diff --git a/.github/README.md b/.github/README.md index b48682e4..2bdd001a 100644 --- a/.github/README.md +++ b/.github/README.md @@ -61,7 +61,6 @@ | 🟢 | | Dash. | https://getdashdot.com/ | 现代服务器仪表板 | | | 🟢 | | Dash.(GPU) | https://getdashdot.com/ | 【GPU支持】现代服务器仪表板 | | | 🟢 | | DeepLX | https://deeplx.owo.network/ | DeepL免费API(无需TOKEN) | | -| 🟢 | | Dify | https://dify.ai/ | Dify 是一个开源的 LLM 应用开发平台 | | | 🟢 | | Dockge | https://dockge.kuma.pet/ | 面向堆栈的管理器 | | | 🟢 | | Dozzle | https://dozzle.dev/ | 一个轻量级的小应用程序,有一个基于web的界面来监控Docker日志 | | | 🟢 | | DPanel | https://dpanel.cc/ | Docker可视化管理面板 | | @@ -101,7 +100,6 @@ | 🟢 | | 苹果CMS V10 | https://www.maccms.la/ | 基于ThinkPHP和Layui的多功能开源免费内容管理系统 | | | 🟢 | | Docker Mailserver | https://docker-mailserver.github.io/docker-mailserver/latest/ | 可用于生产的全栈但简单的邮件服务器 | | | 🟢 | | MDC-NG | https://github.com/mdc-ng/mdc-ng/ | 成人电影数据采集工具 | | -| 🟢 | | Mastodon (长毛象) | https://joinmastodon.org/ | 自由开源的去中心化的分布式微博客社交网络 | | | 🟢 | | MaxKB | https://maxkb.cn/ | 基于 LLM 大语言模型的知识库问答系统 | | | 🟢 | | Media CMS | https://mediacms.io/ | 现代、功能齐全的开源视频和媒体内容管理系统 | | | 🟢 | | MetaTube | https://github.com/metatube-community/ | 为 Jellyfin/Emby/Plex 开发的超级好用的成人元数据刮削插件 | | diff --git a/README.md b/README.md index 9442df3b..5a93bcc7 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,6 @@ | 🟢 | | Dash. | https://getdashdot.com/ | 现代服务器仪表板 | | | 🟢 | | Dash.(GPU) | https://getdashdot.com/ | 【GPU支持】现代服务器仪表板 | | | 🟢 | | DeepLX | https://deeplx.owo.network/ | DeepL免费API(无需TOKEN) | | -| 🟢 | | Dify | https://dify.ai/ | Dify 是一个开源的 LLM 应用开发平台 | | | 🟢 | | Dockge | https://dockge.kuma.pet/ | 面向堆栈的管理器 | | | 🟢 | | Dozzle | https://dozzle.dev/ | 一个轻量级的小应用程序,有一个基于web的界面来监控Docker日志 | | | 🟢 | | DPanel | https://dpanel.cc/ | Docker可视化管理面板 | | @@ -96,7 +95,6 @@ | 🟢 | | 苹果CMS V10 | https://www.maccms.la/ | 基于ThinkPHP和Layui的多功能开源免费内容管理系统 | | | 🟢 | | Docker Mailserver | https://docker-mailserver.github.io/docker-mailserver/latest/ | 可用于生产的全栈但简单的邮件服务器 | | | 🟢 | | MDC-NG | https://github.com/mdc-ng/mdc-ng/ | 成人电影数据采集工具 | | -| 🟢 | | Mastodon (长毛象) | https://joinmastodon.org/ | 自由开源的去中心化的分布式微博客社交网络 | | | 🟢 | | MaxKB | https://maxkb.cn/ | 基于 LLM 大语言模型的知识库问答系统 | | | 🟢 | | Media CMS | https://mediacms.io/ | 现代、功能齐全的开源视频和媒体内容管理系统 | | | 🟢 | | MetaTube | https://github.com/metatube-community/ | 为 Jellyfin/Emby/Plex 开发的超级好用的成人元数据刮削插件 | | diff --git a/apps/dify/1.0.0/conf/certbot/README.md b/apps/dify/1.0.0/conf/certbot/README.md deleted file mode 100644 index 21be34b3..00000000 --- a/apps/dify/1.0.0/conf/certbot/README.md +++ /dev/null @@ -1,76 +0,0 @@ -# Launching new servers with SSL certificates - -## Short description - -docker compose certbot configurations with Backward compatibility (without certbot container). -Use `docker compose --profile certbot up` to use this features. - -## The simplest way for launching new servers with SSL certificates - -1. Get letsencrypt certs - set `.env` values - ```properties - NGINX_SSL_CERT_FILENAME=fullchain.pem - NGINX_SSL_CERT_KEY_FILENAME=privkey.pem - NGINX_ENABLE_CERTBOT_CHALLENGE=true - CERTBOT_DOMAIN=your_domain.com - CERTBOT_EMAIL=example@your_domain.com - ``` - execute command: - ```shell - docker network prune - docker compose --profile certbot up --force-recreate -d - ``` - then after the containers launched: - ```shell - docker compose exec -it certbot /bin/sh /update-cert.sh - ``` -2. Edit `.env` file and `docker compose --profile certbot up` again. - set `.env` value additionally - ```properties - NGINX_HTTPS_ENABLED=true - ``` - execute command: - ```shell - docker compose --profile certbot up -d --no-deps --force-recreate nginx - ``` - Then you can access your serve with HTTPS. - [https://your_domain.com](https://your_domain.com) - -## SSL certificates renewal - -For SSL certificates renewal, execute commands below: - -```shell -docker compose exec -it certbot /bin/sh /update-cert.sh -docker compose exec nginx nginx -s reload -``` - -## Options for certbot - -`CERTBOT_OPTIONS` key might be helpful for testing. i.e., - -```properties -CERTBOT_OPTIONS=--dry-run -``` - -To apply changes to `CERTBOT_OPTIONS`, regenerate the certbot container before updating the certificates. - -```shell -docker compose --profile certbot up -d --no-deps --force-recreate certbot -docker compose exec -it certbot /bin/sh /update-cert.sh -``` - -Then, reload the nginx container if necessary. - -```shell -docker compose exec nginx nginx -s reload -``` - -## For legacy servers - -To use cert files dir `nginx/ssl` as before, simply launch containers WITHOUT `--profile certbot` option. - -```shell -docker compose up -d -``` diff --git a/apps/dify/1.0.0/conf/certbot/docker-entrypoint.sh b/apps/dify/1.0.0/conf/certbot/docker-entrypoint.sh deleted file mode 100644 index a70ecd82..00000000 --- a/apps/dify/1.0.0/conf/certbot/docker-entrypoint.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -set -e - -printf '%s\n' "Docker entrypoint script is running" - -printf '%s\n' "\nChecking specific environment variables:" -printf '%s\n' "CERTBOT_EMAIL: ${CERTBOT_EMAIL:-Not set}" -printf '%s\n' "CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-Not set}" -printf '%s\n' "CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-Not set}" - -printf '%s\n' "\nChecking mounted directories:" -for dir in "/etc/letsencrypt" "/var/www/html" "/var/log/letsencrypt"; do - if [ -d "$dir" ]; then - printf '%s\n' "$dir exists. Contents:" - ls -la "$dir" - else - printf '%s\n' "$dir does not exist." - fi -done - -printf '%s\n' "\nGenerating update-cert.sh from template" -sed -e "s|\${CERTBOT_EMAIL}|$CERTBOT_EMAIL|g" \ - -e "s|\${CERTBOT_DOMAIN}|$CERTBOT_DOMAIN|g" \ - -e "s|\${CERTBOT_OPTIONS}|$CERTBOT_OPTIONS|g" \ - /update-cert.template.txt > /update-cert.sh - -chmod +x /update-cert.sh - -printf '%s\n' "\nExecuting command:" "$@" -exec "$@" diff --git a/apps/dify/1.0.0/conf/certbot/update-cert.template.txt b/apps/dify/1.0.0/conf/certbot/update-cert.template.txt deleted file mode 100644 index 16786a19..00000000 --- a/apps/dify/1.0.0/conf/certbot/update-cert.template.txt +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -set -e - -DOMAIN="${CERTBOT_DOMAIN}" -EMAIL="${CERTBOT_EMAIL}" -OPTIONS="${CERTBOT_OPTIONS}" -CERT_NAME="${DOMAIN}" # 証明書名をドメイン名と同じにする - -# Check if the certificate already exists -if [ -f "/etc/letsencrypt/renewal/${CERT_NAME}.conf" ]; then - echo "Certificate exists. Attempting to renew..." - certbot renew --noninteractive --cert-name ${CERT_NAME} --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email ${OPTIONS} -else - echo "Certificate does not exist. Obtaining a new certificate..." - certbot certonly --noninteractive --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email -d ${DOMAIN} ${OPTIONS} -fi -echo "Certificate operation successful" -# Note: Nginx reload should be handled outside this container -echo "Please ensure to reload Nginx to apply any certificate changes." diff --git a/apps/dify/1.0.0/conf/couchbase-server/Dockerfile b/apps/dify/1.0.0/conf/couchbase-server/Dockerfile deleted file mode 100644 index bd8af641..00000000 --- a/apps/dify/1.0.0/conf/couchbase-server/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM couchbase/server:latest AS stage_base -# FROM couchbase:latest AS stage_base -COPY init-cbserver.sh /opt/couchbase/init/ -RUN chmod +x /opt/couchbase/init/init-cbserver.sh \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/couchbase-server/init-cbserver.sh b/apps/dify/1.0.0/conf/couchbase-server/init-cbserver.sh deleted file mode 100644 index e66bc185..00000000 --- a/apps/dify/1.0.0/conf/couchbase-server/init-cbserver.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# used to start couchbase server - can't get around this as docker compose only allows you to start one command - so we have to start couchbase like the standard couchbase Dockerfile would -# https://github.com/couchbase/docker/blob/master/enterprise/couchbase-server/7.2.0/Dockerfile#L88 - -/entrypoint.sh couchbase-server & - -# track if setup is complete so we don't try to setup again -FILE=/opt/couchbase/init/setupComplete.txt - -if ! [ -f "$FILE" ]; then - # used to automatically create the cluster based on environment variables - # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-cluster-init.html - - echo $COUCHBASE_ADMINISTRATOR_USERNAME ":" $COUCHBASE_ADMINISTRATOR_PASSWORD - - sleep 20s - /opt/couchbase/bin/couchbase-cli cluster-init -c 127.0.0.1 \ - --cluster-username $COUCHBASE_ADMINISTRATOR_USERNAME \ - --cluster-password $COUCHBASE_ADMINISTRATOR_PASSWORD \ - --services data,index,query,fts \ - --cluster-ramsize $COUCHBASE_RAM_SIZE \ - --cluster-index-ramsize $COUCHBASE_INDEX_RAM_SIZE \ - --cluster-eventing-ramsize $COUCHBASE_EVENTING_RAM_SIZE \ - --cluster-fts-ramsize $COUCHBASE_FTS_RAM_SIZE \ - --index-storage-setting default - - sleep 2s - - # used to auto create the bucket based on environment variables - # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-bucket-create.html - - /opt/couchbase/bin/couchbase-cli bucket-create -c localhost:8091 \ - --username $COUCHBASE_ADMINISTRATOR_USERNAME \ - --password $COUCHBASE_ADMINISTRATOR_PASSWORD \ - --bucket $COUCHBASE_BUCKET \ - --bucket-ramsize $COUCHBASE_BUCKET_RAMSIZE \ - --bucket-type couchbase - - # create file so we know that the cluster is setup and don't run the setup again - touch $FILE -fi - # docker compose will stop the container from running unless we do this - # known issue and workaround - tail -f /dev/null diff --git a/apps/dify/1.0.0/conf/elasticsearch/docker-entrypoint.sh b/apps/dify/1.0.0/conf/elasticsearch/docker-entrypoint.sh deleted file mode 100644 index 6669aec5..00000000 --- a/apps/dify/1.0.0/conf/elasticsearch/docker-entrypoint.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -e - -if [ "${VECTOR_STORE}" = "elasticsearch-ja" ]; then - # Check if the ICU tokenizer plugin is installed - if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-icu; then - printf '%s\n' "Installing the ICU tokenizer plugin" - if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu; then - printf '%s\n' "Failed to install the ICU tokenizer plugin" - exit 1 - fi - fi - # Check if the Japanese language analyzer plugin is installed - if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-kuromoji; then - printf '%s\n' "Installing the Japanese language analyzer plugin" - if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji; then - printf '%s\n' "Failed to install the Japanese language analyzer plugin" - exit 1 - fi - fi -fi - -# Run the original entrypoint script -exec /bin/tini -- /usr/local/bin/docker-entrypoint.sh diff --git a/apps/dify/1.0.0/conf/nginx/conf.d/default.conf.template b/apps/dify/1.0.0/conf/nginx/conf.d/default.conf.template deleted file mode 100644 index a458412d..00000000 --- a/apps/dify/1.0.0/conf/nginx/conf.d/default.conf.template +++ /dev/null @@ -1,48 +0,0 @@ -# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. - -server { - listen ${NGINX_PORT}; - server_name ${NGINX_SERVER_NAME}; - - location /console/api { - proxy_pass http://api:5001; - include proxy.conf; - } - - location /api { - proxy_pass http://api:5001; - include proxy.conf; - } - - location /v1 { - proxy_pass http://api:5001; - include proxy.conf; - } - - location /files { - proxy_pass http://api:5001; - include proxy.conf; - } - - location /explore { - proxy_pass http://web:3000; - include proxy.conf; - } - - location /e/ { - proxy_pass http://plugin_daemon:5002; - proxy_set_header Dify-Hook-Url $scheme://$host$request_uri; - include proxy.conf; - } - - location / { - proxy_pass http://web:3000; - include proxy.conf; - } - - # placeholder for acme challenge location - ${ACME_CHALLENGE_LOCATION} - - # placeholder for https config defined in https.conf.template - ${HTTPS_CONFIG} -} diff --git a/apps/dify/1.0.0/conf/nginx/docker-entrypoint.sh b/apps/dify/1.0.0/conf/nginx/docker-entrypoint.sh deleted file mode 100644 index d343cb3e..00000000 --- a/apps/dify/1.0.0/conf/nginx/docker-entrypoint.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then - # Check if the certificate and key files for the specified domain exist - if [ -n "${CERTBOT_DOMAIN}" ] && \ - [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \ - [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then - SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" - SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" - else - SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}" - SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}" - fi - export SSL_CERTIFICATE_PATH - export SSL_CERTIFICATE_KEY_PATH - - # set the HTTPS_CONFIG environment variable to the content of the https.conf.template - HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template) - export HTTPS_CONFIG - # Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template - envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf -fi - -if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then - ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }' -else - ACME_CHALLENGE_LOCATION='' -fi -export ACME_CHALLENGE_LOCATION - -env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -) - -envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf -envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf - -envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf - -# Start Nginx using the default entrypoint -exec nginx -g 'daemon off;' \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/nginx/https.conf.template b/apps/dify/1.0.0/conf/nginx/https.conf.template deleted file mode 100644 index 95ea36f4..00000000 --- a/apps/dify/1.0.0/conf/nginx/https.conf.template +++ /dev/null @@ -1,9 +0,0 @@ -# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. - -listen ${NGINX_SSL_PORT} ssl; -ssl_certificate ${SSL_CERTIFICATE_PATH}; -ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH}; -ssl_protocols ${NGINX_SSL_PROTOCOLS}; -ssl_prefer_server_ciphers on; -ssl_session_cache shared:SSL:10m; -ssl_session_timeout 10m; \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/nginx/nginx.conf.template b/apps/dify/1.0.0/conf/nginx/nginx.conf.template deleted file mode 100644 index 32a57165..00000000 --- a/apps/dify/1.0.0/conf/nginx/nginx.conf.template +++ /dev/null @@ -1,34 +0,0 @@ -# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. - -user nginx; -worker_processes ${NGINX_WORKER_PROCESSES}; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT}; - - #gzip on; - client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE}; - - include /etc/nginx/conf.d/*.conf; -} \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/nginx/proxy.conf.template b/apps/dify/1.0.0/conf/nginx/proxy.conf.template deleted file mode 100644 index 117f8061..00000000 --- a/apps/dify/1.0.0/conf/nginx/proxy.conf.template +++ /dev/null @@ -1,11 +0,0 @@ -# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. - -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header X-Forwarded-Port $server_port; -proxy_http_version 1.1; -proxy_set_header Connection ""; -proxy_buffering off; -proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT}; -proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT}; diff --git a/apps/dify/1.0.0/conf/nginx/ssl/.gitkeep b/apps/dify/1.0.0/conf/nginx/ssl/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/apps/dify/1.0.0/conf/ssrf_proxy/docker-entrypoint.sh b/apps/dify/1.0.0/conf/ssrf_proxy/docker-entrypoint.sh deleted file mode 100644 index 613897bb..00000000 --- a/apps/dify/1.0.0/conf/ssrf_proxy/docker-entrypoint.