This project demonstrates a complete DevOps lifecycle for deploying OpenWebUI on Microsoft Azure — starting from infrastructure provisioning using Terraform, followed by configuration management, containerization, and fully automated CI/CD using Jenkins.
The setup reflects real-world production practices, not a demo or tutorial-only workflow.
Terraform → Azure VM
↓
Ansible → VM Configuration
↓
Docker → Application Container
↓
Jenkins → CI/CD Automation
↓
Docker Hub → Image Registry
↓
Azure VM → Production Deployment
Provision all Azure infrastructure from scratch using Terraform.
- Terraform
- Azure CLI
- Azure Resource Manager (ARM)
- Resource Group
- Virtual Network
- Subnet
- Network Security Group (NSG)
- Public IP
- Network Interface
- Linux Virtual Machine (Ubuntu 22.04)
- Infrastructure as Code (IaC)
- Idempotent deployments
- Declarative provisioning
-
Authenticate with Azure:
az login
-
Create a Service Principal for Terraform:
az ad sp create-for-rbac --role Contributor --scopes /subscriptions/<SUB_ID>
-
Export credentials:
export ARM_CLIENT_ID=... export ARM_CLIENT_SECRET=... export ARM_TENANT_ID=... export ARM_SUBSCRIPTION_ID=...
-
Initialize and apply Terraform:
terraform init terraform plan terraform apply
Result: ✅ Azure VM with public IP and secured networking.
Prepare the VM for automation and container workloads.
-
SSH into VM using key-based authentication
-
Verify ports:
22→ SSH80→ HTTP443→ HTTPS3000→ OpenWebUI8081→ Jenkins
Result: ✅ VM ready for configuration management.
Automate VM configuration and application setup.
- Package installation
- Docker installation
- Docker service management
- Environment file setup
- Persistent volume setup
- Container execution
- No agent required
- Repeatable and predictable
- Ideal for single-node servers
Result: ✅ OpenWebUI runs in Docker with persistent storage.
Run OpenWebUI as a containerized service.
-
Docker image: OpenWebUI (custom build later via CI)
-
Persistent data mounted at:
/opt/openwebui-data -
Environment variables stored securely on the VM
Result: ✅ Application survives restarts and redeployments.
Expose OpenWebUI securely over HTTPS.
- Domain mapped via DNS (A record → VM public IP)
- Nginx configured as reverse proxy
- SSL enabled (HTTPS)
Result: ✅ OpenWebUI accessible via custom domain over HTTPS.
Enable and manage multiple users securely.
- Admin and user separation
- Default model control
- System-level prompts enforced
- Users cannot override admin policies
Result: ✅ Controlled multi-user environment.
Achieve fully automated CI/CD on every production push.
Triggered on push to master branch.
Pipeline tasks:
- Clone GitHub repository
- Build Docker image
- Tag image (
latest) - Push image to Docker Hub
- Cleanup build cache
After CI succeeds:
- Jenkins SSHs into Azure VM
- Executes deployment script
- Pulls latest Docker image
- Replaces running container
- Rolls back automatically if failure occurs
Deployment script location:
/opt/openwebui/deploy.sh
- SSH key-based authentication only
known_hostsenforced (no insecure SSH flags)- Secrets stored outside GitHub
- Jenkins credentials stored securely
- No hardcoded tokens in pipeline
If deployment fails:
- Old container is preserved
- New container is removed
- Previous version is restored automatically
Result: ✅ No downtime, no manual intervention.
| Branch | Purpose | CI/CD |
|---|---|---|
dev |
Development | ❌ |
master |
Production | ✅ |
Only master triggers deployment.
- Terraform-based Azure provisioning
- Real CI/CD (not manual builds)
- Secure Jenkins automation
- Docker image lifecycle management
- Production rollback handling
- End-to-end DevOps ownership
- Blue-Green deployment
- Monitoring & alerts
- Secrets via Azure Key Vault
- AKS migration
Dharshan Kumar Built as a hands-on, production-focused DevOps implementation.