diff --git a/.github/README.md b/.github/README.md
index ff6aa546..94aa329f 100644
--- a/.github/README.md
+++ b/.github/README.md
@@ -60,6 +60,7 @@
| 🟢 | 
| Dash. | https://getdashdot.com/ | 现代服务器仪表板 | |
| 🟢 | | Dash.(GPU) | https://getdashdot.com/ | 【GPU支持】现代服务器仪表板 | |
| 🟢 | 
| DeepLX | https://deeplx.owo.network/ | DeepL免费API(无需TOKEN) | |
+| 🟢 | 
| Dify | https://dify.ai/ | Dify 是一个开源的 LLM 应用开发平台 | |
| 🟢 | 
| Dockge | https://dockge.kuma.pet/ | 面向堆栈的管理器 | |
| 🟢 | 
| Dozzle | https://dozzle.dev/ | 一个轻量级的小应用程序,有一个基于web的界面来监控Docker日志 | |
| 🟢 | 
| DPanel | https://dpanel.cc/ | Docker可视化管理面板 | |
diff --git a/README.md b/README.md
index 898bbb32..7c5703ab 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,7 @@
| 🟢 | | Dash. | https://getdashdot.com/ | 现代服务器仪表板 | |
| 🟢 | | Dash.(GPU) | https://getdashdot.com/ | 【GPU支持】现代服务器仪表板 | |
| 🟢 | | DeepLX | https://deeplx.owo.network/ | DeepL免费API(无需TOKEN) | |
+| 🟢 | | Dify | https://dify.ai/ | Dify 是一个开源的 LLM 应用开发平台 | |
| 🟢 | | Dockge | https://dockge.kuma.pet/ | 面向堆栈的管理器 | |
| 🟢 | | Dozzle | https://dozzle.dev/ | 一个轻量级的小应用程序,有一个基于web的界面来监控Docker日志 | |
| 🟢 | | DPanel | https://dpanel.cc/ | Docker可视化管理面板 | |
diff --git a/apps/dify/0.15.3/data.yml b/apps/dify/0.15.3/data.yml
new file mode 100644
index 00000000..5064d8b3
--- /dev/null
+++ b/apps/dify/0.15.3/data.yml
@@ -0,0 +1,65 @@
+additionalProperties:
+ formFields:
+ - default: "/home/dify"
+ edit: true
+ envKey: DIFY_ROOT_PATH
+ labelZh: 数据持久化路径
+ labelEn: Data persistence path
+ required: true
+ type: text
+ - default: 8080
+ edit: true
+ envKey: PANEL_APP_PORT_HTTP
+ labelZh: WebUI 端口
+ labelEn: WebUI port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 8443
+ edit: true
+ envKey: PANEL_APP_PORT_HTTPS
+ labelZh: WebUI SSL 端口
+ labelEn: WebUI SSL port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 19530
+ disabled: true
+ envKey: MILVUS_STANDALONE_PORT1
+ labelZh: Milvus 端口
+ labelEn: Milvus port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 9091
+ disabled: true
+ envKey: MILVUS_STANDALONE_PORT2
+ labelZh: Milvus 端口
+ labelEn: Milvus port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 8123
+ edit: true
+ envKey: MYSCALE_PORT
+ labelZh: MyScale 端口
+ labelEn: MyScale port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 9200
+ edit: true
+ envKey: ELASTICSEARCH_PORT
+ labelZh: Elasticsearch 端口
+ labelEn: Elasticsearch port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 5601
+ edit: true
+ envKey: KIBANA_PORT
+ labelZh: Kibana 端口
+ labelEn: Kibana port
+ required: true
+ rule: paramPort
+ type: number
diff --git a/apps/dify/0.15.3/docker-compose.yml b/apps/dify/0.15.3/docker-compose.yml
new file mode 100644
index 00000000..d4573f9f
--- /dev/null
+++ b/apps/dify/0.15.3/docker-compose.yml
@@ -0,0 +1,1025 @@
+# ==================================================================
+# WARNING: This file is auto-generated by generate_docker_compose
+# Do not modify this file directly. Instead, update the .env.example
+# or docker-compose-template.yaml and regenerate this file.
+# ==================================================================
+
+x-shared-env: &shared-api-worker-env
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ FILES_URL: ${FILES_URL:-}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ DEBUG: ${DEBUG:-false}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ SENTRY_DSN: ${SENTRY_DSN:-}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+
+services:
+ api:
+ image: langgenius/dify-api:0.15.3
+ container_name: api-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ <<: *shared-api-worker-env
+ MODE: api
+ SENTRY_DSN: ${API_SENTRY_DSN:-}
+ SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ depends_on:
+ - db
+ - redis
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+ networks:
+ - ssrf_proxy_network
+ - default
+
+ worker:
+ image: langgenius/dify-api:0.15.3
+ container_name: worker-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ <<: *shared-api-worker-env
+ MODE: worker
+ SENTRY_DSN: ${API_SENTRY_DSN:-}
+ SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ depends_on:
+ - db
+ - redis
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+ networks:
+ - ssrf_proxy_network
+ - default
+
+ web:
+ image: langgenius/dify-web:0.15.3
+ container_name: web-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ APP_API_URL: ${APP_API_URL:-}
+ SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
+
+ db:
+ image: postgres:15-alpine
+ container_name: db-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ PGUSER: ${PGUSER:-postgres}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
+ POSTGRES_DB: ${POSTGRES_DB:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ command: >
+ postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'
+ -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'
+ -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'
+ -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'
+ -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data
+ healthcheck:
+ test: [ 'CMD', 'pg_isready' ]
+ interval: 1s
+ timeout: 3s
+ retries: 30
+
+ redis:
+ image: redis:6-alpine
+ container_name: redis-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/redis/data:/data
+ command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456}
+ healthcheck:
+ test: [ 'CMD', 'redis-cli', 'ping' ]
+
+ sandbox:
+ image: langgenius/dify-sandbox:0.2.10
+ container_name: sandbox-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies
+ healthcheck:
+ test: [ 'CMD', 'curl', '-f', 'http://localhost:8194/health' ]
+ networks:
+ - ssrf_proxy_network
+
+ ssrf_proxy:
+ image: ubuntu/squid:latest
+ container_name: ssrf_proxy-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
+ - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
+ environment:
+ HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ networks:
+ - ssrf_proxy_network
+ - default
+
+ certbot:
+ image: certbot/certbot
+ container_name: certbot-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ profiles:
+ - certbot
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
+ - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
+ - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt
+ - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh
+ environment:
+ - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+ - CERTBOT_DOMAIN=${CERTBOT_DOMAIN}
+ - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-}
+ entrypoint: [ '/docker-entrypoint.sh' ]
+ command: [ 'tail', '-f', '/dev/null' ]
+
+ nginx:
+ image: nginx:latest
+ container_name: nginx-${CONTAINER_NAME}
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d
+ - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
+ entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
+ environment:
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-}
+ depends_on:
+ - api
+ - web
+ ports:
+ - '${EXPOSE_NGINX_PORT:-80}:${NGINX_PORT:-80}'
+ - '${EXPOSE_NGINX_SSL_PORT:-443}:${NGINX_SSL_PORT:-443}'
+
+ weaviate:
+ image: semitechnologies/weaviate:1.19.0
+ container_name: weaviate-${CONTAINER_NAME}
+ profiles:
+ - ''
+ - weaviate
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate
+ environment:
+ PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
+ DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+
+ qdrant:
+ image: langgenius/qdrant:v1.7.3
+ container_name: qdrant-${CONTAINER_NAME}
+ profiles:
+ - qdrant
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage
+ environment:
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+
+ couchbase-server:
+ build: ./couchbase-server
+ profiles:
+ - couchbase
+ restart: always
+ container_name: couchbase-server-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ - CLUSTER_NAME=dify_search
+ - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator}
+ - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password}
+ - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings}
+ - COUCHBASE_BUCKET_RAMSIZE=512
+ - COUCHBASE_RAM_SIZE=2048
+ - COUCHBASE_EVENTING_RAM_SIZE=512
+ - COUCHBASE_INDEX_RAM_SIZE=512
+ - COUCHBASE_FTS_RAM_SIZE=1024
+ hostname: couchbase-server
+ working_dir: /opt/couchbase
+ stdin_open: true
+ tty: true
+ entrypoint: [ "" ]
+ command: sh -c "/opt/couchbase/init/init-cbserver.sh"
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data
+ healthcheck:
+ test: [ "CMD-SHELL", "curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets | grep -q '\\[{' || exit 1" ]
+ interval: 10s
+ retries: 10
+ start_period: 30s
+ timeout: 10s
+
+ pgvector:
+ image: pgvector/pgvector:pg16
+ container_name: pgvector-${CONTAINER_NAME}
+ profiles:
+ - pgvector
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data
+ healthcheck:
+ test: [ 'CMD', 'pg_isready' ]
+ interval: 1s
+ timeout: 3s
+ retries: 30
+
+ pgvecto-rs:
+ image: tensorchord/pgvecto-rs:pg16-v0.3.0
+ container_name: pgvecto-rs-${CONTAINER_NAME}
+ profiles:
+ - pgvecto-rs
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data
+ healthcheck:
+ test: [ 'CMD', 'pg_isready' ]
+ interval: 1s
+ timeout: 3s
+ retries: 30
+
+ chroma:
+ image: ghcr.io/chroma-core/chroma:0.5.20
+ container_name: chroma-${CONTAINER_NAME}
+ profiles:
+ - chroma
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma
+ environment:
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+
+ oceanbase:
+ image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215
+ container_name: oceanbase-${CONTAINER_NAME}
+ profiles:
+ - oceanbase
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d
+ environment:
+ OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OB_SERVER_IP: '127.0.0.1'
+
+ oracle:
+ image: container-registry.oracle.com/database/free:latest
+ container_name: oracle-${CONTAINER_NAME}
+ profiles:
+ - oracle
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - source: oradata
+ type: volume
+ target: /opt/oracle/oradata
+ - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup
+ environment:
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+
+ etcd:
+ image: quay.io/coreos/etcd:v3.5.5
+ container_name: milvus-etcd-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ profiles:
+ - milvus
+ environment:
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd
+ command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd
+ healthcheck:
+ test: [ 'CMD', 'etcdctl', 'endpoint', 'health' ]
+ interval: 30s
+ timeout: 20s
+ retries: 3
+ networks:
+ - milvus
+
+ minio:
+ image: minio/minio:RELEASE.2023-03-20T20-16-18Z
+ container_name: milvus-minio-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ profiles:
+ - milvus
+ environment:
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data
+ command: minio server /minio_data --console-address ":9001"
+ healthcheck:
+ test: [ 'CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live' ]
+ interval: 30s
+ timeout: 20s
+ retries: 3
+ networks:
+ - milvus
+
+ milvus-standalone:
+ image: milvusdb/milvus:v2.5.0-beta
+ container_name: milvus-standalone-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ profiles:
+ - milvus
+ command: [ 'milvus', 'run', 'standalone' ]
+ environment:
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus
+ healthcheck:
+ test: [ 'CMD', 'curl', '-f', 'http://localhost:9091/healthz' ]
+ interval: 30s
+ start_period: 90s
+ timeout: 20s
+ retries: 3
+ depends_on:
+ - etcd
+ - minio
+ ports:
+ - 19530:19530
+ - 9091:9091
+ networks:
+ - milvus
+
+ opensearch:
+ image: opensearchproject/opensearch:latest
+ container_name: opensearch-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ profiles:
+ - opensearch
+ environment:
+ discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ ulimits:
+ memlock:
+ soft: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ hard: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ nofile:
+ soft: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ hard: ${OPENSEARCH_NOFILE_HARD:-65536}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data
+ networks:
+ - opensearch-net
+
+ opensearch-dashboards:
+ image: opensearchproject/opensearch-dashboards:latest
+ container_name: opensearch-dashboards-${CONTAINER_NAME}
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ profiles:
+ - opensearch
+ environment:
+ OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+ networks:
+ - opensearch-net
+ depends_on:
+ - opensearch
+
+ myscale:
+ image: myscale/myscaledb:1.6.4
+ container_name: myscale-${CONTAINER_NAME}
+ profiles:
+ - myscale
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ tty: true
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse
+ - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server
+ - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml
+ ports:
+ - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123}
+
+ elasticsearch:
+ image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3
+ container_name: elasticsearch-${CONTAINER_NAME}
+ profiles:
+ - elasticsearch
+ - elasticsearch-ja
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ - dify_es01_data:/usr/share/elasticsearch/data
+ environment:
+ ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ VECTOR_STORE: ${VECTOR_STORE:-}
+ cluster.name: dify-es-cluster
+ node.name: dify-es0
+ discovery.type: single-node
+ xpack.license.self_generated.type: basic
+ xpack.security.enabled: 'true'
+ xpack.security.enrollment.enabled: 'false'
+ xpack.security.http.ssl.enabled: 'false'
+ ports:
+ - ${ELASTICSEARCH_PORT:-9200}:9200
+ deploy:
+ resources:
+ limits:
+ memory: 2g
+ entrypoint: [ 'sh', '-c', "sh /docker-entrypoint-mount.sh" ]
+ healthcheck:
+ test: [ 'CMD', 'curl', '-s', 'http://localhost:9200/_cluster/health?pretty' ]
+ interval: 30s
+ timeout: 10s
+ retries: 50
+
+ kibana:
+ image: docker.elastic.co/kibana/kibana:8.14.3
+ container_name: kibana-${CONTAINER_NAME}
+ profiles:
+ - elasticsearch
+ depends_on:
+ - elasticsearch
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ environment:
+ XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa
+ NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana
+ XPACK_SECURITY_ENABLED: 'true'
+ XPACK_SECURITY_ENROLLMENT_ENABLED: 'false'
+ XPACK_SECURITY_HTTP_SSL_ENABLED: 'false'
+ XPACK_FLEET_ISAIRGAPPED: 'true'
+ I18N_LOCALE: zh-CN
+ SERVER_PORT: '5601'
+ ELASTICSEARCH_HOSTS: http://elasticsearch:9200
+ ports:
+ - ${KIBANA_PORT:-5601}:5601
+ healthcheck:
+ test: [ 'CMD-SHELL', 'curl -s http://localhost:5601 >/dev/null || exit 1' ]
+ interval: 30s
+ timeout: 10s
+ retries: 3
+
+ unstructured:
+ image: downloads.unstructured.io/unstructured-io/unstructured-api:latest
+ container_name: unstructured-${CONTAINER_NAME}
+ profiles:
+ - unstructured
+ restart: always
+ env_file:
+ - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env}
+ - ${APP_ENV_FILE:-/etc/1panel/envs/dify/dify.env}
+ - ${ENV_FILE:-/etc/1panel/envs/default.env}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data
+
+networks:
+ ssrf_proxy_network:
+ driver: bridge
+ internal: true
+ milvus:
+ driver: bridge
+ opensearch-net:
+ driver: bridge
+ internal: true
+
+volumes:
+ oradata:
+ dify_es01_data:
diff --git a/apps/dify/0.15.3/envs/default.env b/apps/dify/0.15.3/envs/default.env
new file mode 100644
index 00000000..cd05f46e
--- /dev/null
+++ b/apps/dify/0.15.3/envs/default.env
@@ -0,0 +1,2 @@
+# copyright© 2024 XinJiang Ms Studio
+ENV_FILE=.env
diff --git a/apps/dify/0.15.3/envs/dify.env b/apps/dify/0.15.3/envs/dify.env
new file mode 100644
index 00000000..3bc79059
--- /dev/null
+++ b/apps/dify/0.15.3/envs/dify.env
@@ -0,0 +1,938 @@
+# ------------------------------
+# Environment Variables for API service & worker
+# ------------------------------
+
+# ------------------------------
+# Common Variables
+# ------------------------------
+
+# The backend URL of the console API,
+# used to concatenate the authorization callback.
+# If empty, it is the same domain.
+# Example: https://api.console.dify.ai
+CONSOLE_API_URL=
+
+# The front-end URL of the console web,
+# used to concatenate some front-end addresses and for CORS configuration use.
+# If empty, it is the same domain.
+# Example: https://console.dify.ai
+CONSOLE_WEB_URL=
+
+# Service API Url,
+# used to display Service API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://api.dify.ai
+SERVICE_API_URL=
+
+# WebApp API backend Url,
+# used to declare the back-end URL for the front-end API.
+# If empty, it is the same domain.
+# Example: https://api.app.dify.ai
+APP_API_URL=
+
+# WebApp Url,
+# used to display WebAPP API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://app.dify.ai
+APP_WEB_URL=
+
+# File preview or download Url prefix.
+# used to display File preview or download Url to the front-end or as Multi-model inputs;
+# Url is signed and has expiration time.
+FILES_URL=
+
+# ------------------------------
+# Server Configuration
+# ------------------------------
+
+# The log level for the application.
+# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
+LOG_LEVEL=INFO
+# Log file path
+LOG_FILE=/app/logs/server.log
+# Log file max size, the unit is MB
+LOG_FILE_MAX_SIZE=20
+# Log file max backup count
+LOG_FILE_BACKUP_COUNT=5
+# Log dateformat
+LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S
+# Log Timezone
+LOG_TZ=UTC
+
+# Debug mode, default is false.
+# It is recommended to turn on this configuration for local development
+# to prevent some problems caused by monkey patch.
+DEBUG=false
+
+# Flask debug mode, it can output trace information at the interface when turned on,
+# which is convenient for debugging.
+FLASK_DEBUG=false
+
+# A secretkey that is used for securely signing the session cookie
+# and encrypting sensitive information on the database.
+# You can generate a strong key using `openssl rand -base64 42`.
+SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
+
+# Password for admin user initialization.
+# If left unset, admin user will not be prompted for a password
+# when creating the initial admin account.
+# The length of the password cannot exceed 30 charactors.
+INIT_PASSWORD=
+
+# Deployment environment.
+# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`.
+# Testing environment. There will be a distinct color label on the front-end page,
+# indicating that this environment is a testing environment.
+DEPLOY_ENV=PRODUCTION
+
+# Whether to enable the version check policy.
+# If set to empty, https://updates.dify.ai will be called for version check.
+CHECK_UPDATE_URL=https://updates.dify.ai
+
+# Used to change the OpenAI base address, default is https://api.openai.com/v1.
+# When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
+# or when a local model provides OpenAI compatible API, it can be replaced.
+OPENAI_API_BASE=https://api.openai.com/v1
+
+# When enabled, migrations will be executed prior to application startup
+# and the application will start after the migrations have completed.
+MIGRATION_ENABLED=true
+
+# File Access Time specifies a time interval in seconds for the file to be accessed.
+# The default value is 300 seconds.
+FILES_ACCESS_TIMEOUT=300
+
+# Access token expiration time in minutes
+ACCESS_TOKEN_EXPIRE_MINUTES=60
+
+# Refresh token expiration time in days
+REFRESH_TOKEN_EXPIRE_DAYS=30
+
+# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
+APP_MAX_ACTIVE_REQUESTS=0
+APP_MAX_EXECUTION_TIME=1200
+
+# ------------------------------
+# Container Startup Related Configuration
+# Only effective when starting with docker image or docker-compose.
+# ------------------------------
+
+# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
+DIFY_BIND_ADDRESS=0.0.0.0
+
+# API service binding port number, default 5001.
+DIFY_PORT=5001
+
+# The number of API server workers, i.e., the number of workers.
+# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent
+# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
+SERVER_WORKER_AMOUNT=1
+
+# Defaults to gevent. If using windows, it can be switched to sync or solo.
+SERVER_WORKER_CLASS=gevent
+
+# Default number of worker connections, the default is 10.
+SERVER_WORKER_CONNECTIONS=10
+
+# Similar to SERVER_WORKER_CLASS.
+# If using windows, it can be switched to sync or solo.
+CELERY_WORKER_CLASS=
+
+# Request handling timeout. The default is 200,
+# it is recommended to set it to 360 to support a longer sse connection time.
+GUNICORN_TIMEOUT=360
+
+# The number of Celery workers. The default is 1, and can be set as needed.
+CELERY_WORKER_AMOUNT=
+
+# Flag indicating whether to enable autoscaling of Celery workers.
+#
+# Autoscaling is useful when tasks are CPU intensive and can be dynamically
+# allocated and deallocated based on the workload.
+#
+# When autoscaling is enabled, the maximum and minimum number of workers can
+# be specified. The autoscaling algorithm will dynamically adjust the number
+# of workers within the specified range.
+#
+# Default is false (i.e., autoscaling is disabled).
+#
+# Example:
+# CELERY_AUTO_SCALE=true
+CELERY_AUTO_SCALE=false
+
+# The maximum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MAX_WORKERS=
+
+# The minimum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MIN_WORKERS=
+
+# API Tool configuration
+API_TOOL_DEFAULT_CONNECT_TIMEOUT=10
+API_TOOL_DEFAULT_READ_TIMEOUT=60
+
+
+# ------------------------------
+# Database Configuration
+# The database uses PostgreSQL. Please use the public schema.
+# It is consistent with the configuration in the 'db' service below.
+# ------------------------------
+
+DB_USERNAME=postgres
+DB_PASSWORD=difyai123456
+DB_HOST=db
+DB_PORT=5432
+DB_DATABASE=dify
+# The size of the database connection pool.
+# The default is 30 connections, which can be appropriately increased.
+SQLALCHEMY_POOL_SIZE=30
+# Database connection pool recycling time, the default is 3600 seconds.
+SQLALCHEMY_POOL_RECYCLE=3600
+# Whether to print SQL, default is false.
+SQLALCHEMY_ECHO=false
+
+# Maximum number of connections to the database
+# Default is 100
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS
+POSTGRES_MAX_CONNECTIONS=100
+
+# Sets the amount of shared memory used for postgres's shared buffers.
+# Default is 128MB
+# Recommended value: 25% of available memory
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS
+POSTGRES_SHARED_BUFFERS=128MB
+
+# Sets the amount of memory used by each database worker for working space.