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -# Modified based on Squid OCI image entrypoint - -# This entrypoint aims to forward the squid logs to stdout to assist users of -# common container related tooling (e.g., kubernetes, docker-compose, etc) to -# access the service logs. - -# Moreover, it invokes the squid binary, leaving all the desired parameters to -# be provided by the "command" passed to the spawned container. If no command -# is provided by the user, the default behavior (as per the CMD statement in -# the Dockerfile) will be to use Ubuntu's default configuration [1] and run -# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided -# systemd unit. - -# [1] The default configuration is changed in the Dockerfile to allow local -# network connections. See the Dockerfile for further information. - -echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process" -if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then - /usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1 -fi - -tail -F /var/log/squid/access.log 2>/dev/null & -tail -F /var/log/squid/error.log 2>/dev/null & -tail -F /var/log/squid/store.log 2>/dev/null & -tail -F /var/log/squid/cache.log 2>/dev/null & - -# Replace environment variables in the template and output to the squid.conf -echo "[ENTRYPOINT] replacing environment variables in the template" -awk '{ - while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) { - var = substr($0, RSTART+2, RLENGTH-3) - val = ENVIRON[var] - $0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH) - } - print -}' /etc/squid/squid.conf.template > /etc/squid/squid.conf - -/usr/sbin/squid -Nz -echo "[ENTRYPOINT] starting squid" -/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1 diff --git a/apps/dify/1.0.0/conf/ssrf_proxy/squid.conf.template b/apps/dify/1.0.0/conf/ssrf_proxy/squid.conf.template deleted file mode 100644 index 676fe737..00000000 --- a/apps/dify/1.0.0/conf/ssrf_proxy/squid.conf.template +++ /dev/null @@ -1,51 +0,0 @@ -acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) -acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) -acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) -acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines -acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) -acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) -acl localnet src fc00::/7 # RFC 4193 local private network range -acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines -acl SSL_ports port 443 -# acl SSL_ports port 1025-65535 # Enable the configuration to resolve this issue: https://github.com/langgenius/dify/issues/12792 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localhost manager -http_access deny manager -http_access allow localhost -include /etc/squid/conf.d/*.conf -http_access deny all - -################################## Proxy Server ################################ -http_port ${HTTP_PORT} -coredump_dir ${COREDUMP_DIR} -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims -refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims -refresh_pattern \/InRelease$ 0 0% 0 refresh-ims -refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims -refresh_pattern . 0 20% 4320 - - -# cache_dir ufs /var/spool/squid 100 16 256 -# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks -# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default - -################################## Reverse Proxy To Sandbox ################################ -http_port ${REVERSE_PROXY_PORT} accel vhost -cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver -acl src_all src all -http_access allow src_all diff --git a/apps/dify/1.0.0/conf/startupscripts/init.sh b/apps/dify/1.0.0/conf/startupscripts/init.sh deleted file mode 100644 index c6e6e196..00000000 --- a/apps/dify/1.0.0/conf/startupscripts/init.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -DB_INITIALIZED="/opt/oracle/oradata/dbinit" -#[ -f ${DB_INITIALIZED} ] && exit -#touch ${DB_INITIALIZED} -if [ -f ${DB_INITIALIZED} ]; then - echo 'File exists. Standards for have been Init' - exit -else - echo 'File does not exist. Standards for first time Start up this DB' - "$ORACLE_HOME"/bin/sqlplus -s "/ as sysdba" @"/opt/oracle/scripts/startup/init_user.script"; - touch ${DB_INITIALIZED} -fi diff --git a/apps/dify/1.0.0/conf/startupscripts/init_user.script b/apps/dify/1.0.0/conf/startupscripts/init_user.script deleted file mode 100644 index 7aa7c280..00000000 --- a/apps/dify/1.0.0/conf/startupscripts/init_user.script +++ /dev/null @@ -1,10 +0,0 @@ -show pdbs; -ALTER SYSTEM SET PROCESSES=500 SCOPE=SPFILE; -alter session set container= freepdb1; -create user dify identified by dify DEFAULT TABLESPACE users quota unlimited on users; -grant DB_DEVELOPER_ROLE to dify; - -BEGIN -CTX_DDL.CREATE_PREFERENCE('my_chinese_vgram_lexer','CHINESE_VGRAM_LEXER'); -END; -/ diff --git a/apps/dify/1.0.0/conf/tidb/config/pd.toml b/apps/dify/1.0.0/conf/tidb/config/pd.toml deleted file mode 100644 index 042b251e..00000000 --- a/apps/dify/1.0.0/conf/tidb/config/pd.toml +++ /dev/null @@ -1,4 +0,0 @@ -# PD Configuration File reference: -# https://docs.pingcap.com/tidb/stable/pd-configuration-file#pd-configuration-file -[replication] -max-replicas = 1 \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/tidb/config/tiflash-learner.toml b/apps/dify/1.0.0/conf/tidb/config/tiflash-learner.toml deleted file mode 100644 index 5098829a..00000000 --- a/apps/dify/1.0.0/conf/tidb/config/tiflash-learner.toml +++ /dev/null @@ -1,13 +0,0 @@ -# TiFlash tiflash-learner.toml Configuration File reference: -# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflash-learnertoml-file - -log-file = "/logs/tiflash_tikv.log" - -[server] -engine-addr = "tiflash:4030" -addr = "0.0.0.0:20280" -advertise-addr = "tiflash:20280" -status-addr = "tiflash:20292" - -[storage] -data-dir = "/data/flash" diff --git a/apps/dify/1.0.0/conf/tidb/config/tiflash.toml b/apps/dify/1.0.0/conf/tidb/config/tiflash.toml deleted file mode 100644 index 30ac13ef..00000000 --- a/apps/dify/1.0.0/conf/tidb/config/tiflash.toml +++ /dev/null @@ -1,19 +0,0 @@ -# TiFlash tiflash.toml Configuration File reference: -# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflashtoml-file - -listen_host = "0.0.0.0" -path = "/data" - -[flash] -tidb_status_addr = "tidb:10080" -service_addr = "tiflash:4030" - -[flash.proxy] -config = "/tiflash-learner.toml" - -[logger] -errorlog = "/logs/tiflash_error.log" -log = "/logs/tiflash.log" - -[raft] -pd_addr = "pd0:2379" diff --git a/apps/dify/1.0.0/conf/tidb/docker-compose.yaml b/apps/dify/1.0.0/conf/tidb/docker-compose.yaml deleted file mode 100644 index fa157701..00000000 --- a/apps/dify/1.0.0/conf/tidb/docker-compose.yaml +++ /dev/null @@ -1,62 +0,0 @@ -services: - pd0: - image: pingcap/pd:v8.5.1 - # ports: - # - "2379" - volumes: - - ./config/pd.toml:/pd.toml:ro - - ./volumes/data:/data - - ./volumes/logs:/logs - command: - - --name=pd0 - - --client-urls=http://0.0.0.0:2379 - - --peer-urls=http://0.0.0.0:2380 - - --advertise-client-urls=http://pd0:2379 - - --advertise-peer-urls=http://pd0:2380 - - --initial-cluster=pd0=http://pd0:2380 - - --data-dir=/data/pd - - --config=/pd.toml - - --log-file=/logs/pd.log - restart: on-failure - tikv: - image: pingcap/tikv:v8.5.1 - volumes: - - ./volumes/data:/data - - ./volumes/logs:/logs - command: - - --addr=0.0.0.0:20160 - - --advertise-addr=tikv:20160 - - --status-addr=tikv:20180 - - --data-dir=/data/tikv - - --pd=pd0:2379 - - --log-file=/logs/tikv.log - depends_on: - - "pd0" - restart: on-failure - tidb: - image: pingcap/tidb:v8.5.1 - # ports: - # - "4000:4000" - volumes: - - ./volumes/logs:/logs - command: - - --advertise-address=tidb - - --store=tikv - - --path=pd0:2379 - - --log-file=/logs/tidb.log - depends_on: - - "tikv" - restart: on-failure - tiflash: - image: pingcap/tiflash:v8.5.1 - volumes: - - ./config/tiflash.toml:/tiflash.toml:ro - - ./config/tiflash-learner.toml:/tiflash-learner.toml:ro - - ./volumes/data:/data - - ./volumes/logs:/logs - command: - - --config=/tiflash.toml - depends_on: - - "tikv" - - "tidb" - restart: on-failure diff --git a/apps/dify/1.0.0/conf/volumes/myscale/config/users.d/custom_users_config.xml b/apps/dify/1.0.0/conf/volumes/myscale/config/users.d/custom_users_config.xml deleted file mode 100644 index 67f24b69..00000000 --- a/apps/dify/1.0.0/conf/volumes/myscale/config/users.d/custom_users_config.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - ::1 - 127.0.0.1 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - - default - default - 1 - - - \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/volumes/oceanbase/init.d/vec_memory.sql b/apps/dify/1.0.0/conf/volumes/oceanbase/init.d/vec_memory.sql deleted file mode 100644 index f4c283fd..00000000 --- a/apps/dify/1.0.0/conf/volumes/oceanbase/init.d/vec_memory.sql +++ /dev/null @@ -1 +0,0 @@ -ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; \ No newline at end of file diff --git a/apps/dify/1.0.0/conf/volumes/opensearch/opensearch_dashboards.yml b/apps/dify/1.0.0/conf/volumes/opensearch/opensearch_dashboards.yml deleted file mode 100644 index f50d63bb..00000000 --- a/apps/dify/1.0.0/conf/volumes/opensearch/opensearch_dashboards.yml +++ /dev/null @@ -1,222 +0,0 @@ ---- -# Copyright OpenSearch Contributors -# SPDX-License-Identifier: Apache-2.0 - -# Description: -# Default configuration for OpenSearch Dashboards - -# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use. -# server.port: 5601 - -# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values. -# The default is 'localhost', which usually means remote machines will not be able to connect. -# To allow connections from remote users, set this parameter to a non-loopback address. -# server.host: "localhost" - -# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy. -# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath -# from requests it receives, and to prevent a deprecation warning at startup. -# This setting cannot end in a slash. -# server.basePath: "" - -# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with -# `server.basePath` or require that they are rewritten by your reverse proxy. -# server.rewriteBasePath: false - -# The maximum payload size in bytes for incoming server requests. -# server.maxPayloadBytes: 1048576 - -# The OpenSearch Dashboards server's name. This is used for display purposes. -# server.name: "your-hostname" - -# The URLs of the OpenSearch instances to use for all your queries. -# opensearch.hosts: ["http://localhost:9200"] - -# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and -# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist. -# opensearchDashboards.index: ".opensearch_dashboards" - -# The default application to load. -# opensearchDashboards.defaultAppId: "home" - -# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck. -# This settings should be used for large clusters or for clusters with ingest heavy nodes. -# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes. -# -# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting -# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up -# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id: -# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here -# opensearch.optimizedHealthcheckId: "cluster_id" - -# If your OpenSearch is protected with basic authentication, these settings provide -# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards -# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which -# is proxied through the OpenSearch Dashboards server. -# opensearch.username: "opensearch_dashboards_system" -# opensearch.password: "pass" - -# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. -# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser. -# server.ssl.enabled: false -# server.ssl.certificate: /path/to/your/server.crt -# server.ssl.key: /path/to/your/server.key - -# Optional settings that provide the paths to the PEM-format SSL certificate and key files. -# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when -# xpack.security.http.ssl.client_authentication in OpenSearch is set to required. -# opensearch.ssl.certificate: /path/to/your/client.crt -# opensearch.ssl.key: /path/to/your/client.key - -# Optional setting that enables you to specify a path to the PEM file for the certificate -# authority for your OpenSearch instance. -# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] - -# To disregard the validity of SSL certificates, change this setting's value to 'none'. -# opensearch.ssl.verificationMode: full - -# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of -# the opensearch.requestTimeout setting. -# opensearch.pingTimeout: 1500 - -# Time in milliseconds to wait for responses from the back end or OpenSearch. This value -# must be a positive integer. -# opensearch.requestTimeout: 30000 - -# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side -# headers, set this value to [] (an empty list). -# opensearch.requestHeadersWhitelist: [ authorization ] - -# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten -# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration. -# opensearch.customHeaders: {} - -# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable. -# opensearch.shardTimeout: 30000 - -# Logs queries sent to OpenSearch. Requires logging.verbose set to true. -# opensearch.logQueries: false - -# Specifies the path where OpenSearch Dashboards creates the process ID file. -# pid.file: /var/run/opensearchDashboards.pid - -# Enables you to specify a file where OpenSearch Dashboards stores log output. -# logging.dest: stdout - -# Set the value of this setting to true to suppress all logging output. -# logging.silent: false - -# Set the value of this setting to true to suppress all logging output other than error messages. -# logging.quiet: false - -# Set the value of this setting to true to log all events, including system usage information -# and all requests. -# logging.verbose: false - -# Set the interval in milliseconds to sample system and process performance -# metrics. Minimum is 100ms. Defaults to 5000. -# ops.interval: 5000 - -# Specifies locale to be used for all localizable strings, dates and number formats. -# Supported languages are the following: English - en , by default , Chinese - zh-CN . -# i18n.locale: "en" - -# Set the allowlist to check input graphite Url. Allowlist is the default check list. -# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite'] - -# Set the blocklist to check input graphite Url. Blocklist is an IP list. -# Below is an example for reference -# vis_type_timeline.graphiteBlockedIPs: [ -# //Loopback -# '127.0.0.0/8', -# '::1/128', -# //Link-local Address for IPv6 -# 'fe80::/10', -# //Private IP address for IPv4 -# '10.0.0.0/8', -# '172.16.0.0/12', -# '192.168.0.0/16', -# //Unique local address (ULA) -# 'fc00::/7', -# //Reserved IP address -# '0.0.0.0/8', -# '100.64.0.0/10', -# '192.0.0.0/24', -# '192.0.2.0/24', -# '198.18.0.0/15', -# '192.88.99.0/24', -# '198.51.100.0/24', -# '203.0.113.0/24', -# '224.0.0.0/4', -# '240.0.0.0/4', -# '255.255.255.255/32', -# '::/128', -# '2001:db8::/32', -# 'ff00::/8', -# ] -# vis_type_timeline.graphiteBlockedIPs: [] - -# opensearchDashboards.branding: -# logo: -# defaultUrl: "" -# darkModeUrl: "" -# mark: -# defaultUrl: "" -# darkModeUrl: "" -# loadingLogo: -# defaultUrl: "" -# darkModeUrl: "" -# faviconUrl: "" -# applicationTitle: "" - -# Set the value of this setting to true to capture region blocked warnings and errors -# for your map rendering services. -# map.showRegionBlockedWarning: false% - -# Set the value of this setting to false to suppress search usage telemetry -# for reducing the load of OpenSearch cluster. -# data.search.usageTelemetry.enabled: false - -# 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false' -# Set the value of this setting to false to disable VisBuilder -# functionality in Visualization. -# vis_builder.enabled: false - -# 2.4 New Experimental Feature -# Set the value of this setting to true to enable the experimental multiple data source -# support feature. Use with caution. -# data_source.enabled: false -# Set the value of these settings to customize crypto materials to encryption saved credentials -# in data sources. -# data_source.encryption.wrappingKeyName: 'changeme' -# data_source.encryption.wrappingKeyNamespace: 'changeme' -# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - -# 2.6 New ML Commons Dashboards Feature -# Set the value of this setting to true to enable the ml commons dashboards -# ml_commons_dashboards.enabled: false - -# 2.12 New experimental Assistant Dashboards Feature -# Set the value of this setting to true to enable the assistant dashboards -# assistant.chat.enabled: false - -# 2.13 New Query Assistant Feature -# Set the value of this setting to false to disable the query assistant -# observability.query_assist.enabled: false - -# 2.14 Enable Ui Metric Collectors in Usage Collector -# Set the value of this setting to true to enable UI Metric collections -# usageCollection.uiMetric.enabled: false - -opensearch.hosts: [https://localhost:9200] -opensearch.ssl.verificationMode: none -opensearch.username: admin -opensearch.password: 'Qazwsxedc!