chore: fulfill default value in docker compose yaml (#5778)

docker/.env.example

@@ -76,7 +76,7 @@ DEPLOY_ENV=PRODUCTION
 
 # Whether to enable the version check policy.
 # If set to false, https://updates.dify.ai will not be called for version check.
-CHECK_UPDATE_URL=false
+CHECK_UPDATE_URL=true
 
 # Used to change the OpenAI base address, default is https://api.openai.com/v1.
 # When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
@@ -97,10 +97,10 @@ FILES_ACCESS_TIMEOUT=300
 # ------------------------------
 
 # API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
-DIFY_BIND_ADDRESS=
+DIFY_BIND_ADDRESS=0.0.0.0
 
 # API service binding port number, default 5001.
-DIFY_PORT=
+DIFY_PORT=5001
 
 # The number of API server workers, i.e., the number of gevent workers.
 # Formula: number of cpu cores x 2 + 1
@@ -210,7 +210,7 @@ AZURE_BLOB_ACCOUNT_URL=https://<your_account_name>.blob.core.windows.net
 
 # Google Storage Configuration
 # The name of the Google Storage bucket to use for storing files.
-GOOGLE_STORAGE_BUCKET_NAME=yout-bucket-name
+GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
 # The service account JSON key to use for authenticating with the Google Storage service.
 GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64=your-google-service-account-json-base64-string
 
@@ -308,7 +308,7 @@ RELYT_PASSWORD=difyai123456
 RELYT_DATABASE=postgres
 
 # open search configuration, only available when VECTOR_STORE is `opensearch`
-OPENSEARCH_HOST=127.0.0.1
+OPENSEARCH_HOST=opensearch
 OPENSEARCH_PORT=9200
 OPENSEARCH_USER=admin
 OPENSEARCH_PASSWORD=admin
@@ -361,16 +361,21 @@ UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
 # Used for application monitoring and error log tracking.
 # ------------------------------
 
-# Sentry DSN address, default is empty, when empty,
+# API Service Sentry DSN address, default is empty, when empty,
 # all monitoring information is not reported to Sentry.
 # If not set, Sentry error reporting will be disabled.
-SENTRY_DSN=
+API_SENTRY_DSN=
 
-# The reporting ratio of Sentry events, if it is 0.01, it is 1%.
-SENTRY_TRACES_SAMPLE_RATE=1.0
+# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%.
+API_SENTRY_TRACES_SAMPLE_RATE=1.0
 
-# The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
-SENTRY_PROFILES_SAMPLE_RATE=1.0
+# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
+API_SENTRY_PROFILES_SAMPLE_RATE=1.0
+
+# Web Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+WEB_SENTRY_DSN=
 
 # ------------------------------
 # Notion Integration Configuration
@@ -455,17 +460,17 @@ PGDATA=/var/lib/postgresql/data/pgdata
 # ------------------------------
 
 # The API key for the sandbox service
-API_KEY=dify-sandbox
+SANDBOX_API_KEY=dify-sandbox
 # The mode in which the Gin framework runs
-GIN_MODE=release
+SANDBOX_GIN_MODE=release
 # The timeout for the worker in seconds
-WORKER_TIMEOUT=15
+SANDBOX_WORKER_TIMEOUT=15
 # Enable network for the sandbox service
-ENABLE_NETWORK=true
+SANDBOX_ENABLE_NETWORK=true
 # HTTP proxy URL for SSRF protection
-HTTP_PROXY=http://ssrf_proxy:3128
+SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
 # HTTPS proxy URL for SSRF protection
-HTTPS_PROXY=http://ssrf_proxy:3128
+SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
 # The port on which the sandbox service runs
 SANDBOX_PORT=8194
 
@@ -479,16 +484,16 @@ QDRANT_API_KEY=difyai123456
 # Environment Variables for weaviate Service
 # (only used when VECTOR_STORE is weaviate)
 # ------------------------------
-PERSISTENCE_DATA_PATH='/var/lib/weaviate'
-QUERY_DEFAULTS_LIMIT=25
-AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
-DEFAULT_VECTORIZER_MODULE=none
-CLUSTER_HOSTNAME=node1
-AUTHENTICATION_APIKEY_ENABLED=true
-AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
-AUTHENTICATION_APIKEY_USERS=hello@dify.ai
-AUTHORIZATION_ADMINLIST_ENABLED=true
-AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
+WEAVIATE_PERSISTENCE_DATA_PATH='/var/lib/weaviate'
+WEAVIATE_QUERY_DEFAULTS_LIMIT=25
+WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
+WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
+WEAVIATE_CLUSTER_HOSTNAME=node1
+WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
+WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
+WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
+WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
 
