github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 04:16:03 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #7587] Google SSO does not work properly in a reverse proxy environment #14806

New Issue
Closed
opened 2026-04-19 21:05:00 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-19 21:05:00 -05:00
Owner
Copy Link

Originally created by @Taikono-Himazin on GitHub (Dec 4, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/7587

Bug Report

Installation Method

docker
Use nginx as reverse proxy to support SSL

Environment

  • Open WebUI Version: v0.4.7

  • Ollama (if applicable): 0.4.7

  • Operating System: Win 11

  • Browser (if applicable): Chrome 131.0.6778.86

Confirmation:

  • I have read and followed all the instructions provided in the README.md.
  • I am on the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

Expected Behavior:

I have configured Google SSO.
I can sign in successfully.

Actual Behavior:

①OpenWebUI login screen
②Click "Sign in with Google" to go to the Google screen
③Authentication with Google is successful, and you are returned to the URL set in GOOGLE_REDIRECT_URI.
Bug here You are redirected to the URL after reverse proxy.
⑤Since you cannot access it from the client PC, an error occurs naturally

URL flow

https://[front URL]:3443/auth
https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=XXXXXXX&redirect_uri=https%3A%2F%2F[front URL]%3A3443%2Foauth%2Fgoogle%2Fcallback&scope=openid+email+profile&state=XXX XXX

https://[URL on the front side]:3443/oauth/google/callback?state=XXXXXX&code=XXXXXX&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=0&hd=XXXX&prompt=none
Bug here https://[URL on the back side]/auth

Description

I'm running OpenWebUI behind a reverse proxy.

WebUI_URL and GOOGLE_REDIRECT_URI are set correctly as the URL on the front side.

A. The redirect destination in ④ is wrong. It should be set based on WebUI_URL, not fastapi.baseurl.

Originally created by @Taikono-Himazin on GitHub (Dec 4, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/7587 # Bug Report ## Installation Method docker Use nginx as reverse proxy to support SSL ## Environment - **Open WebUI Version:** v0.4.7 - **Ollama (if applicable):** 0.4.7 - **Operating System:** Win 11 - **Browser (if applicable):** Chrome 131.0.6778.86 **Confirmation:** - [x] I have read and followed all the instructions provided in the README.md. - [x] I am on the latest version of both Open WebUI and Ollama. - [x] I have included the browser console logs. - [ ] I have included the Docker container logs. - [ ] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. ## Expected Behavior: I have configured Google SSO. I can sign in successfully. ## Actual Behavior: ①OpenWebUI login screen ②Click "Sign in with Google" to go to the Google screen ③Authentication with Google is successful, and you are returned to the URL set in GOOGLE_REDIRECT_URI. ④*Bug here* You are redirected to the URL after reverse proxy. ⑤Since you cannot access it from the client PC, an error occurs naturally URL flow ① https://[front URL]:3443/auth ②https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=XXXXXXX&redirect_uri=https%3A%2F%2F[front URL]%3A3443%2Foauth%2Fgoogle%2Fcallback&scope=openid+email+profile&state=XXX XXX ③ https://[URL on the front side]:3443/oauth/google/callback?state=XXXXXX&code=XXXXXX&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=0&hd=XXXX&prompt=none ④*Bug here* https://[URL on the back side]/auth ## Description I'm running OpenWebUI behind a reverse proxy. WebUI_URL and GOOGLE_REDIRECT_URI are set correctly as the URL on the front side. A. The redirect destination in ④ is wrong. It should be set based on WebUI_URL, not fastapi.baseurl.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#14806
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?