toolsSource-backedReview first Safety ✓ Privacy ✓

Open WebUI

Self-hosted AI platform and web UI for Ollama, OpenAI-compatible APIs, RAG, Python function tools, model builder workflows, artifacts, web search, vector databases, enterprise auth, observability, plugins, and MCP-adjacent OpenAPI integrations.

by Open WebUI·added 2026-06-18·

CLI

HarnessCLI

Review first — review before installing

Open the source and read safety notes before installing.

Safety notes

Open WebUI can run Python function-calling tools, RAG ingestion, web search, web browsing, image generation, plugins, and model/provider integrations; review each capability before enabling it for untrusted users.
Docker examples expose web ports and persistent volumes. Mount persistent data, set admin/auth controls, and avoid treating demo defaults as production hardening.
Python function tools and plugin pipelines can execute application logic and access configured services. Restrict tool creation and plugin installation to trusted administrators.
RAG and web browsing can ingest local documents, URLs, cloud files, and extracted text; test indexing quality and permissions before exposing private corpora to users.
Open WebUI uses a custom Open WebUI License with branding restrictions and enterprise-license exceptions. Verify license terms before redistribution, white-labeling, or commercial deployment.

Privacy notes

Chats, prompts, uploaded files, document chunks, embeddings, vector metadata, web search results, browser-fetched pages, Python tool inputs, plugin outputs, voice/video data, logs, metrics, and traces may contain private data.
Configured model providers, vector databases, document extraction engines, web search providers, image providers, object storage, Redis, auth providers, and observability backends may receive user data.
Keep provider keys, OAuth/LDAP/SSO secrets, database URLs, object storage keys, plugin credentials, uploaded files, RAG indexes, and OpenTelemetry exports out of public repos and screenshots.
Define retention, deletion, tenant separation, group permissions, export policy, and audit review before using Open WebUI as a shared internal workspace.

Prerequisites

Python 3.11 or 3.12 for pip installation, or Docker/Kubernetes for container deployment.
Ollama, OpenAI-compatible endpoint, OpenAI API key, or another configured model provider.
Persistent storage for the application database and uploaded/RAG content; Docker users must mount `/app/backend/data` to avoid data loss.
Optional vector database, document extraction, web search, image generation, speech, enterprise auth, object storage, Redis, or observability services depending on enabled features.
A policy for which users can create models, add Python function tools, enable plugins, access documents, and connect external APIs.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 30 minutes
Difficulty: intermediate

Tool listing metadata

Website: https://openwebui.com/
Pricing: freemium
Disclosure: editorial
Application category: DeveloperApplication
Operating system: Web

Full copyable content

pip install open-webui
open-webui serve

About this resource

Overview

Open WebUI is a self-hosted AI platform and web UI for Ollama, OpenAI-compatible APIs, local RAG, Python function tools, model builder workflows, web search, web browsing, image generation, storage backends, enterprise auth, observability, plugins, and scalable deployments.

This tools entry is distinct from the existing mcpo MCP/OpenAPI proxy entry. mcpo is the bridge that exposes MCP tools as OpenAPI endpoints for clients such as Open WebUI. This entry covers the main Open WebUI application that users run, configure, and extend.

Install

Open WebUI can be installed from PyPI with Python 3.11 or 3.12:

pip install open-webui
open-webui serve

The README also documents Docker images for standard, CUDA, and bundled Ollama deployments, plus Kubernetes, Docker Compose, Kustomize, Helm, and other deployment options in the official docs.