@#123' -opensearch.requestHeadersWhitelist: [authorization, securitytenant] - -opensearch_security.multitenancy.enabled: true -opensearch_security.multitenancy.tenants.preferred: [Private, Global] -opensearch_security.readonly_mode.roles: [kibana_read_only] -# Use this setting if you are running opensearch-dashboards without https -opensearch_security.cookie.secure: false -server.host: '0.0.0.0' diff --git a/apps/dify/1.0.0/conf/volumes/sandbox/conf/config.yaml b/apps/dify/1.0.0/conf/volumes/sandbox/conf/config.yaml deleted file mode 100644 index 8c1a1deb..00000000 --- a/apps/dify/1.0.0/conf/volumes/sandbox/conf/config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -app: - port: 8194 - debug: True - key: dify-sandbox -max_workers: 4 -max_requests: 50 -worker_timeout: 5 -python_path: /usr/local/bin/python3 -enable_network: True # please make sure there is no network risk in your environment -allowed_syscalls: # please leave it empty if you have no idea how seccomp works -proxy: - socks5: '' - http: '' - https: '' diff --git a/apps/dify/1.0.0/conf/volumes/sandbox/conf/config.yaml.example b/apps/dify/1.0.0/conf/volumes/sandbox/conf/config.yaml.example deleted file mode 100644 index f92c19e5..00000000 --- a/apps/dify/1.0.0/conf/volumes/sandbox/conf/config.yaml.example +++ /dev/null @@ -1,35 +0,0 @@ -app: - port: 8194 - debug: True - key: dify-sandbox -max_workers: 4 -max_requests: 50 -worker_timeout: 5 -python_path: /usr/local/bin/python3 -python_lib_path: - - /usr/local/lib/python3.10 - - /usr/lib/python3.10 - - /usr/lib/python3 - - /usr/lib/x86_64-linux-gnu - - /etc/ssl/certs/ca-certificates.crt - - /etc/nsswitch.conf - - /etc/hosts - - /etc/resolv.conf - - /run/systemd/resolve/stub-resolv.conf - - /run/resolvconf/resolv.conf - - /etc/localtime - - /usr/share/zoneinfo - - /etc/timezone - # add more paths if needed -python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple -nodejs_path: /usr/local/bin/node -enable_network: True -allowed_syscalls: - - 1 - - 2 - - 3 - # add all the syscalls which you require -proxy: - socks5: '' - http: '' - https: '' diff --git a/apps/dify/1.0.0/conf/volumes/sandbox/dependencies/python-requirements.txt b/apps/dify/1.0.0/conf/volumes/sandbox/dependencies/python-requirements.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/apps/dify/1.0.0/data.yml b/apps/dify/1.0.0/data.yml deleted file mode 100644 index b6cfca44..00000000 --- a/apps/dify/1.0.0/data.yml +++ /dev/null @@ -1,82 +0,0 @@ -additionalProperties: - formFields: - - default: "/home/dify" - edit: true - envKey: DIFY_ROOT_PATH - labelZh: 数据持久化路径 - labelEn: Data persistence path - required: true - type: text - - default: 8080 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelZh: WebUI 端口 - labelEn: WebUI port - required: true - rule: paramPort - type: number - - default: 8443 - edit: true - envKey: PANEL_APP_PORT_HTTPS - labelZh: WebUI SSL 端口 - labelEn: WebUI SSL port - required: true - rule: paramPort - type: number - - default: 5432 - edit: true - envKey: EXPOSE_DB_PORT - labelZh: 数据库端口 - labelEn: Database port - required: true - rule: paramPort - type: number - - default: 5003 - edit: true - envKey: EXPOSE_PLUGIN_DEBUGGING_PORT - labelZh: 插件调试端口 - labelEn: Plugin debugging port - required: true - rule: paramPort - type: number - - default: 19530 - disabled: true - edit: true - envKey: MILVUS_STANDALONE_API_PORT - labelZh: Milvus 接口端口 - labelEn: Milvus API port - required: true - rule: paramPort - type: number - - default: 9091 - disabled: true - envKey: MILVUS_STANDALONE_SERVER_PORT - labelZh: Milvus 服务端口 - labelEn: Milvus server port - required: true - rule: paramPort - type: number - - default: 8123 - edit: true - envKey: MYSCALE_PORT - labelZh: MyScale 端口 - labelEn: MyScale port - required: true - rule: paramPort - type: number - - default: 9200 - edit: true - envKey: ELASTICSEARCH_PORT - labelZh: Elasticsearch 端口 - labelEn: Elasticsearch port - required: true - rule: paramPort - type: number - - default: 5601 - edit: true - envKey: KIBANA_PORT - labelZh: Kibana 端口 - labelEn: Kibana port - required: true - rule: paramPort - type: number diff --git a/apps/dify/1.0.0/docker-compose.yml b/apps/dify/1.0.0/docker-compose.yml deleted file mode 100644 index 175a5181..00000000 --- a/apps/dify/1.0.0/docker-compose.yml +++ /dev/null @@ -1,970 +0,0 @@ -# ================================================================== -# WARNING: This file is auto-generated by generate_docker_compose -# Do not modify this file directly. Instead, update the .env.example -# or docker-compose-template.yaml and regenerate this file. -# ================================================================== - -x-shared-env: &shared-api-worker-env - CONSOLE_API_URL: ${CONSOLE_API_URL:-} - CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} - SERVICE_API_URL: ${SERVICE_API_URL:-} - APP_API_URL: ${APP_API_URL:-} - APP_WEB_URL: ${APP_WEB_URL:-} - FILES_URL: ${FILES_URL:-} - LOG_LEVEL: ${LOG_LEVEL:-INFO} - LOG_FILE: ${LOG_FILE:-/app/logs/server.log} - LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} - LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} - LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} - LOG_TZ: ${LOG_TZ:-UTC} - DEBUG: ${DEBUG:-false} - FLASK_DEBUG: ${FLASK_DEBUG:-false} - SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} - INIT_PASSWORD: ${INIT_PASSWORD:-} - DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} - CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} - OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} - MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} - FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} - ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} - REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} - APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} - APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} - DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} - DIFY_PORT: ${DIFY_PORT:-5001} - SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} - SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} - SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} - CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} - GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} - CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} - CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} - CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} - CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} - API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} - API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} - DB_USERNAME: ${DB_USERNAME:-postgres} - DB_PASSWORD: ${DB_PASSWORD:-difyai123456} - DB_HOST: ${DB_HOST:-db} - DB_PORT: ${DB_PORT:-5432} - DB_DATABASE: ${DB_DATABASE:-dify} - SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} - SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} - SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} - POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} - POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} - POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} - POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} - POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} - REDIS_HOST: ${REDIS_HOST:-redis} - REDIS_PORT: ${REDIS_PORT:-6379} - REDIS_USERNAME: ${REDIS_USERNAME:-} - REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} - REDIS_USE_SSL: ${REDIS_USE_SSL:-false} - REDIS_DB: ${REDIS_DB:-0} - REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} - REDIS_SENTINELS: ${REDIS_SENTINELS:-} - REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} - REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} - REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} - REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} - REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} - REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} - REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} - CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} - BROKER_USE_SSL: ${BROKER_USE_SSL:-false} - CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} - CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} - CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} - WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} - CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} - STORAGE_TYPE: ${STORAGE_TYPE:-opendal} - OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} - OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} - S3_ENDPOINT: ${S3_ENDPOINT:-} - S3_REGION: ${S3_REGION:-us-east-1} - S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} - S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} - S3_SECRET_KEY: ${S3_SECRET_KEY:-} - S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} - AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} - AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} - AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} - AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} - GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} - GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} - ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} - ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} - ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} - ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} - ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} - ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} - ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} - TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} - TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} - TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} - TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} - TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} - OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} - OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} - OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} - OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} - OCI_REGION: ${OCI_REGION:-us-ashburn-1} - HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} - HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} - HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} - HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} - VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} - VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} - VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} - VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} - VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} - BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} - BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} - BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} - BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} - SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} - SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} - SUPABASE_URL: ${SUPABASE_URL:-your-server-url} - VECTOR_STORE: ${VECTOR_STORE:-weaviate} - WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} - WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} - QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} - QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} - QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} - QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} - QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} - MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} - MILVUS_TOKEN: ${MILVUS_TOKEN:-} - MILVUS_USER: ${MILVUS_USER:-root} - MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} - MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} - MYSCALE_HOST: ${MYSCALE_HOST:-myscale} - MYSCALE_PORT: ${MYSCALE_PORT:-8123} - MYSCALE_USER: ${MYSCALE_USER:-default} - MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} - MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} - MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} - COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} - COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} - COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} - COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} - COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} - PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} - PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} - PGVECTOR_USER: ${PGVECTOR_USER:-postgres} - PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} - PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} - PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} - PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} - PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} - PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} - PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} - PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} - PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} - ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} - ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} - ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} - ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} - ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} - ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} - ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} - ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} - ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} - ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} - ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} - ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} - TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} - TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} - TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} - TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} - TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} - TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} - TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} - TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} - TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} - TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} - TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} - TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} - TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} - TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} - TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} - TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} - TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} - CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} - CHROMA_PORT: ${CHROMA_PORT:-8000} - CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} - CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} - CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} - CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} - ORACLE_HOST: ${ORACLE_HOST:-oracle} - ORACLE_PORT: ${ORACLE_PORT:-1521} - ORACLE_USER: ${ORACLE_USER:-dify} - ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} - ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} - RELYT_HOST: ${RELYT_HOST:-db} - RELYT_PORT: ${RELYT_PORT:-5432} - RELYT_USER: ${RELYT_USER:-postgres} - RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} - RELYT_DATABASE: ${RELYT_DATABASE:-postgres} - OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} - OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} - OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} - OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} - OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} - TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} - TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} - TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} - TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} - TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} - TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} - TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} - ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} - ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} - ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} - ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} - KIBANA_PORT: ${KIBANA_PORT:-5601} - BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} - BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} - BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} - BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} - BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} - BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} - BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} - VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} - VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} - VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} - VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} - VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} - VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} - VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} - LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} - LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} - LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} - OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} - OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} - OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} - OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} - OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} - OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} - OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} - UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} - UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} - UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} - UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} - ETL_TYPE: ${ETL_TYPE:-dify} - UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} - UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} - SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} - PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} - CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} - MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} - UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} - UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} - UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} - SENTRY_DSN: ${SENTRY_DSN:-} - API_SENTRY_DSN: ${API_SENTRY_DSN:-} - API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} - API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} - WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} - NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} - NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} - NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} - NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} - MAIL_TYPE: ${MAIL_TYPE:-resend} - MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} - RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} - RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} - SMTP_SERVER: ${SMTP_SERVER:-} - SMTP_PORT: ${SMTP_PORT:-465} - SMTP_USERNAME: ${SMTP_USERNAME:-} - SMTP_PASSWORD: ${SMTP_PASSWORD:-} - SMTP_USE_TLS: ${SMTP_USE_TLS:-true} - SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} - INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} - INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} - RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} - CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} - CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} - CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} - CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} - CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} - CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} - CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} - CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} - CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} - CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} - CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} - CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} - CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} - TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} - WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} - WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} - WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} - MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} - WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} - WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} - HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} - HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} - SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} - SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} - TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} - PGUSER: ${PGUSER:-${DB_USERNAME}} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} - POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} - PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} - SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} - SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} - SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} - SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} - SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} - SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} - SANDBOX_PORT: ${SANDBOX_PORT:-8194} - WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} - WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} - WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} - WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} - WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} - WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} - WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} - WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} - WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} - WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} - CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} - CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} - CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} - ORACLE_PWD: ${ORACLE_PWD:-Dify123456} - ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} - ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} - ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} - ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} - ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} - MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} - MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} - ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} - MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} - MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} - PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} - PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} - PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} - PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} - OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} - OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} - OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} - OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} - OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} - OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} - OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} - OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} - OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} - NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} - NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} - NGINX_PORT: ${NGINX_PORT:-80} - NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} - NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} - NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} - NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} - NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} - NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} - NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} - NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} - NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} - NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} - CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} - CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} - CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} - SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} - SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} - SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} - SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} - SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} - SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} - SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} - SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} - EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} - EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} - POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} - POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} - POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} - POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} - POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} - POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} - CSP_WHITELIST: ${CSP_WHITELIST:-} - CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} - MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} - TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} - DB_PLUGIN_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin} - EXPOSE_PLUGIN_DAEMON_PORT: ${EXPOSE_PLUGIN_DAEMON_PORT:-5002} - PLUGIN_DAEMON_PORT: ${PLUGIN_DAEMON_PORT:-5002} - PLUGIN_DAEMON_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi} - PLUGIN_DAEMON_URL: ${PLUGIN_DAEMON_URL:-http://plugin_daemon:5002} - PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800} - PLUGIN_PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false} - PLUGIN_DEBUGGING_HOST: ${PLUGIN_DEBUGGING_HOST:-0.0.0.0} - PLUGIN_DEBUGGING_PORT: ${PLUGIN_DEBUGGING_PORT:-5003} - EXPOSE_PLUGIN_DEBUGGING_HOST: ${EXPOSE_PLUGIN_DEBUGGING_HOST:-localhost} - EXPOSE_PLUGIN_DEBUGGING_PORT: ${EXPOSE_PLUGIN_DEBUGGING_PORT:-5003} - PLUGIN_DIFY_INNER_API_KEY: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1} - PLUGIN_DIFY_INNER_API_URL: ${PLUGIN_DIFY_INNER_API_URL:-http://api:5001} - ENDPOINT_URL_TEMPLATE: ${ENDPOINT_URL_TEMPLATE:-http://localhost/e/{hook_id}} - MARKETPLACE_ENABLED: ${MARKETPLACE_ENABLED:-true} - MARKETPLACE_API_URL: ${MARKETPLACE_API_URL:-https://marketplace.dify.ai} - FORCE_VERIFYING_SIGNATURE: ${FORCE_VERIFYING_SIGNATURE:-true} - -services: - api: - image: langgenius/dify-api:1.0.0 - container_name: api-${CONTAINER_NAME} - restart: always - environment: - <<: *shared-api-worker-env - MODE: api - SENTRY_DSN: ${API_SENTRY_DSN:-} - SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} - SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} - PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800} - INNER_API_KEY_FOR_PLUGIN: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1} - depends_on: - - db - - redis - volumes: - - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage - networks: - - ssrf_proxy_network - - default - - worker: - image: langgenius/dify-api:1.0.0 - container_name: worker-${CONTAINER_NAME} - restart: always - environment: - <<: *shared-api-worker-env - MODE: worker - SENTRY_DSN: ${API_SENTRY_DSN:-} - SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} - SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} - PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800} - INNER_API_KEY_FOR_PLUGIN: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1} - depends_on: - - db - - redis - volumes: - - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage - networks: - - ssrf_proxy_network - - default - - web: - image: langgenius/dify-web:1.0.0 - container_name: ${CONTAINER_NAME} - restart: always - environment: - CONSOLE_API_URL: ${CONSOLE_API_URL:-} - APP_API_URL: ${APP_API_URL:-} - SENTRY_DSN: ${WEB_SENTRY_DSN:-} - NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0} - TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} - CSP_WHITELIST: ${CSP_WHITELIST:-} - MARKETPLACE_API_URL: ${MARKETPLACE_API_URL:-https://marketplace.dify.ai} - MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai} - TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-} - INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-} - - db: - image: postgres:15-alpine - container_name: db-${CONTAINER_NAME} - restart: always - environment: - PGUSER: ${PGUSER:-postgres} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456} - POSTGRES_DB: ${POSTGRES_DB:-dify} - PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} - command: > - postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}' - -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}' - -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}' - -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}' - -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}' - volumes: - - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data - healthcheck: - test: [ 'CMD', 'pg_isready' ] - interval: 1s - timeout: 3s - retries: 30 - ports: - - '${EXPOSE_DB_PORT:-5432}:5432' - - redis: - image: redis:6-alpine - container_name: redis-${CONTAINER_NAME} - restart: always - environment: - REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456} - volumes: - - ${DIFY_ROOT_PATH}/volumes/redis/data:/data - command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456} - healthcheck: - test: [ 'CMD', 'redis-cli', 'ping' ] - - sandbox: - image: langgenius/dify-sandbox:0.2.10 - container_name: sandbox-${CONTAINER_NAME} - restart: always - environment: - API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} - GIN_MODE: ${SANDBOX_GIN_MODE:-release} - WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} - ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} - HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} - HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} - SANDBOX_PORT: ${SANDBOX_PORT:-8194} - volumes: - - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies - - ${DIFY_ROOT_PATH}/volumes/sandbox/conf:/conf - healthcheck: - test: [ 'CMD', 'curl', '-f', 'http://localhost:8194/health' ] - networks: - - ssrf_proxy_network - - plugin_daemon: - image: langgenius/dify-plugin-daemon:0.0.3-local - container_name: plugin_daemon-${CONTAINER_NAME} - restart: always - environment: - <<: *shared-api-worker-env - DB_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin} - SERVER_PORT: ${PLUGIN_DAEMON_PORT:-5002} - SERVER_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi} - MAX_PLUGIN_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800} - PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false} - DIFY_INNER_API_URL: ${PLUGIN_DIFY_INNER_API_URL:-http://api:5001} - DIFY_INNER_API_KEY: ${INNER_API_KEY_FOR_PLUGIN:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1} - PLUGIN_REMOTE_INSTALLING_HOST: ${PLUGIN_REMOTE_INSTALL_HOST:-0.0.0.0} - PLUGIN_REMOTE_INSTALLING_PORT: ${PLUGIN_REMOTE_INSTALL_PORT:-5003} - PLUGIN_WORKING_PATH: ${PLUGIN_WORKING_PATH:-/app/storage/cwd} - FORCE_VERIFYING_SIGNATURE: ${FORCE_VERIFYING_SIGNATURE:-true} - ports: - - "${EXPOSE_PLUGIN_DEBUGGING_PORT:-5003}:${PLUGIN_DEBUGGING_PORT:-5003}" - volumes: - - ${DIFY_ROOT_PATH}/volumes/plugin_daemon:/app/storage - - - ssrf_proxy: - image: ubuntu/squid:latest - container_name: ssrf_proxy-${CONTAINER_NAME} - restart: always - volumes: - - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template - - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh - entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ] - environment: - HTTP_PORT: ${SSRF_HTTP_PORT:-3128} - COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} - REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} - SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} - SANDBOX_PORT: ${SANDBOX_PORT:-8194} - networks: - - ssrf_proxy_network - - default - - certbot: - image: certbot/certbot - container_name: certbot-${CONTAINER_NAME} - profiles: - - certbot - volumes: - - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt - - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html - - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt - - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live - - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt - - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - CERTBOT_DOMAIN=${CERTBOT_DOMAIN} - - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-} - entrypoint: [ '/docker-entrypoint.sh' ] - command: [ 'tail', '-f', '/dev/null' ] - - nginx: - image: nginx:latest - container_name: nginx-${CONTAINER_NAME} - restart: always - volumes: - - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template - - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template - - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template - - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d - - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh - - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl # cert dir (legacy) - - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live # cert dir (with certbot container) - - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt - - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html - entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ] - environment: - NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} - NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} - NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} - NGINX_PORT: ${NGINX_PORT:-80} - NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} - NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} - NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} - NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} - NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} - NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} - NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} - NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} - NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} - CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-} - depends_on: - - api - - web - ports: - - '${PANEL_APP_PORT_HTTP:-80}:${NGINX_PORT:-80}' - - '${PANEL_APP_PORT_HTTPS:-443}:${NGINX_SSL_PORT:-443}' - - weaviate: - image: semitechnologies/weaviate:1.19.0 - container_name: weaviate-${CONTAINER_NAME} - profiles: - - '' - - weaviate - restart: always - volumes: - - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate - environment: - PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} - QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} - AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false} - DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} - CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} - AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} - AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} - AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} - AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} - AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} - - qdrant: - image: langgenius/qdrant:v1.7.3 - container_name: qdrant-${CONTAINER_NAME} - profiles: - - qdrant - restart: always - volumes: - - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage - environment: - QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} - - couchbase-server: - build: ./conf/couchbase-server - profiles: - - couchbase - restart: always - environment: - - CLUSTER_NAME=dify_search - - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator} - - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password} - - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings} - - COUCHBASE_BUCKET_RAMSIZE=512 - - COUCHBASE_RAM_SIZE=2048 - - COUCHBASE_EVENTING_RAM_SIZE=512 - - COUCHBASE_INDEX_RAM_SIZE=512 - - COUCHBASE_FTS_RAM_SIZE=1024 - hostname: couchbase-server - container_name: couchbase-server - working_dir: /opt/couchbase - stdin_open: true - tty: true - entrypoint: [ "" ] - command: sh -c "/opt/couchbase/init/init-cbserver.sh" - volumes: - - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data - healthcheck: - test: [ "CMD-SHELL", "curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets | grep -q '\\[{' || exit 1" ] - interval: 10s - retries: 10 - start_period: 30s - timeout: 10s - - pgvector: - image: pgvector/pgvector:pg16 - container_name: pgvector-${CONTAINER_NAME} - profiles: - - pgvector - restart: always - environment: - PGUSER: ${PGVECTOR_PGUSER:-postgres} - POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} - POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} - PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} - volumes: - - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data - healthcheck: - test: [ 'CMD', 'pg_isready' ] - interval: 1s - timeout: 3s - retries: 30 - - pgvecto-rs: - image: tensorchord/pgvecto-rs:pg16-v0.3.0 - container_name: pgvecto-rs-${CONTAINER_NAME} - profiles: - - pgvecto-rs - restart: always - environment: - PGUSER: ${PGVECTOR_PGUSER:-postgres} - POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} - POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} - PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} - volumes: - - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data - healthcheck: - test: [ 'CMD', 'pg_isready' ] - interval: 1s - timeout: 3s - retries: 30 - - chroma: - image: ghcr.io/chroma-core/chroma:0.5.20 - container_name: chroma-${CONTAINER_NAME} - profiles: - - chroma - restart: always - volumes: - - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma - environment: - CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} - CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} - IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} - - oceanbase: - image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215 - container_name: oceanbase-${CONTAINER_NAME} - profiles: - - oceanbase - restart: always - volumes: - - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob - - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster - - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d - environment: - OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} - OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} - OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} - OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} - OB_SERVER_IP: '127.0.0.1' - - oracle: - image: container-registry.oracle.com/database/free:latest - container_name: oracle-${CONTAINER_NAME} - profiles: - - oracle - restart: always - volumes: - - source: oradata - type: volume - target: /opt/oracle/oradata - - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup - environment: - ORACLE_PWD: ${ORACLE_PWD:-Dify123456} - ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} - - etcd: - image: quay.io/coreos/etcd:v3.5.5 - container_name: milvus-etcd-${CONTAINER_NAME} - profiles: - - milvus - environment: - ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} - ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} - ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} - ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} - volumes: - - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd - command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd - healthcheck: - test: [ 'CMD', 'etcdctl', 'endpoint', 'health' ] - interval: 30s - timeout: 20s - retries: 3 - networks: - - milvus - - minio: - image: minio/minio:RELEASE.2023-03-20T20-16-18Z - container_name: milvus-minio-${CONTAINER_NAME} - profiles: - - milvus - environment: - MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} - MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} - volumes: - - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data - command: minio server /minio_data --console-address ":9001" - healthcheck: - test: [ 'CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live' ] - interval: 30s - timeout: 20s - retries: 3 - networks: - - milvus - - milvus-standalone: - image: milvusdb/milvus:v2.5.0-beta - container_name: milvus-standalone-${CONTAINER_NAME} - profiles: - - milvus - command: [ 'milvus', 'run', 'standalone' ] - environment: - ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} - MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} - common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true} - volumes: - - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus - healthcheck: - test: [ 'CMD', 'curl', '-f', 'http://localhost:9091/healthz' ] - interval: 30s - start_period: 90s - timeout: 20s - retries: 3 - depends_on: - - etcd - - minio - ports: - - 19530:19530 - - 9091:9091 - networks: - - milvus - - opensearch: - image: opensearchproject/opensearch:latest - container_name: opensearch-${CONTAINER_NAME} - profiles: - - opensearch - environment: - discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} - bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} - OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m} - OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} - ulimits: - memlock: - soft: ${OPENSEARCH_MEMLOCK_SOFT:--1} - hard: ${OPENSEARCH_MEMLOCK_HARD:--1} - nofile: - soft: ${OPENSEARCH_NOFILE_SOFT:-65536} - hard: ${OPENSEARCH_NOFILE_HARD:-65536} - volumes: - - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data - networks: - - opensearch-net - - opensearch-dashboards: - image: opensearchproject/opensearch-dashboards:latest - container_name: opensearch-dashboards-${CONTAINER_NAME} - profiles: - - opensearch - environment: - OPENSEARCH_HOSTS: '["https://opensearch:9200"]' - volumes: - - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml - networks: - - opensearch-net - depends_on: - - opensearch - - myscale: - image: myscale/myscaledb:1.6.4 - container_name: myscale-${CONTAINER_NAME} - profiles: - - myscale - restart: always - tty: true - volumes: - - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse - - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server - - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml - ports: - - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123} - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 - container_name: elasticsearch-${CONTAINER_NAME} - profiles: - - elasticsearch - - elasticsearch-ja - restart: always - volumes: - - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh - - dify_es01_data:/usr/share/elasticsearch/data - environment: - ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} - VECTOR_STORE: ${VECTOR_STORE:-} - cluster.name: dify-es-cluster - node.name: dify-es0 - discovery.type: single-node - xpack.license.self_generated.type: basic - xpack.security.enabled: 'true' - xpack.security.enrollment.enabled: 'false' - xpack.security.http.ssl.enabled: 'false' - ports: - - ${ELASTICSEARCH_PORT:-9200}:9200 - deploy: - resources: - limits: - memory: 2g - entrypoint: [ 'sh', '-c', "sh /docker-entrypoint-mount.sh" ] - healthcheck: - test: [ 'CMD', 'curl', '-s', 'http://localhost:9200/_cluster/health?pretty' ] - interval: 30s - timeout: 10s - retries: 50 - - kibana: - image: docker.elastic.co/kibana/kibana:8.14.3 - container_name: kibana-${CONTAINER_NAME} - profiles: - - elasticsearch - depends_on: - - elasticsearch - restart: always - environment: - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa - NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana - XPACK_SECURITY_ENABLED: 'true' - XPACK_SECURITY_ENROLLMENT_ENABLED: 'false' - XPACK_SECURITY_HTTP_SSL_ENABLED: 'false' - XPACK_FLEET_ISAIRGAPPED: 'true' - I18N_LOCALE: zh-CN - SERVER_PORT: '5601' - ELASTICSEARCH_HOSTS: http://elasticsearch:9200 - ports: - - ${KIBANA_PORT:-5601}:5601 - healthcheck: - test: [ 'CMD-SHELL', 'curl -s http://localhost:5601 >/dev/null || exit 1' ] - interval: 30s - timeout: 10s - retries: 3 - - unstructured: - image: downloads.unstructured.io/unstructured-io/unstructured-api:latest - container_name: unstructured-${CONTAINER_NAME} - profiles: - - unstructured - restart: always - volumes: - - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data - -networks: - ssrf_proxy_network: - driver: bridge - internal: true - milvus: - driver: bridge - opensearch-net: - driver: bridge - internal: true - -volumes: - oradata: - dify_es01_data: diff --git a/apps/dify/1.0.0/envs/default.env b/apps/dify/1.0.0/envs/default.env deleted file mode 100644 index cd05f46e..00000000 --- a/apps/dify/1.0.0/envs/default.env +++ /dev/null @@ -1,2 +0,0 @@ -# copyright© 2024 XinJiang Ms Studio -ENV_FILE=.env diff --git a/apps/dify/1.0.0/envs/dify.env b/apps/dify/1.0.0/envs/dify.env deleted file mode 100644 index 9f6732ed..00000000 --- a/apps/dify/1.0.0/envs/dify.env +++ /dev/null @@ -1,965 +0,0 @@ -# ------------------------------ -# Environment Variables for API service & worker -# ------------------------------ - -# ------------------------------ -# Common Variables -# ------------------------------ - -# The backend URL of the console API, -# used to concatenate the authorization callback. -# If empty, it is the same domain. -# Example: https://api.console.dify.ai -CONSOLE_API_URL= - -# The front-end URL of the console web, -# used to concatenate some front-end addresses and for CORS configuration use. -# If empty, it is the same domain. -# Example: https://console.dify.ai -CONSOLE_WEB_URL= - -# Service API Url, -# used to display Service API Base Url to the front-end. -# If empty, it is the same domain. -# Example: https://api.dify.ai -SERVICE_API_URL= - -# WebApp API backend Url, -# used to declare the back-end URL for the front-end API. -# If empty, it is the same domain. -# Example: https://api.app.dify.ai -APP_API_URL= - -# WebApp Url, -# used to display WebAPP API Base Url to the front-end. -# If empty, it is the same domain. -# Example: https://app.dify.ai -APP_WEB_URL= - -# File preview or download Url prefix. -# used to display File preview or download Url to the front-end or as Multi-model inputs; -# Url is signed and has expiration time. -FILES_URL= - -# ------------------------------ -# Server Configuration -# ------------------------------ - -# The log level for the application. -# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL` -LOG_LEVEL=INFO -# Log file path -LOG_FILE=/app/logs/server.log -# Log file max size, the unit is MB -LOG_FILE_MAX_SIZE=20 -# Log file max backup count -LOG_FILE_BACKUP_COUNT=5 -# Log dateformat -LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S -# Log Timezone -LOG_TZ=UTC - -# Debug mode, default is false. -# It is recommended to turn on this configuration for local development -# to prevent some problems caused by monkey patch. -DEBUG=false - -# Flask debug mode, it can output trace information at the interface when turned on, -# which is convenient for debugging. -FLASK_DEBUG=false - -# A secretkey that is used for securely signing the session cookie -# and encrypting sensitive information on the database. -# You can generate a strong key using `openssl rand -base64 42`. -SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U - -# Password for admin user initialization. -# If left unset, admin user will not be prompted for a password -# when creating the initial admin account. -# The length of the password cannot exceed 30 