diff --git a/appstore/dify/0.15.3/.env b/appstore/dify/0.15.3/.env
new file mode 100644
index 00000000..def4d50c
--- /dev/null
+++ b/appstore/dify/0.15.3/.env
@@ -0,0 +1,24 @@
+# 数据持久化路径 [必填]
+DIFY_ROOT_PATH=/home/dify
+
+# WebUI 端口 [必填]
+PANEL_APP_PORT_HTTP=8080
+
+# WebUI SSL 端口 [必填]
+PANEL_APP_PORT_HTTPS=8443
+
+# Milvus 端口 [必填]
+MILVUS_STANDALONE_PORT1=19530
+
+# Milvus 端口 [必填]
+MILVUS_STANDALONE_PORT2=9091
+
+# MyScale 端口 [必填]
+MYSCALE_PORT=8123
+
+# Elasticsearch 端口 [必填]
+ELASTICSEARCH_PORT=9200
+
+# Kibana 端口 [必填]
+KIBANA_PORT=5601
+
diff --git a/appstore/dify/0.15.3/conf/certbot/README.md b/appstore/dify/0.15.3/conf/certbot/README.md
new file mode 100644
index 00000000..21be34b3
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/certbot/README.md
@@ -0,0 +1,76 @@
+# Launching new servers with SSL certificates
+
+## Short description
+
+docker compose certbot configurations with Backward compatibility (without certbot container).
+Use `docker compose --profile certbot up` to use this features.
+
+## The simplest way for launching new servers with SSL certificates
+
+1. Get letsencrypt certs
+ set `.env` values
+ ```properties
+ NGINX_SSL_CERT_FILENAME=fullchain.pem
+ NGINX_SSL_CERT_KEY_FILENAME=privkey.pem
+ NGINX_ENABLE_CERTBOT_CHALLENGE=true
+ CERTBOT_DOMAIN=your_domain.com
+ CERTBOT_EMAIL=example@your_domain.com
+ ```
+ execute command:
+ ```shell
+ docker network prune
+ docker compose --profile certbot up --force-recreate -d
+ ```
+ then after the containers launched:
+ ```shell
+ docker compose exec -it certbot /bin/sh /update-cert.sh
+ ```
+2. Edit `.env` file and `docker compose --profile certbot up` again.
+ set `.env` value additionally
+ ```properties
+ NGINX_HTTPS_ENABLED=true
+ ```
+ execute command:
+ ```shell
+ docker compose --profile certbot up -d --no-deps --force-recreate nginx
+ ```
+ Then you can access your serve with HTTPS.
+ [https://your_domain.com](https://your_domain.com)
+
+## SSL certificates renewal
+
+For SSL certificates renewal, execute commands below:
+
+```shell
+docker compose exec -it certbot /bin/sh /update-cert.sh
+docker compose exec nginx nginx -s reload
+```
+
+## Options for certbot
+
+`CERTBOT_OPTIONS` key might be helpful for testing. i.e.,
+
+```properties
+CERTBOT_OPTIONS=--dry-run
+```
+
+To apply changes to `CERTBOT_OPTIONS`, regenerate the certbot container before updating the certificates.
+
+```shell
+docker compose --profile certbot up -d --no-deps --force-recreate certbot
+docker compose exec -it certbot /bin/sh /update-cert.sh
+```
+
+Then, reload the nginx container if necessary.
+
+```shell
+docker compose exec nginx nginx -s reload
+```
+
+## For legacy servers
+
+To use cert files dir `nginx/ssl` as before, simply launch containers WITHOUT `--profile certbot` option.
+
+```shell
+docker compose up -d
+```
diff --git a/appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh
new file mode 100644
index 00000000..a70ecd82
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+
+printf '%s\n' "Docker entrypoint script is running"
+
+printf '%s\n' "\nChecking specific environment variables:"
+printf '%s\n' "CERTBOT_EMAIL: ${CERTBOT_EMAIL:-Not set}"
+printf '%s\n' "CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-Not set}"
+printf '%s\n' "CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-Not set}"
+
+printf '%s\n' "\nChecking mounted directories:"
+for dir in "/etc/letsencrypt" "/var/www/html" "/var/log/letsencrypt"; do
+ if [ -d "$dir" ]; then
+ printf '%s\n' "$dir exists. Contents:"
+ ls -la "$dir"
+ else
+ printf '%s\n' "$dir does not exist."
+ fi
+done
+
+printf '%s\n' "\nGenerating update-cert.sh from template"
+sed -e "s|\${CERTBOT_EMAIL}|$CERTBOT_EMAIL|g" \
+ -e "s|\${CERTBOT_DOMAIN}|$CERTBOT_DOMAIN|g" \
+ -e "s|\${CERTBOT_OPTIONS}|$CERTBOT_OPTIONS|g" \
+ /update-cert.template.txt > /update-cert.sh
+
+chmod +x /update-cert.sh
+
+printf '%s\n' "\nExecuting command:" "$@"
+exec "$@"
diff --git a/appstore/dify/0.15.3/conf/certbot/update-cert.template.txt b/appstore/dify/0.15.3/conf/certbot/update-cert.template.txt
new file mode 100644
index 00000000..16786a19
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/certbot/update-cert.template.txt
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -e
+
+DOMAIN="${CERTBOT_DOMAIN}"
+EMAIL="${CERTBOT_EMAIL}"
+OPTIONS="${CERTBOT_OPTIONS}"
+CERT_NAME="${DOMAIN}" # 証明書名をドメイン名と同じにする
+
+# Check if the certificate already exists
+if [ -f "/etc/letsencrypt/renewal/${CERT_NAME}.conf" ]; then
+ echo "Certificate exists. Attempting to renew..."
+ certbot renew --noninteractive --cert-name ${CERT_NAME} --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email ${OPTIONS}
+else
+ echo "Certificate does not exist. Obtaining a new certificate..."
+ certbot certonly --noninteractive --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email -d ${DOMAIN} ${OPTIONS}
+fi
+echo "Certificate operation successful"
+# Note: Nginx reload should be handled outside this container
+echo "Please ensure to reload Nginx to apply any certificate changes."
diff --git a/appstore/dify/0.15.3/conf/couchbase-server/Dockerfile b/appstore/dify/0.15.3/conf/couchbase-server/Dockerfile
new file mode 100644
index 00000000..bd8af641
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/couchbase-server/Dockerfile
@@ -0,0 +1,4 @@
+FROM couchbase/server:latest AS stage_base
+# FROM couchbase:latest AS stage_base
+COPY init-cbserver.sh /opt/couchbase/init/
+RUN chmod +x /opt/couchbase/init/init-cbserver.sh
\ No newline at end of file
diff --git a/appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh b/appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh
new file mode 100644
index 00000000..e66bc185
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# used to start couchbase server - can't get around this as docker compose only allows you to start one command - so we have to start couchbase like the standard couchbase Dockerfile would
+# https://github.com/couchbase/docker/blob/master/enterprise/couchbase-server/7.2.0/Dockerfile#L88
+
+/entrypoint.sh couchbase-server &
+
+# track if setup is complete so we don't try to setup again
+FILE=/opt/couchbase/init/setupComplete.txt
+
+if ! [ -f "$FILE" ]; then
+ # used to automatically create the cluster based on environment variables
+ # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-cluster-init.html
+
+ echo $COUCHBASE_ADMINISTRATOR_USERNAME ":" $COUCHBASE_ADMINISTRATOR_PASSWORD
+
+ sleep 20s
+ /opt/couchbase/bin/couchbase-cli cluster-init -c 127.0.0.1 \
+ --cluster-username $COUCHBASE_ADMINISTRATOR_USERNAME \
+ --cluster-password $COUCHBASE_ADMINISTRATOR_PASSWORD \
+ --services data,index,query,fts \
+ --cluster-ramsize $COUCHBASE_RAM_SIZE \
+ --cluster-index-ramsize $COUCHBASE_INDEX_RAM_SIZE \
+ --cluster-eventing-ramsize $COUCHBASE_EVENTING_RAM_SIZE \
+ --cluster-fts-ramsize $COUCHBASE_FTS_RAM_SIZE \
+ --index-storage-setting default
+
+ sleep 2s
+
+ # used to auto create the bucket based on environment variables
+ # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-bucket-create.html
+
+ /opt/couchbase/bin/couchbase-cli bucket-create -c localhost:8091 \
+ --username $COUCHBASE_ADMINISTRATOR_USERNAME \
+ --password $COUCHBASE_ADMINISTRATOR_PASSWORD \
+ --bucket $COUCHBASE_BUCKET \
+ --bucket-ramsize $COUCHBASE_BUCKET_RAMSIZE \
+ --bucket-type couchbase
+
+ # create file so we know that the cluster is setup and don't run the setup again
+ touch $FILE
+fi
+ # docker compose will stop the container from running unless we do this
+ # known issue and workaround
+ tail -f /dev/null
diff --git a/appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh
new file mode 100644
index 00000000..6669aec5
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+if [ "${VECTOR_STORE}" = "elasticsearch-ja" ]; then
+ # Check if the ICU tokenizer plugin is installed
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-icu; then
+ printf '%s\n' "Installing the ICU tokenizer plugin"
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu; then
+ printf '%s\n' "Failed to install the ICU tokenizer plugin"
+ exit 1
+ fi
+ fi
+ # Check if the Japanese language analyzer plugin is installed
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-kuromoji; then
+ printf '%s\n' "Installing the Japanese language analyzer plugin"
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji; then
+ printf '%s\n' "Failed to install the Japanese language analyzer plugin"
+ exit 1
+ fi
+ fi
+fi
+
+# Run the original entrypoint script
+exec /bin/tini -- /usr/local/bin/docker-entrypoint.sh
diff --git a/appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template b/appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template
new file mode 100644
index 00000000..9691122c
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template
@@ -0,0 +1,37 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+server {
+ listen ${NGINX_PORT};
+ server_name ${NGINX_SERVER_NAME};
+
+ location /console/api {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location /api {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location /v1 {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location /files {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location / {
+ proxy_pass http://web:3000;
+ include proxy.conf;
+ }
+
+ # placeholder for acme challenge location
+ ${ACME_CHALLENGE_LOCATION}
+
+ # placeholder for https config defined in https.conf.template
+ ${HTTPS_CONFIG}
+}
diff --git a/appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh
new file mode 100644
index 00000000..d343cb3e
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then
+ # Check if the certificate and key files for the specified domain exist
+ if [ -n "${CERTBOT_DOMAIN}" ] && \
+ [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \
+ [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then
+ SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}"
+ SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}"
+ else
+ SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}"
+ SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}"
+ fi
+ export SSL_CERTIFICATE_PATH
+ export SSL_CERTIFICATE_KEY_PATH
+
+ # set the HTTPS_CONFIG environment variable to the content of the https.conf.template
+ HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template)
+ export HTTPS_CONFIG
+ # Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template
+ envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+fi
+
+if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then
+ ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }'
+else
+ ACME_CHALLENGE_LOCATION=''
+fi
+export ACME_CHALLENGE_LOCATION
+
+env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -)
+
+envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf
+
+envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+
+# Start Nginx using the default entrypoint
+exec nginx -g 'daemon off;'
\ No newline at end of file
diff --git a/appstore/dify/0.15.3/conf/nginx/https.conf.template b/appstore/dify/0.15.3/conf/nginx/https.conf.template
new file mode 100644
index 00000000..95ea36f4
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/nginx/https.conf.template
@@ -0,0 +1,9 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+listen ${NGINX_SSL_PORT} ssl;
+ssl_certificate ${SSL_CERTIFICATE_PATH};
+ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH};
+ssl_protocols ${NGINX_SSL_PROTOCOLS};
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
\ No newline at end of file
diff --git a/appstore/dify/0.15.3/conf/nginx/nginx.conf.template b/appstore/dify/0.15.3/conf/nginx/nginx.conf.template
new file mode 100644
index 00000000..32a57165
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/nginx/nginx.conf.template
@@ -0,0 +1,34 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+user nginx;
+worker_processes ${NGINX_WORKER_PROCESSES};
+
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT};
+
+ #gzip on;
+ client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};
+
+ include /etc/nginx/conf.d/*.conf;
+}
\ No newline at end of file
diff --git a/appstore/dify/0.15.3/conf/nginx/proxy.conf.template b/appstore/dify/0.15.3/conf/nginx/proxy.conf.template
new file mode 100644
index 00000000..117f8061
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/nginx/proxy.conf.template
@@ -0,0 +1,11 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Port $server_port;
+proxy_http_version 1.1;
+proxy_set_header Connection "";
+proxy_buffering off;
+proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT};
+proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT};
diff --git a/appstore/dify/0.15.3/conf/nginx/ssl/.gitkeep b/appstore/dify/0.15.3/conf/nginx/ssl/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh
new file mode 100644
index 00000000..613897bb
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Modified based on Squid OCI image entrypoint
+
+# This entrypoint aims to forward the squid logs to stdout to assist users of
+# common container related tooling (e.g., kubernetes, docker-compose, etc) to
+# access the service logs.
+
+# Moreover, it invokes the squid binary, leaving all the desired parameters to
+# be provided by the "command" passed to the spawned container. If no command
+# is provided by the user, the default behavior (as per the CMD statement in
+# the Dockerfile) will be to use Ubuntu's default configuration [1] and run
+# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided
+# systemd unit.
+
+# [1] The default configuration is changed in the Dockerfile to allow local
+# network connections. See the Dockerfile for further information.
+
+echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process"
+if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
+ /usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1
+fi
+
+tail -F /var/log/squid/access.log 2>/dev/null &
+tail -F /var/log/squid/error.log 2>/dev/null &
+tail -F /var/log/squid/store.log 2>/dev/null &
+tail -F /var/log/squid/cache.log 2>/dev/null &
+
+# Replace environment variables in the template and output to the squid.conf
+echo "[ENTRYPOINT] replacing environment variables in the template"
+awk '{
+ while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) {
+ var = substr($0, RSTART+2, RLENGTH-3)
+ val = ENVIRON[var]
+ $0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH)
+ }
+ print
+}' /etc/squid/squid.conf.template > /etc/squid/squid.conf
+
+/usr/sbin/squid -Nz
+echo "[ENTRYPOINT] starting squid"
+/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1
diff --git a/appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template b/appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template
new file mode 100644
index 00000000..676fe737
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template
@@ -0,0 +1,51 @@
+acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+acl SSL_ports port 443
+# acl SSL_ports port 1025-65535 # Enable the configuration to resolve this issue: https://github.com/langgenius/dify/issues/12792
+acl Safe_ports port 80 # http
+acl Safe_ports port 21 # ftp
+acl Safe_ports port 443 # https
+acl Safe_ports port 70 # gopher
+acl Safe_ports port 210 # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280 # http-mgmt
+acl Safe_ports port 488 # gss-http
+acl Safe_ports port 591 # filemaker
+acl Safe_ports port 777 # multiling http
+acl CONNECT method CONNECT
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localhost manager
+http_access deny manager
+http_access allow localhost
+include /etc/squid/conf.d/*.conf
+http_access deny all
+
+################################## Proxy Server ################################
+http_port ${HTTP_PORT}
+coredump_dir ${COREDUMP_DIR}
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
+refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
+refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+refresh_pattern . 0 20% 4320
+
+
+# cache_dir ufs /var/spool/squid 100 16 256
+# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks
+# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default
+
+################################## Reverse Proxy To Sandbox ################################
+http_port ${REVERSE_PROXY_PORT} accel vhost
+cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
+acl src_all src all
+http_access allow src_all
diff --git a/appstore/dify/0.15.3/conf/startupscripts/init.sh b/appstore/dify/0.15.3/conf/startupscripts/init.sh
new file mode 100644
index 00000000..c6e6e196
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/startupscripts/init.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+DB_INITIALIZED="/opt/oracle/oradata/dbinit"
+#[ -f ${DB_INITIALIZED} ] && exit
+#touch ${DB_INITIALIZED}
+if [ -f ${DB_INITIALIZED} ]; then
+ echo 'File exists. Standards for have been Init'
+ exit
+else
+ echo 'File does not exist. Standards for first time Start up this DB'
+ "$ORACLE_HOME"/bin/sqlplus -s "/ as sysdba" @"/opt/oracle/scripts/startup/init_user.script";
+ touch ${DB_INITIALIZED}
+fi
diff --git a/appstore/dify/0.15.3/conf/startupscripts/init_user.script b/appstore/dify/0.15.3/conf/startupscripts/init_user.script
new file mode 100644
index 00000000..7aa7c280
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/startupscripts/init_user.script
@@ -0,0 +1,10 @@
+show pdbs;
+ALTER SYSTEM SET PROCESSES=500 SCOPE=SPFILE;
+alter session set container= freepdb1;
+create user dify identified by dify DEFAULT TABLESPACE users quota unlimited on users;
+grant DB_DEVELOPER_ROLE to dify;
+
+BEGIN
+CTX_DDL.CREATE_PREFERENCE('my_chinese_vgram_lexer','CHINESE_VGRAM_LEXER');
+END;
+/
diff --git a/appstore/dify/0.15.3/conf/tidb/config/pd.toml b/appstore/dify/0.15.3/conf/tidb/config/pd.toml
new file mode 100644
index 00000000..042b251e
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/tidb/config/pd.toml
@@ -0,0 +1,4 @@
+# PD Configuration File reference:
+# https://docs.pingcap.com/tidb/stable/pd-configuration-file#pd-configuration-file
+[replication]
+max-replicas = 1
\ No newline at end of file
diff --git a/appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml b/appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml
new file mode 100644
index 00000000..5098829a
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml
@@ -0,0 +1,13 @@
+# TiFlash tiflash-learner.toml Configuration File reference:
+# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflash-learnertoml-file
+
+log-file = "/logs/tiflash_tikv.log"
+
+[server]
+engine-addr = "tiflash:4030"
+addr = "0.0.0.0:20280"
+advertise-addr = "tiflash:20280"
+status-addr = "tiflash:20292"
+
+[storage]
+data-dir = "/data/flash"
diff --git a/appstore/dify/0.15.3/conf/tidb/config/tiflash.toml b/appstore/dify/0.15.3/conf/tidb/config/tiflash.toml
new file mode 100644
index 00000000..30ac13ef
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/tidb/config/tiflash.toml
@@ -0,0 +1,19 @@
+# TiFlash tiflash.toml Configuration File reference:
+# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflashtoml-file
+
+listen_host = "0.0.0.0"
+path = "/data"
+
+[flash]
+tidb_status_addr = "tidb:10080"
+service_addr = "tiflash:4030"
+
+[flash.proxy]
+config = "/tiflash-learner.toml"
+
+[logger]
+errorlog = "/logs/tiflash_error.log"
+log = "/logs/tiflash.log"
+
+[raft]
+pd_addr = "pd0:2379"
diff --git a/appstore/dify/0.15.3/conf/tidb/docker-compose.yaml b/appstore/dify/0.15.3/conf/tidb/docker-compose.yaml
new file mode 100644
index 00000000..fa157701
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/tidb/docker-compose.yaml
@@ -0,0 +1,62 @@
+services:
+ pd0:
+ image: pingcap/pd:v8.5.1
+ # ports:
+ # - "2379"
+ volumes:
+ - ./config/pd.toml:/pd.toml:ro
+ - ./volumes/data:/data
+ - ./volumes/logs:/logs
+ command:
+ - --name=pd0
+ - --client-urls=http://0.0.0.0:2379
+ - --peer-urls=http://0.0.0.0:2380
+ - --advertise-client-urls=http://pd0:2379
+ - --advertise-peer-urls=http://pd0:2380
+ - --initial-cluster=pd0=http://pd0:2380
+ - --data-dir=/data/pd
+ - --config=/pd.toml
+ - --log-file=/logs/pd.log
+ restart: on-failure
+ tikv:
+ image: pingcap/tikv:v8.5.1
+ volumes:
+ - ./volumes/data:/data
+ - ./volumes/logs:/logs
+ command:
+ - --addr=0.0.0.0:20160
+ - --advertise-addr=tikv:20160
+ - --status-addr=tikv:20180
+ - --data-dir=/data/tikv
+ - --pd=pd0:2379
+ - --log-file=/logs/tikv.log
+ depends_on:
+ - "pd0"
+ restart: on-failure
+ tidb:
+ image: pingcap/tidb:v8.5.1
+ # ports:
+ # - "4000:4000"
+ volumes:
+ - ./volumes/logs:/logs
+ command:
+ - --advertise-address=tidb
+ - --store=tikv
+ - --path=pd0:2379
+ - --log-file=/logs/tidb.log
+ depends_on:
+ - "tikv"
+ restart: on-failure
+ tiflash:
+ image: pingcap/tiflash:v8.5.1
+ volumes:
+ - ./config/tiflash.toml:/tiflash.toml:ro
+ - ./config/tiflash-learner.toml:/tiflash-learner.toml:ro
+ - ./volumes/data:/data
+ - ./volumes/logs:/logs
+ command:
+ - --config=/tiflash.toml
+ depends_on:
+ - "tikv"
+ - "tidb"
+ restart: on-failure
diff --git a/appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml b/appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml
new file mode 100644
index 00000000..67f24b69
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml
@@ -0,0 +1,17 @@
+
+
+
+
+
+ ::1
+ 127.0.0.1
+ 10.0.0.0/8
+ 172.16.0.0/12
+ 192.168.0.0/16
+
+ default
+ default
+ 1
+
+
+
\ No newline at end of file
diff --git a/appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql b/appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql
new file mode 100644
index 00000000..3dd2fdd5
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql
@@ -0,0 +1,2 @@
+ALTER
+SYSTEM SET ob_vector_memory_limit_percentage = 30;
diff --git a/appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml b/appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml
new file mode 100644
index 00000000..bd49444b
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml
@@ -0,0 +1,222 @@
+---
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# Description:
+# Default configuration for OpenSearch Dashboards
+
+# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
+# server.port: 5601
+
+# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+# server.host: "localhost"
+
+# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
+# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
+# from requests it receives, and to prevent a deprecation warning at startup.
