alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add open-webui-rust

Browse Source
This commit is contained in:
Sun-ZhenXing
2025-11-13 18:10:31 +08:00
parent 42aa5c40d6
commit 5f9820e7db
14 changed files with 1144 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -56,8 +56,8 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | | [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 |
| [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | | [Milvus Standalone](./src/milvus-standalone) | 2.6.2 |
| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | | [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest |
| [MinerU SGALNG](./src/mineru-sgalng) | 2.2.2 | | [MinerU SGLang](./src/mineru-sglang) | 2.2.2 |
| [MinerU vLLM](./builds/mineru-vllm) | 2.5.4 | | [MinerU vLLM](./builds/mineru-vllm) | 2.6.4 |
| [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z | | [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z |
| [MLflow](./src/mlflow) | v2.20.2 | | [MLflow](./src/mlflow) | v2.20.2 |
| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 | | [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 |
@@ -74,6 +74,7 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Odoo](./src/odoo) | 19.0 | | [Odoo](./src/odoo) | 19.0 |
| [Ollama](./src/ollama) | 0.12.0 | | [Ollama](./src/ollama) | 0.12.0 |
| [Open WebUI](./src/open-webui) | main | | [Open WebUI](./src/open-webui) | main |
| [Open WebUI Rust](./src/open-webui-rust) | latest |
| [OpenCoze](./src/opencoze) | See Docs | | [OpenCoze](./src/opencoze) | See Docs |
| [OpenCut](./src/opencut) | latest | | [OpenCut](./src/opencut) | latest |
| [OpenList](./src/openlist) | latest | | [OpenList](./src/openlist) | latest |

5
README.zh.md
View File

@@ -56,8 +56,8 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | | [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 |
| [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | | [Milvus Standalone](./src/milvus-standalone) | 2.6.2 |
| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | | [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest |
| [MinerU SGALNG](./src/mineru-sgalng) | 2.2.2 | | [MinerU SGLang](./src/mineru-sglang) | 2.2.2 |
| [MinerU vLLM](./builds/mineru-vllm) | 2.5.4 | | [MinerU vLLM](./builds/mineru-vllm) | 2.6.4 |
| [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z | | [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z |
| [MLflow](./src/mlflow) | v2.20.2 | | [MLflow](./src/mlflow) | v2.20.2 |
| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 | | [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 |
@@ -74,6 +74,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Odoo](./src/odoo) | 19.0 | | [Odoo](./src/odoo) | 19.0 |
| [Ollama](./src/ollama) | 0.12.0 | | [Ollama](./src/ollama) | 0.12.0 |
| [Open WebUI](./src/open-webui) | main | | [Open WebUI](./src/open-webui) | main |
| [Open WebUI Rust](./src/open-webui-rust) | latest |
| [OpenCoze](./src/opencoze) | See Docs | | [OpenCoze](./src/opencoze) | See Docs |
| [OpenCut](./src/opencut) | latest | | [OpenCut](./src/opencut) | latest |
| [OpenList](./src/openlist) | latest | | [OpenList](./src/openlist) | latest |

4
builds/io-paint/docker-compose.yaml
View File

@@ -7,9 +7,9 @@ x-defaults: &defaults
max-file: "3" max-file: "3"
services: services:
lama-cleaner: io-paint:
<<: *defaults <<: *defaults
image: ${DOCKER_REGISTRY:-docker.io}/local/lama-cleaner:${BUILD_VERSION:-1.6.0} image: ${DOCKER_REGISTRY:-docker.io}/alexsuntop/io-paint:${BUILD_VERSION:-1.6.0}
ports: ports:
- 8080:8080 - 8080:8080
build: build:

2
builds/mineru-vllm/README.md
View File

@@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000
## Configuration ## Configuration
- `MINERU_DOCKER_IMAGE`: The Docker image for MinerU, default is `alexsuntop/mineru:2.5.4`. - `MINERU_DOCKER_IMAGE`: The Docker image for MinerU, default is `alexsuntop/mineru:2.6.4`.
- `MINERU_PORT_OVERRIDE_VLLM`: The host port for the VLLM server, default is `30000`. - `MINERU_PORT_OVERRIDE_VLLM`: The host port for the VLLM server, default is `30000`.
- `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`. - `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`.
- `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`. - `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`.

2
builds/mineru-vllm/README.zh.md
View File

@@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000
## 配置 ## 配置
- `MINERU_DOCKER_IMAGE`: MinerU 的 Docker 镜像,默认为 `alexsuntop/mineru:2.5.4`。 - `MINERU_DOCKER_IMAGE`: MinerU 的 Docker 镜像,默认为 `alexsuntop/mineru:2.6.4`。
- `MINERU_PORT_OVERRIDE_VLLM`: VLLM 服务器的主机端口,默认为 `30000`。 - `MINERU_PORT_OVERRIDE_VLLM`: VLLM 服务器的主机端口,默认为 `30000`。
- `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口,默认为 `8000`。 - `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口,默认为 `8000`。
- `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口,默认为 `7860`。 - `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口,默认为 `7860`。

