docker-compose.yaml 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630
  1. x-shared-env: &shared-api-worker-env
  2. # The log level for the application. Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
  3. LOG_LEVEL: ${LOG_LEVEL:-INFO}
  4. # Debug mode, default is false. It is recommended to turn on this configuration for local development to prevent some problems caused by monkey patch.
  5. DEBUG: ${DEBUG:-false}
  6. # Flask debug mode, it can output trace information at the interface when turned on, which is convenient for debugging.
  7. FLASK_DEBUG: ${FLASK_DEBUG:-false}
  8. # A secretkey that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`.
  9. SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
  10. # Password for admin user initialization.
  11. # If left unset, admin user will not be prompted for a password when creating the initial admin account.
  12. INIT_PASSWORD: ${INIT_PASSWORD:-}
  13. # The base URL of console application web frontend, refers to the Console base URL of WEB service if console domain is
  14. # different from api or web app domain.
  15. # example: http://cloud.dify.ai
  16. CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
  17. # The base URL of console application api server, refers to the Console base URL of WEB service if console domain is
  18. # different from api or web app domain.
  19. # example: http://cloud.dify.ai
  20. CONSOLE_API_URL: ${CONSOLE_API_URL:-}
  21. # The URL prefix for Service API endpoints, refers to the base URL of the current API service if api domain is
  22. # different from console domain.
  23. # example: http://api.dify.ai
  24. SERVICE_API_URL: ${SERVICE_API_URL:-}
  25. # The URL prefix for Web APP frontend, refers to the Web App base URL of WEB service if web app domain is different from
  26. # console or api domain.
  27. # example: http://udify.app
  28. APP_WEB_URL: ${APP_WEB_URL:-}
  29. # Whether to enable the version check policy. If set to false, https://updates.dify.ai will not be called for version check.
  30. CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-true}
  31. # Used to change the OpenAI base address, default is https://api.openai.com/v1.
  32. # When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
  33. # or when a local model provides OpenAI compatible API, it can be replaced.
  34. OPENAI_API_BASE: ${OPENAI_API_BASE:-}
  35. # File preview or download Url prefix.
  36. # used to display File preview or download Url to the front-end or as Multi-model inputs;
  37. # Url is signed and has expiration time.
  38. FILES_URL: ${FILES_URL:-}
  39. # File Access Time specifies a time interval in seconds for the file to be accessed.
  40. # The default value is 300 seconds.
  41. FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
  42. # When enabled, migrations will be executed prior to application startup and the application will start after the migrations have completed.
  43. MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
  44. # Deployment environment.
  45. # Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`.
  46. # Testing environment. There will be a distinct color label on the front-end page,
  47. # indicating that this environment is a testing environment.
  48. DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
  49. # API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
  50. DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
  51. # API service binding port number, default 5001.
  52. DIFY_PORT: ${DIFY_PORT:-5001}
  53. # The number of API server workers, i.e., the number of gevent workers.
  54. # Formula: number of cpu cores x 2 + 1
  55. # Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
  56. SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-}
  57. # Defaults to gevent. If using windows, it can be switched to sync or solo.
  58. SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-}
  59. # Similar to SERVER_WORKER_CLASS. Default is gevent.
  60. # If using windows, it can be switched to sync or solo.
  61. CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
  62. # Request handling timeout. The default is 200,
  63. # it is recommended to set it to 360 to support a longer sse connection time.
  64. GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
  65. # The number of Celery workers. The default is 1, and can be set as needed.
  66. CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
  67. # The configurations of postgres database connection.
  68. # It is consistent with the configuration in the 'db' service below.
  69. DB_USERNAME: ${DB_USERNAME:-postgres}
  70. DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
  71. DB_HOST: ${DB_HOST:-db}
  72. DB_PORT: ${DB_PORT:-5432}
  73. DB_DATABASE: ${DB_DATABASE:-dify}
  74. # The size of the database connection pool.
  75. # The default is 30 connections, which can be appropriately increased.
  76. SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
  77. # Database connection pool recycling time, the default is 3600 seconds.
  78. SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
  79. # Whether to print SQL, default is false.
  80. SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
  81. # The configurations of redis connection.
  82. # It is consistent with the configuration in the 'redis' service below.
  83. REDIS_HOST: ${REDIS_HOST:-redis}
  84. REDIS_PORT: ${REDIS_PORT:-6379}
  85. REDIS_USERNAME: ${REDIS_USERNAME:-}
  86. REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
  87. REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
  88. # Redis Database, default is 0. Please use a different Database from Session Redis and Celery Broker.
  89. REDIS_DB: 0
  90. # The configurations of celery broker.