+# This setting cannot end in a slash.
+# server.basePath: ""
+
+# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
+# `server.basePath` or require that they are rewritten by your reverse proxy.
+# server.rewriteBasePath: false
+
+# The maximum payload size in bytes for incoming server requests.
+# server.maxPayloadBytes: 1048576
+
+# The OpenSearch Dashboards server's name. This is used for display purposes.
+# server.name: "your-hostname"
+
+# The URLs of the OpenSearch instances to use for all your queries.
+# opensearch.hosts: ["http://localhost:9200"]
+
+# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
+# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
+# opensearchDashboards.index: ".opensearch_dashboards"
+
+# The default application to load.
+# opensearchDashboards.defaultAppId: "home"
+
+# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
+# This settings should be used for large clusters or for clusters with ingest heavy nodes.
+# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
+#
+# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
+# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
+# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
+# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
+# opensearch.optimizedHealthcheckId: "cluster_id"
+
+# If your OpenSearch is protected with basic authentication, these settings provide
+# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
+# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
+# is proxied through the OpenSearch Dashboards server.
+# opensearch.username: "opensearch_dashboards_system"
+# opensearch.password: "pass"
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
+# server.ssl.enabled: false
+# server.ssl.certificate: /path/to/your/server.crt
+# server.ssl.key: /path/to/your/server.key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
+# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
+# opensearch.ssl.certificate: /path/to/your/client.crt
+# opensearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your OpenSearch instance.
+# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+# opensearch.ssl.verificationMode: full
+
+# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
+# the opensearch.requestTimeout setting.
+# opensearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
+# must be a positive integer.
+# opensearch.requestTimeout: 30000
+
+# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+# opensearch.requestHeadersWhitelist: [ authorization ]
+
+# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration.
+# opensearch.customHeaders: {}
+
+# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
+# opensearch.shardTimeout: 30000
+
+# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
+# opensearch.logQueries: false
+
+# Specifies the path where OpenSearch Dashboards creates the process ID file.
+# pid.file: /var/run/opensearchDashboards.pid
+
+# Enables you to specify a file where OpenSearch Dashboards stores log output.
+# logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+# logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+# logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+# logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+# ops.interval: 5000
+
+# Specifies locale to be used for all localizable strings, dates and number formats.
+# Supported languages are the following: English - en , by default , Chinese - zh-CN .
+# i18n.locale: "en"
+
+# Set the allowlist to check input graphite Url. Allowlist is the default check list.
+# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']
+
+# Set the blocklist to check input graphite Url. Blocklist is an IP list.
+# Below is an example for reference
+# vis_type_timeline.graphiteBlockedIPs: [
+# //Loopback
+# '127.0.0.0/8',
+# '::1/128',
+# //Link-local Address for IPv6
+# 'fe80::/10',
+# //Private IP address for IPv4
+# '10.0.0.0/8',
+# '172.16.0.0/12',
+# '192.168.0.0/16',
+# //Unique local address (ULA)
+# 'fc00::/7',
+# //Reserved IP address
+# '0.0.0.0/8',
+# '100.64.0.0/10',
+# '192.0.0.0/24',
+# '192.0.2.0/24',
+# '198.18.0.0/15',
+# '192.88.99.0/24',
+# '198.51.100.0/24',
+# '203.0.113.0/24',
+# '224.0.0.0/4',
+# '240.0.0.0/4',
+# '255.255.255.255/32',
+# '::/128',
+# '2001:db8::/32',
+# 'ff00::/8',
+# ]
+# vis_type_timeline.graphiteBlockedIPs: []
+
+# opensearchDashboards.branding:
+# logo:
+# defaultUrl: ""
+# darkModeUrl: ""
+# mark:
+# defaultUrl: ""
+# darkModeUrl: ""
+# loadingLogo:
+# defaultUrl: ""
+# darkModeUrl: ""
+# faviconUrl: ""
+# applicationTitle: ""
+
+# Set the value of this setting to true to capture region blocked warnings and errors
+# for your map rendering services.
+# map.showRegionBlockedWarning: false%
+
+# Set the value of this setting to false to suppress search usage telemetry
+# for reducing the load of OpenSearch cluster.
+# data.search.usageTelemetry.enabled: false
+
+# 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false'
+# Set the value of this setting to false to disable VisBuilder
+# functionality in Visualization.
+# vis_builder.enabled: false
+
+# 2.4 New Experimental Feature
+# Set the value of this setting to true to enable the experimental multiple data source
+# support feature. Use with caution.
+# data_source.enabled: false
+# Set the value of these settings to customize crypto materials to encryption saved credentials
+# in data sources.
+# data_source.encryption.wrappingKeyName: 'changeme'
+# data_source.encryption.wrappingKeyNamespace: 'changeme'
+# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+
+# 2.6 New ML Commons Dashboards Feature
+# Set the value of this setting to true to enable the ml commons dashboards
+# ml_commons_dashboards.enabled: false
+
+# 2.12 New experimental Assistant Dashboards Feature
+# Set the value of this setting to true to enable the assistant dashboards
+# assistant.chat.enabled: false
+
+# 2.13 New Query Assistant Feature
+# Set the value of this setting to false to disable the query assistant
+# observability.query_assist.enabled: false
+
+# 2.14 Enable Ui Metric Collectors in Usage Collector
+# Set the value of this setting to true to enable UI Metric collections
+# usageCollection.uiMetric.enabled: false
+
+opensearch.hosts: [ https://localhost:9200 ]
+opensearch.ssl.verificationMode: none
+opensearch.username: admin
+opensearch.password: 'Qazwsxedc!@#123'
+opensearch.requestHeadersWhitelist: [ authorization, securitytenant ]
+
+opensearch_security.multitenancy.enabled: true
+opensearch_security.multitenancy.tenants.preferred: [ Private, Global ]
+opensearch_security.readonly_mode.roles: [ kibana_read_only ]
+# Use this setting if you are running opensearch-dashboards without https
+opensearch_security.cookie.secure: false
+server.host: '0.0.0.0'
diff --git a/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml
new file mode 100644
index 00000000..8c1a1deb
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml
@@ -0,0 +1,14 @@
+app:
+ port: 8194
+ debug: True
+ key: dify-sandbox
+max_workers: 4
+max_requests: 50
+worker_timeout: 5
+python_path: /usr/local/bin/python3
+enable_network: True # please make sure there is no network risk in your environment
+allowed_syscalls: # please leave it empty if you have no idea how seccomp works
+proxy:
+ socks5: ''
+ http: ''
+ https: ''
diff --git a/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example
new file mode 100644
index 00000000..f92c19e5
--- /dev/null
+++ b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example
@@ -0,0 +1,35 @@
+app:
+ port: 8194
+ debug: True
+ key: dify-sandbox
+max_workers: 4
+max_requests: 50
+worker_timeout: 5
+python_path: /usr/local/bin/python3
+python_lib_path:
+ - /usr/local/lib/python3.10
+ - /usr/lib/python3.10
+ - /usr/lib/python3
+ - /usr/lib/x86_64-linux-gnu
+ - /etc/ssl/certs/ca-certificates.crt
+ - /etc/nsswitch.conf
+ - /etc/hosts
+ - /etc/resolv.conf
+ - /run/systemd/resolve/stub-resolv.conf
+ - /run/resolvconf/resolv.conf
+ - /etc/localtime
+ - /usr/share/zoneinfo
+ - /etc/timezone
+ # add more paths if needed
+python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple
+nodejs_path: /usr/local/bin/node
+enable_network: True
+allowed_syscalls:
+ - 1
+ - 2
+ - 3
+ # add all the syscalls which you require
+proxy:
+ socks5: ''
+ http: ''
+ https: ''
diff --git a/appstore/dify/0.15.3/conf/volumes/sandbox/dependencies/python-requirements.txt b/appstore/dify/0.15.3/conf/volumes/sandbox/dependencies/python-requirements.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/appstore/dify/0.15.3/data.yml b/appstore/dify/0.15.3/data.yml
new file mode 100644
index 00000000..5064d8b3
--- /dev/null
+++ b/appstore/dify/0.15.3/data.yml
@@ -0,0 +1,65 @@
+additionalProperties:
+ formFields:
+ - default: "/home/dify"
+ edit: true
+ envKey: DIFY_ROOT_PATH
+ labelZh: 数据持久化路径
+ labelEn: Data persistence path
+ required: true
+ type: text
+ - default: 8080
+ edit: true
+ envKey: PANEL_APP_PORT_HTTP
+ labelZh: WebUI 端口
+ labelEn: WebUI port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 8443
+ edit: true
+ envKey: PANEL_APP_PORT_HTTPS
+ labelZh: WebUI SSL 端口
+ labelEn: WebUI SSL port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 19530
+ disabled: true
+ envKey: MILVUS_STANDALONE_PORT1
+ labelZh: Milvus 端口
+ labelEn: Milvus port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 9091
+ disabled: true
+ envKey: MILVUS_STANDALONE_PORT2
+ labelZh: Milvus 端口
+ labelEn: Milvus port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 8123
+ edit: true
+ envKey: MYSCALE_PORT
+ labelZh: MyScale 端口
+ labelEn: MyScale port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 9200
+ edit: true
+ envKey: ELASTICSEARCH_PORT
+ labelZh: Elasticsearch 端口
+ labelEn: Elasticsearch port
+ required: true
+ rule: paramPort
+ type: number
+ - default: 5601
+ edit: true
+ envKey: KIBANA_PORT
+ labelZh: Kibana 端口
+ labelEn: Kibana port
+ required: true
+ rule: paramPort
+ type: number
diff --git a/appstore/dify/0.15.3/docker-compose.yml b/appstore/dify/0.15.3/docker-compose.yml
new file mode 100644
index 00000000..d3b243de
--- /dev/null
+++ b/appstore/dify/0.15.3/docker-compose.yml
@@ -0,0 +1,1815 @@
+networks:
+ milvus:
+ driver: bridge
+ opensearch-net:
+ driver: bridge
+ internal: true
+ ssrf_proxy_network:
+ driver: bridge
+ internal: true
+services:
+ api:
+ container_name: api-dify
+ depends_on:
+ - db
+ - redis
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DEBUG: ${DEBUG:-false}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ FILES_URL: ${FILES_URL:-}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ MODE: api
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ SENTRY_DSN: ${API_SENTRY_DSN:-}
+ SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
+ image: langgenius/dify-api:0.15.3
+ networks:
+ - ssrf_proxy_network
+ - default
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+ certbot:
+ command:
+ - tail
+ - -f
+ - /dev/null
+ container_name: certbot-dify
+ entrypoint:
+ - /docker-entrypoint.sh
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+ - CERTBOT_DOMAIN=${CERTBOT_DOMAIN}
+ - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-}
+ image: certbot/certbot
+ profiles:
+ - certbot
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
+ - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
+ - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt
+ - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh
+ chroma:
+ container_name: chroma-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ image: ghcr.io/chroma-core/chroma:0.5.20
+ profiles:
+ - chroma
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma
+ couchbase-server:
+ build: ./couchbase-server
+ command: sh -c "/opt/couchbase/init/init-cbserver.sh"
+ container_name: couchbase-server-dify
+ entrypoint:
+ - ''
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ - CLUSTER_NAME=dify_search
+ - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator}
+ - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password}
+ - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings}
+ - COUCHBASE_BUCKET_RAMSIZE=512
+ - COUCHBASE_RAM_SIZE=2048
+ - COUCHBASE_EVENTING_RAM_SIZE=512
+ - COUCHBASE_INDEX_RAM_SIZE=512
+ - COUCHBASE_FTS_RAM_SIZE=1024
+ healthcheck:
+ interval: 10s
+ retries: 10
+ start_period: 30s
+ test:
+ - CMD-SHELL
+ - curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets
+ | grep -q '\[{' || exit 1
+ timeout: 10s
+ hostname: couchbase-server
+ profiles:
+ - couchbase
+ restart: always
+ stdin_open: true
+ tty: true
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data
+ working_dir: /opt/couchbase
+ db:
+ command: "postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'\n \
+ \ -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'\n -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'\n\
+ \ -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'\n\
+ \ -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'\n"
+ container_name: db-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-postgres}
+ POSTGRES_DB: ${POSTGRES_DB:-dify}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
+ healthcheck:
+ interval: 1s
+ retries: 30
+ test:
+ - CMD
+ - pg_isready
+ timeout: 3s
+ image: postgres:15-alpine
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data
+ elasticsearch:
+ container_name: elasticsearch-dify
+ deploy:
+ resources:
+ limits:
+ memory: 2g
+ entrypoint:
+ - sh
+ - -c
+ - sh /docker-entrypoint-mount.sh
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ VECTOR_STORE: ${VECTOR_STORE:-}
+ cluster.name: dify-es-cluster
+ discovery.type: single-node
+ node.name: dify-es0
+ xpack.license.self_generated.type: basic
+ xpack.security.enabled: 'true'
+ xpack.security.enrollment.enabled: 'false'
+ xpack.security.http.ssl.enabled: 'false'
+ healthcheck:
+ interval: 30s
+ retries: 50
+ test:
+ - CMD
+ - curl
+ - -s
+ - http://localhost:9200/_cluster/health?pretty
+ timeout: 10s
+ image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3
+ ports:
+ - ${ELASTICSEARCH_PORT:-9200}:9200
+ profiles:
+ - elasticsearch
+ - elasticsearch-ja
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ - dify_es01_data:/usr/share/elasticsearch/data
+ etcd:
+ command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls
+ http://0.0.0.0:2379 --data-dir /etcd
+ container_name: milvus-etcd-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ healthcheck:
+ interval: 30s
+ retries: 3
+ test:
+ - CMD
+ - etcdctl
+ - endpoint
+ - health
+ timeout: 20s
+ image: quay.io/coreos/etcd:v3.5.5
+ networks:
+ - milvus
+ profiles:
+ - milvus
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd
+ kibana:
+ container_name: kibana-dify
+ depends_on:
+ - elasticsearch
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ELASTICSEARCH_HOSTS: http://elasticsearch:9200
+ I18N_LOCALE: zh-CN
+ NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana
+ SERVER_PORT: '5601'
+ XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa
+ XPACK_FLEET_ISAIRGAPPED: 'true'
+ XPACK_SECURITY_ENABLED: 'true'
+ XPACK_SECURITY_ENROLLMENT_ENABLED: 'false'
+ XPACK_SECURITY_HTTP_SSL_ENABLED: 'false'
+ healthcheck:
+ interval: 30s
+ retries: 3
+ test:
+ - CMD-SHELL
+ - curl -s http://localhost:5601 >/dev/null || exit 1
+ timeout: 10s
+ image: docker.elastic.co/kibana/kibana:8.14.3
+ ports:
+ - ${KIBANA_PORT:-5601}:5601
+ profiles:
+ - elasticsearch
+ restart: always
+ milvus-standalone:
+ command:
+ - milvus
+ - run
+ - standalone
+ container_name: milvus-standalone-dify
+ depends_on:
+ - etcd
+ - minio
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ healthcheck:
+ interval: 30s
+ retries: 3
+ start_period: 90s
+ test:
+ - CMD
+ - curl
+ - -f
+ - http://localhost:9091/healthz
+ timeout: 20s
+ image: milvusdb/milvus:v2.5.0-beta
+ networks:
+ - milvus
+ ports:
+ - 19530:19530
+ - 9091:9091
+ profiles:
+ - milvus
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus
+ minio:
+ command: minio server /minio_data --console-address ":9001"
+ container_name: milvus-minio-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ healthcheck:
+ interval: 30s
+ retries: 3
+ test:
+ - CMD
+ - curl
+ - -f
+ - http://localhost:9000/minio/health/live
+ timeout: 20s
+ image: minio/minio:RELEASE.2023-03-20T20-16-18Z
+ networks:
+ - milvus
+ profiles:
+ - milvus
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data
+ myscale:
+ container_name: myscale-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ image: myscale/myscaledb:1.6.4
+ ports:
+ - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123}
+ profiles:
+ - myscale
+ restart: always
+ tty: true
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse
+ - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server
+ - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml
+ nginx:
+ container_name: nginx-dify
+ depends_on:
+ - api
+ - web
+ entrypoint:
+ - sh
+ - -c
+ - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\
+ \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ image: nginx:latest
+ ports:
+ - ${EXPOSE_NGINX_PORT:-80}:${NGINX_PORT:-80}
+ - ${EXPOSE_NGINX_SSL_PORT:-443}:${NGINX_SSL_PORT:-443}
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d
+ - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
+ oceanbase:
+ container_name: oceanbase-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OB_SERVER_IP: 127.0.0.1
+ OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215
+ profiles:
+ - oceanbase
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d
+ opensearch:
+ container_name: opensearch-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ image: opensearchproject/opensearch:latest
+ networks:
+ - opensearch-net
+ profiles:
+ - opensearch
+ ulimits:
+ memlock:
+ hard: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ soft: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ nofile:
+ hard: ${OPENSEARCH_NOFILE_HARD:-65536}
+ soft: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data
+ opensearch-dashboards:
+ container_name: opensearch-dashboards-dify
+ depends_on:
+ - opensearch
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
+ image: opensearchproject/opensearch-dashboards:latest
+ networks:
+ - opensearch-net
+ profiles:
+ - opensearch
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+ oracle:
+ container_name: oracle-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ image: container-registry.oracle.com/database/free:latest
+ profiles:
+ - oracle
+ restart: always
+ volumes:
+ - source: oradata
+ target: /opt/oracle/oradata
+ type: volume
+ - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup
+ pgvecto-rs:
+ container_name: pgvecto-rs-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ healthcheck:
+ interval: 1s
+ retries: 30
+ test:
+ - CMD
+ - pg_isready
+ timeout: 3s
+ image: tensorchord/pgvecto-rs:pg16-v0.3.0
+ profiles:
+ - pgvecto-rs
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data
+ pgvector:
+ container_name: pgvector-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ healthcheck:
+ interval: 1s
+ retries: 30
+ test:
+ - CMD
+ - pg_isready
+ timeout: 3s
+ image: pgvector/pgvector:pg16
+ profiles:
+ - pgvector
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data
+ qdrant:
+ container_name: qdrant-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ image: langgenius/qdrant:v1.7.3
+ profiles:
+ - qdrant
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage
+ redis:
+ command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456}
+ container_name: redis-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456}
+ healthcheck:
+ test:
+ - CMD
+ - redis-cli
+ - ping
+ image: redis:6-alpine
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/redis/data:/data
+ sandbox:
+ container_name: sandbox-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ healthcheck:
+ test:
+ - CMD
+ - curl
+ - -f
+ - http://localhost:8194/health
+ image: langgenius/dify-sandbox:0.2.10
+ networks:
+ - ssrf_proxy_network
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies
+ ssrf_proxy:
+ container_name: ssrf_proxy-dify
+ entrypoint:
+ - sh
+ - -c
+ - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\
+ \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ image: ubuntu/squid:latest
+ networks:
+ - ssrf_proxy_network
+ - default
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
+ - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ unstructured:
+ container_name: unstructured-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ image: downloads.unstructured.io/unstructured-io/unstructured-api:latest
+ profiles:
+ - unstructured
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data
+ weaviate:
+ container_name: weaviate-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
+ AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ image: semitechnologies/weaviate:1.19.0
+ profiles:
+ - ''
+ - weaviate
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate
+ web:
+ container_name: web-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ APP_API_URL: ${APP_API_URL:-}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
+ NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
+ SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
+ image: langgenius/dify-web:0.15.3
+ restart: always
+ worker:
+ container_name: worker-dify
+ depends_on:
+ - db
+ - redis
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DEBUG: ${DEBUG:-false}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ FILES_URL: ${FILES_URL:-}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ MODE: worker
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ SENTRY_DSN: ${API_SENTRY_DSN:-}
+ SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
+ image: langgenius/dify-api:0.15.3
+ networks:
+ - ssrf_proxy_network
+ - default
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+volumes:
+ dify_es01_data: null
+ oradata: null
+x-shared-env:
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DEBUG: ${DEBUG:-false}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ FILES_URL: ${FILES_URL:-}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ SENTRY_DSN: ${SENTRY_DSN:-}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
diff --git a/appstore/dify/0.15.3/envs/default.env b/appstore/dify/0.15.3/envs/default.env
new file mode 100644
index 00000000..cd05f46e
--- /dev/null
+++ b/appstore/dify/0.15.3/envs/default.env
@@ -0,0 +1,2 @@
+# copyright© 2024 XinJiang Ms Studio
+ENV_FILE=.env
diff --git a/appstore/dify/0.15.3/envs/dify.env b/appstore/dify/0.15.3/envs/dify.env
new file mode 100644
index 00000000..3bc79059
--- /dev/null
+++ b/appstore/dify/0.15.3/envs/dify.env
@@ -0,0 +1,938 @@
+# ------------------------------
+# Environment Variables for API service & worker
+# ------------------------------
+
+# ------------------------------
+# Common Variables
+# ------------------------------
+
+# The backend URL of the console API,
+# used to concatenate the authorization callback.