2
builds/mineru-vllm/docker-compose.yaml
View File

@@ -8,7 +8,7 @@ x-defaults: &defaults
x-mineru-vllm: &mineru-vllm x-mineru-vllm: &mineru-vllm
<<: *defaults <<: *defaults
image: ${MINERU_DOCKER_IMAGE:-alexsuntop/mineru:2.6.2} image: ${MINERU_DOCKER_IMAGE:-alexsuntop/mineru:2.6.4}
build: build:
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile

0
src/mineru-sgalng/.env.example → src/mineru-sglang/.env.example
View File

0
src/mineru-sgalng/README.md → src/mineru-sglang/README.md
View File

0
src/mineru-sgalng/README.zh.md → src/mineru-sglang/README.zh.md
View File

0
src/mineru-sgalng/docker-compose.yaml → src/mineru-sglang/docker-compose.yaml
View File

133
src/open-webui-rust/.env.example Normal file
View File

@@ -0,0 +1,133 @@
# Global Settings
GLOBAL_REGISTRY=
TZ=UTC
# Version Tags
POSTGRES_VERSION=16-alpine
REDIS_VERSION=7-alpine
RUST_BACKEND_VERSION=latest
SANDBOX_RUNTIME_VERSION=latest
SANDBOX_EXECUTOR_VERSION=latest
FRONTEND_VERSION=latest
# Port Overrides
POSTGRES_PORT_OVERRIDE=5432
REDIS_PORT_OVERRIDE=6379
RUST_BACKEND_PORT_OVERRIDE=8080
SANDBOX_EXECUTOR_PORT_OVERRIDE=8090
FRONTEND_PORT_OVERRIDE=3000
# PostgreSQL Configuration
POSTGRES_DB=open_webui
POSTGRES_USER=open_webui
POSTGRES_PASSWORD=open_webui_password
# PostgreSQL Resource Limits
POSTGRES_CPU_LIMIT=1
POSTGRES_MEMORY_LIMIT=1G
POSTGRES_CPU_RESERVATION=0.25
POSTGRES_MEMORY_RESERVATION=256M
# Redis Resource Limits
REDIS_CPU_LIMIT=0.5
REDIS_MEMORY_LIMIT=512M
REDIS_CPU_RESERVATION=0.1
REDIS_MEMORY_RESERVATION=128M
# Rust Backend Configuration
ENV=prod
WEBUI_SECRET_KEY=your-secret-key-min-32-chars-generate-with-uuidgen
# Database Connection Pool
DATABASE_POOL_SIZE=20
DATABASE_POOL_MAX_OVERFLOW=10
DATABASE_POOL_TIMEOUT=30
DATABASE_POOL_RECYCLE=1800
# Redis
ENABLE_REDIS=true
# Authentication
JWT_EXPIRES_IN=30d
ENABLE_SIGNUP=true
ENABLE_LOGIN_FORM=true
ENABLE_API_KEY=true
DEFAULT_USER_ROLE=user
SHOW_ADMIN_DETAILS=true
WEBUI_URL=http://localhost:3000
# CORS
CORS_ALLOW_ORIGIN=*
# WebSocket/Socket.IO
ENABLE_SOCKETIO=true
ENABLE_WEBSOCKET_SUPPORT=true
WEBSOCKET_MANAGER=redis
# Features
ENABLE_OPENAI_API=true
ENABLE_CHANNELS=true
ENABLE_IMAGE_GENERATION=false
ENABLE_CODE_EXECUTION=true
ENABLE_CODE_INTERPRETER=true
ENABLE_WEB_SEARCH=false
ENABLE_ADMIN_CHAT_ACCESS=true
ENABLE_ADMIN_EXPORT=true
ENABLE_NOTES=true
ENABLE_COMMUNITY_SHARING=true
ENABLE_MESSAGE_RATING=true
# Logging
GLOBAL_LOG_LEVEL=info
RUST_LOG=info
# OpenAI (Optional)
OPENAI_API_BASE_URL=
OPENAI_API_KEY=
# Rust Backend Resource Limits
RUST_BACKEND_CPU_LIMIT=2
RUST_BACKEND_MEMORY_LIMIT=2G
RUST_BACKEND_CPU_RESERVATION=0.5
RUST_BACKEND_MEMORY_RESERVATION=512M
# Sandbox Executor Configuration
SANDBOX_MAX_EXECUTION_TIME=60
SANDBOX_MAX_MEMORY_MB=512
SANDBOX_MAX_CPU_QUOTA=100000
SANDBOX_MAX_DISK_MB=100
SANDBOX_MAX_CONCURRENT_EXECUTIONS=10
SANDBOX_RATE_LIMIT_PER_MINUTE=30
SANDBOX_RATE_LIMIT_BURST=10
SANDBOX_NETWORK_MODE=none
SANDBOX_READ_ONLY_ROOT=false
SANDBOX_DROP_ALL_CAPABILITIES=true
SANDBOX_ENABLE_STREAMING=true
SANDBOX_KEEP_CONTAINERS=false
SANDBOX_ENABLE_PYTHON=true
SANDBOX_ENABLE_JAVASCRIPT=true
SANDBOX_ENABLE_SHELL=true
SANDBOX_ENABLE_RUST=true
SANDBOX_ENABLE_AUDIT_LOG=true
# Sandbox Executor Resource Limits
SANDBOX_EXECUTOR_CPU_LIMIT=2
SANDBOX_EXECUTOR_MEMORY_LIMIT=2G
SANDBOX_EXECUTOR_CPU_RESERVATION=0.25
SANDBOX_EXECUTOR_MEMORY_RESERVATION=256M
# Frontend Configuration
RAG_EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
RAG_RERANKING_MODEL=
RAG_EMBEDDING_MODEL_AUTO_UPDATE=false
WHISPER_MODEL=base
ENABLE_RAG_WEB_SEARCH=false
ENABLE_RAG_HYBRID_SEARCH=false
SCARF_NO_ANALYTICS=true
DO_NOT_TRACK=true
# Frontend Resource Limits
FRONTEND_CPU_LIMIT=1
FRONTEND_MEMORY_LIMIT=1G
FRONTEND_CPU_RESERVATION=0.25
FRONTEND_MEMORY_RESERVATION=256M