 # ------------------------------
 # Environment Variables for Chroma
@@ -500,7 +505,7 @@ CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456
 # Authentication provider for Chroma server
 CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
 # Persistence setting for Chroma server
-IS_PERSISTENT=TRUE
+CHROMA_IS_PERSISTENT=TRUE
 
 # ------------------------------
 # Environment Variables for Oracle Service
@@ -562,7 +567,7 @@ OPENSEARCH_NOFILE_HARD=65536
 # Environment Variables for Nginx reverse proxy
 # ------------------------------
 NGINX_SERVER_NAME=_
-HTTPS_ENABLED=false
+NGINX_HTTPS_ENABLED=false
 # HTTP port
 NGINX_PORT=80
 # SSL settings are only applied when HTTPS_ENABLED is true
@@ -586,9 +591,9 @@ NGINX_PROXY_SEND_TIMEOUT=3600s
 # Environment Variables for SSRF Proxy
 # ------------------------------
 SSRF_HTTP_PORT=3128
-COREDUMP_DIR=/var/spool/squid
-REVERSE_PROXY_PORT=8194
-SANDBOX_HOST=sandbox
+SSRF_COREDUMP_DIR=/var/spool/squid
+SSRF_REVERSE_PROXY_PORT=8194
+SSRF_SANDBOX_HOST=sandbox
 
