@@ -55,7 +55,7 @@ This repository wires together a local AI stack built around **Open WebUI**, **O
|
|||||||
* **what it is:** a small HTTP server (Bun runtime) that executes pure source code in short-lived, sandboxed containers.
|
* **what it is:** a small HTTP server (Bun runtime) that executes pure source code in short-lived, sandboxed containers.
|
||||||
* **why it exists:** lets Open WebUI tools run code safely with tight resource limits (no network, read-only fs, cgroup limits, `--cap-drop=ALL`, `no-new-privileges`).
|
* **why it exists:** lets Open WebUI tools run code safely with tight resource limits (no network, read-only fs, cgroup limits, `--cap-drop=ALL`, `no-new-privileges`).
|
||||||
* **integration contract:** exposes an **OpenAPI schema at `/openapi.json`** and a single POST `/execute` endpoint. Open WebUI can import this as a **tool server**.
|
* **integration contract:** exposes an **OpenAPI schema at `/openapi.json`** and a single POST `/execute` endpoint. Open WebUI can import this as a **tool server**.
|
||||||
* **security posture:** pulls allow-listed base images (gcc, python, node, bun, etc.), mounts only a tmpfs workdir, times out jobs ≈25s, and runs with non-root uid/gid. the container has access to the host’s docker socket *only* to run the sandbox containers.
|
* **security posture:** pulls allow-listed base images (gcc, python, node, bun, etc.), mounts only a tmpfs workdir, times out jobs ≈25s, and runs with non-root uid/gid. The container has access to the host’s docker socket *only* to run the sandbox containers.
|
||||||
|
|
||||||
### Browser-use web-ui (`browser/`)
|
### Browser-use web-ui (`browser/`)
|
||||||
|
|
||||||
@@ -64,13 +64,13 @@ This repository wires together a local AI stack built around **Open WebUI**, **O
|
|||||||
|
|
||||||
### Cloudflared tunnel (`cloudflared-tunnel-config.yml`)
|
### Cloudflared tunnel (`cloudflared-tunnel-config.yml`)
|
||||||
|
|
||||||
* maps hostnames (like `mlep.domain.com` for Ollama, `owebui.domain.com` for Open WebUI, and a `tools` host) to the internal services. useful for private, authenticated access without public inbound ports.
|
* maps hostnames (like `mlep.domain.com` for Ollama, `owebui.domain.com` for Open WebUI, and a `tools` host) to the internal services. Useful for private, authenticated access without public inbound ports.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Why you currently **don’t** need an external RAG server
|
## Why I currently **don’t** use an external RAG server
|
||||||
|
|
||||||
Open WebUI ships with first-class **knowledge / RAG** support: add files/URLs, it chunks + embeds, indexes, retrieves, and automatically **prefixes retrieved context** to the model prompt using a RAG template. for lightweight to mid-sized corpora and single-user/small-team usage, that’s often all you need.
|
Open WebUI ships with pretty good **knowledge / RAG** support: add files/URLs, it chunks + embeds, indexes, retrieves, and automatically **prefixes retrieved context** to the model prompt using a RAG template. For lightweight to mid-sized corpora and single-user/small-team usage, that’s often all you need.
|
||||||
|
|
||||||
**Stay with built-in RAG if most of these are true:**
|
**Stay with built-in RAG if most of these are true:**
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user