  91. # Use redis as the broker, and redis db 1 for celery broker.
  92. CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
  93. BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
  94. # Specifies the allowed origins for cross-origin requests to the Web API, e.g. https://dify.app or * for all origins.
  95. WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
  96. # Specifies the allowed origins for cross-origin requests to the console API, e.g. https://cloud.dify.ai or * for all origins.
  97. CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
  98. # The type of storage to use for storing user files. Supported values are `local` and `s3` and `azure-blob` and `google-storage`, Default: `local`
  99. STORAGE_TYPE: ${STORAGE_TYPE:-local}
  100. # The path to the local storage directory, the directory relative the root path of API service codes or absolute path. Default: `storage` or `/home/john/storage`.
  101. # only available when STORAGE_TYPE is `local`.
  102. STORAGE_LOCAL_PATH: storage
  103. # The S3 storage configurations, only available when STORAGE_TYPE is `s3`.
  104. S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
  105. S3_ENDPOINT: ${S3_ENDPOINT:-}
  106. S3_BUCKET_NAME: ${S3_BUCKET_NAME:-}
  107. S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
  108. S3_SECRET_KEY: ${S3_SECRET_KEY:-}
  109. S3_REGION: ${S3_REGION:-us-east-1}
  110. # The Azure Blob storage configurations, only available when STORAGE_TYPE is `azure-blob`.
  111. AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-}
  112. AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-}
  113. AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-}
  114. AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-}
  115. # The Google storage configurations, only available when STORAGE_TYPE is `google-storage`.
  116. GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-}
  117. # if you want to use Application Default Credentials, you can leave GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 empty.
  118. GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
  119. # The Alibaba Cloud OSS configurations, only available when STORAGE_TYPE is `aliyun-oss`
  120. ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-}
  121. ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-}
  122. ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-}
  123. ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-}
  124. ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-}
  125. ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
  126. # The Tencent COS storage configurations, only available when STORAGE_TYPE is `tencent-cos`.
  127. TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-}
  128. TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-}
  129. TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-}
  130. TENCENT_COS_REGION: ${TENCENT_COS_REGION:-}
  131. TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-}
  132. # The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`, `pgvector`, `chroma`, 'opensearch', 'tidb_vector'.
  133. VECTOR_STORE: ${VECTOR_STORE:-weaviate}
  134. # The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
  135. WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
  136. # The Weaviate API key.
  137. WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
  138. # The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
  139. QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
  140. # The Qdrant API key.
  141. QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
  142. # The Qdrant client timeout setting.
  143. QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
  144. # The Qdrant client enable gRPC mode.
  145. QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
  146. # The Qdrant server gRPC mode PORT.
  147. QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
  148. # Milvus configuration Only available when VECTOR_STORE is `milvus`.
  149. # The milvus host.
  150. MILVUS_HOST: ${MILVUS_HOST:-127.0.0.1}
  151. # The milvus host.
  152. MILVUS_PORT: ${MILVUS_PORT:-19530}
  153. # The milvus username.
  154. MILVUS_USER: ${MILVUS_USER:-root}
  155. # The milvus password.
  156. MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
  157. # The milvus tls switch.
  158. MILVUS_SECURE: ${MILVUS_SECURE:-false}
  159. # relyt configurations
  160. RELYT_HOST: ${RELYT_HOST:-db}
  161. RELYT_PORT: ${RELYT_PORT:-5432}
  162. RELYT_USER: ${RELYT_USER:-postgres}
  163. RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
  164. RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
  165. # pgvector configurations
  166. PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
  167. PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
  168. PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
  169. PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
  170. PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
  171. # tidb vector configurations
  172. TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
  173. TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
  174. TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
  175. TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
  176. TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
  177. # oracle configurations
  178. ORACLE_HOST: ${ORACLE_HOST:-oracle}
  179. ORACLE_PORT: ${ORACLE_PORT:-1521}
  180. ORACLE_USER: ${ORACLE_USER:-dify}
  181. ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
  182. ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
  183. # Chroma configuration
  184. CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
  185. CHROMA_PORT: ${CHROMA_PORT:-8000}
  186. CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
  187. CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
  188. CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
  189. CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
  190. # OpenSearch configuration
  191. OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
  192. OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
  193. OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
  194. OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
  195. OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
  196. # tencent configurations
  197. TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
  198. TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
  199. TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
  200. TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
  201. TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
  202. TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
  203. TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
  204. # Knowledge Configuration
  205. # Upload file size limit, default 15M.
  206. UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
  207. # The maximum number of files that can be uploaded at a time, default 5.