+# If empty, it is the same domain.
+# Example: https://api.console.dify.ai
+CONSOLE_API_URL=
+
+# The front-end URL of the console web,
+# used to concatenate some front-end addresses and for CORS configuration use.
+# If empty, it is the same domain.
+# Example: https://console.dify.ai
+CONSOLE_WEB_URL=
+
+# Service API Url,
+# used to display Service API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://api.dify.ai
+SERVICE_API_URL=
+
+# WebApp API backend Url,
+# used to declare the back-end URL for the front-end API.
+# If empty, it is the same domain.
+# Example: https://api.app.dify.ai
+APP_API_URL=
+
+# WebApp Url,
+# used to display WebAPP API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://app.dify.ai
+APP_WEB_URL=
+
+# File preview or download Url prefix.
+# used to display File preview or download Url to the front-end or as Multi-model inputs;
+# Url is signed and has expiration time.
+FILES_URL=
+
+# ------------------------------
+# Server Configuration
+# ------------------------------
+
+# The log level for the application.
+# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
+LOG_LEVEL=INFO
+# Log file path
+LOG_FILE=/app/logs/server.log
+# Log file max size, the unit is MB
+LOG_FILE_MAX_SIZE=20
+# Log file max backup count
+LOG_FILE_BACKUP_COUNT=5
+# Log dateformat
+LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S
+# Log Timezone
+LOG_TZ=UTC
+
+# Debug mode, default is false.
+# It is recommended to turn on this configuration for local development
+# to prevent some problems caused by monkey patch.
+DEBUG=false
+
+# Flask debug mode, it can output trace information at the interface when turned on,
+# which is convenient for debugging.
+FLASK_DEBUG=false
+
+# A secretkey that is used for securely signing the session cookie
+# and encrypting sensitive information on the database.
+# You can generate a strong key using `openssl rand -base64 42`.
+SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
+
+# Password for admin user initialization.
+# If left unset, admin user will not be prompted for a password
+# when creating the initial admin account.
+# The length of the password cannot exceed 30 charactors.
+INIT_PASSWORD=
+
+# Deployment environment.
+# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`.
+# Testing environment. There will be a distinct color label on the front-end page,
+# indicating that this environment is a testing environment.
+DEPLOY_ENV=PRODUCTION
+
+# Whether to enable the version check policy.
+# If set to empty, https://updates.dify.ai will be called for version check.
+CHECK_UPDATE_URL=https://updates.dify.ai
+
+# Used to change the OpenAI base address, default is https://api.openai.com/v1.
+# When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
+# or when a local model provides OpenAI compatible API, it can be replaced.
+OPENAI_API_BASE=https://api.openai.com/v1
+
+# When enabled, migrations will be executed prior to application startup
+# and the application will start after the migrations have completed.
+MIGRATION_ENABLED=true
+
+# File Access Time specifies a time interval in seconds for the file to be accessed.
+# The default value is 300 seconds.
+FILES_ACCESS_TIMEOUT=300
+
+# Access token expiration time in minutes
+ACCESS_TOKEN_EXPIRE_MINUTES=60
+
+# Refresh token expiration time in days
+REFRESH_TOKEN_EXPIRE_DAYS=30
+
+# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
+APP_MAX_ACTIVE_REQUESTS=0
+APP_MAX_EXECUTION_TIME=1200
+
+# ------------------------------
+# Container Startup Related Configuration
+# Only effective when starting with docker image or docker-compose.
+# ------------------------------
+
+# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
+DIFY_BIND_ADDRESS=0.0.0.0
+
+# API service binding port number, default 5001.
+DIFY_PORT=5001
+
+# The number of API server workers, i.e., the number of workers.
+# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent
+# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
+SERVER_WORKER_AMOUNT=1
+
+# Defaults to gevent. If using windows, it can be switched to sync or solo.
+SERVER_WORKER_CLASS=gevent
+
+# Default number of worker connections, the default is 10.
+SERVER_WORKER_CONNECTIONS=10
+
+# Similar to SERVER_WORKER_CLASS.
+# If using windows, it can be switched to sync or solo.
+CELERY_WORKER_CLASS=
+
+# Request handling timeout. The default is 200,
+# it is recommended to set it to 360 to support a longer sse connection time.
+GUNICORN_TIMEOUT=360
+
+# The number of Celery workers. The default is 1, and can be set as needed.
+CELERY_WORKER_AMOUNT=
+
+# Flag indicating whether to enable autoscaling of Celery workers.
+#
+# Autoscaling is useful when tasks are CPU intensive and can be dynamically
+# allocated and deallocated based on the workload.
+#
+# When autoscaling is enabled, the maximum and minimum number of workers can
+# be specified. The autoscaling algorithm will dynamically adjust the number
+# of workers within the specified range.
+#
+# Default is false (i.e., autoscaling is disabled).
+#
+# Example:
+# CELERY_AUTO_SCALE=true
+CELERY_AUTO_SCALE=false
+
+# The maximum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MAX_WORKERS=
+
+# The minimum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MIN_WORKERS=
+
+# API Tool configuration
+API_TOOL_DEFAULT_CONNECT_TIMEOUT=10
+API_TOOL_DEFAULT_READ_TIMEOUT=60
+
+
+# ------------------------------
+# Database Configuration
+# The database uses PostgreSQL. Please use the public schema.
+# It is consistent with the configuration in the 'db' service below.
+# ------------------------------
+
+DB_USERNAME=postgres
+DB_PASSWORD=difyai123456
+DB_HOST=db
+DB_PORT=5432
+DB_DATABASE=dify
+# The size of the database connection pool.
+# The default is 30 connections, which can be appropriately increased.
+SQLALCHEMY_POOL_SIZE=30
+# Database connection pool recycling time, the default is 3600 seconds.
+SQLALCHEMY_POOL_RECYCLE=3600
+# Whether to print SQL, default is false.
+SQLALCHEMY_ECHO=false
+
+# Maximum number of connections to the database
+# Default is 100
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS
+POSTGRES_MAX_CONNECTIONS=100
+
+# Sets the amount of shared memory used for postgres's shared buffers.
+# Default is 128MB
+# Recommended value: 25% of available memory
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS
+POSTGRES_SHARED_BUFFERS=128MB
+
+# Sets the amount of memory used by each database worker for working space.
+# Default is 4MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM
+POSTGRES_WORK_MEM=4MB
+
+# Sets the amount of memory reserved for maintenance activities.
+# Default is 64MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM
+POSTGRES_MAINTENANCE_WORK_MEM=64MB
+
+# Sets the planner's assumption about the effective cache size.
+# Default is 4096MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE
+POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB
+
+# ------------------------------
+# Redis Configuration
+# This Redis configuration is used for caching and for pub/sub during conversation.
+# ------------------------------
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_USERNAME=
+REDIS_PASSWORD=difyai123456
+REDIS_USE_SSL=false
+REDIS_DB=0
+
+# Whether to use Redis Sentinel mode.
+# If set to true, the application will automatically discover and connect to the master node through Sentinel.
+REDIS_USE_SENTINEL=false
+
+# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port.
+# Format: `:,:,:`
+REDIS_SENTINELS=
+REDIS_SENTINEL_SERVICE_NAME=
+REDIS_SENTINEL_USERNAME=
+REDIS_SENTINEL_PASSWORD=
+REDIS_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port.
+# Format: `:,:,:`
+REDIS_USE_CLUSTERS=false
+REDIS_CLUSTERS=
+REDIS_CLUSTERS_PASSWORD=
+
+# ------------------------------
+# Celery Configuration
+# ------------------------------
+
+# Use redis as the broker, and redis db 1 for celery broker.
+# Format as follows: `redis://:@:/`
+# Example: redis://:difyai123456@redis:6379/1
+# If use Redis Sentinel, format as follows: `sentinel://:@:/`
+# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1
+CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1
+BROKER_USE_SSL=false
+
+# If you are using Redis Sentinel for high availability, configure the following settings.
+CELERY_USE_SENTINEL=false
+CELERY_SENTINEL_MASTER_NAME=
+CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# ------------------------------
+# CORS Configuration
+# Used to set the front-end cross-domain access policy.
+# ------------------------------
+
+# Specifies the allowed origins for cross-origin requests to the Web API,
+# e.g. https://dify.app or * for all origins.
+WEB_API_CORS_ALLOW_ORIGINS=*
+
+# Specifies the allowed origins for cross-origin requests to the console API,
+# e.g. https://cloud.dify.ai or * for all origins.
+CONSOLE_CORS_ALLOW_ORIGINS=*
+
+# ------------------------------
+# File Storage Configuration
+# ------------------------------
+
+# The type of storage to use for storing user files.
+STORAGE_TYPE=opendal
+
+# Apache OpenDAL Configuration
+# The configuration for OpenDAL consists of the following format: OPENDAL__.
+# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services.
+# Dify will scan configurations starting with OPENDAL_ and automatically apply them.
+# The scheme name for the OpenDAL storage.
+OPENDAL_SCHEME=fs
+# Configurations for OpenDAL Local File System.
+OPENDAL_FS_ROOT=storage
+
+# S3 Configuration
+#
+S3_ENDPOINT=
+S3_REGION=us-east-1
+S3_BUCKET_NAME=difyai
+S3_ACCESS_KEY=
+S3_SECRET_KEY=
+# Whether to use AWS managed IAM roles for authenticating with the S3 service.
+# If set to false, the access key and secret key must be provided.
+S3_USE_AWS_MANAGED_IAM=false
+
+# Azure Blob Configuration
+#
+AZURE_BLOB_ACCOUNT_NAME=difyai
+AZURE_BLOB_ACCOUNT_KEY=difyai
+AZURE_BLOB_CONTAINER_NAME=difyai-container
+AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net
+
+# Google Storage Configuration
+#
+GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
+GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64=
+
+# The Alibaba Cloud OSS configurations,
+#
+ALIYUN_OSS_BUCKET_NAME=your-bucket-name
+ALIYUN_OSS_ACCESS_KEY=your-access-key
+ALIYUN_OSS_SECRET_KEY=your-secret-key
+ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com
+ALIYUN_OSS_REGION=ap-southeast-1
+ALIYUN_OSS_AUTH_VERSION=v4
+# Don't start with '/'. OSS doesn't support leading slash in object names.
+ALIYUN_OSS_PATH=your-path
+
+# Tencent COS Configuration
+#
+TENCENT_COS_BUCKET_NAME=your-bucket-name
+TENCENT_COS_SECRET_KEY=your-secret-key
+TENCENT_COS_SECRET_ID=your-secret-id
+TENCENT_COS_REGION=your-region
+TENCENT_COS_SCHEME=your-scheme
+
+# Oracle Storage Configuration
+#
+OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com
+OCI_BUCKET_NAME=your-bucket-name
+OCI_ACCESS_KEY=your-access-key
+OCI_SECRET_KEY=your-secret-key
+OCI_REGION=us-ashburn-1
+
+# Huawei OBS Configuration
+#
+HUAWEI_OBS_BUCKET_NAME=your-bucket-name
+HUAWEI_OBS_SECRET_KEY=your-secret-key
+HUAWEI_OBS_ACCESS_KEY=your-access-key
+HUAWEI_OBS_SERVER=your-server-url
+
+# Volcengine TOS Configuration
+#
+VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name
+VOLCENGINE_TOS_SECRET_KEY=your-secret-key
+VOLCENGINE_TOS_ACCESS_KEY=your-access-key
+VOLCENGINE_TOS_ENDPOINT=your-server-url
+VOLCENGINE_TOS_REGION=your-region
+
+# Baidu OBS Storage Configuration
+#
+BAIDU_OBS_BUCKET_NAME=your-bucket-name
+BAIDU_OBS_SECRET_KEY=your-secret-key
+BAIDU_OBS_ACCESS_KEY=your-access-key
+BAIDU_OBS_ENDPOINT=your-server-url
+
+# Supabase Storage Configuration
+#
+SUPABASE_BUCKET_NAME=your-bucket-name
+SUPABASE_API_KEY=your-access-key
+SUPABASE_URL=your-server-url
+
+# ------------------------------
+# Vector Database Configuration
+# ------------------------------
+
+# The type of vector store to use.
+# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`.
+VECTOR_STORE=weaviate
+
+# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
+WEAVIATE_ENDPOINT=http://weaviate:8080
+WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+
+# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
+QDRANT_URL=http://qdrant:6333
+QDRANT_API_KEY=difyai123456
+QDRANT_CLIENT_TIMEOUT=20
+QDRANT_GRPC_ENABLED=false
+QDRANT_GRPC_PORT=6334
+
+# Milvus configuration Only available when VECTOR_STORE is `milvus`.
+# The milvus uri.
+MILVUS_URI=http://127.0.0.1:19530
+MILVUS_TOKEN=
+MILVUS_USER=root
+MILVUS_PASSWORD=Milvus
+MILVUS_ENABLE_HYBRID_SEARCH=False
+
+# MyScale configuration, only available when VECTOR_STORE is `myscale`
+# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to:
+# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters
+MYSCALE_HOST=myscale
+MYSCALE_PORT=8123
+MYSCALE_USER=default
+MYSCALE_PASSWORD=
+MYSCALE_DATABASE=dify
+MYSCALE_FTS_PARAMS=
+
+# Couchbase configurations, only available when VECTOR_STORE is `couchbase`
+# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case)
+COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server
+COUCHBASE_USER=Administrator
+COUCHBASE_PASSWORD=password
+COUCHBASE_BUCKET_NAME=Embeddings
+COUCHBASE_SCOPE_NAME=_default
+
+# pgvector configurations, only available when VECTOR_STORE is `pgvector`
+PGVECTOR_HOST=pgvector
+PGVECTOR_PORT=5432
+PGVECTOR_USER=postgres
+PGVECTOR_PASSWORD=difyai123456
+PGVECTOR_DATABASE=dify
+PGVECTOR_MIN_CONNECTION=1
+PGVECTOR_MAX_CONNECTION=5
+
+# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs`
+PGVECTO_RS_HOST=pgvecto-rs
+PGVECTO_RS_PORT=5432
+PGVECTO_RS_USER=postgres
+PGVECTO_RS_PASSWORD=difyai123456
+PGVECTO_RS_DATABASE=dify
+
+# analyticdb configurations, only available when VECTOR_STORE is `analyticdb`
+ANALYTICDB_KEY_ID=your-ak
+ANALYTICDB_KEY_SECRET=your-sk
+ANALYTICDB_REGION_ID=cn-hangzhou
+ANALYTICDB_INSTANCE_ID=gp-ab123456
+ANALYTICDB_ACCOUNT=testaccount
+ANALYTICDB_PASSWORD=testpassword
+ANALYTICDB_NAMESPACE=dify
+ANALYTICDB_NAMESPACE_PASSWORD=difypassword
+ANALYTICDB_HOST=gp-test.aliyuncs.com
+ANALYTICDB_PORT=5432
+ANALYTICDB_MIN_CONNECTION=1
+ANALYTICDB_MAX_CONNECTION=5
+
+# TiDB vector configurations, only available when VECTOR_STORE is `tidb`
+TIDB_VECTOR_HOST=tidb
+TIDB_VECTOR_PORT=4000
+TIDB_VECTOR_USER=
+TIDB_VECTOR_PASSWORD=
+TIDB_VECTOR_DATABASE=dify
+
+# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant`
+TIDB_ON_QDRANT_URL=http://127.0.0.1
+TIDB_ON_QDRANT_API_KEY=dify
+TIDB_ON_QDRANT_CLIENT_TIMEOUT=20
+TIDB_ON_QDRANT_GRPC_ENABLED=false
+TIDB_ON_QDRANT_GRPC_PORT=6334
+TIDB_PUBLIC_KEY=dify
+TIDB_PRIVATE_KEY=dify
+TIDB_API_URL=http://127.0.0.1
+TIDB_IAM_API_URL=http://127.0.0.1
+TIDB_REGION=regions/aws-us-east-1
+TIDB_PROJECT_ID=dify
+TIDB_SPEND_LIMIT=100
+
+# Chroma configuration, only available when VECTOR_STORE is `chroma`
+CHROMA_HOST=127.0.0.1
+CHROMA_PORT=8000
+CHROMA_TENANT=default_tenant
+CHROMA_DATABASE=default_database
+CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider
+CHROMA_AUTH_CREDENTIALS=
+
+# Oracle configuration, only available when VECTOR_STORE is `oracle`
+ORACLE_HOST=oracle
+ORACLE_PORT=1521
+ORACLE_USER=dify
+ORACLE_PASSWORD=dify
+ORACLE_DATABASE=FREEPDB1
+
+# relyt configurations, only available when VECTOR_STORE is `relyt`
+RELYT_HOST=db
+RELYT_PORT=5432
+RELYT_USER=postgres
+RELYT_PASSWORD=difyai123456
+RELYT_DATABASE=postgres
+
+# open search configuration, only available when VECTOR_STORE is `opensearch`
+OPENSEARCH_HOST=opensearch
+OPENSEARCH_PORT=9200
+OPENSEARCH_USER=admin
+OPENSEARCH_PASSWORD=admin
+OPENSEARCH_SECURE=true
+
+# tencent vector configurations, only available when VECTOR_STORE is `tencent`
+TENCENT_VECTOR_DB_URL=http://127.0.0.1
+TENCENT_VECTOR_DB_API_KEY=dify
+TENCENT_VECTOR_DB_TIMEOUT=30
+TENCENT_VECTOR_DB_USERNAME=dify
+TENCENT_VECTOR_DB_DATABASE=dify
+TENCENT_VECTOR_DB_SHARD=1
+TENCENT_VECTOR_DB_REPLICAS=2
+
+# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch`
+ELASTICSEARCH_HOST=0.0.0.0
+ELASTICSEARCH_PORT=9200
+ELASTICSEARCH_USERNAME=elastic
+ELASTICSEARCH_PASSWORD=elastic
+KIBANA_PORT=5601
+
+# baidu vector configurations, only available when VECTOR_STORE is `baidu`
+BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287
+BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000
+BAIDU_VECTOR_DB_ACCOUNT=root
+BAIDU_VECTOR_DB_API_KEY=dify
+BAIDU_VECTOR_DB_DATABASE=dify
+BAIDU_VECTOR_DB_SHARD=1
+BAIDU_VECTOR_DB_REPLICAS=3
+
+# VikingDB configurations, only available when VECTOR_STORE is `vikingdb`
+VIKINGDB_ACCESS_KEY=your-ak
+VIKINGDB_SECRET_KEY=your-sk
+VIKINGDB_REGION=cn-shanghai
+VIKINGDB_HOST=api-vikingdb.xxx.volces.com
+VIKINGDB_SCHEMA=http
+VIKINGDB_CONNECTION_TIMEOUT=30
+VIKINGDB_SOCKET_TIMEOUT=30
+
+# Lindorm configuration, only available when VECTOR_STORE is `lindorm`
+LINDORM_URL=http://lindorm:30070
+LINDORM_USERNAME=lindorm
+LINDORM_PASSWORD=lindorm
+
+# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase`
+OCEANBASE_VECTOR_HOST=oceanbase
+OCEANBASE_VECTOR_PORT=2881
+OCEANBASE_VECTOR_USER=root@test
+OCEANBASE_VECTOR_PASSWORD=difyai123456
+OCEANBASE_VECTOR_DATABASE=test
+OCEANBASE_CLUSTER_NAME=difyai
+OCEANBASE_MEMORY_LIMIT=6G
+
+# Upstash Vector configuration, only available when VECTOR_STORE is `upstash`
+UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io
+UPSTASH_VECTOR_TOKEN=dify
+
+# ------------------------------
+# Knowledge Configuration
+# ------------------------------
+
+# Upload file size limit, default 15M.
+UPLOAD_FILE_SIZE_LIMIT=15
+
+# The maximum number of files that can be uploaded at a time, default 5.