+# Default is 4MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM
+POSTGRES_WORK_MEM=4MB
+
+# Sets the amount of memory reserved for maintenance activities.
+# Default is 64MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM
+POSTGRES_MAINTENANCE_WORK_MEM=64MB
+
+# Sets the planner's assumption about the effective cache size.
+# Default is 4096MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE
+POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB
+
+# ------------------------------
+# Redis Configuration
+# This Redis configuration is used for caching and for pub/sub during conversation.
+# ------------------------------
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_USERNAME=
+REDIS_PASSWORD=difyai123456
+REDIS_USE_SSL=false
+REDIS_DB=0
+
+# Whether to use Redis Sentinel mode.
+# If set to true, the application will automatically discover and connect to the master node through Sentinel.
+REDIS_USE_SENTINEL=false
+
+# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port.
+# Format: `:,:,:`
+REDIS_SENTINELS=
+REDIS_SENTINEL_SERVICE_NAME=
+REDIS_SENTINEL_USERNAME=
+REDIS_SENTINEL_PASSWORD=
+REDIS_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port.
+# Format: `:,:,:`
+REDIS_USE_CLUSTERS=false
+REDIS_CLUSTERS=
+REDIS_CLUSTERS_PASSWORD=
+
+# ------------------------------
+# Celery Configuration
+# ------------------------------
+
+# Use redis as the broker, and redis db 1 for celery broker.
+# Format as follows: `redis://:@:/`
+# Example: redis://:difyai123456@redis:6379/1
+# If use Redis Sentinel, format as follows: `sentinel://:@:/`
+# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1
+CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1
+BROKER_USE_SSL=false
+
+# If you are using Redis Sentinel for high availability, configure the following settings.
+CELERY_USE_SENTINEL=false
+CELERY_SENTINEL_MASTER_NAME=
+CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# ------------------------------
+# CORS Configuration
+# Used to set the front-end cross-domain access policy.
+# ------------------------------
+
+# Specifies the allowed origins for cross-origin requests to the Web API,
+# e.g. https://dify.app or * for all origins.
+WEB_API_CORS_ALLOW_ORIGINS=*
+
+# Specifies the allowed origins for cross-origin requests to the console API,
+# e.g. https://cloud.dify.ai or * for all origins.
+CONSOLE_CORS_ALLOW_ORIGINS=*
+
+# ------------------------------
+# File Storage Configuration
+# ------------------------------
+
+# The type of storage to use for storing user files.
+STORAGE_TYPE=opendal
+
+# Apache OpenDAL Configuration
+# The configuration for OpenDAL consists of the following format: OPENDAL__.
+# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services.
+# Dify will scan configurations starting with OPENDAL_ and automatically apply them.
+# The scheme name for the OpenDAL storage.
+OPENDAL_SCHEME=fs
+# Configurations for OpenDAL Local File System.
+OPENDAL_FS_ROOT=storage
+
+# S3 Configuration
+#
+S3_ENDPOINT=
+S3_REGION=us-east-1
+S3_BUCKET_NAME=difyai
+S3_ACCESS_KEY=
+S3_SECRET_KEY=
+# Whether to use AWS managed IAM roles for authenticating with the S3 service.
+# If set to false, the access key and secret key must be provided.
+S3_USE_AWS_MANAGED_IAM=false
+
+# Azure Blob Configuration
+#
+AZURE_BLOB_ACCOUNT_NAME=difyai
+AZURE_BLOB_ACCOUNT_KEY=difyai
+AZURE_BLOB_CONTAINER_NAME=difyai-container
+AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net
+
+# Google Storage Configuration
+#
+GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
+GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64=
+
+# The Alibaba Cloud OSS configurations,
+#
+ALIYUN_OSS_BUCKET_NAME=your-bucket-name
+ALIYUN_OSS_ACCESS_KEY=your-access-key
+ALIYUN_OSS_SECRET_KEY=your-secret-key
+ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com
+ALIYUN_OSS_REGION=ap-southeast-1
+ALIYUN_OSS_AUTH_VERSION=v4
+# Don't start with '/'. OSS doesn't support leading slash in object names.
+ALIYUN_OSS_PATH=your-path
+
+# Tencent COS Configuration
+#
+TENCENT_COS_BUCKET_NAME=your-bucket-name
+TENCENT_COS_SECRET_KEY=your-secret-key
+TENCENT_COS_SECRET_ID=your-secret-id
+TENCENT_COS_REGION=your-region
+TENCENT_COS_SCHEME=your-scheme
+
+# Oracle Storage Configuration
+#
+OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com
+OCI_BUCKET_NAME=your-bucket-name
+OCI_ACCESS_KEY=your-access-key
+OCI_SECRET_KEY=your-secret-key
+OCI_REGION=us-ashburn-1
+
+# Huawei OBS Configuration
+#
+HUAWEI_OBS_BUCKET_NAME=your-bucket-name
+HUAWEI_OBS_SECRET_KEY=your-secret-key
+HUAWEI_OBS_ACCESS_KEY=your-access-key
+HUAWEI_OBS_SERVER=your-server-url
+
+# Volcengine TOS Configuration
+#
+VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name
+VOLCENGINE_TOS_SECRET_KEY=your-secret-key
+VOLCENGINE_TOS_ACCESS_KEY=your-access-key
+VOLCENGINE_TOS_ENDPOINT=your-server-url
+VOLCENGINE_TOS_REGION=your-region
+
+# Baidu OBS Storage Configuration
+#
+BAIDU_OBS_BUCKET_NAME=your-bucket-name
+BAIDU_OBS_SECRET_KEY=your-secret-key
+BAIDU_OBS_ACCESS_KEY=your-access-key
+BAIDU_OBS_ENDPOINT=your-server-url
+
+# Supabase Storage Configuration
+#
+SUPABASE_BUCKET_NAME=your-bucket-name
+SUPABASE_API_KEY=your-access-key
+SUPABASE_URL=your-server-url
+
+# ------------------------------
+# Vector Database Configuration
+# ------------------------------
+
+# The type of vector store to use.
+# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`.
+VECTOR_STORE=weaviate
+
+# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
+WEAVIATE_ENDPOINT=http://weaviate:8080
+WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+
+# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
+QDRANT_URL=http://qdrant:6333
+QDRANT_API_KEY=difyai123456
+QDRANT_CLIENT_TIMEOUT=20
+QDRANT_GRPC_ENABLED=false
+QDRANT_GRPC_PORT=6334
+
+# Milvus configuration Only available when VECTOR_STORE is `milvus`.
+# The milvus uri.
+MILVUS_URI=http://127.0.0.1:19530
+MILVUS_TOKEN=
+MILVUS_USER=root
+MILVUS_PASSWORD=Milvus
+MILVUS_ENABLE_HYBRID_SEARCH=False
+
+# MyScale configuration, only available when VECTOR_STORE is `myscale`
+# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to:
+# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters
+MYSCALE_HOST=myscale
+MYSCALE_PORT=8123
+MYSCALE_USER=default
+MYSCALE_PASSWORD=
+MYSCALE_DATABASE=dify
+MYSCALE_FTS_PARAMS=
+
+# Couchbase configurations, only available when VECTOR_STORE is `couchbase`
+# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case)
+COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server
+COUCHBASE_USER=Administrator
+COUCHBASE_PASSWORD=password
+COUCHBASE_BUCKET_NAME=Embeddings
+COUCHBASE_SCOPE_NAME=_default
+
+# pgvector configurations, only available when VECTOR_STORE is `pgvector`
+PGVECTOR_HOST=pgvector
+PGVECTOR_PORT=5432
+PGVECTOR_USER=postgres
+PGVECTOR_PASSWORD=difyai123456
+PGVECTOR_DATABASE=dify
+PGVECTOR_MIN_CONNECTION=1
+PGVECTOR_MAX_CONNECTION=5
+
+# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs`
+PGVECTO_RS_HOST=pgvecto-rs
+PGVECTO_RS_PORT=5432
+PGVECTO_RS_USER=postgres
+PGVECTO_RS_PASSWORD=difyai123456
+PGVECTO_RS_DATABASE=dify
+
+# analyticdb configurations, only available when VECTOR_STORE is `analyticdb`
+ANALYTICDB_KEY_ID=your-ak
+ANALYTICDB_KEY_SECRET=your-sk
+ANALYTICDB_REGION_ID=cn-hangzhou
+ANALYTICDB_INSTANCE_ID=gp-ab123456
+ANALYTICDB_ACCOUNT=testaccount
+ANALYTICDB_PASSWORD=testpassword
+ANALYTICDB_NAMESPACE=dify
+ANALYTICDB_NAMESPACE_PASSWORD=difypassword
+ANALYTICDB_HOST=gp-test.aliyuncs.com
+ANALYTICDB_PORT=5432
+ANALYTICDB_MIN_CONNECTION=1
+ANALYTICDB_MAX_CONNECTION=5
+
+# TiDB vector configurations, only available when VECTOR_STORE is `tidb`
+TIDB_VECTOR_HOST=tidb
+TIDB_VECTOR_PORT=4000
+TIDB_VECTOR_USER=
+TIDB_VECTOR_PASSWORD=
+TIDB_VECTOR_DATABASE=dify
+
+# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant`
+TIDB_ON_QDRANT_URL=http://127.0.0.1
+TIDB_ON_QDRANT_API_KEY=dify
+TIDB_ON_QDRANT_CLIENT_TIMEOUT=20
+TIDB_ON_QDRANT_GRPC_ENABLED=false
+TIDB_ON_QDRANT_GRPC_PORT=6334
+TIDB_PUBLIC_KEY=dify
+TIDB_PRIVATE_KEY=dify
+TIDB_API_URL=http://127.0.0.1
+TIDB_IAM_API_URL=http://127.0.0.1
+TIDB_REGION=regions/aws-us-east-1
+TIDB_PROJECT_ID=dify
+TIDB_SPEND_LIMIT=100
+
+# Chroma configuration, only available when VECTOR_STORE is `chroma`
+CHROMA_HOST=127.0.0.1
+CHROMA_PORT=8000
+CHROMA_TENANT=default_tenant
+CHROMA_DATABASE=default_database
+CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider
+CHROMA_AUTH_CREDENTIALS=
+
+# Oracle configuration, only available when VECTOR_STORE is `oracle`
+ORACLE_HOST=oracle
+ORACLE_PORT=1521
+ORACLE_USER=dify
+ORACLE_PASSWORD=dify
+ORACLE_DATABASE=FREEPDB1
+
+# relyt configurations, only available when VECTOR_STORE is `relyt`
+RELYT_HOST=db
+RELYT_PORT=5432
+RELYT_USER=postgres
+RELYT_PASSWORD=difyai123456
+RELYT_DATABASE=postgres
+
+# open search configuration, only available when VECTOR_STORE is `opensearch`
+OPENSEARCH_HOST=opensearch
+OPENSEARCH_PORT=9200
+OPENSEARCH_USER=admin
+OPENSEARCH_PASSWORD=admin
+OPENSEARCH_SECURE=true
+
+# tencent vector configurations, only available when VECTOR_STORE is `tencent`
+TENCENT_VECTOR_DB_URL=http://127.0.0.1
+TENCENT_VECTOR_DB_API_KEY=dify
+TENCENT_VECTOR_DB_TIMEOUT=30
+TENCENT_VECTOR_DB_USERNAME=dify
+TENCENT_VECTOR_DB_DATABASE=dify
+TENCENT_VECTOR_DB_SHARD=1
+TENCENT_VECTOR_DB_REPLICAS=2
+
+# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch`
+ELASTICSEARCH_HOST=0.0.0.0
+ELASTICSEARCH_PORT=9200
+ELASTICSEARCH_USERNAME=elastic
+ELASTICSEARCH_PASSWORD=elastic
+KIBANA_PORT=5601
+
+# baidu vector configurations, only available when VECTOR_STORE is `baidu`
+BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287
+BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000
+BAIDU_VECTOR_DB_ACCOUNT=root
+BAIDU_VECTOR_DB_API_KEY=dify
+BAIDU_VECTOR_DB_DATABASE=dify
+BAIDU_VECTOR_DB_SHARD=1
+BAIDU_VECTOR_DB_REPLICAS=3
+
+# VikingDB configurations, only available when VECTOR_STORE is `vikingdb`
+VIKINGDB_ACCESS_KEY=your-ak
+VIKINGDB_SECRET_KEY=your-sk
+VIKINGDB_REGION=cn-shanghai
+VIKINGDB_HOST=api-vikingdb.xxx.volces.com
+VIKINGDB_SCHEMA=http
+VIKINGDB_CONNECTION_TIMEOUT=30
+VIKINGDB_SOCKET_TIMEOUT=30
+
+# Lindorm configuration, only available when VECTOR_STORE is `lindorm`
+LINDORM_URL=http://lindorm:30070
+LINDORM_USERNAME=lindorm
+LINDORM_PASSWORD=lindorm
+
+# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase`
+OCEANBASE_VECTOR_HOST=oceanbase
+OCEANBASE_VECTOR_PORT=2881
+OCEANBASE_VECTOR_USER=root@test
+OCEANBASE_VECTOR_PASSWORD=difyai123456
+OCEANBASE_VECTOR_DATABASE=test
+OCEANBASE_CLUSTER_NAME=difyai
+OCEANBASE_MEMORY_LIMIT=6G
+
+# Upstash Vector configuration, only available when VECTOR_STORE is `upstash`
+UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io
+UPSTASH_VECTOR_TOKEN=dify
+
+# ------------------------------
+# Knowledge Configuration
+# ------------------------------
+
+# Upload file size limit, default 15M.
