From f153967ad9214717ccea9cf58fdb5ee1a37f0163 Mon Sep 17 00:00:00 2001 From: QYG2297248353 Date: Mon, 17 Feb 2025 06:27:42 +0000 Subject: [PATCH] Processed apps directory via GitHub Actions --- appstore/dify/0.15.3/.env | 24 + appstore/dify/0.15.3/conf/certbot/README.md | 76 + .../0.15.3/conf/certbot/docker-entrypoint.sh | 30 + .../conf/certbot/update-cert.template.txt | 19 + .../0.15.3/conf/couchbase-server/Dockerfile | 4 + .../conf/couchbase-server/init-cbserver.sh | 44 + .../conf/elasticsearch/docker-entrypoint.sh | 25 + .../conf/nginx/conf.d/default.conf.template | 37 + .../0.15.3/conf/nginx/docker-entrypoint.sh | 39 + .../0.15.3/conf/nginx/https.conf.template | 9 + .../0.15.3/conf/nginx/nginx.conf.template | 34 + .../0.15.3/conf/nginx/proxy.conf.template | 11 + appstore/dify/0.15.3/conf/nginx/ssl/.gitkeep | 0 .../conf/ssrf_proxy/docker-entrypoint.sh | 42 + .../conf/ssrf_proxy/squid.conf.template | 51 + .../dify/0.15.3/conf/startupscripts/init.sh | 13 + .../conf/startupscripts/init_user.script | 10 + appstore/dify/0.15.3/conf/tidb/config/pd.toml | 4 + .../conf/tidb/config/tiflash-learner.toml | 13 + .../dify/0.15.3/conf/tidb/config/tiflash.toml | 19 + .../dify/0.15.3/conf/tidb/docker-compose.yaml | 62 + .../config/users.d/custom_users_config.xml | 17 + .../volumes/oceanbase/init.d/vec_memory.sql | 2 + .../opensearch/opensearch_dashboards.yml | 222 ++ .../conf/volumes/sandbox/conf/config.yaml | 14 + .../volumes/sandbox/conf/config.yaml.example | 35 + .../dependencies/python-requirements.txt | 0 appstore/dify/0.15.3/data.yml | 65 + appstore/dify/0.15.3/docker-compose.yml | 1815 +++++++++++++++++ appstore/dify/0.15.3/envs/default.env | 2 + appstore/dify/0.15.3/envs/dify.env | 938 +++++++++ appstore/dify/0.15.3/envs/global.env | 2 + appstore/dify/0.15.3/scripts/init.sh | 23 + appstore/dify/0.15.3/scripts/uninstall.sh | 10 + appstore/dify/0.15.3/scripts/upgrade.sh | 34 + appstore/dify/README.md | 121 ++ appstore/dify/data.yml | 14 + appstore/dify/logo.png | Bin 0 -> 42235 bytes dockge/dify/.env | 24 + dockge/dify/conf/certbot/README.md | 76 + dockge/dify/conf/certbot/docker-entrypoint.sh | 30 + .../conf/certbot/update-cert.template.txt | 19 + dockge/dify/conf/couchbase-server/Dockerfile | 4 + .../conf/couchbase-server/init-cbserver.sh | 44 + .../conf/elasticsearch/docker-entrypoint.sh | 25 + .../conf/nginx/conf.d/default.conf.template | 37 + dockge/dify/conf/nginx/docker-entrypoint.sh | 39 + dockge/dify/conf/nginx/https.conf.template | 9 + dockge/dify/conf/nginx/nginx.conf.template | 34 + dockge/dify/conf/nginx/proxy.conf.template | 11 + dockge/dify/conf/nginx/ssl/.gitkeep | 0 .../dify/conf/ssrf_proxy/docker-entrypoint.sh | 42 + .../dify/conf/ssrf_proxy/squid.conf.template | 51 + dockge/dify/conf/startupscripts/init.sh | 13 + .../dify/conf/startupscripts/init_user.script | 10 + dockge/dify/conf/tidb/config/pd.toml | 4 + .../conf/tidb/config/tiflash-learner.toml | 13 + dockge/dify/conf/tidb/config/tiflash.toml | 19 + dockge/dify/conf/tidb/docker-compose.yaml | 62 + .../config/users.d/custom_users_config.xml | 17 + .../volumes/oceanbase/init.d/vec_memory.sql | 2 + .../opensearch/opensearch_dashboards.yml | 222 ++ .../conf/volumes/sandbox/conf/config.yaml | 14 + .../volumes/sandbox/conf/config.yaml.example | 35 + .../dependencies/python-requirements.txt | 0 dockge/dify/docker-compose.yml | 1815 +++++++++++++++++ dockge/dify/envs/default.env | 2 + dockge/dify/envs/dify.env | 938 +++++++++ dockge/dify/envs/global.env | 2 + 69 files changed, 7493 insertions(+) create mode 100644 appstore/dify/0.15.3/.env create mode 100644 appstore/dify/0.15.3/conf/certbot/README.md create mode 100644 appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh create mode 100644 appstore/dify/0.15.3/conf/certbot/update-cert.template.txt create mode 100644 appstore/dify/0.15.3/conf/couchbase-server/Dockerfile create mode 100644 appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh create mode 100644 appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh create mode 100644 appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template create mode 100644 appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh create mode 100644 appstore/dify/0.15.3/conf/nginx/https.conf.template create mode 100644 appstore/dify/0.15.3/conf/nginx/nginx.conf.template create mode 100644 appstore/dify/0.15.3/conf/nginx/proxy.conf.template create mode 100644 appstore/dify/0.15.3/conf/nginx/ssl/.gitkeep create mode 100644 appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh create mode 100644 appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template create mode 100644 appstore/dify/0.15.3/conf/startupscripts/init.sh create mode 100644 appstore/dify/0.15.3/conf/startupscripts/init_user.script create mode 100644 appstore/dify/0.15.3/conf/tidb/config/pd.toml create mode 100644 appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml create mode 100644 appstore/dify/0.15.3/conf/tidb/config/tiflash.toml create mode 100644 appstore/dify/0.15.3/conf/tidb/docker-compose.yaml create mode 100644 appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml create mode 100644 appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql create mode 100644 appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml create mode 100644 appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml create mode 100644 appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example create mode 100644 appstore/dify/0.15.3/conf/volumes/sandbox/dependencies/python-requirements.txt create mode 100644 appstore/dify/0.15.3/data.yml create mode 100644 appstore/dify/0.15.3/docker-compose.yml create mode 100644 appstore/dify/0.15.3/envs/default.env create mode 100644 appstore/dify/0.15.3/envs/dify.env create mode 100644 appstore/dify/0.15.3/envs/global.env create mode 100644 appstore/dify/0.15.3/scripts/init.sh create mode 100644 appstore/dify/0.15.3/scripts/uninstall.sh create mode 100644 appstore/dify/0.15.3/scripts/upgrade.sh create mode 100644 appstore/dify/README.md create mode 100644 appstore/dify/data.yml create mode 100644 appstore/dify/logo.png create mode 100644 dockge/dify/.env create mode 100644 dockge/dify/conf/certbot/README.md create mode 100644 dockge/dify/conf/certbot/docker-entrypoint.sh create mode 100644 dockge/dify/conf/certbot/update-cert.template.txt create mode 100644 dockge/dify/conf/couchbase-server/Dockerfile create mode 100644 dockge/dify/conf/couchbase-server/init-cbserver.sh create mode 100644 dockge/dify/conf/elasticsearch/docker-entrypoint.sh create mode 100644 dockge/dify/conf/nginx/conf.d/default.conf.template create mode 100644 dockge/dify/conf/nginx/docker-entrypoint.sh create mode 100644 dockge/dify/conf/nginx/https.conf.template create mode 100644 dockge/dify/conf/nginx/nginx.conf.template create mode 100644 dockge/dify/conf/nginx/proxy.conf.template create mode 100644 dockge/dify/conf/nginx/ssl/.gitkeep create mode 100644 dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh create mode 100644 dockge/dify/conf/ssrf_proxy/squid.conf.template create mode 100644 dockge/dify/conf/startupscripts/init.sh create mode 100644 dockge/dify/conf/startupscripts/init_user.script create mode 100644 dockge/dify/conf/tidb/config/pd.toml create mode 100644 dockge/dify/conf/tidb/config/tiflash-learner.toml create mode 100644 dockge/dify/conf/tidb/config/tiflash.toml create mode 100644 dockge/dify/conf/tidb/docker-compose.yaml create mode 100644 dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml create mode 100644 dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql create mode 100644 dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml create mode 100644 dockge/dify/conf/volumes/sandbox/conf/config.yaml create mode 100644 dockge/dify/conf/volumes/sandbox/conf/config.yaml.example create mode 100644 dockge/dify/conf/volumes/sandbox/dependencies/python-requirements.txt create mode 100644 dockge/dify/docker-compose.yml create mode 100644 dockge/dify/envs/default.env create mode 100644 dockge/dify/envs/dify.env create mode 100644 dockge/dify/envs/global.env diff --git a/appstore/dify/0.15.3/.env b/appstore/dify/0.15.3/.env new file mode 100644 index 00000000..def4d50c --- /dev/null +++ b/appstore/dify/0.15.3/.env @@ -0,0 +1,24 @@ +# 数据持久化路径 [必填] +DIFY_ROOT_PATH=/home/dify + +# WebUI 端口 [必填] +PANEL_APP_PORT_HTTP=8080 + +# WebUI SSL 端口 [必填] +PANEL_APP_PORT_HTTPS=8443 + +# Milvus 端口 [必填] +MILVUS_STANDALONE_PORT1=19530 + +# Milvus 端口 [必填] +MILVUS_STANDALONE_PORT2=9091 + +# MyScale 端口 [必填] +MYSCALE_PORT=8123 + +# Elasticsearch 端口 [必填] +ELASTICSEARCH_PORT=9200 + +# Kibana 端口 [必填] +KIBANA_PORT=5601 + diff --git a/appstore/dify/0.15.3/conf/certbot/README.md b/appstore/dify/0.15.3/conf/certbot/README.md new file mode 100644 index 00000000..21be34b3 --- /dev/null +++ b/appstore/dify/0.15.3/conf/certbot/README.md @@ -0,0 +1,76 @@ +# Launching new servers with SSL certificates + +## Short description + +docker compose certbot configurations with Backward compatibility (without certbot container). +Use `docker compose --profile certbot up` to use this features. + +## The simplest way for launching new servers with SSL certificates + +1. Get letsencrypt certs + set `.env` values + ```properties + NGINX_SSL_CERT_FILENAME=fullchain.pem + NGINX_SSL_CERT_KEY_FILENAME=privkey.pem + NGINX_ENABLE_CERTBOT_CHALLENGE=true + CERTBOT_DOMAIN=your_domain.com + CERTBOT_EMAIL=example@your_domain.com + ``` + execute command: + ```shell + docker network prune + docker compose --profile certbot up --force-recreate -d + ``` + then after the containers launched: + ```shell + docker compose exec -it certbot /bin/sh /update-cert.sh + ``` +2. Edit `.env` file and `docker compose --profile certbot up` again. + set `.env` value additionally + ```properties + NGINX_HTTPS_ENABLED=true + ``` + execute command: + ```shell + docker compose --profile certbot up -d --no-deps --force-recreate nginx + ``` + Then you can access your serve with HTTPS. + [https://your_domain.com](https://your_domain.com) + +## SSL certificates renewal + +For SSL certificates renewal, execute commands below: + +```shell +docker compose exec -it certbot /bin/sh /update-cert.sh +docker compose exec nginx nginx -s reload +``` + +## Options for certbot + +`CERTBOT_OPTIONS` key might be helpful for testing. i.e., + +```properties +CERTBOT_OPTIONS=--dry-run +``` + +To apply changes to `CERTBOT_OPTIONS`, regenerate the certbot container before updating the certificates. + +```shell +docker compose --profile certbot up -d --no-deps --force-recreate certbot +docker compose exec -it certbot /bin/sh /update-cert.sh +``` + +Then, reload the nginx container if necessary. + +```shell +docker compose exec nginx nginx -s reload +``` + +## For legacy servers + +To use cert files dir `nginx/ssl` as before, simply launch containers WITHOUT `--profile certbot` option. + +```shell +docker compose up -d +``` diff --git a/appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh new file mode 100644 index 00000000..a70ecd82 --- /dev/null +++ b/appstore/dify/0.15.3/conf/certbot/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +printf '%s\n' "Docker entrypoint script is running" + +printf '%s\n' "\nChecking specific environment variables:" +printf '%s\n' "CERTBOT_EMAIL: ${CERTBOT_EMAIL:-Not set}" +printf '%s\n' "CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-Not set}" +printf '%s\n' "CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-Not set}" + +printf '%s\n' "\nChecking mounted directories:" +for dir in "/etc/letsencrypt" "/var/www/html" "/var/log/letsencrypt"; do + if [ -d "$dir" ]; then + printf '%s\n' "$dir exists. Contents:" + ls -la "$dir" + else + printf '%s\n' "$dir does not exist." + fi +done + +printf '%s\n' "\nGenerating update-cert.sh from template" +sed -e "s|\${CERTBOT_EMAIL}|$CERTBOT_EMAIL|g" \ + -e "s|\${CERTBOT_DOMAIN}|$CERTBOT_DOMAIN|g" \ + -e "s|\${CERTBOT_OPTIONS}|$CERTBOT_OPTIONS|g" \ + /update-cert.template.txt > /update-cert.sh + +chmod +x /update-cert.sh + +printf '%s\n' "\nExecuting command:" "$@" +exec "$@" diff --git a/appstore/dify/0.15.3/conf/certbot/update-cert.template.txt b/appstore/dify/0.15.3/conf/certbot/update-cert.template.txt new file mode 100644 index 00000000..16786a19 --- /dev/null +++ b/appstore/dify/0.15.3/conf/certbot/update-cert.template.txt @@ -0,0 +1,19 @@ +#!/bin/bash +set -e + +DOMAIN="${CERTBOT_DOMAIN}" +EMAIL="${CERTBOT_EMAIL}" +OPTIONS="${CERTBOT_OPTIONS}" +CERT_NAME="${DOMAIN}" # 証明書名をドメイン名と同じにする + +# Check if the certificate already exists +if [ -f "/etc/letsencrypt/renewal/${CERT_NAME}.conf" ]; then + echo "Certificate exists. Attempting to renew..." + certbot renew --noninteractive --cert-name ${CERT_NAME} --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email ${OPTIONS} +else + echo "Certificate does not exist. Obtaining a new certificate..." + certbot certonly --noninteractive --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email -d ${DOMAIN} ${OPTIONS} +fi +echo "Certificate operation successful" +# Note: Nginx reload should be handled outside this container +echo "Please ensure to reload Nginx to apply any certificate changes." diff --git a/appstore/dify/0.15.3/conf/couchbase-server/Dockerfile b/appstore/dify/0.15.3/conf/couchbase-server/Dockerfile new file mode 100644 index 00000000..bd8af641 --- /dev/null +++ b/appstore/dify/0.15.3/conf/couchbase-server/Dockerfile @@ -0,0 +1,4 @@ +FROM couchbase/server:latest AS stage_base +# FROM couchbase:latest AS stage_base +COPY init-cbserver.sh /opt/couchbase/init/ +RUN chmod +x /opt/couchbase/init/init-cbserver.sh \ No newline at end of file diff --git a/appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh b/appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh new file mode 100644 index 00000000..e66bc185 --- /dev/null +++ b/appstore/dify/0.15.3/conf/couchbase-server/init-cbserver.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# used to start couchbase server - can't get around this as docker compose only allows you to start one command - so we have to start couchbase like the standard couchbase Dockerfile would +# https://github.com/couchbase/docker/blob/master/enterprise/couchbase-server/7.2.0/Dockerfile#L88 + +/entrypoint.sh couchbase-server & + +# track if setup is complete so we don't try to setup again +FILE=/opt/couchbase/init/setupComplete.txt + +if ! [ -f "$FILE" ]; then + # used to automatically create the cluster based on environment variables + # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-cluster-init.html + + echo $COUCHBASE_ADMINISTRATOR_USERNAME ":" $COUCHBASE_ADMINISTRATOR_PASSWORD + + sleep 20s + /opt/couchbase/bin/couchbase-cli cluster-init -c 127.0.0.1 \ + --cluster-username $COUCHBASE_ADMINISTRATOR_USERNAME \ + --cluster-password $COUCHBASE_ADMINISTRATOR_PASSWORD \ + --services data,index,query,fts \ + --cluster-ramsize $COUCHBASE_RAM_SIZE \ + --cluster-index-ramsize $COUCHBASE_INDEX_RAM_SIZE \ + --cluster-eventing-ramsize $COUCHBASE_EVENTING_RAM_SIZE \ + --cluster-fts-ramsize $COUCHBASE_FTS_RAM_SIZE \ + --index-storage-setting default + + sleep 2s + + # used to auto create the bucket based on environment variables + # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-bucket-create.html + + /opt/couchbase/bin/couchbase-cli bucket-create -c localhost:8091 \ + --username $COUCHBASE_ADMINISTRATOR_USERNAME \ + --password $COUCHBASE_ADMINISTRATOR_PASSWORD \ + --bucket $COUCHBASE_BUCKET \ + --bucket-ramsize $COUCHBASE_BUCKET_RAMSIZE \ + --bucket-type couchbase + + # create file so we know that the cluster is setup and don't run the setup again + touch $FILE +fi + # docker compose will stop the container from running unless we do this + # known issue and workaround + tail -f /dev/null diff --git a/appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh new file mode 100644 index 00000000..6669aec5 --- /dev/null +++ b/appstore/dify/0.15.3/conf/elasticsearch/docker-entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +if [ "${VECTOR_STORE}" = "elasticsearch-ja" ]; then + # Check if the ICU tokenizer plugin is installed + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-icu; then + printf '%s\n' "Installing the ICU tokenizer plugin" + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu; then + printf '%s\n' "Failed to install the ICU tokenizer plugin" + exit 1 + fi + fi + # Check if the Japanese language analyzer plugin is installed + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-kuromoji; then + printf '%s\n' "Installing the Japanese language analyzer plugin" + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji; then + printf '%s\n' "Failed to install the Japanese language analyzer plugin" + exit 1 + fi + fi +fi + +# Run the original entrypoint script +exec /bin/tini -- /usr/local/bin/docker-entrypoint.sh diff --git a/appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template b/appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template new file mode 100644 index 00000000..9691122c --- /dev/null +++ b/appstore/dify/0.15.3/conf/nginx/conf.d/default.conf.template @@ -0,0 +1,37 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +server { + listen ${NGINX_PORT}; + server_name ${NGINX_SERVER_NAME}; + + location /console/api { + proxy_pass http://api:5001; + include proxy.conf; + } + + location /api { + proxy_pass http://api:5001; + include proxy.conf; + } + + location /v1 { + proxy_pass http://api:5001; + include proxy.conf; + } + + location /files { + proxy_pass http://api:5001; + include proxy.conf; + } + + location / { + proxy_pass http://web:3000; + include proxy.conf; + } + + # placeholder for acme challenge location + ${ACME_CHALLENGE_LOCATION} + + # placeholder for https config defined in https.conf.template + ${HTTPS_CONFIG} +} diff --git a/appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh new file mode 100644 index 00000000..d343cb3e --- /dev/null +++ b/appstore/dify/0.15.3/conf/nginx/docker-entrypoint.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then + # Check if the certificate and key files for the specified domain exist + if [ -n "${CERTBOT_DOMAIN}" ] && \ + [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \ + [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then + SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" + SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" + else + SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}" + SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}" + fi + export SSL_CERTIFICATE_PATH + export SSL_CERTIFICATE_KEY_PATH + + # set the HTTPS_CONFIG environment variable to the content of the https.conf.template + HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template) + export HTTPS_CONFIG + # Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template + envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf +fi + +if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then + ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }' +else + ACME_CHALLENGE_LOCATION='' +fi +export ACME_CHALLENGE_LOCATION + +env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -) + +envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf +envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf + +envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf + +# Start Nginx using the default entrypoint +exec nginx -g 'daemon off;' \ No newline at end of file diff --git a/appstore/dify/0.15.3/conf/nginx/https.conf.template b/appstore/dify/0.15.3/conf/nginx/https.conf.template new file mode 100644 index 00000000..95ea36f4 --- /dev/null +++ b/appstore/dify/0.15.3/conf/nginx/https.conf.template @@ -0,0 +1,9 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +listen ${NGINX_SSL_PORT} ssl; +ssl_certificate ${SSL_CERTIFICATE_PATH}; +ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH}; +ssl_protocols ${NGINX_SSL_PROTOCOLS}; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:SSL:10m; +ssl_session_timeout 10m; \ No newline at end of file diff --git a/appstore/dify/0.15.3/conf/nginx/nginx.conf.template b/appstore/dify/0.15.3/conf/nginx/nginx.conf.template new file mode 100644 index 00000000..32a57165 --- /dev/null +++ b/appstore/dify/0.15.3/conf/nginx/nginx.conf.template @@ -0,0 +1,34 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +user nginx; +worker_processes ${NGINX_WORKER_PROCESSES}; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT}; + + #gzip on; + client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE}; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/appstore/dify/0.15.3/conf/nginx/proxy.conf.template b/appstore/dify/0.15.3/conf/nginx/proxy.conf.template new file mode 100644 index 00000000..117f8061 --- /dev/null +++ b/appstore/dify/0.15.3/conf/nginx/proxy.conf.template @@ -0,0 +1,11 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +proxy_set_header Host $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Port $server_port; +proxy_http_version 1.1; +proxy_set_header Connection ""; +proxy_buffering off; +proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT}; +proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT}; diff --git a/appstore/dify/0.15.3/conf/nginx/ssl/.gitkeep b/appstore/dify/0.15.3/conf/nginx/ssl/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh b/appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh new file mode 100644 index 00000000..613897bb --- /dev/null +++ b/appstore/dify/0.15.3/conf/ssrf_proxy/docker-entrypoint.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Modified based on Squid OCI image entrypoint + +# This entrypoint aims to forward the squid logs to stdout to assist users of +# common container related tooling (e.g., kubernetes, docker-compose, etc) to +# access the service logs. + +# Moreover, it invokes the squid binary, leaving all the desired parameters to +# be provided by the "command" passed to the spawned container. If no command +# is provided by the user, the default behavior (as per the CMD statement in +# the Dockerfile) will be to use Ubuntu's default configuration [1] and run +# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided +# systemd unit. + +# [1] The default configuration is changed in the Dockerfile to allow local +# network connections. See the Dockerfile for further information. + +echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process" +if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then + /usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1 +fi + +tail -F /var/log/squid/access.log 2>/dev/null & +tail -F /var/log/squid/error.log 2>/dev/null & +tail -F /var/log/squid/store.log 2>/dev/null & +tail -F /var/log/squid/cache.log 2>/dev/null & + +# Replace environment variables in the template and output to the squid.conf +echo "[ENTRYPOINT] replacing environment variables in the template" +awk '{ + while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) { + var = substr($0, RSTART+2, RLENGTH-3) + val = ENVIRON[var] + $0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH) + } + print +}' /etc/squid/squid.conf.template > /etc/squid/squid.conf + +/usr/sbin/squid -Nz +echo "[ENTRYPOINT] starting squid" +/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1 diff --git a/appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template b/appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template new file mode 100644 index 00000000..676fe737 --- /dev/null +++ b/appstore/dify/0.15.3/conf/ssrf_proxy/squid.conf.template @@ -0,0 +1,51 @@ +acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) +acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) +acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) +acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines +acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) +acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) +acl localnet src fc00::/7 # RFC 4193 local private network range +acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines +acl SSL_ports port 443 +# acl SSL_ports port 1025-65535 # Enable the configuration to resolve this issue: https://github.com/langgenius/dify/issues/12792 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow localhost manager +http_access deny manager +http_access allow localhost +include /etc/squid/conf.d/*.conf +http_access deny all + +################################## Proxy Server ################################ +http_port ${HTTP_PORT} +coredump_dir ${COREDUMP_DIR} +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 +refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims +refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims +refresh_pattern \/InRelease$ 0 0% 0 refresh-ims +refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims +refresh_pattern . 0 20% 4320 + + +# cache_dir ufs /var/spool/squid 100 16 256 +# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks +# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default + +################################## Reverse Proxy To Sandbox ################################ +http_port ${REVERSE_PROXY_PORT} accel vhost +cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver +acl src_all src all +http_access allow src_all diff --git a/appstore/dify/0.15.3/conf/startupscripts/init.sh b/appstore/dify/0.15.3/conf/startupscripts/init.sh new file mode 100644 index 00000000..c6e6e196 --- /dev/null +++ b/appstore/dify/0.15.3/conf/startupscripts/init.