345
src/open-webui-rust/README.md Normal file
View File

@@ -0,0 +1,345 @@
# Open WebUI Rust
High-performance Rust implementation of Open WebUI with native async runtime and improved resource efficiency.
## Overview
Open WebUI Rust is a complete rewrite of the Open WebUI backend in Rust, offering:
- **10-50x faster response times** for API endpoints
- **70% lower memory usage** under load
- **Native concurrency** with Tokio's async runtime
- **Type safety** preventing entire classes of runtime errors
- **Zero-copy streaming** for chat completions
- **Production-ready** with comprehensive error handling
This deployment includes:
- **Rust Backend**: High-performance API server with WebSocket support
- **PostgreSQL**: Primary database for data persistence
- **Redis**: Caching and WebSocket session management
- **Sandbox Executor**: Secure code execution environment with Docker isolation
- **Frontend**: SvelteKit-based user interface with Nginx reverse proxy
## Features
-**Full API Compatibility** with Open WebUI Python backend
-**Native WebSocket/Socket.IO** implementation in Rust
-**Secure Code Execution** via isolated Docker containers
-**Multi-language Support** (Python, JavaScript, Shell, Rust)
-**RAG & Embeddings** with vector database integration
-**Authentication & Authorization** with JWT tokens
-**Rate Limiting & Security** built-in protection
-**Comprehensive Logging** for debugging and monitoring
## Prerequisites
- Docker 20.10+
- Docker Compose 2.0+
- 4GB+ available memory
- Access to Docker socket (for sandbox execution)
## Quick Start
### 1. Create `.env` file
```bash
cp .env.example .env
```
Edit `.env` and set required variables:
```bash
# IMPORTANT: Generate a secure secret key (min 32 characters)
WEBUI_SECRET_KEY=$(uuidgen | tr '[:upper:]' '[:lower:]' | tr -d '-')
# Optional: Configure OpenAI API
OPENAI_API_KEY=sk-your-api-key
OPENAI_API_BASE_URL=https://api.openai.com/v1
```
### 2. Start services
```bash
docker compose up -d
```
### 3. Access the application
- **Frontend UI**: <http://localhost:3000>
- **Rust Backend API**: <http://localhost:8080>
- **Sandbox Executor**: <http://localhost:8090>
### 4. Initial setup
1. Open <http://localhost:3000>
2. Create an admin account (first user becomes admin)
3. Configure your AI models in Settings
## Architecture
```text
┌─────────────┐
│ Frontend │ :3000
│ (SvelteKit) │
└──────┬──────┘
┌─────────────┐ ┌──────────────┐
│Rust Backend │────→│ PostgreSQL │ :5432
│ (API) │ │ (Database) │
└──────┬──────┘ └──────────────┘
├───────────→┌──────────────┐
│ │ Redis │ :6379
│ │ (Cache) │
│ └──────────────┘
└───────────→┌──────────────┐
│ Sandbox │ :8090
│ Executor │
└──────────────┘
```
## Configuration
### Core Environment Variables
| Variable | Default | Description |
| ---------------------------- | --------------------- | ---------------------------------------- |
| `WEBUI_SECRET_KEY` | (required) | Secret key for JWT tokens (min 32 chars) |
| `POSTGRES_PASSWORD` | `open_webui_password` | PostgreSQL password |
| `FRONTEND_PORT_OVERRIDE` | `3000` | Frontend access port |
| `RUST_BACKEND_PORT_OVERRIDE` | `8080` | Backend API port |
| `TZ` | `UTC` | Timezone setting |
### Feature Flags
| Variable | Default | Description |
| ------------------------- | ------- | ---------------------------- |
| `ENABLE_CODE_EXECUTION` | `true` | Enable secure code execution |
| `ENABLE_CODE_INTERPRETER` | `true` | Enable code interpreter |
| `ENABLE_IMAGE_GENERATION` | `false` | Enable image generation |
| `ENABLE_WEB_SEARCH` | `false` | Enable web search |
| `ENABLE_SIGNUP` | `true` | Allow new user registration |
### Resource Limits
Each service has configurable CPU and memory limits:
```bash
# Rust Backend
RUST_BACKEND_CPU_LIMIT=2
RUST_BACKEND_MEMORY_LIMIT=2G
# PostgreSQL
POSTGRES_CPU_LIMIT=1
POSTGRES_MEMORY_LIMIT=1G
# Sandbox Executor
SANDBOX_EXECUTOR_CPU_LIMIT=2
SANDBOX_EXECUTOR_MEMORY_LIMIT=2G
```