Core Capabilities

Area	Open WebUI Coverage
Model access	Ollama, OpenAI-compatible APIs, LM Studio, Groq, Mistral, OpenRouter, and other endpoints
RAG	Built-in inference engine for RAG, local documents, document library, web content, 9 vector databases, and multiple extraction engines
Tools	Native Python function-calling tools with a built-in code editor and BYOF workflow
Model builder	Create Ollama models and custom characters/agents through the web UI
Search and browsing	Web search across many providers and URL ingestion into chats
Media	Voice/video calls, speech-to-text, text-to-speech, and image generation/editing integrations
Operations	RBAC, user groups, enterprise auth, SCIM, object storage, OpenTelemetry, Redis-backed scaling, and database/storage options
Plugins	Open WebUI plugin support through Pipelines and related extension patterns
MCP-adjacent path	`mcpo` can expose MCP tools as OpenAPI endpoints for Open WebUI and similar tools

MCP Fit

Open WebUI is not itself listed here as an MCP server. It is relevant to MCP searches because the Open WebUI ecosystem includes mcpo, already listed in this directory, which can expose MCP tools over OpenAPI for Open WebUI and other agent tools. The main application also has mcp in its Python dependencies and repository topics, so MCP-adjacent workflows are part of the ecosystem.

The practical security boundary is still the same: decide which tools, OpenAPI actions, Python functions, plugins, and model providers users can reach from the web UI, then enforce that through roles, groups, secrets, and deployment config.

Source Review

Verified on 2026-06-18:

GitHub reports open-webui/open-webui as an active repository with 142,000+ stars, release v0.9.6, and topics including ollama, self-hosted, rag, openai, mcp, and openapi.
The README describes Open WebUI as an extensible, feature-rich, self-hosted AI platform designed to operate offline, with Ollama and OpenAI-compatible API support, built-in RAG, Docker/Kubernetes setup, RBAC, model builder, native Python function-calling tools, local RAG, web search, web browsing, image generation, vector database support, enterprise auth, observability, and plugin support.
The README documents pip install open-webui, open-webui serve, Docker installation, CUDA and bundled Ollama images, data-volume persistence, offline mode, updating, and dev-tag caveats.
pyproject.toml declares the open-webui package, Python >=3.11,<3.13, the project license file, mcp==1.26.0, OpenAI/Anthropic/Google clients, LangChain packages, vector-store/database dependencies, extraction packages, auth packages, Redis/session support, and optional database extras.
PyPI resolves open-webui package metadata for version 0.9.6.
The root LICENSE file is the Open WebUI License with branding restrictions and references to LICENSE_HISTORY for prior license terms.

Safety and Privacy

Open WebUI can become a shared internal AI workspace very quickly. Before using it with real users, decide who can administer providers, create models, add Python tools, install plugins, access documents, export conversations, and change auth or storage settings.

The same applies to RAG. Uploaded files, extracted text, embeddings, vector metadata, web results, browsed pages, and model responses can leak sensitive context through logs, providers, tools, or shared chats. Keep persistent storage mounted, secrets scoped, plugin access limited, and audit logs reviewed.

Duplicate Check

Checked current content/tools/, content/mcp/, content/agents/, content/skills/, guides, collections, open pull requests, and repository-wide content for open-webui/open-webui, Open WebUI, OpenWebUI, open-webui, Ollama web UI, Open WebUI RAG, Open WebUI MCP, Open WebUI tools, Python function calling tools, and self-hosted AI web UI. Existing content includes content/mcp/mcpo-mcp-openapi-proxy.mdx, which covers the Open WebUI ecosystem MCP-to-OpenAPI proxy. No dedicated Open WebUI tools entry for the main platform, exact source URL duplicate in tools, target file, or open duplicate PR was found.

#open-webui #self-hosted #ollama #rag #ai-agents #mcp #openapi #tools #vector-database #docker

Source citations

Add this badge to your README

Show that Open WebUI is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/tools/open-webui.svg)](https://heyclau.de/entry/tools/open-webui)