+UPLOAD_FILE_SIZE_LIMIT=15
+
+# The maximum number of files that can be uploaded at a time, default 5.
+UPLOAD_FILE_BATCH_LIMIT=5
+
+# ETL type, support: `dify`, `Unstructured`
+# `dify` Dify's proprietary file extraction scheme
+# `Unstructured` Unstructured.io file extraction scheme
+ETL_TYPE=dify
+
+# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured
+# Or using Unstructured for document extractor node for pptx.
+# For example: http://unstructured:8000/general/v0/general
+UNSTRUCTURED_API_URL=
+UNSTRUCTURED_API_KEY=
+SCARF_NO_ANALYTICS=true
+
+# ------------------------------
+# Model Configuration
+# ------------------------------
+
+# The maximum number of tokens allowed for prompt generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating a prompt in the prompt generation tool.
+# Default: 512 tokens.
+PROMPT_GENERATION_MAX_TOKENS=512
+
+# The maximum number of tokens allowed for code generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating code in the code generation tool.
+# Default: 1024 tokens.
+CODE_GENERATION_MAX_TOKENS=1024
+
+# ------------------------------
+# Multi-modal Configuration
+# ------------------------------
+
+# The format of the image/video/audio/document sent when the multi-modal model is input,
+# the default is base64, optional url.
+# The delay of the call in url mode will be lower than that in base64 mode.
+# It is generally recommended to use the more compatible base64 mode.
+# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document.
+MULTIMODAL_SEND_FORMAT=base64
+# Upload image file size limit, default 10M.
+UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
+# Upload video file size limit, default 100M.
+UPLOAD_VIDEO_FILE_SIZE_LIMIT=100
+# Upload audio file size limit, default 50M.
+UPLOAD_AUDIO_FILE_SIZE_LIMIT=50
+
+# ------------------------------
+# Sentry Configuration
+# Used for application monitoring and error log tracking.
+# ------------------------------
+SENTRY_DSN=
+
+# API Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+API_SENTRY_DSN=
+# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%.
+API_SENTRY_TRACES_SAMPLE_RATE=1.0
+# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
+API_SENTRY_PROFILES_SAMPLE_RATE=1.0
+
+# Web Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+WEB_SENTRY_DSN=
+
+# ------------------------------
+# Notion Integration Configuration
+# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
+# ------------------------------
+
+# Configure as "public" or "internal".
+# Since Notion's OAuth redirect URL only supports HTTPS,
+# if deploying locally, please use Notion's internal integration.
+NOTION_INTEGRATION_TYPE=public
+# Notion OAuth client secret (used for public integration type)
+NOTION_CLIENT_SECRET=
+# Notion OAuth client id (used for public integration type)
+NOTION_CLIENT_ID=
+# Notion internal integration secret.
+# If the value of NOTION_INTEGRATION_TYPE is "internal",
+# you need to configure this variable.
+NOTION_INTERNAL_SECRET=
+
+# ------------------------------
+# Mail related configuration
+# ------------------------------
+
+# Mail type, support: resend, smtp
+MAIL_TYPE=resend
+
+# Default send from email address, if not specified
+MAIL_DEFAULT_SEND_FROM=
+
+# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`.
+RESEND_API_URL=https://api.resend.com
+RESEND_API_KEY=your-resend-api-key
+
+
+# SMTP server configuration, used when MAIL_TYPE is `smtp`
+SMTP_SERVER=
+SMTP_PORT=465
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_USE_TLS=true
+SMTP_OPPORTUNISTIC_TLS=false
+
+# ------------------------------
+# Others Configuration
+# ------------------------------
+
+# Maximum length of segmentation tokens for indexing
+INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
+
+# Member invitation link valid time (hours),
+# Default: 72.
+INVITE_EXPIRY_HOURS=72
+
+# Reset password token valid time (minutes),
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
+
+# The sandbox service endpoint.
+CODE_EXECUTION_ENDPOINT=http://sandbox:8194
+CODE_EXECUTION_API_KEY=dify-sandbox
+CODE_MAX_NUMBER=9223372036854775807
+CODE_MIN_NUMBER=-9223372036854775808
+CODE_MAX_DEPTH=5
+CODE_MAX_PRECISION=20
+CODE_MAX_STRING_LENGTH=80000
+CODE_MAX_STRING_ARRAY_LENGTH=30
+CODE_MAX_OBJECT_ARRAY_LENGTH=30
+CODE_MAX_NUMBER_ARRAY_LENGTH=1000
+CODE_EXECUTION_CONNECT_TIMEOUT=10
+CODE_EXECUTION_READ_TIMEOUT=60
+CODE_EXECUTION_WRITE_TIMEOUT=10
+TEMPLATE_TRANSFORM_MAX_LENGTH=80000
+
+# Workflow runtime configuration
+WORKFLOW_MAX_EXECUTION_STEPS=500
+WORKFLOW_MAX_EXECUTION_TIME=1200
+WORKFLOW_CALL_MAX_DEPTH=5
+MAX_VARIABLE_SIZE=204800
+WORKFLOW_PARALLEL_DEPTH_LIMIT=3
+WORKFLOW_FILE_UPLOAD_LIMIT=10
+
+# HTTP request node in workflow configuration
+HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
+HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576
+
+# SSRF Proxy server HTTP URL
+SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
+# SSRF Proxy server HTTPS URL
+SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
+
+# ------------------------------
+# Environment Variables for web Service
+# ------------------------------
+
+# The timeout for the text generation in millisecond
+TEXT_GENERATION_TIMEOUT_MS=60000
+
+# ------------------------------
+# Environment Variables for db Service
+# ------------------------------
+
+PGUSER=${DB_USERNAME}
+# The password for the default postgres user.
+POSTGRES_PASSWORD=${DB_PASSWORD}
+# The name of the default postgres database.
+POSTGRES_DB=${DB_DATABASE}
+# postgres data directory
+PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for sandbox Service
+# ------------------------------
+
+# The API key for the sandbox service
+SANDBOX_API_KEY=dify-sandbox
+# The mode in which the Gin framework runs
+SANDBOX_GIN_MODE=release
+# The timeout for the worker in seconds
+SANDBOX_WORKER_TIMEOUT=15
+# Enable network for the sandbox service
+SANDBOX_ENABLE_NETWORK=true
+# HTTP proxy URL for SSRF protection
+SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
+# HTTPS proxy URL for SSRF protection
+SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
+# The port on which the sandbox service runs
+SANDBOX_PORT=8194
+
+# ------------------------------
+# Environment Variables for weaviate Service
+# (only used when VECTOR_STORE is weaviate)
+# ------------------------------
+WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate
+WEAVIATE_QUERY_DEFAULTS_LIMIT=25
+WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
+WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
+WEAVIATE_CLUSTER_HOSTNAME=node1
+WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
+WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
+WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
+WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
+
+# ------------------------------
+# Environment Variables for Chroma
+# (only used when VECTOR_STORE is chroma)
+# ------------------------------
+
+# Authentication credentials for Chroma server
+CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456
+# Authentication provider for Chroma server
+CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
+# Persistence setting for Chroma server
+CHROMA_IS_PERSISTENT=TRUE
+
+# ------------------------------
+# Environment Variables for Oracle Service
+# (only used when VECTOR_STORE is Oracle)
+# ------------------------------
+ORACLE_PWD=Dify123456
+ORACLE_CHARACTERSET=AL32UTF8
+
+# ------------------------------
+# Environment Variables for milvus Service
+# (only used when VECTOR_STORE is milvus)
+# ------------------------------
+# ETCD configuration for auto compaction mode
+ETCD_AUTO_COMPACTION_MODE=revision
+# ETCD configuration for auto compaction retention in terms of number of revisions
+ETCD_AUTO_COMPACTION_RETENTION=1000
+# ETCD configuration for backend quota in bytes
+ETCD_QUOTA_BACKEND_BYTES=4294967296
+# ETCD configuration for the number of changes before triggering a snapshot
+ETCD_SNAPSHOT_COUNT=50000
+# MinIO access key for authentication
+MINIO_ACCESS_KEY=minioadmin
+# MinIO secret key for authentication
+MINIO_SECRET_KEY=minioadmin
+# ETCD service endpoints
+ETCD_ENDPOINTS=etcd:2379
+# MinIO service address
+MINIO_ADDRESS=minio:9000
+# Enable or disable security authorization
+MILVUS_AUTHORIZATION_ENABLED=true
+
+# ------------------------------
+# Environment Variables for pgvector / pgvector-rs Service
+# (only used when VECTOR_STORE is pgvector / pgvector-rs)
+# ------------------------------
+PGVECTOR_PGUSER=postgres
+# The password for the default postgres user.