  208. UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
  209. # `dify` Dify's proprietary file extraction scheme
  210. # `Unstructured` Unstructured.io file extraction scheme
  211. ETL_TYPE: ${ETL_TYPE:-dify}
  212. # Unstructured API path, needs to be configured when ETL_TYPE is Unstructured.
  213. UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
  214. # Multi-modal Configuration
  215. # The format of the image sent when the multi-modal model is input, the default is base64, optional url.
  216. MULTIMODAL_SEND_IMAGE_FORMAT: ${MULTIMODAL_SEND_IMAGE_FORMAT:-base64}
  217. # Upload image file size limit, default 10M.
  218. UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
  219. # The DSN for Sentry error reporting. If not set, Sentry error reporting will be disabled.
  220. SENTRY_DSN: ${API_SENTRY_DSN:-}
  221. # The sample rate for Sentry events. Default: `1.0`
  222. SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
  223. # The sample rate for Sentry profiles. Default: `1.0`
  224. SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
  225. # Notion import configuration, support public and internal
  226. NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
  227. NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
  228. NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
  229. NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
  230. # Mail configuration, support: resend, smtp
  231. MAIL_TYPE: ${MAIL_TYPE:-resend}
  232. # default send from email address, if not specified
  233. MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
  234. SMTP_SERVER: ${SMTP_SERVER:-}
  235. SMTP_PORT: ${SMTP_PORT:-465}
  236. SMTP_USERNAME: ${SMTP_USERNAME:-}
  237. SMTP_PASSWORD: ${SMTP_PASSWORD:-}
  238. SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
  239. SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
  240. # the api-key for resend (https://resend.com)
  241. RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
  242. RESEND_API_URL: https://api.resend.com
  243. # Indexing configuration
  244. INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-1000}
  245. # Other configurations
  246. INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
  247. CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
  248. CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
  249. CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
  250. CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
  251. CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
  252. TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
  253. CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
  254. CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
  255. CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
  256. SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-'http://ssrf_proxy:3128'}
  257. SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-'http://ssrf_proxy:3128'}
  258. services:
  259. # API service
  260. api:
  261. image: langgenius/dify-api:0.6.12-fix1
  262. restart: always
  263. environment:
  264. # Use the shared environment variables.
  265. <<: *shared-api-worker-env
  266. # Startup mode, 'api' starts the API server.
  267. MODE: api
  268. depends_on:
  269. - db
  270. - redis
  271. volumes:
  272. # Mount the storage directory to the container, for storing user files.
  273. - ./volumes/app/storage:/app/api/storage
  274. networks:
  275. - ssrf_proxy_network
  276. - default
  277. # worker service
  278. # The Celery worker for processing the queue.
  279. worker:
  280. image: langgenius/dify-api:0.6.12-fix1
  281. restart: always
  282. environment:
  283. # Use the shared environment variables.
  284. <<: *shared-api-worker-env
  285. # Startup mode, 'worker' starts the Celery worker for processing the queue.
  286. MODE: worker
  287. depends_on:
  288. - db
  289. - redis
  290. volumes:
  291. # Mount the storage directory to the container, for storing user files.
  292. - ./volumes/app/storage:/app/api/storage
  293. networks:
  294. - ssrf_proxy_network
  295. - default
  296. # Frontend web application.
  297. web:
  298. image: langgenius/dify-web:0.6.12-fix1
  299. restart: always
  300. environment:
  301. CONSOLE_API_URL: ${CONSOLE_API_URL:-}
  302. APP_API_URL: ${APP_API_URL:-}
  303. SENTRY_DSN: ${WEB_SENTRY_DSN:-}
  304. # The postgres database.
  305. db:
  306. image: postgres:15-alpine
  307. restart: always
  308. environment:
  309. PGUSER: ${PGUSER:-postgres}
  310. POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
  311. POSTGRES_DB: ${POSTGRES_DB:-dify}
  312. PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
  313. volumes:
  314. - ./volumes/db/data:/var/lib/postgresql/data
  315. healthcheck:
  316. test: [ "CMD", "pg_isready" ]
  317. interval: 1s
  318. timeout: 3s
  319. retries: 30
  320. # The redis cache.
  321. redis:
  322. image: redis:6-alpine
  323. restart: always
  324. volumes:
  325. # Mount the redis data directory to the container.
  326. - ./volumes/redis/data:/data
  327. # Set the redis password when startup redis server.
  328. command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456}
  329. healthcheck:
  330. test: [ "CMD", "redis-cli", "ping" ]
  331. # The DifySandbox
  332. sandbox:
  333. image: langgenius/dify-sandbox:0.2.1
  334. restart: always
  335. environment:
  336. # The DifySandbox configurations
  337. # Make sure you are changing this key for your deployment with a strong key.