+UPLOAD_FILE_BATCH_LIMIT=5
+
+# ETL type, support: `dify`, `Unstructured`
+# `dify` Dify's proprietary file extraction scheme
+# `Unstructured` Unstructured.io file extraction scheme
+ETL_TYPE=dify
+
+# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured
+# Or using Unstructured for document extractor node for pptx.
+# For example: http://unstructured:8000/general/v0/general
+UNSTRUCTURED_API_URL=
+UNSTRUCTURED_API_KEY=
+SCARF_NO_ANALYTICS=true
+
+# ------------------------------
+# Model Configuration
+# ------------------------------
+
+# The maximum number of tokens allowed for prompt generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating a prompt in the prompt generation tool.
+# Default: 512 tokens.
+PROMPT_GENERATION_MAX_TOKENS=512
+
+# The maximum number of tokens allowed for code generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating code in the code generation tool.
+# Default: 1024 tokens.
+CODE_GENERATION_MAX_TOKENS=1024
+
+# ------------------------------
+# Multi-modal Configuration
+# ------------------------------
+
+# The format of the image/video/audio/document sent when the multi-modal model is input,
+# the default is base64, optional url.
+# The delay of the call in url mode will be lower than that in base64 mode.
+# It is generally recommended to use the more compatible base64 mode.
+# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document.
+MULTIMODAL_SEND_FORMAT=base64
+# Upload image file size limit, default 10M.
+UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
+# Upload video file size limit, default 100M.
+UPLOAD_VIDEO_FILE_SIZE_LIMIT=100
+# Upload audio file size limit, default 50M.
+UPLOAD_AUDIO_FILE_SIZE_LIMIT=50
+
+# ------------------------------
+# Sentry Configuration
+# Used for application monitoring and error log tracking.
+# ------------------------------
+SENTRY_DSN=
+
+# API Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+API_SENTRY_DSN=
+# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%.
+API_SENTRY_TRACES_SAMPLE_RATE=1.0
+# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
+API_SENTRY_PROFILES_SAMPLE_RATE=1.0
+
+# Web Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+WEB_SENTRY_DSN=
+
+# ------------------------------
+# Notion Integration Configuration
+# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
+# ------------------------------
+
+# Configure as "public" or "internal".
+# Since Notion's OAuth redirect URL only supports HTTPS,
+# if deploying locally, please use Notion's internal integration.
+NOTION_INTEGRATION_TYPE=public
+# Notion OAuth client secret (used for public integration type)
+NOTION_CLIENT_SECRET=
+# Notion OAuth client id (used for public integration type)
+NOTION_CLIENT_ID=
+# Notion internal integration secret.
+# If the value of NOTION_INTEGRATION_TYPE is "internal",
+# you need to configure this variable.
+NOTION_INTERNAL_SECRET=
+
+# ------------------------------
+# Mail related configuration
+# ------------------------------
+
+# Mail type, support: resend, smtp
+MAIL_TYPE=resend
+
+# Default send from email address, if not specified
+MAIL_DEFAULT_SEND_FROM=
+
+# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`.
+RESEND_API_URL=https://api.resend.com
+RESEND_API_KEY=your-resend-api-key
+
+
+# SMTP server configuration, used when MAIL_TYPE is `smtp`
+SMTP_SERVER=
+SMTP_PORT=465
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_USE_TLS=true
+SMTP_OPPORTUNISTIC_TLS=false
+
+# ------------------------------
+# Others Configuration
+# ------------------------------
+
+# Maximum length of segmentation tokens for indexing
+INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
+
+# Member invitation link valid time (hours),
+# Default: 72.
+INVITE_EXPIRY_HOURS=72
+
+# Reset password token valid time (minutes),
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
+
+# The sandbox service endpoint.
+CODE_EXECUTION_ENDPOINT=http://sandbox:8194
+CODE_EXECUTION_API_KEY=dify-sandbox
+CODE_MAX_NUMBER=9223372036854775807
+CODE_MIN_NUMBER=-9223372036854775808
+CODE_MAX_DEPTH=5
+CODE_MAX_PRECISION=20
+CODE_MAX_STRING_LENGTH=80000
+CODE_MAX_STRING_ARRAY_LENGTH=30
+CODE_MAX_OBJECT_ARRAY_LENGTH=30
+CODE_MAX_NUMBER_ARRAY_LENGTH=1000
+CODE_EXECUTION_CONNECT_TIMEOUT=10
+CODE_EXECUTION_READ_TIMEOUT=60
+CODE_EXECUTION_WRITE_TIMEOUT=10
+TEMPLATE_TRANSFORM_MAX_LENGTH=80000
+
+# Workflow runtime configuration
+WORKFLOW_MAX_EXECUTION_STEPS=500
+WORKFLOW_MAX_EXECUTION_TIME=1200
+WORKFLOW_CALL_MAX_DEPTH=5
+MAX_VARIABLE_SIZE=204800
+WORKFLOW_PARALLEL_DEPTH_LIMIT=3
+WORKFLOW_FILE_UPLOAD_LIMIT=10
+
+# HTTP request node in workflow configuration
+HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
+HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576
+
+# SSRF Proxy server HTTP URL
+SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
+# SSRF Proxy server HTTPS URL
+SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
+
+# ------------------------------
+# Environment Variables for web Service
+# ------------------------------
+
+# The timeout for the text generation in millisecond
+TEXT_GENERATION_TIMEOUT_MS=60000
+
+# ------------------------------
+# Environment Variables for db Service
+# ------------------------------
+
+PGUSER=${DB_USERNAME}
+# The password for the default postgres user.
+POSTGRES_PASSWORD=${DB_PASSWORD}
+# The name of the default postgres database.
+POSTGRES_DB=${DB_DATABASE}
+# postgres data directory
+PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for sandbox Service
+# ------------------------------
+
+# The API key for the sandbox service
+SANDBOX_API_KEY=dify-sandbox
+# The mode in which the Gin framework runs
+SANDBOX_GIN_MODE=release
+# The timeout for the worker in seconds
+SANDBOX_WORKER_TIMEOUT=15
+# Enable network for the sandbox service
+SANDBOX_ENABLE_NETWORK=true
+# HTTP proxy URL for SSRF protection
+SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
+# HTTPS proxy URL for SSRF protection
+SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
+# The port on which the sandbox service runs
+SANDBOX_PORT=8194
+
+# ------------------------------
+# Environment Variables for weaviate Service
+# (only used when VECTOR_STORE is weaviate)
+# ------------------------------
+WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate
+WEAVIATE_QUERY_DEFAULTS_LIMIT=25
+WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
+WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
+WEAVIATE_CLUSTER_HOSTNAME=node1
+WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
+WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
+WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
+WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
+
+# ------------------------------
+# Environment Variables for Chroma
+# (only used when VECTOR_STORE is chroma)
+# ------------------------------
+
+# Authentication credentials for Chroma server
+CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456
+# Authentication provider for Chroma server
+CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
+# Persistence setting for Chroma server
+CHROMA_IS_PERSISTENT=TRUE
+
+# ------------------------------
+# Environment Variables for Oracle Service
+# (only used when VECTOR_STORE is Oracle)
+# ------------------------------
+ORACLE_PWD=Dify123456
+ORACLE_CHARACTERSET=AL32UTF8
+
+# ------------------------------
+# Environment Variables for milvus Service
+# (only used when VECTOR_STORE is milvus)
+# ------------------------------
+# ETCD configuration for auto compaction mode
+ETCD_AUTO_COMPACTION_MODE=revision
+# ETCD configuration for auto compaction retention in terms of number of revisions
+ETCD_AUTO_COMPACTION_RETENTION=1000
+# ETCD configuration for backend quota in bytes
+ETCD_QUOTA_BACKEND_BYTES=4294967296
+# ETCD configuration for the number of changes before triggering a snapshot
+ETCD_SNAPSHOT_COUNT=50000
+# MinIO access key for authentication
+MINIO_ACCESS_KEY=minioadmin
+# MinIO secret key for authentication
+MINIO_SECRET_KEY=minioadmin
+# ETCD service endpoints
+ETCD_ENDPOINTS=etcd:2379
+# MinIO service address
+MINIO_ADDRESS=minio:9000
+# Enable or disable security authorization
+MILVUS_AUTHORIZATION_ENABLED=true
+
+# ------------------------------
+# Environment Variables for pgvector / pgvector-rs Service
+# (only used when VECTOR_STORE is pgvector / pgvector-rs)
+# ------------------------------
+PGVECTOR_PGUSER=postgres
+# The password for the default postgres user.
+PGVECTOR_POSTGRES_PASSWORD=difyai123456
+# The name of the default postgres database.
+PGVECTOR_POSTGRES_DB=dify
+# postgres data directory
+PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for opensearch
+# (only used when VECTOR_STORE is opensearch)
+# ------------------------------
+OPENSEARCH_DISCOVERY_TYPE=single-node
+OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true
+OPENSEARCH_JAVA_OPTS_MIN=512m
+OPENSEARCH_JAVA_OPTS_MAX=1024m
+OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123
+OPENSEARCH_MEMLOCK_SOFT=-1
+OPENSEARCH_MEMLOCK_HARD=-1
+OPENSEARCH_NOFILE_SOFT=65536
+OPENSEARCH_NOFILE_HARD=65536
+
+# ------------------------------
+# Environment Variables for Nginx reverse proxy
+# ------------------------------
+NGINX_SERVER_NAME=_
+NGINX_HTTPS_ENABLED=false
+# HTTP port
+NGINX_PORT=80
+# SSL settings are only applied when HTTPS_ENABLED is true
+NGINX_SSL_PORT=443
+# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
+# and modify the env vars below accordingly.
+NGINX_SSL_CERT_FILENAME=dify.crt
+NGINX_SSL_CERT_KEY_FILENAME=dify.key
+NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3
+
+# Nginx performance tuning
+NGINX_WORKER_PROCESSES=auto
+NGINX_CLIENT_MAX_BODY_SIZE=15M
+NGINX_KEEPALIVE_TIMEOUT=65
+
+# Proxy settings
+NGINX_PROXY_READ_TIMEOUT=3600s
+NGINX_PROXY_SEND_TIMEOUT=3600s
+
+# Set true to accept requests for /.well-known/acme-challenge/
+NGINX_ENABLE_CERTBOT_CHALLENGE=false
+
+# ------------------------------
+# Certbot Configuration
+# ------------------------------
+
+# Email address (required to get certificates from Let's Encrypt)
+CERTBOT_EMAIL=your_email@example.com
+
+# Domain name
+CERTBOT_DOMAIN=your_domain.com
+
+# certbot command options
+# i.e: --force-renewal --dry-run --test-cert --debug
+CERTBOT_OPTIONS=
+
+# ------------------------------
+# Environment Variables for SSRF Proxy
+# ------------------------------
+SSRF_HTTP_PORT=3128
+SSRF_COREDUMP_DIR=/var/spool/squid
+SSRF_REVERSE_PROXY_PORT=8194
+SSRF_SANDBOX_HOST=sandbox
+SSRF_DEFAULT_TIME_OUT=5
+SSRF_DEFAULT_CONNECT_TIME_OUT=5
+SSRF_DEFAULT_READ_TIME_OUT=5
+SSRF_DEFAULT_WRITE_TIME_OUT=5
+
+# ------------------------------
+# docker env var for specifying vector db type at startup
+# (based on the vector db type, the corresponding docker
+# compose profile will be used)
+# if you want to use unstructured, add ',unstructured' to the end
+# ------------------------------
+COMPOSE_PROFILES=${VECTOR_STORE:-weaviate}
+
+# ------------------------------
+# Docker Compose Service Expose Host Port Configurations
+# ------------------------------
+EXPOSE_NGINX_PORT=80
+EXPOSE_NGINX_SSL_PORT=443
+
+# ----------------------------------------------------------------------------
+# ModelProvider & Tool Position Configuration
+# Used to specify the model providers and tools that can be used in the app.
+# ----------------------------------------------------------------------------
+
+# Pin, include, and exclude tools
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_TOOL_PINS=bing,google
+POSITION_TOOL_PINS=
+POSITION_TOOL_INCLUDES=
+POSITION_TOOL_EXCLUDES=
+
+# Pin, include, and exclude model providers
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_PROVIDER_PINS=openai,openllm
+POSITION_PROVIDER_PINS=
+POSITION_PROVIDER_INCLUDES=
+POSITION_PROVIDER_EXCLUDES=
+
+# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+CSP_WHITELIST=
+
+# Enable or disable create tidb service job
+CREATE_TIDB_SERVICE_JOB_ENABLED=false
+
+# Maximum number of submitted thread count in a ThreadPool for parallel node execution
+MAX_SUBMIT_COUNT=100
+
+# The maximum number of top-k value for RAG.
+TOP_K_MAX_VALUE=10
diff --git a/appstore/dify/0.15.3/envs/global.env b/appstore/dify/0.15.3/envs/global.env
new file mode 100644
index 00000000..e10989fe
--- /dev/null
+++ b/appstore/dify/0.15.3/envs/global.env
@@ -0,0 +1,2 @@
+# copyright© 2024 XinJiang Ms Studio
+TZ=Asia/Shanghai
diff --git a/appstore/dify/0.15.3/scripts/init.sh b/appstore/dify/0.15.3/scripts/init.sh
new file mode 100644
index 00000000..2f4cc2a2
--- /dev/null
+++ b/appstore/dify/0.15.3/scripts/init.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ -f .env ]; then
+ source .env
+
+ # setup-1 add default values
+ CURRENT_DIR=$(pwd)
+ sed -i '/^ENV_FILE=/d' .env
+ sed -i '/^GLOBAL_ENV_FILE=/d' .env
+ echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env
+ echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env
+ echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env
+
+ # setup-2 update dir permissions
+ mkdir -p "$DIFY_ROOT_PATH"
+
+ cp -r conf/. "$DIFY_ROOT_PATH/"
+
+ echo "Check Finish."
+
+else
+ echo "Error: .env file not found."
+fi
diff --git a/appstore/dify/0.15.3/scripts/uninstall.sh b/appstore/dify/0.15.3/scripts/uninstall.sh
new file mode 100644
index 00000000..c86c4fbc
--- /dev/null
+++ b/appstore/dify/0.15.3/scripts/uninstall.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ -f .env ]; then
+ source .env
+
+ echo "Check Finish."
+
+else
+ echo "Error: .env file not found."
+fi
diff --git a/appstore/dify/0.15.3/scripts/upgrade.sh b/appstore/dify/0.15.3/scripts/upgrade.sh
new file mode 100644
index 00000000..2bf20e99
--- /dev/null
+++ b/appstore/dify/0.15.3/scripts/upgrade.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+if [ -f .env ]; then
+ source .env
+
+ # setup-1 add default values
+ CURRENT_DIR=$(pwd)
+ sed -i '/^ENV_FILE=/d' .env
+ sed -i '/^GLOBAL_ENV_FILE=/d' .env
+ echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env
+ echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env
+ echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env
+
+ # setup-2 update dir permissions
+ mkdir -p "$DIFY_ROOT_PATH"
+
+ if [ -d "conf" ]; then
+ find conf -type f | while read -r file; do
+ dest="$DIFY_ROOT_PATH/${file#conf/}"
+ if [ ! -e "$dest" ]; then
+ mkdir -p "$(dirname "$dest")"
+ cp "$file" "$dest"
+ fi
+ done
+ echo "Conf files copied to $DIFY_ROOT_PATH."
+ else
+ echo "Warning: conf directory not found."
+ fi
+
+ echo "Check Finish."
+
+else
+ echo "Error: .env file not found."
+fi
diff --git a/appstore/dify/README.md b/appstore/dify/README.md
new file mode 100644
index 00000000..80b39160
--- /dev/null
+++ b/appstore/dify/README.md
@@ -0,0 +1,121 @@
+# Dify
+
+Dify 是一个开源的 LLM 应用开发平台。其直观的界面结合了 AI 工作流、RAG 管道、Agent、模型管理、可观测性功能等,让您可以快速从原型到生产
+
+
+
+
+
+## 简介
+
+### 工作流
+
+在画布上构建和测试功能强大的 AI 工作流程,利用以下所有功能以及更多功能
+
+### 全面的模型支持
+
+与数百种专有/开源 LLMs 以及数十种推理提供商和自托管解决方案无缝集成,涵盖 GPT、Mistral、Llama3 以及任何与 OpenAI API 兼容的模型
+
+### Prompt IDE
+
+用于制作提示、比较模型性能以及向基于聊天的应用程序添加其他功能(如文本转语音)的直观界面
+
+### RAG Pipeline
+
+广泛的 RAG 功能,涵盖从文档摄入到检索的所有内容,支持从 PDF、PPT 和其他常见文档格式中提取文本的开箱即用的支持
+
+### Agent 智能体
+
+您可以基于 LLM 函数调用或 ReAct 定义 Agent,并为 Agent 添加预构建或自定义工具。Dify 为 AI Agent
+提供了50多种内置工具,如谷歌搜索、DALL·E、Stable Diffusion 和 WolframAlpha 等
+
+### LLMOps
+
+随时间监视和分析应用程序日志和性能。您可以根据生产数据和标注持续改进提示、数据集和模型
+
+### 后端即服务
+
+所有 Dify 的功能都带有相应的 API,因此您可以轻松地将 Dify 集成到自己的业务逻辑中
+
+## 功能比较
+
+
+
+ | 功能 |
+ Dify.AI |
+ LangChain |
+ Flowise |
+ OpenAI Assistant API |
+
+
+ | 编程方法 |
+ API + 应用程序导向 |
+ Python 代码 |
+ 应用程序导向 |
+ API 导向 |
+
+
+ | 支持的 LLMs |
+ 丰富多样 |
+ 丰富多样 |
+ 丰富多样 |
+ 仅限 OpenAI |
+
+
+ | RAG引擎 |
+ ✅ |
+ ✅ |
+ ✅ |
+ ✅ |
+
+
+ | Agent |
+ ✅ |
+ ✅ |
+ ❌ |
+ ✅ |
+
+
+ | 工作流 |
+ ✅ |
+ ❌ |
+ ✅ |
+ ❌ |
+
+
+ | 可观测性 |
+ ✅ |
+ ✅ |
+ ❌ |
+ ❌ |
+
+
+ | 企业功能(SSO/访问控制) |
+ ✅ |
+ ❌ |
+ ❌ |
+ ❌ |
+
+
+ | 本地部署 |
+ ✅ |
+ ✅ |
+ ✅ |
+ ❌ |
+
+
+
+## 安装说明
+
+在安装 Dify 之前,请确保您的机器满足以下最低系统要求:
+
++ CPU >= 2 Core
++ RAM >= 4 GiB
+
+## 修改配置
+
+应用安装后,如有需要的配置,请修改应用目录下的 `.env` 文件
+
+---
+
+
diff --git a/appstore/dify/data.yml b/appstore/dify/data.yml
new file mode 100644
index 00000000..5f219230
--- /dev/null
+++ b/appstore/dify/data.yml
@@ -0,0 +1,14 @@
+additionalProperties:
+ key: dify
+ name: Dify
+ tags:
+ - WebSite
+ - Local
+ shortDescZh: Dify 是一个开源的 LLM 应用开发平台
+ shortDescEn: Dify is an open-source LLM application development platform
+ type: website
+ crossVersionUpdate: true
+ limit: 0
+ website: https://dify.ai/
+ github: https://github.com/langgenius/dify/
+ document: https://docs.dify.ai/
diff --git a/appstore/dify/logo.png b/appstore/dify/logo.png
new file mode 100644
index 00000000..82eaea8a
Binary files /dev/null and b/appstore/dify/logo.png differ
diff --git a/dockge/dify/.env b/dockge/dify/.env
new file mode 100644
index 00000000..def4d50c
--- /dev/null
+++ b/dockge/dify/.env
@@ -0,0 +1,24 @@
+# 数据持久化路径 [必填]
+DIFY_ROOT_PATH=/home/dify
+
+# WebUI 端口 [必填]
+PANEL_APP_PORT_HTTP=8080
+
+# WebUI SSL 端口 [必填]
+PANEL_APP_PORT_HTTPS=8443
+
+# Milvus 端口 [必填]
+MILVUS_STANDALONE_PORT1=19530
+
+# Milvus 端口 [必填]
+MILVUS_STANDALONE_PORT2=9091
+
+# MyScale 端口 [必填]
+MYSCALE_PORT=8123
+
+# Elasticsearch 端口 [必填]
+ELASTICSEARCH_PORT=9200
+
+# Kibana 端口 [必填]
+KIBANA_PORT=5601
+
diff --git a/dockge/dify/conf/certbot/README.md b/dockge/dify/conf/certbot/README.md
new file mode 100644
index 00000000..21be34b3
--- /dev/null
+++ b/dockge/dify/conf/certbot/README.md
@@ -0,0 +1,76 @@
+# Launching new servers with SSL certificates
+
+## Short description
+
+docker compose certbot configurations with Backward compatibility (without certbot container).
+Use `docker compose --profile certbot up` to use this features.