+PGVECTOR_POSTGRES_PASSWORD=difyai123456
+# The name of the default postgres database.
+PGVECTOR_POSTGRES_DB=dify
+# postgres data directory
+PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for opensearch
+# (only used when VECTOR_STORE is opensearch)
+# ------------------------------
+OPENSEARCH_DISCOVERY_TYPE=single-node
+OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true
+OPENSEARCH_JAVA_OPTS_MIN=512m
+OPENSEARCH_JAVA_OPTS_MAX=1024m
+OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123
+OPENSEARCH_MEMLOCK_SOFT=-1
+OPENSEARCH_MEMLOCK_HARD=-1
+OPENSEARCH_NOFILE_SOFT=65536
+OPENSEARCH_NOFILE_HARD=65536
+
+# ------------------------------
+# Environment Variables for Nginx reverse proxy
+# ------------------------------
+NGINX_SERVER_NAME=_
+NGINX_HTTPS_ENABLED=false
+# HTTP port
+NGINX_PORT=80
+# SSL settings are only applied when HTTPS_ENABLED is true
+NGINX_SSL_PORT=443
+# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
+# and modify the env vars below accordingly.
+NGINX_SSL_CERT_FILENAME=dify.crt
+NGINX_SSL_CERT_KEY_FILENAME=dify.key
+NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3
+
+# Nginx performance tuning
+NGINX_WORKER_PROCESSES=auto
+NGINX_CLIENT_MAX_BODY_SIZE=15M
+NGINX_KEEPALIVE_TIMEOUT=65
+
+# Proxy settings
+NGINX_PROXY_READ_TIMEOUT=3600s
+NGINX_PROXY_SEND_TIMEOUT=3600s
+
+# Set true to accept requests for /.well-known/acme-challenge/
+NGINX_ENABLE_CERTBOT_CHALLENGE=false
+
+# ------------------------------
+# Certbot Configuration
+# ------------------------------
+
+# Email address (required to get certificates from Let's Encrypt)
+CERTBOT_EMAIL=your_email@example.com
+
+# Domain name
+CERTBOT_DOMAIN=your_domain.com
+
+# certbot command options
+# i.e: --force-renewal --dry-run --test-cert --debug
+CERTBOT_OPTIONS=
+
+# ------------------------------
+# Environment Variables for SSRF Proxy
+# ------------------------------
+SSRF_HTTP_PORT=3128
+SSRF_COREDUMP_DIR=/var/spool/squid
+SSRF_REVERSE_PROXY_PORT=8194
+SSRF_SANDBOX_HOST=sandbox
+SSRF_DEFAULT_TIME_OUT=5
+SSRF_DEFAULT_CONNECT_TIME_OUT=5
+SSRF_DEFAULT_READ_TIME_OUT=5
+SSRF_DEFAULT_WRITE_TIME_OUT=5
+
+# ------------------------------
+# docker env var for specifying vector db type at startup
+# (based on the vector db type, the corresponding docker
+# compose profile will be used)
+# if you want to use unstructured, add ',unstructured' to the end
+# ------------------------------
+COMPOSE_PROFILES=${VECTOR_STORE:-weaviate}
+
+# ------------------------------
+# Docker Compose Service Expose Host Port Configurations
+# ------------------------------
+EXPOSE_NGINX_PORT=80
+EXPOSE_NGINX_SSL_PORT=443
+
+# ----------------------------------------------------------------------------
+# ModelProvider & Tool Position Configuration
+# Used to specify the model providers and tools that can be used in the app.
+# ----------------------------------------------------------------------------
+
+# Pin, include, and exclude tools
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_TOOL_PINS=bing,google
+POSITION_TOOL_PINS=
+POSITION_TOOL_INCLUDES=
+POSITION_TOOL_EXCLUDES=
+
+# Pin, include, and exclude model providers
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_PROVIDER_PINS=openai,openllm
+POSITION_PROVIDER_PINS=
+POSITION_PROVIDER_INCLUDES=
+POSITION_PROVIDER_EXCLUDES=
+
+# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+CSP_WHITELIST=
+
+# Enable or disable create tidb service job
+CREATE_TIDB_SERVICE_JOB_ENABLED=false
+
+# Maximum number of submitted thread count in a ThreadPool for parallel node execution
+MAX_SUBMIT_COUNT=100
+
+# The maximum number of top-k value for RAG.
+TOP_K_MAX_VALUE=10
diff --git a/apps/dify/0.15.3/envs/global.env b/apps/dify/0.15.3/envs/global.env
new file mode 100644
index 00000000..e10989fe
--- /dev/null
+++ b/apps/dify/0.15.3/envs/global.env
@@ -0,0 +1,2 @@
+# copyright© 2024 XinJiang Ms Studio
+TZ=Asia/Shanghai
diff --git a/apps/dify/0.15.3/scripts/init.sh b/apps/dify/0.15.3/scripts/init.sh
new file mode 100644
index 00000000..2f4cc2a2
--- /dev/null
+++ b/apps/dify/0.15.3/scripts/init.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ -f .env ]; then
+ source .env
+
+ # setup-1 add default values
+ CURRENT_DIR=$(pwd)
+ sed -i '/^ENV_FILE=/d' .env
+ sed -i '/^GLOBAL_ENV_FILE=/d' .env
+ echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env
+ echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env
+ echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env
+
+ # setup-2 update dir permissions
+ mkdir -p "$DIFY_ROOT_PATH"
+
+ cp -r conf/. "$DIFY_ROOT_PATH/"
+
+ echo "Check Finish."
+
+else
+ echo "Error: .env file not found."
+fi
diff --git a/apps/dify/0.15.3/scripts/uninstall.sh b/apps/dify/0.15.3/scripts/uninstall.sh
new file mode 100644
index 00000000..c86c4fbc
--- /dev/null
+++ b/apps/dify/0.15.3/scripts/uninstall.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ -f .env ]; then
+ source .env
+
+ echo "Check Finish."
+
+else
+ echo "Error: .env file not found."
+fi
diff --git a/apps/dify/0.15.3/scripts/upgrade.sh b/apps/dify/0.15.3/scripts/upgrade.sh
new file mode 100644
index 00000000..2bf20e99
--- /dev/null
+++ b/apps/dify/0.15.3/scripts/upgrade.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+if [ -f .env ]; then
+ source .env
+
+ # setup-1 add default values
+ CURRENT_DIR=$(pwd)
+ sed -i '/^ENV_FILE=/d' .env
+ sed -i '/^GLOBAL_ENV_FILE=/d' .env
+ echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env
+ echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env
+ echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env
+
+ # setup-2 update dir permissions
+ mkdir -p "$DIFY_ROOT_PATH"
+
+ if [ -d "conf" ]; then
+ find conf -type f | while read -r file; do
+ dest="$DIFY_ROOT_PATH/${file#conf/}"
+ if [ ! -e "$dest" ]; then
+ mkdir -p "$(dirname "$dest")"
+ cp "$file" "$dest"
+ fi
+ done
+ echo "Conf files copied to $DIFY_ROOT_PATH."
+ else
+ echo "Warning: conf directory not found."
+ fi
+
+ echo "Check Finish."
+
+else
+ echo "Error: .env file not found."
+fi
diff --git a/apps/dify/README.md b/apps/dify/README.md
new file mode 100644
index 00000000..80b39160
--- /dev/null
+++ b/apps/dify/README.md
@@ -0,0 +1,121 @@
+# Dify
+
+Dify 是一个开源的 LLM 应用开发平台。其直观的界面结合了 AI 工作流、RAG 管道、Agent、模型管理、可观测性功能等,让您可以快速从原型到生产
+
+
+
+
+
+## 简介
+
+### 工作流
+
+在画布上构建和测试功能强大的 AI 工作流程,利用以下所有功能以及更多功能
+
+### 全面的模型支持
+
+与数百种专有/开源 LLMs 以及数十种推理提供商和自托管解决方案无缝集成,涵盖 GPT、Mistral、Llama3 以及任何与 OpenAI API 兼容的模型
+
+### Prompt IDE
+
+用于制作提示、比较模型性能以及向基于聊天的应用程序添加其他功能(如文本转语音)的直观界面
+
+### RAG Pipeline
+
+广泛的 RAG 功能,涵盖从文档摄入到检索的所有内容,支持从 PDF、PPT 和其他常见文档格式中提取文本的开箱即用的支持
+
+### Agent 智能体
+
+您可以基于 LLM 函数调用或 ReAct 定义 Agent,并为 Agent 添加预构建或自定义工具。Dify 为 AI Agent
+提供了50多种内置工具,如谷歌搜索、DALL·E、Stable Diffusion 和 WolframAlpha 等
+
+### LLMOps
+
+随时间监视和分析应用程序日志和性能。您可以根据生产数据和标注持续改进提示、数据集和模型
+
+### 后端即服务
+
+所有 Dify 的功能都带有相应的 API,因此您可以轻松地将 Dify 集成到自己的业务逻辑中
+
+## 功能比较
+
+
+
+ | 功能 |
+ Dify.AI |
+ LangChain |
+ Flowise |
+ OpenAI Assistant API |
+
+
+ | 编程方法 |
+ API + 应用程序导向 |
+ Python 代码 |
+ 应用程序导向 |
+ API 导向 |
+
+
+ | 支持的 LLMs |
+ 丰富多样 |
+ 丰富多样 |
+ 丰富多样 |
+ 仅限 OpenAI |
+
+
+ | RAG引擎 |
+ ✅ |
+ ✅ |
+ ✅ |
+ ✅ |
+
+
+ | Agent |
+ ✅ |
+ ✅ |
+ ❌ |
+ ✅ |
+
+
+ | 工作流 |
+ ✅ |
+ ❌ |
+ ✅ |
+ ❌ |
+
+
+ | 可观测性 |
+ ✅ |
+ ✅ |
+ ❌ |
+ ❌ |
+
+
+ | 企业功能(SSO/访问控制) |
+ ✅ |
+ ❌ |
+ ❌ |
+ ❌ |
+
+
+ | 本地部署 |
+ ✅ |
+ ✅ |
+ ✅ |
+ ❌ |
+
+
+
+## 安装说明
+
+在安装 Dify 之前,请确保您的机器满足以下最低系统要求:
+
++ CPU >= 2 Core
++ RAM >= 4 GiB
+
+## 修改配置
+
+应用安装后,如有需要的配置,请修改应用目录下的 `.env` 文件
+
+---
+
+
diff --git a/apps/dify/data.yml b/apps/dify/data.yml
new file mode 100644
index 00000000..5f219230
--- /dev/null
+++ b/apps/dify/data.yml
@@ -0,0 +1,14 @@
+additionalProperties:
+ key: dify
+ name: Dify
+ tags:
+ - WebSite
+ - Local
+ shortDescZh: Dify 是一个开源的 LLM 应用开发平台
+ shortDescEn: Dify is an open-source LLM application development platform
+ type: website
+ crossVersionUpdate: true
+ limit: 0
+ website: https://dify.ai/
+ github: https://github.com/langgenius/dify/
+ document: https://docs.dify.ai/
diff --git a/apps/dify/logo.png b/apps/dify/logo.png
new file mode 100644
index 00000000..82eaea8a
Binary files /dev/null and b/apps/dify/logo.png differ
diff --git a/envs/dify/dify.env b/envs/dify/dify.env
new file mode 100644
index 00000000..3bc79059
--- /dev/null
+++ b/envs/dify/dify.env
@@ -0,0 +1,938 @@
+# ------------------------------
+# Environment Variables for API service & worker
+# ------------------------------
+
+# ------------------------------
+# Common Variables
+# ------------------------------
+
+# The backend URL of the console API,
+# used to concatenate the authorization callback.