charactors. -INIT_PASSWORD= - -# Deployment environment. -# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`. -# Testing environment. There will be a distinct color label on the front-end page, -# indicating that this environment is a testing environment. -DEPLOY_ENV=PRODUCTION - -# Whether to enable the version check policy. -# If set to empty, https://updates.dify.ai will be called for version check. -CHECK_UPDATE_URL=https://updates.dify.ai - -# Used to change the OpenAI base address, default is https://api.openai.com/v1. -# When OpenAI cannot be accessed in China, replace it with a domestic mirror address, -# or when a local model provides OpenAI compatible API, it can be replaced. -OPENAI_API_BASE=https://api.openai.com/v1 - -# When enabled, migrations will be executed prior to application startup -# and the application will start after the migrations have completed. -MIGRATION_ENABLED=true - -# File Access Time specifies a time interval in seconds for the file to be accessed. -# The default value is 300 seconds. -FILES_ACCESS_TIMEOUT=300 - -# Access token expiration time in minutes -ACCESS_TOKEN_EXPIRE_MINUTES=60 - -# Refresh token expiration time in days -REFRESH_TOKEN_EXPIRE_DAYS=30 - -# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer. -APP_MAX_ACTIVE_REQUESTS=0 -APP_MAX_EXECUTION_TIME=1200 - -# ------------------------------ -# Container Startup Related Configuration -# Only effective when starting with docker image or docker-compose. -# ------------------------------ - -# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed. -DIFY_BIND_ADDRESS=0.0.0.0 - -# API service binding port number, default 5001. -DIFY_PORT=5001 - -# The number of API server workers, i.e., the number of workers. -# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent -# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers -SERVER_WORKER_AMOUNT=1 - -# Defaults to gevent. If using windows, it can be switched to sync or solo. -SERVER_WORKER_CLASS=gevent - -# Default number of worker connections, the default is 10. -SERVER_WORKER_CONNECTIONS=10 - -# Similar to SERVER_WORKER_CLASS. -# If using windows, it can be switched to sync or solo. -CELERY_WORKER_CLASS= - -# Request handling timeout. The default is 200, -# it is recommended to set it to 360 to support a longer sse connection time. -GUNICORN_TIMEOUT=360 - -# The number of Celery workers. The default is 1, and can be set as needed. -CELERY_WORKER_AMOUNT= - -# Flag indicating whether to enable autoscaling of Celery workers. -# -# Autoscaling is useful when tasks are CPU intensive and can be dynamically -# allocated and deallocated based on the workload. -# -# When autoscaling is enabled, the maximum and minimum number of workers can -# be specified. The autoscaling algorithm will dynamically adjust the number -# of workers within the specified range. -# -# Default is false (i.e., autoscaling is disabled). -# -# Example: -# CELERY_AUTO_SCALE=true -CELERY_AUTO_SCALE=false - -# The maximum number of Celery workers that can be autoscaled. -# This is optional and only used when autoscaling is enabled. -# Default is not set. -CELERY_MAX_WORKERS= - -# The minimum number of Celery workers that can be autoscaled. -# This is optional and only used when autoscaling is enabled. -# Default is not set. -CELERY_MIN_WORKERS= - -# API Tool configuration -API_TOOL_DEFAULT_CONNECT_TIMEOUT=10 -API_TOOL_DEFAULT_READ_TIMEOUT=60 - - -# ------------------------------ -# Database Configuration -# The database uses PostgreSQL. Please use the public schema. -# It is consistent with the configuration in the 'db' service below. -# ------------------------------ - -DB_USERNAME=postgres -DB_PASSWORD=difyai123456 -DB_HOST=db -DB_PORT=5432 -DB_DATABASE=dify -# The size of the database connection pool. -# The default is 30 connections, which can be appropriately increased. -SQLALCHEMY_POOL_SIZE=30 -# Database connection pool recycling time, the default is 3600 seconds. -SQLALCHEMY_POOL_RECYCLE=3600 -# Whether to print SQL, default is false. -SQLALCHEMY_ECHO=false - -# Maximum number of connections to the database -# Default is 100 -# -# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS -POSTGRES_MAX_CONNECTIONS=100 - -# Sets the amount of shared memory used for postgres's shared buffers. -# Default is 128MB -# Recommended value: 25% of available memory -# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS -POSTGRES_SHARED_BUFFERS=128MB - -# Sets the amount of memory used by each database worker for working space. -# Default is 4MB -# -# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM -POSTGRES_WORK_MEM=4MB - -# Sets the amount of memory reserved for maintenance activities. -# Default is 64MB -# -# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM -POSTGRES_MAINTENANCE_WORK_MEM=64MB - -# Sets the planner's assumption about the effective cache size. -# Default is 4096MB -# -# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE -POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB - -# ------------------------------ -# Redis Configuration -# This Redis configuration is used for caching and for pub/sub during conversation. -# ------------------------------ - -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_USERNAME= -REDIS_PASSWORD=difyai123456 -REDIS_USE_SSL=false -REDIS_DB=0 - -# Whether to use Redis Sentinel mode. -# If set to true, the application will automatically discover and connect to the master node through Sentinel. -REDIS_USE_SENTINEL=false - -# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port. -# Format: `:,:,:` -REDIS_SENTINELS= -REDIS_SENTINEL_SERVICE_NAME= -REDIS_SENTINEL_USERNAME= -REDIS_SENTINEL_PASSWORD= -REDIS_SENTINEL_SOCKET_TIMEOUT=0.1 - -# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port. -# Format: `:,:,:` -REDIS_USE_CLUSTERS=false -REDIS_CLUSTERS= -REDIS_CLUSTERS_PASSWORD= - -# ------------------------------ -# Celery Configuration -# ------------------------------ - -# Use redis as the broker, and redis db 1 for celery broker. -# Format as follows: `redis://:@:/` -# Example: redis://:difyai123456@redis:6379/1 -# If use Redis Sentinel, format as follows: `sentinel://:@:/` -# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1 -CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1 -BROKER_USE_SSL=false - -# If you are using Redis Sentinel for high availability, configure the following settings. -CELERY_USE_SENTINEL=false -CELERY_SENTINEL_MASTER_NAME= -CELERY_SENTINEL_SOCKET_TIMEOUT=0.1 - -# ------------------------------ -# CORS Configuration -# Used to set the front-end cross-domain access policy. -# ------------------------------ - -# Specifies the allowed origins for cross-origin requests to the Web API, -# e.g. https://dify.app or * for all origins. -WEB_API_CORS_ALLOW_ORIGINS=* - -# Specifies the allowed origins for cross-origin requests to the console API, -# e.g. https://cloud.dify.ai or * for all origins. -CONSOLE_CORS_ALLOW_ORIGINS=* - -# ------------------------------ -# File Storage Configuration -# ------------------------------ - -# The type of storage to use for storing user files. -STORAGE_TYPE=opendal - -# Apache OpenDAL Configuration -# The configuration for OpenDAL consists of the following format: OPENDAL__. -# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services. -# Dify will scan configurations starting with OPENDAL_ and automatically apply them. -# The scheme name for the OpenDAL storage. -OPENDAL_SCHEME=fs -# Configurations for OpenDAL Local File System. -OPENDAL_FS_ROOT=storage - -# S3 Configuration -# -S3_ENDPOINT= -S3_REGION=us-east-1 -S3_BUCKET_NAME=difyai -S3_ACCESS_KEY= -S3_SECRET_KEY= -# Whether to use AWS managed IAM roles for authenticating with the S3 service. -# If set to false, the access key and secret key must be provided. -S3_USE_AWS_MANAGED_IAM=false - -# Azure Blob Configuration -# -AZURE_BLOB_ACCOUNT_NAME=difyai -AZURE_BLOB_ACCOUNT_KEY=difyai -AZURE_BLOB_CONTAINER_NAME=difyai-container -AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net - -# Google Storage Configuration -# -GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name -GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64= - -# The Alibaba Cloud OSS configurations, -# -ALIYUN_OSS_BUCKET_NAME=your-bucket-name -ALIYUN_OSS_ACCESS_KEY=your-access-key -ALIYUN_OSS_SECRET_KEY=your-secret-key -ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com -ALIYUN_OSS_REGION=ap-southeast-1 -ALIYUN_OSS_AUTH_VERSION=v4 -# Don't start with '/'. OSS doesn't support leading slash in object names. -ALIYUN_OSS_PATH=your-path - -# Tencent COS Configuration -# -TENCENT_COS_BUCKET_NAME=your-bucket-name -TENCENT_COS_SECRET_KEY=your-secret-key -TENCENT_COS_SECRET_ID=your-secret-id -TENCENT_COS_REGION=your-region -TENCENT_COS_SCHEME=your-scheme - -# Oracle Storage Configuration -# -OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com -OCI_BUCKET_NAME=your-bucket-name -OCI_ACCESS_KEY=your-access-key -OCI_SECRET_KEY=your-secret-key -OCI_REGION=us-ashburn-1 - -# Huawei OBS Configuration -# -HUAWEI_OBS_BUCKET_NAME=your-bucket-name -HUAWEI_OBS_SECRET_KEY=your-secret-key -HUAWEI_OBS_ACCESS_KEY=your-access-key -HUAWEI_OBS_SERVER=your-server-url - -# Volcengine TOS Configuration -# -VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name -VOLCENGINE_TOS_SECRET_KEY=your-secret-key -VOLCENGINE_TOS_ACCESS_KEY=your-access-key -VOLCENGINE_TOS_ENDPOINT=your-server-url -VOLCENGINE_TOS_REGION=your-region - -# Baidu OBS Storage Configuration -# -BAIDU_OBS_BUCKET_NAME=your-bucket-name -BAIDU_OBS_SECRET_KEY=your-secret-key -BAIDU_OBS_ACCESS_KEY=your-access-key -BAIDU_OBS_ENDPOINT=your-server-url - -# Supabase Storage Configuration -# -SUPABASE_BUCKET_NAME=your-bucket-name -SUPABASE_API_KEY=your-access-key -SUPABASE_URL=your-server-url - -# ------------------------------ -# Vector Database Configuration -# ------------------------------ - -# The type of vector store to use. -# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`. -VECTOR_STORE=weaviate - -# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`. -WEAVIATE_ENDPOINT=http://weaviate:8080 -WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih - -# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`. -QDRANT_URL=http://qdrant:6333 -QDRANT_API_KEY=difyai123456 -QDRANT_CLIENT_TIMEOUT=20 -QDRANT_GRPC_ENABLED=false -QDRANT_GRPC_PORT=6334 - -# Milvus configuration Only available when VECTOR_STORE is `milvus`. -# The milvus uri. -MILVUS_URI=http://127.0.0.1:19530 -MILVUS_TOKEN= -MILVUS_USER=root -MILVUS_PASSWORD=Milvus -MILVUS_ENABLE_HYBRID_SEARCH=False - -# MyScale configuration, only available when VECTOR_STORE is `myscale` -# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to: -# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters -MYSCALE_HOST=myscale -MYSCALE_PORT=8123 -MYSCALE_USER=default -MYSCALE_PASSWORD= -MYSCALE_DATABASE=dify -MYSCALE_FTS_PARAMS= - -# Couchbase configurations, only available when VECTOR_STORE is `couchbase` -# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case) -COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server -COUCHBASE_USER=Administrator -COUCHBASE_PASSWORD=password -COUCHBASE_BUCKET_NAME=Embeddings -COUCHBASE_SCOPE_NAME=_default - -# pgvector configurations, only available when VECTOR_STORE is `pgvector` -PGVECTOR_HOST=pgvector -PGVECTOR_PORT=5432 -PGVECTOR_USER=postgres -PGVECTOR_PASSWORD=difyai123456 -PGVECTOR_DATABASE=dify -PGVECTOR_MIN_CONNECTION=1 -PGVECTOR_MAX_CONNECTION=5 - -# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs` -PGVECTO_RS_HOST=pgvecto-rs -PGVECTO_RS_PORT=5432 -PGVECTO_RS_USER=postgres -PGVECTO_RS_PASSWORD=difyai123456 -PGVECTO_RS_DATABASE=dify - -# analyticdb configurations, only available when VECTOR_STORE is `analyticdb` -ANALYTICDB_KEY_ID=your-ak -ANALYTICDB_KEY_SECRET=your-sk -ANALYTICDB_REGION_ID=cn-hangzhou -ANALYTICDB_INSTANCE_ID=gp-ab123456 -ANALYTICDB_ACCOUNT=testaccount -ANALYTICDB_PASSWORD=testpassword -ANALYTICDB_NAMESPACE=dify -ANALYTICDB_NAMESPACE_PASSWORD=difypassword -ANALYTICDB_HOST=gp-test.aliyuncs.com -ANALYTICDB_PORT=5432 -ANALYTICDB_MIN_CONNECTION=1 -ANALYTICDB_MAX_CONNECTION=5 - -# TiDB vector configurations, only available when VECTOR_STORE is `tidb` -TIDB_VECTOR_HOST=tidb -TIDB_VECTOR_PORT=4000 -TIDB_VECTOR_USER= -TIDB_VECTOR_PASSWORD= -TIDB_VECTOR_DATABASE=dify - -# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant` -TIDB_ON_QDRANT_URL=http://127.0.0.1 -TIDB_ON_QDRANT_API_KEY=dify -TIDB_ON_QDRANT_CLIENT_TIMEOUT=20 -TIDB_ON_QDRANT_GRPC_ENABLED=false -TIDB_ON_QDRANT_GRPC_PORT=6334 -TIDB_PUBLIC_KEY=dify -TIDB_PRIVATE_KEY=dify -TIDB_API_URL=http://127.0.0.1 -TIDB_IAM_API_URL=http://127.0.0.1 -TIDB_REGION=regions/aws-us-east-1 -TIDB_PROJECT_ID=dify -TIDB_SPEND_LIMIT=100 - -# Chroma configuration, only available when VECTOR_STORE is `chroma` -CHROMA_HOST=127.0.0.1 -CHROMA_PORT=8000 -CHROMA_TENANT=default_tenant -CHROMA_DATABASE=default_database -CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider -CHROMA_AUTH_CREDENTIALS= - -# Oracle configuration, only available when VECTOR_STORE is `oracle` -ORACLE_HOST=oracle -ORACLE_PORT=1521 -ORACLE_USER=dify -ORACLE_PASSWORD=dify -ORACLE_DATABASE=FREEPDB1 - -# relyt configurations, only available when VECTOR_STORE is `relyt` -RELYT_HOST=db -RELYT_PORT=5432 -RELYT_USER=postgres -RELYT_PASSWORD=difyai123456 -RELYT_DATABASE=postgres - -# open search configuration, only available when VECTOR_STORE is `opensearch` -OPENSEARCH_HOST=opensearch -OPENSEARCH_PORT=9200 -OPENSEARCH_USER=admin -OPENSEARCH_PASSWORD=admin -OPENSEARCH_SECURE=true - -# tencent vector configurations, only available when VECTOR_STORE is `tencent` -TENCENT_VECTOR_DB_URL=http://127.0.0.1 -TENCENT_VECTOR_DB_API_KEY=dify -TENCENT_VECTOR_DB_TIMEOUT=30 -TENCENT_VECTOR_DB_USERNAME=dify -TENCENT_VECTOR_DB_DATABASE=dify -TENCENT_VECTOR_DB_SHARD=1 -TENCENT_VECTOR_DB_REPLICAS=2 - -# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch` -ELASTICSEARCH_HOST=0.0.0.0 -ELASTICSEARCH_PORT=9200 -ELASTICSEARCH_USERNAME=elastic -ELASTICSEARCH_PASSWORD=elastic -KIBANA_PORT=5601 - -# baidu vector configurations, only available when VECTOR_STORE is `baidu` -BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287 -BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000 -BAIDU_VECTOR_DB_ACCOUNT=root -BAIDU_VECTOR_DB_API_KEY=dify -BAIDU_VECTOR_DB_DATABASE=dify -BAIDU_VECTOR_DB_SHARD=1 -BAIDU_VECTOR_DB_REPLICAS=3 - -# VikingDB configurations, only available when VECTOR_STORE is `vikingdb` -VIKINGDB_ACCESS_KEY=your-ak -VIKINGDB_SECRET_KEY=your-sk -VIKINGDB_REGION=cn-shanghai -VIKINGDB_HOST=api-vikingdb.xxx.volces.com -VIKINGDB_SCHEMA=http -VIKINGDB_CONNECTION_TIMEOUT=30 -VIKINGDB_SOCKET_TIMEOUT=30 - -# Lindorm configuration, only available when VECTOR_STORE is `lindorm` -LINDORM_URL=http://lindorm:30070 -LINDORM_USERNAME=lindorm -LINDORM_PASSWORD=lindorm - -# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase` -OCEANBASE_VECTOR_HOST=oceanbase -OCEANBASE_VECTOR_PORT=2881 -OCEANBASE_VECTOR_USER=root@test -OCEANBASE_VECTOR_PASSWORD=difyai123456 -OCEANBASE_VECTOR_DATABASE=test -OCEANBASE_CLUSTER_NAME=difyai -OCEANBASE_MEMORY_LIMIT=6G - -# Upstash Vector configuration, only available when VECTOR_STORE is `upstash` -UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io -UPSTASH_VECTOR_TOKEN=dify - -# ------------------------------ -# Knowledge Configuration -# ------------------------------ - -# Upload file size limit, default 15M. -UPLOAD_FILE_SIZE_LIMIT=15 - -# The maximum number of files that can be uploaded at a time, default 5. -UPLOAD_FILE_BATCH_LIMIT=5 - -# ETL type, support: `dify`, `Unstructured` -# `dify` Dify's proprietary file extraction scheme -# `Unstructured` Unstructured.io file extraction scheme -ETL_TYPE=dify - -# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured -# Or using Unstructured for document extractor node for pptx. -# For example: http://unstructured:8000/general/v0/general -UNSTRUCTURED_API_URL= -UNSTRUCTURED_API_KEY= -SCARF_NO_ANALYTICS=true - -# ------------------------------ -# Model Configuration -# ------------------------------ - -# The maximum number