 # ------------------------------
 # docker env var for specifying vector db type at startup

docker/docker-compose.yaml

@@ -6,36 +6,36 @@ x-shared-env: &shared-api-worker-env
   # Flask debug mode, it can output trace information at the interface when turned on, which is convenient for debugging.
   FLASK_DEBUG: ${FLASK_DEBUG:-false}
   # A secretkey that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`.
-  SECRET_KEY: ${SECRET_KEY}
+  SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
   # Password for admin user initialization.
   # If left unset, admin user will not be prompted for a password when creating the initial admin account.
-  INIT_PASSWORD: ${INIT_PASSWORD}
+  INIT_PASSWORD: ${INIT_PASSWORD:-}
   # The base URL of console application web frontend, refers to the Console base URL of WEB service if console domain is
   # different from api or web app domain.
   # example: http://cloud.dify.ai
-  CONSOLE_WEB_URL: ${CONSOLE_WEB_URL}
+  CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
   # The base URL of console application api server, refers to the Console base URL of WEB service if console domain is
   # different from api or web app domain.
   # example: http://cloud.dify.ai
-  CONSOLE_API_URL: ${CONSOLE_API_URL}
+  CONSOLE_API_URL: ${CONSOLE_API_URL:-}
   # The URL prefix for Service API endpoints, refers to the base URL of the current API service if api domain is
   # different from console domain.
   # example: http://api.dify.ai
-  SERVICE_API_URL: ${SERVICE_API_URL}
+  SERVICE_API_URL: ${SERVICE_API_URL:-}
   # The URL prefix for Web APP frontend, refers to the Web App base URL of WEB service if web app domain is different from
   # console or api domain.
   # example: http://udify.app
-  APP_WEB_URL: ${APP_WEB_URL}
+  APP_WEB_URL: ${APP_WEB_URL:-}
   # Whether to enable the version check policy. If set to false, https://updates.dify.ai will not be called for version check.
-  CHECK_UPDATE_URL: ${CHECK_UPDATE_URL}
+  CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-true}
   # Used to change the OpenAI base address, default is https://api.openai.com/v1.
   # When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
   # or when a local model provides OpenAI compatible API, it can be replaced.
-  OPENAI_API_BASE: ${OPENAI_API_BASE}
+  OPENAI_API_BASE: ${OPENAI_API_BASE:-}
   # File preview or download Url prefix.
   # used to display File preview or download Url to the front-end or as Multi-model inputs;
   # Url is signed and has expiration time.
-  FILES_URL: ${FILES_URL}
+  FILES_URL: ${FILES_URL:-}
   # File Access Time specifies a time interval in seconds for the file to be accessed.
   # The default value is 300 seconds.
   FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
@@ -47,207 +47,207 @@ x-shared-env: &shared-api-worker-env
   # indicating that this environment is a testing environment.
   DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
   # API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
-  DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS}
+  DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
   # API service binding port number, default 5001.
-  DIFY_PORT: ${DIFY_PORT}
+  DIFY_PORT: ${DIFY_PORT:-5001}
   # The number of API server workers, i.e., the number of gevent workers.
   # Formula: number of cpu cores x 2 + 1
   # Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
-  SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT}
+  SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-}
   # Defaults to gevent. If using windows, it can be switched to sync or solo.
-  SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS}
+  SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-}
   # Similar to SERVER_WORKER_CLASS. Default is gevent.
   # If using windows, it can be switched to sync or solo.
-  CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS}
+  CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
   # Request handling timeout. The default is 200,
   # it is recommended to set it to 360 to support a longer sse connection time.
-  GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT}
+  GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
   # The number of Celery workers. The default is 1, and can be set as needed.
-  CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT}
+  CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
   # The configurations of postgres database connection.
   # It is consistent with the configuration in the 'db' service below.
-  DB_USERNAME: ${DB_USERNAME}
-  DB_PASSWORD: ${DB_PASSWORD}
-  DB_HOST: ${DB_HOST}
-  DB_PORT: ${DB_PORT}
-  DB_DATABASE: ${DB_DATABASE}
+  DB_USERNAME: ${DB_USERNAME:-postgres}
+  DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+  DB_HOST: ${DB_HOST:-db}
+  DB_PORT: ${DB_PORT:-5432}
+  DB_DATABASE: ${DB_DATABASE:-dify}
   # The size of the database connection pool.
   # The default is 30 connections, which can be appropriately increased.
-  SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE}
+  SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
   # Database connection pool recycling time, the default is 3600 seconds.
-  SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE}
+  SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
   # Whether to print SQL, default is false.
-  SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO}
+  SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
   # The configurations of redis connection.
   # It is consistent with the configuration in the 'redis' service below.
-  REDIS_HOST: ${REDIS_HOST}
+  REDIS_HOST: ${REDIS_HOST:-redis}
   REDIS_PORT: ${REDIS_PORT:-6379}
-  REDIS_USERNAME: ${REDIS_USERNAME}
-  REDIS_PASSWORD: ${REDIS_PASSWORD}
-  REDIS_USE_SSL: ${REDIS_USE_SSL}
+  REDIS_USERNAME: ${REDIS_USERNAME:-}
+  REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+  REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
   # Redis Database, default is 0. Please use a different Database from Session Redis and Celery Broker.
   REDIS_DB: 0
   # The configurations of celery broker.
   # Use redis as the broker, and redis db 1 for celery broker.
-  CELERY_BROKER_URL: ${CELERY_BROKER_URL}
-  BROKER_USE_SSL: ${BROKER_USE_SSL}
+  CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+  BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
   # Specifies the allowed origins for cross-origin requests to the Web API, e.g. https://dify.app or * for all origins.
-  WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS}
+  WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
   # Specifies the allowed origins for cross-origin requests to the console API, e.g. https://cloud.dify.ai or * for all origins.
-  CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS}