### Sandbox Security
Configure sandbox execution limits:
```bash
SANDBOX_MAX_EXECUTION_TIME=60 # Max execution time in seconds
SANDBOX_MAX_MEMORY_MB=512 # Max memory per execution
SANDBOX_MAX_CONCURRENT_EXECUTIONS=10 # Max parallel executions
SANDBOX_NETWORK_MODE=none # Disable network access
```
## Usage Examples
### Basic Chat
```bash
curl -X POST http://localhost:8080/api/chat/completions \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [{"role": "user", "content": "Hello!"}]
}'
```
### Code Execution
```bash
curl -X POST http://localhost:8090/api/v1/execute \
-H "Content-Type: application/json" \
-d '{
"language": "python",
"code": "print(\"Hello from sandbox!\")"
}'
```
## Monitoring
### View Logs
```bash
# All services
docker compose logs -f
# Specific service
docker compose logs -f rust-backend
docker compose logs -f sandbox-executor
```
### Check Service Health
```bash
# Rust Backend
curl http://localhost:8080/health
# Sandbox Executor
curl http://localhost:8090/api/v1/health
# PostgreSQL
docker compose exec postgres pg_isready
```
### Resource Usage
```bash
docker stats
```
## Maintenance
### Backup Database
```bash
docker compose exec postgres pg_dump -U open_webui open_webui > backup.sql
```
### Restore Database
```bash
cat backup.sql | docker compose exec -T postgres psql -U open_webui open_webui
```
### Update Services
```bash
docker compose pull
docker compose up -d
```
### Clean Reset
```bash
# Stop and remove all data
docker compose down -v
# Start fresh
docker compose up -d
```
## Troubleshooting
### Cannot connect to services
Check if all containers are healthy:
```bash
docker compose ps
```
### JWT token errors
Ensure `WEBUI_SECRET_KEY` is set and consistent across restarts.
### Code execution fails
1. Verify Docker socket is accessible
2. Check sandbox executor logs: `docker compose logs sandbox-executor`
3. Ensure runtime image is available: `docker images | grep sandbox-runtime`
### High memory usage
Adjust resource limits in `.env`:
```bash
RUST_BACKEND_MEMORY_LIMIT=1G
SANDBOX_EXECUTOR_MEMORY_LIMIT=1G
```
## Security Considerations
### Production Deployment
1. **Change default passwords**
```bash
POSTGRES_PASSWORD=$(openssl rand -base64 32)
WEBUI_SECRET_KEY=$(openssl rand -base64 48)
```
2. **Restrict network access**
```bash
CORS_ALLOW_ORIGIN=https://yourdomain.com
```
3. **Disable signup after initial setup**
```bash
ENABLE_SIGNUP=false
```
4. **Enable HTTPS** using a reverse proxy (nginx, Traefik, Caddy)
5. **Limit sandbox resources**
```bash
SANDBOX_MAX_EXECUTION_TIME=30
SANDBOX_MAX_MEMORY_MB=256
SANDBOX_NETWORK_MODE=none
```
### Docker Socket Access
The sandbox executor requires access to the Docker socket (`/var/run/docker.sock`) for container isolation. This is a privileged operation and should be:
- Used only in trusted environments
- Protected with proper network isolation
- Monitored for suspicious activity
Consider using alternatives like:
- Docker-in-Docker (DinD) for better isolation
- Kubernetes with pod security policies
- Dedicated sandbox service on separate nodes
## Performance
Typical resource usage:
| Service | CPU (idle) | Memory (idle) | CPU (load) | Memory (load) |
| ---------------- | ---------- | ------------- | ---------- | ------------- |
| Rust Backend | ~1% | 50MB | 10-30% | 200MB |
| PostgreSQL | ~1% | 50MB | 5-15% | 300MB |
| Redis | <1% | 10MB | 2-5% | 50MB |
| Sandbox Executor | <1% | 30MB | varies | 512MB |
| Frontend | <1% | 50MB | 5-10% | 200MB |
## License
This project follows the original Open WebUI license.
## Related Projects
- [Open WebUI](https://github.com/open-webui/open-webui) - Original Python implementation
- [Open WebUI Rust](https://github.com/knoxchat/open-webui-rust) - Official Rust backend repository
## Support
For issues and questions:
- [Open WebUI Rust Issues](https://github.com/knoxchat/open-webui-rust/issues)
- [Open WebUI Documentation](https://docs.openwebui.com/)