of tokens allowed for prompt generation. -# This setting controls the upper limit of tokens that can be used by the LLM -# when generating a prompt in the prompt generation tool. -# Default: 512 tokens. -PROMPT_GENERATION_MAX_TOKENS=512 - -# The maximum number of tokens allowed for code generation. -# This setting controls the upper limit of tokens that can be used by the LLM -# when generating code in the code generation tool. -# Default: 1024 tokens. -CODE_GENERATION_MAX_TOKENS=1024 - -# ------------------------------ -# Multi-modal Configuration -# ------------------------------ - -# The format of the image/video/audio/document sent when the multi-modal model is input, -# the default is base64, optional url. -# The delay of the call in url mode will be lower than that in base64 mode. -# It is generally recommended to use the more compatible base64 mode. -# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document. -MULTIMODAL_SEND_FORMAT=base64 -# Upload image file size limit, default 10M. -UPLOAD_IMAGE_FILE_SIZE_LIMIT=10 -# Upload video file size limit, default 100M. -UPLOAD_VIDEO_FILE_SIZE_LIMIT=100 -# Upload audio file size limit, default 50M. -UPLOAD_AUDIO_FILE_SIZE_LIMIT=50 - -# ------------------------------ -# Sentry Configuration -# Used for application monitoring and error log tracking. -# ------------------------------ -SENTRY_DSN= - -# API Service Sentry DSN address, default is empty, when empty, -# all monitoring information is not reported to Sentry. -# If not set, Sentry error reporting will be disabled. -API_SENTRY_DSN= -# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%. -API_SENTRY_TRACES_SAMPLE_RATE=1.0 -# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%. -API_SENTRY_PROFILES_SAMPLE_RATE=1.0 - -# Web Service Sentry DSN address, default is empty, when empty, -# all monitoring information is not reported to Sentry. -# If not set, Sentry error reporting will be disabled. -WEB_SENTRY_DSN= - -# ------------------------------ -# Notion Integration Configuration -# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations -# ------------------------------ - -# Configure as "public" or "internal". -# Since Notion's OAuth redirect URL only supports HTTPS, -# if deploying locally, please use Notion's internal integration. -NOTION_INTEGRATION_TYPE=public -# Notion OAuth client secret (used for public integration type) -NOTION_CLIENT_SECRET= -# Notion OAuth client id (used for public integration type) -NOTION_CLIENT_ID= -# Notion internal integration secret. -# If the value of NOTION_INTEGRATION_TYPE is "internal", -# you need to configure this variable. -NOTION_INTERNAL_SECRET= - -# ------------------------------ -# Mail related configuration -# ------------------------------ - -# Mail type, support: resend, smtp -MAIL_TYPE=resend - -# Default send from email address, if not specified -MAIL_DEFAULT_SEND_FROM= - -# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`. -RESEND_API_URL=https://api.resend.com -RESEND_API_KEY=your-resend-api-key - - -# SMTP server configuration, used when MAIL_TYPE is `smtp` -SMTP_SERVER= -SMTP_PORT=465 -SMTP_USERNAME= -SMTP_PASSWORD= -SMTP_USE_TLS=true -SMTP_OPPORTUNISTIC_TLS=false - -# ------------------------------ -# Others Configuration -# ------------------------------ - -# Maximum length of segmentation tokens for indexing -INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000 - -# Member invitation link valid time (hours), -# Default: 72. -INVITE_EXPIRY_HOURS=72 - -# Reset password token valid time (minutes), -RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5 - -# The sandbox service endpoint. -CODE_EXECUTION_ENDPOINT=http://sandbox:8194 -CODE_EXECUTION_API_KEY=dify-sandbox -CODE_MAX_NUMBER=9223372036854775807 -CODE_MIN_NUMBER=-9223372036854775808 -CODE_MAX_DEPTH=5 -CODE_MAX_PRECISION=20 -CODE_MAX_STRING_LENGTH=80000 -CODE_MAX_STRING_ARRAY_LENGTH=30 -CODE_MAX_OBJECT_ARRAY_LENGTH=30 -CODE_MAX_NUMBER_ARRAY_LENGTH=1000 -CODE_EXECUTION_CONNECT_TIMEOUT=10 -CODE_EXECUTION_READ_TIMEOUT=60 -CODE_EXECUTION_WRITE_TIMEOUT=10 -TEMPLATE_TRANSFORM_MAX_LENGTH=80000 - -# Workflow runtime configuration -WORKFLOW_MAX_EXECUTION_STEPS=500 -WORKFLOW_MAX_EXECUTION_TIME=1200 -WORKFLOW_CALL_MAX_DEPTH=5 -MAX_VARIABLE_SIZE=204800 -WORKFLOW_PARALLEL_DEPTH_LIMIT=3 -WORKFLOW_FILE_UPLOAD_LIMIT=10 - -# HTTP request node in workflow configuration -HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760 -HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576 - -# SSRF Proxy server HTTP URL -SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128 -# SSRF Proxy server HTTPS URL -SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128 - -# ------------------------------ -# Environment Variables for web Service -# ------------------------------ - -# The timeout for the text generation in millisecond -TEXT_GENERATION_TIMEOUT_MS=60000 - -# ------------------------------ -# Environment Variables for db Service -# ------------------------------ - -PGUSER=${DB_USERNAME} -# The password for the default postgres user. -POSTGRES_PASSWORD=${DB_PASSWORD} -# The name of the default postgres database. -POSTGRES_DB=${DB_DATABASE} -# postgres data directory -PGDATA=/var/lib/postgresql/data/pgdata - -# ------------------------------ -# Environment Variables for sandbox Service -# ------------------------------ - -# The API key for the sandbox service -SANDBOX_API_KEY=dify-sandbox -# The mode in which the Gin framework runs -SANDBOX_GIN_MODE=release -# The timeout for the worker in seconds -SANDBOX_WORKER_TIMEOUT=15 -# Enable network for the sandbox service -SANDBOX_ENABLE_NETWORK=true -# HTTP proxy URL for SSRF protection -SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128 -# HTTPS proxy URL for SSRF protection -SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128 -# The port on which the sandbox service runs -SANDBOX_PORT=8194 - -# ------------------------------ -# Environment Variables for weaviate Service -# (only used when VECTOR_STORE is weaviate) -# ------------------------------ -WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate -WEAVIATE_QUERY_DEFAULTS_LIMIT=25 -WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true -WEAVIATE_DEFAULT_VECTORIZER_MODULE=none -WEAVIATE_CLUSTER_HOSTNAME=node1 -WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true -WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih -WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai -WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true -WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai - -# ------------------------------ -# Environment Variables for Chroma -# (only used when VECTOR_STORE is chroma) -# ------------------------------ - -# Authentication credentials for Chroma server -CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456 -# Authentication provider for Chroma server -CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider -# Persistence setting for Chroma server -CHROMA_IS_PERSISTENT=TRUE - -# ------------------------------ -# Environment Variables for Oracle Service -# (only used when VECTOR_STORE is Oracle) -# ------------------------------ -ORACLE_PWD=Dify123456 -ORACLE_CHARACTERSET=AL32UTF8 - -# ------------------------------ -# Environment Variables for milvus Service -# (only used when VECTOR_STORE is milvus) -# ------------------------------ -# ETCD configuration for auto compaction mode -ETCD_AUTO_COMPACTION_MODE=revision -# ETCD configuration for auto compaction retention in terms of number of revisions -ETCD_AUTO_COMPACTION_RETENTION=1000 -# ETCD configuration for backend quota in bytes -ETCD_QUOTA_BACKEND_BYTES=4294967296 -# ETCD configuration for the number of changes before triggering a snapshot -ETCD_SNAPSHOT_COUNT=50000 -# MinIO access key for authentication -MINIO_ACCESS_KEY=minioadmin -# MinIO secret key for authentication -MINIO_SECRET_KEY=minioadmin -# ETCD service endpoints -ETCD_ENDPOINTS=etcd:2379 -# MinIO service address -MINIO_ADDRESS=minio:9000 -# Enable or disable security authorization -MILVUS_AUTHORIZATION_ENABLED=true - -# ------------------------------ -# Environment Variables for pgvector / pgvector-rs Service -# (only used when VECTOR_STORE is pgvector / pgvector-rs) -# ------------------------------ -PGVECTOR_PGUSER=postgres -# The password for the default postgres user. -PGVECTOR_POSTGRES_PASSWORD=difyai123456 -# The name of the default postgres database. -PGVECTOR_POSTGRES_DB=dify -# postgres data directory -PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata - -# ------------------------------ -# Environment Variables for opensearch -# (only used when VECTOR_STORE is opensearch) -# ------------------------------ -OPENSEARCH_DISCOVERY_TYPE=single-node -OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true -OPENSEARCH_JAVA_OPTS_MIN=512m -OPENSEARCH_JAVA_OPTS_MAX=1024m -OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123 -OPENSEARCH_MEMLOCK_SOFT=-1 -OPENSEARCH_MEMLOCK_HARD=-1 -OPENSEARCH_NOFILE_SOFT=65536 -OPENSEARCH_NOFILE_HARD=65536 - -# ------------------------------ -# Environment Variables for Nginx reverse proxy -# ------------------------------ -NGINX_SERVER_NAME=_ -NGINX_HTTPS_ENABLED=false -# HTTP port -NGINX_PORT=80 -# SSL settings are only applied when HTTPS_ENABLED is true -NGINX_SSL_PORT=443 -# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory -# and modify the env vars below accordingly. -NGINX_SSL_CERT_FILENAME=dify.crt -NGINX_SSL_CERT_KEY_FILENAME=dify.key -NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3 - -# Nginx performance tuning -NGINX_WORKER_PROCESSES=auto -NGINX_CLIENT_MAX_BODY_SIZE=15M -NGINX_KEEPALIVE_TIMEOUT=65 - -# Proxy settings -NGINX_PROXY_READ_TIMEOUT=3600s -NGINX_PROXY_SEND_TIMEOUT=3600s - -# Set true to accept requests for /.well-known/acme-challenge/ -NGINX_ENABLE_CERTBOT_CHALLENGE=false - -# ------------------------------ -# Certbot Configuration -# ------------------------------ - -# Email address (required to get certificates from Let's Encrypt) -CERTBOT_EMAIL=your_email@example.com - -# Domain name -CERTBOT_DOMAIN=your_domain.com - -# certbot command options -# i.e: --force-renewal --dry-run --test-cert --debug -CERTBOT_OPTIONS= - -# ------------------------------ -# Environment Variables for SSRF Proxy -# ------------------------------ -SSRF_HTTP_PORT=3128 -SSRF_COREDUMP_DIR=/var/spool/squid -SSRF_REVERSE_PROXY_PORT=8194 -SSRF_SANDBOX_HOST=sandbox -SSRF_DEFAULT_TIME_OUT=5 -SSRF_DEFAULT_CONNECT_TIME_OUT=5 -SSRF_DEFAULT_READ_TIME_OUT=5 -SSRF_DEFAULT_WRITE_TIME_OUT=5 - -# ------------------------------ -# docker env var for specifying vector db type at startup -# (based on the vector db type, the corresponding docker -# compose profile will be used) -# if you want to use unstructured, add ',unstructured' to the end -# ------------------------------ -COMPOSE_PROFILES=${VECTOR_STORE:-weaviate} - -# ------------------------------ -# Docker Compose Service Expose Host Port Configurations -# ------------------------------ -EXPOSE_NGINX_PORT=80 -EXPOSE_NGINX_SSL_PORT=443 - -# ---------------------------------------------------------------------------- -# ModelProvider & Tool Position Configuration -# Used to specify the model providers and tools that can be used in the app. -# ---------------------------------------------------------------------------- - -# Pin, include, and exclude tools -# Use comma-separated values with no spaces between items. -# Example: POSITION_TOOL_PINS=bing,google -POSITION_TOOL_PINS= -POSITION_TOOL_INCLUDES= -POSITION_TOOL_EXCLUDES= - -# Pin, include, and exclude model providers -# Use comma-separated values with no spaces between items. -# Example: POSITION_PROVIDER_PINS=openai,openllm -POSITION_PROVIDER_PINS= -POSITION_PROVIDER_INCLUDES= -POSITION_PROVIDER_EXCLUDES= - -# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -CSP_WHITELIST= - -# Enable or disable create tidb service job -CREATE_TIDB_SERVICE_JOB_ENABLED=false - -# Maximum number of submitted thread count in a ThreadPool for parallel node execution -MAX_SUBMIT_COUNT=100 - -# The maximum number of top-k value for RAG. -TOP_K_MAX_VALUE=10 - -# ------------------------------ -# Plugin Daemon Configuration -# ------------------------------ - -DB_PLUGIN_DATABASE=dify_plugin -EXPOSE_PLUGIN_DAEMON_PORT=5002 -PLUGIN_DAEMON_PORT=5002 -PLUGIN_DAEMON_KEY=lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi -PLUGIN_DAEMON_URL=http://plugin_daemon:5002 -PLUGIN_MAX_PACKAGE_SIZE=52428800 -PLUGIN_PPROF_ENABLED=false - -PLUGIN_DEBUGGING_HOST=0.0.0.0 -PLUGIN_DEBUGGING_PORT=5003 -EXPOSE_PLUGIN_DEBUGGING_HOST=localhost -EXPOSE_PLUGIN_DEBUGGING_PORT=5003 - -PLUGIN_DIFY_INNER_API_KEY=QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1 -PLUGIN_DIFY_INNER_API_URL=http://api:5001 - -ENDPOINT_URL_TEMPLATE=http://localhost/e/{hook_id} - -MARKETPLACE_ENABLED=true -MARKETPLACE_API_URL=https://marketplace.dify.ai - -FORCE_VERIFYING_SIGNATURE=true diff --git a/apps/dify/1.0.0/envs/global.env b/apps/dify/1.0.0/envs/global.env deleted file mode 100644 index e10989fe..00000000 --- a/apps/dify/1.0.0/envs/global.env +++ /dev/null @@ -1,2 +0,0 @@ -# copyright© 2024 XinJiang Ms Studio -TZ=Asia/Shanghai diff --git a/apps/dify/1.0.0/scripts/init.sh b/apps/dify/1.0.0/scripts/init.sh deleted file mode 100644 index 085059fc..00000000 --- a/apps/dify/1.0.0/scripts/init.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -if [ -f .env ]; then - source .env - - # setup-1 add default values - CURRENT_DIR=$(pwd) - sed -i '/^ENV_FILE=/d' .env - sed -i '/^GLOBAL_ENV_FILE=/d' .env - echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env - echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env - echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env - - # setup-2 update dir permissions - mkdir -p "$DIFY_ROOT_PATH" - - cp -r conf/. "$DIFY_ROOT_PATH/" - - # setup-3 sync environment variables - env_source="envs/dify.env" - if [ -f "$env_source" ]; then - while IFS='=' read -r key value; do - if [[ -z "$key" || "$key" =~ ^# ]]; then - continue - fi - if ! grep -q "^$key=" .env; then - echo "$key=$value" >> .env - fi - done < "$env_source" - fi - - echo "Check Finish." - -else - echo "Error: .env file not found." -fi diff --git a/apps/dify/1.0.0/scripts/uninstall.sh b/apps/dify/1.0.0/scripts/uninstall.sh deleted file mode 100644 index c86c4fbc..00000000 --- a/apps/dify/1.0.0/scripts/uninstall.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -if [ -f .env ]; then - source .env - - echo "Check Finish." - -else - echo "Error: .env file not found." -fi diff --git a/apps/dify/1.0.0/scripts/upgrade.sh b/apps/dify/1.0.0/scripts/upgrade.sh deleted file mode 100644 index ea92b063..00000000 --- a/apps/dify/1.0.0/scripts/upgrade.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -if [ -f .env ]; then - source .env - - # setup-1 add default values - CURRENT_DIR=$(pwd) - sed -i '/^ENV_FILE=/d' .env - sed -i '/^GLOBAL_ENV_FILE=/d' .env - echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env - echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env - echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env - - # setup-2 update dir permissions - mkdir -p "$DIFY_ROOT_PATH" - - if [ -d "conf" ]; then - find conf -type f | while read -r file; do - dest="$DIFY_ROOT_PATH/${file#conf/}" - if [ ! -e "$dest" ]; then - mkdir -p "$(dirname "$dest")" - cp "$file" "$dest" - fi - done - echo "Conf files copied to $DIFY_ROOT_PATH." - else - echo "Warning: conf directory not found." - fi - - # setup-3 sync environment variables - env_source="envs/dify.env" - if [ -f "$env_source" ]; then - while IFS='=' read -r key value; do - if [[ -z "$key" || "$key" =~ ^# ]]; then - continue - fi - if ! grep -q "^$key=" .env; then - echo "$key=$value" >> .env - fi - done < "$env_source" - fi - - echo "Check Finish." - -else - echo "Error: .env file not found." -fi diff --git a/apps/dify/README.md b/apps/dify/README.md deleted file mode 100644 index 80b39160..00000000 --- a/apps/dify/README.md +++ /dev/null @@ -1,121 +0,0 @@ -# Dify - -Dify 是一个开源的 LLM 应用开发平台。其直观的界面结合了 AI 工作流、RAG 管道、Agent、模型管理、可观测性功能等,让您可以快速从原型到生产 - -![Dify](https://file.lifebus.top/imgs/dify_cover.png) - -![](https://img.shields.io/badge/%E6%96%B0%E7%96%86%E8%90%8C%E6%A3%AE%E8%BD%AF%E4%BB%B6%E5%BC%80%E5%8F%91%E5%B7%A5%E4%BD%9C%E5%AE%A4-%E6%8F%90%E4%BE%9B%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81-blue) - -## 简介 - -### 工作流 - -在画布上构建和测试功能强大的 AI 工作流程,利用以下所有功能以及更多功能 - -### 全面的模型支持 - -与数百种专有/开源 LLMs 以及数十种推理提供商和自托管解决方案无缝集成,涵盖 GPT、Mistral、Llama3 以及任何与 OpenAI API 兼容的模型 - -### Prompt IDE - -用于制作提示、比较模型性能以及向基于聊天的应用程序添加其他功能(如文本转语音)的直观界面 - -### RAG Pipeline - -广泛的 RAG 功能,涵盖从文档摄入到检索的所有内容,支持从 PDF、PPT 和其他常见文档格式中提取文本的开箱即用的支持 - -### Agent 智能体 - -您可以基于 LLM 函数调用或 ReAct 定义 Agent,并为 Agent 添加预构建或自定义工具。Dify 为 AI Agent -提供了50多种内置工具,如谷歌搜索、DALL·E、Stable Diffusion 和 WolframAlpha 等 - -### LLMOps - -随时间监视和分析应用程序日志和性能。您可以根据生产数据和标注持续改进提示、数据集和模型 - -### 后端即服务 - -所有 Dify 的功能都带有相应的 API,因此您可以轻松地将 Dify 集成到自己的业务逻辑中 - -## 功能比较 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