+# If empty, it is the same domain.
+# Example: https://api.console.dify.ai
+CONSOLE_API_URL=
+
+# The front-end URL of the console web,
+# used to concatenate some front-end addresses and for CORS configuration use.
+# If empty, it is the same domain.
+# Example: https://console.dify.ai
+CONSOLE_WEB_URL=
+
+# Service API Url,
+# used to display Service API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://api.dify.ai
+SERVICE_API_URL=
+
+# WebApp API backend Url,
+# used to declare the back-end URL for the front-end API.
+# If empty, it is the same domain.
+# Example: https://api.app.dify.ai
+APP_API_URL=
+
+# WebApp Url,
+# used to display WebAPP API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://app.dify.ai
+APP_WEB_URL=
+
+# File preview or download Url prefix.
+# used to display File preview or download Url to the front-end or as Multi-model inputs;
+# Url is signed and has expiration time.
+FILES_URL=
+
+# ------------------------------
+# Server Configuration
+# ------------------------------
+
+# The log level for the application.
+# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
+LOG_LEVEL=INFO
+# Log file path
+LOG_FILE=/app/logs/server.log
+# Log file max size, the unit is MB
+LOG_FILE_MAX_SIZE=20
+# Log file max backup count
+LOG_FILE_BACKUP_COUNT=5
+# Log dateformat
+LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S
+# Log Timezone
+LOG_TZ=UTC
+
+# Debug mode, default is false.
+# It is recommended to turn on this configuration for local development
+# to prevent some problems caused by monkey patch.
+DEBUG=false
+
+# Flask debug mode, it can output trace information at the interface when turned on,
+# which is convenient for debugging.
+FLASK_DEBUG=false
+
+# A secretkey that is used for securely signing the session cookie
+# and encrypting sensitive information on the database.
+# You can generate a strong key using `openssl rand -base64 42`.
+SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
+
+# Password for admin user initialization.
+# If left unset, admin user will not be prompted for a password
+# when creating the initial admin account.
+# The length of the password cannot exceed 30 charactors.
+INIT_PASSWORD=
+
+# Deployment environment.
+# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`.
+# Testing environment. There will be a distinct color label on the front-end page,
+# indicating that this environment is a testing environment.
+DEPLOY_ENV=PRODUCTION
+
+# Whether to enable the version check policy.
+# If set to empty, https://updates.dify.ai will be called for version check.
+CHECK_UPDATE_URL=https://updates.dify.ai
+
+# Used to change the OpenAI base address, default is https://api.openai.com/v1.
+# When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
+# or when a local model provides OpenAI compatible API, it can be replaced.
+OPENAI_API_BASE=https://api.openai.com/v1
+
+# When enabled, migrations will be executed prior to application startup
+# and the application will start after the migrations have completed.
+MIGRATION_ENABLED=true
+
+# File Access Time specifies a time interval in seconds for the file to be accessed.
+# The default value is 300 seconds.
+FILES_ACCESS_TIMEOUT=300
+
+# Access token expiration time in minutes
+ACCESS_TOKEN_EXPIRE_MINUTES=60
+
+# Refresh token expiration time in days
+REFRESH_TOKEN_EXPIRE_DAYS=30
+
+# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
+APP_MAX_ACTIVE_REQUESTS=0
+APP_MAX_EXECUTION_TIME=1200
+
+# ------------------------------
+# Container Startup Related Configuration
+# Only effective when starting with docker image or docker-compose.
+# ------------------------------
+
+# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
+DIFY_BIND_ADDRESS=0.0.0.0
+
+# API service binding port number, default 5001.
+DIFY_PORT=5001
+
+# The number of API server workers, i.e., the number of workers.
+# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent
+# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
+SERVER_WORKER_AMOUNT=1
+
+# Defaults to gevent. If using windows, it can be switched to sync or solo.
+SERVER_WORKER_CLASS=gevent
+
+# Default number of worker connections, the default is 10.
+SERVER_WORKER_CONNECTIONS=10
+
+# Similar to SERVER_WORKER_CLASS.
+# If using windows, it can be switched to sync or solo.
+CELERY_WORKER_CLASS=
+
+# Request handling timeout. The default is 200,
+# it is recommended to set it to 360 to support a longer sse connection time.
+GUNICORN_TIMEOUT=360
+
+# The number of Celery workers. The default is 1, and can be set as needed.
+CELERY_WORKER_AMOUNT=
+
+# Flag indicating whether to enable autoscaling of Celery workers.
+#
+# Autoscaling is useful when tasks are CPU intensive and can be dynamically
+# allocated and deallocated based on the workload.
+#
+# When autoscaling is enabled, the maximum and minimum number of workers can
+# be specified. The autoscaling algorithm will dynamically adjust the number
+# of workers within the specified range.
+#
+# Default is false (i.e., autoscaling is disabled).
+#
+# Example:
+# CELERY_AUTO_SCALE=true
+CELERY_AUTO_SCALE=false
+
+# The maximum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MAX_WORKERS=
+
+# The minimum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MIN_WORKERS=
+
+# API Tool configuration
+API_TOOL_DEFAULT_CONNECT_TIMEOUT=10
+API_TOOL_DEFAULT_READ_TIMEOUT=60
+
+
+# ------------------------------
+# Database Configuration
+# The database uses PostgreSQL. Please use the public schema.
+# It is consistent with the configuration in the 'db' service below.
+# ------------------------------
+
+DB_USERNAME=postgres
+DB_PASSWORD=difyai123456
+DB_HOST=db
+DB_PORT=5432
+DB_DATABASE=dify
+# The size of the database connection pool.
+# The default is 30 connections, which can be appropriately increased.
+SQLALCHEMY_POOL_SIZE=30
+# Database connection pool recycling time, the default is 3600 seconds.
+SQLALCHEMY_POOL_RECYCLE=3600
+# Whether to print SQL, default is false.
+SQLALCHEMY_ECHO=false
+
+# Maximum number of connections to the database
+# Default is 100
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS
+POSTGRES_MAX_CONNECTIONS=100
+
+# Sets the amount of shared memory used for postgres's shared buffers.
+# Default is 128MB
+# Recommended value: 25% of available memory
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS
+POSTGRES_SHARED_BUFFERS=128MB
+
+# Sets the amount of memory used by each database worker for working space.
+# Default is 4MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM
+POSTGRES_WORK_MEM=4MB
+
+# Sets the amount of memory reserved for maintenance activities.
+# Default is 64MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM
+POSTGRES_MAINTENANCE_WORK_MEM=64MB
+
+# Sets the planner's assumption about the effective cache size.
+# Default is 4096MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE
+POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB
+
+# ------------------------------
+# Redis Configuration
+# This Redis configuration is used for caching and for pub/sub during conversation.
+# ------------------------------
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_USERNAME=
+REDIS_PASSWORD=difyai123456
+REDIS_USE_SSL=false
+REDIS_DB=0
+
+# Whether to use Redis Sentinel mode.
+# If set to true, the application will automatically discover and connect to the master node through Sentinel.
+REDIS_USE_SENTINEL=false
+
+# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port.
+# Format: `:,:,:`
+REDIS_SENTINELS=
+REDIS_SENTINEL_SERVICE_NAME=
+REDIS_SENTINEL_USERNAME=
+REDIS_SENTINEL_PASSWORD=
+REDIS_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port.
+# Format: `:,:,:`
+REDIS_USE_CLUSTERS=false
+REDIS_CLUSTERS=
+REDIS_CLUSTERS_PASSWORD=
+
+# ------------------------------
+# Celery Configuration
+# ------------------------------
+
+# Use redis as the broker, and redis db 1 for celery broker.
+# Format as follows: `redis://:@:/`
+# Example: redis://:difyai123456@redis:6379/1
+# If use Redis Sentinel, format as follows: `sentinel://:@:/`
+# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1
+CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1
+BROKER_USE_SSL=false
+
+# If you are using Redis Sentinel for high availability, configure the following settings.
+CELERY_USE_SENTINEL=false
+CELERY_SENTINEL_MASTER_NAME=
+CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# ------------------------------
+# CORS Configuration
+# Used to set the front-end cross-domain access policy.
+# ------------------------------
+
+# Specifies the allowed origins for cross-origin requests to the Web API,
+# e.g. https://dify.app or * for all origins.
+WEB_API_CORS_ALLOW_ORIGINS=*
+
+# Specifies the allowed origins for cross-origin requests to the console API,
+# e.g. https://cloud.dify.ai or * for all origins.
+CONSOLE_CORS_ALLOW_ORIGINS=*
+
+# ------------------------------
+# File Storage Configuration
+# ------------------------------
+
+# The type of storage to use for storing user files.
+STORAGE_TYPE=opendal
+
+# Apache OpenDAL Configuration
+# The configuration for OpenDAL consists of the following format: OPENDAL__.
+# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services.
+# Dify will scan configurations starting with OPENDAL_ and automatically apply them.
+# The scheme name for the OpenDAL storage.
+OPENDAL_SCHEME=fs
+# Configurations for OpenDAL Local File System.
+OPENDAL_FS_ROOT=storage
+
+# S3 Configuration
+#
+S3_ENDPOINT=
+S3_REGION=us-east-1
+S3_BUCKET_NAME=difyai
+S3_ACCESS_KEY=
+S3_SECRET_KEY=
+# Whether to use AWS managed IAM roles for authenticating with the S3 service.
+# If set to false, the access key and secret key must be provided.
+S3_USE_AWS_MANAGED_IAM=false
+
+# Azure Blob Configuration
+#
+AZURE_BLOB_ACCOUNT_NAME=difyai
+AZURE_BLOB_ACCOUNT_KEY=difyai
+AZURE_BLOB_CONTAINER_NAME=difyai-container
+AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net
+
+# Google Storage Configuration
+#
+GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
+GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64=
+
+# The Alibaba Cloud OSS configurations,
+#
+ALIYUN_OSS_BUCKET_NAME=your-bucket-name
+ALIYUN_OSS_ACCESS_KEY=your-access-key
+ALIYUN_OSS_SECRET_KEY=your-secret-key
+ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com
+ALIYUN_OSS_REGION=ap-southeast-1
+ALIYUN_OSS_AUTH_VERSION=v4
+# Don't start with '/'. OSS doesn't support leading slash in object names.