345
src/open-webui-rust/README.zh.md Normal file
View File

@@ -0,0 +1,345 @@
# Open WebUI Rust
基于 Rust 的高性能 Open WebUI 实现,具有原生异步运行时和优化的资源效率。
## 概述
Open WebUI Rust 是 Open WebUI 后端的完整 Rust 重写版本,提供:
- **10-50 倍更快的响应时间**API 端点性能显著提升
- **70% 更低的内存使用**:负载下内存占用大幅降低
- **原生并发**:基于 Tokio 的异步运行时
- **类型安全**:防止整类运行时错误
- **零拷贝流式传输**:聊天补全高效传输
- **生产就绪**:全面的错误处理机制
此部署包含:
- **Rust 后端**:高性能 API 服务器,支持 WebSocket
- **PostgreSQL**:数据持久化的主数据库
- **Redis**:缓存和 WebSocket 会话管理
- **Sandbox Executor**:安全的代码执行环境,具有 Docker 隔离
- **Frontend**:基于 SvelteKit 的用户界面,配备 Nginx 反向代理
## 特性
-**完全兼容** Open WebUI Python 后端的 API
-**原生 WebSocket/Socket.IO** 使用 Rust 实现
-**安全的代码执行**:通过隔离的 Docker 容器
-**多语言支持**Python、JavaScript、Shell、Rust
-**RAG 和嵌入**:集成向量数据库
-**身份验证和授权**JWT 令牌
-**速率限制和安全**:内置保护机制
-**全面的日志记录**:用于调试和监控
## 前置要求
- Docker 20.10+
- Docker Compose 2.0+
- 4GB+ 可用内存
- 访问 Docker 套接字(用于沙箱执行)
## 快速开始
### 1. 创建 `.env` 文件
```bash
cp .env.example .env
```
编辑 `.env` 并设置必需的变量:
```bash
# 重要:生成一个安全的密钥(至少 32 个字符)
WEBUI_SECRET_KEY=$(uuidgen | tr '[:upper:]' '[:lower:]' | tr -d '-')
# 可选:配置 OpenAI API
OPENAI_API_KEY=sk-your-api-key
OPENAI_API_BASE_URL=https://api.openai.com/v1
```
### 2. 启动服务
```bash
docker compose up -d
```
### 3. 访问应用程序
- **前端界面**<http://localhost:3000>
- **Rust 后端 API**<http://localhost:8080>
- **Sandbox Executor**<http://localhost:8090>
### 4. 初始设置
1. 打开 <http://localhost:3000>
2. 创建管理员账户(第一个用户成为管理员)
3. 在设置中配置您的 AI 模型
## 架构
```text
┌─────────────┐
│ Frontend │ :3000
│ (SvelteKit) │
└──────┬──────┘
┌─────────────┐ ┌──────────────┐
│Rust Backend │────→│ PostgreSQL │ :5432
│ (API) │ │ (Database) │
└──────┬──────┘ └──────────────┘
├───────────→┌──────────────┐
│ │ Redis │ :6379
│ │ (Cache) │
│ └──────────────┘
└───────────→┌──────────────┐
│ Sandbox │ :8090
│ Executor │
└──────────────┘
```
## 配置
### 核心环境变量
| 变量 | 默认值 | 描述 |
| ---------------------------- | --------------------- | -------------------------------- |
| `WEBUI_SECRET_KEY` | (必需) | JWT 令牌的密钥(至少 32 个字符) |
| `POSTGRES_PASSWORD` | `open_webui_password` | PostgreSQL 密码 |
| `FRONTEND_PORT_OVERRIDE` | `3000` | 前端访问端口 |
| `RUST_BACKEND_PORT_OVERRIDE` | `8080` | 后端 API 端口 |
| `TZ` | `UTC` | 时区设置 |
### 功能开关
| 变量 | 默认值 | 描述 |
| ------------------------- | ------- | ---------------- |
| `ENABLE_CODE_EXECUTION` | `true` | 启用安全代码执行 |
| `ENABLE_CODE_INTERPRETER` | `true` | 启用代码解释器 |
| `ENABLE_IMAGE_GENERATION` | `false` | 启用图像生成 |
| `ENABLE_WEB_SEARCH` | `false` | 启用网络搜索 |
| `ENABLE_SIGNUP` | `true` | 允许新用户注册 |
### 资源限制
每个服务都有可配置的 CPU 和内存限制:
```bash
# Rust 后端
RUST_BACKEND_CPU_LIMIT=2
RUST_BACKEND_MEMORY_LIMIT=2G
# PostgreSQL
POSTGRES_CPU_LIMIT=1
POSTGRES_MEMORY_LIMIT=1G
# Sandbox Executor
SANDBOX_EXECUTOR_CPU_LIMIT=2
SANDBOX_EXECUTOR_MEMORY_LIMIT=2G
```
### 沙箱安全
配置沙箱执行限制:
```bash
SANDBOX_MAX_EXECUTION_TIME=60 # 最大执行时间(秒)
SANDBOX_MAX_MEMORY_MB=512 # 每次执行的最大内存