+  CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
   # The type of storage to use for storing user files. Supported values are `local` and `s3` and `azure-blob` and `google-storage`, Default: `local`
-  STORAGE_TYPE: ${STORAGE_TYPE}
+  STORAGE_TYPE: ${STORAGE_TYPE:-local}
   # The path to the local storage directory, the directory relative the root path of API service codes or absolute path. Default: `storage` or `/home/john/storage`.
   # only available when STORAGE_TYPE is `local`.
   STORAGE_LOCAL_PATH: storage
   # The S3 storage configurations, only available when STORAGE_TYPE is `s3`.
-  S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM}
-  S3_ENDPOINT: ${S3_ENDPOINT}
-  S3_BUCKET_NAME: ${S3_BUCKET_NAME}
-  S3_ACCESS_KEY: ${S3_ACCESS_KEY}
-  S3_SECRET_KEY: ${S3_SECRET_KEY}
-  S3_REGION: ${S3_REGION}
+  S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+  S3_ENDPOINT: ${S3_ENDPOINT:-}
+  S3_BUCKET_NAME: ${S3_BUCKET_NAME:-}
+  S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+  S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+  S3_REGION: ${S3_REGION:-us-east-1}
   # The Azure Blob storage configurations, only available when STORAGE_TYPE is `azure-blob`.
-  AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME}
-  AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY}
-  AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME}
-  AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL}
+  AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-}
+  AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-}
+  AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-}
+  AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-}
   # The Google storage configurations, only available when STORAGE_TYPE is `google-storage`.
-  GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME}
+  GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-}
   # if you want to use Application Default Credentials, you can leave GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 empty.
-  GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64}
+  GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
   # The Alibaba Cloud OSS configurations, only available when STORAGE_TYPE is `aliyun-oss`
-  ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME}
-  ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY}
-  ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY}
-  ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT}
-  ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION}
-  ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION}
+  ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-}
+  ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-}
+  ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-}
+  ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-}
+  ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-}
+  ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
   # The Tencent COS storage configurations, only available when STORAGE_TYPE is `tencent-cos`.
-  TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME}
-  TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY}
-  TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID}
-  TENCENT_COS_REGION: ${TENCENT_COS_REGION}
-  TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME}
+  TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-}
+  TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-}
+  TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-}
+  TENCENT_COS_REGION: ${TENCENT_COS_REGION:-}
+  TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-}
   # The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`, `pgvector`, `chroma`, 'opensearch', 'tidb_vector'.
-  VECTOR_STORE: ${VECTOR_STORE}
+  VECTOR_STORE: ${VECTOR_STORE:-weaviate}
   # The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
-  WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT}
+  WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
   # The Weaviate API key.
-  WEAVIATE_API_KEY: ${WEAVIATE_API_KEY}
+  WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
   # The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
-  QDRANT_URL: ${QDRANT_URL}
+  QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
   # The Qdrant API key.
-  QDRANT_API_KEY: ${QDRANT_API_KEY}
+  QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
   # The Qdrant client timeout setting.
-  QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT}
+  QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
   # The Qdrant client enable gRPC mode.
-  QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED}
+  QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
   # The Qdrant server gRPC mode PORT.
-  QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT}
+  QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
   # Milvus configuration Only available when VECTOR_STORE is `milvus`.
   # The milvus host.
-  MILVUS_HOST: ${MILVUS_HOST}
+  MILVUS_HOST: ${MILVUS_HOST:-127.0.0.1}
   # The milvus host.
-  MILVUS_PORT: ${MILVUS_PORT}
+  MILVUS_PORT: ${MILVUS_PORT:-19530}
   # The milvus username.
-  MILVUS_USER: ${MILVUS_USER}
+  MILVUS_USER: ${MILVUS_USER:-root}
   # The milvus password.
-  MILVUS_PASSWORD: ${MILVUS_PASSWORD}
+  MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
   # The milvus tls switch.
-  MILVUS_SECURE: ${MILVUS_SECURE}
+  MILVUS_SECURE: ${MILVUS_SECURE:-false}
   # relyt configurations
-  RELYT_HOST: ${RELYT_HOST}
-  RELYT_PORT: ${RELYT_PORT}
-  RELYT_USER: ${RELYT_USER}
-  RELYT_PASSWORD: ${RELYT_PASSWORD}
-  RELYT_DATABASE: ${RELYT_DATABASE}
+  RELYT_HOST: ${RELYT_HOST:-db}
+  RELYT_PORT: ${RELYT_PORT:-5432}
+  RELYT_USER: ${RELYT_USER:-postgres}
+  RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+  RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
   # pgvector configurations
-  PGVECTOR_HOST: ${PGVECTOR_HOST}
-  PGVECTOR_PORT: ${PGVECTOR_PORT}
-  PGVECTOR_USER: ${PGVECTOR_USER}
-  PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD}
-  PGVECTOR_DATABASE: ${PGVECTOR_DATABASE}
+  PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+  PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+  PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+  PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+  PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
   # tidb vector configurations
-  TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST}
-  TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT}
-  TIDB_VECTOR_USER: ${TIDB_VECTOR_USER}
-  TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD}
-  TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE}