How it compares

Open WebUI side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	Open WebUI Self-hosted AI platform and web UI for Ollama, OpenAI-compatible APIs, RAG, Python function tools, model builder workflows, artifacts, web search, vector databases, enterprise auth, observability, plugins, and MCP-adjacent OpenAPI integrations. Open dossier	RAGFlow Open-source RAG and agentic retrieval platform with DeepDoc document understanding, visual chunking, grounded citations, heterogeneous data-source ingestion, agent workflows, MCP support, code executor support, and Docker self-hosting. Open dossier	AnythingLLM Local-first AI application for private chat, document RAG, workspace agents, MCP-compatible tools, model routing, memories, scheduled tasks, multimodal workflows, multi-user Docker deployments, and self-hosted agent automation. Open dossier	Flowise Visual low-code builder for AI agents, RAG apps, chatbots, agentic workflows, multi-agent systems, LangChain-based components, API-serving flows, and self-hosted deployments through npm, Docker, and cloud platforms. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	tools	tools	tools	tools
Source	source-backed	source-backed	source-backed	source-backed
Author	Open WebUI	InfinityFlow	Mintplex Labs	FlowiseAI
Added	2026-06-18	2026-06-18	2026-06-18	2026-06-18
Platforms	CLI	CLI	CLI	CLI
Source repo	—	—	—	—
Safety notes	✓Open WebUI can run Python function-calling tools, RAG ingestion, web search, web browsing, image generation, plugins, and model/provider integrations; review each capability before enabling it for untrusted users. Docker examples expose web ports and persistent volumes. Mount persistent data, set admin/auth controls, and avoid treating demo defaults as production hardening. Python function tools and plugin pipelines can execute application logic and access configured services. Restrict tool creation and plugin installation to trusted administrators. RAG and web browsing can ingest local documents, URLs, cloud files, and extracted text; test indexing quality and permissions before exposing private corpora to users. Open WebUI uses a custom Open WebUI License with branding restrictions and enterprise-license exceptions. Verify license terms before redistribution, white-labeling, or commercial deployment.	✓RAGFlow is a multi-service RAG platform, not a small CLI. Review Docker services, exposed ports, persistent volumes, model-provider keys, parser settings, and update strategy before production use. The README notes x86 Docker image availability and separate guidance for ARM64 builds; verify architecture before deploying on ARM hosts. Deep document parsing, OCR, chunking, embeddings, reranking, agent workflows, MCP, and code executor features can process sensitive files and produce misleading outputs if retrieval quality is not tested. The code executor feature requires sandbox review. Use gVisor or another isolation plan before running generated or user-provided code. MCP support should be configured with localhost binding, API-key hygiene, dataset-level scoping, and read-only retrieval defaults unless a broader tool surface has been reviewed.	✓AnythingLLM can run agents, scheduled tasks, MCP-compatible tools, browser-like workspace actions, developer APIs, and external model calls; scope tools and credentials before enabling them for users. The upstream Docker guide includes examples that add the SYS_ADMIN capability to the container. Review whether that capability is acceptable for the host before copying production run commands. Multi-user Docker deployments need normal production controls: authentication, TLS, network isolation, secret management, persistent-volume ownership, backups, and upgrade planning. Agent tools, custom agents, model routing, memories, and scheduled tasks can change behavior over time; use least privilege, logging, review gates, and rollback plans for write-capable workflows. Localhost services such as Ollama, Chroma, LocalAI, or LM Studio may need Docker host routing adjustments; avoid exposing local provider ports wider than intended.	✓Flowise can turn visual flows into callable chatbots, agents, RAG pipelines, and API endpoints. Review each flow's tools, credentials, webhooks, and external actions before production use. Self-hosted deployments should protect the UI, credentials, flow exports, logs, and API endpoints with authentication, network controls, secret management, and backups. RAG flows may ingest private documents, chunk content, create embeddings, and query external vector databases; scope datasets and retention before sharing flows. Agentic workflows and multi-agent systems can call external services repeatedly; set quotas, rate limits, and approval gates for write actions. The repository license file says most code is Apache-2.0, while enterprise directories and files with explicit copyright notices use a commercial license; verify license boundaries before redistribution.