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +DB_INITIALIZED="/opt/oracle/oradata/dbinit" +#[ -f ${DB_INITIALIZED} ] && exit +#touch ${DB_INITIALIZED} +if [ -f ${DB_INITIALIZED} ]; then + echo 'File exists. Standards for have been Init' + exit +else + echo 'File does not exist. Standards for first time Start up this DB' + "$ORACLE_HOME"/bin/sqlplus -s "/ as sysdba" @"/opt/oracle/scripts/startup/init_user.script"; + touch ${DB_INITIALIZED} +fi diff --git a/appstore/dify/0.15.3/conf/startupscripts/init_user.script b/appstore/dify/0.15.3/conf/startupscripts/init_user.script new file mode 100644 index 00000000..7aa7c280 --- /dev/null +++ b/appstore/dify/0.15.3/conf/startupscripts/init_user.script @@ -0,0 +1,10 @@ +show pdbs; +ALTER SYSTEM SET PROCESSES=500 SCOPE=SPFILE; +alter session set container= freepdb1; +create user dify identified by dify DEFAULT TABLESPACE users quota unlimited on users; +grant DB_DEVELOPER_ROLE to dify; + +BEGIN +CTX_DDL.CREATE_PREFERENCE('my_chinese_vgram_lexer','CHINESE_VGRAM_LEXER'); +END; +/ diff --git a/appstore/dify/0.15.3/conf/tidb/config/pd.toml b/appstore/dify/0.15.3/conf/tidb/config/pd.toml new file mode 100644 index 00000000..042b251e --- /dev/null +++ b/appstore/dify/0.15.3/conf/tidb/config/pd.toml @@ -0,0 +1,4 @@ +# PD Configuration File reference: +# https://docs.pingcap.com/tidb/stable/pd-configuration-file#pd-configuration-file +[replication] +max-replicas = 1 \ No newline at end of file diff --git a/appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml b/appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml new file mode 100644 index 00000000..5098829a --- /dev/null +++ b/appstore/dify/0.15.3/conf/tidb/config/tiflash-learner.toml @@ -0,0 +1,13 @@ +# TiFlash tiflash-learner.toml Configuration File reference: +# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflash-learnertoml-file + +log-file = "/logs/tiflash_tikv.log" + +[server] +engine-addr = "tiflash:4030" +addr = "0.0.0.0:20280" +advertise-addr = "tiflash:20280" +status-addr = "tiflash:20292" + +[storage] +data-dir = "/data/flash" diff --git a/appstore/dify/0.15.3/conf/tidb/config/tiflash.toml b/appstore/dify/0.15.3/conf/tidb/config/tiflash.toml new file mode 100644 index 00000000..30ac13ef --- /dev/null +++ b/appstore/dify/0.15.3/conf/tidb/config/tiflash.toml @@ -0,0 +1,19 @@ +# TiFlash tiflash.toml Configuration File reference: +# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflashtoml-file + +listen_host = "0.0.0.0" +path = "/data" + +[flash] +tidb_status_addr = "tidb:10080" +service_addr = "tiflash:4030" + +[flash.proxy] +config = "/tiflash-learner.toml" + +[logger] +errorlog = "/logs/tiflash_error.log" +log = "/logs/tiflash.log" + +[raft] +pd_addr = "pd0:2379" diff --git a/appstore/dify/0.15.3/conf/tidb/docker-compose.yaml b/appstore/dify/0.15.3/conf/tidb/docker-compose.yaml new file mode 100644 index 00000000..fa157701 --- /dev/null +++ b/appstore/dify/0.15.3/conf/tidb/docker-compose.yaml @@ -0,0 +1,62 @@ +services: + pd0: + image: pingcap/pd:v8.5.1 + # ports: + # - "2379" + volumes: + - ./config/pd.toml:/pd.toml:ro + - ./volumes/data:/data + - ./volumes/logs:/logs + command: + - --name=pd0 + - --client-urls=http://0.0.0.0:2379 + - --peer-urls=http://0.0.0.0:2380 + - --advertise-client-urls=http://pd0:2379 + - --advertise-peer-urls=http://pd0:2380 + - --initial-cluster=pd0=http://pd0:2380 + - --data-dir=/data/pd + - --config=/pd.toml + - --log-file=/logs/pd.log + restart: on-failure + tikv: + image: pingcap/tikv:v8.5.1 + volumes: + - ./volumes/data:/data + - ./volumes/logs:/logs + command: + - --addr=0.0.0.0:20160 + - --advertise-addr=tikv:20160 + - --status-addr=tikv:20180 + - --data-dir=/data/tikv + - --pd=pd0:2379 + - --log-file=/logs/tikv.log + depends_on: + - "pd0" + restart: on-failure + tidb: + image: pingcap/tidb:v8.5.1 + # ports: + # - "4000:4000" + volumes: + - ./volumes/logs:/logs + command: + - --advertise-address=tidb + - --store=tikv + - --path=pd0:2379 + - --log-file=/logs/tidb.log + depends_on: + - "tikv" + restart: on-failure + tiflash: + image: pingcap/tiflash:v8.5.1 + volumes: + - ./config/tiflash.toml:/tiflash.toml:ro + - ./config/tiflash-learner.toml:/tiflash-learner.toml:ro + - ./volumes/data:/data + - ./volumes/logs:/logs + command: + - --config=/tiflash.toml + depends_on: + - "tikv" + - "tidb" + restart: on-failure diff --git a/appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml b/appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml new file mode 100644 index 00000000..67f24b69 --- /dev/null +++ b/appstore/dify/0.15.3/conf/volumes/myscale/config/users.d/custom_users_config.xml @@ -0,0 +1,17 @@ + + + + + + ::1 + 127.0.0.1 + 10.0.0.0/8 + 172.16.0.0/12 + 192.168.0.0/16 + + default + default + 1 + + + \ No newline at end of file diff --git a/appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql b/appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql new file mode 100644 index 00000000..3dd2fdd5 --- /dev/null +++ b/appstore/dify/0.15.3/conf/volumes/oceanbase/init.d/vec_memory.sql @@ -0,0 +1,2 @@ +ALTER +SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml b/appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml new file mode 100644 index 00000000..bd49444b --- /dev/null +++ b/appstore/dify/0.15.3/conf/volumes/opensearch/opensearch_dashboards.yml @@ -0,0 +1,222 @@ +--- +# Copyright OpenSearch Contributors +# SPDX-License-Identifier: Apache-2.0 + +# Description: +# Default configuration for OpenSearch Dashboards + +# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use. +# server.port: 5601 + +# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +# server.host: "localhost" + +# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +# server.basePath: "" + +# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +# server.maxPayloadBytes: 1048576 + +# The OpenSearch Dashboards server's name. This is used for display purposes. +# server.name: "your-hostname" + +# The URLs of the OpenSearch instances to use for all your queries. +# opensearch.hosts: ["http://localhost:9200"] + +# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and +# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist. +# opensearchDashboards.index: ".opensearch_dashboards" + +# The default application to load. +# opensearchDashboards.defaultAppId: "home" + +# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck. +# This settings should be used for large clusters or for clusters with ingest heavy nodes. +# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes. +# +# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting +# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up +# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id: +# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here +# opensearch.optimizedHealthcheckId: "cluster_id" + +# If your OpenSearch is protected with basic authentication, these settings provide +# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards +# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which +# is proxied through the OpenSearch Dashboards server. +# opensearch.username: "opensearch_dashboards_system" +# opensearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser. +# server.ssl.enabled: false +# server.ssl.certificate: /path/to/your/server.crt +# server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when +# xpack.security.http.ssl.client_authentication in OpenSearch is set to required. +# opensearch.ssl.certificate: /path/to/your/client.crt +# opensearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your OpenSearch instance. +# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +# opensearch.ssl.verificationMode: full + +# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of +# the opensearch.requestTimeout setting. +# opensearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or OpenSearch. This value +# must be a positive integer. +# opensearch.requestTimeout: 30000 + +# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side +# headers, set this value to [] (an empty list). +# opensearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration. +# opensearch.customHeaders: {} + +# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable. +# opensearch.shardTimeout: 30000 + +# Logs queries sent to OpenSearch. Requires logging.verbose set to true. +# opensearch.logQueries: false + +# Specifies the path where OpenSearch Dashboards creates the process ID file. +# pid.file: /var/run/opensearchDashboards.pid + +# Enables you to specify a file where OpenSearch Dashboards stores log output. +# logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +# logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +# logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +# logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +# ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +# i18n.locale: "en" + +# Set the allowlist to check input graphite Url. Allowlist is the default check list. +# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite'] + +# Set the blocklist to check input graphite Url. Blocklist is an IP list. +# Below is an example for reference +# vis_type_timeline.graphiteBlockedIPs: [ +# //Loopback +# '127.0.0.0/8', +# '::1/128', +# //Link-local Address for IPv6 +# 'fe80::/10', +# //Private IP address for IPv4 +# '10.0.0.0/8', +# '172.16.0.0/12', +# '192.168.0.0/16', +# //Unique local address (ULA) +# 'fc00::/7', +# //Reserved IP address +# '0.0.0.0/8', +# '100.64.0.0/10', +# '192.0.0.0/24', +# '192.0.2.0/24', +# '198.18.0.0/15', +# '192.88.99.0/24', +# '198.51.100.0/24', +# '203.0.113.0/24', +# '224.0.0.0/4', +# '240.0.0.0/4', +# '255.255.255.255/32', +# '::/128', +# '2001:db8::/32', +# 'ff00::/8', +# ] +# vis_type_timeline.graphiteBlockedIPs: [] + +# opensearchDashboards.branding: +# logo: +# defaultUrl: "" +# darkModeUrl: "" +# mark: +# defaultUrl: "" +# darkModeUrl: "" +# loadingLogo: +# defaultUrl: "" +# darkModeUrl: "" +# faviconUrl: "" +# applicationTitle: "" + +# Set the value of this setting to true to capture region blocked warnings and errors +# for your map rendering services. +# map.showRegionBlockedWarning: false% + +# Set the value of this setting to false to suppress search usage telemetry +# for reducing the load of OpenSearch cluster. +# data.search.usageTelemetry.enabled: false + +# 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false' +# Set the value of this setting to false to disable VisBuilder +# functionality in Visualization. +# vis_builder.enabled: false + +# 2.4 New Experimental Feature +# Set the value of this setting to true to enable the experimental multiple data source +# support feature. Use with caution. +# data_source.enabled: false +# Set the value of these settings to customize crypto materials to encryption saved credentials +# in data sources. +# data_source.encryption.wrappingKeyName: 'changeme' +# data_source.encryption.wrappingKeyNamespace: 'changeme' +# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + +# 2.6 New ML Commons Dashboards Feature +# Set the value of this setting to true to enable the ml commons dashboards +# ml_commons_dashboards.enabled: false + +# 2.12 New experimental Assistant Dashboards Feature +# Set the value of this setting to true to enable the assistant dashboards +# assistant.chat.enabled: false + +# 2.13 New Query Assistant Feature +# Set the value of this setting to false to disable the query assistant +# observability.query_assist.enabled: false + +# 2.14 Enable Ui Metric Collectors in Usage Collector +# Set the value of this setting to true to enable UI Metric collections +# usageCollection.uiMetric.enabled: false + +opensearch.hosts: [ https://localhost:9200 ] +opensearch.ssl.verificationMode: none +opensearch.username: admin +opensearch.password: 'Qazwsxedc!@#123' +opensearch.requestHeadersWhitelist: [ authorization, securitytenant ] + +opensearch_security.multitenancy.enabled: true +opensearch_security.multitenancy.tenants.preferred: [ Private, Global ] +opensearch_security.readonly_mode.roles: [ kibana_read_only ] +# Use this setting if you are running opensearch-dashboards without https +opensearch_security.cookie.secure: false +server.host: '0.0.0.0' diff --git a/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml new file mode 100644 index 00000000..8c1a1deb --- /dev/null +++ b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml @@ -0,0 +1,14 @@ +app: + port: 8194 + debug: True + key: dify-sandbox +max_workers: 4 +max_requests: 50 +worker_timeout: 5 +python_path: /usr/local/bin/python3 +enable_network: True # please make sure there is no network risk in your environment +allowed_syscalls: # please leave it empty if you have no idea how seccomp works +proxy: + socks5: '' + http: '' + https: '' diff --git a/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example new file mode 100644 index 00000000..f92c19e5 --- /dev/null +++ b/appstore/dify/0.15.3/conf/volumes/sandbox/conf/config.yaml.example @@ -0,0 +1,35 @@ +app: + port: 8194 + debug: True + key: dify-sandbox +max_workers: 4 +max_requests: 50 +worker_timeout: 5 +python_path: /usr/local/bin/python3 +python_lib_path: + - /usr/local/lib/python3.10 + - /usr/lib/python3.10 + - /usr/lib/python3 + - /usr/lib/x86_64-linux-gnu + - /etc/ssl/certs/ca-certificates.crt + - /etc/nsswitch.conf + - /etc/hosts + - /etc/resolv.conf + - /run/systemd/resolve/stub-resolv.conf + - /run/resolvconf/resolv.conf + - /etc/localtime + - /usr/share/zoneinfo + - /etc/timezone + # add more paths if needed +python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple +nodejs_path: /usr/local/bin/node +enable_network: True +allowed_syscalls: + - 1 + - 2 + - 3 + # add all the syscalls which you require +proxy: + socks5: '' + http: '' + https: '' diff --git a/appstore/dify/0.15.3/conf/volumes/sandbox/dependencies/python-requirements.txt b/appstore/dify/0.15.3/conf/volumes/sandbox/dependencies/python-requirements.txt new file mode 100644 index 00000000..e69de29b diff --git a/appstore/dify/0.15.3/data.yml b/appstore/dify/0.15.3/data.yml new file mode 100644 index 00000000..5064d8b3 --- /dev/null +++ b/appstore/dify/0.15.3/data.yml @@ -0,0 +1,65 @@ +additionalProperties: + formFields: + - default: "/home/dify" + edit: true + envKey: DIFY_ROOT_PATH + labelZh: 数据持久化路径 + labelEn: Data persistence path + required: true + type: text + - default: 8080 + edit: true + envKey: PANEL_APP_PORT_HTTP + labelZh: WebUI 端口 + labelEn: WebUI port + required: true + rule: paramPort + type: number + - default: 8443 + edit: true + envKey: PANEL_APP_PORT_HTTPS + labelZh: WebUI SSL 端口 + labelEn: WebUI SSL port + required: true + rule: paramPort + type: number + - default: 19530 + disabled: true + envKey: MILVUS_STANDALONE_PORT1 + labelZh: Milvus 端口 + labelEn: Milvus port + required: true + rule: paramPort + type: number + - default: 9091 + disabled: true + envKey: MILVUS_STANDALONE_PORT2 + labelZh: Milvus 端口 + labelEn: Milvus port + required: true + rule: paramPort + type: number + - default: 8123 + edit: true + envKey: MYSCALE_PORT + labelZh: MyScale 端口 + labelEn: MyScale port + required: true + rule: paramPort + type: number + - default: 9200 + edit: true + envKey: ELASTICSEARCH_PORT + labelZh: Elasticsearch 端口 + labelEn: Elasticsearch port + required: true + rule: paramPort + type: number + - default: 5601 + edit: true + envKey: KIBANA_PORT + labelZh: Kibana 端口 + labelEn: Kibana port + required: true + rule: paramPort + type: number diff --git a/appstore/dify/0.15.3/docker-compose.yml b/appstore/dify/0.15.3/docker-compose.yml new file mode 100644 index 00000000..d3b243de --- /dev/null +++ b/appstore/dify/0.15.3/docker-compose.yml @@ -0,0 +1,1815 @@ +networks: + milvus: + driver: bridge + opensearch-net: + driver: bridge + internal: true + ssrf_proxy_network: + driver: bridge + internal: true +services: + api: + container_name: api-dify + depends_on: + - db + - redis + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} + ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} + ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} + ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} + ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} + ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} + ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} + ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} + ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} + ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} + ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} + ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} + ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} + ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} + ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} + ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} + ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} + ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} + ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} + ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} + API_SENTRY_DSN: ${API_SENTRY_DSN:-} + API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} + API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} + APP_API_URL: ${APP_API_URL:-} + APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} + APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} + APP_WEB_URL: ${APP_WEB_URL:-} + AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} + AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} + AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} + AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} + BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} + BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} + BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} + BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} + BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} + BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} + BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} + BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} + BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} + BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} + BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} + BROKER_USE_SSL: ${BROKER_USE_SSL:-false} + CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} + CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} + CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} + CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} + CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} + CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} + CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} + CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} + CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} + CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} + CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} + CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} + CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} + CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} + CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} + CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} + CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + CHROMA_PORT: ${CHROMA_PORT:-8000} + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} + CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} + CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} + CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} + CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} + CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} + CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} + CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} + CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} + CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} + CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} + CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} + CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} + CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} + CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} + CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} + COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} + COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} + COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} + COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} + COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} + CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} + CSP_WHITELIST: ${CSP_WHITELIST:-} + DB_DATABASE: ${DB_DATABASE:-dify} + DB_HOST: ${DB_HOST:-db} + DB_PASSWORD: ${DB_PASSWORD:-difyai123456} + DB_PORT: ${DB_PORT:-5432} + DB_USERNAME: ${DB_USERNAME:-postgres} + DEBUG: ${DEBUG:-false} + DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} + DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} + DIFY_PORT: ${DIFY_PORT:-5001} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} + ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} + ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + ETL_TYPE: ${ETL_TYPE:-dify} + EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} + EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} + FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} + FILES_URL: ${FILES_URL:-} + FLASK_DEBUG: ${FLASK_DEBUG:-false} + GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} + GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} + GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} + HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} + HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} + HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} + HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} + HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} + HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} + INIT_PASSWORD: ${INIT_PASSWORD:-} + INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} + KIBANA_PORT: ${KIBANA_PORT:-5601} + LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} + LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} + LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} + LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} + LOG_FILE: ${LOG_FILE:-/app/logs/server.log} + LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} + LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_TZ: ${LOG_TZ:-UTC} + MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} + MAIL_TYPE: ${MAIL_TYPE:-resend} + MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} + MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} + MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} + MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} + MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} + MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} + MILVUS_TOKEN: ${MILVUS_TOKEN:-} + MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} + MILVUS_USER: ${MILVUS_USER:-root} + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + MODE: api + MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} + MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} + MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} + MYSCALE_HOST: ${MYSCALE_HOST:-myscale} + MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} + MYSCALE_PORT: ${MYSCALE_PORT:-8123} + MYSCALE_USER: ${MYSCALE_USER:-default} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} + NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} + NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} + NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} + OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} + OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} + OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} + OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} + OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} + OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} + OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} + OCI_REGION: ${OCI_REGION:-us-ashburn-1} + OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} + OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} + OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} + OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} + OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} + OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} + OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} + OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} + OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} + OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} + OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} + OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} + ORACLE_HOST: ${ORACLE_HOST:-oracle} + ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} + ORACLE_PORT: ${ORACLE_PORT:-1521} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + ORACLE_USER: ${ORACLE_USER:-dify} + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-${DB_USERNAME}} + PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} + PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} + PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} + PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} + PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} + PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} + PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} + PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + PGVECTOR_USER: ${PGVECTOR_USER:-postgres} + PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} + PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} + PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} + PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} + PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} + POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} + POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} + POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} + POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} + POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} + POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} + POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} + POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} + POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} + POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} + POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} + POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} + PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} + QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} + QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} + QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} + REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} + REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} + REDIS_DB: ${REDIS_DB:-0} + REDIS_HOST: ${REDIS_HOST:-redis} + REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} + REDIS_PORT: ${REDIS_PORT:-6379} + REDIS_SENTINELS: ${REDIS_SENTINELS:-} + REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} + REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} + REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} + REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} + REDIS_USERNAME: ${REDIS_USERNAME:-} + REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} + REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} + REDIS_USE_SSL: ${REDIS_USE_SSL:-false} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} + RELYT_DATABASE: ${RELYT_DATABASE:-postgres} + RELYT_HOST: ${RELYT_HOST:-db} + RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} + RELYT_PORT: ${RELYT_PORT:-5432} + RELYT_USER: ${RELYT_USER:-postgres} + RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} + RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} + RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} + S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} + S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} + S3_ENDPOINT: ${S3_ENDPOINT:-} + S3_REGION: ${S3_REGION:-us-east-1} + S3_SECRET_KEY: ${S3_SECRET_KEY:-} + S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} + SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} + SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} + SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} + SENTRY_DSN: ${API_SENTRY_DSN:-} + SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} + SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} + SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} + SERVICE_API_URL: ${SERVICE_API_URL:-} + SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_PORT: ${SMTP_PORT:-465} + SMTP_SERVER: ${SMTP_SERVER:-} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_USE_TLS: ${SMTP_USE_TLS:-true} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} + SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} + SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} + SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} + SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} + SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} + SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} + SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} + SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} + SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + STORAGE_TYPE: ${STORAGE_TYPE:-opendal} + SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} + SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} + SUPABASE_URL: ${SUPABASE_URL:-your-server-url} + TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} + TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} + TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} + TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} + TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} + TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} + TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} + TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} + TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} + TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} + TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} + TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} + TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} + TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} + TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} + TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} + TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} + TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} + TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} + TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} + TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} + TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} + TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} + TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} + TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} + TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} + TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} + TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} + TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} + UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} + UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} + UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} + UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} + UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} + UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} + UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} + UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} + UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} + VECTOR_STORE: ${VECTOR_STORE:-weaviate} + VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} + VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} + VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} + VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} + VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} + VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} + VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} + VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} + VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} + VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} + VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} + VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} + WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} + WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} + WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} + WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} + WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} + WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} + WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} + WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} + image: langgenius/dify-api:0.15.3 + networks: + - ssrf_proxy_network + - default + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage + certbot: + command: + - tail + - -f + - /dev/null + container_name: certbot-dify + entrypoint: + - /docker-entrypoint.sh + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + - CERTBOT_EMAIL=${CERTBOT_EMAIL} + - CERTBOT_DOMAIN=${CERTBOT_DOMAIN} + - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-} + image: certbot/certbot + profiles: + - certbot + volumes: + - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt + - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html + - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt + - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live + - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt + - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh + chroma: + container_name: chroma-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + image: ghcr.io/chroma-core/chroma:0.5.20 + profiles: + - chroma + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma + couchbase-server: + build: ./couchbase-server + command: sh -c "/opt/couchbase/init/init-cbserver.sh" + container_name: couchbase-server-dify + entrypoint: + - '' + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + - CLUSTER_NAME=dify_search + - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator} + - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password} + - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings} + - COUCHBASE_BUCKET_RAMSIZE=512 + - COUCHBASE_RAM_SIZE=2048 + - COUCHBASE_EVENTING_RAM_SIZE=512 + - COUCHBASE_INDEX_RAM_SIZE=512 + - COUCHBASE_FTS_RAM_SIZE=1024 + healthcheck: + interval: 10s + retries: 10 + start_period: 30s + test: + - CMD-SHELL + - curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets + | grep -q '\[{' || exit 1 + timeout: 10s + hostname: couchbase-server + profiles: + - couchbase + restart: always + stdin_open: true + tty: true + volumes: + - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data + working_dir: /opt/couchbase + db: + command: "postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'\n \ + \ -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'\n -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'\n\ + \ -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'\n\ + \ -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'\n" + container_name: db-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-postgres} + POSTGRES_DB: ${POSTGRES_DB:-dify} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456} + healthcheck: + interval: 1s + retries: 30 + test: + - CMD + - pg_isready + timeout: 3s + image: postgres:15-alpine + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data + elasticsearch: + container_name: elasticsearch-dify + deploy: + resources: + limits: + memory: 2g + entrypoint: + - sh + - -c + - sh /docker-entrypoint-mount.sh + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + VECTOR_STORE: ${VECTOR_STORE:-} + cluster.name: dify-es-cluster + discovery.type: single-node + node.name: dify-es0 + xpack.license.self_generated.type: basic + xpack.security.enabled: 'true' + xpack.security.enrollment.enabled: 'false' + xpack.security.http.ssl.enabled: 'false' + healthcheck: + interval: 30s + retries: 50 + test: + - CMD + - curl + - -s + - http://localhost:9200/_cluster/health?pretty + timeout: 10s + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 + ports: + - ${ELASTICSEARCH_PORT:-9200}:9200 + profiles: + - elasticsearch + - elasticsearch-ja + restart: always + volumes: + - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh + - dify_es01_data:/usr/share/elasticsearch/data + etcd: + command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls + http://0.0.0.0:2379 --data-dir /etcd + container_name: milvus-etcd-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + healthcheck: + interval: 30s + retries: 3 + test: + - CMD + - etcdctl + - endpoint + - health + timeout: 20s + image: quay.io/coreos/etcd:v3.5.5 + networks: + - milvus + profiles: + - milvus + volumes: + - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd + kibana: + container_name: kibana-dify + depends_on: + - elasticsearch + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ELASTICSEARCH_HOSTS: http://elasticsearch:9200 + I18N_LOCALE: zh-CN + NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana + SERVER_PORT: '5601' + XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa + XPACK_FLEET_ISAIRGAPPED: 'true' + XPACK_SECURITY_ENABLED: 'true' + XPACK_SECURITY_ENROLLMENT_ENABLED: 'false' + XPACK_SECURITY_HTTP_SSL_ENABLED: 'false' + healthcheck: + interval: 30s + retries: 3 + test: + - CMD-SHELL + - curl -s http://localhost:5601 >/dev/null || exit 1 + timeout: 10s + image: docker.elastic.co/kibana/kibana:8.14.3 + ports: + - ${KIBANA_PORT:-5601}:5601 + profiles: + - elasticsearch + restart: always + milvus-standalone: + command: + - milvus + - run + - standalone + container_name: milvus-standalone-dify + depends_on: + - etcd + - minio + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true} + healthcheck: + interval: 30s + retries: 3 + start_period: 90s + test: + - CMD + - curl + - -f + - http://localhost:9091/healthz + timeout: 20s + image: milvusdb/milvus:v2.5.0-beta + networks: + - milvus + ports: + - 19530:19530 + - 9091:9091 + profiles: + - milvus + volumes: + - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus + minio: + command: minio server /minio_data --console-address ":9001" + container_name: milvus-minio-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + healthcheck: + interval: 30s + retries: 3 + test: + - CMD + - curl + - -f + - http://localhost:9000/minio/health/live + timeout: 20s + image: minio/minio:RELEASE.2023-03-20T20-16-18Z + networks: + - milvus + profiles: + - milvus + volumes: + - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data + myscale: + container_name: myscale-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + image: myscale/myscaledb:1.6.4 + ports: + - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123} + profiles: + - myscale + restart: always + tty: true + volumes: + - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse + - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server + - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml + nginx: + container_name: nginx-dify + depends_on: + - api + - web + entrypoint: + - sh + - -c + - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\ + \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + image: nginx:latest + ports: + - ${EXPOSE_NGINX_PORT:-80}:${NGINX_PORT:-80} + - ${EXPOSE_NGINX_SSL_PORT:-443}:${NGINX_SSL_PORT:-443} + restart: always + volumes: + - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template + - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template + - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template + - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d + - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh + - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl + - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live + - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt + - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html + oceanbase: + container_name: oceanbase-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OB_SERVER_IP: 127.0.0.1 + OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215 + profiles: + - oceanbase + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob + - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster + - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d + opensearch: + container_name: opensearch-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + image: opensearchproject/opensearch:latest + networks: + - opensearch-net + profiles: + - opensearch + ulimits: + memlock: + hard: ${OPENSEARCH_MEMLOCK_HARD:--1} + soft: ${OPENSEARCH_MEMLOCK_SOFT:--1} + nofile: + hard: ${OPENSEARCH_NOFILE_HARD:-65536} + soft: ${OPENSEARCH_NOFILE_SOFT:-65536} + volumes: + - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data + opensearch-dashboards: + container_name: opensearch-dashboards-dify + depends_on: + - opensearch + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + OPENSEARCH_HOSTS: '["https://opensearch:9200"]' + image: opensearchproject/opensearch-dashboards:latest + networks: + - opensearch-net + profiles: + - opensearch + volumes: + - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml + oracle: + container_name: oracle-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + image: container-registry.oracle.com/database/free:latest + profiles: + - oracle + restart: always + volumes: + - source: oradata + target: /opt/oracle/oradata + type: volume + - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup + pgvecto-rs: + container_name: pgvecto-rs-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGVECTOR_PGUSER:-postgres} + POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + healthcheck: + interval: 1s + retries: 30 + test: + - CMD + - pg_isready + timeout: 3s + image: tensorchord/pgvecto-rs:pg16-v0.3.0 + profiles: + - pgvecto-rs + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data + pgvector: + container_name: pgvector-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGVECTOR_PGUSER:-postgres} + POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + healthcheck: + interval: 1s + retries: 30 + test: + - CMD + - pg_isready + timeout: 3s + image: pgvector/pgvector:pg16 + profiles: + - pgvector + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data + qdrant: + container_name: qdrant-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + image: langgenius/qdrant:v1.7.3 + profiles: + - qdrant + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage + redis: + command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456} + container_name: redis-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456} + healthcheck: + test: + - CMD + - redis-cli + - ping + image: redis:6-alpine + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/redis/data:/data + sandbox: + container_name: sandbox-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + GIN_MODE: ${SANDBOX_GIN_MODE:-release} + HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8194/health + image: langgenius/dify-sandbox:0.2.10 + networks: + - ssrf_proxy_network + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies + ssrf_proxy: + container_name: ssrf_proxy-dify + entrypoint: + - sh + - -c + - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\ + \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + image: ubuntu/squid:latest + networks: + - ssrf_proxy_network + - default + restart: always + volumes: + - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template + - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh + unstructured: + container_name: unstructured-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + image: downloads.unstructured.io/unstructured-io/unstructured-api:latest + profiles: + - unstructured + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data + weaviate: + container_name: weaviate-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false} + AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + image: semitechnologies/weaviate:1.19.0 + profiles: + - '' + - weaviate + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate + web: + container_name: web-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + APP_API_URL: ${APP_API_URL:-} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CSP_WHITELIST: ${CSP_WHITELIST:-} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-} + NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0} + SENTRY_DSN: ${WEB_SENTRY_DSN:-} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-} + image: langgenius/dify-web:0.15.3 + restart: always + worker: + container_name: worker-dify + depends_on: + - db + - redis + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} + ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} + ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} + ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} + ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} + ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} + ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} + ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} + ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} + ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} + ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} + ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} + ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} + ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} + ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} + ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} + ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} + ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} + ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} + ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} + API_SENTRY_DSN: ${API_SENTRY_DSN:-} + API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} + API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} + APP_API_URL: ${APP_API_URL:-} + APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} + APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} + APP_WEB_URL: ${APP_WEB_URL:-} + AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} + AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} + AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} + AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} + BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} + BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} + BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} + BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} + BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} + BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} + BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} + BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} + BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} + BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} + BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} + BROKER_USE_SSL: ${BROKER_USE_SSL:-false} + CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} + CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} + CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} + CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} + CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} + CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} + CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} + CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} + CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} + CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} + CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} + CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} + CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} + CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} + CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} + CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} + CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + CHROMA_PORT: ${CHROMA_PORT:-8000} + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} + CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} + CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} + CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} + CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} + CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} + CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} + CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} + CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} + CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} + CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} + CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} + CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} + CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} + CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} + CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} + COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} + COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} + COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} + COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} + COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} + CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} + CSP_WHITELIST: ${CSP_WHITELIST:-} + DB_DATABASE: ${DB_DATABASE:-dify} + DB_HOST: ${DB_HOST:-db} + DB_PASSWORD: ${DB_PASSWORD:-difyai123456} + DB_PORT: ${DB_PORT:-5432} + DB_USERNAME: ${DB_USERNAME:-postgres} + DEBUG: ${DEBUG:-false} + DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} + DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} + DIFY_PORT: ${DIFY_PORT:-5001} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} + ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} + ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + ETL_TYPE: ${ETL_TYPE:-dify} + EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} + EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} + FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} + FILES_URL: ${FILES_URL:-} + FLASK_DEBUG: ${FLASK_DEBUG:-false} + GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} + GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} + GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} + HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} + HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} + HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} + HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} + HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} + HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} + INIT_PASSWORD: ${INIT_PASSWORD:-} + INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} + KIBANA_PORT: ${KIBANA_PORT:-5601} + LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} + LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} + LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} + LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} + LOG_FILE: ${LOG_FILE:-/app/logs/server.log} + LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} + LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_TZ: ${LOG_TZ:-UTC} + MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} + MAIL_TYPE: ${MAIL_TYPE:-resend} + MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} + MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} + MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} + MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} + MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} + MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} + MILVUS_TOKEN: ${MILVUS_TOKEN:-} + MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} + MILVUS_USER: ${MILVUS_USER:-root} + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + MODE: worker + MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} + MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} + MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} + MYSCALE_HOST: ${MYSCALE_HOST:-myscale} + MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} + MYSCALE_PORT: ${MYSCALE_PORT:-8123} + MYSCALE_USER: ${MYSCALE_USER:-default} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} + NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} + NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} + NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} + OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} + OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} + OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} + OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} + OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} + OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} + OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} + OCI_REGION: ${OCI_REGION:-us-ashburn-1} + OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} + OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} + OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} + OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} + OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} + OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} + OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} + OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} + OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} + OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} + OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} + OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} + ORACLE_HOST: ${ORACLE_HOST:-oracle} + ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} + ORACLE_PORT: ${ORACLE_PORT:-1521} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + ORACLE_USER: ${ORACLE_USER:-dify} + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-${DB_USERNAME}} + PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} + PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} + PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} + PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} + PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} + PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} + PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} + PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + PGVECTOR_USER: ${PGVECTOR_USER:-postgres} + PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} + PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} + PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} + PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} + PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} + POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} + POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} + POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} + POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} + POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} + POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} + POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} + POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} + POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} + POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} + POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} + POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} + PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} + QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} + QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} + QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} + REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} + REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} + REDIS_DB: ${REDIS_DB:-0} + REDIS_HOST: ${REDIS_HOST:-redis} + REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} + REDIS_PORT: ${REDIS_PORT:-6379} + REDIS_SENTINELS: ${REDIS_SENTINELS:-} + REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} + REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} + REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} + REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} + REDIS_USERNAME: ${REDIS_USERNAME:-} + REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} + REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} + REDIS_USE_SSL: ${REDIS_USE_SSL:-false} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} + RELYT_DATABASE: ${RELYT_DATABASE:-postgres} + RELYT_HOST: ${RELYT_HOST:-db} + RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} + RELYT_PORT: ${RELYT_PORT:-5432} + RELYT_USER: ${RELYT_USER:-postgres} + RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} + RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} + RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} + S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} + S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} + S3_ENDPOINT: ${S3_ENDPOINT:-} + S3_REGION: ${S3_REGION:-us-east-1} + S3_SECRET_KEY: ${S3_SECRET_KEY:-} + S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} + SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} + SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} + SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} + SENTRY_DSN: ${API_SENTRY_DSN:-} + SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} + SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} + SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} + SERVICE_API_URL: ${SERVICE_API_URL:-} + SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_PORT: ${SMTP_PORT:-465} + SMTP_SERVER: ${SMTP_SERVER:-} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_USE_TLS: ${SMTP_USE_TLS:-true} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} + SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} + SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} + SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} + SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} + SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} + SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} + SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} + SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} + SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + STORAGE_TYPE: ${STORAGE_TYPE:-opendal} + SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} + SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} + SUPABASE_URL: ${SUPABASE_URL:-your-server-url} + TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} + TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} + TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} + TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} + TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} + TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} + TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} + TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} + TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} + TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} + TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} + TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} + TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} + TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} + TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} + TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} + TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} + TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} + TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} + TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} + TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} + TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} + TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} + TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} + TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} + TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} + TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} + TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} + TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} + UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} + UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} + UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} + UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} + UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} + UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} + UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} + UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} + UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} + VECTOR_STORE: ${VECTOR_STORE:-weaviate} + VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} + VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} + VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} + VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} + VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} + VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} + VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} + VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} + VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} + VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} + VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} + VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} + WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} + WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} + WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} + WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} + WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} + WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} + WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} + WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} + image: langgenius/dify-api:0.15.3 + networks: + - ssrf_proxy_network + - default + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage +volumes: + dify_es01_data: null + oradata: null +x-shared-env: + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} + ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} + ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} + ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} + ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} + ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} + ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} + ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} + ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} + ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} + ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} + ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} + ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} + ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} + ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} + ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} + ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} + ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} + ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} + ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} + API_SENTRY_DSN: ${API_SENTRY_DSN:-} + API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} + API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} + APP_API_URL: ${APP_API_URL:-} + APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} + APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} + APP_WEB_URL: ${APP_WEB_URL:-} + AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} + AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} + AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} + AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} + BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} + BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} + BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} + BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} + BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} + BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} + BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} + BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} + BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} + BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} + BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} + BROKER_USE_SSL: ${BROKER_USE_SSL:-false} + CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} + CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} + CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} + CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} + CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} + CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} + CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} + CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} + CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} + CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} + CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} + CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} + CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} + CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} + CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} + CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} + CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + CHROMA_PORT: ${CHROMA_PORT:-8000} + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} + CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} + CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} + CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} + CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} + CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} + CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} + CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} + CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} + CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} + CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} + CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} + CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} + CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} + CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} + CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} + COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} + COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} + COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} + COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} + COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} + CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} + CSP_WHITELIST: ${CSP_WHITELIST:-} + DB_DATABASE: ${DB_DATABASE:-dify} + DB_HOST: ${DB_HOST:-db} + DB_PASSWORD: ${DB_PASSWORD:-difyai123456} + DB_PORT: ${DB_PORT:-5432} + DB_USERNAME: ${DB_USERNAME:-postgres} + DEBUG: ${DEBUG:-false} + DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} + DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} + DIFY_PORT: ${DIFY_PORT:-5001} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} + ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} + ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + ETL_TYPE: ${ETL_TYPE:-dify} + EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} + EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} + FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} + FILES_URL: ${FILES_URL:-} + FLASK_DEBUG: ${FLASK_DEBUG:-false} + GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} + GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} + GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} + HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} + HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} + HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} + HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} + HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} + HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} + INIT_PASSWORD: ${INIT_PASSWORD:-} + INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} + KIBANA_PORT: ${KIBANA_PORT:-5601} + LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} + LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} + LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} + LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} + LOG_FILE: ${LOG_FILE:-/app/logs/server.log} + LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} + LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_TZ: ${LOG_TZ:-UTC} + MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} + MAIL_TYPE: ${MAIL_TYPE:-resend} + MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} + MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} + MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} + MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} + MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} + MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} + MILVUS_TOKEN: ${MILVUS_TOKEN:-} + MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} + MILVUS_USER: ${MILVUS_USER:-root} + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} + MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} + MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} + MYSCALE_HOST: ${MYSCALE_HOST:-myscale} + MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} + MYSCALE_PORT: ${MYSCALE_PORT:-8123} + MYSCALE_USER: ${MYSCALE_USER:-default} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} + NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} + NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} + NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} + OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} + OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} + OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} + OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} + OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} + OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} + OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} + OCI_REGION: ${OCI_REGION:-us-ashburn-1} + OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} + OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} + OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} + OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} + OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} + OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} + OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} + OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} + OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} + OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} + OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} + OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} + ORACLE_HOST: ${ORACLE_HOST:-oracle} + ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} + ORACLE_PORT: ${ORACLE_PORT:-1521} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + ORACLE_USER: ${ORACLE_USER:-dify} + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-${DB_USERNAME}} + PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} + PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} + PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} + PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} + PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} + PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} + PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} + PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + PGVECTOR_USER: ${PGVECTOR_USER:-postgres} + PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} + PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} + PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} + PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} + PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} + POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} + POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} + POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} + POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} + POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} + POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} + POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} + POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} + POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} + POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} + POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} + POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} + PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} + QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} + QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} + QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} + REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} + REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} + REDIS_DB: ${REDIS_DB:-0} + REDIS_HOST: ${REDIS_HOST:-redis} + REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} + REDIS_PORT: ${REDIS_PORT:-6379} + REDIS_SENTINELS: ${REDIS_SENTINELS:-} + REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} + REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} + REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} + REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} + REDIS_USERNAME: ${REDIS_USERNAME:-} + REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} + REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} + REDIS_USE_SSL: ${REDIS_USE_SSL:-false} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} + RELYT_DATABASE: ${RELYT_DATABASE:-postgres} + RELYT_HOST: ${RELYT_HOST:-db} + RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} + RELYT_PORT: ${RELYT_PORT:-5432} + RELYT_USER: ${RELYT_USER:-postgres} + RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} + RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} + RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} + S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} + S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} + S3_ENDPOINT: ${S3_ENDPOINT:-} + S3_REGION: ${S3_REGION:-us-east-1} + S3_SECRET_KEY: ${S3_SECRET_KEY:-} + S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} + SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} + SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} + SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} + SENTRY_DSN: ${SENTRY_DSN:-} + SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} + SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} + SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} + SERVICE_API_URL: ${SERVICE_API_URL:-} + SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_PORT: ${SMTP_PORT:-465} + SMTP_SERVER: ${SMTP_SERVER:-} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_USE_TLS: ${SMTP_USE_TLS:-true} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} + SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} + SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} + SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} + SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} + SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} + SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} + SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} + SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} + SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + STORAGE_TYPE: ${STORAGE_TYPE:-opendal} + SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} + SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} + SUPABASE_URL: ${SUPABASE_URL:-your-server-url} + TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} + TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} + TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} + TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} + TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} + TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} + TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} + TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} + TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} + TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} + TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} + TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} + TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} + TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} + TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} + TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} + TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} + TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} + TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} + TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} + TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} + TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} + TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} + TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} + TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} + TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} + TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} + TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} + TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} + UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} + UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} + UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} + UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} + UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} + UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} + UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} + UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} + UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} + VECTOR_STORE: ${VECTOR_STORE:-weaviate} + VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} + VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} + VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} + VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} + VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} + VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} + VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} + VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} + VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} + VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} + VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} + VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} + WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} + WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} + WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} + WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} + WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} + WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} + WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} + WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} diff --git a/appstore/dify/0.15.3/envs/default.env b/appstore/dify/0.15.3/envs/default.env new file mode 100644 index 00000000..cd05f46e --- /dev/null +++ b/appstore/dify/0.15.3/envs/default.env @@ -0,0 +1,2 @@ +# copyright© 2024 XinJiang Ms Studio +ENV_FILE=.env diff --git a/appstore/dify/0.15.3/envs/dify.env b/appstore/dify/0.15.3/envs/dify.env new file mode 100644 index 00000000..3bc79059 --- /dev/null +++ b/appstore/dify/0.15.3/envs/dify.env @@ -0,0 +1,938 @@ +# ------------------------------ +# Environment Variables for API service & worker +# ------------------------------ + +# ------------------------------ +# Common Variables +# ------------------------------ + +# The backend URL of the console API, +# used to concatenate the authorization callback. +# If empty, it is the same domain. +# Example: https://api.console.dify.ai +CONSOLE_API_URL= + +# The front-end URL of the console web, +# used to concatenate some front-end addresses and for CORS configuration use. +# If empty, it is the same domain. +# Example: https://console.dify.ai +CONSOLE_WEB_URL= + +# Service API Url, +# used to display Service API Base Url to the front-end. +# If empty, it is the same domain. +# Example: https://api.dify.ai +SERVICE_API_URL= + +# WebApp API backend Url, +# used to declare the back-end URL for the front-end API. +# If empty, it is the same domain. +# Example: https://api.app.dify.ai +APP_API_URL= + +# WebApp Url, +# used to display WebAPP API Base Url to the front-end. +# If empty, it is the same domain. +# Example: https://app.dify.ai +APP_WEB_URL= + +# File preview or download Url prefix. +# used to display File preview or download Url to the front-end or as Multi-model inputs; +# Url is signed and has expiration time. +FILES_URL= + +# ------------------------------ +# Server Configuration +# ------------------------------ + +# The log level for the application. +# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL` +LOG_LEVEL=INFO +# Log file path +LOG_FILE=/app/logs/server.log +# Log file max size, the unit is MB +LOG_FILE_MAX_SIZE=20 +# Log file max backup count +LOG_FILE_BACKUP_COUNT=5 +# Log dateformat +LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S +# Log Timezone +LOG_TZ=UTC + +# Debug mode, default is false. +# It is recommended to turn on this configuration for local development +# to prevent some problems caused by monkey patch. +DEBUG=false + +# Flask debug mode, it can output trace information at the interface when turned on, +# which is convenient for debugging. +FLASK_DEBUG=false + +# A secretkey that is used for securely signing the session cookie +# and encrypting sensitive information on the database. +# You can generate a strong key using `openssl rand -base64 42`. +SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U + +# Password for admin user initialization. +# If left unset, admin user will not be prompted for a password +# when creating the initial admin account. +# The length of the password cannot exceed 30 charactors. +INIT_PASSWORD= + +# Deployment environment. +# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`. +# Testing environment. There will be a distinct color label on the front-end page, +# indicating that this environment is a testing environment. +DEPLOY_ENV=PRODUCTION + +# Whether to enable the version check policy. +# If set to empty, https://updates.dify.ai will be called for version check. +CHECK_UPDATE_URL=https://updates.dify.ai + +# Used to change the OpenAI base address, default is https://api.openai.com/v1. +# When OpenAI cannot be accessed in China, replace it with a domestic mirror address, +# or when a local model provides OpenAI compatible API, it can be replaced. +OPENAI_API_BASE=https://api.openai.com/v1 + +# When enabled, migrations will be executed prior to application startup +# and the application will start after the migrations have completed. +MIGRATION_ENABLED=true + +# File Access Time specifies a time interval in seconds for the file to be accessed. +# The default value is 300 seconds. +FILES_ACCESS_TIMEOUT=300 + +# Access token expiration time in minutes +ACCESS_TOKEN_EXPIRE_MINUTES=60 + +# Refresh token expiration time in days +REFRESH_TOKEN_EXPIRE_DAYS=30 + +# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer. +APP_MAX_ACTIVE_REQUESTS=0 +APP_MAX_EXECUTION_TIME=1200 + +# ------------------------------ +# Container Startup Related Configuration +# Only effective when starting with docker image or docker-compose. +# ------------------------------ + +# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed. +DIFY_BIND_ADDRESS=0.0.0.0 + +# API service binding port number, default 5001. +DIFY_PORT=5001 + +# The number of API server workers, i.e., the number of workers. +# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent +# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers +SERVER_WORKER_AMOUNT=1 + +# Defaults to gevent. If using windows, it can be switched to sync or solo. +SERVER_WORKER_CLASS=gevent + +# Default number of worker connections, the default is 10. +SERVER_WORKER_CONNECTIONS=10 + +# Similar to SERVER_WORKER_CLASS. +# If using windows, it can be switched to sync or solo. +CELERY_WORKER_CLASS= + +# Request handling timeout. The default is 200, +# it is recommended to set it to 360 to support a longer sse connection time. +GUNICORN_TIMEOUT=360 + +# The number of Celery workers. The default is 1, and can be set as needed. +CELERY_WORKER_AMOUNT= + +# Flag indicating whether to enable autoscaling of Celery workers. +# +# Autoscaling is useful when tasks are CPU intensive and can be dynamically +# allocated and deallocated based on the workload. +# +# When autoscaling is enabled, the maximum and minimum number of workers can +# be specified. The autoscaling algorithm will dynamically adjust the number +# of workers within the specified range. +# +# Default is false (i.e., autoscaling is disabled). +# +# Example: +# CELERY_AUTO_SCALE=true +CELERY_AUTO_SCALE=false + +# The maximum number of Celery workers that can be autoscaled. +# This is optional and only used when autoscaling is enabled. +# Default is not set. +CELERY_MAX_WORKERS= + +# The minimum number of Celery workers that can be autoscaled. +# This is optional and only used when autoscaling is enabled. +# Default is not set. +CELERY_MIN_WORKERS= + +# API Tool configuration +API_TOOL_DEFAULT_CONNECT_TIMEOUT=10 +API_TOOL_DEFAULT_READ_TIMEOUT=60 + + +# ------------------------------ +# Database Configuration +# The database uses PostgreSQL. Please use the public schema. +# It is consistent with the configuration in the 'db' service below. +# ------------------------------ + +DB_USERNAME=postgres +DB_PASSWORD=difyai123456 +DB_HOST=db +DB_PORT=5432 +DB_DATABASE=dify +# The size of the database connection pool. +# The default is 30 connections, which can be appropriately increased. +SQLALCHEMY_POOL_SIZE=30 +# Database connection pool recycling time, the default is 3600 seconds. +SQLALCHEMY_POOL_RECYCLE=3600 +# Whether to print SQL, default is false. +SQLALCHEMY_ECHO=false + +# Maximum number of connections to the database +# Default is 100 +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS +POSTGRES_MAX_CONNECTIONS=100 + +# Sets the amount of shared memory used for postgres's shared buffers. +# Default is 128MB +# Recommended value: 25% of available memory +# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS +POSTGRES_SHARED_BUFFERS=128MB + +# Sets the amount of memory used by each database worker for working space. +# Default is 4MB +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM +POSTGRES_WORK_MEM=4MB + +# Sets the amount of memory reserved for maintenance activities. +# Default is 64MB +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM +POSTGRES_MAINTENANCE_WORK_MEM=64MB + +# Sets the planner's assumption about the effective cache size. +# Default is 4096MB +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE +POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB + +# ------------------------------ +# Redis Configuration +# This Redis configuration is used for caching and for pub/sub during conversation. +# ------------------------------ + +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_USERNAME= +REDIS_PASSWORD=difyai123456 +REDIS_USE_SSL=false +REDIS_DB=0 + +# Whether to use Redis Sentinel mode. +# If set to true, the application will automatically discover and connect to the master node through Sentinel. +REDIS_USE_SENTINEL=false + +# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port. +# Format: `:,:,:` +REDIS_SENTINELS= +REDIS_SENTINEL_SERVICE_NAME= +REDIS_SENTINEL_USERNAME= +REDIS_SENTINEL_PASSWORD= +REDIS_SENTINEL_SOCKET_TIMEOUT=0.1 + +# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port. +# Format: `:,:,:` +REDIS_USE_CLUSTERS=false +REDIS_CLUSTERS= +REDIS_CLUSTERS_PASSWORD= + +# ------------------------------ +# Celery Configuration +# ------------------------------ + +# Use redis as the broker, and redis db 1 for celery broker. +# Format as follows: `redis://:@:/` +# Example: redis://:difyai123456@redis:6379/1 +# If use Redis Sentinel, format as follows: `sentinel://:@:/` +# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1 +CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1 +BROKER_USE_SSL=false + +# If you are using Redis Sentinel for high availability, configure the following settings. +CELERY_USE_SENTINEL=false +CELERY_SENTINEL_MASTER_NAME= +CELERY_SENTINEL_SOCKET_TIMEOUT=0.1 + +# ------------------------------ +# CORS Configuration +# Used to set the front-end cross-domain access policy. +# ------------------------------ + +# Specifies the allowed origins for cross-origin requests to the Web API, +# e.g. https://dify.app or * for all origins. +WEB_API_CORS_ALLOW_ORIGINS=* + +# Specifies the allowed origins for cross-origin requests to the console API, +# e.g. https://cloud.dify.ai or * for all origins. +CONSOLE_CORS_ALLOW_ORIGINS=* + +# ------------------------------ +# File Storage Configuration +# ------------------------------ + +# The type of storage to use for storing user files. +STORAGE_TYPE=opendal + +# Apache OpenDAL Configuration +# The configuration for OpenDAL consists of the following format: OPENDAL__. +# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services. +# Dify will scan configurations starting with OPENDAL_ and automatically apply them. +# The scheme name for the OpenDAL storage. +OPENDAL_SCHEME=fs +# Configurations for OpenDAL Local File System. +OPENDAL_FS_ROOT=storage + +# S3 Configuration +# +S3_ENDPOINT= +S3_REGION=us-east-1 +S3_BUCKET_NAME=difyai +S3_ACCESS_KEY= +S3_SECRET_KEY= +# Whether to use AWS managed IAM roles for authenticating with the S3 service. +# If set to false, the access key and secret key must be provided. +S3_USE_AWS_MANAGED_IAM=false + +# Azure Blob Configuration +# +AZURE_BLOB_ACCOUNT_NAME=difyai +AZURE_BLOB_ACCOUNT_KEY=difyai +AZURE_BLOB_CONTAINER_NAME=difyai-container +AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net + +# Google Storage Configuration +# +GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name +GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64= + +# The Alibaba Cloud OSS configurations, +# +ALIYUN_OSS_BUCKET_NAME=your-bucket-name +ALIYUN_OSS_ACCESS_KEY=your-access-key +ALIYUN_OSS_SECRET_KEY=your-secret-key +ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com +ALIYUN_OSS_REGION=ap-southeast-1 +ALIYUN_OSS_AUTH_VERSION=v4 +# Don't start with '/'. OSS doesn't support leading slash in object names. +ALIYUN_OSS_PATH=your-path + +# Tencent COS Configuration +# +TENCENT_COS_BUCKET_NAME=your-bucket-name +TENCENT_COS_SECRET_KEY=your-secret-key +TENCENT_COS_SECRET_ID=your-secret-id +TENCENT_COS_REGION=your-region +TENCENT_COS_SCHEME=your-scheme + +# Oracle Storage Configuration +# +OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com +OCI_BUCKET_NAME=your-bucket-name +OCI_ACCESS_KEY=your-access-key +OCI_SECRET_KEY=your-secret-key +OCI_REGION=us-ashburn-1 + +# Huawei OBS Configuration +# +HUAWEI_OBS_BUCKET_NAME=your-bucket-name +HUAWEI_OBS_SECRET_KEY=your-secret-key +HUAWEI_OBS_ACCESS_KEY=your-access-key +HUAWEI_OBS_SERVER=your-server-url + +# Volcengine TOS Configuration +# +VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name +VOLCENGINE_TOS_SECRET_KEY=your-secret-key +VOLCENGINE_TOS_ACCESS_KEY=your-access-key +VOLCENGINE_TOS_ENDPOINT=your-server-url +VOLCENGINE_TOS_REGION=your-region + +# Baidu OBS Storage Configuration +# +BAIDU_OBS_BUCKET_NAME=your-bucket-name +BAIDU_OBS_SECRET_KEY=your-secret-key +BAIDU_OBS_ACCESS_KEY=your-access-key +BAIDU_OBS_ENDPOINT=your-server-url + +# Supabase Storage Configuration +# +SUPABASE_BUCKET_NAME=your-bucket-name +SUPABASE_API_KEY=your-access-key +SUPABASE_URL=your-server-url + +# ------------------------------ +# Vector Database Configuration +# ------------------------------ + +# The type of vector store to use. +# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`. +VECTOR_STORE=weaviate + +# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`. +WEAVIATE_ENDPOINT=http://weaviate:8080 +WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih + +# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`. +QDRANT_URL=http://qdrant:6333 +QDRANT_API_KEY=difyai123456 +QDRANT_CLIENT_TIMEOUT=20 +QDRANT_GRPC_ENABLED=false +QDRANT_GRPC_PORT=6334 + +# Milvus configuration Only available when VECTOR_STORE is `milvus`. +# The milvus uri. +MILVUS_URI=http://127.0.0.1:19530 +MILVUS_TOKEN= +MILVUS_USER=root +MILVUS_PASSWORD=Milvus +MILVUS_ENABLE_HYBRID_SEARCH=False + +# MyScale configuration, only available when VECTOR_STORE is `myscale` +# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to: +# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters +MYSCALE_HOST=myscale +MYSCALE_PORT=8123 +MYSCALE_USER=default +MYSCALE_PASSWORD= +MYSCALE_DATABASE=dify +MYSCALE_FTS_PARAMS= + +# Couchbase configurations, only available when VECTOR_STORE is `couchbase` +# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case) +COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server +COUCHBASE_USER=Administrator +COUCHBASE_PASSWORD=password +COUCHBASE_BUCKET_NAME=Embeddings +COUCHBASE_SCOPE_NAME=_default + +# pgvector configurations, only available when VECTOR_STORE is `pgvector` +PGVECTOR_HOST=pgvector +PGVECTOR_PORT=5432 +PGVECTOR_USER=postgres +PGVECTOR_PASSWORD=difyai123456 +PGVECTOR_DATABASE=dify +PGVECTOR_MIN_CONNECTION=1 +PGVECTOR_MAX_CONNECTION=5 + +# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs` +PGVECTO_RS_HOST=pgvecto-rs +PGVECTO_RS_PORT=5432 +PGVECTO_RS_USER=postgres +PGVECTO_RS_PASSWORD=difyai123456 +PGVECTO_RS_DATABASE=dify + +# analyticdb configurations, only available when VECTOR_STORE is `analyticdb` +ANALYTICDB_KEY_ID=your-ak +ANALYTICDB_KEY_SECRET=your-sk +ANALYTICDB_REGION_ID=cn-hangzhou +ANALYTICDB_INSTANCE_ID=gp-ab123456 +ANALYTICDB_ACCOUNT=testaccount +ANALYTICDB_PASSWORD=testpassword +ANALYTICDB_NAMESPACE=dify +ANALYTICDB_NAMESPACE_PASSWORD=difypassword +ANALYTICDB_HOST=gp-test.aliyuncs.com +ANALYTICDB_PORT=5432 +ANALYTICDB_MIN_CONNECTION=1 +ANALYTICDB_MAX_CONNECTION=5 + +# TiDB vector configurations, only available when VECTOR_STORE is `tidb` +TIDB_VECTOR_HOST=tidb +TIDB_VECTOR_PORT=4000 +TIDB_VECTOR_USER= +TIDB_VECTOR_PASSWORD= +TIDB_VECTOR_DATABASE=dify + +# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant` +TIDB_ON_QDRANT_URL=http://127.0.0.1 +TIDB_ON_QDRANT_API_KEY=dify +TIDB_ON_QDRANT_CLIENT_TIMEOUT=20 +TIDB_ON_QDRANT_GRPC_ENABLED=false +TIDB_ON_QDRANT_GRPC_PORT=6334 +TIDB_PUBLIC_KEY=dify +TIDB_PRIVATE_KEY=dify +TIDB_API_URL=http://127.0.0.1 +TIDB_IAM_API_URL=http://127.0.0.1 +TIDB_REGION=regions/aws-us-east-1 +TIDB_PROJECT_ID=dify +TIDB_SPEND_LIMIT=100 + +# Chroma configuration, only available when VECTOR_STORE is `chroma` +CHROMA_HOST=127.0.0.1 +CHROMA_PORT=8000 +CHROMA_TENANT=default_tenant +CHROMA_DATABASE=default_database +CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider +CHROMA_AUTH_CREDENTIALS= + +# Oracle configuration, only available when VECTOR_STORE is `oracle` +ORACLE_HOST=oracle +ORACLE_PORT=1521 +ORACLE_USER=dify +ORACLE_PASSWORD=dify +ORACLE_DATABASE=FREEPDB1 + +# relyt configurations, only available when VECTOR_STORE is `relyt` +RELYT_HOST=db +RELYT_PORT=5432 +RELYT_USER=postgres +RELYT_PASSWORD=difyai123456 +RELYT_DATABASE=postgres + +# open search configuration, only available when VECTOR_STORE is `opensearch` +OPENSEARCH_HOST=opensearch +OPENSEARCH_PORT=9200 +OPENSEARCH_USER=admin +OPENSEARCH_PASSWORD=admin +OPENSEARCH_SECURE=true + +# tencent vector configurations, only available when VECTOR_STORE is `tencent` +TENCENT_VECTOR_DB_URL=http://127.0.0.1 +TENCENT_VECTOR_DB_API_KEY=dify +TENCENT_VECTOR_DB_TIMEOUT=30 +TENCENT_VECTOR_DB_USERNAME=dify +TENCENT_VECTOR_DB_DATABASE=dify +TENCENT_VECTOR_DB_SHARD=1 +TENCENT_VECTOR_DB_REPLICAS=2 + +# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch` +ELASTICSEARCH_HOST=0.0.0.0 +ELASTICSEARCH_PORT=9200 +ELASTICSEARCH_USERNAME=elastic +ELASTICSEARCH_PASSWORD=elastic +KIBANA_PORT=5601 + +# baidu vector configurations, only available when VECTOR_STORE is `baidu` +BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287 +BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000 +BAIDU_VECTOR_DB_ACCOUNT=root +BAIDU_VECTOR_DB_API_KEY=dify +BAIDU_VECTOR_DB_DATABASE=dify +BAIDU_VECTOR_DB_SHARD=1 +BAIDU_VECTOR_DB_REPLICAS=3 + +# VikingDB configurations, only available when VECTOR_STORE is `vikingdb` +VIKINGDB_ACCESS_KEY=your-ak +VIKINGDB_SECRET_KEY=your-sk +VIKINGDB_REGION=cn-shanghai +VIKINGDB_HOST=api-vikingdb.xxx.volces.com +VIKINGDB_SCHEMA=http +VIKINGDB_CONNECTION_TIMEOUT=30 +VIKINGDB_SOCKET_TIMEOUT=30 + +# Lindorm configuration, only available when VECTOR_STORE is `lindorm` +LINDORM_URL=http://lindorm:30070 +LINDORM_USERNAME=lindorm +LINDORM_PASSWORD=lindorm + +# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase` +OCEANBASE_VECTOR_HOST=oceanbase +OCEANBASE_VECTOR_PORT=2881 +OCEANBASE_VECTOR_USER=root@test +OCEANBASE_VECTOR_PASSWORD=difyai123456 +OCEANBASE_VECTOR_DATABASE=test +OCEANBASE_CLUSTER_NAME=difyai +OCEANBASE_MEMORY_LIMIT=6G + +# Upstash Vector configuration, only available when VECTOR_STORE is `upstash` +UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io +UPSTASH_VECTOR_TOKEN=dify + +# ------------------------------ +# Knowledge Configuration +# ------------------------------ + +# Upload file size limit, default 15M. +UPLOAD_FILE_SIZE_LIMIT=15 + +# The maximum number of files that can be uploaded at a time, default 5. +UPLOAD_FILE_BATCH_LIMIT=5 + +# ETL type, support: `dify`, `Unstructured` +# `dify` Dify's proprietary file extraction scheme +# `Unstructured` Unstructured.io file extraction scheme +ETL_TYPE=dify + +# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured +# Or using Unstructured for document extractor node for pptx. +# For example: http://unstructured:8000/general/v0/general +UNSTRUCTURED_API_URL= +UNSTRUCTURED_API_KEY= +SCARF_NO_ANALYTICS=true + +# ------------------------------ +# Model Configuration +# ------------------------------ + +# The maximum number of tokens allowed for prompt generation. +# This setting controls the upper limit of tokens that can be used by the LLM +# when generating a prompt in the prompt generation tool. +# Default: 512 tokens. +PROMPT_GENERATION_MAX_TOKENS=512 + +# The maximum number of tokens allowed for code generation. +# This setting controls the upper limit of tokens that can be used by the LLM +# when generating code in the code generation tool. +# Default: 1024 tokens. +CODE_GENERATION_MAX_TOKENS=1024 + +# ------------------------------ +# Multi-modal Configuration +# ------------------------------ + +# The format of the image/video/audio/document sent when the multi-modal model is input, +# the default is base64, optional url. +# The delay of the call in url mode will be lower than that in base64 mode. +# It is generally recommended to use the more compatible base64 mode. +# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document. +MULTIMODAL_SEND_FORMAT=base64 +# Upload image file size limit, default 10M. +UPLOAD_IMAGE_FILE_SIZE_LIMIT=10 +# Upload video file size limit, default 100M. +UPLOAD_VIDEO_FILE_SIZE_LIMIT=100 +# Upload audio file size limit, default 50M. +UPLOAD_AUDIO_FILE_SIZE_LIMIT=50 + +# ------------------------------ +# Sentry Configuration +# Used for application monitoring and error log tracking. +# ------------------------------ +SENTRY_DSN= + +# API Service Sentry DSN address, default is empty, when empty, +# all monitoring information is not reported to Sentry. +# If not set, Sentry error reporting will be disabled. +API_SENTRY_DSN= +# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%. +API_SENTRY_TRACES_SAMPLE_RATE=1.0 +# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%. +API_SENTRY_PROFILES_SAMPLE_RATE=1.0 + +# Web Service Sentry DSN address, default is empty, when empty, +# all monitoring information is not reported to Sentry. +# If not set, Sentry error reporting will be disabled. +WEB_SENTRY_DSN= + +# ------------------------------ +# Notion Integration Configuration +# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations +# ------------------------------ + +# Configure as "public" or "internal". +# Since Notion's OAuth redirect URL only supports HTTPS, +# if deploying locally, please use Notion's internal integration. +NOTION_INTEGRATION_TYPE=public +# Notion OAuth client secret (used for public integration type) +NOTION_CLIENT_SECRET= +# Notion OAuth client id (used for public integration type) +NOTION_CLIENT_ID= +# Notion internal integration secret. +# If the value of NOTION_INTEGRATION_TYPE is "internal", +# you need to configure this variable. +NOTION_INTERNAL_SECRET= + +# ------------------------------ +# Mail related configuration +# ------------------------------ + +# Mail type, support: resend, smtp +MAIL_TYPE=resend + +# Default send from email address, if not specified +MAIL_DEFAULT_SEND_FROM= + +# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`. +RESEND_API_URL=https://api.resend.com +RESEND_API_KEY=your-resend-api-key + + +# SMTP server configuration, used when MAIL_TYPE is `smtp` +SMTP_SERVER= +SMTP_PORT=465 +SMTP_USERNAME= +SMTP_PASSWORD= +SMTP_USE_TLS=true +SMTP_OPPORTUNISTIC_TLS=false + +# ------------------------------ +# Others Configuration +# ------------------------------ + +# Maximum length of segmentation tokens for indexing +INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000 + +# Member invitation link valid time (hours), +# Default: 72. +INVITE_EXPIRY_HOURS=72 + +# Reset password token valid time (minutes), +RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5 + +# The sandbox service endpoint. +CODE_EXECUTION_ENDPOINT=http://sandbox:8194 +CODE_EXECUTION_API_KEY=dify-sandbox +CODE_MAX_NUMBER=9223372036854775807 +CODE_MIN_NUMBER=-9223372036854775808 +CODE_MAX_DEPTH=5 +CODE_MAX_PRECISION=20 +CODE_MAX_STRING_LENGTH=80000 +CODE_MAX_STRING_ARRAY_LENGTH=30 +CODE_MAX_OBJECT_ARRAY_LENGTH=30 +CODE_MAX_NUMBER_ARRAY_LENGTH=1000 +CODE_EXECUTION_CONNECT_TIMEOUT=10 +CODE_EXECUTION_READ_TIMEOUT=60 +CODE_EXECUTION_WRITE_TIMEOUT=10 +TEMPLATE_TRANSFORM_MAX_LENGTH=80000 + +# Workflow runtime configuration +WORKFLOW_MAX_EXECUTION_STEPS=500 +WORKFLOW_MAX_EXECUTION_TIME=1200 +WORKFLOW_CALL_MAX_DEPTH=5 +MAX_VARIABLE_SIZE=204800 +WORKFLOW_PARALLEL_DEPTH_LIMIT=3 +WORKFLOW_FILE_UPLOAD_LIMIT=10 + +# HTTP request node in workflow configuration +HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760 +HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576 + +# SSRF Proxy server HTTP URL +SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128 +# SSRF Proxy server HTTPS URL +SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128 + +# ------------------------------ +# Environment Variables for web Service +# ------------------------------ + +# The timeout for the text generation in millisecond +TEXT_GENERATION_TIMEOUT_MS=60000 + +# ------------------------------ +# Environment Variables for db Service +# ------------------------------ + +PGUSER=${DB_USERNAME} +# The password for the default postgres user. +POSTGRES_PASSWORD=${DB_PASSWORD} +# The name of the default postgres database. +POSTGRES_DB=${DB_DATABASE} +# postgres data directory +PGDATA=/var/lib/postgresql/data/pgdata + +# ------------------------------ +# Environment Variables for sandbox Service +# ------------------------------ + +# The API key for the sandbox service +SANDBOX_API_KEY=dify-sandbox +# The mode in which the Gin framework runs +SANDBOX_GIN_MODE=release +# The timeout for the worker in seconds +SANDBOX_WORKER_TIMEOUT=15 +# Enable network for the sandbox service +SANDBOX_ENABLE_NETWORK=true +# HTTP proxy URL for SSRF protection +SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128 +# HTTPS proxy URL for SSRF protection +SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128 +# The port on which the sandbox service runs +SANDBOX_PORT=8194 + +# ------------------------------ +# Environment Variables for weaviate Service +# (only used when VECTOR_STORE is weaviate) +# ------------------------------ +WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate +WEAVIATE_QUERY_DEFAULTS_LIMIT=25 +WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true +WEAVIATE_DEFAULT_VECTORIZER_MODULE=none +WEAVIATE_CLUSTER_HOSTNAME=node1 +WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true +WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih +WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai +WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true +WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai + +# ------------------------------ +# Environment Variables for Chroma +# (only used when VECTOR_STORE is chroma) +# ------------------------------ + +# Authentication credentials for Chroma server +CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456 +# Authentication provider for Chroma server +CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider +# Persistence setting for Chroma server +CHROMA_IS_PERSISTENT=TRUE + +# ------------------------------ +# Environment Variables for Oracle Service +# (only used when VECTOR_STORE is Oracle) +# ------------------------------ +ORACLE_PWD=Dify123456 +ORACLE_CHARACTERSET=AL32UTF8 + +# ------------------------------ +# Environment Variables for milvus Service +# (only used when VECTOR_STORE is milvus) +# ------------------------------ +# ETCD configuration for auto compaction mode +ETCD_AUTO_COMPACTION_MODE=revision +# ETCD configuration for auto compaction retention in terms of number of revisions +ETCD_AUTO_COMPACTION_RETENTION=1000 +# ETCD configuration for backend quota in bytes +ETCD_QUOTA_BACKEND_BYTES=4294967296 +# ETCD configuration for the number of changes before triggering a snapshot +ETCD_SNAPSHOT_COUNT=50000 +# MinIO access key for authentication +MINIO_ACCESS_KEY=minioadmin +# MinIO secret key for authentication +MINIO_SECRET_KEY=minioadmin +# ETCD service endpoints +ETCD_ENDPOINTS=etcd:2379 +# MinIO service address +MINIO_ADDRESS=minio:9000 +# Enable or disable security authorization +MILVUS_AUTHORIZATION_ENABLED=true + +# ------------------------------ +# Environment Variables for pgvector / pgvector-rs Service +# (only used when VECTOR_STORE is pgvector / pgvector-rs) +# ------------------------------ +PGVECTOR_PGUSER=postgres +# The password for the default postgres user. +PGVECTOR_POSTGRES_PASSWORD=difyai123456 +# The name of the default postgres database. +PGVECTOR_POSTGRES_DB=dify +# postgres data directory +PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata + +# ------------------------------ +# Environment Variables for opensearch +# (only used when VECTOR_STORE is opensearch) +# ------------------------------ +OPENSEARCH_DISCOVERY_TYPE=single-node +OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true +OPENSEARCH_JAVA_OPTS_MIN=512m +OPENSEARCH_JAVA_OPTS_MAX=1024m +OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123 +OPENSEARCH_MEMLOCK_SOFT=-1 +OPENSEARCH_MEMLOCK_HARD=-1 +OPENSEARCH_NOFILE_SOFT=65536 +OPENSEARCH_NOFILE_HARD=65536 + +# ------------------------------ +# Environment Variables for Nginx reverse proxy +# ------------------------------ +NGINX_SERVER_NAME=_ +NGINX_HTTPS_ENABLED=false +# HTTP port +NGINX_PORT=80 +# SSL settings are only applied when HTTPS_ENABLED is true +NGINX_SSL_PORT=443 +# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory +# and modify the env vars below accordingly. +NGINX_SSL_CERT_FILENAME=dify.crt +NGINX_SSL_CERT_KEY_FILENAME=dify.key +NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3 + +# Nginx performance tuning +NGINX_WORKER_PROCESSES=auto +NGINX_CLIENT_MAX_BODY_SIZE=15M +NGINX_KEEPALIVE_TIMEOUT=65 + +# Proxy settings +NGINX_PROXY_READ_TIMEOUT=3600s +NGINX_PROXY_SEND_TIMEOUT=3600s + +# Set true to accept requests for /.well-known/acme-challenge/ +NGINX_ENABLE_CERTBOT_CHALLENGE=false + +# ------------------------------ +# Certbot Configuration +# ------------------------------ + +# Email address (required to get certificates from Let's Encrypt) +CERTBOT_EMAIL=your_email@example.com + +# Domain name +CERTBOT_DOMAIN=your_domain.com + +# certbot command options +# i.e: --force-renewal --dry-run --test-cert --debug +CERTBOT_OPTIONS= + +# ------------------------------ +# Environment Variables for SSRF Proxy +# ------------------------------ +SSRF_HTTP_PORT=3128 +SSRF_COREDUMP_DIR=/var/spool/squid +SSRF_REVERSE_PROXY_PORT=8194 +SSRF_SANDBOX_HOST=sandbox +SSRF_DEFAULT_TIME_OUT=5 +SSRF_DEFAULT_CONNECT_TIME_OUT=5 +SSRF_DEFAULT_READ_TIME_OUT=5 +SSRF_DEFAULT_WRITE_TIME_OUT=5 + +# ------------------------------ +# docker env var for specifying vector db type at startup +# (based on the vector db type, the corresponding docker +# compose profile will be used) +# if you want to use unstructured, add ',unstructured' to the end +# ------------------------------ +COMPOSE_PROFILES=${VECTOR_STORE:-weaviate} + +# ------------------------------ +# Docker Compose Service Expose Host Port Configurations +# ------------------------------ +EXPOSE_NGINX_PORT=80 +EXPOSE_NGINX_SSL_PORT=443 + +# ---------------------------------------------------------------------------- +# ModelProvider & Tool Position Configuration +# Used to specify the model providers and tools that can be used in the app. +# ---------------------------------------------------------------------------- + +# Pin, include, and exclude tools +# Use comma-separated values with no spaces between items. +# Example: POSITION_TOOL_PINS=bing,google +POSITION_TOOL_PINS= +POSITION_TOOL_INCLUDES= +POSITION_TOOL_EXCLUDES= + +# Pin, include, and exclude model providers +# Use comma-separated values with no spaces between items. +# Example: POSITION_PROVIDER_PINS=openai,openllm +POSITION_PROVIDER_PINS= +POSITION_PROVIDER_INCLUDES= +POSITION_PROVIDER_EXCLUDES= + +# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +CSP_WHITELIST= + +# Enable or disable create tidb service job +CREATE_TIDB_SERVICE_JOB_ENABLED=false + +# Maximum number of submitted thread count in a ThreadPool for parallel node execution +MAX_SUBMIT_COUNT=100 + +# The maximum number of top-k value for RAG. +TOP_K_MAX_VALUE=10 diff --git a/appstore/dify/0.15.3/envs/global.env b/appstore/dify/0.15.3/envs/global.env new file mode 100644 index 00000000..e10989fe --- /dev/null +++ b/appstore/dify/0.15.3/envs/global.env @@ -0,0 +1,2 @@ +# copyright© 2024 XinJiang Ms Studio +TZ=Asia/Shanghai diff --git a/appstore/dify/0.15.3/scripts/init.sh b/appstore/dify/0.15.3/scripts/init.sh new file mode 100644 index 00000000..2f4cc2a2 --- /dev/null +++ b/appstore/dify/0.15.3/scripts/init.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +if [ -f .env ]; then + source .env + + # setup-1 add default values + CURRENT_DIR=$(pwd) + sed -i '/^ENV_FILE=/d' .env + sed -i '/^GLOBAL_ENV_FILE=/d' .env + echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env + echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env + echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env + + # setup-2 update dir permissions + mkdir -p "$DIFY_ROOT_PATH" + + cp -r conf/. "$DIFY_ROOT_PATH/" + + echo "Check Finish." + +else + echo "Error: .env file not found." +fi diff --git a/appstore/dify/0.15.3/scripts/uninstall.sh b/appstore/dify/0.15.3/scripts/uninstall.sh new file mode 100644 index 00000000..c86c4fbc --- /dev/null +++ b/appstore/dify/0.15.3/scripts/uninstall.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ -f .env ]; then + source .env + + echo "Check Finish." + +else + echo "Error: .env file not found." +fi diff --git a/appstore/dify/0.15.3/scripts/upgrade.sh b/appstore/dify/0.15.3/scripts/upgrade.sh new file mode 100644 index 00000000..2bf20e99 --- /dev/null +++ b/appstore/dify/0.15.3/scripts/upgrade.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +if [ -f .env ]; then + source .env + + # setup-1 add default values + CURRENT_DIR=$(pwd) + sed -i '/^ENV_FILE=/d' .env + sed -i '/^GLOBAL_ENV_FILE=/d' .env + echo "ENV_FILE=${CURRENT_DIR}/.env" >> .env + echo "GLOBAL_ENV_FILE=${CURRENT_DIR}/envs/global.env" >> .env + echo "APP_ENV_FILE=${CURRENT_DIR}/envs/dify.env" >> .env + + # setup-2 update dir permissions + mkdir -p "$DIFY_ROOT_PATH" + + if [ -d "conf" ]; then + find conf -type f | while read -r file; do + dest="$DIFY_ROOT_PATH/${file#conf/}" + if [ ! -e "$dest" ]; then + mkdir -p "$(dirname "$dest")" + cp "$file" "$dest" + fi + done + echo "Conf files copied to $DIFY_ROOT_PATH." + else + echo "Warning: conf directory not found." + fi + + echo "Check Finish." + +else + echo "Error: .env file not found." +fi diff --git a/appstore/dify/README.md b/appstore/dify/README.md new file mode 100644 index 00000000..80b39160 --- /dev/null +++ b/appstore/dify/README.md @@ -0,0 +1,121 @@ +# Dify + +Dify 是一个开源的 LLM 应用开发平台。其直观的界面结合了 AI 工作流、RAG 管道、Agent、模型管理、可观测性功能等,让您可以快速从原型到生产 + +![Dify](https://file.lifebus.top/imgs/dify_cover.png) + +![](https://img.shields.io/badge/%E6%96%B0%E7%96%86%E8%90%8C%E6%A3%AE%E8%BD%AF%E4%BB%B6%E5%BC%80%E5%8F%91%E5%B7%A5%E4%BD%9C%E5%AE%A4-%E6%8F%90%E4%BE%9B%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81-blue) + +## 简介 + +### 工作流 + +在画布上构建和测试功能强大的 AI 工作流程,利用以下所有功能以及更多功能 + +### 全面的模型支持 + +与数百种专有/开源 LLMs 以及数十种推理提供商和自托管解决方案无缝集成,涵盖 GPT、Mistral、Llama3 以及任何与 OpenAI API 兼容的模型 + +### Prompt IDE + +用于制作提示、比较模型性能以及向基于聊天的应用程序添加其他功能(如文本转语音)的直观界面 + +### RAG Pipeline + +广泛的 RAG 功能,涵盖从文档摄入到检索的所有内容,支持从 PDF、PPT 和其他常见文档格式中提取文本的开箱即用的支持 + +### Agent 智能体 + +您可以基于 LLM 函数调用或 ReAct 定义 Agent,并为 Agent 添加预构建或自定义工具。Dify 为 AI Agent +提供了50多种内置工具,如谷歌搜索、DALL·E、Stable Diffusion 和 WolframAlpha 等 + +### LLMOps + +随时间监视和分析应用程序日志和性能。您可以根据生产数据和标注持续改进提示、数据集和模型 + +### 后端即服务 + +所有 Dify 的功能都带有相应的 API,因此您可以轻松地将 Dify 集成到自己的业务逻辑中 + +## 功能比较 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
功能Dify.AILangChainFlowiseOpenAI Assistant API
编程方法API + 应用程序导向Python 代码应用程序导向API 导向
支持的 LLMs丰富多样丰富多样丰富多样仅限 OpenAI
RAG引擎
Agent
工作流
可观测性
企业功能(SSO/访问控制)
本地部署