+  TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+  TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+  TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+  TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+  TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
   # oracle configurations
-  ORACLE_HOST: ${ORACLE_HOST}
-  ORACLE_PORT: ${ORACLE_PORT}
-  ORACLE_USER: ${ORACLE_USER}
-  ORACLE_PASSWORD: ${ORACLE_PASSWORD}
-  ORACLE_DATABASE: ${ORACLE_DATABASE}
+  ORACLE_HOST: ${ORACLE_HOST:-oracle}
+  ORACLE_PORT: ${ORACLE_PORT:-1521}
+  ORACLE_USER: ${ORACLE_USER:-dify}
+  ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+  ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
   # Chroma configuration
-  CHROMA_HOST: ${CHROMA_HOST}
-  CHROMA_PORT: ${CHROMA_PORT}
-  CHROMA_TENANT: ${CHROMA_TENANT}
-  CHROMA_DATABASE: ${CHROMA_DATABASE}
-  CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER}
-  CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS}
+  CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+  CHROMA_PORT: ${CHROMA_PORT:-8000}
+  CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+  CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+  CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+  CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
   # OpenSearch configuration
-  OPENSEARCH_HOST: ${OPENSEARCH_HOST}
-  OPENSEARCH_PORT: ${OPENSEARCH_PORT}
-  OPENSEARCH_USER: ${OPENSEARCH_USER}
-  OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD}
-  OPENSEARCH_SECURE: ${OPENSEARCH_SECURE}
+  OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+  OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+  OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+  OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+  OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
   # tencent configurations
-  TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL}
-  TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY}
-  TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT}
-  TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME}
-  TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE}
-  TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD}
-  TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS}
+  TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+  TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+  TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+  TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+  TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+  TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+  TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
   # Knowledge Configuration
   # Upload file size limit, default 15M.
-  UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT}
+  UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
   # The maximum number of files that can be uploaded at a time, default 5.
-  UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT}
+  UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
   # `dify` Dify's proprietary file extraction scheme
   # `Unstructured` Unstructured.io file extraction scheme
-  ETL_TYPE: ${ETL_TYPE}
+  ETL_TYPE: ${ETL_TYPE:-dify}
   # Unstructured API path, needs to be configured when ETL_TYPE is Unstructured.
-  UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL}
+  UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
   # Multi-modal Configuration
   # The format of the image sent when the multi-modal model is input, the default is base64, optional url.
-  MULTIMODAL_SEND_IMAGE_FORMAT: ${MULTIMODAL_SEND_IMAGE_FORMAT}
+  MULTIMODAL_SEND_IMAGE_FORMAT: ${MULTIMODAL_SEND_IMAGE_FORMAT:-base64}
   # Upload image file size limit, default 10M.
-  UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT}
+  UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
   # The DSN for Sentry error reporting. If not set, Sentry error reporting will be disabled.
-  SENTRY_DSN: ${SENTRY_DSN}
+  SENTRY_DSN: ${API_SENTRY_DSN:-}
   # The sample rate for Sentry events. Default: `1.0`
-  SENTRY_TRACES_SAMPLE_RATE: ${SENTRY_TRACES_SAMPLE_RATE}
+  SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
   # The sample rate for Sentry profiles. Default: `1.0`
-  SENTRY_PROFILES_SAMPLE_RATE: ${SENTRY_PROFILES_SAMPLE_RATE}
+  SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
   # Notion import configuration, support public and internal
-  NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE}
-  NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET}
-  NOTION_CLIENT_ID: ${NOTION_CLIENT_ID}
-  NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET}
+  NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+  NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+  NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+  NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
   # Mail configuration, support: resend, smtp
-  MAIL_TYPE: ${MAIL_TYPE}
+  MAIL_TYPE: ${MAIL_TYPE:-resend}
   # default send from email address, if not specified
-  MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM}
-  SMTP_SERVER: ${SMTP_SERVER}
+  MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+  SMTP_SERVER: ${SMTP_SERVER:-}
   SMTP_PORT: ${SMTP_PORT:-465}
-  SMTP_USERNAME: ${SMTP_USERNAME}
-  SMTP_PASSWORD: ${SMTP_PASSWORD}
-  SMTP_USE_TLS: ${SMTP_USE_TLS}
-  SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS}
+  SMTP_USERNAME: ${SMTP_USERNAME:-}
+  SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+  SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+  SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
   # the api-key for resend (https://resend.com)
-  RESEND_API_KEY: ${RESEND_API_KEY}
+  RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
   RESEND_API_URL: https://api.resend.com
   # Indexing configuration
-  INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH}
+  INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-1000}
   # Other configurations
-  INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS}
+  INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
   CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
   CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
   CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
-  CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:- -9223372036854775808}
+  CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
   CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
   TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
   CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
@@ -303,7 +303,7 @@ services:
     environment:
       CONSOLE_API_URL: ${CONSOLE_API_URL:-}
       APP_API_URL: ${APP_API_URL:-}
-      SENTRY_DSN: ${SENTRY_DSN:-}
+      SENTRY_DSN: ${WEB_SENTRY_DSN:-}
 