+ALIYUN_OSS_PATH=your-path
+
+# Tencent COS Configuration
+#
+TENCENT_COS_BUCKET_NAME=your-bucket-name
+TENCENT_COS_SECRET_KEY=your-secret-key
+TENCENT_COS_SECRET_ID=your-secret-id
+TENCENT_COS_REGION=your-region
+TENCENT_COS_SCHEME=your-scheme
+
+# Oracle Storage Configuration
+#
+OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com
+OCI_BUCKET_NAME=your-bucket-name
+OCI_ACCESS_KEY=your-access-key
+OCI_SECRET_KEY=your-secret-key
+OCI_REGION=us-ashburn-1
+
+# Huawei OBS Configuration
+#
+HUAWEI_OBS_BUCKET_NAME=your-bucket-name
+HUAWEI_OBS_SECRET_KEY=your-secret-key
+HUAWEI_OBS_ACCESS_KEY=your-access-key
+HUAWEI_OBS_SERVER=your-server-url
+
+# Volcengine TOS Configuration
+#
+VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name
+VOLCENGINE_TOS_SECRET_KEY=your-secret-key
+VOLCENGINE_TOS_ACCESS_KEY=your-access-key
+VOLCENGINE_TOS_ENDPOINT=your-server-url
+VOLCENGINE_TOS_REGION=your-region
+
+# Baidu OBS Storage Configuration
+#
+BAIDU_OBS_BUCKET_NAME=your-bucket-name
+BAIDU_OBS_SECRET_KEY=your-secret-key
+BAIDU_OBS_ACCESS_KEY=your-access-key
+BAIDU_OBS_ENDPOINT=your-server-url
+
+# Supabase Storage Configuration
+#
+SUPABASE_BUCKET_NAME=your-bucket-name
+SUPABASE_API_KEY=your-access-key
+SUPABASE_URL=your-server-url
+
+# ------------------------------
+# Vector Database Configuration
+# ------------------------------
+
+# The type of vector store to use.
+# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`.
+VECTOR_STORE=weaviate
+
+# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
+WEAVIATE_ENDPOINT=http://weaviate:8080
+WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+
+# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
+QDRANT_URL=http://qdrant:6333
+QDRANT_API_KEY=difyai123456
+QDRANT_CLIENT_TIMEOUT=20
+QDRANT_GRPC_ENABLED=false
+QDRANT_GRPC_PORT=6334
+
+# Milvus configuration Only available when VECTOR_STORE is `milvus`.
+# The milvus uri.
+MILVUS_URI=http://127.0.0.1:19530
+MILVUS_TOKEN=
+MILVUS_USER=root
+MILVUS_PASSWORD=Milvus
+MILVUS_ENABLE_HYBRID_SEARCH=False
+
+# MyScale configuration, only available when VECTOR_STORE is `myscale`
+# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to:
+# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters
+MYSCALE_HOST=myscale
+MYSCALE_PORT=8123
+MYSCALE_USER=default
+MYSCALE_PASSWORD=
+MYSCALE_DATABASE=dify
+MYSCALE_FTS_PARAMS=
+
+# Couchbase configurations, only available when VECTOR_STORE is `couchbase`
+# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case)
+COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server
+COUCHBASE_USER=Administrator
+COUCHBASE_PASSWORD=password
+COUCHBASE_BUCKET_NAME=Embeddings
+COUCHBASE_SCOPE_NAME=_default
+
+# pgvector configurations, only available when VECTOR_STORE is `pgvector`
+PGVECTOR_HOST=pgvector
+PGVECTOR_PORT=5432
+PGVECTOR_USER=postgres
+PGVECTOR_PASSWORD=difyai123456
+PGVECTOR_DATABASE=dify
+PGVECTOR_MIN_CONNECTION=1
+PGVECTOR_MAX_CONNECTION=5
+
+# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs`
+PGVECTO_RS_HOST=pgvecto-rs
+PGVECTO_RS_PORT=5432
+PGVECTO_RS_USER=postgres
+PGVECTO_RS_PASSWORD=difyai123456
+PGVECTO_RS_DATABASE=dify
+
+# analyticdb configurations, only available when VECTOR_STORE is `analyticdb`
+ANALYTICDB_KEY_ID=your-ak
+ANALYTICDB_KEY_SECRET=your-sk
+ANALYTICDB_REGION_ID=cn-hangzhou
+ANALYTICDB_INSTANCE_ID=gp-ab123456
+ANALYTICDB_ACCOUNT=testaccount
+ANALYTICDB_PASSWORD=testpassword
+ANALYTICDB_NAMESPACE=dify
+ANALYTICDB_NAMESPACE_PASSWORD=difypassword
+ANALYTICDB_HOST=gp-test.aliyuncs.com
+ANALYTICDB_PORT=5432
+ANALYTICDB_MIN_CONNECTION=1
+ANALYTICDB_MAX_CONNECTION=5
+
+# TiDB vector configurations, only available when VECTOR_STORE is `tidb`
+TIDB_VECTOR_HOST=tidb
+TIDB_VECTOR_PORT=4000
+TIDB_VECTOR_USER=
+TIDB_VECTOR_PASSWORD=
+TIDB_VECTOR_DATABASE=dify
+
+# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant`
+TIDB_ON_QDRANT_URL=http://127.0.0.1
+TIDB_ON_QDRANT_API_KEY=dify
+TIDB_ON_QDRANT_CLIENT_TIMEOUT=20
+TIDB_ON_QDRANT_GRPC_ENABLED=false
+TIDB_ON_QDRANT_GRPC_PORT=6334
+TIDB_PUBLIC_KEY=dify
+TIDB_PRIVATE_KEY=dify
+TIDB_API_URL=http://127.0.0.1
+TIDB_IAM_API_URL=http://127.0.0.1
+TIDB_REGION=regions/aws-us-east-1
+TIDB_PROJECT_ID=dify
+TIDB_SPEND_LIMIT=100
+
+# Chroma configuration, only available when VECTOR_STORE is `chroma`
+CHROMA_HOST=127.0.0.1
+CHROMA_PORT=8000
+CHROMA_TENANT=default_tenant
+CHROMA_DATABASE=default_database
+CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider
+CHROMA_AUTH_CREDENTIALS=
+
+# Oracle configuration, only available when VECTOR_STORE is `oracle`
+ORACLE_HOST=oracle
+ORACLE_PORT=1521
+ORACLE_USER=dify
+ORACLE_PASSWORD=dify
+ORACLE_DATABASE=FREEPDB1
+
+# relyt configurations, only available when VECTOR_STORE is `relyt`
+RELYT_HOST=db
+RELYT_PORT=5432
+RELYT_USER=postgres
+RELYT_PASSWORD=difyai123456
+RELYT_DATABASE=postgres
+
+# open search configuration, only available when VECTOR_STORE is `opensearch`
+OPENSEARCH_HOST=opensearch
+OPENSEARCH_PORT=9200
+OPENSEARCH_USER=admin
+OPENSEARCH_PASSWORD=admin
+OPENSEARCH_SECURE=true
+
+# tencent vector configurations, only available when VECTOR_STORE is `tencent`
+TENCENT_VECTOR_DB_URL=http://127.0.0.1
+TENCENT_VECTOR_DB_API_KEY=dify
+TENCENT_VECTOR_DB_TIMEOUT=30
+TENCENT_VECTOR_DB_USERNAME=dify
+TENCENT_VECTOR_DB_DATABASE=dify
+TENCENT_VECTOR_DB_SHARD=1
+TENCENT_VECTOR_DB_REPLICAS=2
+
+# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch`
+ELASTICSEARCH_HOST=0.0.0.0
+ELASTICSEARCH_PORT=9200
+ELASTICSEARCH_USERNAME=elastic
+ELASTICSEARCH_PASSWORD=elastic
+KIBANA_PORT=5601
+
+# baidu vector configurations, only available when VECTOR_STORE is `baidu`
+BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287
+BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000
+BAIDU_VECTOR_DB_ACCOUNT=root
+BAIDU_VECTOR_DB_API_KEY=dify
+BAIDU_VECTOR_DB_DATABASE=dify
+BAIDU_VECTOR_DB_SHARD=1
+BAIDU_VECTOR_DB_REPLICAS=3
+
+# VikingDB configurations, only available when VECTOR_STORE is `vikingdb`
+VIKINGDB_ACCESS_KEY=your-ak
+VIKINGDB_SECRET_KEY=your-sk
+VIKINGDB_REGION=cn-shanghai
+VIKINGDB_HOST=api-vikingdb.xxx.volces.com
+VIKINGDB_SCHEMA=http
+VIKINGDB_CONNECTION_TIMEOUT=30
+VIKINGDB_SOCKET_TIMEOUT=30
+
+# Lindorm configuration, only available when VECTOR_STORE is `lindorm`
+LINDORM_URL=http://lindorm:30070
+LINDORM_USERNAME=lindorm
+LINDORM_PASSWORD=lindorm
+
+# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase`
+OCEANBASE_VECTOR_HOST=oceanbase
+OCEANBASE_VECTOR_PORT=2881
+OCEANBASE_VECTOR_USER=root@test
+OCEANBASE_VECTOR_PASSWORD=difyai123456
+OCEANBASE_VECTOR_DATABASE=test
+OCEANBASE_CLUSTER_NAME=difyai
+OCEANBASE_MEMORY_LIMIT=6G
+
+# Upstash Vector configuration, only available when VECTOR_STORE is `upstash`
+UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io
+UPSTASH_VECTOR_TOKEN=dify
+
+# ------------------------------
+# Knowledge Configuration
+# ------------------------------
+
+# Upload file size limit, default 15M.
+UPLOAD_FILE_SIZE_LIMIT=15
+
+# The maximum number of files that can be uploaded at a time, default 5.
+UPLOAD_FILE_BATCH_LIMIT=5
+
+# ETL type, support: `dify`, `Unstructured`
+# `dify` Dify's proprietary file extraction scheme
+# `Unstructured` Unstructured.io file extraction scheme
+ETL_TYPE=dify
+
+# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured
+# Or using Unstructured for document extractor node for pptx.
+# For example: http://unstructured:8000/general/v0/general
+UNSTRUCTURED_API_URL=
+UNSTRUCTURED_API_KEY=
+SCARF_NO_ANALYTICS=true
+
+# ------------------------------
+# Model Configuration
+# ------------------------------
+
+# The maximum number of tokens allowed for prompt generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating a prompt in the prompt generation tool.
+# Default: 512 tokens.
+PROMPT_GENERATION_MAX_TOKENS=512
+
+# The maximum number of tokens allowed for code generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating code in the code generation tool.
+# Default: 1024 tokens.
+CODE_GENERATION_MAX_TOKENS=1024
+
+# ------------------------------
+# Multi-modal Configuration
+# ------------------------------
+
+# The format of the image/video/audio/document sent when the multi-modal model is input,
+# the default is base64, optional url.
+# The delay of the call in url mode will be lower than that in base64 mode.
+# It is generally recommended to use the more compatible base64 mode.
+# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document.
+MULTIMODAL_SEND_FORMAT=base64
+# Upload image file size limit, default 10M.
+UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
+# Upload video file size limit, default 100M.
+UPLOAD_VIDEO_FILE_SIZE_LIMIT=100
+# Upload audio file size limit, default 50M.
+UPLOAD_AUDIO_FILE_SIZE_LIMIT=50
+
+# ------------------------------
+# Sentry Configuration
+# Used for application monitoring and error log tracking.