  338. # You can generate a strong key using `openssl rand -base64 42`.
  339. API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
  340. GIN_MODE: ${SANDBOX_GIN_MODE:-release}
  341. WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
  342. ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
  343. HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
  344. HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
  345. SANDBOX_PORT: ${SANDBOX_PORT:-8194}
  346. volumes:
  347. - ./volumes/sandbox/dependencies:/dependencies
  348. networks:
  349. - ssrf_proxy_network
  350. # ssrf_proxy server
  351. # for more information, please refer to
  352. # https://docs.dify.ai/getting-started/install-self-hosted/install-faq#id-16.-why-is-ssrf_proxy-needed
  353. ssrf_proxy:
  354. image: ubuntu/squid:latest
  355. restart: always
  356. volumes:
  357. - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
  358. - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
  359. entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
  360. environment:
  361. # pls clearly modify the squid env vars to fit your network environment.
  362. HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
  363. COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
  364. REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
  365. SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
  366. SANDBOX_PORT: ${SANDBOX_PORT:-8194}
  367. networks:
  368. - ssrf_proxy_network
  369. - default
  370. # The nginx reverse proxy.
  371. # used for reverse proxying the API service and Web service.
  372. nginx:
  373. image: nginx:latest
  374. restart: always
  375. volumes:
  376. - ./nginx/nginx.conf.template:/etc/nginx/nginx.conf.template
  377. - ./nginx/proxy.conf.template:/etc/nginx/proxy.conf.template
  378. - ./nginx/conf.d:/etc/nginx/conf.d
  379. - ./nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh
  380. - ./nginx/ssl:/etc/ssl
  381. entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
  382. environment:
  383. NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
  384. HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
  385. NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
  386. # You're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
  387. # and modify the env vars below in .env if HTTPS_ENABLED is true.
  388. NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
  389. NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
  390. NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
  391. NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
  392. NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
  393. NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
  394. NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
  395. NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
  396. depends_on:
  397. - api
  398. - web
  399. ports:
  400. - "${EXPOSE_NGINX_PORT:-80}:80"
  401. - "${EXPOSE_NGINX_SSL_PORT:-443}:443"
  402. # The Weaviate vector store.
  403. weaviate:
  404. image: semitechnologies/weaviate:1.19.0
  405. profiles:
  406. - weaviate
  407. restart: always
  408. volumes:
  409. # Mount the Weaviate data directory to the con tainer.
  410. - ./volumes/weaviate:/var/lib/weaviate
  411. environment:
  412. # The Weaviate configurations
  413. # You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
  414. PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
  415. QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
  416. AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
  417. DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
  418. CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
  419. AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
  420. AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
  421. AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
  422. AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
  423. AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
  424. # Qdrant vector store.
  425. # (if used, you need to set VECTOR_STORE to qdrant in the api & worker service.)
  426. qdrant:
  427. image: langgenius/qdrant:v1.7.3
  428. profiles:
  429. - qdrant
  430. restart: always
  431. volumes:
  432. - ./volumes/qdrant:/qdrant/storage
  433. environment:
  434. QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
  435. # The pgvector vector database.
  436. pgvector:
  437. image: pgvector/pgvector:pg16
  438. profiles:
  439. - pgvector
  440. restart: always
  441. environment:
  442. PGUSER: ${PGVECTOR_PGUSER:-postgres}
  443. # The password for the default postgres user.
  444. POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
  445. # The name of the default postgres database.
  446. POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
  447. # postgres data directory
  448. PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
  449. volumes:
  450. - ./volumes/pgvector/data:/var/lib/postgresql/data
  451. healthcheck:
  452. test: [ "CMD", "pg_isready" ]
  453. interval: 1s
  454. timeout: 3s
  455. retries: 30
  456. # pgvecto-rs vector store
  457. pgvecto-rs:
  458. image: tensorchord/pgvecto-rs:pg16-v0.2.0
  459. profiles:
  460. - pgvecto-rs
  461. restart: always
  462. environment:
  463. PGUSER: ${PGVECTOR_PGUSER:-postgres}
  464. # The password for the default postgres user.
  465. POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
  466. # The name of the default postgres database.
