Replies: 4 comments 3 replies
-
I appreciate the setup you have and the clear enthusiasm from everyone involved! If a self-signed certificate will suffice, there are numerous ways to implement it. Our decision not to explain this step is not intended to withhold information or create barriers, but rather the variety of approaches makes it challenging to provide a succinct yet comprehensive explanation that doesn't invite more questions than it answers. In fact, this would be an excellent opportunity for your students and yourself to delve into and gain a thorough understanding of the technology. Exploring this topic further will not only enable you to implement the technology effectively in a local deployment but also help develop a deeper appreciation for the importance of security measures when working with self-signed certificates and HTTPS. |
Beta Was this translation helpful? Give feedback.
-
I'm going to start this by saying that if you are asking this kind of question, do NOT expose this service to the internet. With that out of the way, There are two methods I suggest in getting this service behind a TLS certificate: 1) NGINX Proxy Manager - This gives you a nice GUI and even the option to get a proper certificate from Let's Encrypt. 2) If you are also needing remote access, I'd get Tailscale setup. I have used both and NPM is pretty easy if you also have a good understanding of DNS and running your own domain. Tailscale can assist with their Magic DNS feature and making ts really easy to create an exposed service within the VPN with a trusted certificate. |
Beta Was this translation helpful? Give feedback.
-
Stunnel works pretty great and is bs free. |
Beta Was this translation helpful? Give feedback.
-
I needed to do the same thing and am not familiar with uvicorn server. I just needed SSL for open-webui on my local network like for any other web application (local or not). I found the uvicorn documentation here: https://www.uvicorn.org/deployment/. In open-webui/backend/start.sh add the following to the end of the line that contains "uvicorn". Currently it is the last line in start.sh, but that may change.
Make sure the user that is running start.sh has access to the .pem files, i.e. don't run as root, and since you're not running as root, the user needs access to the files. My files are located a directory below the open-webui directory and it works just fine. Edit: I am running ollama and open-webui on Debian Bookworm stable. |
Beta Was this translation helpful? Give feedback.
-
@justinh-rahb @tjbck us I am looking to provide small GPU OWUI computers to school classrooms and home offices for use on local wifi networks. Any Pro Tips or suggestions on how to implement basic https in that type of local deployment? A self signed cert should be fine for now, I just want to have the http traffic encrypted while transiting the WiFi or home network.
Beta Was this translation helpful? Give feedback.
All reactions