+
+## The simplest way for launching new servers with SSL certificates
+
+1. Get letsencrypt certs
+ set `.env` values
+ ```properties
+ NGINX_SSL_CERT_FILENAME=fullchain.pem
+ NGINX_SSL_CERT_KEY_FILENAME=privkey.pem
+ NGINX_ENABLE_CERTBOT_CHALLENGE=true
+ CERTBOT_DOMAIN=your_domain.com
+ CERTBOT_EMAIL=example@your_domain.com
+ ```
+ execute command:
+ ```shell
+ docker network prune
+ docker compose --profile certbot up --force-recreate -d
+ ```
+ then after the containers launched:
+ ```shell
+ docker compose exec -it certbot /bin/sh /update-cert.sh
+ ```
+2. Edit `.env` file and `docker compose --profile certbot up` again.
+ set `.env` value additionally
+ ```properties
+ NGINX_HTTPS_ENABLED=true
+ ```
+ execute command:
+ ```shell
+ docker compose --profile certbot up -d --no-deps --force-recreate nginx
+ ```
+ Then you can access your serve with HTTPS.
+ [https://your_domain.com](https://your_domain.com)
+
+## SSL certificates renewal
+
+For SSL certificates renewal, execute commands below:
+
+```shell
+docker compose exec -it certbot /bin/sh /update-cert.sh
+docker compose exec nginx nginx -s reload
+```
+
+## Options for certbot
+
+`CERTBOT_OPTIONS` key might be helpful for testing. i.e.,
+
+```properties
+CERTBOT_OPTIONS=--dry-run
+```
+
+To apply changes to `CERTBOT_OPTIONS`, regenerate the certbot container before updating the certificates.
+
+```shell
+docker compose --profile certbot up -d --no-deps --force-recreate certbot
+docker compose exec -it certbot /bin/sh /update-cert.sh
+```
+
+Then, reload the nginx container if necessary.
+
+```shell
+docker compose exec nginx nginx -s reload
+```
+
+## For legacy servers
+
+To use cert files dir `nginx/ssl` as before, simply launch containers WITHOUT `--profile certbot` option.
+
+```shell
+docker compose up -d
+```
diff --git a/dockge/dify/conf/certbot/docker-entrypoint.sh b/dockge/dify/conf/certbot/docker-entrypoint.sh
new file mode 100644
index 00000000..a70ecd82
--- /dev/null
+++ b/dockge/dify/conf/certbot/docker-entrypoint.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+
+printf '%s\n' "Docker entrypoint script is running"
+
+printf '%s\n' "\nChecking specific environment variables:"
+printf '%s\n' "CERTBOT_EMAIL: ${CERTBOT_EMAIL:-Not set}"
+printf '%s\n' "CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-Not set}"
+printf '%s\n' "CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-Not set}"
+
+printf '%s\n' "\nChecking mounted directories:"
+for dir in "/etc/letsencrypt" "/var/www/html" "/var/log/letsencrypt"; do
+ if [ -d "$dir" ]; then
+ printf '%s\n' "$dir exists. Contents:"
+ ls -la "$dir"
+ else
+ printf '%s\n' "$dir does not exist."
+ fi
+done
+
+printf '%s\n' "\nGenerating update-cert.sh from template"
+sed -e "s|\${CERTBOT_EMAIL}|$CERTBOT_EMAIL|g" \
+ -e "s|\${CERTBOT_DOMAIN}|$CERTBOT_DOMAIN|g" \
+ -e "s|\${CERTBOT_OPTIONS}|$CERTBOT_OPTIONS|g" \
+ /update-cert.template.txt > /update-cert.sh
+
+chmod +x /update-cert.sh
+
+printf '%s\n' "\nExecuting command:" "$@"
+exec "$@"
diff --git a/dockge/dify/conf/certbot/update-cert.template.txt b/dockge/dify/conf/certbot/update-cert.template.txt
new file mode 100644
index 00000000..16786a19
--- /dev/null
+++ b/dockge/dify/conf/certbot/update-cert.template.txt
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -e
+
+DOMAIN="${CERTBOT_DOMAIN}"
+EMAIL="${CERTBOT_EMAIL}"
+OPTIONS="${CERTBOT_OPTIONS}"
+CERT_NAME="${DOMAIN}" # 証明書名をドメイン名と同じにする
+
+# Check if the certificate already exists
+if [ -f "/etc/letsencrypt/renewal/${CERT_NAME}.conf" ]; then
+ echo "Certificate exists. Attempting to renew..."
+ certbot renew --noninteractive --cert-name ${CERT_NAME} --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email ${OPTIONS}
+else
+ echo "Certificate does not exist. Obtaining a new certificate..."
+ certbot certonly --noninteractive --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email -d ${DOMAIN} ${OPTIONS}
+fi
+echo "Certificate operation successful"
+# Note: Nginx reload should be handled outside this container
+echo "Please ensure to reload Nginx to apply any certificate changes."
diff --git a/dockge/dify/conf/couchbase-server/Dockerfile b/dockge/dify/conf/couchbase-server/Dockerfile
new file mode 100644
index 00000000..bd8af641
--- /dev/null
+++ b/dockge/dify/conf/couchbase-server/Dockerfile
@@ -0,0 +1,4 @@
+FROM couchbase/server:latest AS stage_base
+# FROM couchbase:latest AS stage_base
+COPY init-cbserver.sh /opt/couchbase/init/
+RUN chmod +x /opt/couchbase/init/init-cbserver.sh
\ No newline at end of file
diff --git a/dockge/dify/conf/couchbase-server/init-cbserver.sh b/dockge/dify/conf/couchbase-server/init-cbserver.sh
new file mode 100644
index 00000000..e66bc185
--- /dev/null
+++ b/dockge/dify/conf/couchbase-server/init-cbserver.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# used to start couchbase server - can't get around this as docker compose only allows you to start one command - so we have to start couchbase like the standard couchbase Dockerfile would
+# https://github.com/couchbase/docker/blob/master/enterprise/couchbase-server/7.2.0/Dockerfile#L88
+
+/entrypoint.sh couchbase-server &
+
+# track if setup is complete so we don't try to setup again
+FILE=/opt/couchbase/init/setupComplete.txt
+
+if ! [ -f "$FILE" ]; then
+ # used to automatically create the cluster based on environment variables
+ # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-cluster-init.html
+
+ echo $COUCHBASE_ADMINISTRATOR_USERNAME ":" $COUCHBASE_ADMINISTRATOR_PASSWORD
+
+ sleep 20s
+ /opt/couchbase/bin/couchbase-cli cluster-init -c 127.0.0.1 \
+ --cluster-username $COUCHBASE_ADMINISTRATOR_USERNAME \
+ --cluster-password $COUCHBASE_ADMINISTRATOR_PASSWORD \
+ --services data,index,query,fts \
+ --cluster-ramsize $COUCHBASE_RAM_SIZE \
+ --cluster-index-ramsize $COUCHBASE_INDEX_RAM_SIZE \
+ --cluster-eventing-ramsize $COUCHBASE_EVENTING_RAM_SIZE \
+ --cluster-fts-ramsize $COUCHBASE_FTS_RAM_SIZE \
+ --index-storage-setting default
+
+ sleep 2s
+
+ # used to auto create the bucket based on environment variables
+ # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-bucket-create.html
+
+ /opt/couchbase/bin/couchbase-cli bucket-create -c localhost:8091 \
+ --username $COUCHBASE_ADMINISTRATOR_USERNAME \
+ --password $COUCHBASE_ADMINISTRATOR_PASSWORD \
+ --bucket $COUCHBASE_BUCKET \
+ --bucket-ramsize $COUCHBASE_BUCKET_RAMSIZE \
+ --bucket-type couchbase
+
+ # create file so we know that the cluster is setup and don't run the setup again
+ touch $FILE
+fi
+ # docker compose will stop the container from running unless we do this
+ # known issue and workaround
+ tail -f /dev/null
diff --git a/dockge/dify/conf/elasticsearch/docker-entrypoint.sh b/dockge/dify/conf/elasticsearch/docker-entrypoint.sh
new file mode 100644
index 00000000..6669aec5
--- /dev/null
+++ b/dockge/dify/conf/elasticsearch/docker-entrypoint.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+if [ "${VECTOR_STORE}" = "elasticsearch-ja" ]; then
+ # Check if the ICU tokenizer plugin is installed
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-icu; then
+ printf '%s\n' "Installing the ICU tokenizer plugin"
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu; then
+ printf '%s\n' "Failed to install the ICU tokenizer plugin"
+ exit 1
+ fi
+ fi
+ # Check if the Japanese language analyzer plugin is installed
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-kuromoji; then
+ printf '%s\n' "Installing the Japanese language analyzer plugin"
+ if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji; then
+ printf '%s\n' "Failed to install the Japanese language analyzer plugin"
+ exit 1
+ fi
+ fi
+fi
+
+# Run the original entrypoint script
+exec /bin/tini -- /usr/local/bin/docker-entrypoint.sh
diff --git a/dockge/dify/conf/nginx/conf.d/default.conf.template b/dockge/dify/conf/nginx/conf.d/default.conf.template
new file mode 100644
index 00000000..9691122c
--- /dev/null
+++ b/dockge/dify/conf/nginx/conf.d/default.conf.template
@@ -0,0 +1,37 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+server {
+ listen ${NGINX_PORT};
+ server_name ${NGINX_SERVER_NAME};
+
+ location /console/api {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location /api {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location /v1 {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location /files {
+ proxy_pass http://api:5001;
+ include proxy.conf;
+ }
+
+ location / {
+ proxy_pass http://web:3000;
+ include proxy.conf;
+ }
+
+ # placeholder for acme challenge location
+ ${ACME_CHALLENGE_LOCATION}
+
+ # placeholder for https config defined in https.conf.template
+ ${HTTPS_CONFIG}
+}
diff --git a/dockge/dify/conf/nginx/docker-entrypoint.sh b/dockge/dify/conf/nginx/docker-entrypoint.sh
new file mode 100644
index 00000000..d343cb3e
--- /dev/null
+++ b/dockge/dify/conf/nginx/docker-entrypoint.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then
+ # Check if the certificate and key files for the specified domain exist
+ if [ -n "${CERTBOT_DOMAIN}" ] && \
+ [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \
+ [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then
+ SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}"
+ SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}"
+ else
+ SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}"
+ SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}"
+ fi
+ export SSL_CERTIFICATE_PATH
+ export SSL_CERTIFICATE_KEY_PATH
+
+ # set the HTTPS_CONFIG environment variable to the content of the https.conf.template
+ HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template)
+ export HTTPS_CONFIG
+ # Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template
+ envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+fi
+
+if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then
+ ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }'
+else
+ ACME_CHALLENGE_LOCATION=''
+fi
+export ACME_CHALLENGE_LOCATION
+
+env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -)
+
+envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf
+
+envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+
+# Start Nginx using the default entrypoint
+exec nginx -g 'daemon off;'
\ No newline at end of file
diff --git a/dockge/dify/conf/nginx/https.conf.template b/dockge/dify/conf/nginx/https.conf.template
new file mode 100644
index 00000000..95ea36f4
--- /dev/null
+++ b/dockge/dify/conf/nginx/https.conf.template
@@ -0,0 +1,9 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+listen ${NGINX_SSL_PORT} ssl;
+ssl_certificate ${SSL_CERTIFICATE_PATH};
+ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH};
+ssl_protocols ${NGINX_SSL_PROTOCOLS};
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
\ No newline at end of file
diff --git a/dockge/dify/conf/nginx/nginx.conf.template b/dockge/dify/conf/nginx/nginx.conf.template
new file mode 100644
index 00000000..32a57165
--- /dev/null
+++ b/dockge/dify/conf/nginx/nginx.conf.template
@@ -0,0 +1,34 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+user nginx;
+worker_processes ${NGINX_WORKER_PROCESSES};
+
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT};
+
+ #gzip on;
+ client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};
+
+ include /etc/nginx/conf.d/*.conf;
+}
\ No newline at end of file
diff --git a/dockge/dify/conf/nginx/proxy.conf.template b/dockge/dify/conf/nginx/proxy.conf.template
new file mode 100644
index 00000000..117f8061
--- /dev/null
+++ b/dockge/dify/conf/nginx/proxy.conf.template
@@ -0,0 +1,11 @@
+# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
+
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Port $server_port;
+proxy_http_version 1.1;
+proxy_set_header Connection "";
+proxy_buffering off;
+proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT};
+proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT};
diff --git a/dockge/dify/conf/nginx/ssl/.gitkeep b/dockge/dify/conf/nginx/ssl/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh b/dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh
new file mode 100644
index 00000000..613897bb
--- /dev/null
+++ b/dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Modified based on Squid OCI image entrypoint
+
+# This entrypoint aims to forward the squid logs to stdout to assist users of
+# common container related tooling (e.g., kubernetes, docker-compose, etc) to
+# access the service logs.
+
+# Moreover, it invokes the squid binary, leaving all the desired parameters to
+# be provided by the "command" passed to the spawned container. If no command
+# is provided by the user, the default behavior (as per the CMD statement in
+# the Dockerfile) will be to use Ubuntu's default configuration [1] and run
+# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided
+# systemd unit.
+
+# [1] The default configuration is changed in the Dockerfile to allow local
+# network connections. See the Dockerfile for further information.
+
+echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process"
+if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
+ /usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1
+fi
+
+tail -F /var/log/squid/access.log 2>/dev/null &
+tail -F /var/log/squid/error.log 2>/dev/null &
+tail -F /var/log/squid/store.log 2>/dev/null &
+tail -F /var/log/squid/cache.log 2>/dev/null &
+
+# Replace environment variables in the template and output to the squid.conf
+echo "[ENTRYPOINT] replacing environment variables in the template"
+awk '{
+ while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) {
+ var = substr($0, RSTART+2, RLENGTH-3)
+ val = ENVIRON[var]
+ $0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH)
+ }
+ print
+}' /etc/squid/squid.conf.template > /etc/squid/squid.conf
+
+/usr/sbin/squid -Nz
+echo "[ENTRYPOINT] starting squid"
+/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1
diff --git a/dockge/dify/conf/ssrf_proxy/squid.conf.template b/dockge/dify/conf/ssrf_proxy/squid.conf.template
new file mode 100644
index 00000000..676fe737
--- /dev/null
+++ b/dockge/dify/conf/ssrf_proxy/squid.conf.template
@@ -0,0 +1,51 @@
+acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+acl SSL_ports port 443
+# acl SSL_ports port 1025-65535 # Enable the configuration to resolve this issue: https://github.com/langgenius/dify/issues/12792
+acl Safe_ports port 80 # http
+acl Safe_ports port 21 # ftp
+acl Safe_ports port 443 # https
+acl Safe_ports port 70 # gopher
+acl Safe_ports port 210 # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280 # http-mgmt
+acl Safe_ports port 488 # gss-http
+acl Safe_ports port 591 # filemaker
+acl Safe_ports port 777 # multiling http
+acl CONNECT method CONNECT
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localhost manager
+http_access deny manager
+http_access allow localhost
+include /etc/squid/conf.d/*.conf
+http_access deny all
+
+################################## Proxy Server ################################
+http_port ${HTTP_PORT}
+coredump_dir ${COREDUMP_DIR}
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
+refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
+refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+refresh_pattern . 0 20% 4320
+
+
+# cache_dir ufs /var/spool/squid 100 16 256
+# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks
+# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default
+
+################################## Reverse Proxy To Sandbox ################################
+http_port ${REVERSE_PROXY_PORT} accel vhost
+cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
+acl src_all src all
+http_access allow src_all
diff --git a/dockge/dify/conf/startupscripts/init.sh b/dockge/dify/conf/startupscripts/init.sh
new file mode 100644
index 00000000..c6e6e196
--- /dev/null
+++ b/dockge/dify/conf/startupscripts/init.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+DB_INITIALIZED="/opt/oracle/oradata/dbinit"
+#[ -f ${DB_INITIALIZED} ] && exit
+#touch ${DB_INITIALIZED}
+if [ -f ${DB_INITIALIZED} ]; then
+ echo 'File exists. Standards for have been Init'
+ exit
+else
+ echo 'File does not exist. Standards for first time Start up this DB'
+ "$ORACLE_HOME"/bin/sqlplus -s "/ as sysdba" @"/opt/oracle/scripts/startup/init_user.script";
+ touch ${DB_INITIALIZED}
+fi
diff --git a/dockge/dify/conf/startupscripts/init_user.script b/dockge/dify/conf/startupscripts/init_user.script
new file mode 100644
index 00000000..7aa7c280
--- /dev/null
+++ b/dockge/dify/conf/startupscripts/init_user.script
@@ -0,0 +1,10 @@
+show pdbs;
+ALTER SYSTEM SET PROCESSES=500 SCOPE=SPFILE;
+alter session set container= freepdb1;
+create user dify identified by dify DEFAULT TABLESPACE users quota unlimited on users;
+grant DB_DEVELOPER_ROLE to dify;
+
+BEGIN
+CTX_DDL.CREATE_PREFERENCE('my_chinese_vgram_lexer','CHINESE_VGRAM_LEXER');
+END;
+/
diff --git a/dockge/dify/conf/tidb/config/pd.toml b/dockge/dify/conf/tidb/config/pd.toml
new file mode 100644
index 00000000..042b251e
--- /dev/null
+++ b/dockge/dify/conf/tidb/config/pd.toml
@@ -0,0 +1,4 @@
+# PD Configuration File reference:
+# https://docs.pingcap.com/tidb/stable/pd-configuration-file#pd-configuration-file
+[replication]
+max-replicas = 1
\ No newline at end of file
diff --git a/dockge/dify/conf/tidb/config/tiflash-learner.toml b/dockge/dify/conf/tidb/config/tiflash-learner.toml
new file mode 100644
index 00000000..5098829a
--- /dev/null
+++ b/dockge/dify/conf/tidb/config/tiflash-learner.toml
@@ -0,0 +1,13 @@
+# TiFlash tiflash-learner.toml Configuration File reference:
+# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflash-learnertoml-file
+
+log-file = "/logs/tiflash_tikv.log"
+
+[server]
+engine-addr = "tiflash:4030"
+addr = "0.0.0.0:20280"
+advertise-addr = "tiflash:20280"
+status-addr = "tiflash:20292"
+
+[storage]
+data-dir = "/data/flash"
diff --git a/dockge/dify/conf/tidb/config/tiflash.toml b/dockge/dify/conf/tidb/config/tiflash.toml
new file mode 100644
index 00000000..30ac13ef
--- /dev/null
+++ b/dockge/dify/conf/tidb/config/tiflash.toml
@@ -0,0 +1,19 @@
+# TiFlash tiflash.toml Configuration File reference:
+# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflashtoml-file
+
+listen_host = "0.0.0.0"
+path = "/data"
+
+[flash]
+tidb_status_addr = "tidb:10080"
+service_addr = "tiflash:4030"
+
+[flash.proxy]
+config = "/tiflash-learner.toml"
+
+[logger]
+errorlog = "/logs/tiflash_error.log"
+log = "/logs/tiflash.log"
+
+[raft]
+pd_addr = "pd0:2379"
diff --git a/dockge/dify/conf/tidb/docker-compose.yaml b/dockge/dify/conf/tidb/docker-compose.yaml
new file mode 100644
index 00000000..fa157701
--- /dev/null
+++ b/dockge/dify/conf/tidb/docker-compose.yaml
@@ -0,0 +1,62 @@
+services:
+ pd0:
+ image: pingcap/pd:v8.5.1
+ # ports:
+ # - "2379"
+ volumes:
+ - ./config/pd.toml:/pd.toml:ro
+ - ./volumes/data:/data
+ - ./volumes/logs:/logs
+ command:
+ - --name=pd0
+ - --client-urls=http://0.0.0.0:2379
+ - --peer-urls=http://0.0.0.0:2380
+ - --advertise-client-urls=http://pd0:2379
+ - --advertise-peer-urls=http://pd0:2380
+ - --initial-cluster=pd0=http://pd0:2380
+ - --data-dir=/data/pd
+ - --config=/pd.toml
+ - --log-file=/logs/pd.log
+ restart: on-failure
+ tikv:
+ image: pingcap/tikv:v8.5.1
+ volumes:
+ - ./volumes/data:/data
+ - ./volumes/logs:/logs
+ command:
+ - --addr=0.0.0.0:20160
+ - --advertise-addr=tikv:20160
+ - --status-addr=tikv:20180
+ - --data-dir=/data/tikv
+ - --pd=pd0:2379
+ - --log-file=/logs/tikv.log
+ depends_on:
+ - "pd0"
+ restart: on-failure
+ tidb:
+ image: pingcap/tidb:v8.5.1
+ # ports:
+ # - "4000:4000"
+ volumes:
+ - ./volumes/logs:/logs
+ command:
+ - --advertise-address=tidb
+ - --store=tikv
+ - --path=pd0:2379
+ - --log-file=/logs/tidb.log
+ depends_on:
+ - "tikv"
+ restart: on-failure
+ tiflash:
+ image: pingcap/tiflash:v8.5.1
+ volumes:
+ - ./config/tiflash.toml:/tiflash.toml:ro
+ - ./config/tiflash-learner.toml:/tiflash-learner.toml:ro
+ - ./volumes/data:/data
+ - ./volumes/logs:/logs
+ command:
+ - --config=/tiflash.toml
+ depends_on:
+ - "tikv"
+ - "tidb"
+ restart: on-failure
diff --git a/dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml b/dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml
new file mode 100644
index 00000000..67f24b69
--- /dev/null
+++ b/dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml
@@ -0,0 +1,17 @@
+
+
+
+
+
+ ::1
+ 127.0.0.1
+ 10.0.0.0/8
+ 172.16.0.0/12
+ 192.168.0.0/16
+
+ default
+ default
+ 1
+
+
+
\ No newline at end of file
diff --git a/dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql b/dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql
new file mode 100644
index 00000000..3dd2fdd5
--- /dev/null
+++ b/dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql
@@ -0,0 +1,2 @@
+ALTER
+SYSTEM SET ob_vector_memory_limit_percentage = 30;
diff --git a/dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml b/dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml
new file mode 100644
index 00000000..bd49444b
--- /dev/null
+++ b/dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml
@@ -0,0 +1,222 @@
+---
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# Description:
+# Default configuration for OpenSearch Dashboards
+
+# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
+# server.port: 5601
+
+# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+# server.host: "localhost"
+
+# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
+# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
+# from requests it receives, and to prevent a deprecation warning at startup.
