Apple Containerization

December 6, 2025 · View on GitHub

This repo provides a concise guide and helper script for running Open-WebUI using Apple’s first‑party container tool on Apple silicon Macs.

  • Reference article: AppleContainerization.md
  • Example script: openwebui-apple-container.sh

Why use this?

  • First‑party runtime: Uses Apple’s container for lightweight, secure isolation.
  • Apple silicon optimized: Great performance without third‑party hypervisors.
  • Local + private: Pair Open‑WebUI with a local Ollama for private inference.
  • Simple persistence: Stores UI data on the host for easy upgrades.

Requirements

  • macOS 26 or later.
  • Apple container installed (via Homebrew or GitHub):
  • Ollama installed on the host (and configured to accept LAN connections).

See AppleContainerization.md for background, trade‑offs, and networking context.

Quick start (script)

The script wraps common tasks for running Open‑WebUI with Apple container while pointing it at an Ollama instance on your Mac.

./openwebui-apple-container.sh run    # create/start container
./openwebui-apple-container.sh update # pull image and recreate if changed
./openwebui-apple-container.sh logs   # follow logs
./openwebui-apple-container.sh test   # quick connectivity test to Ollama

The script will start the Apple container system automatically if it is not already running.

Optional environment overrides:

OLLAMA_URL="http://<IP>:11434" 
OWUI_NAME="open-webui"
OWUI_PORTS="3000:8080"                       # host:container
OWUI_DATA="$HOME/.open-webui"               # persistent data dir
OWUI_IMAGE="ghcr.io/open-webui/open-webui:main"

After run, open http://localhost:3000.

By default, the script auto-detects your Mac’s LAN IP for OLLAMA_BASE_URL. If you prefer a different interface or the auto-detect picks the wrong one, set OLLAMA_URL explicitly as shown above.

Networking and security

  • Apple container isolates containers in a lightweight VM; they cannot reach the host loopback (127.0.0.1). Configure Ollama to listen on your Mac’s LAN address.
  • In the Ollama app, enable “Expose Ollama to the network” (or run OLLAMA_HOST=0.0.0.0 ollama serve).
  • Exposing Ollama means other devices on your LAN may reach it. Use the macOS firewall to restrict access if needed.

Troubleshooting

  • No models in Open‑WebUI:
    • Ensure Ollama is exposed to the network (see above).
    • Prefer a numeric LAN IP over a .local hostname for OLLAMA_BASE_URL.
    • Find your IP: ipconfig getifaddr en0 (try en7 if needed).
    • Test connectivity: OLLAMA_URL=http://<IP>:11434 ./openwebui-apple-container.sh test.
    • Re-run with explicit IP: OLLAMA_URL=http://<IP>:11434 ./openwebui-apple-container.sh run.
    • In the WebUI, check Settings → Connections → Ollama base URL.

Read AppleContainerization.md for a short overview of Apple container, a sample manual container run command, and notes on current limitations and future outlook.