+ +## 安装说明 + +在安装 Dify 之前,请确保您的机器满足以下最低系统要求: + ++ CPU >= 2 Core ++ RAM >= 4 GiB + +## 修改配置 + +应用安装后,如有需要的配置,请修改应用目录下的 `.env` 文件 + +--- + +![Ms Studio](https://file.lifebus.top/imgs/ms_blank_001.png) diff --git a/appstore/dify/data.yml b/appstore/dify/data.yml new file mode 100644 index 00000000..5f219230 --- /dev/null +++ b/appstore/dify/data.yml @@ -0,0 +1,14 @@ +additionalProperties: + key: dify + name: Dify + tags: + - WebSite + - Local + shortDescZh: Dify 是一个开源的 LLM 应用开发平台 + shortDescEn: Dify is an open-source LLM application development platform + type: website + crossVersionUpdate: true + limit: 0 + website: https://dify.ai/ + github: https://github.com/langgenius/dify/ + document: https://docs.dify.ai/ diff --git a/appstore/dify/logo.png b/appstore/dify/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..82eaea8a569d693bcb79e0fbe45ab7ce5522213e GIT binary patch literal 42235 zcmVb}$;($HB8nuP?vWlU zTmnK2NhCNlsCkTZG=Z21iFP#Vg$@@XD#pQUGCK8E6A~Ap@%tRuQNF)Z3gqcVr5{bkBk}wmAL?V$GKoVvmkw_#G14zP5 zBoc{4VgN~)i9{liNDLqeGm%In5{UsMVI~rZL?SVOB+Nu2kw_#4kc62?Boc|l0Fp2h zi9{li7(fzcB9TZW5(7xWOe7MCL}CC*n2AIpkw^?62{VyMBoc`MBw;2Ji9{kXfF#UB zB9TZW29SiANF)-8!~l{o6NyA3kr+S{W+IVDBoYHi!b~I*i9})mNtlU5B9TZ8APF;( zNF)-80VH825{X12F@Pk@L?V$$BnFU#nMfoOiNpYsFcXPHB9RzC5@sTiNF)*iNWx4c z5{X1&07;mML?V$$3?KGCK8E6A~Ap@%tRuQNF)Z3gqcVr5{bkBk}wmA zL?V$GKoVvmkw_#G14zP5Boc{4VgN~)i9{liNDLqeGm%In5{UsMVI~rZL?SVOB+Nu2 zkw_#4kc62?Boc|l0Fp2hi9{li7(fzcB9TZW5(7xWOe7MCL}CC*n2AIpkw^?62{VyM zBoc`MBw;2Ji9{kXfF#UBB9TZW29SiANF)-8!~l{o6NyA3kr+S{W+IVDBoYI-e!Dx6 z@bNX@`b!@#$5{U(u_jTyhS;*9$tM!fyMn#EEGg=XtxnW|hy(=XL}o{)uc~dgUGF{- zP5VxN2uoh4ZQYh>huts^_Me^8q1mOJl(1cXeh}sD64dhS;?~+Pw@Hgz}e@V8;3mn3lVCiE- zQXPVc+wj_~bqCJ?mm8iAFB`bLb2t@61gbv^gx&YE5@snuy}mki;QM~z|Gxk2?|u6} z{uls!3<2N%!*6)i`yi1>+*BlCo+vb7f=`+hsx(J>jVjF%GW60yQg7{(AO=TeZmG^K z!fa_){edFQi5J))>rKK8`aedPn`+ppx@jt^^{B&t}U z`%5GTeNm-T|4`p}qpXnT+V)t6@7U=G?(bjCcX?ftZAU{D)ru z7vBm*AA9%P-}Lu>;Uga~FJ_5E!bd916UEoOc2$@gW=?fTr>-)gm}aq6aP!Qvc1~9- zH!Nn^jdn1oqaALmRG~1>PbUoe-BXxYEXvFORUbQjCRs-YWGFMjAf zKlV32{JyvSDkKsK7fF~WiWk22mp<+d%&w zRpx->(NG@(v#fr(sAk#8KC8YNR(=p;WOqTr6xRj`Q?*-eOgvBNEB~=~z3okZ_ZL3$ z{$E3cxBt`cdDS~0kw_engn6QP;cGwoaSUXn9)#5)*@1mqX=1>_Tk6hBbIAn;Ri@X! z9qLbBN4I@;-krxBCrt1if8u_dIZR#WHtAZzoV@#VUlio??vdKYibu z{>CqS!bHel#5{HvchMdj^$6>EoRrs=1COcRN6RQ&T@(d8q!1<Pe%JW({lT!4Yx^T-kSqWm(rjwnr$#s*cd-GQ`im3bJkN%WEB*+Y=}990K8 zeOb)10|5+79qjq;Cd~8CNGr^a(v#1?sza?XW5SH*FWt|_s}nTw;-Mcz^!ES#dtUW} zAAI+Hf9FH*{jpC%BJmJI66T3Q6Q-w>%&8o3%L)f7>Zy}goS?ok8UZNkTTBGYx=d!8 zy@<-}nM~d5zz7py*E}YwMEBYjVInW%yvS@3<^+tg#t74>T1}XmfJgeV5+=t_-}lDv zc-!~C?xpvq**5VILK5bQ;)Q?hqaXKJDkLT6gp)!g%-vCdc$!LbzCC;AH>agys@$#^ zs!Nz#3Q%PT2&E}Zr;X8h%-v2uuqxCZA-na(WEVN_Kp{*{?m-=li%n%=Kft+<_27f= zdE4Lr(7W$@!}ou8dfO(hK9Vp`6kq+HtfAVBF&agOi;9tbbj7#(j0XF@<`Nc zs}YSfANN$|C7NYoJEF=PtrsoqptvZWAVR_)%mxLHM#%j>#&+0fp(*DOIX{ ziBoNt4*x&j|J|?rj-S5ojj#K;pMC!WkVsrXBw?N?UhvlzldK#Fm0E(ndSi#Qj%@Bc zmP>|Wux9NV#&Sr^>qD%54rbY!XJ;UT3wz5VQ+rMw{aCd=Vd{Hy`pXCt2kO>!S;E9F znJ;aEx=$GKkkx$;+c!Pkp`orsT33EA!&9Z}@vPTdm;)E1E zBcCvLDols8czHvZsOsCipUISC?Y6*uh*jOH&*~HZmc~Gi1{!R4wDa|oBN9!ImG}EL+BWi>(M#559VlC7A9PrU6QWU{|F*~6 z^?SblwfBDD>%aBhZ~dK5zWY&w-AN>FDNfu1!Md)V!esfm zN!INXQ_(O!e>rB3wF=X*B2ejEPhEOtKk%;mUjL8(w^zO*6=&jrG+9n%@|-)Z(YiO?7S?%{T| z8@U{^wCye{PI{kZfX6@O#vlKNZ@u>eFM9dwU$nb$B5{*&?RIw{;p1t)|IdE|1YBlE zSzkSYqZEZR2KWDPUio8{$&x$D&PxmX*i>dq+_S`FPzBodY9qXr85++$ zZiy%#Ra_5Pb*jtrzPaT^9TXF0`;M*85n;lO?~FR&mw(%1@A^H@eD)uC_HXj4Zi9%%_QrQkTuT^kfu$OJDY4d0S!h0I?4g44z!0} zkW1u8NBWVZ=?>7`EPD~c)cx}Nd|;f*GRY1Q=JpOH>-ly#yq1c=Qj$iPOP=2Mqeqrr z+WX&q->d)Pi+|s%A(6NZNR#XpfM?N~L0i};G`V?BKvZNxWUvdoe=cAR?O(2;!F~6p zk*Y?Wa5nE@w+RuCdiNySQN~e-qs&`!fe_A(6OLBw=0^43TE+AsftR%8Nw12&!Z-Wj5OG&25VQZ_Ov}=};=FlEfQ^4|Lw)Ky6K3F26tdDql}t$J?zNu)7^fnuHOe!4@uj5(4;rlEt95^ey+y#L33=cLt}aWtCxJ+ zy+8VrZ@c$9ca%&djzSXViGl+0;ib>60;Q&3JTchPuu2fmH0z1Y!THV2U%uW) z&hQzZ`N&5;=PO_Om*4P?PrmD}r`-LlvDy-eaU@}$IF2GsaYjwAZIdBY(hNLzENMm+ zZ{1Yq{$yM0LW~VF^Da=_wt9qpbvV!+|Dt%@E-q-EMPB(H=c16!ilx=6TmzzQQ9F3s z!!e21_m6eW=cDiW>u>&nd%peNS4CY+B#uE6<`uwR(zJP_87yAt@JD*iI$pD0*?{lb z`G|GXw@T6?WV@`>C$_M`Zg$r!+plKVOM~wigTsxDVAHi{%u-vfOuflXLAYKJjOhF# z?*(49M9U`R=YQ{d>W#1d-hc7QA9>_sAD^*l6PJP{%qxOu{PfcOHJX-8DHeBa7%Zeo zv@zATpOv~LS3%Rvvd7Mr`IhGn8L~j|d)plD)G{Nf&8(xvJ9B@gog?NidHyC*?fj)^ zC#qt!%_CzI*Y?Y|WF<>1@qiIO=g+?K4gcV-r`-Kp2YZr8gh;}?LWt)7ymVh_b{Nl{ zisUrn`@*OK{&`HyE^J=H>cQJ7G;9s-$Ej_m%uc>-%{I`VfB`PSSypty`m6Tav$<&< zDoEyW7*0Fv^xC>Kb;-yQz$)BFeb!yS^JTAl^G`kZ%fI2q1)5AGk}yvdL;(@@NK=Uw zsWjDWV`o0IF0UYFnkAP}RV5@y*%7%RJoW2VrARYW-i~cIY*!xl+-o+ltJE5k{NlFP zZfEu{({QR;6nPNchfp=SyA99Mt5kHTF4?Bz#J;DFI(@`*U+@>+^eu0A*I#|)V;}z+ z+Z|0LERrx!9J@%*uW-i!x0zxCJnFGe_=?xO z;XUuY>#6BQo7j&e%qxJ9G&fAEBFQ7oh_IyPjW|(JCx`%89lNdcI_Lb-T;=AtB0FMN zDcLmXyV+9Bfpe8_b!BGn4X3P5MHdyQW9Ha+F0v6{-|*X+e>~naiwAW}ktx=+-N^Y7 zFMr*ef8dLsf6wP1+jQd2L=xr|!5}vl3#v&Am8N6Lb=#Q9Mhg!z@1Cz5WDD-aOLUy+ zcc^Dv@D0geesM2@jk%0+w_3fqb+047J8r)lErI=u-#%zqC3d^)m(xm^E7Nk!U*dK+ z=)!ZK|B~;0`FFhe&vd$zNC+fhUKIr9#)~-ub|0dn&qJbH!9K4hiewsvWIMv^8;(9YpP0EuK(i?| zIMIc+n>^qNPrdPZ|L7+_@e|Me(=W++%|sVTn5POdf#=rrJ#w4t&#O|wm9#^zGDBe4SB;0!@ATl`{P4YodC$M+2fq0EFZmOl+ezHvNWwg2coUN4(jL-O=iU-@ zPkpL#D5k`A&+SF_R{ykfFXS>9bxgZmk|e+FJtEAjacAK!4gh64zw3L`%n z;p{V5`S#SSf2}{~*-@4|=23CIspoywJ>T+#r{4X{PLqi{7)h8Xk67IdOc%Cvbzyc* zxz;=zk|@FUhSOx{-a=B_0PBa`g6jgVup1p3n|3t0b}$pWDcUS*Ws%A5nIl}=r!7B1 zX1?l^jqX~y(u1!q2@$)Wi$|7PUHazhdhoDUeCJz!=m}4~JHzQE43aQU8XM-!V}cvl z+TF7rX-Wnp;jwD6Za4+?gYHD>6fi+#a#p-J#<5IMlbvG?v0Zt6O!^Kk$o;sgcR$%F zmbgQagn6PM((5Gqu~c32tTDOzCf4p6O3J4i>>9X86c9gK>`Kx>LRT!{^ITya&tKctTM}Qf$Dsx z9oeC3^N!2WmW++s*(_s^sT!`gOtH|2ao@Zpxlc>i^WT2{^S=IxPs{kTcRG?VPZ#TN zwwPk|%pCbjv%?E62@RNRbw0=9%6g66jJp^vkcX^~%Uq_%{!yDF&Dio};>vb85p5o{ z86)-U74e8H%p4uZN$g4?W;Yjm6Y`%bC(ABDYBf1Fm$^A_sV{Cj`CwC)8*c)y{I0kB zK$7O2jU>!d2Sw@)V>|2)G1XU^)J(Gwk`_RT^Xd?RZ<@uSer{MzOFFBpr)-@%M;cfV z4aq@UPCuMXSV!oQPisS39#e(O4}CgaESCLUNxXtxQ*6JB$K?&l5{1E7*z_@eDJgw^ z<#)a1`=9u<8@W#N4n-2?iNdw=9p*IAglh}uG`)HUnN;#e$Eikh!%TS(c)GbQOs>Y+A%u`0=6KQr_)TRx25{%KIdD0`z9$6IwmZ$ofHLFbq6-DfI zVk6dU_n6FaTbD^BMpsuEQ}7IIy|!-yX5R&aLeH7oyZ{KG&+f4@V;>#+Fc|^*Q;og( zQpYU1Nw7-fg`w{Pvh+4CK~+e6J5YXcMc>^y)b#@5fA+^-@UriJ)MwrG88%nqp^7BT zQ->r?WaA-;C_5$B1-AjyWFb9gshMXxrc&-C(+_B1Z!*ldK_;#Wyf^`I*x~bn^;6`v z<>z)uqC4XlDKL@d@ z=P@Y|tDBwL#1@MTTy*(uv=(BjQYtPsiFj1>_Cbx^7pbGS9Vkml(#V#+dY`rcF~v?; z%rC0IBOmv~uY2OtZlr1U4nY#;iNYIynZ>lJOEoq#i2Sk?9|TXp?OU6&aemFy7v(9suMj^rdxtcS>7;~&#~tjYfY>2vVJcJ$TCuv zqTJ}C6$NYudetD?FdM;tX((sk{5RkHy-$4FjSSX)2OtUagh6_kq#*tLr#r9aSurQ( z@2MF%0(tG5{&Yw)RGl@|L_=zO7JA9VT&*;D&h>M~ZYU zwEg2gft=q@G+69@HSq1j2PY^##V`<*y`ETQD&8R5+fHY*la&*fZ!D1_OWC%XXnn-1 z|JGanPLk$BA4!;}3i4G{P4^s8irUmH6KuofIsNp!XUTAZ?Ig)$)T9}jV;O07`=CkF zsiTl{*j89U{DQKlj&>Vk%maze|?qiPIQawz}|fuY2Qrf9St?+Ku0& zvnC!INW#1d7$8kCh7+_v=qNL~s!S8)hRU;ju^m*|(aq+PJNb14D$_LqS2?@Ai%Cp; z?i?_Z>A(hfR*$T<$eCT(@VgPxa@&jbs;vR#uu{ZG8`p6?lGDscsogn6QHr`2=-0GU~iEp@r3wJQz}_gm&!iU`Y| z>$RkPLAOc3)&wl!j*TvPMrPSzIo`|GAEK9md8E?OS<9VMn9bfQ9c@H46guH}jYK)Q z{AKNTYuPzU&UzYRHmn76hu%pbpImL0%)`rk-8(~0!T5a2P#k1MUYLyulj8665M?8^z z7)aS@`rrTl=j3)^4?!eho+^C)5ebG+T{XAsLSu`HXU(OO zG|6wzId(|7L{31_!Og{#@;-FkZU&RNU%z@(HgwWfhhlKu#Wh3<- zCuHI7qI(S5AR|XtM)s3N z%(Jp`vVU|X^V%nJZbGZfes`VDl|Lj$v>nlfI`D%sIN3IE!Pf*?k6kPg!&73wQwAmw z5&S9yvHJBam!e%ryjKZ__y?SdL^`&OFA3Igce;#AmQHn3hb;NYlb(L#8=myEXI%?= zmAGO^!aP~n-9g%w&=hMjc?2ti1fVSoPJI!Xur#@kW}v`21n=HMa3h{N46K{zE-;0@ zS_G%B;&0hzt&6_G1x<3JLUUAoZPwKBx(W8Y95avlt*y6P=Pq^rkStvyL#E~I4y(bl z!1nPWq3VDpyXcut?7Gv2!Jqt^SA2VLDRIS+gn6o93P})LG|2l|n&nl^YaZr~4hOT& zC(G(?ZJ29y2t8lX9{y`hv%$7puIZHgK9TB|RHkI^%QFc}!Rs=7og$5(hwXk&kLAZO zlCKbvRD`p%lLNQuLO363+U$cZ^d&MJ3mIz`NQ{o|cQj!QE=DW&XoHWVym&|_+ zQF`|jnr1uqUgt8sfqK7D6uEBn6udc!+c3HfgKkCU$75nBv>88Fw-NM+xWjec$`ok~ zhqmKKM_n4F=k@`aVY%ZCs|+YpN!&2QdP&ielM!Y5q-T8Yw>mx-%_B+L_q zAPk{4RVHV1W|Ia19}=8c0m%Q+vKObC5ToEK;o-lm%SYoo;p>;^ykWiX6FxleXFAHxe zOSgSRnp?47SJdG~I{Tg8}uBOoPGufnJF4{FNp2EteH|f%F^+wE#**|U=4R- zkgn>v`}aTRPe18%ZamS+lDHyB!aQ+!DslM_1}fC%_td6ITi@CRX?j819iK9 zL#@+*9iYk0APDU6cUlk8UiT}u>A~7gQrl|yrx%IK$^zjBuH-{l-_vY0_!=;)uk|Z znhwV|&*c|Lv5Grs==zxOeKd&!Dv^Kz0hXaUT}im?KN7* z79ZA8mLLi0uxw?ym(Jcb5m|0|!J^;ypf9GLFL~iTuMLVNP8>;?CyL128kuOLIn7N4 z+6cB06%j&NcEU0ktD0w?4K7mS{v2f*>E0Xgc7{U1}2K`CP?`eq{MwB(vUh>!zp{xiV^Mg}%b-VD^Y& z;XeLeH}iW?jD!Q6l?2uY_o2@wY{~Pwsa+yd79vdmF1DDQYZYbr{8$d-M{ZS z&kCwaoG6kouKg_UO<}_o{L>)TMBhYXT)4NwX ztjl!P&ct;#V28dU#O7Ap`R&^L`fab!J6`BSsIFQVeP^E$Gp{nQQki002#?0*EmeJX z-jdoiUe0*KqA{7O{BBz~*?U5DazRyT`t{P+{DZ&yyPkgIQBIYK6Gal{slrG=j~ty- zr8ae8hal}ZZQ=}|!-}?CPhB2Knp6VEyBOpe=URCwsO?4N-KamNT)*`$54yHYl_6xQ zz)sp}M^pY99EZ%SfY%*PV#-Xb@;CjgL(grIWwcIGZ!?CrJKo06LH>HZ>)eCKsY+9& zRKUbuR6hMnzUH1+2303c5J{M)j)*j!Yc_p=G@%XruK5yLpmEZ}?Z6(I-Tf>B(qt83 z36|%oOn!%+$_(0uM#dH+%xm&EqvohuwD+v4CDY1~O}_%_{eSrX7a>3FZSN0WxjS` zdFIB((#TEJ<{q4~VRbIS^p{TPExk0UHtJbFFFDFD`hBu3n3RYdB;)lRkX+W|%w%5< ziUbzLv|{V+V;PX8jt6VZrylWcs8UB&9{Q;jcl|dlFBM<DhW$Lla-rAqi5jVUzM1s>S6iZ=S}@KP5_p) zmixpg#7;SKq@T9Ijw&6NHe`u*)bofgQkCJ0Ly%z1 z&FntP*^MuFUJ~XNK@#Sv!Wpc4YExgcYO|51r#5wkK^oQ_MP`y@ryYSD$DhbKhu7l~ z;+h}%edyS;r0Vt3w4&waW>W?NL_4~43&zwMYhwqfi+UPpvs^W27VZhmog2zlkW092 zmrIt0AVE1I`HE5Vy%DIYgSx$G%LLma%ivLWOt3~-dU15uYmfWVuf6AaPP2&j{G*{0Jrfm7Fj(~o(% z*iy5D*rq$Jz&0vDM-{S>oRQ2SdD>cw;;2i91e?>%2w9>!Mv%m<%Ba||R6TG5!R&g% z9&3W#;{n?as{#gS^SRR$&+C5q*S_ql{VR!6LK5bQ!YahhwLR(3QI`8i6IXjCl2|WE zo8Ge9+j2RixuBV5StUkYI@L$SO+e@dQIB3!A_NVLk?E$E^OFX|Wy>f(SyTy{E@|0eMFW{SG^@8;k^WX9VpMeUs)ZUO}gcsKk>`H_MR_@b0$s! zNth>&hy+2KGd;z#Nwj25w9a;6k@}S7BnxiFo9!q_)kRT(hzINJIzrmW=`oh~au9Q+ zQw15N>Xsj1%VX6kveI6(otAMSOEs?;58=MuG;V|KL}IGZ`|@QkdRcD&b>c|EJW=S~9U>Am*Su_-gz7Ip(Uo=b zpjD%^xu>S6e!bR0=t<&J#Iyu8!1hkB2_BTHg@B}?IRA9iDX8)xv+Ddh$!|uBy)GOM zv)6kHkzH_2sD4`}acxKJMAB84&h}lh&uH4L{o=chczxYFUkS02MU&Als}9>QiOkE1 zsVDqQQe~bzk}yvgR85amNzJHAHaJ(}ankjPrx3N;Gy+bi>GPQuXCM|%k344}e(VsN z38BZ8Z|gt79EHv!w=Hl;bFI4WWFm;IL-6V)1AF-+$!d7D!<)_!OfFM&3NfxEw@zi2 zt;umc>vcb{dZhkbXI-Bx>n9&M-FS76gt!Y$uueHgRRS2No)+Dxr!3>jm%}gnx|h84 zF~8%k&lo73xD80cJW+7^3Zl3LCxZlOvoN(uW*aR-oc0{~kSniS1*=I^cb)`kx;Kb= z4I~IJS5Fpu)o_(bZa>6dhy2F%p+rY%tf$+fZnXZApCQXs)Z7%POQTS^`BRc8d2wQm zLc?ZsZS`T@djyn|4kMexW1Y}O3-ZdfykMRHvIB1wibrq}Q5Nr4*?%#|Jqnp4XIhKC}O9Mq&^)?+$kx!I1B=#eZ)q9my%`-;*_=n*9_wfoekf8L8b*%G%2NtmY#{vKb) zyO|qINv?zJsm+K`0j#RjrpirasnQ~{xAppbI;F8wH++wG(AnFex`&N#`lm$WAv@Qu*Xu}dJ5D~3p>1_P0O|U(( z#FpPxhTgNY_bXmB%Hh!3OxQ=1`bFT&zxHL%?`2Qi9wcF&C>Y5Z0~l4kWxZ1(a)e{m zCR2Ah(78vX&N=FJlb{t?bnNxr@xEP&c_F&uY~)p<;1i&f!Cf{p_vAeEOGMASXLF+L z%la+qg{||*RH;R*;pm(?I9Z8u)dLn?uIF2HP1qtYXvJqZ+zCb?I%}TG@LXka=&8@F z#eVf^&!l!gAKNFV{Ab?y1J8N#M$yDAMiSG?hX~82-tsuA3gS_1c zLGiriay%=qUqzH$4RS?jV!oHM%Bz(MX#y&BDcjpH1tU4TU2(CgxBN1m!%p4ig#tFX zbyKW5q-82bdCiLn+ani!0T%@b+7xTDb?yUQWqH69#f6PLVZCM|6KvqvqfQ8%xyp*b z9CBHzQsdcw;EVoHuXy6tBMI{gp#>ptiVBzrB?8SXT?M(VEX|=yil&?;5Uk?|sl70L z85!NbRGRD_8KdDL&Mc84P1%GYPkq07PSnX~`lsA!+^jayTK&{jPeGz0J+AV+s5|JW zOVxosnXYRt`Mg~vRNfEXCNsSvy2Q5-)WK^vAR47swI?j9et0A`qAH7153;`VaCR7Y z>!La76J@I_en~0+KKBni?~ex6ByJOuFi#XTmj#I`U6K=W2}pI0)1Rvo13ya#2*@-f z*wUW7=n<nO?UJLu>Cy&eQ>D?>7CCuN5f0s!Ip>fNuY!%KHCLX?Kc*Mz4%{d50Z zzjWeOA_?<~zzbebuQd`9n=Q{Qh`A0{uGJv~#A)(6Wrf~!@^q9Ziuu<-b*kd6X-?Xb zG;vFLdgQD!ATeg%RF|SXTDH^(uq8YlrJ>GAT(cZ!&9yDeoVwmoo~2ydeS=-cfIM_# zK3T3#G>*#Cfef6!axsz^K^J4A-c6d)dRd)m?2t;3Oe$eQwM!_I~1njuT@2%EYjUQG;A z1)F*gd^*{7!t;RaSY`rerxt)%QF!I@VJ_ zj$5YMR(AdUt;Bg=h^aaXlqC$N$+CQns3J-VNeV%bWAXYm`CI~>0py&j6A!k;vuy;Y z)NtpoQJD^bd!Ldjel zl07&9d1Q$`VGqt#q9*WYkIEid`VXT28I7pPsQg!aU9QPI6(nJvIFtah*GE+6!eUh| z&4SHH4B34`?5DK@MVwY$RyEA#HI*|^C%}PAnyp>n^>Yp}v1Yp_*^#zubz$ zN=jEn;ub-oGDo7m2+U;ZunAX?j;WPoj8t=7un)3I%CWM_F3OIXVNsEFIi8~VO0?x_ zvmWta?IWQxS2+c1Ds_3@ruQP!^LT|wQTDF;ZG7feeBC|I>t##a8YE#}A@tV8Q|CIh z-87Kr?|Ib9gRwMmF37{GOYoPTR7F@Wc!3N&rRPNhl4~{9QWL(W6nv8`scSl2!cn0v zZ;ookpb@XQV9iOkvaz9wuBVaMN`M|&ih4>SSyM5#x)$OlsXRfi!;Hz#Bg*bvB~+r8 z_v0u^^oVkc%mzsESVbxBaXo&@GjH73$ey?bNWwf-Y!G8ej)AEb+F*{7^k^lfxtdhr zSY>JEDhWVu8KydtD3@Q!tqrn!F|z7HaGte)LcAM$mXx?Lz)+F55T^cZx2 zMEz(miVRU-BeN#ctl6|3_8fyeB7{nUP{~peL48`wT%>EJZPn{@=h*biAt$+;2#Rv1 zF6X32W+RHy?^s8vsxscoz*C;_?C181C2kFpFi#XRf=`sEZ>sH>X^{s%p!!b-h8e4yULF>tos@%;@vwFHQU-)@@+h?miqO6L1e;p{y@A<@ zMqbFK5u;XG!Ko@=|Av~_klLCc)hDrQEZ(bXou5q@IQKa0vNc!9ROR7i;rw&)<|$nT zxTPqAi=m>7Z^PEHLBw#F%S^NE?M4#j6~HEO21`z;qd3V?oQ60@)h4TxRbtAC__tAD z1EV?_wRuXD2-xmP~X~LBqwM>H2+KLZDN=e1G8-;mh;wH4ODPO%pq4^xg*-V6cGV=S z(_9Cz&Np3!*#Za83fszr|tCLJz zKD_3eYaOrJl{#5xNUKLpq``HryY$?qIc{a!yynV|nlwR^oF+}J02TR(=cI`rnnLBz zn!r)@PGq5r0?U6L)rNu%%G2^keL8i;|n_zAIP`i(w zVrz<0+`l%PdTP?72kk*r&tP4q-iZDHjo`aBe z4zf{$LQ?e9r$elyNehhfENTq}v2{q3*GIbYRu__E3{?}a!){(TdK0&Ale;8BGaorxfG(@sEg-4 zLQR5FlO>6-BZaSg@yq^1uj$0iMH1!}gCM@H>hv!PMWo5VAx@ISxu(&QjZKP1q{vm9 zcfK4jD(-mE68ClmJ7F8nCpskB>P1mjEUWRAE1Ev)=PPeZ)M3i;PDJ1Y66IuyFA9_n zzPdEZ%q43_*{k{Qa5CgXk zWJDR{lS^apw>~!KF>f1^Fi#ZRfhY8U)#RrMgIbt5k3c>0t#!_xx+?RDP^o2xosL23 z+^SJ>uPFk>Y90j;q4dNvTq)I5+|8D?@N&&*3=9@c(N#QJGfD}Sbga0gQa zyJW+tHFF@;A4&DdNX$C&tm$OZCnjeN$+0CPT21v-C0CXxwik0(*0eH_B4_P{?;M(N zz5eX16Z%RL$~PaInhg4l^?Ul5&%W#KPIHNyh$PG_f+1B2(e*ND56p9tyx`1nqFTp^ z1cWuFt1{JU($(Y)9&vihPplX1g1Koz{Zhc&KmV%(8*t^U*JpxWSt*n*Nz<_NK*>CP znIRCv0-iD|e>p`mvLiuMAXS!0L$!p&TRu{~VR2QlSk%-Z)Lb#caz~ z1W&!Wc{=3U6kMP|h*@~l5+iD*E}?%ej=@!!rQT&!nUzY^M9q$8XiAoG zGIC{U6tTCIMOW{)51Cj-gD4iDuU0`c&()0lV*zU9#)h|_~o~w-2>*syp z7e6`ZO5!FX3G;-pMT$CKH&47|GxV;F)GEcq2|V}#m7P&M$Dp3N?3ic+(gYLwPAN^T z5P3A9(r>;dvT?m1pq{touqDd_=szft-_RpDyL)MG*JUkaB`vvUbw^#U=G5-IC79(S z$jYHnme3(fqh2*hHS${(B~}ku`BZFsI>V(CrFYFENvATVCY=`|Tl2_T%>|SS^EM#~ z^NL`EJcsf`gL{W~BgNSv&h`D8s^SD4*ga62A&IhMQpeDa+ftDr+@1Yvh#2)cOJMoA z6Ojmj;5=vEH_-j%Kzl{a{TXUSd9sk@dSjlt$kfD2_Ho9k4Tf3Q4&#}^}r0|q7J!_CEv0sYL}B=Q4pMf4u4QG3l>RK1HM5$z;)yi z*VZwq9Xo#boL0_RZ{ijE&vDsAgOnk#Tt#ubb{CKYs zaw(8SUz(WylkDW%jiO=?@1oGgxGm( z`lQE6TWcnr1Y)P{n0d2mqTFi7YctCJ*w22#?*)Ljjn$U8ETqCbS*Rr;fntO`>Jzrr zsa2P87(TB|q&mwS=OHF*UB^kyx2$-2Pf(wDXo&YCw>CTCOT; zf({X@^qxm*xfeZ8xrZn{=Nk-^Xpe9PO|BFWulWIJ>p+XM8#Kb&>JlVE=Z5IhpY+UU zUF)}yxNIb0o+ya@uch%TeMcVXs78^e>kQGmB z5Gj%p^O^wA3EJ+EChGekm7m`b1TQkwdC}MlS9vm%X-RaPf0lsgN_95!qctNbf|A>F zL7*JLnXA;QQv`RPFjSvCqIB-voPat-Na2o66UFbxZ0w1HcV##VJbXUb;6da42jp@hd%>N`sTUx-(kckiJ;jd$m)2b@?)M|s?erau_@U@ zPy%CW^@0%ujy;MfMWh~cI{{JZzI$b$XLb$9)_WGEuh2*mv>Jx`ylAL?P$bz?z0t)D zwfy+F<;2ZE66T45^uVjglWIg)ka~2F>U8q;$hD_fkDcSx#5fDJNxs62NRwoKL7KFB zw5|zu4s-ciA{NPK&q>^Q#!FvOe_jM2lr!&_|Kz>n24p1XhKMuLjOW*?QWj(Bb#4)L zJ-QjxrNnA40OZIe8elNtdWF1S__uX~(jFN@`iey@DvL3H0AF2agPZ_NG>1=QTH2G`Z z!Y*r=$&io%bbW+oBv7_oT;t}w*7gPpBSYe*F;t7CBB>yg4IFk+9 z4tkD~ifUc@G&}ZTaY|Li%I8ebd8`)g6R+8u_a_-b6=gVSqFUQn38k1uE4iN&#F>w4DdcX>57Qi zyriopb$vZ0IZTj2^2NxJqYVa6``yp}A1Ya(G z631$uMM>O?dAP~F8s~syz2|8&5lqzB1SLme33_LHM3IK7|3#B36Bvn+82tGlj!Lzy z$`Vxi#K{U}H4cd~qEvlEr@syfqB?NNWoy|AG=lW%h{DkYO~w6)8W<^aB-$?+*%$QC zQijR9g-C^Ysu;4}fva{_)G?NriFU4AQ+bP42GwVvjzX1X(#cnyT5*zDMp8_*QW=78 zrj=@x{A+A`FRmU7W|GTIK$yPeN5xgBxWI17eQpF|a#R!2#3UkWM;@)xv}sb9Pf-UZ z5M+5UzdB^e6{RQ53J*NvcAsHmfqs@FgtG zAqK6ogu-GS)j5)0?9IhPg)3Gr9GfCtN59oQwJ6c^UUFrLt$$P;g3!&gid$OqqUh(r zmj{^GD-2v@YEg_>SrHd0%%9(qgHY>I`8a#f$-V#eM8*vb#P@2nMzS*-P zUTELLx=h4egFr!Q~k-z zONmV+VO|kv0xjqb25R23z4T+P5~~(sYZQSEP1Q}3Ah)l+eMiLyM>^@NjTGru}>k{+DL6=&$>+l|)! zW?GHjle{0g;n;%TdMVvY3?WUjR~+0N8?BKP`CA!e`NfMiiF_p9;kgM{gzNL$u-BY) z&y=h8>g0LKTFzzy1)NvHpFx>c!$1aLHjF;hwKyK3j%HMxfMycU4~?g7^H@gF-$L$d zMq@tbG8&X@T+gf5s;3~iS1f4r>AGFk61SDO7wDwp!77ubO+)aUiQIE1O`9@d%gdF= za4ja_`lwL$C#Xj|>xh>P_74Ly>wd@|6|OHvNAHax>O|0)ullq1#gn&5L6XscKJzr(u0(a?1 z&DY2k%QL6?Iq3T!r%tkSuH2VFbS|G@@a znp=I{BBV+7^ z(@hPAP_8r2+SOEB=NM`AZmsin1Y+V#c)KF%=Y+sKX!*Sy%(FzzC{5@2nz5~tG%`~y z>+87+zGfaQ+7AZ>y-G5a;!_Y_{d&~7%XNv!gq#EyWeK(o06}KN0}$x^;GAQS&g%!8 zpSy0O4RXFbOTDSIZqr`PIwTrksK1nE*;|Dq%qs;(o}d|y%Yuy> zG=T=?9OA0u5?k9}`_wiaZgFh7PD24v3Nlq`E!q(_vJ8lG^$9v?#Yrzi;iwKlQ0E=l zivxL+M>DQ-nq~E&V+2^uw$%rA;pJxHc3*eY$B66Atwcj25CB(~lihlY?U89swX6X_ z$ZOiPL}X_K=aXeLj|p4EDNoiqMuJGD5q-)bs&xGsW={yZ!x`uGA z%r#zH+PK!r*EXi*A1!stIY~yARD%z!bC|*uYAu7blBIa&hA2Hn>AkOYh!T~z@W>j; zQ56{^4T9KjW&jwy`SgoiDiD6?a~^Z;%P+gygheXMD+F(TaGOM1oFAzy`vf|wMAv-i z^rwoygT=CpETST*7InKqX+~;PsLpk$V@=gj8JD?9tcyOdD$3d$ZKmZnJFhiN&3szs zFRvYREFSK&+*b*LFcaXl)nr?)3LWKcu-KYj!q-xb+yhKqao}McT|fPuughj^>me~zmR>s;qM?#k;@8FN!~MJPhzGu-cTdj65N2!mFTqYN>aRN z*EOa^WdiAeyD`FKgnzJvW0E9U=O}rko;7k0Crja&$#y3JM^$=?@))87c06Qe_3GRO zVrBU=F2`gZee9rfk$zl0PNg4rDsoxLi9@fm9?Uw0p*lq0W*f7!e*Hbu?fa$I)XNbuVL;8!lW+Jr(9=81yTJRKXL zhRTho&n_trm#3gi>$&I9W9kA)b|slA@m0OJ<|pB_1M5&KZiziO{tTD7G@geqI$Wu8 z&9gWGttxCauTHC4In2n-%fu$ELCqJN&ADtvM5M!>((4+OH6j8YICiE3&$*AekYiyi zuJ9(cL}YdBsbo1Z=N`^q6H~1ad&$-V_qbThLzAoeJoVSrBiv0;kavq5C2l1-n&0eY zRt#a~j|PB$b=gfOB$6;s9HjmlryFyyqwXWrWv@IMwu0)=Bl2nK;;B(I?I6Eat*vZ8 zMU-=&fWCten#V{Wg1+J!?_jBWwGXrT%3>lbQXTJNXHv`Ku&cI074)RfqXB+M(0h)4^x8FZ-5BZ+jhoHXgyTpmff zbr?@vT$35IN^`6TM&Pq2Dl_vsm{D1dNi&u0vDTYd+g%T4SOnv`t;yMZxOO0#nXtOW z&T5Xg&S!!(e=a0x#epMFJkU-fp6z^-^ewUtt9R0f49XeQZ7?39H zYhy2ts@MHK4K#3po46?FCXPcA=0hAKX3*ifI+m|v%)45VlA0Io5-2cpE6F5Ug4Kao z`&s5at=ZS>achMtGvK0Ti6)xVr6rQkq9BP5Di0QN#QAV~aGqW7>9Ah2kmt4X0j&xb zD_P;{z*B-3Fm<^`;+eQ}kNj6nv>=tHcuZyZC2i%&fajtX?=d{^DUjgOegg zUf8_hTvp}#s!6iEwMZ}769vs={}C};fl^{ej%+(V%@`lx(u}i*rUcFyuz_UX=)I4oxScB6q*XfK7>oCvDEdL1S zwXTx3_Sww7)ukRFqW8!>E=!c4$tX*jiuskBX~9>h%oDbHxlU^Lk4n%?xr6qi4L)CF zFBB-ETaffxHTnDXj>4-itXC5rZglF1&UsDj>SG7L_YZ#2r|j=hVlPr*UL}w;XNIIH zB)~dQ;eI1dPo2UJg*t4i-OT6AhprdR9O(KVa;C=CxVOY+BUMMFil|OPB|6Zw%vmCp zfaHfs%!4z~yb#*K59pkL&gR(guDzEp0zAktFlF?-6n=iqiZ{zWioZ%(&0QH^h~#_*|tPLKLoX_mfK>sU8d2n zS#(z?Aiye)4jGpv9dsZoDtlF)6X~?@NQwMIhY)%T&UtN~iDty6HVbu6%T`v`7Gi|! z6D%=i4{>Riy(|yMZ7<8!Y|G5AjtLgA1%YqrW1B#$r|OfVIHImcDG7hZ%!8?7pQsJ;mte3-VxzYRl(C$?V&?icBgeg!LF} z{<1Ffpfcw|s&rU+F%>plYQe)s*Vlm_JnVL|#F@QzMo@zrEWM**f<0G|*H-NnRYtaI>PM0EN1xOWGefT z6q9Xrk|AzxMw%91-RYc2Ct9Mk1HjoC;I(T+XEWe6TA~{i5?Eb7kzH825-3B$t(-2$5I% zjV54$ez5vkIgc}hn{SW}uId1?hfP(+L9E>8jOrPpt?}cR7)A2czY1@%sTN>XO9r4_Y07 z&c)+=*c|#?nNENY9LVwzI`7&wg87Va*&h<<`Za)uT?aZR%ZD9E6RN_T#4?lB!N^%p z8L3B?K2i4D{quUtl*VMAWS-t`8mKd8t!1mZn*S>)StKs`reW=h;-Bw?N| z^zRgdV?8c-_S*>2yDO+!KKYBZC!HVd2q6#lv@}DSK^>_|T4PCF><#t=KEV*1;FN(6 zNJq~>mbUI1(#*Bf8RCP}8O`&AGtD%gElpg%hV&`4sLD@y7}BRae4(87kq<>(-Tg z(@v|S^=_GZtin>0yayC>uH?NtKwG@88f>g7$djb^>V$CiAi;wVB0g}P=C+xD(Wib2(!;Npc}#$7>nBqmtKLP#bi_&DiEcy_|4ZS0cC_x~O>9T+=K00x zi(G>7;J+ow@0|25vo*N>V;sRGx5Tak`@n`wi3bvdS$5X$kS31qoWx_|Xr ztHaL|5R&LieOxlHCQp9s5gmUH-`qUbi7S_15^I>Vp+1U&ad~$|g{rCg;i$DKs*Z%*%VWR)= z37Q`~BYg0%)C3MYZBmhGL0?FO>tQx>MAI#E%}J+4!2oRx&dnZ$(})yDJ3u;n z|HZ=EXIDaF%CV%c0oSnxb6*0n!#Pnt_~48W{Q3-^{7+|iPME*`$+PL<*MUCuVSo=H z(gQQ$86h2lxUYm;jIFck3pGQg-$!RW-LkcsVm;$7FS}##?o_i`&j$6sHyDK8Xn#f&d*aq0 z3G+nJU4XxHAh~Jd4&BanHb&JEA|58oWqUAOcN!^7)D+%wLTp3mQihgoz7Fdw=QCK; zoJ%bDLW0W6=fJSy z8K5CKm#ns)o5G$Ud#KKkNsoj!eGHPZZeDlGdxy9zM4!(o&xG6wNW#1m!GCp^HP?4+ z`(e^{Pm1G6H)mu@1xAdk(~NdHSrsD^aMNokN-|B&Q!aa7E&&PFJuzWEn-4(>&dKt@ z2WNcnu)Jhm^1;e}CAj**go|)}B08JvUMWI7UR#_&`F5aaK3jfBdcmR1NV-h$Ji}+Y zfn$i}!r#e`IzFm1UfE0j;Y8iro1VB_Bw=1cfOTkU<%xEXQ z&Urrzh$eSaX5LODVV)?++nH)_9T)DzXr0=C6t&#u{rLG%KL<^$?sYZiNNv@kPmmzh zC#kO2^fhf>6AxQ;&5gVcs`8*L7qVO&e$G`T;5lKg^O_>$Uio(&kshRFLr+?^@gh8s zCM`=&)cvi*NoA=8wSY+6LM!Lw))OJX)|+kG-5b@_vkJ&!givqB_`lawdQ%BjBkJ59 zJFopH&W}HFiM>n&NWwf}+&aSZatsU~X2jb;fU3DYq$%<;b1LtOT`MO?dQ$5yiB)b% zQ5OGgp8xld^R6c0eA!I1gOjzP;!-VIgdC+|4 ze`uAHQuURPJLQg+000CmRGdSe^-)w3ZO;Sc6KXZHR{57fU+ogA(+|_9n~Y=TB5%9M zvmf5aZc|V0C?sK?D#k6A$5+xTri`imykkv|nuo(GNd>E`~7Nt3#6Xs%)eQ+huc_CI{i~Y|@a>jF#T$r<{z`1NpaSacP zGtZ^weAuG8&285GIakwdr7;#<0Lsh5=sX;1`vE!1k(^g0Er9@BGw%jNZK>3)?%yoj zEGHjc|DO9HppRa1ml6(=Fi#YUvz)72=1+*P(`Jrw^y=~|-e{XgiV>zzJtVJ!(g+mC zvg%M_nYooK%5%&!75^FI@4}b|;wxK*9YUbN zqB7^w=Lumt*nk0MEIJZpTsoA`qy!|OvLzXqI23Y)0%@XjKDS^#vvq@iW+-R?&3D+J zcC`%zok9J!)X#ou@NRG5mN|a;vip>805|XpUJS)laTuB1XZ7t^dPu0b47O_n}B8!NR z{JBmC<10 zL1mxl+E-++61Z4tg_|s)dVrc0^@i6ZSCxpO$Ui^%kwk`9FGH!+SE0NHpESKqQ8vG) zTlQ1)cD7yYl*u%4^N@sjs<>>G7*w*m-ktp-Y1`ywj17*w@rr`B3~^G&9BWCErxQC_ z2@^Sy2_;yRA+&i*nh80X&fMu|Jud&C5+#??)NXj$I}^D9^PDtiPzrP1M|fs;J2BGq z)FrVtIC0W4&&i2%c?isc>XK)$T&GK*=;uZ6^Hl$hDD1+-Hd+CCUtXE@)Rk%CVo1U~ zQ5>u8c9-uIvg(fN;Hu+e+Bq?|vNGnAkq#Tg2w+XD5UANLg5>F~&j-?5ctnsT8RD!2 zS^}h36D(9EdA5)xYPC66;#}J)oe{DPiw|s_o16|+QT61Z^=Y1yW?6@M&YlMoEflHP zh?A>LL7aLLcqLB$IdbJm$~hL*XSGG3;r9~RAI3bmNus?9?Viryg$vxOrg!eB(~-Hy zn?S1bX~xoS(8bYtXI$`>d!tR6IX?zQ-&nvktpOWX=!(& zNK`+NPJepXGWV(qs}*6#k9R05!7q;2m^c7T;fT{!kIscH0^LoL;0(Z_*|l7*180{g0UD_Ro2!HtlmPWo66WZGh8&sN zq_&QeDOX48fl6Wowro_g?g>rItja~xvId2U@T|{Z!wIO7BRdxPkssEzor*m5M<(tC zz0c0U5P^C&&?>4?M5`!tN=4SUE(a}Gr=vmQ+K*nv82nYm{>_K)|92PdMq(RDm{$!u z$Wi2x6O4<jb>Crmy=dhFM~lO*e*b|f-H*;kZ8L4xDtBfMdy36{@g z7Dpd&(hp=wY?xm1)o26cD0D2OW#$)GQ|w`yvMwZXNR!)aR~uyYF>Wv+M$eVo_2Y(?T=bYig zAG|;3FmC~pFi#b1@DI(XL}nj8vq>#TQsflH{dI;-tImaS1qo_&R72H}k_0|LgH7hw zh~J|j$}+-p^Q%ymYQ7SHhreT_x-1*P5=6at(h3jR#VH3!v|}HhZ!RTa_^f0XnNQdM zoDxWf26aZ8Ydd7|k4L^+Afe1xN|vU&}d^ zwo_WxrC@u3!Wu>oHkO>!9-(~hnrOJg*fgyM3ZFd5%z3H|`b*Fw7|$}hRVI>!vM&8? z=1xVLTD1%$x1mxm+E<)f$`UGd8IlNoqIau_%R>_8iK2R@YDXJt%3@7NDIP04lPXWz zB*_tlN%|-vz1}rfS*n`1iSqEU3_*gOqZA}59Gcd-N?27T&*PCLbMmpK*kyet5U6NA zRASWC{-OFX$~5E|`f`NNSJnVOT1ATE)kHf}o!30?bg|(z;zUcFU_V-f)?tr4Wf(r` zWm}EJg<};PcmxXi%Q~P!O_>o@7jP1P1|E@mXR#64`?T$upX%SoPygh7|HAKi;#v(3YG*UAOS+1qBck1{Fe%JOs^Z3fgkC;rf~A(`s!CvcViF9K zB>)RT!0MWt!X*H?oP+`O3xRU#Xwqz1lUc~|5CLdeI=b*zG0!?C+e&bY2kr74aM`4K z=9-9=1(gnw>IAm5MWst8A>n0frp`+Zo90`c32q{RdW9Li+o(mhcH4%pJZ+xHm}{@R z^Br$J8@h+Yg^`4LqTpi*GPlKb;0e`ZCpo-0LXt*Ff};Y1@?DYyr53$>?1EC4E>X4t z)GAI*q9ln9g}GFbB?uK+n6Q!J>^Kos^-ApBf+TU1GvFgyA{?+MF5>jjLc8+O(4b5)t_8KGhr zP;q3dY^wyiuq2h3dL^(ANzw#pZE@nH4I;1RTvBN&FAtKjnrzK`5j4(s+merp{qbJb z25>0~lot+^C@)0v={gnaUg%H#9CMmvZxNC(PZhM`93k`WNgh;>w$Q~0(rKxqB%N~T z5u-gOnWl+S%wG~S!%A|axp~mmAnVPnYUeFyPN-{Ni7VLZ{DMqT9xSHb3xtO{q!!Xz zWa5F@xQZkv_&O=lJVXUrBr(;ky~M}g+;fb33R)$pd(YQ$f=8Z=26=eJW&TrqhPr8R zsi;VDr=ocu>_H|UOAm+JI&ulc6;?CDzKcqCz-D8iRgm0=@kBX5uO zT+WP7qiY*V5?rEOCg@6<<`QdqRr9@CWd>wf)atf>i6C!;h_BsZyde$KFCDVO|C7Rgl5OF(v6MgD@$o z%A4ObdF80pip&U(=yFvh_aYW*QeGG2H5bKd1FN@VP{9ih^{C(lay}B~7P!46mHVVh zmMiPBd+-z*0NV?blMwTWrE1OvI3s3yMLDmjO|_hWmt`l5qF!H9n2DAui_+RSDxz`K zWsn8{a+B*IKM(Bh#Ip6iTI1@IHLAUfZn+BeDggerqc5XSrRz5`&9S!-NtmaKy(GCw zZZSz-L`i~BjeU}|*~%Ol6`Dj_t%a?)JqD_L0^7O$0Eyk_~DOwNeZ)Ftl# zzfSh1xajjjv|!nO0_6azA81{dQ8u~e6*#2CNmKMj5osaoS&L7P#KEe_Xa-IYC)sp> zwk!o5FI#9Y4P+mu5VdamE}Z$#W5^R6(vDt+hAQdE;&SP)f6FW0eOyly#~=yw#Ic7U z0l=UC*h!EksY{@3SQsNoL5k?4$*SFBr6|?0xjt9VSL}wt15nGDymrdek`lfXG&Ra}h6 zdc>(zWS2P6eFv!5O_{P|_Ca~JG-b9$(@xL_7lHH8aCxWg3#(AC(uR*+q`JgDBw?N? zMo0}RO&O1kqv{({lHjSO__dsz5s_p?p)*gZ(-5Ia=V@}Tk|{t0IiDyzVS$q+G?D-v z?T42GUQe65lo#5g(d5qi(({SbD$_XsfWL;4lV(ZuNVBxFnrCS>&o**a&)aRE^;ukp z9mEN~>Wqj}rq$;mBp+}-eR1yO2Zwl!l~)|oVT-VXifi3PzJ(a@d9*FHsXDo3s`XUo2*IF@ zR!@Pm5O2m4l0gHiFY!C#E?ks6zx|tE{(oJt3yB>_!aQ-<-+b)ex1|u>WRLLbNkGIA zxe}?Nw;rwolkI!o3`?Q`tvZs4rVvO10|Ff(s0M<5AMkM#PK*xY1* zNnHpSd7#R!hc6!d(izNSf)SG?YSy}WYcIUhHNAgcfEnQ4I&Coq!k z+&4O8tLyBR*TE6UEkYME-Kq}pwLKSApwO8E{p+uJ#ZO*B^@$xw!aQY+kYt#6F_Hx5 z?Y^Hbh_VjLPPHAfq}Vhoj`?mMP?c>&maUjoo0=?VQd!u8RYmlZRaXRCBc6ZIBh+~|qKw%o+EH|qivrh4@)?lsjyN2Nyf`cac? zbOz-pi^%%sWCB%B+OHVCY6CaZc?wF9dnZ)h>|*{S4LjC ze1|AQa)d2a$=P`kMwJwE_6C!8NGPlXP#sf@2I0{yhzx- zbG-A%-}WDlESfkHNtmaM%OFSa8Lv06OJbEnE>$IYpa%@9@6S>iNj>Z;2Z#5z-R; zKyH8L&1Z@TK3a+LbSTWivanrG*2~pM%PSdDn;_fv@{8^SOHyo?oom`jXqo0L6&JNh zURN(U0C1H19u_W295D3OAL)6gxq*Yxz z6(u-C2@XN3G#$LaBhWfOxnx42JcUVCDNX&{q|z;U5j-L!`3f=zYKrFpPAHnl97)KD zr0jXA3Dr#61>y8W-s*W;&9kC!eBf_=Uyind8HjJ(F~kY|dBPsCY2qx$)4IHd*ln=F zru&ycp5l<=x_?cY;LystJv1ah%oYgMaVCZhs8$@ZZbJ8P4 zoQ5pdxkEB-YbPA>?m&{!pok?>S>$!re$9g(l<#Kn+=d7{`Px$tC1d6B6Nn{4%jGe4>7@#;5D zI}~51joi7*ij>? zf?lu=k&u>=OtBsZD$r#4EEu2*%jJ(pvNb7P*fS67!j zi{k8eg7oKoQT6%Z58j_Ul-wpHVO{}9e)E4`TLS`_Ol^oFF`74j&0$5U(?`v(;@o<` zN=9s6u)MuUVM>y0-m`r92v?%w7+8Pmbw1?Bf#!SgvXW74<8{ic7*>Ifg7nO=y>9fC z=E~#c!L}x9{h<14h;So_0qWNc0(0k^#0mW+DO+{fNJ3Rz*S&U7ekaMP&b%y*^q=Ej zf9U>S8qAuwWF%ppD7Hv)KS6@{tupdK`Tp z&9?9Ump}3L&gH~SL=xty!eK70$_9%uqn(iw7?&ATlK@sR>NKq|I&+ok+6GyYAW7b? zw*?p{%UXt1{mc|w%g=lqCvz|AwnclO|CMYcUsNI+ZD=Mn=W=O@Ce}q|`jLM?<>#hc zt_~4m?^#|4^PnXWnJ8#bSjQsB!HQk?MayA*Ms)HHrq3G zVEx-H9?jbpp#^_n)qx^Qw-+edreFQ=hwlI7f!j*l1f;?|aYX7bzAj}9BS~?+SMQiZ zkKL-et2_xL#qeu$?GqZ}()HFflGhAr^1la`Lrt`L-coR$?xW^QVlM~W91Hfvf@H1G zgqxK$!TXSW27wydure-Wbx?TRemhn!3ZbXVSEbbw(I~#PK0Npfp;DXJ9JH0ng;B*x zJD*E%U%hf|ds^(XA&o$t8s?{D8p;$|Tg=7~Zo#(mcbz=m>L|3>A+ z!0)8<1oE7E9A+V2My+S8$Fn5xb^l1KENNiQlHGTC26c{6KMBT=6p^%=yL8?F%yai% zPQVZ$)hRy>jHE_Yh*oVHl^0wn3TM?kH;F)FR4kpYSwklUyMn>}yfzv@;7n?tq{)-n0 z=9a6?)8Pw^|2UTi;am@e&xRt>!48!6A#$SF9;?W7Ih@$b6d3_nZIyQENy$*2CYpj# z|3=g%4BQ_lU;EqIXm_jbXkF)Wo5bc+3DigTZ+_^#(kM)GPX6_EBrDyag>HU;_Dk-9%%k|cgf z%%TAabT*2Pvhxv>m^sxY4z*m<)T2CB-8Gigt5&uT&Jqy>=tl1;;q(q(%5yDKsz;uH zJT63ipiGN9?F5gvW!0|(q^>(<-MUca4+?JeOXOt^Lr~Ri`{cM;doA*gAN(iZ_u+vq zCvFmwFi#X@)MWcxfAdDpcx8L__Vafm^Z>Xj6ChBP{G6Ly!C8N)kGZnc2QFDsVHSsc zoh2lo$(RJmf;K06&rrGCxTNWksRN$~YhPUpU?Ww#&1SR|MG~=X+db~h5q6~CVeW2P z$eit=CA?^TwaM?wESc(8g3c|OO_Na zN3oNcq{&gMOVamB?Rm;NeRpFuSekjj-9Xx`2;=(Y+#{h|Ur?`}&m8E2OmkdwJ$o>M z=Sd6e7vFDW>sj{ZH#^DQ`YtQK-lx<2_SXCU$#?wo@7~d5;wB&o^JGE5-?be_9R#so zqyHKk5v8k?Iu1QXDJilvYZsxB8dOzDfy#8|B*Ay;0c~~_97yeHsrt0C(?o94NIU}j zf&d^N0%^+p|JXa%Sk12UuCH|pUn)^PA@Kzy#Mkr#h=@y7kxUS(lh_G$oU}kGR7I)^ zQcxlUNG;5n_&$l_B%%rmX&XST=#1^y;4~5e&zbSeIF@XZs&h*WRd5nTr9vt~Y6Ho6 z(42Q))_R`*v(~fUGc(@r`2UmadEdR)b-y$FzyHs=?7nzs+9geB}DX z&N;DlM#(84V#D;$yDEV8;&x3T#q?=X?tUw#&xQRFr)KJs`*eXf%Mq0Yn5K6I_i9*0kq;Nrrb*M zB-Oss5z}Hmi{mqajn+S%dOL>mGx=%qylZ|PpiR}0R0!KV8K@rk)Md9qvoLM0^{hHy zZ=*MLtthT&q<%TI6r!0;|I>o8%~bXSWY~I)Gng?Ft}TW0lc)E8Gtd-ro1tK?lrl;) z+=e$H!qoo9xI`#z=x01(os@A_DFrrGp9aq+H(ZG-aFZgSOtVBqi`?X9yOVtM_+>R| zNAS#8)L+r!s;`eI2RefdAbLPB8OKR6S@cVxRbgs>Hmh9aeSH+oa&z{qoG#j=eTitA zehr&3$f0SXXmeSQYnJ~o^6;zVZXXfop+hIWonxGhYAZzK55Mr-na>8BKyD)x%=J>b zNi%^(vus8z-uKlPMx91*8kwhF7Q&a^aZUXhiDd#}S@*<c34}w*b+X%-nSBp$HVQ+jg zrR8IkNq|`DamqB`{*7T(I5Spt zK&taY$H8wPrsL+M_jS3VLY%w4I+imS-ve39*qi#G)9NuzM4sAEO1Co=*u7zyM=LW} z7#ZL6u0bV$aP-;O(;#n>=lRWE1rqW7Sq$ z6&#POdzPJ(p#0;HX^#EXQ3#N&8rKy4K$7fBtaXLG(5Fe$u$7C)IMX;V5x1$EYnNa7 z@}&c=y<7=&m}><&7Fp;hli-=J35cZtSLukQlp=R1<+x%_vRUTR6w9hl9kJAclq#{T zM6tdO;7umFzo|->%l3-CMzB4iZrW`Ge1lDE6gP-VB_PQ+kI-eJ@LxFtSG%Z)^J*p0 zPE(gZzc$OAIrC@h? z^yi^WlYB}ST2Bg^*J@T}Zv-<>+whI&2O-_O7EI-p!}-P4QiR--q{H9&(QlX6NM8>r z`f@l<0uy_!MgO#-q!Xsulr_A1%Z%f;^6PV{^^D>?I92In^NO&6?55WbI8}0)zMBU_ zukBuYf*FFw(a&cu>i_$*e{%0nZCNb24KO6TVp>jPQRp=-6UvlYOGQ*YgF6EuH6UVT zGl8>2vtf(l^``4K+zQW4X&mu2Vl&%pS0Ku3BuS;W`})>hAH$wf-{{Lk-bLEwt6H}%f8f{hf7&;r=rE=G)|6Ho zK^PLJ%jFwS5^Q2w0NB)FJ}uyy)a|^LVOp5J!}!~l;o4vRS08_VK@sE*K*8J<8baA~ zmD(NQ8L`e-rB{y;komCwUN={8f1t~po#ot?dijW6Z;8tj)rP8`tkWme2gEe1);(Vo zDfoCv^yVs}RAbSYqPY1cu|>kur~{5yrjBTO^*a?5uf`gmI2O*L&C}Cek6s$6lMAj- zgt7epcH`=ow#ZIyBNWUXzzE!Y2H${@C??-&nxj_bwC$Rlr4dKnpi)@9#rbOd5Vdt2 zvn(^$&amwk#gr+PXvsa!W*Wsc^n@@!)e`yK(h<3$u~i3Yx>(ZMGL=Gi5Zw zv{62B`s8O8Bqw(W3g$||E<%d%B)DHhCickeKsILR;SAEP4C6-yVAV$K3{o^tn(P2~lRsY$g z@JI7`uDx6* zoF%&>g!g?-K>Vt-(oS2%AJsAYIxbHv1MRG5#wurN##9Bm%u+1NuxTx{x}Ed7%W|2B z?U$H#CMCcL^{3J2QuOup&Pla(!S_i6>W?aok(Flpa*C|poE_yu@7$cy3?EQkIn_H9 zcLDj=TX-FjtMU z=WA*UWdcz|Bb7!dhZ}|rdyuB$ev(=OgueSBSnc4nSc+NOiOUl6f3<`}w@a$J>&1D< zg_>(A<;0?F`U0G)rQYB?Rer}F8^7p{&&LE(?#yGVste8Ib_aSRAGEQ0>9UGGX>rpx z{G9DIL87TIPee2)r#ZOI&BM+nyei|=>AK0LtomAuI-iHXIUp_@cngZIE1FhSlRj~J z|H0>khW@sr&8Jb-(w%1C~C?`94 z-LP#=lf;2yv>H}nTFd;a`LJ-XnQSnA0=)=m2TGq)&_O4zKE6KBH%a1G}4IVBa+)nyc}x1oyJzX)E(%&S1F z^P!hMt8BS2Q;{*xSq$2BW%Xt7cG6fy3S+uEhG<9USc|5l#ssV6P59|`1GvO(;sVvrP!#Zq(yMT z!74TtH#~I zY=c*vIG0C!001PmNklug8_y66m{L;sRS;-p+1#_h=ag|AjUmNaE?FE~v@k;4ANxkWSG`G5gV~n6| z^SP+6?nlenflzF1W!0_JahIU}IlUx&PXrGFHUMg#aa!M-)dLz?Coc-u^{Ocr04+c&323!Le>Xb}1)MT!VAFY`UifRfYg}3&uZ_QD`y2xtQvvIx1*0X&HlVF4YGz zeh!GSaN^4JmXtZBDqaCS5jDq*Sb?-b(Uf5-^i9!p)DJrTvA|s26miRQYxzlDdTr%* zzwq4IFLslWRY1X9E3T`QT5eJ;pmY4Gc$S`>Wp&dI@7$w8qoH+{`n%esAdTt+9i{#3 zEg^xrsLI5y6!aVDqtstb;m8$_xtg z=fcuX`|eINYK^zXZgZ-t{kNpr`lvz6Z9e(mGLObM?0;OM%HJ54EkBB`tX@k^PAkD|YIuv{% z;IvXC)=5dAS3J7q=0cdnOC)8QX+Iu(Uj{FHwlxOGn<=GvYQnfNd%b3MNgGffJsD~p zNA(|VrB{3}LirTitcdYF(}ai!h<=bt_Ex2$-?MNzi z#Zhu^gjD&5a1q_j+=Vv^ONs`8}6ejJKA4rd5t@7_I}BF`B%p%TCx8l~cZm zS_R+)XMiAqC{K7rbO$H%97HG`Un`%ngt?Hupv#d&c^ zKr!|GIJOH60GQoD)is*Z&!&hXlB|r2YrjX~*S@=RW_^rGr-+Nyti}V6GHz$DaC_ zRR7Ee5y*T;_HM`}MGYfZ4Mti+t zJj<-cFp)P|pvWL^Hs;&l`R!$o0@H_D7}P$qJrV1LW*cex8GE9cQ{FR=2W8&2+bpJ- z+Y;&#P0wjQd3vAjaz~+H?gFI%O~y! zbJeq6iw#)S2b;fp%!Xl`-?d;Bhev05SSXbdRU?p6A8+gxYlODWBV{;R`*lZmEugbz znTu|xDpN-aN@2CrMsT|FnCQ<^evj?*YAb`;HliZ94b!_XofkuQ+t8S~8!0c630=b( zDK^R-(&t=llHs-^*AGwC!z1`}6wPma>szlr@U9cTvan}lMbKfc9H|`C{9kc={P&n| zwOG0;P!s@@n7d4|F#!^sqVVPt60aF``{!A~z5XQq@ZqIvXsUN&BBxS~P}`5?G^d^5 z{E%qxcyFw-<+i2?K*N~ksajADFCtD6T7;@T*k6?&XUIm!5y_?3b5ygscq;=1M8W=x85UeG?u2 zou}cJ9NiDLJ6@U0j(WAQNG*y9?BG+^?azpvKWEct``L;xaH|>FHY|=Ecc~X)B2hEf z+l+8-8YP|OrV*Tks!y}Vg#Trif2-nSdX<>vc?RmH4SD`mBNK9>gPxu7!&Wh_JI!W& zrv7v6OZVc`ZZj3vcJK9%KfeFLP7lcrK*3xqg;1vXmX@QlV9~5sD~w;?A~7lRI!wozkCXq4bMDU1`#4j%-4*RamxVYvJKW zYdV5fK2gkVC`2>BQV|Tf(uK}6tBF7|Kg~&+*Y5aE(-HLdzvpcqeCguB>&se0)(8c2 z2e3PSr+Qr@6ou9yE0oD|pDKZJxWgY(Zbv?ApCw|~67OxtKiz!eI?ZYmcavJO9aTq#|Mz$N$PfRVQx(}k zD3~in9M=V%n2i!{j+uYXKrGR1((F{@h-GnRc6wsU#0I#LPK}G2G<9cTcyrV?TyL zNoU%Yw91g2zW=~`PJH0&H?A@idlx~$Tr)C-8*@uQV`3RRruK$yiltp^Y4ptKOK||Y zPShEFNa`mF*S$JLrN)CtFW+=JWX8l)l|dD-sBLcYoBxMxqAjbFb-|b*65CLixsj&d z_fCR{XqV?U?;N$;{bd-?u6X|0GoQN5am%|73g%jo@}IcON~X%#2VUPgf{(QPQ*C8`_0WZJg9oD2#c4sa*i;J)?;Eys3e-LE6+JysVv z%&~-CyQK&pf`8Do=}_ zr&A=^LAW*EYQaL88sR{+Y$TFb3uWp!OEFb*g959(}lU z@!-QxJbvo4og&B%L&01t;AZV^Mxew}ddoz{@2$6v=w=jRIcuAU7Hi`)mE9B69&y^) zw|lk@bF%)^JXaY1s9qNBwZm!B7WxE>ULsc_Iy9;FmF*N{PWJ@O8DpHrWb-Ucd3tB2 z3eQGGbBSiF@N8Fv7mDV*15oX|bIx-4;=zX=xbMWTEod#-K`59zfa^BRF=yFGU|(1$ zs6b_Ahj;YJx;#`cDBlVMPEd&Fw1rG^LYv8Xg;#SE0uxnpPB$noLcPyTJG)e6s4|;x zGq!2#a?3DiD`VuG6Rn7DG?4HFpzPG&oKzG!w{#-VwoWt8PX?D>JonW5D3)&uD3~iJ zE|$KC=g{fS8w`oseqTwz>E`wxfNogvK*Z z*G!vHcnM4*^kZ)RSQHek68oF6$IFzMMO9_b?s7Qh%$g0C+7ah%&-D`Z^Gf>q*RI}p z-+d?kVWb+e`%o}f%rddG2m8(vgkh^Mxemi_Bq5`=fmJJRJ76dlWG-bCiCro;W_QD- zt(mT+a+Q@j8`-;UcPq%{n5G%*ZP}dMDH$bq5^pmSS?BRv(JXuHgW0vH{VKAhiKgh{6CRfJ!^NAMjhMBm&8o`-3&OzBrsiWz1p3;ItDkz}v3>rDg&b4T!8<>IaGk|T`Z znAo+Ic4LBsoTk9At#!MqQdq74rLmpE^Y1mzL2lG1T>~vO1s(sOo=6m(^1pPRnTYdiGg>(CV^)J5V;Z8PkmqEeY0q~s< zD*Tb zU=#J~xZWEUrb%F}B`)8JnP9sH9d6(;K;Ku5NVZ;@?YK)&hUgNY~m%Wm~oI^ML)59U(3HQ5?^$ z!WGSzH`~PBa~n~rU-gx@{Fm;GUWS@AO?WDP^Wi1UScMn3%vh_I=W7_ubn(Ku^Y_2| z#LsM5Ex8MzV6GH2=_f^B{2W|oY0p<;na5il6mI19P}%UaK(U-Y%h*?Z|7yBRMAM;9 zm3QvHo}~xB$57l7UxqI4wzFG@>vR05Y}Fd6>R8mK>Lu5MY1L_#7T%czbe!=_UB^vs zT)%ST{(Db+AlN!`mqNkZ2?S2?3GL`JB&;UbsE<;dA5M)sl$uFCUY*r>)Rw7E5VAD~ z>ghn#E;+e?k$@^?jpGP`VJ7oJgl~byEKk6lo=#&(&C9bStR82u)Xynz#h}?K(b)`GQ_xZ zd@M9;ufzOHO0m>rPf|MEq>ys2S+qeqDtA1Q8%u5Bq$%l?StNb&!V4e0|K0ESSR)yE z6G6dTEe#P`5OQrE6O~Y=F3|6vwT&7yLpZdp@|+;VQV;Sip=bD|kMcj5fG55Mo;cW}!) zGC{#yF-x|;vxj3#M^YVzwdu<5CN%1#ciICBF3TSMn5g@6vZ9N0((i1uS4sChL|@6F z9fR4x!Q6YOa5$`n-ue#LbA+BS)lVD#(vxPhi}3BnWjbwKBAOkt`n8W}IL-412S5A3 zeJ7sZqAGG1!!gX20>>u9ZWAmWF^l_^@Yq*eCilCmJ6`*0u{6dMt6#Q+Hy?mD=h zLq{nx$l7aTYqCt_yjRzvwU}Kpta*t@Wjz}fPBdCLS?M_Ez|7g}*RK5gzwz!9+#i-e zD408d*+f0Hoh1@186;_(5qp@*moXRmB(;&lZc?hYwc4a-#X@%}b-j8JPGD)apJ8#xjAxr|l*HrAGbsoc!*4-*w{eU3&50Ra7J)BXpQ+1?|)$zF5Y}Gh*lJmT`(e zJY7)%1^O+l1lyXJn3ZzVcE){OPtr6i+GTf|m~=0}dKu68VL9@T&0ElgRt0T=uK5@v zhh{7@CA2wvv?W_qozh``<-PAZ@z*GpBmy1gN(sB9fU`_?Mr<-uO|)1#AyL=}=paE_ z{aK31Gct8YwR`@64JkO_h$J}aZsQtW`|2PnB-_r4*L$>GX&<}9q*%5Q%&*hsX_utj zOxIfKfo80ZR$PWQn~=7%B&OxSd;NUv#+A?hmAC%zFEo-6QbC8gD=Y}Z+I*Wk+^iXD zkJE+#3P@zd*v;PluI{J-9j-Oo`)u+{>QNa9cML(rAl=ix0j5|Od*Ha1WqWLxp?8+f23HFrBE<;frwaE$%lJ&z2)67BS;CK zy1|+ot`^IdnVZr|-EINmR=&V`yytof*)))i`zm~ZFb=bUf3~_Tj`2phU>dI#MnwAP z*|o#IZ17Td=oKC~jEGL1 zS-cFS5X-~iH`)unN-GYYYYK~P)T7<-#8JC#n~%}t??3+V{!dXX$#J1zu9((+9;L09 zR#a*2m}SRZqFJ$JhMsupa;tj9P6z;?r`n!