Externalise WEBUI_URL / LLM_URL to .env

So changing the deployment's hostnames is a one-file edit (.env) instead of touching docker-compose.yml. WEBUI_URL is the full URL with scheme (Open WebUI uses it for auth redirects); LLM_URL is the bare hostname (Anubis wants it for COOKIE_DOMAIN). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 10:49:29 -05:00
parent 97547c783c
commit 21e976e275
3 changed files with 17 additions and 7 deletions
--- a/deployments/ai-stack/.env.example
+++ b/deployments/ai-stack/.env.example
@@ -1,6 +1,14 @@
 # Copy to .env and fill in. docker compose picks .env up automatically.
 # Never commit the populated .env — it's in .gitignore at repo root.

+# Public URL Open WebUI is reached at, with scheme. Used for auth redirects
+# and email-link generation.
+WEBUI_URL=https://chat.example.com
+
+# Bare hostname (no scheme) for the same Open WebUI host. Used as the cookie
+# domain by the Anubis sidecar so its session cookie scopes correctly.
+LLM_URL=chat.example.com
+
 # Cookie-signing key for Open WebUI sessions. Generate once with:
 #   openssl rand -hex 32
 # Must stay stable across restarts — rotating it logs every user out.
--- a/deployments/ai-stack/README.md
+++ b/deployments/ai-stack/README.md
@@ -44,9 +44,13 @@ cp .env.example .env

 Then edit:

- **`.env`** — fill in `WEBUI_SECRET_KEY` and (if using Anubis) `ANUBIS_OWUI_KEY`.
-  Optionally pin `COMFYUI_IMAGE_TAG` to a specific `v*` release instead of
-  `latest`.
+- **`.env`** — fill in:
+    - `WEBUI_URL` (full URL with scheme) and `LLM_URL` (bare hostname). Both
+      point at the same Open WebUI host; Open WebUI wants the URL form for
+      auth redirects, Anubis wants the bare hostname for its cookie domain.
+    - `WEBUI_SECRET_KEY` and (if using Anubis) `ANUBIS_OWUI_KEY` —
+      `openssl rand -hex 32` for each.
+    - Optionally pin `COMFYUI_IMAGE_TAG` to a specific `v*` release.
 - **`Caddyfile`** — replace the `chat.example.com` and `comfyui.example.com`
  hostnames with yours; replace `REPLACE_WITH_BCRYPT_HASH` with a real
  bcrypt hash:
@@ -57,8 +61,6 @@ Then edit:
 - **`init-models.sh`** — keep the LLMs you want preseeded, drop the rest.
  Check sizes at <https://ollama.com/library> first; the host needs disk
  for everything listed.
- **`docker-compose.yml`** — update `WEBUI_URL` and `COOKIE_DOMAIN` to
-  match the hostnames you set in the Caddyfile.

 ## 3. Bring it up

--- a/deployments/ai-stack/docker-compose.yml
+++ b/deployments/ai-stack/docker-compose.yml
@@ -142,7 +142,7 @@ services:
      WEBUI_AUTH: "true"
      ENABLE_SIGNUP: "false"
      DEFAULT_USER_ROLE: "pending"
-      WEBUI_URL: "https://chat.example.com"
+      WEBUI_URL: "${WEBUI_URL}"
      WEBUI_SECRET_KEY: "${WEBUI_SECRET_KEY}"
      OLLAMA_BASE_URL: "http://ollama:11434"
      ENABLE_IMAGE_GENERATION: "true"
@@ -182,6 +182,6 @@ services:
      BIND: ":8923"
      TARGET: "http://open-webui:8080"
      DIFFICULTY: "4"                          # SHA-256 leading zeros; 4 = ~1s client work
-      COOKIE_DOMAIN: "chat.example.com"
+      COOKIE_DOMAIN: "${LLM_URL}"
      METRICS_BIND: ":9090"
      ED25519_PRIVATE_KEY_HEX: "${ANUBIS_OWUI_KEY}"