SANDBOX_MAX_CONCURRENT_EXECUTIONS=10 # 最大并行执行数
SANDBOX_NETWORK_MODE=none # 禁用网络访问
```
## 使用示例
### 基础聊天
```bash
curl -X POST http://localhost:8080/api/chat/completions \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [{"role": "user", "content": "你好!"}]
}'
```
### 代码执行
```bash
curl -X POST http://localhost:8090/api/v1/execute \
-H "Content-Type: application/json" \
-d '{
"language": "python",
"code": "print(\"Hello from sandbox!\")"
}'
```
## 监控
### 查看日志
```bash
# 所有服务
docker compose logs -f
# 特定服务
docker compose logs -f rust-backend
docker compose logs -f sandbox-executor
```
### 检查服务健康状态
```bash
# Rust 后端
curl http://localhost:8080/health
# Sandbox Executor
curl http://localhost:8090/api/v1/health
# PostgreSQL
docker compose exec postgres pg_isready
```
### 资源使用情况
```bash
docker stats
```
## 维护
### 备份数据库
```bash
docker compose exec postgres pg_dump -U open_webui open_webui > backup.sql
```
### 恢复数据库
```bash
cat backup.sql | docker compose exec -T postgres psql -U open_webui open_webui
```
### 更新服务
```bash
docker compose pull
docker compose up -d
```
### 清理重置
```bash
# 停止并删除所有数据
docker compose down -v
# 全新启动
docker compose up -d
```
## 故障排除
### 无法连接到服务
检查所有容器是否健康:
```bash
docker compose ps
```
### JWT 令牌错误
确保 `WEBUI_SECRET_KEY` 已设置并在重启后保持一致。
### 代码执行失败
1. 验证 Docker 套接字是否可访问
2. 检查 sandbox executor 日志:`docker compose logs sandbox-executor`
3. 确保运行时镜像可用:`docker images | grep sandbox-runtime`
### 内存使用过高
`.env` 中调整资源限制:
```bash
RUST_BACKEND_MEMORY_LIMIT=1G
SANDBOX_EXECUTOR_MEMORY_LIMIT=1G
```
## 安全注意事项
### 生产部署
1. **更改默认密码**
```bash
POSTGRES_PASSWORD=$(openssl rand -base64 32)
WEBUI_SECRET_KEY=$(openssl rand -base64 48)
```
2. **限制网络访问**
```bash
CORS_ALLOW_ORIGIN=https://yourdomain.com
```
3. **初始设置后禁用注册**
```bash
ENABLE_SIGNUP=false
```
4. **使用反向代理启用 HTTPS**nginx、Traefik、Caddy
5. **限制沙箱资源**
```bash
SANDBOX_MAX_EXECUTION_TIME=30
SANDBOX_MAX_MEMORY_MB=256
SANDBOX_NETWORK_MODE=none
```
### Docker 套接字访问
Sandbox Executor 需要访问 Docker 套接字(`/var/run/docker.sock`)以实现容器隔离。这是一个特权操作,应该:
- 仅在受信任的环境中使用
- 通过适当的网络隔离进行保护
- 监控可疑活动
考虑使用以下替代方案:
- Docker-in-DockerDinD以获得更好的隔离
- 带有 Pod 安全策略的 Kubernetes
- 在单独节点上的专用沙箱服务
## 性能
典型资源使用情况:
| 服务 | CPU空闲 | 内存(空闲) | CPU负载 | 内存(负载) |
| ---------------- | ----------- | ------------ | ----------- | ------------ |
| Rust Backend | ~1% | 50MB | 10-30% | 200MB |
| PostgreSQL | ~1% | 50MB | 5-15% | 300MB |
| Redis | <1% | 10MB | 2-5% | 50MB |
| Sandbox Executor | <1% | 30MB | 变化 | 512MB |
| Frontend | <1% | 50MB | 5-10% | 200MB |
## 许可证
本项目遵循原 Open WebUI 的许可证
## 相关项目
- [Open WebUI](https://github.com/open-webui/open-webui) - 原始 Python 实现
- [Open WebUI Rust](https://github.com/knoxchat/open-webui-rust) - 官方 Rust 后端仓库
## 支持
问题和疑问
- [Open WebUI Rust Issues](https://github.com/knoxchat/open-webui-rust/issues)
- [Open WebUI 文档](https://docs.openwebui.com/)

