   - Set up automated backup and recovery procedures\n   - Monitor database performance and storage\n\n7. **Monitoring and alerting**\n   - Configure alert rules in Grafana for critical metrics\n   - Set up notification channels (email, Slack, PagerDuty)\n   - Implement log retention policies in Loki\n\n## Monitoring\n\n### Grafana Dashboards\n\nAccess Grafana at **https://grafana.localhost** with default credentials:\n- **Username**: `admin`\n- **Password**: Set in `.env` as `GF_SECURITY_ADMIN_PASSWORD` (generated by setup script)\n\n#### Pre-configured Dashboards\n\nThe stack includes several pre-configured dashboards:\n\n1. **litellm-dashboard.json** - LiteLLM proxy metrics and performance\n   - Request rates and latencies\n   - Token usage and costs\n   - Error rates by model\n   - Model provider health\n\n2. **node-exporter-dashboard.json** - System metrics\n   - CPU, memory, and disk usage\n   - Network I/O\n   - Process metrics\n   - System uptime\n\n3. **openwebui-dashboard.json** - Open WebUI application metrics\n   - Request rates and response times\n   - User activity\n   - Message counts\n   - API endpoint performance\n\n4. **postgresql-dashboard.json** - Database metrics\n   - Query performance\n   - Connection pool status\n   - Cache hit rates\n   - Replication lag (if configured)\n\n5. **traefik-dashboard.json** - Reverse proxy metrics\n   - Request rates by service\n   - Response time percentiles\n   - HTTP status codes\n   - SSL/TLS certificate expiry\n\n6. **opentelemetry-dashboard.json** - System-wide observability\n   - Distributed traces\n   - Span analysis\n   - Service dependencies\n   - Error tracking\n\n7. **nvidia-dcgm-dashboard.json** - GPU metrics (if GPU profile enabled)\n   - GPU memory usage\n   - Compute utilization\n   - Temperature monitoring\n   - Power consumption\n\n### Available Metrics\n\n**Prometheus/Mimir** stores these metric types:\n\n| Category | Metrics |\n|----------|---------|\n| **System** | CPU load, memory usage, disk I/O, network traffic |\n| **Database** | Connection count, query latency, transaction rate |\n| **HTTP** | Request rate, response time, status codes, error rate |\n| **Cache** | Hit/miss rates, eviction rates, memory usage |\n| **Application** | Custom metrics from services |\n| **GPU** | Memory usage, compute, temperature, power (if enabled) |\n\n### Traces in Tempo\n\nOpenTelemetry traces are automatically collected and stored in Tempo:\n\n- Access via Grafana → Explore → Tempo\n- View distributed traces across all services\n- Analyze service dependencies\n- Identify performance bottlenecks\n- Track errors through the system\n\n## Additional Resources\n\n- [Open WebUI Documentation](https://docs.openwebui.com/)\n- [LiteLLM Proxy Docs](https://docs.litellm.ai/docs/proxy/configs)\n- [Traefik Documentation](https://traefik.io/traefik/)\n- [Grafana LGTM Stack](https://grafana.com/products/lgtm-stack/)\n- [Qdrant Documentation](https://qdrant.tech/documentation/)\n- [OpenTelemetry](https://opentelemetry.io/)\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhajder%2Fopenwebui-stack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhajder%2Fopenwebui-stack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhajder%2Fopenwebui-stack/lists"}