}1%8Ak~ zeY(l@n?YvhWp~m6S%b)CGOfSL^f1Lpor9yl|DkE;2ssp)NFJtdm?P=0I$67lh- zwlz+g)+u~H=cG5G+%0zeX~t2@7RARhQE~eCxIui~=Sck5A}N3Mz4yHB!xvvXxYABZ zNDMm6UBKDtC+VBbbWfS|zzPE{ramAEY6{Gw*LQZ>sFH3p9P3tJubg~V;By_y_U_zu ztK4>#FXQT6p0fPDtk{xrV_W!^OB}nsF@cWYEWpOhr8seGoMvfQYx8P1GjPio{=9hM z+^7D;AIm>Ru_U(=3g+5Ddx$9^+Pqx4oDplMr@CQRslU&ur5}3L!lc8mwbPxq?wj*v z{Br2IZWz{8ej7Vy(Eg!L)O6PwLz**j@=Y^uZt9Klky(;dPny}5VRxpm!}LVhH}AIP z-Z*A&#_TjDE%!GwaCG{6&pvbJ(?9aoxBTdP-g)9-ugQdL3q!JN1-<+kIUb~?lI*Lx zkXYi1QFYE8-MULytUZ|hCPa=di!S2yZC8AZ>SPLk>j*%jcb=Gtm$#u};~PPyH-m`t ze#~CiIXCAo$HuOVJ$+lb6B=fuH@hOnZNVE&p-S5vtMb~Ldf<|Fn5sJ z9c?CH6q9_)TN50&glj2v!f>n+oQKYHSZHxL9nGx*TXi8bi9Q!b7F#^=+^H=m*Iqr0 z8Kd)`JxspT8oz8bBbUoLBo#|sRA@FJVtqulR#eN&h6U>z+dqir-t^a|?!#Ez#S7=2 zyziYS9y@MN29e?rbi5*U8dp;P>L@h!sY_!rm zV3@SI)!vvvI*zQW-c(kqvE^a8n7=&HTick+mr0kUZNDDVPgOo4iFz>b&331b*B^Q4 z8HwK(1azjk=_7GD^->$X2LROW z)N=RAB@Q2pF80SQk^63Rra42`aeh-B#@J=?!m`mlYw@p8t^+C0HP&P%x8FB~@?(!Y zwEr8i77=pipkS_)>V8_k!*UG8PD53$P6hs0W&b7DUh0 z&6j<)^-`ye?{MB)Ls2A2qJx}H8GvfXpQd0(ExVVgxNb(#bF+An^y;GzpM2q&r_X%m z`n9Y7dub~Oxsy;ZSIow)n2ibSi=a(LRF*w~-a>+fOl%q?mhc2{T}mBYv2^Nl-6fuJ zn}>KU+7NnC%~OX{wdbk0;(IK#5`a{8^aXV1L& z+%sp+KK0a@>%DdmvKAfAVCB%dXRgW@h4`&3dwc)|g<9ZWwXB_i53no<|<^QW-^`KNDR z2bE40QY6~O2uigH``qBD6E;()B6Z%p=s90|=p!fp^}`SC|N6ov6S7(;m}_SWZMI{t z?NDsvR@-xzIMiByuf@`5u@hU6VQRx@$R(sN(d87{zt#$fr-o+mv{MEum$=!R4)9R7 zb)kaJZP;=@*=|hu=&$LehaWom#m_%|=9jNty=sPC3E5>Rm@7qj6={xJMw}%|hs07( z^ubkzLb(1W?tzz6BZ2nps4jc{U}nd*Xo=@GQCIJpZB>?e&DD18$+vJE^QNsn6#2$8 zPoMqIPd|0$(zR<>Ubuek+8-RFiG-{g3g((AUIdN9h&^Z7N$92#^hZNAr)4DDITtT> z8O$=1%hu#NLfpQNvGOq)%^B5C1FDtLE=R()t=X*Qoa*9<3l2eg8yHmO=alwx{!bq{ zb@Ju&2QU2F3m49FDF}JfK*3xqfjfKj<`0uC-JrlN%amf*T>=N#Yj)Ss!UNuB1xssN zX1HX`qGPOu%6OaKNiQ5LID{KzT8nvDwso65W#!w?Jbm_apZ=wP`8kRtd9y;nTrKSx zv2HGR@Ubo{YC^m2QiglFUj2ewXA_i%oEUBM!C*>;wQ(DfNv7Z3hlpwY1lAq?|8 zx<%)DX~@$4Ov_1fy*FU1zTxEe&L5onweuGaUORv8h2Nk^5<lplxDLAGsc$6I$kQ{0z2hxE98qAuEODF!vH&RXl~KBANc1QZu3z_N}v$}h|wV1s&^wR824;q^{mgJQG$5T(8IeX=|fBP#BJ$UL% zo#F{06wLLqR4ha5E!|M84d1$YETw^~8nqlJ@cJTm4pxg1#`{Z zO0h&)7sN)!!6bwbLIO}Q2_b}# z02E9@2q7c@1(Og$2nj&JB!mz`0#GmsA%u_s6ih-0AtV3=lMq4(2|&Rlgb+dkP%sH0 zgpdFfOhO1DBmf1I5JCtEK*1!05JCb_FbN@qkN^}+LI@!w00ol}LI?>!!6bwbLIO}Q z2_b}#02E9@2q7c@1(Og$2nj&JB!mz`0#GmsA%u_s6ih-0AtV3=lMq4(2|&Rlgb+dk zP%sH0gpdFfOhO1DBmf1I5JCtEK*1!05JCb_FbN@qkN^}+LI@!w00ol}LI?>!!6bwb zLIO}Q2_b}#02E9@2q7c@1(Og$2nj&JB!mz`0#GmsA%u_s6ih-0AtV3=lMq4(2|&Rl zgb+dkP%sH0gpdFfOhO1DBmf1I5JCtEK*1!05JCb_FbN@qkN^}+LI@!w00ol}LI?>! z!6bwbLIO}Q2_b}#02E9@2q7c@1(Og$2nj&JB!mz`0#GmsA%u_s6ih-0AtV3=lMq4( z2|&Rlgb+dkP%sH0gpdFfOhO1DBmf1I5JCtEK*1!05JCb_FbN@qkN^}+LI@!w00ol} zLI?>!!6bwbLIO}Q2_b}#02E9@2q7c@1(Og$2nj&JB!mz`0#GmsA%u_s|33f#|Nm(U Vy|==Zb1eV>002ovPDHLkV1kamJM;hm literal 0 KcmV+b0RR6000031 diff --git a/dockge/dify/.env b/dockge/dify/.env new file mode 100644 index 00000000..def4d50c --- /dev/null +++ b/dockge/dify/.env @@ -0,0 +1,24 @@ +# 数据持久化路径 [必填] +DIFY_ROOT_PATH=/home/dify + +# WebUI 端口 [必填] +PANEL_APP_PORT_HTTP=8080 + +# WebUI SSL 端口 [必填] +PANEL_APP_PORT_HTTPS=8443 + +# Milvus 端口 [必填] +MILVUS_STANDALONE_PORT1=19530 + +# Milvus 端口 [必填] +MILVUS_STANDALONE_PORT2=9091 + +# MyScale 端口 [必填] +MYSCALE_PORT=8123 + +# Elasticsearch 端口 [必填] +ELASTICSEARCH_PORT=9200 + +# Kibana 端口 [必填] +KIBANA_PORT=5601 + diff --git a/dockge/dify/conf/certbot/README.md b/dockge/dify/conf/certbot/README.md new file mode 100644 index 00000000..21be34b3 --- /dev/null +++ b/dockge/dify/conf/certbot/README.md @@ -0,0 +1,76 @@ +# Launching new servers with SSL certificates + +## Short description + +docker compose certbot configurations with Backward compatibility (without certbot container). +Use `docker compose --profile certbot up` to use this features. + +## The simplest way for launching new servers with SSL certificates + +1. Get letsencrypt certs + set `.env` values + ```properties + NGINX_SSL_CERT_FILENAME=fullchain.pem + NGINX_SSL_CERT_KEY_FILENAME=privkey.pem + NGINX_ENABLE_CERTBOT_CHALLENGE=true + CERTBOT_DOMAIN=your_domain.com + CERTBOT_EMAIL=example@your_domain.com + ``` + execute command: + ```shell + docker network prune + docker compose --profile certbot up --force-recreate -d + ``` + then after the containers launched: + ```shell + docker compose exec -it certbot /bin/sh /update-cert.sh + ``` +2. Edit `.env` file and `docker compose --profile certbot up` again. + set `.env` value additionally + ```properties + NGINX_HTTPS_ENABLED=true + ``` + execute command: + ```shell + docker compose --profile certbot up -d --no-deps --force-recreate nginx + ``` + Then you can access your serve with HTTPS. + [https://your_domain.com](https://your_domain.com) + +## SSL certificates renewal + +For SSL certificates renewal, execute commands below: + +```shell +docker compose exec -it certbot /bin/sh /update-cert.sh +docker compose exec nginx nginx -s reload +``` + +## Options for certbot + +`CERTBOT_OPTIONS` key might be helpful for testing. i.e., + +```properties +CERTBOT_OPTIONS=--dry-run +``` + +To apply changes to `CERTBOT_OPTIONS`, regenerate the certbot container before updating the certificates. + +```shell +docker compose --profile certbot up -d --no-deps --force-recreate certbot +docker compose exec -it certbot /bin/sh /update-cert.sh +``` + +Then, reload the nginx container if necessary. + +```shell +docker compose exec nginx nginx -s reload +``` + +## For legacy servers + +To use cert files dir `nginx/ssl` as before, simply launch containers WITHOUT `--profile certbot` option. + +```shell +docker compose up -d +``` diff --git a/dockge/dify/conf/certbot/docker-entrypoint.sh b/dockge/dify/conf/certbot/docker-entrypoint.sh new file mode 100644 index 00000000..a70ecd82 --- /dev/null +++ b/dockge/dify/conf/certbot/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +printf '%s\n' "Docker entrypoint script is running" + +printf '%s\n' "\nChecking specific environment variables:" +printf '%s\n' "CERTBOT_EMAIL: ${CERTBOT_EMAIL:-Not set}" +printf '%s\n' "CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-Not set}" +printf '%s\n' "CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-Not set}" + +printf '%s\n' "\nChecking mounted directories:" +for dir in "/etc/letsencrypt" "/var/www/html" "/var/log/letsencrypt"; do + if [ -d "$dir" ]; then + printf '%s\n' "$dir exists. Contents:" + ls -la "$dir" + else + printf '%s\n' "$dir does not exist." + fi +done + +printf '%s\n' "\nGenerating update-cert.sh from template" +sed -e "s|\${CERTBOT_EMAIL}|$CERTBOT_EMAIL|g" \ + -e "s|\${CERTBOT_DOMAIN}|$CERTBOT_DOMAIN|g" \ + -e "s|\${CERTBOT_OPTIONS}|$CERTBOT_OPTIONS|g" \ + /update-cert.template.txt > /update-cert.sh + +chmod +x /update-cert.sh + +printf '%s\n' "\nExecuting command:" "$@" +exec "$@" diff --git a/dockge/dify/conf/certbot/update-cert.template.txt b/dockge/dify/conf/certbot/update-cert.template.txt new file mode 100644 index 00000000..16786a19 --- /dev/null +++ b/dockge/dify/conf/certbot/update-cert.template.txt @@ -0,0 +1,19 @@ +#!/bin/bash +set -e + +DOMAIN="${CERTBOT_DOMAIN}" +EMAIL="${CERTBOT_EMAIL}" +OPTIONS="${CERTBOT_OPTIONS}" +CERT_NAME="${DOMAIN}" # 証明書名をドメイン名と同じにする + +# Check if the certificate already exists +if [ -f "/etc/letsencrypt/renewal/${CERT_NAME}.conf" ]; then + echo "Certificate exists. Attempting to renew..." + certbot renew --noninteractive --cert-name ${CERT_NAME} --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email ${OPTIONS} +else + echo "Certificate does not exist. Obtaining a new certificate..." + certbot certonly --noninteractive --webroot --webroot-path=/var/www/html --email ${EMAIL} --agree-tos --no-eff-email -d ${DOMAIN} ${OPTIONS} +fi +echo "Certificate operation successful" +# Note: Nginx reload should be handled outside this container +echo "Please ensure to reload Nginx to apply any certificate changes." diff --git a/dockge/dify/conf/couchbase-server/Dockerfile b/dockge/dify/conf/couchbase-server/Dockerfile new file mode 100644 index 00000000..bd8af641 --- /dev/null +++ b/dockge/dify/conf/couchbase-server/Dockerfile @@ -0,0 +1,4 @@ +FROM couchbase/server:latest AS stage_base +# FROM couchbase:latest AS stage_base +COPY init-cbserver.sh /opt/couchbase/init/ +RUN chmod +x /opt/couchbase/init/init-cbserver.sh \ No newline at end of file diff --git a/dockge/dify/conf/couchbase-server/init-cbserver.sh b/dockge/dify/conf/couchbase-server/init-cbserver.sh new file mode 100644 index 00000000..e66bc185 --- /dev/null +++ b/dockge/dify/conf/couchbase-server/init-cbserver.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# used to start couchbase server - can't get around this as docker compose only allows you to start one command - so we have to start couchbase like the standard couchbase Dockerfile would +# https://github.com/couchbase/docker/blob/master/enterprise/couchbase-server/7.2.0/Dockerfile#L88 + +/entrypoint.sh couchbase-server & + +# track if setup is complete so we don't try to setup again +FILE=/opt/couchbase/init/setupComplete.txt + +if ! [ -f "$FILE" ]; then + # used to automatically create the cluster based on environment variables + # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-cluster-init.html + + echo $COUCHBASE_ADMINISTRATOR_USERNAME ":" $COUCHBASE_ADMINISTRATOR_PASSWORD + + sleep 20s + /opt/couchbase/bin/couchbase-cli cluster-init -c 127.0.0.1 \ + --cluster-username $COUCHBASE_ADMINISTRATOR_USERNAME \ + --cluster-password $COUCHBASE_ADMINISTRATOR_PASSWORD \ + --services data,index,query,fts \ + --cluster-ramsize $COUCHBASE_RAM_SIZE \ + --cluster-index-ramsize $COUCHBASE_INDEX_RAM_SIZE \ + --cluster-eventing-ramsize $COUCHBASE_EVENTING_RAM_SIZE \ + --cluster-fts-ramsize $COUCHBASE_FTS_RAM_SIZE \ + --index-storage-setting default + + sleep 2s + + # used to auto create the bucket based on environment variables + # https://docs.couchbase.com/server/current/cli/cbcli/couchbase-cli-bucket-create.html + + /opt/couchbase/bin/couchbase-cli bucket-create -c localhost:8091 \ + --username $COUCHBASE_ADMINISTRATOR_USERNAME \ + --password $COUCHBASE_ADMINISTRATOR_PASSWORD \ + --bucket $COUCHBASE_BUCKET \ + --bucket-ramsize $COUCHBASE_BUCKET_RAMSIZE \ + --bucket-type couchbase + + # create file so we know that the cluster is setup and don't run the setup again + touch $FILE +fi + # docker compose will stop the container from running unless we do this + # known issue and workaround + tail -f /dev/null diff --git a/dockge/dify/conf/elasticsearch/docker-entrypoint.sh b/dockge/dify/conf/elasticsearch/docker-entrypoint.sh new file mode 100644 index 00000000..6669aec5 --- /dev/null +++ b/dockge/dify/conf/elasticsearch/docker-entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +if [ "${VECTOR_STORE}" = "elasticsearch-ja" ]; then + # Check if the ICU tokenizer plugin is installed + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-icu; then + printf '%s\n' "Installing the ICU tokenizer plugin" + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu; then + printf '%s\n' "Failed to install the ICU tokenizer plugin" + exit 1 + fi + fi + # Check if the Japanese language analyzer plugin is installed + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q analysis-kuromoji; then + printf '%s\n' "Installing the Japanese language analyzer plugin" + if ! /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji; then + printf '%s\n' "Failed to install the Japanese language analyzer plugin" + exit 1 + fi + fi +fi + +# Run the original entrypoint script +exec /bin/tini -- /usr/local/bin/docker-entrypoint.sh diff --git a/dockge/dify/conf/nginx/conf.d/default.conf.template b/dockge/dify/conf/nginx/conf.d/default.conf.template new file mode 100644 index 00000000..9691122c --- /dev/null +++ b/dockge/dify/conf/nginx/conf.d/default.conf.template @@ -0,0 +1,37 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +server { + listen ${NGINX_PORT}; + server_name ${NGINX_SERVER_NAME}; + + location /console/api { + proxy_pass http://api:5001; + include proxy.conf; + } + + location /api { + proxy_pass http://api:5001; + include proxy.conf; + } + + location /v1 { + proxy_pass http://api:5001; + include proxy.conf; + } + + location /files { + proxy_pass http://api:5001; + include proxy.conf; + } + + location / { + proxy_pass http://web:3000; + include proxy.conf; + } + + # placeholder for acme challenge location + ${ACME_CHALLENGE_LOCATION} + + # placeholder for https config defined in https.conf.template + ${HTTPS_CONFIG} +} diff --git a/dockge/dify/conf/nginx/docker-entrypoint.sh b/dockge/dify/conf/nginx/docker-entrypoint.sh new file mode 100644 index 00000000..d343cb3e --- /dev/null +++ b/dockge/dify/conf/nginx/docker-entrypoint.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then + # Check if the certificate and key files for the specified domain exist + if [ -n "${CERTBOT_DOMAIN}" ] && \ + [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \ + [ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then + SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" + SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" + else + SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}" + SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}" + fi + export SSL_CERTIFICATE_PATH + export SSL_CERTIFICATE_KEY_PATH + + # set the HTTPS_CONFIG environment variable to the content of the https.conf.template + HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template) + export HTTPS_CONFIG + # Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template + envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf +fi + +if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then + ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }' +else + ACME_CHALLENGE_LOCATION='' +fi +export ACME_CHALLENGE_LOCATION + +env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -) + +envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf +envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf + +envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf + +# Start Nginx using the default entrypoint +exec nginx -g 'daemon off;' \ No newline at end of file diff --git a/dockge/dify/conf/nginx/https.conf.template b/dockge/dify/conf/nginx/https.conf.template new file mode 100644 index 00000000..95ea36f4 --- /dev/null +++ b/dockge/dify/conf/nginx/https.conf.template @@ -0,0 +1,9 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +listen ${NGINX_SSL_PORT} ssl; +ssl_certificate ${SSL_CERTIFICATE_PATH}; +ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH}; +ssl_protocols ${NGINX_SSL_PROTOCOLS}; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:SSL:10m; +ssl_session_timeout 10m; \ No newline at end of file diff --git a/dockge/dify/conf/nginx/nginx.conf.template b/dockge/dify/conf/nginx/nginx.conf.template new file mode 100644 index 00000000..32a57165 --- /dev/null +++ b/dockge/dify/conf/nginx/nginx.conf.template @@ -0,0 +1,34 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +user nginx; +worker_processes ${NGINX_WORKER_PROCESSES}; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT}; + + #gzip on; + client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE}; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/dockge/dify/conf/nginx/proxy.conf.template b/dockge/dify/conf/nginx/proxy.conf.template new file mode 100644 index 00000000..117f8061 --- /dev/null +++ b/dockge/dify/conf/nginx/proxy.conf.template @@ -0,0 +1,11 @@ +# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration. + +proxy_set_header Host $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Port $server_port; +proxy_http_version 1.1; +proxy_set_header Connection ""; +proxy_buffering off; +proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT}; +proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT}; diff --git a/dockge/dify/conf/nginx/ssl/.gitkeep b/dockge/dify/conf/nginx/ssl/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh b/dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh new file mode 100644 index 00000000..613897bb --- /dev/null +++ b/dockge/dify/conf/ssrf_proxy/docker-entrypoint.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Modified based on Squid OCI image entrypoint + +# This entrypoint aims to forward the squid logs to stdout to assist users of +# common container related tooling (e.g., kubernetes, docker-compose, etc) to +# access the service logs. + +# Moreover, it invokes the squid binary, leaving all the desired parameters to +# be provided by the "command" passed to the spawned container. If no command +# is provided by the user, the default behavior (as per the CMD statement in +# the Dockerfile) will be to use Ubuntu's default configuration [1] and run +# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided +# systemd unit. + +# [1] The default configuration is changed in the Dockerfile to allow local +# network connections. See the Dockerfile for further information. + +echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process" +if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then + /usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1 +fi + +tail -F /var/log/squid/access.log 2>/dev/null & +tail -F /var/log/squid/error.log 2>/dev/null & +tail -F /var/log/squid/store.log 2>/dev/null & +tail -F /var/log/squid/cache.log 2>/dev/null & + +# Replace environment variables in the template and output to the squid.conf +echo "[ENTRYPOINT] replacing environment variables in the template" +awk '{ + while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) { + var = substr($0, RSTART+2, RLENGTH-3) + val = ENVIRON[var] + $0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH) + } + print +}' /etc/squid/squid.conf.template > /etc/squid/squid.conf + +/usr/sbin/squid -Nz +echo "[ENTRYPOINT] starting squid" +/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1 diff --git a/dockge/dify/conf/ssrf_proxy/squid.conf.template b/dockge/dify/conf/ssrf_proxy/squid.conf.template new file mode 100644 index 00000000..676fe737 --- /dev/null +++ b/dockge/dify/conf/ssrf_proxy/squid.conf.template @@ -0,0 +1,51 @@ +acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) +acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) +acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) +acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines +acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) +acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) +acl localnet src fc00::/7 # RFC 4193 local private network range +acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines +acl SSL_ports port 443 +# acl SSL_ports port 1025-65535 # Enable the configuration to resolve this issue: https://github.com/langgenius/dify/issues/12792 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow localhost manager +http_access deny manager +http_access allow localhost +include /etc/squid/conf.d/*.conf +http_access deny all + +################################## Proxy Server ################################ +http_port ${HTTP_PORT} +coredump_dir ${COREDUMP_DIR} +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 +refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims +refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims +refresh_pattern \/InRelease$ 0 0% 0 refresh-ims +refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims +refresh_pattern . 0 20% 4320 + + +# cache_dir ufs /var/spool/squid 100 16 256 +# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks +# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default + +################################## Reverse Proxy To Sandbox ################################ +http_port ${REVERSE_PROXY_PORT} accel vhost +cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver +acl src_all src all +http_access allow src_all diff --git a/dockge/dify/conf/startupscripts/init.sh b/dockge/dify/conf/startupscripts/init.sh new file mode 100644 index 00000000..c6e6e196 --- /dev/null +++ b/dockge/dify/conf/startupscripts/init.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +DB_INITIALIZED="/opt/oracle/oradata/dbinit" +#[ -f ${DB_INITIALIZED} ] && exit +#touch ${DB_INITIALIZED} +if [ -f ${DB_INITIALIZED} ]; then + echo 'File exists. Standards for have been Init' + exit +else + echo 'File does not exist. Standards for first time Start up this DB' + "$ORACLE_HOME"/bin/sqlplus -s "/ as sysdba" @"/opt/oracle/scripts/startup/init_user.script"; + touch ${DB_INITIALIZED} +fi diff --git a/dockge/dify/conf/startupscripts/init_user.script b/dockge/dify/conf/startupscripts/init_user.script new file mode 100644 index 00000000..7aa7c280 --- /dev/null +++ b/dockge/dify/conf/startupscripts/init_user.script @@ -0,0 +1,10 @@ +show pdbs; +ALTER SYSTEM SET PROCESSES=500 SCOPE=SPFILE; +alter session set container= freepdb1; +create user dify identified by dify DEFAULT TABLESPACE users quota unlimited on users; +grant DB_DEVELOPER_ROLE to dify; + +BEGIN +CTX_DDL.CREATE_PREFERENCE('my_chinese_vgram_lexer','CHINESE_VGRAM_LEXER'); +END; +/ diff --git a/dockge/dify/conf/tidb/config/pd.toml b/dockge/dify/conf/tidb/config/pd.toml new file mode 100644 index 00000000..042b251e --- /dev/null +++ b/dockge/dify/conf/tidb/config/pd.toml @@ -0,0 +1,4 @@ +# PD Configuration File reference: +# https://docs.pingcap.com/tidb/stable/pd-configuration-file#pd-configuration-file +[replication] +max-replicas = 1 \ No newline at end of file diff --git a/dockge/dify/conf/tidb/config/tiflash-learner.toml b/dockge/dify/conf/tidb/config/tiflash-learner.toml new file mode 100644 index 00000000..5098829a --- /dev/null +++ b/dockge/dify/conf/tidb/config/tiflash-learner.toml @@ -0,0 +1,13 @@ +# TiFlash tiflash-learner.toml Configuration File reference: +# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflash-learnertoml-file + +log-file = "/logs/tiflash_tikv.log" + +[server] +engine-addr = "tiflash:4030" +addr = "0.0.0.0:20280" +advertise-addr = "tiflash:20280" +status-addr = "tiflash:20292" + +[storage] +data-dir = "/data/flash" diff --git a/dockge/dify/conf/tidb/config/tiflash.toml b/dockge/dify/conf/tidb/config/tiflash.toml new file mode 100644 index 00000000..30ac13ef --- /dev/null +++ b/dockge/dify/conf/tidb/config/tiflash.toml @@ -0,0 +1,19 @@ +# TiFlash tiflash.toml Configuration File reference: +# https://docs.pingcap.com/tidb/stable/tiflash-configuration#configure-the-tiflashtoml-file + +listen_host = "0.0.0.0" +path = "/data" + +[flash] +tidb_status_addr = "tidb:10080" +service_addr = "tiflash:4030" + +[flash.proxy] +config = "/tiflash-learner.toml" + +[logger] +errorlog = "/logs/tiflash_error.log" +log = "/logs/tiflash.log" + +[raft] +pd_addr = "pd0:2379" diff --git a/dockge/dify/conf/tidb/docker-compose.yaml b/dockge/dify/conf/tidb/docker-compose.yaml new file mode 100644 index 00000000..fa157701 --- /dev/null +++ b/dockge/dify/conf/tidb/docker-compose.yaml @@ -0,0 +1,62 @@ +services: + pd0: + image: pingcap/pd:v8.5.1 + # ports: + # - "2379" + volumes: + - ./config/pd.toml:/pd.toml:ro + - ./volumes/data:/data + - ./volumes/logs:/logs + command: + - --name=pd0 + - --client-urls=http://0.0.0.0:2379 + - --peer-urls=http://0.0.0.0:2380 + - --advertise-client-urls=http://pd0:2379 + - --advertise-peer-urls=http://pd0:2380 + - --initial-cluster=pd0=http://pd0:2380 + - --data-dir=/data/pd + - --config=/pd.toml + - --log-file=/logs/pd.log + restart: on-failure + tikv: + image: pingcap/tikv:v8.5.1 + volumes: + - ./volumes/data:/data + - ./volumes/logs:/logs + command: + - --addr=0.0.0.0:20160 + - --advertise-addr=tikv:20160 + - --status-addr=tikv:20180 + - --data-dir=/data/tikv + - --pd=pd0:2379 + - --log-file=/logs/tikv.log + depends_on: + - "pd0" + restart: on-failure + tidb: + image: pingcap/tidb:v8.5.1 + # ports: + # - "4000:4000" + volumes: + - ./volumes/logs:/logs + command: + - --advertise-address=tidb + - --store=tikv + - --path=pd0:2379 + - --log-file=/logs/tidb.log + depends_on: + - "tikv" + restart: on-failure + tiflash: + image: pingcap/tiflash:v8.5.1 + volumes: + - ./config/tiflash.toml:/tiflash.toml:ro + - ./config/tiflash-learner.toml:/tiflash-learner.toml:ro + - ./volumes/data:/data + - ./volumes/logs:/logs + command: + - --config=/tiflash.toml + depends_on: + - "tikv" + - "tidb" + restart: on-failure diff --git a/dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml b/dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml new file mode 100644 index 00000000..67f24b69 --- /dev/null +++ b/dockge/dify/conf/volumes/myscale/config/users.d/custom_users_config.xml @@ -0,0 +1,17 @@ + + + + + + ::1 + 127.0.0.1 + 10.0.0.0/8 + 172.16.0.0/12 + 192.168.0.0/16 + + default + default + 1 + + + \ No newline at end of file diff --git a/dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql b/dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql new file mode 100644 index 00000000..3dd2fdd5 --- /dev/null +++ b/dockge/dify/conf/volumes/oceanbase/init.d/vec_memory.sql @@ -0,0 +1,2 @@ +ALTER +SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml b/dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml new file mode 100644 index 00000000..bd49444b --- /dev/null +++ b/dockge/dify/conf/volumes/opensearch/opensearch_dashboards.yml @@ -0,0 +1,222 @@ +--- +# Copyright OpenSearch Contributors +# SPDX-License-Identifier: Apache-2.0 + +# Description: +# Default configuration for OpenSearch Dashboards + +# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use. +# server.port: 5601 + +# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +# server.host: "localhost" + +# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +# server.basePath: "" + +# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +# server.maxPayloadBytes: 1048576 + +# The OpenSearch Dashboards server's name. This is used for display purposes. +# server.name: "your-hostname" + +# The URLs of the OpenSearch instances to use for all your queries. +# opensearch.hosts: ["http://localhost:9200"] + +# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and +# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist. +# opensearchDashboards.index: ".opensearch_dashboards" + +# The default application to load. +# opensearchDashboards.defaultAppId: "home" + +# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck. +# This settings should be used for large clusters or for clusters with ingest heavy nodes. +# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes. +# +# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting +# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up +# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id: +# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here +# opensearch.optimizedHealthcheckId: "cluster_id" + +# If your OpenSearch is protected with basic authentication, these settings provide +# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards +# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which +# is proxied through the OpenSearch Dashboards server. +# opensearch.username: "opensearch_dashboards_system" +# opensearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser. +# server.ssl.enabled: false +# server.ssl.certificate: /path/to/your/server.crt +# server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when +# xpack.security.http.ssl.client_authentication in OpenSearch is set to required. +# opensearch.ssl.certificate: /path/to/your/client.crt +# opensearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your OpenSearch instance. +# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +# opensearch.ssl.verificationMode: full + +# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of +# the opensearch.requestTimeout setting. +# opensearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or OpenSearch. This value +# must be a positive integer. +# opensearch.requestTimeout: 30000 + +# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side +# headers, set this value to [] (an empty list). +# opensearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration. +# opensearch.customHeaders: {} + +# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable. +# opensearch.shardTimeout: 30000 + +# Logs queries sent to OpenSearch. Requires logging.verbose set to true. +# opensearch.logQueries: false + +# Specifies the path where OpenSearch Dashboards creates the process ID file. +# pid.file: /var/run/opensearchDashboards.pid + +# Enables you to specify a file where OpenSearch Dashboards stores log output. +# logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +# logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +# logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +# logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +# ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +# i18n.locale: "en" + +# Set the allowlist to check input graphite Url. Allowlist is the default check list. +# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite'] + +# Set the blocklist to check input graphite Url. Blocklist is an IP list. +# Below is an example for reference +# vis_type_timeline.graphiteBlockedIPs: [ +# //Loopback +# '127.0.0.0/8', +# '::1/128', +# //Link-local Address for IPv6 +# 'fe80::/10', +# //Private IP address for IPv4 +# '10.0.0.0/8', +# '172.16.0.0/12', +# '192.168.0.0/16', +# //Unique local address (ULA) +# 'fc00::/7', +# //Reserved IP address +# '0.0.0.0/8', +# '100.64.0.0/10', +# '192.0.0.0/24', +# '192.0.2.0/24', +# '198.18.0.0/15', +# '192.88.99.0/24', +# '198.51.100.0/24', +# '203.0.113.0/24', +# '224.0.0.0/4', +# '240.0.0.0/4', +# '255.255.255.255/32', +# '::/128', +# '2001:db8::/32', +# 'ff00::/8', +# ] +# vis_type_timeline.graphiteBlockedIPs: [] + +# opensearchDashboards.branding: +# logo: +# defaultUrl: "" +# darkModeUrl: "" +# mark: +# defaultUrl: "" +# darkModeUrl: "" +# loadingLogo: +# defaultUrl: "" +# darkModeUrl: "" +# faviconUrl: "" +# applicationTitle: "" + +# Set the value of this setting to true to capture region blocked warnings and errors +# for your map rendering services. +# map.showRegionBlockedWarning: false% + +# Set the value of this setting to false to suppress search usage telemetry +# for reducing the load of OpenSearch cluster. +# data.search.usageTelemetry.enabled: false + +# 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false' +# Set the value of this setting to false to disable VisBuilder +# functionality in Visualization. +# vis_builder.enabled: false + +# 2.4 New Experimental Feature +# Set the value of this setting to true to enable the experimental multiple data source +# support feature. Use with caution. +# data_source.enabled: false +# Set the value of these settings to customize crypto materials to encryption saved credentials +# in data sources. +# data_source.encryption.wrappingKeyName: 'changeme' +# data_source.encryption.wrappingKeyNamespace: 'changeme' +# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + +# 2.6 New ML Commons Dashboards Feature +# Set the value of this setting to true to enable the ml commons dashboards +# ml_commons_dashboards.enabled: false + +# 2.12 New experimental Assistant Dashboards Feature +# Set the value of this setting to true to enable the assistant dashboards +# assistant.chat.enabled: false + +# 2.13 New Query Assistant Feature +# Set the value of this setting to false to disable the query assistant +# observability.query_assist.enabled: false + +# 2.14 Enable Ui Metric Collectors in Usage Collector +# Set the value of this setting to true to enable UI Metric collections +# usageCollection.uiMetric.enabled: false + +opensearch.hosts: [ https://localhost:9200 ] +opensearch.ssl.verificationMode: none +opensearch.username: admin +opensearch.password: 'Qazwsxedc!