   # The postgres database.
   db:
@@ -342,12 +342,12 @@ services:
       # The DifySandbox configurations
       # Make sure you are changing this key for your deployment with a strong key.
       # You can generate a strong key using `openssl rand -base64 42`.
-      API_KEY: ${API_KEY:-dify-sandbox}
-      GIN_MODE: ${GIN_MODE:-release}
-      WORKER_TIMEOUT: ${WORKER_TIMEOUT:-15}
-      ENABLE_NETWORK: ${ENABLE_NETWORK:-true}
-      HTTP_PROXY: ${HTTP_PROXY:-http://ssrf_proxy:3128}
-      HTTPS_PROXY: ${HTTPS_PROXY:-http://ssrf_proxy:3128}
+      API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+      GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+      WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+      ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+      HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+      HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
       SANDBOX_PORT: ${SANDBOX_PORT:-8194}
     volumes:
       - ./volumes/sandbox/dependencies:/dependencies
@@ -367,9 +367,9 @@ services:
     environment:
       # pls clearly modify the squid env vars to fit your network environment.
       HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
-      COREDUMP_DIR: ${COREDUMP_DIR:-/var/spool/squid}
-      REVERSE_PROXY_PORT: ${REVERSE_PROXY_PORT:-8194}
-      SANDBOX_HOST: ${SANDBOX_HOST:-sandbox}
+      COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+      REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+      SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
       SANDBOX_PORT: ${SANDBOX_PORT:-8194}
     networks:
       - ssrf_proxy_network
@@ -389,7 +389,7 @@ services:
     entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
     environment:
       NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
-      HTTPS_ENABLED: ${HTTPS_ENABLED:-false}
+      HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
       NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
       # You're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
       # and modify the env vars below in .env if HTTPS_ENABLED is true.
@@ -420,16 +420,16 @@ services:
     environment:
       # The Weaviate configurations
       # You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
-      PERSISTENCE_DATA_PATH: ${PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
-      QUERY_DEFAULTS_LIMIT: ${QUERY_DEFAULTS_LIMIT:-25}
-      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
-      DEFAULT_VECTORIZER_MODULE: ${DEFAULT_VECTORIZER_MODULE:-none}
-      CLUSTER_HOSTNAME: ${CLUSTER_HOSTNAME:-node1}
-      AUTHENTICATION_APIKEY_ENABLED: ${AUTHENTICATION_APIKEY_ENABLED:-true}
-      AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
-      AUTHENTICATION_APIKEY_USERS: ${AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
-      AUTHORIZATION_ADMINLIST_ENABLED: ${AUTHORIZATION_ADMINLIST_ENABLED:-true}
-      AUTHORIZATION_ADMINLIST_USERS: ${AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+      PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+      QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
+      DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+      CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+      AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+      AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+      AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+      AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+      AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
 
   # Qdrant vector store.
   # (if used, you need to set VECTOR_STORE to qdrant in the api & worker service.)
@@ -472,13 +472,13 @@ services:
       - pgvecto-rs
     restart: always
     environment:
-      PGUSER: ${PGUSER:-postgres}
+      PGUSER: ${PGVECTOR_PGUSER:-postgres}
       # The password for the default postgres user.
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
+      POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
       # The name of the default postgres database.
-      POSTGRES_DB: ${POSTGRES_DB:-dify}
+      POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
       # postgres data directory
-      PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+      PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
     volumes:
       - ./volumes/pgvecto_rs/data:/var/lib/postgresql/data
     healthcheck:
@@ -498,7 +498,7 @@ services:
     environment:
       CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
       CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
-      IS_PERSISTENT: ${IS_PERSISTENT:-TRUE}
+      IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
 
   oracle:
     image: container-registry.oracle.com/database/free:latest