功能Dify.AILangChainFlowiseOpenAI Assistant API
编程方法API + 应用程序导向Python 代码应用程序导向API 导向
支持的 LLMs丰富多样丰富多样丰富多样仅限 OpenAI
RAG引擎
Agent
工作流
可观测性
企业功能(SSO/访问控制)
本地部署
- -## 安装说明 - -在安装 Dify 之前,请确保您的机器满足以下最低系统要求: - -+ CPU >= 2 Core -+ RAM >= 4 GiB - -## 修改配置 - -应用安装后,如有需要的配置,请修改应用目录下的 `.env` 文件 - ---- - -![Ms Studio](https://file.lifebus.top/imgs/ms_blank_001.png) diff --git a/apps/dify/data.yml b/apps/dify/data.yml deleted file mode 100644 index 5f219230..00000000 --- a/apps/dify/data.yml +++ /dev/null @@ -1,14 +0,0 @@ -additionalProperties: - key: dify - name: Dify - tags: - - WebSite - - Local - shortDescZh: Dify 是一个开源的 LLM 应用开发平台 - shortDescEn: Dify is an open-source LLM application development platform - type: website - crossVersionUpdate: true - limit: 0 - website: https://dify.ai/ - github: https://github.com/langgenius/dify/ - document: https://docs.dify.ai/ diff --git a/apps/dify/logo.png b/apps/dify/logo.png deleted file mode 100644 index 82eaea8a..00000000 Binary files a/apps/dify/logo.png and /dev/null differ diff --git a/apps/mastodon/4.3.6/data.yml b/apps/mastodon/4.3.6/data.yml deleted file mode 100644 index dd28335b..00000000 --- a/apps/mastodon/4.3.6/data.yml +++ /dev/null @@ -1,194 +0,0 @@ -additionalProperties: - formFields: - - child: - default: "" - envKey: PANEL_POSTGRES_SERVICE - required: true - type: service - default: postgresql - envKey: PANEL_POSTGRES_TYPE - labelZh: Postgres 服务 (前置检查) - labelEn: Postgres Service (Pre-check) - required: true - type: apps - values: - - label: PostgreSQL - value: postgresql - - child: - default: "" - envKey: PANEL_REDIS_SERVICE - required: true - type: service - default: redis - envKey: PANEL_REDIS_TYPE - labelZh: Redis 服务 (前置检查) - labelEn: Redis Service (Pre-check) - required: true - type: apps - values: - - label: Redis - value: redis - - default: "/home/mastodon" - edit: true - envKey: MASTODON_ROOT_PATH - labelZh: 数据持久化路径 - labelEn: Data persistence path - required: true - type: text - - default: 3000 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelZh: WebUI 端口 - labelEn: WebUI port - required: true - rule: paramPort - type: number - - default: 4000 - edit: true - envKey: PANEL_APP_PORT_STREAM - labelZh: Stream 端口 - labelEn: Stream port - required: true - rule: paramPort - type: number - - default: "" - edit: true - envKey: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY - labelZh: 数据库加密密钥 - labelEn: Database encryption key - required: true - type: text - - default: "" - edit: true - envKey: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT - labelZh: 数据库加密盐 - labelEn: Database encryption salt - required: true - type: text - - default: "" - edit: true - envKey: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY - labelZh: 数据库加密主键 - labelEn: Database encryption primary key - required: true - type: text - - default: "" - edit: true - envKey: SECRET_KEY_BASE - labelZh: 密钥 - labelEn: Secret key - required: true - type: text - - default: "" - edit: true - envKey: OTP_SECRET - labelZh: OTP 密钥 - labelEn: OTP secret - required: true - type: text - - default: "127.0.0.1" - edit: true - envKey: DB_HOST - labelZh: 数据库 主机地址 - labelEn: Database Host - required: true - type: text - - default: 5432 - edit: true - envKey: DB_PORT - labelZh: 数据库 端口 - labelEn: Database Port - required: true - rule: paramPort - type: number - - default: "mastodon" - edit: true - envKey: DB_NAME - labelZh: 数据库 名称 - labelEn: Database Name - required: true - rule: paramCommon - type: text - - default: "mastodon" - edit: true - envKey: DB_USER - labelZh: 数据库 用户名 - labelEn: Database Username - required: true - type: text - - default: "" - edit: true - envKey: DB_PASS - labelZh: 数据库 密码 - labelEn: Database Password - random: true - required: true - rule: paramComplexity - type: password - - default: "127.0.0.1" - edit: true - envKey: REDIS_HOST - labelZh: Redis 主机 - labelEn: Redis Host - required: true - type: text - - default: 6379 - edit: true - envKey: REDIS_PORT - labelZh: Redis 端口 - labelEn: Redis Port - required: true - rule: paramPort - type: number - - default: 0 - edit: true - envKey: REDIS_DB - labelZh: Redis 索引 (0-20) - labelEn: Redis Index (0-20) - required: true - type: number - - default: "" - edit: true - envKey: REDIS_USERNAME - labelZh: Redis 用户名 - labelEn: Redis UserName - required: false - type: text - - default: "" - edit: true - envKey: REDIS_PASSWORD - labelZh: Redis 密码 - labelEn: Redis Password - required: false - type: password - - default: "127.0.0.1" - edit: true - envKey: ES_HOST - labelZh: ES数据库 主机地址 - labelEn: Database Host - required: false - type: text - - default: 9200 - edit: true - envKey: ES_PORT - labelZh: ES数据库 端口 - labelEn: Database Port - required: false - rule: paramPort - type: number - - default: "elastic" - edit: true - envKey: ES_USER - labelZh: ES数据库 用户名 - labelEn: Database Username - required: false - type: text - - default: "" - edit: true - envKey: ES_PASS - labelZh: ES数据库 密码 - labelEn: Database Password - random: true - required: false - rule: paramComplexity - type: password diff --git a/apps/mastodon/4.3.6/docker-compose.yml b/apps/mastodon/4.3.6/docker-compose.yml deleted file mode 100644 index 89c4d414..00000000 --- a/apps/mastodon/4.3.6/docker-compose.yml +++ /dev/null @@ -1,56 +0,0 @@ -networks: - 1panel-network: - external: true - -services: - mastodon: - image: ghcr.io/mastodon/mastodon:v4.3.6 - container_name: ${CONTAINER_NAME} - labels: - createdBy: "Apps" - restart: always - command: bundle exec puma -C config/puma.rb - networks: - - 1panel-network - ports: - - ${PANEL_APP_PORT_HTTP}:3000 - env_file: - - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env} - - ${APP_ENV_FILE:-/etc/1panel/envs/mastodon/mastodon.env} - - ${ENV_FILE:-/etc/1panel/envs/default.env} - volumes: - - ${MASTODON_ROOT_PATH}/system:/mastodon/public/system - environment: - - TZ=Asia/Shanghai - - streaming-mastodon: - image: ghcr.io/mastodon/mastodon-streaming:v4.3.6 - container_name: streaming-${CONTAINER_NAME} - restart: always - command: node ./streaming/index.js - networks: - - 1panel-network - ports: - - ${PANEL_APP_PORT_STREAM}:4000 - env_file: - - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env} - - ${APP_ENV_FILE:-/etc/1panel/envs/mastodon/mastodon.env} - - ${ENV_FILE:-/etc/1panel/envs/default.env} - environment: - - TZ=Asia/Shanghai - - sidekiq-mastodon: - image: ghcr.io/mastodon/mastodon:v4.3.6 - container_name: sidekiq-${CONTAINER_NAME} - restart: always - command: bundle exec sidekiq - networks: - - 1panel-network - env_file: - - ${GLOBAL_ENV_FILE:-/etc/1panel/envs/global.env} - - ${APP_ENV_FILE:-/etc/1panel/envs/mastodon/mastodon.env} - - ${ENV_FILE:-/etc/1panel/envs/default.env} - volumes: - - ${MASTODON_ROOT_PATH}/system:/mastodon/public/system - environment: - - TZ=Asia/Shanghai diff --git a/apps/mastodon/4.3.6/envs/default.env b/apps/mastodon/4.3.6/envs/default.env deleted file mode 100644 index cd05f46e..00000000 --- a/apps/mastodon/4.3.6/envs/default.env +++ /dev/null @@ -1,2 +0,0 @@ -# copyright© 2024 XinJiang Ms Studio -ENV_FILE=.env diff --git a/apps/mastodon/4.3.6/envs/global.env b/apps/mastodon/4.3.6/envs/global.env deleted file mode 100644 index e10989fe..00000000 --- a/apps/mastodon/4.3.6/envs/global.env +++ /dev/null @@ -1,2 +0,0 @@ -# copyright© 2024 XinJiang Ms Studio -TZ=Asia/Shanghai diff --git a/apps/mastodon/4.3.6/envs/mastodon.env b/apps/mastodon/4.3.6/envs/mastodon.env deleted file mode 100644 index 12ab2b6d..00000000 --- a/apps/mastodon/4.3.6/envs/mastodon.env +++ /dev/null @@ -1,109 +0,0 @@ -# This is a sample configuration file. You can generate your configuration -# with the `bundle exec rails mastodon:setup` interactive setup wizard, but to customize -# your setup even further, you'll need to edit it manually. This sample does -# not demonstrate all available configuration options. Please look at -# https://docs.joinmastodon.org/admin/config/ for the full documentation. - -# Note that this file accepts slightly different syntax depending on whether -# you are using `docker-compose` or not. In particular, if you use -# `docker-compose`, the value of each declared variable will be taken verbatim, -# including surrounding quotes. -# See: https://github.com/mastodon/mastodon/issues/16895 - -# Federation -# ---------- -# This identifies your server and cannot be changed safely later -# ---------- -LOCAL_DOMAIN=example.com - -# Redis -# ----- -REDIS_HOST=localhost -REDIS_PORT=6379 - -# PostgreSQL -# ---------- -DB_HOST=/var/run/postgresql -DB_USER=mastodon -DB_NAME=mastodon_production -DB_PASS= -DB_PORT=5432 - -# Elasticsearch (optional) -# ------------------------ -ES_ENABLED=true -ES_HOST=localhost -ES_PORT=9200 -# Authentication for ES (optional) -ES_USER=elastic -ES_PASS=password - -# Secrets -# ------- -# Make sure to use `bundle exec rails secret` to generate secrets -# ------- -SECRET_KEY_BASE= -OTP_SECRET= - -# Encryption secrets -# ------------------ -# Must be available (and set to same values) for all server processes -# These are private/secret values, do not share outside hosting environment -# Use `bin/rails db:encryption:init` to generate fresh secrets -# Do NOT change these secrets once in use, as this would cause data loss and other issues -# ------------------ -# ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= -# ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= -# ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= - -# Web Push -# -------- -# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` -# -------- -VAPID_PRIVATE_KEY= -VAPID_PUBLIC_KEY= - -# Sending mail -# ------------ -SMTP_SERVER= -SMTP_PORT=587 -SMTP_LOGIN= -SMTP_PASSWORD= -SMTP_FROM_ADDRESS=notifications@example.com - -# File storage (optional) -# ----------------------- -S3_ENABLED=true -S3_BUCKET=files.example.com -AWS_ACCESS_KEY_ID= -AWS_SECRET_ACCESS_KEY= -S3_ALIAS_HOST=files.example.com - -# IP and session retention -# ----------------------- -# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml -# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). -# ----------------------- -IP_RETENTION_PERIOD=31556952 -SESSION_RETENTION_PERIOD=31556952 - -# Fetch All Replies Behavior -# -------------------------- -# When a user expands a post (DetailedStatus view), fetch all of its replies -# (default: false) -FETCH_REPLIES_ENABLED=false - -# Period to wait between fetching replies (in minutes) -FETCH_REPLIES_COOLDOWN_MINUTES=15 - -# Period to wait after a post is first created before fetching its replies (in minutes) -FETCH_REPLIES_INITIAL_WAIT_MINUTES=5 - -# Max number of replies to fetch - total, recursively through a whole reply tree -FETCH_REPLIES_MAX_GLOBAL=1000 - -# Max number of replies to fetch - for a single post -FETCH_REPLIES_MAX_SINGLE=500 - -# Max number of replies Collection pages to fetch - total -FETCH_REPLIES_MAX_PAGES=500 diff --git a/apps/mastodon/4.3.6/scripts/init.sh b/apps/mastodon/4.3.6/scripts/init.sh deleted file mode 100644 index a1156ba9..00000000 --- a/apps/mastodon/4.3.6/scripts/init.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -if [ -f .env ]; then - source .env - - # setup-1 add default values - CURRENT_DIR=$(pwd) - sed -i '/^ENV_FILE=/d' .env - sed -i '/^GLOBAL_ENV_FILE=/d' .env - echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env - echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env - echo "APP_ENV_FILE=${CURRENT_DIR}/envs/mastodon.env" >> .env - - # setup-2 add update permission - chown -R 991:991 "$MASTODON_ROOT_PATH" - - echo "Check Finish." - -else - echo "Error: .env file not found." -fi diff --git a/apps/mastodon/4.3.6/scripts/uninstall.sh b/apps/mastodon/4.3.6/scripts/uninstall.sh deleted file mode 100644 index c86c4fbc..00000000 --- a/apps/mastodon/4.3.6/scripts/uninstall.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -if [ -f .env ]; then - source .env - - echo "Check Finish." - -else - echo "Error: .env file not found." -fi diff --git a/apps/mastodon/4.3.6/scripts/upgrade.sh b/apps/mastodon/4.3.6/scripts/upgrade.sh deleted file mode 100644 index a1156ba9..00000000 --- a/apps/mastodon/4.3.6/scripts/upgrade.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -if [ -f .env ]; then - source .env - - # setup-1 add default values - CURRENT_DIR=$(pwd) - sed -i '/^ENV_FILE=/d' .env - sed -i '/^GLOBAL_ENV_FILE=/d' .env - echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env - echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env - echo "APP_ENV_FILE=${CURRENT_DIR}/envs/mastodon.env" >> .env - - # setup-2 add update permission - chown -R 991:991 "$MASTODON_ROOT_PATH" - - echo "Check Finish." - -else - echo "Error: .env file not found." -fi diff --git a/apps/mastodon/README.md b/apps/mastodon/README.md deleted file mode 100644 index 88fbd12c..00000000 --- a/apps/mastodon/README.md +++ /dev/null @@ -1,66 +0,0 @@ -# Mastodon (长毛象) - -自由开源的去中心化的分布式微博客社交网络 - -![Mastodon](https://file.lifebus.top/imgs/mastodon_cover.png) - -![](https://img.shields.io/badge/%E6%96%B0%E7%96%86%E8%90%8C%E6%A3%AE%E8%BD%AF%E4%BB%B6%E5%BC%80%E5%8F%91%E5%B7%A5%E4%BD%9C%E5%AE%A4-%E6%8F%90%E4%BE%9B%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81-blue) - -## 简介 - -Mastodon 是一款基于 ActivityPub 的免费开源社交网络服务器,用户可以关注好友并发现新朋友。在 Mastodon -上,用户可以发布任何他们想要的内容:链接、图片、文本和视频。所有 Mastodon 服务器都可以作为联合网络互操作(一台服务器上的用户可以与另一台服务器上的用户无缝通信,包括实现 -ActivityPub 的非 Mastodon 软件!) - -## 特征 - -### 不受供应商限制 - -可与任何符合要求的平台完全互操作- 不一定是 Mastodon;无论实现 ActivityPub 的是什么,都是社交网络的一部分!了解更多 - -### 实时、按时间顺序排列的时间线更新 - -您关注的人的更新会通过 WebSockets 实时显示在 UI 中。还有流水线视图! - -### 媒体附件,如图片和短视频 - -上传和查看更新中附加的图片和 WebM/MP4 视频。没有音轨的视频将被视为 GIF;普通视频将连续循环播放! - -### 安全和审核工具 - -Mastodon 包括私人帖子、锁定帐户、短语过滤、静音、屏蔽和各种其他功能,以及报告和审核系统。了解更多 - -### OAuth2 和简单的 REST API - -Mastodon 充当 OAuth2 提供商,因此第三方应用可以使用 REST 和 Streaming -API。这带来了一个拥有众多选择的丰富应用生态系统! - -## 安装说明 - -> 项目使用 软件版本 -> -> Redis 4+ -> -> PostgreSQL 12+ - -### 密钥 - -您必须提供唯一的加密密钥:`ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY` `ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY` `ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT` - -您可以通过命令:`bin/rails db:encryption:init` 生成。 - -您也可以使用终端的 `openssl` 命令生成: - -```bash -echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)" -echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32)" -echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 32)" -``` - -### 其他密钥 - -安装后,进入安装目录,查看 `env/mastodon.env` 文件,里面有其他密钥的配置说明,在您有需要的情况下。 - ---- - -![Ms Studio](https://file.lifebus.top/imgs/ms_blank_001.png) diff --git a/apps/mastodon/data.yml b/apps/mastodon/data.yml deleted file mode 100644 index 2900e80b..00000000 --- a/apps/mastodon/data.yml +++ /dev/null @@ -1,14 +0,0 @@ -additionalProperties: - key: mastodon - name: Mastodon (长毛象) - tags: - - WebSite - - Local - shortDescZh: 自由开源的去中心化的分布式微博客社交网络 - shortDescEn: Your self-hosted, globally interconnected microblogging community - type: website - crossVersionUpdate: true - limit: 0 - website: https://joinmastodon.org/ - github: https://github.com/mastodon/mastodon/ - document: https://docs.joinmastodon.org/ diff --git a/apps/mastodon/logo.png b/apps/mastodon/logo.png deleted file mode 100644 index e80d6c71..00000000 Binary files a/apps/mastodon/logo.png and /dev/null differ