+# ------------------------------
+SENTRY_DSN=
+
+# API Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+API_SENTRY_DSN=
+# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%.
+API_SENTRY_TRACES_SAMPLE_RATE=1.0
+# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
+API_SENTRY_PROFILES_SAMPLE_RATE=1.0
+
+# Web Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+WEB_SENTRY_DSN=
+
+# ------------------------------
+# Notion Integration Configuration
+# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
+# ------------------------------
+
+# Configure as "public" or "internal".
+# Since Notion's OAuth redirect URL only supports HTTPS,
+# if deploying locally, please use Notion's internal integration.
+NOTION_INTEGRATION_TYPE=public
+# Notion OAuth client secret (used for public integration type)
+NOTION_CLIENT_SECRET=
+# Notion OAuth client id (used for public integration type)
+NOTION_CLIENT_ID=
+# Notion internal integration secret.
+# If the value of NOTION_INTEGRATION_TYPE is "internal",
+# you need to configure this variable.
+NOTION_INTERNAL_SECRET=
+
+# ------------------------------
+# Mail related configuration
+# ------------------------------
+
+# Mail type, support: resend, smtp
+MAIL_TYPE=resend
+
+# Default send from email address, if not specified
+MAIL_DEFAULT_SEND_FROM=
+
+# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`.
+RESEND_API_URL=https://api.resend.com
+RESEND_API_KEY=your-resend-api-key
+
+
+# SMTP server configuration, used when MAIL_TYPE is `smtp`
+SMTP_SERVER=
+SMTP_PORT=465
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_USE_TLS=true
+SMTP_OPPORTUNISTIC_TLS=false
+
+# ------------------------------
+# Others Configuration
+# ------------------------------
+
+# Maximum length of segmentation tokens for indexing
+INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
+
+# Member invitation link valid time (hours),
+# Default: 72.
+INVITE_EXPIRY_HOURS=72
+
+# Reset password token valid time (minutes),
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
+
+# The sandbox service endpoint.
+CODE_EXECUTION_ENDPOINT=http://sandbox:8194
+CODE_EXECUTION_API_KEY=dify-sandbox
+CODE_MAX_NUMBER=9223372036854775807
+CODE_MIN_NUMBER=-9223372036854775808
+CODE_MAX_DEPTH=5
+CODE_MAX_PRECISION=20
+CODE_MAX_STRING_LENGTH=80000
+CODE_MAX_STRING_ARRAY_LENGTH=30
+CODE_MAX_OBJECT_ARRAY_LENGTH=30
+CODE_MAX_NUMBER_ARRAY_LENGTH=1000
+CODE_EXECUTION_CONNECT_TIMEOUT=10
+CODE_EXECUTION_READ_TIMEOUT=60
+CODE_EXECUTION_WRITE_TIMEOUT=10
+TEMPLATE_TRANSFORM_MAX_LENGTH=80000
+
+# Workflow runtime configuration
+WORKFLOW_MAX_EXECUTION_STEPS=500
+WORKFLOW_MAX_EXECUTION_TIME=1200
+WORKFLOW_CALL_MAX_DEPTH=5
+MAX_VARIABLE_SIZE=204800
+WORKFLOW_PARALLEL_DEPTH_LIMIT=3
+WORKFLOW_FILE_UPLOAD_LIMIT=10
+
+# HTTP request node in workflow configuration
+HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
+HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576
+
+# SSRF Proxy server HTTP URL
+SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
+# SSRF Proxy server HTTPS URL
+SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
+
+# ------------------------------
+# Environment Variables for web Service
+# ------------------------------
+
+# The timeout for the text generation in millisecond
+TEXT_GENERATION_TIMEOUT_MS=60000
+
+# ------------------------------
+# Environment Variables for db Service
+# ------------------------------
+
+PGUSER=${DB_USERNAME}
+# The password for the default postgres user.
+POSTGRES_PASSWORD=${DB_PASSWORD}
+# The name of the default postgres database.
+POSTGRES_DB=${DB_DATABASE}
+# postgres data directory
+PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for sandbox Service
+# ------------------------------
+
+# The API key for the sandbox service
+SANDBOX_API_KEY=dify-sandbox
+# The mode in which the Gin framework runs
+SANDBOX_GIN_MODE=release
+# The timeout for the worker in seconds
+SANDBOX_WORKER_TIMEOUT=15
+# Enable network for the sandbox service
+SANDBOX_ENABLE_NETWORK=true
+# HTTP proxy URL for SSRF protection
+SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
+# HTTPS proxy URL for SSRF protection
+SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
+# The port on which the sandbox service runs
+SANDBOX_PORT=8194
+
+# ------------------------------
+# Environment Variables for weaviate Service
+# (only used when VECTOR_STORE is weaviate)
+# ------------------------------
+WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate
+WEAVIATE_QUERY_DEFAULTS_LIMIT=25
+WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
+WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
+WEAVIATE_CLUSTER_HOSTNAME=node1
+WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
+WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
+WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
+WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
+
+# ------------------------------
+# Environment Variables for Chroma
+# (only used when VECTOR_STORE is chroma)
+# ------------------------------
+
+# Authentication credentials for Chroma server
+CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456
+# Authentication provider for Chroma server
+CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
+# Persistence setting for Chroma server
+CHROMA_IS_PERSISTENT=TRUE
+
+# ------------------------------
+# Environment Variables for Oracle Service
+# (only used when VECTOR_STORE is Oracle)
+# ------------------------------
+ORACLE_PWD=Dify123456
+ORACLE_CHARACTERSET=AL32UTF8
+
+# ------------------------------
+# Environment Variables for milvus Service
+# (only used when VECTOR_STORE is milvus)
+# ------------------------------
+# ETCD configuration for auto compaction mode
+ETCD_AUTO_COMPACTION_MODE=revision
+# ETCD configuration for auto compaction retention in terms of number of revisions
+ETCD_AUTO_COMPACTION_RETENTION=1000
+# ETCD configuration for backend quota in bytes
+ETCD_QUOTA_BACKEND_BYTES=4294967296
+# ETCD configuration for the number of changes before triggering a snapshot
+ETCD_SNAPSHOT_COUNT=50000
+# MinIO access key for authentication
+MINIO_ACCESS_KEY=minioadmin
+# MinIO secret key for authentication
+MINIO_SECRET_KEY=minioadmin
+# ETCD service endpoints
+ETCD_ENDPOINTS=etcd:2379
+# MinIO service address
+MINIO_ADDRESS=minio:9000
+# Enable or disable security authorization
+MILVUS_AUTHORIZATION_ENABLED=true
+
+# ------------------------------
+# Environment Variables for pgvector / pgvector-rs Service
+# (only used when VECTOR_STORE is pgvector / pgvector-rs)
+# ------------------------------
+PGVECTOR_PGUSER=postgres
+# The password for the default postgres user.
+PGVECTOR_POSTGRES_PASSWORD=difyai123456
+# The name of the default postgres database.
+PGVECTOR_POSTGRES_DB=dify
+# postgres data directory
+PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for opensearch
+# (only used when VECTOR_STORE is opensearch)
+# ------------------------------
+OPENSEARCH_DISCOVERY_TYPE=single-node
+OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true
+OPENSEARCH_JAVA_OPTS_MIN=512m
+OPENSEARCH_JAVA_OPTS_MAX=1024m
+OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123
+OPENSEARCH_MEMLOCK_SOFT=-1
+OPENSEARCH_MEMLOCK_HARD=-1
+OPENSEARCH_NOFILE_SOFT=65536
+OPENSEARCH_NOFILE_HARD=65536
+
+# ------------------------------
+# Environment Variables for Nginx reverse proxy
+# ------------------------------
+NGINX_SERVER_NAME=_
+NGINX_HTTPS_ENABLED=false
+# HTTP port
+NGINX_PORT=80
+# SSL settings are only applied when HTTPS_ENABLED is true
+NGINX_SSL_PORT=443
+# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
+# and modify the env vars below accordingly.
+NGINX_SSL_CERT_FILENAME=dify.crt
+NGINX_SSL_CERT_KEY_FILENAME=dify.key
+NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3
+
+# Nginx performance tuning
+NGINX_WORKER_PROCESSES=auto
+NGINX_CLIENT_MAX_BODY_SIZE=15M
+NGINX_KEEPALIVE_TIMEOUT=65
+
+# Proxy settings
+NGINX_PROXY_READ_TIMEOUT=3600s
+NGINX_PROXY_SEND_TIMEOUT=3600s
+
+# Set true to accept requests for /.well-known/acme-challenge/
+NGINX_ENABLE_CERTBOT_CHALLENGE=false
+
+# ------------------------------
+# Certbot Configuration
+# ------------------------------
+
+# Email address (required to get certificates from Let's Encrypt)
+CERTBOT_EMAIL=your_email@example.com
+
+# Domain name
+CERTBOT_DOMAIN=your_domain.com
+
+# certbot command options
+# i.e: --force-renewal --dry-run --test-cert --debug
+CERTBOT_OPTIONS=
+
+# ------------------------------
+# Environment Variables for SSRF Proxy
+# ------------------------------
+SSRF_HTTP_PORT=3128
+SSRF_COREDUMP_DIR=/var/spool/squid
+SSRF_REVERSE_PROXY_PORT=8194
+SSRF_SANDBOX_HOST=sandbox
+SSRF_DEFAULT_TIME_OUT=5
+SSRF_DEFAULT_CONNECT_TIME_OUT=5
+SSRF_DEFAULT_READ_TIME_OUT=5
+SSRF_DEFAULT_WRITE_TIME_OUT=5
+
+# ------------------------------
+# docker env var for specifying vector db type at startup
+# (based on the vector db type, the corresponding docker
+# compose profile will be used)
+# if you want to use unstructured, add ',unstructured' to the end
+# ------------------------------
+COMPOSE_PROFILES=${VECTOR_STORE:-weaviate}
+
+# ------------------------------
+# Docker Compose Service Expose Host Port Configurations
+# ------------------------------
+EXPOSE_NGINX_PORT=80
+EXPOSE_NGINX_SSL_PORT=443
+
+# ----------------------------------------------------------------------------
+# ModelProvider & Tool Position Configuration
+# Used to specify the model providers and tools that can be used in the app.
+# ----------------------------------------------------------------------------
+
+# Pin, include, and exclude tools
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_TOOL_PINS=bing,google
+POSITION_TOOL_PINS=
+POSITION_TOOL_INCLUDES=
+POSITION_TOOL_EXCLUDES=
+
+# Pin, include, and exclude model providers
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_PROVIDER_PINS=openai,openllm
+POSITION_PROVIDER_PINS=
+POSITION_PROVIDER_INCLUDES=
+POSITION_PROVIDER_EXCLUDES=
+
+# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+CSP_WHITELIST=
+
+# Enable or disable create tidb service job
+CREATE_TIDB_SERVICE_JOB_ENABLED=false
+
+# Maximum number of submitted thread count in a ThreadPool for parallel node execution
+MAX_SUBMIT_COUNT=100
+
+# The maximum number of top-k value for RAG.
+TOP_K_MAX_VALUE=10