-
1 Stable
released this
2025-07-23 22:07:31 +00:00 | 1 commits to master since this releaseA single, robust, and intelligent shell script to fully automate the deployment of Open WebUI and an optional, private SearXNG instance on a Debian server. This script transforms a manual setup process into a production-ready, one-shot command, complete with security hardening and full life-cycle automation.
This project was born from an iterative process of converting a manual guide into a fully automated script, adding features and fixing real-world deployment issues like Let's Encrypt rate limits, firewall pre-configurations, fragile cron jobs, and complex multi-container networking and configuration bugs.
Features
- Fully Automated Deployment: Runs non-interactively after an initial prompt for configuration details.
- Optional SearXNG Stack:
- Deploys a private SearXNG instance on a secure Docker network.
- Exposes it publicly on a separate subdomain with Basic Auth protection.
- Allows internal access from Open WebUI tools without authentication for fast, secure searching.
- Supports an optional Brave Search API key for enhanced, ad-free results.
- Adds a custom JSON engine to SearXNG for advanced integrations.
- Security First:
- Firewall Aware: Intelligently detects and manages
UFW
. Brute-Force Protection: Installs and configuresFail2Ban
to protect the Open WebUI login.
- Firewall Aware: Intelligently detects and manages
- Robust Service Management: Deploys services via Docker on a shared private network, the recommended method.
- Automatic HTTPS: Uses Nginx as a reverse proxy and
Certbot
to automatically obtain and renew free Let's Encrypt SSL certificates. - Production-Ready Automation:
- System Updates: Configures
unattended-upgrades
. - Container Updates: Deploys
Watchtower
for automatic container updates. - Scheduled Reboots: Implements a robust weekly reboot via a
cron.d
file.
- System Updates: Configures
Prerequisites
Before running the script, you will need:
- A server running Debian 11 or 12.
sudo
orroot
access.- A domain for Open WebUI (e.g.,
ai.example.com
) with a DNS A record pointing to your server's IP. - If deploying SearXNG, a second domain (e.g.,
search.example.com
) also pointing to your server's IP. (The script usessearch.example.com
by default but the variable can be changed).
Usage
- Download the script to your Debian server:
curl -fsSL -o onepush.sh https://git.r21.io/primemover/onepush/releases/download/1/onepush.sh
- Make the script executable:
chmod +x onepush.sh
- Run the script with
sudo
:sudo ./onepush.sh
SearXNG PR
#1 (comment)Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
onepush.sh
0 downloads · 10 KiB