310
src/open-webui-rust/docker-compose.yaml Normal file
View File

@@ -0,0 +1,310 @@
x-defaults: &defaults
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 100m
max-file: "3"
services:
# PostgreSQL Database
postgres:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}postgres:${POSTGRES_VERSION:-16-alpine}
environment:
POSTGRES_DB: ${POSTGRES_DB:-open_webui}
POSTGRES_USER: ${POSTGRES_USER:-open_webui}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-open_webui_password}
POSTGRES_INITDB_ARGS: "-E UTF8"
TZ: ${TZ:-UTC}
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "${POSTGRES_PORT_OVERRIDE:-5432}:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-open_webui}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
deploy:
resources:
limits:
cpus: ${POSTGRES_CPU_LIMIT:-1}
memory: ${POSTGRES_MEMORY_LIMIT:-1G}
reservations:
cpus: ${POSTGRES_CPU_RESERVATION:-0.25}
memory: ${POSTGRES_MEMORY_RESERVATION:-256M}
networks:
- open-webui-network
# Redis for caching and WebSocket management
redis:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}redis:${REDIS_VERSION:-7-alpine}
command: redis-server --appendonly yes
environment:
TZ: ${TZ:-UTC}
volumes:
- redis_data:/data
ports:
- "${REDIS_PORT_OVERRIDE:-6379}:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
deploy:
resources:
limits:
cpus: ${REDIS_CPU_LIMIT:-0.5}
memory: ${REDIS_MEMORY_LIMIT:-512M}
reservations:
cpus: ${REDIS_CPU_RESERVATION:-0.1}
memory: ${REDIS_MEMORY_RESERVATION:-128M}
networks:
- open-webui-network
# Rust Backend
rust-backend:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/open-webui-rust-backend:${RUST_BACKEND_VERSION:-latest}
environment:
# Server
HOST: 0.0.0.0
PORT: 8080
ENV: ${ENV:-prod}
WEBUI_SECRET_KEY: ${WEBUI_SECRET_KEY}
TZ: ${TZ:-UTC}
# Database
DATABASE_URL: postgresql://${POSTGRES_USER:-open_webui}:${POSTGRES_PASSWORD:-open_webui_password}@postgres:5432/${POSTGRES_DB:-open_webui}
DATABASE_POOL_SIZE: ${DATABASE_POOL_SIZE:-20}
DATABASE_POOL_MAX_OVERFLOW: ${DATABASE_POOL_MAX_OVERFLOW:-10}
DATABASE_POOL_TIMEOUT: ${DATABASE_POOL_TIMEOUT:-30}
DATABASE_POOL_RECYCLE: ${DATABASE_POOL_RECYCLE:-1800}
# Redis
ENABLE_REDIS: ${ENABLE_REDIS:-true}
REDIS_URL: redis://redis:6379
# Authentication
JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-30d}
ENABLE_SIGNUP: ${ENABLE_SIGNUP:-true}
ENABLE_LOGIN_FORM: ${ENABLE_LOGIN_FORM:-true}
ENABLE_API_KEY: ${ENABLE_API_KEY:-true}
DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-user}
SHOW_ADMIN_DETAILS: ${SHOW_ADMIN_DETAILS:-true}
WEBUI_URL: ${WEBUI_URL:-http://localhost:3000}
# CORS
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-*}
# WebSocket/Socket.IO (Native Rust Implementation)
ENABLE_SOCKETIO: ${ENABLE_SOCKETIO:-true}
ENABLE_WEBSOCKET_SUPPORT: ${ENABLE_WEBSOCKET_SUPPORT:-true}
WEBSOCKET_MANAGER: ${WEBSOCKET_MANAGER:-redis}
WEBSOCKET_REDIS_URL: redis://redis:6379
# Features
ENABLE_OPENAI_API: ${ENABLE_OPENAI_API:-true}
ENABLE_CHANNELS: ${ENABLE_CHANNELS:-true}
ENABLE_IMAGE_GENERATION: ${ENABLE_IMAGE_GENERATION:-false}
ENABLE_CODE_EXECUTION: ${ENABLE_CODE_EXECUTION:-true}
CODE_EXECUTION_SANDBOX_URL: http://sandbox-executor:8090
ENABLE_CODE_INTERPRETER: ${ENABLE_CODE_INTERPRETER:-true}
CODE_INTERPRETER_SANDBOX_URL: http://sandbox-executor:8090
ENABLE_WEB_SEARCH: ${ENABLE_WEB_SEARCH:-false}
ENABLE_ADMIN_CHAT_ACCESS: ${ENABLE_ADMIN_CHAT_ACCESS:-true}
ENABLE_ADMIN_EXPORT: ${ENABLE_ADMIN_EXPORT:-true}
ENABLE_NOTES: ${ENABLE_NOTES:-true}
ENABLE_COMMUNITY_SHARING: ${ENABLE_COMMUNITY_SHARING:-true}
ENABLE_MESSAGE_RATING: ${ENABLE_MESSAGE_RATING:-true}
# Storage
UPLOAD_DIR: /app/data/uploads
CACHE_DIR: /app/data/cache
STATIC_DIR: /app/static
# Logging
GLOBAL_LOG_LEVEL: ${GLOBAL_LOG_LEVEL:-info}
RUST_LOG: ${RUST_LOG:-info}
# OpenAI
OPENAI_API_BASE_URL: ${OPENAI_API_BASE_URL:-}
OPENAI_API_KEY: ${OPENAI_API_KEY:-}
volumes:
- rust_backend_data:/app/data
ports:
- "${RUST_BACKEND_PORT_OVERRIDE:-8080}:8080"
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
sandbox-executor:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:8080/health || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
deploy:
resources:
limits:
cpus: ${RUST_BACKEND_CPU_LIMIT:-2}
memory: ${RUST_BACKEND_MEMORY_LIMIT:-2G}
reservations:
cpus: ${RUST_BACKEND_CPU_RESERVATION:-0.5}
memory: ${RUST_BACKEND_MEMORY_RESERVATION:-512M}
networks:
- open-webui-network
# Sandbox Runtime
sandbox-runtime:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/sandbox-runtime:${SANDBOX_RUNTIME_VERSION:-latest}
command: /bin/true
environment:
TZ: ${TZ:-UTC}
networks:
- open-webui-network
# Sandbox Executor Service
sandbox-executor:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/sandbox-executor:${SANDBOX_EXECUTOR_VERSION:-latest}
user: root
ports:
- "${SANDBOX_EXECUTOR_PORT_OVERRIDE:-8090}:8090"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- sandbox_logs:/var/log/sandbox-executor
environment:
SANDBOX_HOST: 0.0.0.0
SANDBOX_PORT: 8090
DOCKER_HOST: unix:///var/run/docker.sock
MAX_EXECUTION_TIME: ${SANDBOX_MAX_EXECUTION_TIME:-60}
MAX_MEMORY_MB: ${SANDBOX_MAX_MEMORY_MB:-512}
MAX_CPU_QUOTA: ${SANDBOX_MAX_CPU_QUOTA:-100000}
MAX_DISK_MB: ${SANDBOX_MAX_DISK_MB:-100}
MAX_CONCURRENT_EXECUTIONS: ${SANDBOX_MAX_CONCURRENT_EXECUTIONS:-10}
RATE_LIMIT_PER_MINUTE: ${SANDBOX_RATE_LIMIT_PER_MINUTE:-30}
RATE_LIMIT_BURST: ${SANDBOX_RATE_LIMIT_BURST:-10}
CONTAINER_IMAGE: public.ecr.aws/o3p7x2f5/knoxchat/sandbox-runtime:latest
NETWORK_MODE: ${SANDBOX_NETWORK_MODE:-none}
READ_ONLY_ROOT: ${SANDBOX_READ_ONLY_ROOT:-false}
DROP_ALL_CAPABILITIES: ${SANDBOX_DROP_ALL_CAPABILITIES:-true}
ENABLE_STREAMING: ${SANDBOX_ENABLE_STREAMING:-true}
KEEP_CONTAINERS: ${SANDBOX_KEEP_CONTAINERS:-false}
ENABLE_PYTHON: ${SANDBOX_ENABLE_PYTHON:-true}
ENABLE_JAVASCRIPT: ${SANDBOX_ENABLE_JAVASCRIPT:-true}
ENABLE_SHELL: ${SANDBOX_ENABLE_SHELL:-true}
ENABLE_RUST: ${SANDBOX_ENABLE_RUST:-true}
ENABLE_AUDIT_LOG: ${SANDBOX_ENABLE_AUDIT_LOG:-true}
AUDIT_LOG_PATH: /var/log/sandbox-executor/audit.log
TZ: ${TZ:-UTC}
depends_on:
- sandbox-runtime
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8090/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
deploy:
resources:
limits:
cpus: ${SANDBOX_EXECUTOR_CPU_LIMIT:-2}
memory: ${SANDBOX_EXECUTOR_MEMORY_LIMIT:-2G}
reservations:
cpus: ${SANDBOX_EXECUTOR_CPU_RESERVATION:-0.25}
memory: ${SANDBOX_EXECUTOR_MEMORY_RESERVATION:-256M}
networks:
- open-webui-network
# Frontend (SvelteKit)
frontend:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/open-webui-frontend:${FRONTEND_VERSION:-latest}
environment:
# Backend URLs (Socket.IO now served by Rust backend)
BACKEND_URL: http://rust-backend:8080
SANDBOX_EXECUTOR_URL: http://sandbox-executor:8090
# Server
ENV: ${ENV:-prod}
PORT: 8080
WEBUI_SECRET_KEY: ${WEBUI_SECRET_KEY}
TZ: ${TZ:-UTC}
# Database
DATABASE_URL: postgresql://${POSTGRES_USER:-open_webui}:${POSTGRES_PASSWORD:-open_webui_password}@postgres:5432/${POSTGRES_DB:-open_webui}
# OpenAI
OPENAI_API_BASE_URL: ${OPENAI_API_BASE_URL:-}
OPENAI_API_KEY: ${OPENAI_API_KEY:-}
# RAG & Embeddings
RAG_EMBEDDING_MODEL: ${RAG_EMBEDDING_MODEL:-sentence-transformers/all-MiniLM-L6-v2}
RAG_RERANKING_MODEL: ${RAG_RERANKING_MODEL:-}
RAG_EMBEDDING_MODEL_AUTO_UPDATE: ${RAG_EMBEDDING_MODEL_AUTO_UPDATE:-false}
# Whisper
WHISPER_MODEL: ${WHISPER_MODEL:-base}
# Redis
REDIS_URL: redis://redis:6379
# Features
ENABLE_RAG_WEB_SEARCH: ${ENABLE_RAG_WEB_SEARCH:-false}
ENABLE_RAG_HYBRID_SEARCH: ${ENABLE_RAG_HYBRID_SEARCH:-false}
ENABLE_IMAGE_GENERATION: ${ENABLE_IMAGE_GENERATION:-false}
# Analytics
SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
DO_NOT_TRACK: ${DO_NOT_TRACK:-true}
volumes:
- frontend_data:/app/backend/data
ports:
- "${FRONTEND_PORT_OVERRIDE:-3000}:8080"
depends_on:
rust-backend:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
sandbox-executor:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:8080/health || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
deploy:
resources:
limits:
cpus: ${FRONTEND_CPU_LIMIT:-1}
memory: ${FRONTEND_MEMORY_LIMIT:-1G}
reservations:
cpus: ${FRONTEND_CPU_RESERVATION:-0.25}
memory: ${FRONTEND_MEMORY_RESERVATION:-256M}
networks:
- open-webui-network
volumes:
postgres_data:
redis_data:
rust_backend_data:
sandbox_logs:
frontend_data:
networks:
open-webui-network:
driver: bridge