[GH-ISSUE #21093] feat: Native SSL/TLS support. #34908

New Issue

Closed

opened 2026-04-25 09:05:12 -05:00 by GiteaMirror · 2 comments

GiteaMirror commented 2026-04-25 09:05:12 -05:00

Owner

Copy Link

Originally created by @abcbarryn on GitHub (Feb 1, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/21093

Check Existing Issues

• I have searched for all existing open AND closed issues and discussions for similar requests. I have found none that is comparable to my request.

Verify Feature Scope

• I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions.

Problem Description

It would be nice if there was a way to enable SSL/TLS for Open WebUI without using external solutions like stunnel, etc. Or am I missing something?

Desired Solution you'd like

I would like an option for Open WebUI to support https.

Alternatives Considered

I am currently running stunnel to supply https.

Additional Context

No response

Originally created by @abcbarryn on GitHub (Feb 1, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/21093 ### Check Existing Issues - [x] I have searched for all existing **open AND closed** issues and discussions for similar requests. I have found none that is comparable to my request. ### Verify Feature Scope - [x] I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions. ### Problem Description It would be nice if there was a way to enable SSL/TLS for Open WebUI without using external solutions like stunnel, etc. Or am I missing something? ### Desired Solution you'd like I would like an option for Open WebUI to support https. ### Alternatives Considered I am currently running stunnel to supply https. ### Additional Context _No response_

GiteaMirror closed this issue 2026-04-25 09:05:12 -05:00

GiteaMirror commented 2026-04-25 09:05:13 -05:00

Author

Owner

Copy Link

@TomTheWise commented on GitHub (Feb 2, 2026):

It is VERY standard for Web Applications to always put them behind reverseproxies like apache2 or nginx which then handle the TLS termination and proxy their requests to the actual application.

For example tomcat / jetty based enterprise Java web apps are typically put behind reverse proxies - simply for example to strengthen the security and other reasons.

Also this allows for some of the SSO features. With Apache2 you can for example do Kerberos based SSO or other authentication types and then pass on and use the email header provided from the Apache2 in OpenWebUI for authentication.

So, as to me this is very standard practice for enterprise web applications, I doubt that native TLS would be a worthy addition.

<!-- gh-comment-id:3837302074 --> @TomTheWise commented on GitHub (Feb 2, 2026): It is VERY standard for Web Applications to always put them behind reverseproxies like apache2 or nginx which then handle the TLS termination and proxy their requests to the actual application. For example tomcat / jetty based enterprise Java web apps are typically put behind reverse proxies - simply for example to strengthen the security and other reasons. Also this allows for some of the SSO features. With Apache2 you can for example do Kerberos based SSO or other authentication types and then pass on and use the email header provided from the Apache2 in OpenWebUI for authentication. So, as to me this is very standard practice for enterprise web applications, I doubt that native TLS would be a worthy addition.

GiteaMirror commented 2026-04-25 09:05:13 -05:00

Author

Owner

Copy Link

@Classic298 commented on GitHub (Feb 2, 2026):

I dont think this will be implemented and I didn't close this issue yet because this, i don't want to decide, here tim should have the last word.

But if anyone is landing here from search or else: there are many and very good tutorials in the docs for how to set up various reverse proxies. It's simple, gives you full control over how the data is served, even improves loading speed through caching - and also implements TLS support if you need it.

And yeah, in enterprise scenario it is absolutely standard to put a reverse proxy in front of the application - for security reasons, but also for load balancing, caching and more.
Security definitely being a major point here

<!-- gh-comment-id:3837314061 --> @Classic298 commented on GitHub (Feb 2, 2026): I dont think this will be implemented and I didn't close this issue yet because this, i don't want to decide, here tim should have the last word. But if anyone is landing here from search or else: there are many and very good tutorials in the docs for how to set up various reverse proxies. It's simple, gives you full control over how the data is served, even improves loading speed through caching - and also implements TLS support if you need it. And yeah, in enterprise scenario it is absolutely standard to put a reverse proxy in front of the application - for security reasons, but also for load balancing, caching and more. Security definitely being a major point here

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#34908