+# This setting cannot end in a slash.
+# server.basePath: ""
+
+# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
+# `server.basePath` or require that they are rewritten by your reverse proxy.
+# server.rewriteBasePath: false
+
+# The maximum payload size in bytes for incoming server requests.
+# server.maxPayloadBytes: 1048576
+
+# The OpenSearch Dashboards server's name. This is used for display purposes.
+# server.name: "your-hostname"
+
+# The URLs of the OpenSearch instances to use for all your queries.
+# opensearch.hosts: ["http://localhost:9200"]
+
+# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
+# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
+# opensearchDashboards.index: ".opensearch_dashboards"
+
+# The default application to load.
+# opensearchDashboards.defaultAppId: "home"
+
+# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
+# This settings should be used for large clusters or for clusters with ingest heavy nodes.
+# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
+#
+# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
+# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
+# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
+# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
+# opensearch.optimizedHealthcheckId: "cluster_id"
+
+# If your OpenSearch is protected with basic authentication, these settings provide
+# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
+# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
+# is proxied through the OpenSearch Dashboards server.
+# opensearch.username: "opensearch_dashboards_system"
+# opensearch.password: "pass"
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
+# server.ssl.enabled: false
+# server.ssl.certificate: /path/to/your/server.crt
+# server.ssl.key: /path/to/your/server.key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
+# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
+# opensearch.ssl.certificate: /path/to/your/client.crt
+# opensearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your OpenSearch instance.
+# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+# opensearch.ssl.verificationMode: full
+
+# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
+# the opensearch.requestTimeout setting.
+# opensearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
+# must be a positive integer.
+# opensearch.requestTimeout: 30000
+
+# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+# opensearch.requestHeadersWhitelist: [ authorization ]
+
+# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration.
+# opensearch.customHeaders: {}
+
+# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
+# opensearch.shardTimeout: 30000
+
+# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
+# opensearch.logQueries: false
+
+# Specifies the path where OpenSearch Dashboards creates the process ID file.
+# pid.file: /var/run/opensearchDashboards.pid
+
+# Enables you to specify a file where OpenSearch Dashboards stores log output.
+# logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+# logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+# logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+# logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+# ops.interval: 5000
+
+# Specifies locale to be used for all localizable strings, dates and number formats.
+# Supported languages are the following: English - en , by default , Chinese - zh-CN .
+# i18n.locale: "en"
+
+# Set the allowlist to check input graphite Url. Allowlist is the default check list.
+# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']
+
+# Set the blocklist to check input graphite Url. Blocklist is an IP list.
+# Below is an example for reference
+# vis_type_timeline.graphiteBlockedIPs: [
+# //Loopback
+# '127.0.0.0/8',
+# '::1/128',
+# //Link-local Address for IPv6
+# 'fe80::/10',
+# //Private IP address for IPv4
+# '10.0.0.0/8',
+# '172.16.0.0/12',
+# '192.168.0.0/16',
+# //Unique local address (ULA)
+# 'fc00::/7',
+# //Reserved IP address
+# '0.0.0.0/8',
+# '100.64.0.0/10',
+# '192.0.0.0/24',
+# '192.0.2.0/24',
+# '198.18.0.0/15',
+# '192.88.99.0/24',
+# '198.51.100.0/24',
+# '203.0.113.0/24',
+# '224.0.0.0/4',
+# '240.0.0.0/4',
+# '255.255.255.255/32',
+# '::/128',
+# '2001:db8::/32',
+# 'ff00::/8',
+# ]
+# vis_type_timeline.graphiteBlockedIPs: []
+
+# opensearchDashboards.branding:
+# logo:
+# defaultUrl: ""
+# darkModeUrl: ""
+# mark:
+# defaultUrl: ""
+# darkModeUrl: ""
+# loadingLogo:
+# defaultUrl: ""
+# darkModeUrl: ""
+# faviconUrl: ""
+# applicationTitle: ""
+
+# Set the value of this setting to true to capture region blocked warnings and errors
+# for your map rendering services.
+# map.showRegionBlockedWarning: false%
+
+# Set the value of this setting to false to suppress search usage telemetry
+# for reducing the load of OpenSearch cluster.
+# data.search.usageTelemetry.enabled: false
+
+# 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false'
+# Set the value of this setting to false to disable VisBuilder
+# functionality in Visualization.
+# vis_builder.enabled: false
+
+# 2.4 New Experimental Feature
+# Set the value of this setting to true to enable the experimental multiple data source
+# support feature. Use with caution.
+# data_source.enabled: false
+# Set the value of these settings to customize crypto materials to encryption saved credentials
+# in data sources.
+# data_source.encryption.wrappingKeyName: 'changeme'
+# data_source.encryption.wrappingKeyNamespace: 'changeme'
+# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+
+# 2.6 New ML Commons Dashboards Feature
+# Set the value of this setting to true to enable the ml commons dashboards
+# ml_commons_dashboards.enabled: false
+
+# 2.12 New experimental Assistant Dashboards Feature
+# Set the value of this setting to true to enable the assistant dashboards
+# assistant.chat.enabled: false
+
+# 2.13 New Query Assistant Feature
+# Set the value of this setting to false to disable the query assistant
+# observability.query_assist.enabled: false
+
+# 2.14 Enable Ui Metric Collectors in Usage Collector
+# Set the value of this setting to true to enable UI Metric collections
+# usageCollection.uiMetric.enabled: false
+
+opensearch.hosts: [ https://localhost:9200 ]
+opensearch.ssl.verificationMode: none
+opensearch.username: admin
+opensearch.password: 'Qazwsxedc!@#123'
+opensearch.requestHeadersWhitelist: [ authorization, securitytenant ]
+
+opensearch_security.multitenancy.enabled: true
+opensearch_security.multitenancy.tenants.preferred: [ Private, Global ]
+opensearch_security.readonly_mode.roles: [ kibana_read_only ]
+# Use this setting if you are running opensearch-dashboards without https
+opensearch_security.cookie.secure: false
+server.host: '0.0.0.0'
diff --git a/dockge/dify/conf/volumes/sandbox/conf/config.yaml b/dockge/dify/conf/volumes/sandbox/conf/config.yaml
new file mode 100644
index 00000000..8c1a1deb
--- /dev/null
+++ b/dockge/dify/conf/volumes/sandbox/conf/config.yaml
@@ -0,0 +1,14 @@
+app:
+ port: 8194
+ debug: True
+ key: dify-sandbox
+max_workers: 4
+max_requests: 50
+worker_timeout: 5
+python_path: /usr/local/bin/python3
+enable_network: True # please make sure there is no network risk in your environment
+allowed_syscalls: # please leave it empty if you have no idea how seccomp works
+proxy:
+ socks5: ''
+ http: ''
+ https: ''
diff --git a/dockge/dify/conf/volumes/sandbox/conf/config.yaml.example b/dockge/dify/conf/volumes/sandbox/conf/config.yaml.example
new file mode 100644
index 00000000..f92c19e5
--- /dev/null
+++ b/dockge/dify/conf/volumes/sandbox/conf/config.yaml.example
@@ -0,0 +1,35 @@
+app:
+ port: 8194
+ debug: True
+ key: dify-sandbox
+max_workers: 4
+max_requests: 50
+worker_timeout: 5
+python_path: /usr/local/bin/python3
+python_lib_path:
+ - /usr/local/lib/python3.10
+ - /usr/lib/python3.10
+ - /usr/lib/python3
+ - /usr/lib/x86_64-linux-gnu
+ - /etc/ssl/certs/ca-certificates.crt
+ - /etc/nsswitch.conf
+ - /etc/hosts
+ - /etc/resolv.conf
+ - /run/systemd/resolve/stub-resolv.conf
+ - /run/resolvconf/resolv.conf
+ - /etc/localtime
+ - /usr/share/zoneinfo
+ - /etc/timezone
+ # add more paths if needed
+python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple
+nodejs_path: /usr/local/bin/node
+enable_network: True
+allowed_syscalls:
+ - 1
+ - 2
+ - 3
+ # add all the syscalls which you require
+proxy:
+ socks5: ''
+ http: ''
+ https: ''
diff --git a/dockge/dify/conf/volumes/sandbox/dependencies/python-requirements.txt b/dockge/dify/conf/volumes/sandbox/dependencies/python-requirements.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/dockge/dify/docker-compose.yml b/dockge/dify/docker-compose.yml
new file mode 100644
index 00000000..d3b243de
--- /dev/null
+++ b/dockge/dify/docker-compose.yml
@@ -0,0 +1,1815 @@
+networks:
+ milvus:
+ driver: bridge
+ opensearch-net:
+ driver: bridge
+ internal: true
+ ssrf_proxy_network:
+ driver: bridge
+ internal: true
+services:
+ api:
+ container_name: api-dify
+ depends_on:
+ - db
+ - redis
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DEBUG: ${DEBUG:-false}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ FILES_URL: ${FILES_URL:-}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ MODE: api
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ SENTRY_DSN: ${API_SENTRY_DSN:-}
+ SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
+ image: langgenius/dify-api:0.15.3
+ networks:
+ - ssrf_proxy_network
+ - default
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+ certbot:
+ command:
+ - tail
+ - -f
+ - /dev/null
+ container_name: certbot-dify
+ entrypoint:
+ - /docker-entrypoint.sh
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+ - CERTBOT_DOMAIN=${CERTBOT_DOMAIN}
+ - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-}
+ image: certbot/certbot
+ profiles:
+ - certbot
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
+ - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
+ - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt
+ - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh
+ chroma:
+ container_name: chroma-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ image: ghcr.io/chroma-core/chroma:0.5.20
+ profiles:
+ - chroma
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma
+ couchbase-server:
+ build: ./couchbase-server
+ command: sh -c "/opt/couchbase/init/init-cbserver.sh"
+ container_name: couchbase-server-dify
+ entrypoint:
+ - ''
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ - CLUSTER_NAME=dify_search
+ - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator}
+ - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password}
+ - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings}
+ - COUCHBASE_BUCKET_RAMSIZE=512
+ - COUCHBASE_RAM_SIZE=2048
+ - COUCHBASE_EVENTING_RAM_SIZE=512
+ - COUCHBASE_INDEX_RAM_SIZE=512
+ - COUCHBASE_FTS_RAM_SIZE=1024
+ healthcheck:
+ interval: 10s
+ retries: 10
+ start_period: 30s
+ test:
+ - CMD-SHELL
+ - curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets
+ | grep -q '\[{' || exit 1
+ timeout: 10s
+ hostname: couchbase-server
+ profiles:
+ - couchbase
+ restart: always
+ stdin_open: true
+ tty: true
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data
+ working_dir: /opt/couchbase
+ db:
+ command: "postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'\n \
+ \ -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'\n -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'\n\
+ \ -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'\n\
+ \ -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'\n"
+ container_name: db-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-postgres}
+ POSTGRES_DB: ${POSTGRES_DB:-dify}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
+ healthcheck:
+ interval: 1s
+ retries: 30
+ test:
+ - CMD
+ - pg_isready
+ timeout: 3s
+ image: postgres:15-alpine
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data
+ elasticsearch:
+ container_name: elasticsearch-dify
+ deploy:
+ resources:
+ limits:
+ memory: 2g
+ entrypoint:
+ - sh
+ - -c
+ - sh /docker-entrypoint-mount.sh
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ VECTOR_STORE: ${VECTOR_STORE:-}
+ cluster.name: dify-es-cluster
+ discovery.type: single-node
+ node.name: dify-es0
+ xpack.license.self_generated.type: basic
+ xpack.security.enabled: 'true'
+ xpack.security.enrollment.enabled: 'false'
+ xpack.security.http.ssl.enabled: 'false'
+ healthcheck:
+ interval: 30s
+ retries: 50
+ test:
+ - CMD
+ - curl
+ - -s
+ - http://localhost:9200/_cluster/health?pretty
+ timeout: 10s
+ image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3
+ ports:
+ - ${ELASTICSEARCH_PORT:-9200}:9200
+ profiles:
+ - elasticsearch
+ - elasticsearch-ja
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ - dify_es01_data:/usr/share/elasticsearch/data
+ etcd:
+ command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls
+ http://0.0.0.0:2379 --data-dir /etcd
+ container_name: milvus-etcd-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ healthcheck:
+ interval: 30s
+ retries: 3
+ test:
+ - CMD
+ - etcdctl
+ - endpoint
+ - health
+ timeout: 20s
+ image: quay.io/coreos/etcd:v3.5.5
+ networks:
+ - milvus
+ profiles:
+ - milvus
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd
+ kibana:
+ container_name: kibana-dify
+ depends_on:
+ - elasticsearch
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ELASTICSEARCH_HOSTS: http://elasticsearch:9200
+ I18N_LOCALE: zh-CN
+ NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana
+ SERVER_PORT: '5601'
+ XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa
+ XPACK_FLEET_ISAIRGAPPED: 'true'
+ XPACK_SECURITY_ENABLED: 'true'
+ XPACK_SECURITY_ENROLLMENT_ENABLED: 'false'
+ XPACK_SECURITY_HTTP_SSL_ENABLED: 'false'
+ healthcheck:
+ interval: 30s
+ retries: 3
+ test:
+ - CMD-SHELL
+ - curl -s http://localhost:5601 >/dev/null || exit 1
+ timeout: 10s
+ image: docker.elastic.co/kibana/kibana:8.14.3
+ ports:
+ - ${KIBANA_PORT:-5601}:5601
+ profiles:
+ - elasticsearch
+ restart: always
+ milvus-standalone:
+ command:
+ - milvus
+ - run
+ - standalone
+ container_name: milvus-standalone-dify
+ depends_on:
+ - etcd
+ - minio
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ healthcheck:
+ interval: 30s
+ retries: 3
+ start_period: 90s
+ test:
+ - CMD
+ - curl
+ - -f
+ - http://localhost:9091/healthz
+ timeout: 20s
+ image: milvusdb/milvus:v2.5.0-beta
+ networks:
+ - milvus
+ ports:
+ - 19530:19530
+ - 9091:9091
+ profiles:
+ - milvus
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus
+ minio:
+ command: minio server /minio_data --console-address ":9001"
+ container_name: milvus-minio-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ healthcheck:
+ interval: 30s
+ retries: 3
+ test:
+ - CMD
+ - curl
+ - -f
+ - http://localhost:9000/minio/health/live
+ timeout: 20s
+ image: minio/minio:RELEASE.2023-03-20T20-16-18Z
+ networks:
+ - milvus
+ profiles:
+ - milvus
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data
+ myscale:
+ container_name: myscale-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ image: myscale/myscaledb:1.6.4
+ ports:
+ - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123}
+ profiles:
+ - myscale
+ restart: always
+ tty: true
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse
+ - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server
+ - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml
+ nginx:
+ container_name: nginx-dify
+ depends_on:
+ - api
+ - web
+ entrypoint:
+ - sh
+ - -c
+ - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\
+ \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ image: nginx:latest
+ ports:
+ - ${EXPOSE_NGINX_PORT:-80}:${NGINX_PORT:-80}
+ - ${EXPOSE_NGINX_SSL_PORT:-443}:${NGINX_SSL_PORT:-443}
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template
+ - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d
+ - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
+ - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
+ - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
+ oceanbase:
+ container_name: oceanbase-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OB_SERVER_IP: 127.0.0.1
+ OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215
+ profiles:
+ - oceanbase
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster
+ - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d
+ opensearch:
+ container_name: opensearch-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ image: opensearchproject/opensearch:latest
+ networks:
+ - opensearch-net
+ profiles:
+ - opensearch
+ ulimits:
+ memlock:
+ hard: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ soft: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ nofile:
+ hard: ${OPENSEARCH_NOFILE_HARD:-65536}
+ soft: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data
+ opensearch-dashboards:
+ container_name: opensearch-dashboards-dify
+ depends_on:
+ - opensearch
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
+ image: opensearchproject/opensearch-dashboards:latest
+ networks:
+ - opensearch-net
+ profiles:
+ - opensearch
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+ oracle:
+ container_name: oracle-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ image: container-registry.oracle.com/database/free:latest
+ profiles:
+ - oracle
+ restart: always
+ volumes:
+ - source: oradata
+ target: /opt/oracle/oradata
+ type: volume
+ - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup
+ pgvecto-rs:
+ container_name: pgvecto-rs-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ healthcheck:
+ interval: 1s
+ retries: 30
+ test:
+ - CMD
+ - pg_isready
+ timeout: 3s
+ image: tensorchord/pgvecto-rs:pg16-v0.3.0
+ profiles:
+ - pgvecto-rs
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data
+ pgvector:
+ container_name: pgvector-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ healthcheck:
+ interval: 1s
+ retries: 30
+ test:
+ - CMD
+ - pg_isready
+ timeout: 3s
+ image: pgvector/pgvector:pg16
+ profiles:
+ - pgvector
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data
+ qdrant:
+ container_name: qdrant-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ image: langgenius/qdrant:v1.7.3
+ profiles:
+ - qdrant
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage
+ redis:
+ command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456}
+ container_name: redis-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456}
+ healthcheck:
+ test:
+ - CMD
+ - redis-cli
+ - ping
+ image: redis:6-alpine
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/redis/data:/data
+ sandbox:
+ container_name: sandbox-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ healthcheck:
+ test:
+ - CMD
+ - curl
+ - -f
+ - http://localhost:8194/health
+ image: langgenius/dify-sandbox:0.2.10
+ networks:
+ - ssrf_proxy_network
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies
+ ssrf_proxy:
+ container_name: ssrf_proxy-dify
+ entrypoint:
+ - sh
+ - -c
+ - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\
+ \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ image: ubuntu/squid:latest
+ networks:
+ - ssrf_proxy_network
+ - default
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
+ - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+ unstructured:
+ container_name: unstructured-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ image: downloads.unstructured.io/unstructured-io/unstructured-api:latest
+ profiles:
+ - unstructured
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data
+ weaviate:
+ container_name: weaviate-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
+ AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ image: semitechnologies/weaviate:1.19.0
+ profiles:
+ - ''
+ - weaviate
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate
+ web:
+ container_name: web-dify
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ APP_API_URL: ${APP_API_URL:-}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
+ NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
+ SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
+ image: langgenius/dify-web:0.15.3
+ restart: always
+ worker:
+ container_name: worker-dify
+ depends_on:
+ - db
+ - redis
+ env_file:
+ - ./envs/global.env
+ - ./envs/dify.env
+ - .env
+ environment:
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DEBUG: ${DEBUG:-false}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ FILES_URL: ${FILES_URL:-}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ MODE: worker
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ SENTRY_DSN: ${API_SENTRY_DSN:-}
+ SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
+ image: langgenius/dify-api:0.15.3
+ networks:
+ - ssrf_proxy_network
+ - default
+ restart: always
+ volumes:
+ - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+volumes:
+ dify_es01_data: null
+ oradata: null
+x-shared-env:
+ ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+ ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key}
+ ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
+ ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name}
+ ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com}
+ ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path}
+ ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1}
+ ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key}
+ ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount}
+ ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com}
+ ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456}
+ ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak}
+ ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk}
+ ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5}
+ ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1}
+ ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
+ ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword}
+ ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword}
+ ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432}
+ ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou}
+ API_SENTRY_DSN: ${API_SENTRY_DSN:-}
+ API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
+ API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
+ API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
+ API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+ APP_API_URL: ${APP_API_URL:-}
+ APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
+ APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
+ APP_WEB_URL: ${APP_WEB_URL:-}
+ AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai}
+ AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai}
+ AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net}
+ AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container}
+ BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key}
+ BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name}
+ BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url}
+ BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key}
+ BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root}
+ BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify}
+ BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000}
+ BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify}
+ BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287}
+ BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3}
+ BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1}
+ BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
+ CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
+ CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1}
+ CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
+ CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
+ CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+ CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
+ CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
+ CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
+ CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com}
+ CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com}
+ CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-}
+ CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
+ CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
+ CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
+ CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
+ CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1}
+ CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
+ CHROMA_PORT: ${CHROMA_PORT:-8000}
+ CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
+ CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
+ CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant}
+ CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
+ CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10}
+ CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
+ CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60}
+ CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10}
+ CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+ CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5}
+ CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
+ CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
+ CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
+ CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20}
+ CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
+ CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
+ CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
+ CONSOLE_API_URL: ${CONSOLE_API_URL:-}
+ CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
+ CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
+ COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings}
+ COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server}
+ COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password}
+ COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default}
+ COUCHBASE_USER: ${COUCHBASE_USER:-Administrator}
+ CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
+ CSP_WHITELIST: ${CSP_WHITELIST:-}
+ DB_DATABASE: ${DB_DATABASE:-dify}
+ DB_HOST: ${DB_HOST:-db}
+ DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
+ DB_PORT: ${DB_PORT:-5432}
+ DB_USERNAME: ${DB_USERNAME:-postgres}
+ DEBUG: ${DEBUG:-false}
+ DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
+ DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
+ DIFY_PORT: ${DIFY_PORT:-5001}
+ ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
+ ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
+ ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
+ ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
+ ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
+ ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
+ ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
+ ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
+ ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
+ ETL_TYPE: ${ETL_TYPE:-dify}
+ EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
+ EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+ FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
+ FILES_URL: ${FILES_URL:-}
+ FLASK_DEBUG: ${FLASK_DEBUG:-false}
+ GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name}
+ GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
+ GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+ HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
+ HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+ HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key}
+ HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name}
+ HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key}
+ HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url}
+ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
+ INIT_PASSWORD: ${INIT_PASSWORD:-}
+ INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
+ KIBANA_PORT: ${KIBANA_PORT:-5601}
+ LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+ LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
+ LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
+ LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S}
+ LOG_FILE: ${LOG_FILE:-/app/logs/server.log}
+ LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5}
+ LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20}
+ LOG_LEVEL: ${LOG_LEVEL:-INFO}
+ LOG_TZ: ${LOG_TZ:-UTC}
+ MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
+ MAIL_TYPE: ${MAIL_TYPE:-resend}
+ MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
+ MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
+ MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
+ MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true}
+ MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+ MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+ MILVUS_TOKEN: ${MILVUS_TOKEN:-}
+ MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+ MILVUS_USER: ${MILVUS_USER:-root}
+ MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
+ MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
+ MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
+ MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
+ MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify}
+ MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-}
+ MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
+ MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-}
+ MYSCALE_PORT: ${MYSCALE_PORT:-8123}
+ MYSCALE_USER: ${MYSCALE_USER:-default}
+ NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+ NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
+ NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
+ NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
+ NGINX_PORT: ${NGINX_PORT:-80}
+ NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
+ NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
+ NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
+ NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
+ NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
+ NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
+ NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
+ NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
+ NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
+ NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
+ NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
+ NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
+ OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
+ OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+ OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
+ OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
+ OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
+ OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
+ OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
+ OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
+ OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
+ OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+ OCI_REGION: ${OCI_REGION:-us-ashburn-1}
+ OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
+ OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
+ OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage}
+ OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs}
+ OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
+ OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
+ OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
+ OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
+ OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m}
+ OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1}
+ OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1}
+ OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536}
+ OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536}
+ OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
+ OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+ OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+ OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
+ ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
+ ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+ ORACLE_HOST: ${ORACLE_HOST:-oracle}
+ ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
+ ORACLE_PORT: ${ORACLE_PORT:-1521}
+ ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
+ ORACLE_USER: ${ORACLE_USER:-dify}
+ PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGUSER: ${PGUSER:-${DB_USERNAME}}
+ PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
+ PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector}
+ PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+ PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
+ PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456}
+ PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
+ PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres}
+ PGVECTOR_PORT: ${PGVECTOR_PORT:-5432}
+ PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
+ PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
+ PGVECTOR_USER: ${PGVECTOR_USER:-postgres}
+ PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify}
+ PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
+ PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456}
+ PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
+ PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
+ POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-}
+ POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-}
+ POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-}
+ POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
+ POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
+ POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
+ POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
+ POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
+ POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
+ POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
+ POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
+ POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
+ PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
+ QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
+ QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
+ QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
+ QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
+ QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333}
+ REDIS_CLUSTERS: ${REDIS_CLUSTERS:-}
+ REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-}
+ REDIS_DB: ${REDIS_DB:-0}
+ REDIS_HOST: ${REDIS_HOST:-redis}
+ REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456}
+ REDIS_PORT: ${REDIS_PORT:-6379}
+ REDIS_SENTINELS: ${REDIS_SENTINELS:-}
+ REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-}
+ REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-}
+ REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1}
+ REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-}
+ REDIS_USERNAME: ${REDIS_USERNAME:-}
+ REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false}
+ REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false}
+ REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
+ REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
+ RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
+ RELYT_HOST: ${RELYT_HOST:-db}
+ RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456}
+ RELYT_PORT: ${RELYT_PORT:-5432}
+ RELYT_USER: ${RELYT_USER:-postgres}
+ RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
+ RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com}
+ RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
+ S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
+ S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai}
+ S3_ENDPOINT: ${S3_ENDPOINT:-}
+ S3_REGION: ${S3_REGION:-us-east-1}
+ S3_SECRET_KEY: ${S3_SECRET_KEY:-}
+ S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
+ SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
+ SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
+ SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release}
+ SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
+ SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+ SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
+ SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
+ SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
+ SENTRY_DSN: ${SENTRY_DSN:-}
+ SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1}
+ SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent}
+ SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
+ SERVICE_API_URL: ${SERVICE_API_URL:-}
+ SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+ SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+ SMTP_PORT: ${SMTP_PORT:-465}
+ SMTP_SERVER: ${SMTP_SERVER:-}
+ SMTP_USERNAME: ${SMTP_USERNAME:-}
+ SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
+ SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
+ SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
+ SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
+ SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
+ SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
+ SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
+ SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5}
+ SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
+ SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
+ SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+ SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
+ SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
+ SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
+ STORAGE_TYPE: ${STORAGE_TYPE:-opendal}
+ SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key}
+ SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name}
+ SUPABASE_URL: ${SUPABASE_URL:-your-server-url}
+ TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
+ TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name}
+ TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
+ TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
+ TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
+ TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key}
+ TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
+ TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
+ TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+ TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
+ TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
+ TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
+ TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
+ TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
+ TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1}
+ TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1}
+ TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
+ TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
+ TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false}
+ TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334}
+ TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
+ TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify}
+ TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify}
+ TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify}
+ TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1}
+ TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100}
+ TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+ TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
+ TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
+ TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
+ TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
+ TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+ UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-}
+ UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-}
+ UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50}
+ UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
+ UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
+ UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
+ UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
+ UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+ UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
+ VECTOR_STORE: ${VECTOR_STORE:-weaviate}
+ VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak}
+ VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30}
+ VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com}
+ VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai}
+ VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http}
+ VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk}
+ VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30}
+ VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key}
+ VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name}
+ VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url}
+ VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region}
+ VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key}
+ WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
+ WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
+ WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
+ WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
+ WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
+ WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
+ WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
+ WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
+ WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
+ WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
+ WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-}
+ WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5}
+ WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+ WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500}
+ WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200}
+ WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
diff --git a/dockge/dify/envs/default.env b/dockge/dify/envs/default.env
new file mode 100644
index 00000000..cd05f46e
--- /dev/null
+++ b/dockge/dify/envs/default.env
@@ -0,0 +1,2 @@
+# copyright© 2024 XinJiang Ms Studio
+ENV_FILE=.env
diff --git a/dockge/dify/envs/dify.env b/dockge/dify/envs/dify.env
new file mode 100644
index 00000000..3bc79059
--- /dev/null
+++ b/dockge/dify/envs/dify.env
@@ -0,0 +1,938 @@
+# ------------------------------
+# Environment Variables for API service & worker
+# ------------------------------
+
+# ------------------------------
+# Common Variables
+# ------------------------------
+
+# The backend URL of the console API,
+# used to concatenate the authorization callback.
+# If empty, it is the same domain.
+# Example: https://api.console.dify.ai
+CONSOLE_API_URL=
+
+# The front-end URL of the console web,
+# used to concatenate some front-end addresses and for CORS configuration use.
+# If empty, it is the same domain.
+# Example: https://console.dify.ai
+CONSOLE_WEB_URL=
+
+# Service API Url,
+# used to display Service API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://api.dify.ai
+SERVICE_API_URL=
+
+# WebApp API backend Url,
+# used to declare the back-end URL for the front-end API.
+# If empty, it is the same domain.
+# Example: https://api.app.dify.ai
+APP_API_URL=
+
+# WebApp Url,
+# used to display WebAPP API Base Url to the front-end.
+# If empty, it is the same domain.
+# Example: https://app.dify.ai
+APP_WEB_URL=
+
+# File preview or download Url prefix.
+# used to display File preview or download Url to the front-end or as Multi-model inputs;
+# Url is signed and has expiration time.
+FILES_URL=
+
+# ------------------------------
+# Server Configuration
+# ------------------------------
+
+# The log level for the application.
+# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
+LOG_LEVEL=INFO
+# Log file path
+LOG_FILE=/app/logs/server.log
+# Log file max size, the unit is MB
+LOG_FILE_MAX_SIZE=20
+# Log file max backup count
+LOG_FILE_BACKUP_COUNT=5
+# Log dateformat
+LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S
+# Log Timezone
+LOG_TZ=UTC
+
+# Debug mode, default is false.
+# It is recommended to turn on this configuration for local development
+# to prevent some problems caused by monkey patch.
+DEBUG=false
+
+# Flask debug mode, it can output trace information at the interface when turned on,
+# which is convenient for debugging.
+FLASK_DEBUG=false
+
+# A secretkey that is used for securely signing the session cookie
+# and encrypting sensitive information on the database.
+# You can generate a strong key using `openssl rand -base64 42`.
+SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
+
+# Password for admin user initialization.
+# If left unset, admin user will not be prompted for a password
+# when creating the initial admin account.
+# The length of the password cannot exceed 30 charactors.
+INIT_PASSWORD=
+
+# Deployment environment.
+# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`.
+# Testing environment. There will be a distinct color label on the front-end page,
+# indicating that this environment is a testing environment.
+DEPLOY_ENV=PRODUCTION
+
+# Whether to enable the version check policy.
+# If set to empty, https://updates.dify.ai will be called for version check.
+CHECK_UPDATE_URL=https://updates.dify.ai
+
+# Used to change the OpenAI base address, default is https://api.openai.com/v1.
+# When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
+# or when a local model provides OpenAI compatible API, it can be replaced.
+OPENAI_API_BASE=https://api.openai.com/v1
+
+# When enabled, migrations will be executed prior to application startup
+# and the application will start after the migrations have completed.
+MIGRATION_ENABLED=true
+
+# File Access Time specifies a time interval in seconds for the file to be accessed.
+# The default value is 300 seconds.
+FILES_ACCESS_TIMEOUT=300
+
+# Access token expiration time in minutes
+ACCESS_TOKEN_EXPIRE_MINUTES=60
+
+# Refresh token expiration time in days
+REFRESH_TOKEN_EXPIRE_DAYS=30
+
+# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
+APP_MAX_ACTIVE_REQUESTS=0
+APP_MAX_EXECUTION_TIME=1200
+
+# ------------------------------
+# Container Startup Related Configuration
+# Only effective when starting with docker image or docker-compose.
+# ------------------------------
+
+# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
+DIFY_BIND_ADDRESS=0.0.0.0
+
+# API service binding port number, default 5001.
+DIFY_PORT=5001
+
+# The number of API server workers, i.e., the number of workers.
+# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent
+# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
+SERVER_WORKER_AMOUNT=1
+
+# Defaults to gevent. If using windows, it can be switched to sync or solo.
+SERVER_WORKER_CLASS=gevent
+
+# Default number of worker connections, the default is 10.
+SERVER_WORKER_CONNECTIONS=10
+
+# Similar to SERVER_WORKER_CLASS.
+# If using windows, it can be switched to sync or solo.
+CELERY_WORKER_CLASS=
+
+# Request handling timeout. The default is 200,
+# it is recommended to set it to 360 to support a longer sse connection time.
+GUNICORN_TIMEOUT=360
+
+# The number of Celery workers. The default is 1, and can be set as needed.
+CELERY_WORKER_AMOUNT=
+
+# Flag indicating whether to enable autoscaling of Celery workers.
+#
+# Autoscaling is useful when tasks are CPU intensive and can be dynamically
+# allocated and deallocated based on the workload.
+#
+# When autoscaling is enabled, the maximum and minimum number of workers can
+# be specified. The autoscaling algorithm will dynamically adjust the number
+# of workers within the specified range.
+#
+# Default is false (i.e., autoscaling is disabled).
+#
+# Example:
+# CELERY_AUTO_SCALE=true
+CELERY_AUTO_SCALE=false
+
+# The maximum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MAX_WORKERS=
+
+# The minimum number of Celery workers that can be autoscaled.
+# This is optional and only used when autoscaling is enabled.
+# Default is not set.
+CELERY_MIN_WORKERS=
+
+# API Tool configuration
+API_TOOL_DEFAULT_CONNECT_TIMEOUT=10
+API_TOOL_DEFAULT_READ_TIMEOUT=60
+
+
+# ------------------------------
+# Database Configuration
+# The database uses PostgreSQL. Please use the public schema.
+# It is consistent with the configuration in the 'db' service below.
+# ------------------------------
+
+DB_USERNAME=postgres
+DB_PASSWORD=difyai123456
+DB_HOST=db
+DB_PORT=5432
+DB_DATABASE=dify
+# The size of the database connection pool.
+# The default is 30 connections, which can be appropriately increased.
+SQLALCHEMY_POOL_SIZE=30
+# Database connection pool recycling time, the default is 3600 seconds.
+SQLALCHEMY_POOL_RECYCLE=3600
+# Whether to print SQL, default is false.
+SQLALCHEMY_ECHO=false
+
+# Maximum number of connections to the database
+# Default is 100
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS
+POSTGRES_MAX_CONNECTIONS=100
+
+# Sets the amount of shared memory used for postgres's shared buffers.
+# Default is 128MB
+# Recommended value: 25% of available memory
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS
+POSTGRES_SHARED_BUFFERS=128MB
+
+# Sets the amount of memory used by each database worker for working space.
+# Default is 4MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM
+POSTGRES_WORK_MEM=4MB
+
+# Sets the amount of memory reserved for maintenance activities.
+# Default is 64MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM
+POSTGRES_MAINTENANCE_WORK_MEM=64MB
+
+# Sets the planner's assumption about the effective cache size.
+# Default is 4096MB
+#
+# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE
+POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB
+
+# ------------------------------
+# Redis Configuration
+# This Redis configuration is used for caching and for pub/sub during conversation.
+# ------------------------------
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_USERNAME=
+REDIS_PASSWORD=difyai123456
+REDIS_USE_SSL=false
+REDIS_DB=0
+
+# Whether to use Redis Sentinel mode.
+# If set to true, the application will automatically discover and connect to the master node through Sentinel.
+REDIS_USE_SENTINEL=false
+
+# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port.
+# Format: `:,:,:`
+REDIS_SENTINELS=
+REDIS_SENTINEL_SERVICE_NAME=
+REDIS_SENTINEL_USERNAME=
+REDIS_SENTINEL_PASSWORD=
+REDIS_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port.
+# Format: `:,:,:`
+REDIS_USE_CLUSTERS=false
+REDIS_CLUSTERS=
+REDIS_CLUSTERS_PASSWORD=
+
+# ------------------------------
+# Celery Configuration
+# ------------------------------
+
+# Use redis as the broker, and redis db 1 for celery broker.
+# Format as follows: `redis://:@:/`
+# Example: redis://:difyai123456@redis:6379/1
+# If use Redis Sentinel, format as follows: `sentinel://:@:/`
+# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1
+CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1
+BROKER_USE_SSL=false
+
+# If you are using Redis Sentinel for high availability, configure the following settings.
+CELERY_USE_SENTINEL=false
+CELERY_SENTINEL_MASTER_NAME=
+CELERY_SENTINEL_SOCKET_TIMEOUT=0.1
+
+# ------------------------------
+# CORS Configuration
+# Used to set the front-end cross-domain access policy.
+# ------------------------------
+
+# Specifies the allowed origins for cross-origin requests to the Web API,
+# e.g. https://dify.app or * for all origins.
+WEB_API_CORS_ALLOW_ORIGINS=*
+
+# Specifies the allowed origins for cross-origin requests to the console API,
+# e.g. https://cloud.dify.ai or * for all origins.
+CONSOLE_CORS_ALLOW_ORIGINS=*
+
+# ------------------------------
+# File Storage Configuration
+# ------------------------------
+
+# The type of storage to use for storing user files.
+STORAGE_TYPE=opendal
+
+# Apache OpenDAL Configuration
+# The configuration for OpenDAL consists of the following format: OPENDAL__.
+# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services.
+# Dify will scan configurations starting with OPENDAL_ and automatically apply them.
+# The scheme name for the OpenDAL storage.
+OPENDAL_SCHEME=fs
+# Configurations for OpenDAL Local File System.
+OPENDAL_FS_ROOT=storage
+
+# S3 Configuration
+#
+S3_ENDPOINT=
+S3_REGION=us-east-1
+S3_BUCKET_NAME=difyai
+S3_ACCESS_KEY=
+S3_SECRET_KEY=
+# Whether to use AWS managed IAM roles for authenticating with the S3 service.
+# If set to false, the access key and secret key must be provided.
+S3_USE_AWS_MANAGED_IAM=false
+
+# Azure Blob Configuration
+#
+AZURE_BLOB_ACCOUNT_NAME=difyai
+AZURE_BLOB_ACCOUNT_KEY=difyai
+AZURE_BLOB_CONTAINER_NAME=difyai-container
+AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net
+
+# Google Storage Configuration
+#
+GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
+GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64=
+
+# The Alibaba Cloud OSS configurations,
+#
+ALIYUN_OSS_BUCKET_NAME=your-bucket-name
+ALIYUN_OSS_ACCESS_KEY=your-access-key
+ALIYUN_OSS_SECRET_KEY=your-secret-key
+ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com
+ALIYUN_OSS_REGION=ap-southeast-1
+ALIYUN_OSS_AUTH_VERSION=v4
+# Don't start with '/'. OSS doesn't support leading slash in object names.
+ALIYUN_OSS_PATH=your-path
+
+# Tencent COS Configuration
+#
+TENCENT_COS_BUCKET_NAME=your-bucket-name
+TENCENT_COS_SECRET_KEY=your-secret-key
+TENCENT_COS_SECRET_ID=your-secret-id
+TENCENT_COS_REGION=your-region
+TENCENT_COS_SCHEME=your-scheme
+
+# Oracle Storage Configuration
+#
+OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com
+OCI_BUCKET_NAME=your-bucket-name
+OCI_ACCESS_KEY=your-access-key
+OCI_SECRET_KEY=your-secret-key
+OCI_REGION=us-ashburn-1
+
+# Huawei OBS Configuration
+#
+HUAWEI_OBS_BUCKET_NAME=your-bucket-name
+HUAWEI_OBS_SECRET_KEY=your-secret-key
+HUAWEI_OBS_ACCESS_KEY=your-access-key
+HUAWEI_OBS_SERVER=your-server-url
+
+# Volcengine TOS Configuration
+#
+VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name
+VOLCENGINE_TOS_SECRET_KEY=your-secret-key
+VOLCENGINE_TOS_ACCESS_KEY=your-access-key
+VOLCENGINE_TOS_ENDPOINT=your-server-url
+VOLCENGINE_TOS_REGION=your-region
+
+# Baidu OBS Storage Configuration
+#
+BAIDU_OBS_BUCKET_NAME=your-bucket-name
+BAIDU_OBS_SECRET_KEY=your-secret-key
+BAIDU_OBS_ACCESS_KEY=your-access-key
+BAIDU_OBS_ENDPOINT=your-server-url
+
+# Supabase Storage Configuration
+#
+SUPABASE_BUCKET_NAME=your-bucket-name
+SUPABASE_API_KEY=your-access-key
+SUPABASE_URL=your-server-url
+
+# ------------------------------
+# Vector Database Configuration
+# ------------------------------
+
+# The type of vector store to use.
+# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`.
