mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 23:04:48 -05:00
[GH-ISSUE #24470] feat: [Security Enhancement] Enable DNSSEC #107303
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @thegreatGreenstar on GitHub (May 8, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/24470
Check Existing Issues
Verify Feature Scope
Problem Description
Website has DNSSEC disabled, this reduces the security of the site.
https://www.cloudflare.com/learning/dns/dns-security/
Desired Solution you'd like
DNSSEC to be enabled at the domain level.
https://developers.cloudflare.com/dns/dnssec/#enable-dnssec
Additional Context
To enable DNSSEC is incredibly simple through your Cloudflare usage.
Simply go through: https://developers.cloudflare.com/dns/dnssec/#enable-dnssec
and follow the instructions.
@owui-terminator[bot] commented on GitHub (May 8, 2026):
⚠️ Missing Issue Title Prefix
@thegreatGreenstar, your issue title is missing a categorising prefix (e.g.
bug:,feat:,docs:).Please update the title to lead with one of:
Example:
bug: Login fails when the password contains special characters@Classic298 commented on GitHub (May 8, 2026):
then enable dnssec at your reverse proxy. open webui is not your TLS endpoint
@thegreatGreenstar commented on GitHub (May 8, 2026):
What?
This is about protecting the site itself, to ensure requests are not routed to a spoofed domain.
Before even doing anything else, the site itself. This also won't cause any breakage. There should be no reason to have this disabled unless actively transferring the site.
@thegreatGreenstar commented on GitHub (May 8, 2026):
Something like HSTS, sure you may not want to use that, if you want to allow http connections.
But there is no reason the site should have DNSSEC enabled.
@Classic298 commented on GitHub (May 8, 2026):
why would open webui be responsible for enabling DNSSEC
@Classic298 commented on GitHub (May 8, 2026):
?
@thegreatGreenstar commented on GitHub (May 8, 2026):
To secure the website itself. https://openwebui.com
So when people access the blog, log in, etc, they are actually accessing the real website, rather than something else.
@Classic298 commented on GitHub (May 8, 2026):
aha you mean openwebui.com !
Why didn't you say so in your original issue straight away? You opened it against the openwebui repository. Open it against the community website repo so this can be tracked