Privacy notes	✓Chats, prompts, uploaded files, document chunks, embeddings, vector metadata, web search results, browser-fetched pages, Python tool inputs, plugin outputs, voice/video data, logs, metrics, and traces may contain private data. Configured model providers, vector databases, document extraction engines, web search providers, image providers, object storage, Redis, auth providers, and observability backends may receive user data. Keep provider keys, OAuth/LDAP/SSO secrets, database URLs, object storage keys, plugin credentials, uploaded files, RAG indexes, and OpenTelemetry exports out of public repos and screenshots. Define retention, deletion, tenant separation, group permissions, export policy, and audit review before using Open WebUI as a shared internal workspace.	✓Uploaded documents, parsed chunks, OCR text, embeddings, dataset metadata, chat history, citations, agent workflow state, code executor inputs, MCP payloads, logs, and model responses may contain private or regulated data. Model providers, embedding providers, rerankers, synchronized data sources, object storage, databases, and MCP clients may receive data depending on deployment settings. Keep RAGFlow API keys, provider keys, service configuration, dataset IDs, document IDs, logs, backups, and generated citations out of prompts, public issues, screenshots, and committed examples. Define retention, deletion, access review, and export rules before ingesting customer, financial, legal, healthcare, source-code, or credential-bearing documents.	✓Uploaded documents, parsed chunks, embeddings, workspace memories, prompts, chat history, agent state, scheduled task inputs, MCP payloads, provider responses, logs, and API calls may contain sensitive data. The README documents anonymous telemetry and an opt-out through DISABLE_TELEMETRY=true or the in-app privacy setting; review this before using regulated or confidential data. Even with telemetry disabled, outbound calls may still go to configured LLMs, embedding models, vector databases, external tools, cdn.anythingllm.com, GitHub, or GitHubusercontent depending on the deployment. Keep provider keys, JWT secrets, workspace invite links, storage paths, private documents, and generated citations out of public prompts, screenshots, issues, and examples.	✓Prompts, uploaded documents, chunks, embeddings, vector metadata, tool inputs, tool outputs, model responses, credentials, flow definitions, logs, and exported chatflows may contain private data. Model providers, embedding providers, vector stores, document loaders, search APIs, workflow integrations, and hosted Flowise Cloud may receive data depending on flow configuration. Do not commit `.env` files, provider keys, vector database secrets, webhook URLs, exported credentials, generated logs, or private flow templates. Before publishing a chatbot or API endpoint, review whether prompts, source documents, dataset IDs, and tool outputs are exposed to users or downstream systems.
Prerequisites	Python 3.11 or 3.12 for pip installation, or Docker/Kubernetes for container deployment. Ollama, OpenAI-compatible endpoint, OpenAI API key, or another configured model provider. Persistent storage for the application database and uploaded/RAG content; Docker users must mount `/app/backend/data` to avoid data loss. Optional vector database, document extraction, web search, image generation, speech, enterprise auth, object storage, Redis, or observability services depending on enabled features.	CPU with at least 4 cores, 16 GB RAM, 50 GB disk, Docker 24.0.0 or newer, and Docker Compose v2.26.1 or newer for the documented self-hosted path. Python 3.13 for source/development workflows. gVisor if the code executor sandbox feature will be used. Configured model-provider and embedding-provider keys in the documented service configuration.	Docker for the documented self-hosted path, or the desktop application for a local workstation install. At least the upstream minimum host resources, with disk sized for documents, embeddings, vector storage, models, logs, and backups. A local or remote LLM provider, embedding provider, and optional speech or image models for the workflows the workspace will run. A storage, backup, retention, and access-control plan before ingesting private documents or opening a multi-user Docker instance.	Node.js 20.0.0 or newer for npm installation. Docker Compose if using the documented Docker self-host path. Provider credentials for selected LLMs, embedding models, vector stores, document loaders, tools, or workflow integrations. Persistent database/storage configuration, auth settings, and environment variables before exposing a shared Flowise instance.
Install	`pip install open-webui`	`docker compose -f docker-compose.yml up -d`	`docker pull mintplexlabs/anythingllm`	`npm install -g flowise`
Config	—	—	—	—
Citations	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationdocs.openwebui.com Websiteopenwebui.com	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationragflow.io	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationdocs.anythingllm.com	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationdocs.flowiseai.com
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

Featured in

Best list: Best vector databases for RAG

Signals

Loading live community signals…