+VECTOR_STORE=weaviate
+
+# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
+WEAVIATE_ENDPOINT=http://weaviate:8080
+WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+
+# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
+QDRANT_URL=http://qdrant:6333
+QDRANT_API_KEY=difyai123456
+QDRANT_CLIENT_TIMEOUT=20
+QDRANT_GRPC_ENABLED=false
+QDRANT_GRPC_PORT=6334
+
+# Milvus configuration Only available when VECTOR_STORE is `milvus`.
+# The milvus uri.
+MILVUS_URI=http://127.0.0.1:19530
+MILVUS_TOKEN=
+MILVUS_USER=root
+MILVUS_PASSWORD=Milvus
+MILVUS_ENABLE_HYBRID_SEARCH=False
+
+# MyScale configuration, only available when VECTOR_STORE is `myscale`
+# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to:
+# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters
+MYSCALE_HOST=myscale
+MYSCALE_PORT=8123
+MYSCALE_USER=default
+MYSCALE_PASSWORD=
+MYSCALE_DATABASE=dify
+MYSCALE_FTS_PARAMS=
+
+# Couchbase configurations, only available when VECTOR_STORE is `couchbase`
+# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case)
+COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server
+COUCHBASE_USER=Administrator
+COUCHBASE_PASSWORD=password
+COUCHBASE_BUCKET_NAME=Embeddings
+COUCHBASE_SCOPE_NAME=_default
+
+# pgvector configurations, only available when VECTOR_STORE is `pgvector`
+PGVECTOR_HOST=pgvector
+PGVECTOR_PORT=5432
+PGVECTOR_USER=postgres
+PGVECTOR_PASSWORD=difyai123456
+PGVECTOR_DATABASE=dify
+PGVECTOR_MIN_CONNECTION=1
+PGVECTOR_MAX_CONNECTION=5
+
+# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs`
+PGVECTO_RS_HOST=pgvecto-rs
+PGVECTO_RS_PORT=5432
+PGVECTO_RS_USER=postgres
+PGVECTO_RS_PASSWORD=difyai123456
+PGVECTO_RS_DATABASE=dify
+
+# analyticdb configurations, only available when VECTOR_STORE is `analyticdb`
+ANALYTICDB_KEY_ID=your-ak
+ANALYTICDB_KEY_SECRET=your-sk
+ANALYTICDB_REGION_ID=cn-hangzhou
+ANALYTICDB_INSTANCE_ID=gp-ab123456
+ANALYTICDB_ACCOUNT=testaccount
+ANALYTICDB_PASSWORD=testpassword
+ANALYTICDB_NAMESPACE=dify
+ANALYTICDB_NAMESPACE_PASSWORD=difypassword
+ANALYTICDB_HOST=gp-test.aliyuncs.com
+ANALYTICDB_PORT=5432
+ANALYTICDB_MIN_CONNECTION=1
+ANALYTICDB_MAX_CONNECTION=5
+
+# TiDB vector configurations, only available when VECTOR_STORE is `tidb`
+TIDB_VECTOR_HOST=tidb
+TIDB_VECTOR_PORT=4000
+TIDB_VECTOR_USER=
+TIDB_VECTOR_PASSWORD=
+TIDB_VECTOR_DATABASE=dify
+
+# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant`
+TIDB_ON_QDRANT_URL=http://127.0.0.1
+TIDB_ON_QDRANT_API_KEY=dify
+TIDB_ON_QDRANT_CLIENT_TIMEOUT=20
+TIDB_ON_QDRANT_GRPC_ENABLED=false
+TIDB_ON_QDRANT_GRPC_PORT=6334
+TIDB_PUBLIC_KEY=dify
+TIDB_PRIVATE_KEY=dify
+TIDB_API_URL=http://127.0.0.1
+TIDB_IAM_API_URL=http://127.0.0.1
+TIDB_REGION=regions/aws-us-east-1
+TIDB_PROJECT_ID=dify
+TIDB_SPEND_LIMIT=100
+
+# Chroma configuration, only available when VECTOR_STORE is `chroma`
+CHROMA_HOST=127.0.0.1
+CHROMA_PORT=8000
+CHROMA_TENANT=default_tenant
+CHROMA_DATABASE=default_database
+CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider
+CHROMA_AUTH_CREDENTIALS=
+
+# Oracle configuration, only available when VECTOR_STORE is `oracle`
+ORACLE_HOST=oracle
+ORACLE_PORT=1521
+ORACLE_USER=dify
+ORACLE_PASSWORD=dify
+ORACLE_DATABASE=FREEPDB1
+
+# relyt configurations, only available when VECTOR_STORE is `relyt`
+RELYT_HOST=db
+RELYT_PORT=5432
+RELYT_USER=postgres
+RELYT_PASSWORD=difyai123456
+RELYT_DATABASE=postgres
+
+# open search configuration, only available when VECTOR_STORE is `opensearch`
+OPENSEARCH_HOST=opensearch
+OPENSEARCH_PORT=9200
+OPENSEARCH_USER=admin
+OPENSEARCH_PASSWORD=admin
+OPENSEARCH_SECURE=true
+
+# tencent vector configurations, only available when VECTOR_STORE is `tencent`
+TENCENT_VECTOR_DB_URL=http://127.0.0.1
+TENCENT_VECTOR_DB_API_KEY=dify
+TENCENT_VECTOR_DB_TIMEOUT=30
+TENCENT_VECTOR_DB_USERNAME=dify
+TENCENT_VECTOR_DB_DATABASE=dify
+TENCENT_VECTOR_DB_SHARD=1
+TENCENT_VECTOR_DB_REPLICAS=2
+
+# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch`
+ELASTICSEARCH_HOST=0.0.0.0
+ELASTICSEARCH_PORT=9200
+ELASTICSEARCH_USERNAME=elastic
+ELASTICSEARCH_PASSWORD=elastic
+KIBANA_PORT=5601
+
+# baidu vector configurations, only available when VECTOR_STORE is `baidu`
+BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287
+BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000
+BAIDU_VECTOR_DB_ACCOUNT=root
+BAIDU_VECTOR_DB_API_KEY=dify
+BAIDU_VECTOR_DB_DATABASE=dify
+BAIDU_VECTOR_DB_SHARD=1
+BAIDU_VECTOR_DB_REPLICAS=3
+
+# VikingDB configurations, only available when VECTOR_STORE is `vikingdb`
+VIKINGDB_ACCESS_KEY=your-ak
+VIKINGDB_SECRET_KEY=your-sk
+VIKINGDB_REGION=cn-shanghai
+VIKINGDB_HOST=api-vikingdb.xxx.volces.com
+VIKINGDB_SCHEMA=http
+VIKINGDB_CONNECTION_TIMEOUT=30
+VIKINGDB_SOCKET_TIMEOUT=30
+
+# Lindorm configuration, only available when VECTOR_STORE is `lindorm`
+LINDORM_URL=http://lindorm:30070
+LINDORM_USERNAME=lindorm
+LINDORM_PASSWORD=lindorm
+
+# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase`
+OCEANBASE_VECTOR_HOST=oceanbase
+OCEANBASE_VECTOR_PORT=2881
+OCEANBASE_VECTOR_USER=root@test
+OCEANBASE_VECTOR_PASSWORD=difyai123456
+OCEANBASE_VECTOR_DATABASE=test
+OCEANBASE_CLUSTER_NAME=difyai
+OCEANBASE_MEMORY_LIMIT=6G
+
+# Upstash Vector configuration, only available when VECTOR_STORE is `upstash`
+UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io
+UPSTASH_VECTOR_TOKEN=dify
+
+# ------------------------------
+# Knowledge Configuration
+# ------------------------------
+
+# Upload file size limit, default 15M.
+UPLOAD_FILE_SIZE_LIMIT=15
+
+# The maximum number of files that can be uploaded at a time, default 5.
+UPLOAD_FILE_BATCH_LIMIT=5
+
+# ETL type, support: `dify`, `Unstructured`
+# `dify` Dify's proprietary file extraction scheme
+# `Unstructured` Unstructured.io file extraction scheme
+ETL_TYPE=dify
+
+# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured
+# Or using Unstructured for document extractor node for pptx.
+# For example: http://unstructured:8000/general/v0/general
+UNSTRUCTURED_API_URL=
+UNSTRUCTURED_API_KEY=
+SCARF_NO_ANALYTICS=true
+
+# ------------------------------
+# Model Configuration
+# ------------------------------
+
+# The maximum number of tokens allowed for prompt generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating a prompt in the prompt generation tool.
+# Default: 512 tokens.
+PROMPT_GENERATION_MAX_TOKENS=512
+
+# The maximum number of tokens allowed for code generation.
+# This setting controls the upper limit of tokens that can be used by the LLM
+# when generating code in the code generation tool.
+# Default: 1024 tokens.
+CODE_GENERATION_MAX_TOKENS=1024
+
+# ------------------------------
+# Multi-modal Configuration
+# ------------------------------
+
+# The format of the image/video/audio/document sent when the multi-modal model is input,
+# the default is base64, optional url.
+# The delay of the call in url mode will be lower than that in base64 mode.
+# It is generally recommended to use the more compatible base64 mode.
+# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document.
+MULTIMODAL_SEND_FORMAT=base64
+# Upload image file size limit, default 10M.
+UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
+# Upload video file size limit, default 100M.
+UPLOAD_VIDEO_FILE_SIZE_LIMIT=100
+# Upload audio file size limit, default 50M.
+UPLOAD_AUDIO_FILE_SIZE_LIMIT=50
+
+# ------------------------------
+# Sentry Configuration
+# Used for application monitoring and error log tracking.
+# ------------------------------
+SENTRY_DSN=
+
+# API Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+API_SENTRY_DSN=
+# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%.
+API_SENTRY_TRACES_SAMPLE_RATE=1.0
+# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
+API_SENTRY_PROFILES_SAMPLE_RATE=1.0
+
+# Web Service Sentry DSN address, default is empty, when empty,
+# all monitoring information is not reported to Sentry.
+# If not set, Sentry error reporting will be disabled.
+WEB_SENTRY_DSN=
+
+# ------------------------------
+# Notion Integration Configuration
+# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
+# ------------------------------
+
+# Configure as "public" or "internal".
+# Since Notion's OAuth redirect URL only supports HTTPS,
+# if deploying locally, please use Notion's internal integration.
+NOTION_INTEGRATION_TYPE=public
+# Notion OAuth client secret (used for public integration type)
+NOTION_CLIENT_SECRET=
+# Notion OAuth client id (used for public integration type)
+NOTION_CLIENT_ID=
+# Notion internal integration secret.
+# If the value of NOTION_INTEGRATION_TYPE is "internal",
+# you need to configure this variable.
+NOTION_INTERNAL_SECRET=
+
+# ------------------------------
+# Mail related configuration
+# ------------------------------
+
+# Mail type, support: resend, smtp
+MAIL_TYPE=resend
+
+# Default send from email address, if not specified
+MAIL_DEFAULT_SEND_FROM=
+
+# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`.
+RESEND_API_URL=https://api.resend.com
+RESEND_API_KEY=your-resend-api-key
+
+
+# SMTP server configuration, used when MAIL_TYPE is `smtp`
+SMTP_SERVER=
+SMTP_PORT=465
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_USE_TLS=true
+SMTP_OPPORTUNISTIC_TLS=false
+
+# ------------------------------
+# Others Configuration
+# ------------------------------
+
+# Maximum length of segmentation tokens for indexing
+INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
+
+# Member invitation link valid time (hours),
+# Default: 72.
+INVITE_EXPIRY_HOURS=72
+
+# Reset password token valid time (minutes),
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
+
+# The sandbox service endpoint.
+CODE_EXECUTION_ENDPOINT=http://sandbox:8194
+CODE_EXECUTION_API_KEY=dify-sandbox
+CODE_MAX_NUMBER=9223372036854775807
+CODE_MIN_NUMBER=-9223372036854775808
+CODE_MAX_DEPTH=5
+CODE_MAX_PRECISION=20
+CODE_MAX_STRING_LENGTH=80000
+CODE_MAX_STRING_ARRAY_LENGTH=30
+CODE_MAX_OBJECT_ARRAY_LENGTH=30
+CODE_MAX_NUMBER_ARRAY_LENGTH=1000
+CODE_EXECUTION_CONNECT_TIMEOUT=10
+CODE_EXECUTION_READ_TIMEOUT=60
+CODE_EXECUTION_WRITE_TIMEOUT=10
+TEMPLATE_TRANSFORM_MAX_LENGTH=80000
+
+# Workflow runtime configuration
+WORKFLOW_MAX_EXECUTION_STEPS=500
+WORKFLOW_MAX_EXECUTION_TIME=1200
+WORKFLOW_CALL_MAX_DEPTH=5
+MAX_VARIABLE_SIZE=204800
+WORKFLOW_PARALLEL_DEPTH_LIMIT=3
+WORKFLOW_FILE_UPLOAD_LIMIT=10
+
+# HTTP request node in workflow configuration
+HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
+HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576
+
+# SSRF Proxy server HTTP URL
+SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
+# SSRF Proxy server HTTPS URL
+SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
+
+# ------------------------------
+# Environment Variables for web Service
+# ------------------------------
+
+# The timeout for the text generation in millisecond
+TEXT_GENERATION_TIMEOUT_MS=60000
+
+# ------------------------------
+# Environment Variables for db Service
+# ------------------------------
+
+PGUSER=${DB_USERNAME}
+# The password for the default postgres user.
+POSTGRES_PASSWORD=${DB_PASSWORD}
+# The name of the default postgres database.
+POSTGRES_DB=${DB_DATABASE}
+# postgres data directory
+PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for sandbox Service
+# ------------------------------
+
+# The API key for the sandbox service
+SANDBOX_API_KEY=dify-sandbox
+# The mode in which the Gin framework runs
+SANDBOX_GIN_MODE=release
+# The timeout for the worker in seconds
+SANDBOX_WORKER_TIMEOUT=15
+# Enable network for the sandbox service
+SANDBOX_ENABLE_NETWORK=true
+# HTTP proxy URL for SSRF protection
+SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
+# HTTPS proxy URL for SSRF protection
+SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
+# The port on which the sandbox service runs
+SANDBOX_PORT=8194
+
+# ------------------------------
+# Environment Variables for weaviate Service
+# (only used when VECTOR_STORE is weaviate)
+# ------------------------------
+WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate
+WEAVIATE_QUERY_DEFAULTS_LIMIT=25
+WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
+WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
+WEAVIATE_CLUSTER_HOSTNAME=node1
+WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
+WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
+WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
+WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
+WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
+
+# ------------------------------
+# Environment Variables for Chroma
+# (only used when VECTOR_STORE is chroma)
+# ------------------------------
+
+# Authentication credentials for Chroma server
+CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456
+# Authentication provider for Chroma server
+CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
+# Persistence setting for Chroma server
+CHROMA_IS_PERSISTENT=TRUE
+
+# ------------------------------
+# Environment Variables for Oracle Service
+# (only used when VECTOR_STORE is Oracle)
+# ------------------------------
+ORACLE_PWD=Dify123456
+ORACLE_CHARACTERSET=AL32UTF8
+
+# ------------------------------
+# Environment Variables for milvus Service
+# (only used when VECTOR_STORE is milvus)
+# ------------------------------
+# ETCD configuration for auto compaction mode
+ETCD_AUTO_COMPACTION_MODE=revision
+# ETCD configuration for auto compaction retention in terms of number of revisions
+ETCD_AUTO_COMPACTION_RETENTION=1000
+# ETCD configuration for backend quota in bytes
+ETCD_QUOTA_BACKEND_BYTES=4294967296
+# ETCD configuration for the number of changes before triggering a snapshot
+ETCD_SNAPSHOT_COUNT=50000
+# MinIO access key for authentication
+MINIO_ACCESS_KEY=minioadmin
+# MinIO secret key for authentication
+MINIO_SECRET_KEY=minioadmin
+# ETCD service endpoints
+ETCD_ENDPOINTS=etcd:2379
+# MinIO service address
+MINIO_ADDRESS=minio:9000
+# Enable or disable security authorization
+MILVUS_AUTHORIZATION_ENABLED=true
+
+# ------------------------------
+# Environment Variables for pgvector / pgvector-rs Service
+# (only used when VECTOR_STORE is pgvector / pgvector-rs)
+# ------------------------------
+PGVECTOR_PGUSER=postgres
+# The password for the default postgres user.
+PGVECTOR_POSTGRES_PASSWORD=difyai123456
+# The name of the default postgres database.
+PGVECTOR_POSTGRES_DB=dify
+# postgres data directory
+PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata
+
+# ------------------------------
+# Environment Variables for opensearch
+# (only used when VECTOR_STORE is opensearch)
+# ------------------------------
+OPENSEARCH_DISCOVERY_TYPE=single-node
+OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true
+OPENSEARCH_JAVA_OPTS_MIN=512m
+OPENSEARCH_JAVA_OPTS_MAX=1024m
+OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123
+OPENSEARCH_MEMLOCK_SOFT=-1
+OPENSEARCH_MEMLOCK_HARD=-1
+OPENSEARCH_NOFILE_SOFT=65536
+OPENSEARCH_NOFILE_HARD=65536
+
+# ------------------------------
+# Environment Variables for Nginx reverse proxy
+# ------------------------------
+NGINX_SERVER_NAME=_
+NGINX_HTTPS_ENABLED=false
+# HTTP port
+NGINX_PORT=80
+# SSL settings are only applied when HTTPS_ENABLED is true
+NGINX_SSL_PORT=443
+# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
+# and modify the env vars below accordingly.
+NGINX_SSL_CERT_FILENAME=dify.crt
+NGINX_SSL_CERT_KEY_FILENAME=dify.key
+NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3
+
+# Nginx performance tuning
+NGINX_WORKER_PROCESSES=auto
+NGINX_CLIENT_MAX_BODY_SIZE=15M
+NGINX_KEEPALIVE_TIMEOUT=65
+
+# Proxy settings
+NGINX_PROXY_READ_TIMEOUT=3600s
+NGINX_PROXY_SEND_TIMEOUT=3600s
+
+# Set true to accept requests for /.well-known/acme-challenge/
+NGINX_ENABLE_CERTBOT_CHALLENGE=false
+
+# ------------------------------
+# Certbot Configuration
+# ------------------------------
+
+# Email address (required to get certificates from Let's Encrypt)
+CERTBOT_EMAIL=your_email@example.com
+
+# Domain name
+CERTBOT_DOMAIN=your_domain.com
+
+# certbot command options
+# i.e: --force-renewal --dry-run --test-cert --debug
+CERTBOT_OPTIONS=
+
+# ------------------------------
+# Environment Variables for SSRF Proxy
+# ------------------------------
+SSRF_HTTP_PORT=3128
+SSRF_COREDUMP_DIR=/var/spool/squid
+SSRF_REVERSE_PROXY_PORT=8194
+SSRF_SANDBOX_HOST=sandbox
+SSRF_DEFAULT_TIME_OUT=5
+SSRF_DEFAULT_CONNECT_TIME_OUT=5
+SSRF_DEFAULT_READ_TIME_OUT=5
+SSRF_DEFAULT_WRITE_TIME_OUT=5
+
+# ------------------------------
+# docker env var for specifying vector db type at startup
+# (based on the vector db type, the corresponding docker
+# compose profile will be used)
+# if you want to use unstructured, add ',unstructured' to the end
+# ------------------------------
+COMPOSE_PROFILES=${VECTOR_STORE:-weaviate}
+
+# ------------------------------
+# Docker Compose Service Expose Host Port Configurations
+# ------------------------------
+EXPOSE_NGINX_PORT=80
+EXPOSE_NGINX_SSL_PORT=443
+
+# ----------------------------------------------------------------------------
+# ModelProvider & Tool Position Configuration
+# Used to specify the model providers and tools that can be used in the app.
+# ----------------------------------------------------------------------------
+
+# Pin, include, and exclude tools
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_TOOL_PINS=bing,google
+POSITION_TOOL_PINS=
+POSITION_TOOL_INCLUDES=
+POSITION_TOOL_EXCLUDES=
+
+# Pin, include, and exclude model providers
+# Use comma-separated values with no spaces between items.
+# Example: POSITION_PROVIDER_PINS=openai,openllm
+POSITION_PROVIDER_PINS=
+POSITION_PROVIDER_INCLUDES=
+POSITION_PROVIDER_EXCLUDES=
+
+# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+CSP_WHITELIST=
+
+# Enable or disable create tidb service job
+CREATE_TIDB_SERVICE_JOB_ENABLED=false
+
+# Maximum number of submitted thread count in a ThreadPool for parallel node execution
+MAX_SUBMIT_COUNT=100
+
+# The maximum number of top-k value for RAG.
+TOP_K_MAX_VALUE=10
diff --git a/dockge/dify/envs/global.env b/dockge/dify/envs/global.env
new file mode 100644
index 00000000..e10989fe
--- /dev/null
+++ b/dockge/dify/envs/global.env
@@ -0,0 +1,2 @@
+# copyright© 2024 XinJiang Ms Studio
+TZ=Asia/Shanghai