  467. POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
  468. # postgres data directory
  469. PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
  470. volumes:
  471. - ./volumes/pgvecto_rs/data:/var/lib/postgresql/data
  472. healthcheck:
  473. test: [ "CMD", "pg_isready" ]
  474. interval: 1s
  475. timeout: 3s
  476. retries: 30
  477. # Chroma vector database
  478. chroma:
  479. image: ghcr.io/chroma-core/chroma:0.5.1
  480. profiles:
  481. - chroma
  482. restart: always
  483. volumes:
  484. - ./volumes/chroma:/chroma/chroma
  485. environment:
  486. CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
  487. CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
  488. IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
  489. oracle:
  490. image: container-registry.oracle.com/database/free:latest
  491. profiles:
  492. - oracle
  493. restart: always
  494. volumes:
  495. - type: volume
  496. source: oradata
  497. target: /opt/oracle/oradata
  498. - ./startupscripts:/opt/oracle/scripts/startup
  499. environment:
  500. - ORACLE_PWD=${ORACLE_PWD:-Dify123456}
  501. - ORACLE_CHARACTERSET=${ORACLE_CHARACTERSET:-AL32UTF8}
  502. # Milvus vector database services
  503. etcd:
  504. container_name: milvus-etcd
  505. image: quay.io/coreos/etcd:v3.5.5
  506. profiles:
  507. - milvus
  508. environment:
  509. - ETCD_AUTO_COMPACTION_MODE=${ETCD_AUTO_COMPACTION_MODE:-revision}
  510. - ETCD_AUTO_COMPACTION_RETENTION=${ETCD_AUTO_COMPACTION_RETENTION:-1000}
  511. - ETCD_QUOTA_BACKEND_BYTES=${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
  512. - ETCD_SNAPSHOT_COUNT=${ETCD_SNAPSHOT_COUNT:-50000}
  513. volumes:
  514. - ./volumes/milvus/etcd:/etcd
  515. command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd
  516. healthcheck:
  517. test: ["CMD", "etcdctl", "endpoint", "health"]
  518. interval: 30s
  519. timeout: 20s
  520. retries: 3
  521. networks:
  522. - milvus
  523. minio:
  524. container_name: milvus-minio
  525. image: minio/minio:RELEASE.2023-03-20T20-16-18Z
  526. profiles:
  527. - milvus
  528. environment:
  529. MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
  530. MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
  531. volumes:
  532. - ./volumes/milvus/minio:/minio_data
  533. command: minio server /minio_data --console-address ":9001"
  534. healthcheck:
  535. test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
  536. interval: 30s
  537. timeout: 20s
  538. retries: 3
  539. networks:
  540. - milvus
  541. milvus-standalone:
  542. container_name: milvus-standalone
  543. image: milvusdb/milvus:v2.3.1
  544. profiles:
  545. - milvus
  546. command: ["milvus", "run", "standalone"]
  547. environment:
  548. ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
  549. MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
  550. common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true}
  551. volumes:
  552. - ./volumes/milvus/milvus:/var/lib/milvus
  553. healthcheck:
  554. test: ["CMD", "curl", "-f", "http://localhost:9091/healthz"]
  555. interval: 30s
  556. start_period: 90s
  557. timeout: 20s
  558. retries: 3
  559. depends_on:
  560. - "etcd"
  561. - "minio"
  562. networks:
  563. - milvus
  564. opensearch:
  565. container_name: opensearch
  566. image: opensearchproject/opensearch:latest
  567. profiles:
  568. - opensearch
  569. environment:
  570. - discovery.type=${OPENSEARCH_DISCOVERY_TYPE:-single-node}
  571. - bootstrap.memory_lock=${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
  572. - OPENSEARCH_JAVA_OPTS=-Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
  573. - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
  574. ulimits:
  575. memlock:
  576. soft: ${OPENSEARCH_MEMLOCK_SOFT:--1}
  577. hard: ${OPENSEARCH_MEMLOCK_HARD:--1}
  578. nofile:
  579. soft: ${OPENSEARCH_NOFILE_SOFT:-65536}
  580. hard: ${OPENSEARCH_NOFILE_HARD:-65536}
  581. volumes:
  582. - ./volumes/opensearch/data:/usr/share/opensearch/data
  583. networks:
  584. - opensearch-net
  585. opensearch-dashboards:
  586. container_name: opensearch-dashboards
  587. image: opensearchproject/opensearch-dashboards:latest
  588. profiles:
  589. - opensearch
  590. environment:
  591. OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
  592. volumes:
  593. - ./volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
  594. networks:
  595. - opensearch-net
  596. depends_on:
  597. - opensearch
  598. networks:
  599. # create a network between sandbox, api and ssrf_proxy, and can not access outside.
  600. ssrf_proxy_network:
  601. driver: bridge
  602. internal: true
  603. milvus:
  604. driver: bridge
  605. opensearch-net:
  606. driver: bridge
  607. internal: true
  608. volumes:
  609. oradata: