Share

How to run Ollama & Open WebUI with Docker on Linux — Quick Start Guide

By Ancap Revolt November 24, 2025
Quick start guide to securely run local LLMs with a ChatGPT style interface using Ollama and Open WebUI in semi-hardened Docker containers in their own Docker network.
How to run Ollama & Open WebUI with Docker on Linux — Quick Start Guide

image

This is a simple guide intended to get you started running LLMs on Linux with a ChatGPT-like interface through Ollama and Open WebUI in Docker containers.

After sorting through contradictory information and fighting my computer for many hours to get this working without introducing unnecessary security vulnerabilities, I’ve finally emerged victorious. I will now share what I’ve done to get it working.

For reference, here is the system I am working with:

  • AMD CPU
  • Nvidia RTX 4060ti 8GB
  • 32GB RAM
  • Pop!_OS

My approach maximizes security according to my research (without far more complex setups). Using Docker simplifies installation and isolates Ollama from the rest of the system. Using a Docker Network even further isolates things — but I haven’t seen it recommended in other guides. Isolation is important because Ollama can utilize all your compute power, and we don’t want to become inadvertent shitcoin miners, do we?

Table of Contents

  1. Install Docker
  2. Create a Docker Network
  3. Install and Start Ollama Through Docker
  4. Install and Start an Ollama Model
  5. Install and Start Open WebUI Through Docker
  6. Finishing Up
  7. Security Check
  8. Appendix

1. Install Docker

https://docs.docker.com/engine/install/

Configure Docker appropriately for your distribution and hardware configuration. Just follow their instructions.

I installed with the apt method under the Ubuntu section.

Make sure to follow the post-installation steps.

2. Create a Docker Network

This step is essential to ensure that Ollama and Open WebUI can communicate without giving Open WebUI access to the host network.

Run the following command:

docker network create ollama-net

3. Install and Start Ollama Through Docker

https://hub.docker.com/r/ollama/ollama

Follow the instructions for your hardware, but wait to run docker run .. (the only command for CPU-only or AMD GPU setups).

You must ADD the following arguments to the command used to start the Ollama container: --network ollama-net --restart always

Optionally, to maximize security, REMOVE the publish argument: -p 11434:11434 But note that this may limit extended functionality and prevent the “Link to diagnose Ollama” in the appendix from functioning. If you only want a chatbot, remove the -p argument (I haven’t tested this but it should work).

Here is the command I use:

docker run -d --gpus all --network ollama-net -v ollama:/root/.ollama -p 11434:11434 --name ollama --restart always ollama/ollama

The --network ollama-net argument attaches the container to the network we created earlier, and --restart always ensures it will restart if it stops.

You can check that the Ollama container started properly by running docker ps. It should show information about the Ollama container.

Note: if you receive an error stating that port 11434 is in use, you may already have Ollama installed on your system, run the following commands, and then try the start command again:

docker stop ollama
docker rm ollama
sudo systemctl stop ollama

4. Install and Start an Ollama Model

https://ollama.com/search

Select an appropriate model for your hardware. The first model I chose was llama3.1:8b. I recommend testing with a small model.

image

Copy the command for the model you want from the Ollama website.

Run the command:

docker exec ollama [command you copied]

Example of the command I ran:

docker exec ollama ollama run llama3.1:8b

5. Install and Start Open WebUI Through Docker

https://docs.openwebui.com/

Use the appropriate command under Quick Start with Docker,

But ADD the following arguments: --network ollama-net -e OLLAMA_BASE_URL= http://ollama:11434

And REMOVE the following: --add-host=host.docker.internal:host-gateway

Here’s my exact command:

docker run -d -p 3000:8080 --gpus all --network ollama-net -e OLLAMA_BASE_URL= http://ollama:11434 -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:cuda

If you aren’t using an Nvidia GPU run this instead:

docker run -d -p 3000:8080 --network ollama-net -e OLLAMA_BASE_URL= http://ollama:11434 -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main

Note: the base URL name “ollama” must match whatever you named the Ollama container.

Verify both containers are working by running docker ps again. You should see both listed.

You can also run docker exec ollama ollama ps to check if your Ollama models are running, but the command doesn’t always display an active model, even if Ollama is running. A better way to check that Ollama is running is by going to http://localhost:11434. It should display “Ollama is running”.

The chat interface should now be available at:

http://localhost:3000

Create an admin account, and bookmark the page for fast access.

6. Finishing Up

Alright, we are nearly finished. All that’s left is to go into Open WebUI in a web browser, and make sure it is pointing to the right place. You will only need to do this if you don’t see any Ollama models in the interface, and you’ve ensured that Ollama is running.

If you don’t see any models:

Click on your name in the lower left corner > Admin Panel > Settings > Connections > Ollama API > Manage Ollama API Connections > Configure (gear icon)

Ensure that the Ollama API Connection URL says:

http://ollama:11434

Refresh the page. The models should now be detected and the setup process is complete.

7. Security Check

Due to the fact that in previous steps we published ports 11434 and 3000, we need to ensure the following at the router level:

  • UPnP is disabled
  • There are no port forwarding rules for ports 11434 or 3000 pointing to your computer’s IP address.

You can check this simply by going to http://[your public IP]:11434 and http://[your public IP]:3000 from a different network. Neither should give a response. If either does, you need to log in to your router and change the appropriate settings.

If this attack surface is left open, attackers may gain access to your models, compute power, and data. However, this setup greatly mitigates these risks compared to running Ollama directly and/or running Open WebUI on the host network.

But we should be all good if we pass those tests.

If you had to stop Ollama on Step 3, or otherwise had it already installed, I encourage you to check the security warning below “Edit Ollama:” in the appendix below.

8. Appendix

This section includes useful links and commands.

Links
Link to chat http://localhost:3000/
Link to diagnose Ollama http://localhost:11434/
Docker installation https://docs.docker.com/engine/install/
Ollama install via Docker https://hub.docker.com/r/ollama/ollama
Open WebUI Docs https://docs.openwebui.com/
Ollama Docs https://docs.ollama.com/
Ollama Model List https://ollama.com/search

Commands: Install new models:

docker exec ollama ollama run [model]

Remove models:

docker exec ollama ollama rm [model]

Stop Docker Containers:

docker stop open-webui
docker stop ollama

Remove Containers:

docker rm open-webui
docker rm ollama

Stop Ollama (may be needed if installed directly) :

sudo systemctl stop ollama

Edit Ollama:

sudo systemctl edit --full ollama
  • CAUTION — SECURITY RISK : Add the following lines before the line that reads ‘Environment=“PATH=…”’: Environment="OLLAMA_HOST=0.0.0.0" Environment="OLLAMA_PORT=11434"
  • This was recommended by Redditors.
  • It allows Ollama to listen on all local network interfaces, and provides an attack vector by which attackers may access anything Ollama can access.
  • Confusingly, I recall it is recommended in some documentation — that I can’t find.
  • This is best avoided unless otherwise necessary.
  • To harden a system with Ollama already installed, ensure the above OLLAMA_HOST and OLLAMA_PORT lines don’t exist. Consider uninstalling Ollama and rebuilding the environment. You must stop and remove the relevant Docker containers to do so.

Check if a port is active:

sudo lsof -i :11434

Check for Docker processes:

docker ps

Check for Ollama processes (only installed through Docker) :

docker exec ollama ollama ps

Check for Ollama processes (installed directly) :

ollama ps

Published November 24th, 2025 — Ancap Revolt — Handwritten — Gemini 3 & Grok 4.1 used in early troubleshooting and security review.

#technology #artificial intelligence #tech #guide #open source #freedom #linux
Write a comment
No comments yet.

Related articles

by anon

February 17 2026 · Edited May 30, 2026
Cover image for The Quantum Computer Dream is Falling Apart

The Quantum Computer Dream is Falling Apart

Take back your personal data with Incogni! Use code Sabine at the link below and get 60% off annual plans: https://incogni.com/sabine As we continue to research quantum computing, quantum advantage – the supposed advantage that quantum computers theoretically have over regular computers – continues to dry up. Today we’re covering how more quantum computing use cases are disappearing, and an unexpected problem with quantum computing in general. Paper 1: https://arxiv.org/abs/2601.04621 Paper 2:

by Seroter's Daily Reading

May 28 2026
Cover image for Seroter's Daily Reading — #792 (May 27, 2026)

Seroter's Daily Reading — #792 (May 27, 2026)

Episode 792 covers Gemini Managed Agents, MCP in context engineering, worker skill atrophy from AI, evaluating multi-turn agent trajectories, AI psychosis in tech CEOs, choosing to stay human, Chrome's built-in AI APIs, the delegation problem in multi-agent AI, MCP Authorization, and the AC/DC framework for governing AI coding agents.

by abu ruqayyah

May 27 2026
Cover image for Bitcoin, Put Simply.

Bitcoin, Put Simply.

Bitcoin is simpler than people make it out to be.