@#123' +opensearch.requestHeadersWhitelist: [ authorization, securitytenant ] + +opensearch_security.multitenancy.enabled: true +opensearch_security.multitenancy.tenants.preferred: [ Private, Global ] +opensearch_security.readonly_mode.roles: [ kibana_read_only ] +# Use this setting if you are running opensearch-dashboards without https +opensearch_security.cookie.secure: false +server.host: '0.0.0.0' diff --git a/dockge/dify/conf/volumes/sandbox/conf/config.yaml b/dockge/dify/conf/volumes/sandbox/conf/config.yaml new file mode 100644 index 00000000..8c1a1deb --- /dev/null +++ b/dockge/dify/conf/volumes/sandbox/conf/config.yaml @@ -0,0 +1,14 @@ +app: + port: 8194 + debug: True + key: dify-sandbox +max_workers: 4 +max_requests: 50 +worker_timeout: 5 +python_path: /usr/local/bin/python3 +enable_network: True # please make sure there is no network risk in your environment +allowed_syscalls: # please leave it empty if you have no idea how seccomp works +proxy: + socks5: '' + http: '' + https: '' diff --git a/dockge/dify/conf/volumes/sandbox/conf/config.yaml.example b/dockge/dify/conf/volumes/sandbox/conf/config.yaml.example new file mode 100644 index 00000000..f92c19e5 --- /dev/null +++ b/dockge/dify/conf/volumes/sandbox/conf/config.yaml.example @@ -0,0 +1,35 @@ +app: + port: 8194 + debug: True + key: dify-sandbox +max_workers: 4 +max_requests: 50 +worker_timeout: 5 +python_path: /usr/local/bin/python3 +python_lib_path: + - /usr/local/lib/python3.10 + - /usr/lib/python3.10 + - /usr/lib/python3 + - /usr/lib/x86_64-linux-gnu + - /etc/ssl/certs/ca-certificates.crt + - /etc/nsswitch.conf + - /etc/hosts + - /etc/resolv.conf + - /run/systemd/resolve/stub-resolv.conf + - /run/resolvconf/resolv.conf + - /etc/localtime + - /usr/share/zoneinfo + - /etc/timezone + # add more paths if needed +python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple +nodejs_path: /usr/local/bin/node +enable_network: True +allowed_syscalls: + - 1 + - 2 + - 3 + # add all the syscalls which you require +proxy: + socks5: '' + http: '' + https: '' diff --git a/dockge/dify/conf/volumes/sandbox/dependencies/python-requirements.txt b/dockge/dify/conf/volumes/sandbox/dependencies/python-requirements.txt new file mode 100644 index 00000000..e69de29b diff --git a/dockge/dify/docker-compose.yml b/dockge/dify/docker-compose.yml new file mode 100644 index 00000000..d3b243de --- /dev/null +++ b/dockge/dify/docker-compose.yml @@ -0,0 +1,1815 @@ +networks: + milvus: + driver: bridge + opensearch-net: + driver: bridge + internal: true + ssrf_proxy_network: + driver: bridge + internal: true +services: + api: + container_name: api-dify + depends_on: + - db + - redis + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} + ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} + ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} + ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} + ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} + ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} + ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} + ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} + ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} + ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} + ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} + ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} + ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} + ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} + ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} + ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} + ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} + ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} + ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} + ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} + API_SENTRY_DSN: ${API_SENTRY_DSN:-} + API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} + API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} + APP_API_URL: ${APP_API_URL:-} + APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} + APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} + APP_WEB_URL: ${APP_WEB_URL:-} + AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} + AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} + AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} + AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} + BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} + BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} + BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} + BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} + BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} + BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} + BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} + BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} + BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} + BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} + BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} + BROKER_USE_SSL: ${BROKER_USE_SSL:-false} + CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} + CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} + CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} + CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} + CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} + CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} + CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} + CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} + CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} + CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} + CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} + CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} + CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} + CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} + CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} + CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} + CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + CHROMA_PORT: ${CHROMA_PORT:-8000} + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} + CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} + CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} + CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} + CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} + CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} + CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} + CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} + CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} + CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} + CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} + CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} + CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} + CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} + CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} + CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} + COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} + COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} + COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} + COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} + COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} + CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} + CSP_WHITELIST: ${CSP_WHITELIST:-} + DB_DATABASE: ${DB_DATABASE:-dify} + DB_HOST: ${DB_HOST:-db} + DB_PASSWORD: ${DB_PASSWORD:-difyai123456} + DB_PORT: ${DB_PORT:-5432} + DB_USERNAME: ${DB_USERNAME:-postgres} + DEBUG: ${DEBUG:-false} + DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} + DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} + DIFY_PORT: ${DIFY_PORT:-5001} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} + ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} + ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + ETL_TYPE: ${ETL_TYPE:-dify} + EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} + EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} + FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} + FILES_URL: ${FILES_URL:-} + FLASK_DEBUG: ${FLASK_DEBUG:-false} + GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} + GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} + GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} + HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} + HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} + HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} + HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} + HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} + HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} + INIT_PASSWORD: ${INIT_PASSWORD:-} + INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} + KIBANA_PORT: ${KIBANA_PORT:-5601} + LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} + LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} + LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} + LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} + LOG_FILE: ${LOG_FILE:-/app/logs/server.log} + LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} + LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_TZ: ${LOG_TZ:-UTC} + MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} + MAIL_TYPE: ${MAIL_TYPE:-resend} + MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} + MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} + MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} + MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} + MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} + MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} + MILVUS_TOKEN: ${MILVUS_TOKEN:-} + MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} + MILVUS_USER: ${MILVUS_USER:-root} + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + MODE: api + MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} + MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} + MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} + MYSCALE_HOST: ${MYSCALE_HOST:-myscale} + MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} + MYSCALE_PORT: ${MYSCALE_PORT:-8123} + MYSCALE_USER: ${MYSCALE_USER:-default} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} + NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} + NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} + NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} + OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} + OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} + OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} + OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} + OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} + OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} + OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} + OCI_REGION: ${OCI_REGION:-us-ashburn-1} + OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} + OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} + OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} + OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} + OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} + OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} + OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} + OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} + OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} + OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} + OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} + OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} + ORACLE_HOST: ${ORACLE_HOST:-oracle} + ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} + ORACLE_PORT: ${ORACLE_PORT:-1521} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + ORACLE_USER: ${ORACLE_USER:-dify} + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-${DB_USERNAME}} + PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} + PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} + PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} + PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} + PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} + PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} + PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} + PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + PGVECTOR_USER: ${PGVECTOR_USER:-postgres} + PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} + PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} + PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} + PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} + PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} + POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} + POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} + POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} + POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} + POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} + POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} + POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} + POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} + POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} + POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} + POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} + POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} + PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} + QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} + QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} + QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} + REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} + REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} + REDIS_DB: ${REDIS_DB:-0} + REDIS_HOST: ${REDIS_HOST:-redis} + REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} + REDIS_PORT: ${REDIS_PORT:-6379} + REDIS_SENTINELS: ${REDIS_SENTINELS:-} + REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} + REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} + REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} + REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} + REDIS_USERNAME: ${REDIS_USERNAME:-} + REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} + REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} + REDIS_USE_SSL: ${REDIS_USE_SSL:-false} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} + RELYT_DATABASE: ${RELYT_DATABASE:-postgres} + RELYT_HOST: ${RELYT_HOST:-db} + RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} + RELYT_PORT: ${RELYT_PORT:-5432} + RELYT_USER: ${RELYT_USER:-postgres} + RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} + RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} + RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} + S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} + S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} + S3_ENDPOINT: ${S3_ENDPOINT:-} + S3_REGION: ${S3_REGION:-us-east-1} + S3_SECRET_KEY: ${S3_SECRET_KEY:-} + S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} + SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} + SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} + SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} + SENTRY_DSN: ${API_SENTRY_DSN:-} + SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} + SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} + SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} + SERVICE_API_URL: ${SERVICE_API_URL:-} + SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_PORT: ${SMTP_PORT:-465} + SMTP_SERVER: ${SMTP_SERVER:-} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_USE_TLS: ${SMTP_USE_TLS:-true} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} + SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} + SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} + SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} + SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} + SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} + SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} + SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} + SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} + SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + STORAGE_TYPE: ${STORAGE_TYPE:-opendal} + SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} + SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} + SUPABASE_URL: ${SUPABASE_URL:-your-server-url} + TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} + TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} + TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} + TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} + TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} + TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} + TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} + TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} + TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} + TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} + TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} + TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} + TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} + TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} + TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} + TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} + TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} + TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} + TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} + TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} + TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} + TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} + TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} + TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} + TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} + TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} + TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} + TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} + TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} + UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} + UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} + UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} + UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} + UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} + UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} + UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} + UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} + UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} + VECTOR_STORE: ${VECTOR_STORE:-weaviate} + VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} + VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} + VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} + VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} + VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} + VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} + VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} + VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} + VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} + VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} + VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} + VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} + WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} + WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} + WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} + WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} + WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} + WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} + WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} + WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} + image: langgenius/dify-api:0.15.3 + networks: + - ssrf_proxy_network + - default + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage + certbot: + command: + - tail + - -f + - /dev/null + container_name: certbot-dify + entrypoint: + - /docker-entrypoint.sh + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + - CERTBOT_EMAIL=${CERTBOT_EMAIL} + - CERTBOT_DOMAIN=${CERTBOT_DOMAIN} + - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-} + image: certbot/certbot + profiles: + - certbot + volumes: + - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt + - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html + - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt + - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live + - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt + - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh + chroma: + container_name: chroma-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + image: ghcr.io/chroma-core/chroma:0.5.20 + profiles: + - chroma + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma + couchbase-server: + build: ./couchbase-server + command: sh -c "/opt/couchbase/init/init-cbserver.sh" + container_name: couchbase-server-dify + entrypoint: + - '' + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + - CLUSTER_NAME=dify_search + - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator} + - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password} + - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings} + - COUCHBASE_BUCKET_RAMSIZE=512 + - COUCHBASE_RAM_SIZE=2048 + - COUCHBASE_EVENTING_RAM_SIZE=512 + - COUCHBASE_INDEX_RAM_SIZE=512 + - COUCHBASE_FTS_RAM_SIZE=1024 + healthcheck: + interval: 10s + retries: 10 + start_period: 30s + test: + - CMD-SHELL + - curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets + | grep -q '\[{' || exit 1 + timeout: 10s + hostname: couchbase-server + profiles: + - couchbase + restart: always + stdin_open: true + tty: true + volumes: + - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data + working_dir: /opt/couchbase + db: + command: "postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'\n \ + \ -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'\n -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'\n\ + \ -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'\n\ + \ -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'\n" + container_name: db-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-postgres} + POSTGRES_DB: ${POSTGRES_DB:-dify} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456} + healthcheck: + interval: 1s + retries: 30 + test: + - CMD + - pg_isready + timeout: 3s + image: postgres:15-alpine + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data + elasticsearch: + container_name: elasticsearch-dify + deploy: + resources: + limits: + memory: 2g + entrypoint: + - sh + - -c + - sh /docker-entrypoint-mount.sh + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + VECTOR_STORE: ${VECTOR_STORE:-} + cluster.name: dify-es-cluster + discovery.type: single-node + node.name: dify-es0 + xpack.license.self_generated.type: basic + xpack.security.enabled: 'true' + xpack.security.enrollment.enabled: 'false' + xpack.security.http.ssl.enabled: 'false' + healthcheck: + interval: 30s + retries: 50 + test: + - CMD + - curl + - -s + - http://localhost:9200/_cluster/health?pretty + timeout: 10s + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 + ports: + - ${ELASTICSEARCH_PORT:-9200}:9200 + profiles: + - elasticsearch + - elasticsearch-ja + restart: always + volumes: + - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh + - dify_es01_data:/usr/share/elasticsearch/data + etcd: + command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls + http://0.0.0.0:2379 --data-dir /etcd + container_name: milvus-etcd-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + healthcheck: + interval: 30s + retries: 3 + test: + - CMD + - etcdctl + - endpoint + - health + timeout: 20s + image: quay.io/coreos/etcd:v3.5.5 + networks: + - milvus + profiles: + - milvus + volumes: + - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd + kibana: + container_name: kibana-dify + depends_on: + - elasticsearch + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ELASTICSEARCH_HOSTS: http://elasticsearch:9200 + I18N_LOCALE: zh-CN + NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana + SERVER_PORT: '5601' + XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa + XPACK_FLEET_ISAIRGAPPED: 'true' + XPACK_SECURITY_ENABLED: 'true' + XPACK_SECURITY_ENROLLMENT_ENABLED: 'false' + XPACK_SECURITY_HTTP_SSL_ENABLED: 'false' + healthcheck: + interval: 30s + retries: 3 + test: + - CMD-SHELL + - curl -s http://localhost:5601 >/dev/null || exit 1 + timeout: 10s + image: docker.elastic.co/kibana/kibana:8.14.3 + ports: + - ${KIBANA_PORT:-5601}:5601 + profiles: + - elasticsearch + restart: always + milvus-standalone: + command: + - milvus + - run + - standalone + container_name: milvus-standalone-dify + depends_on: + - etcd + - minio + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true} + healthcheck: + interval: 30s + retries: 3 + start_period: 90s + test: + - CMD + - curl + - -f + - http://localhost:9091/healthz + timeout: 20s + image: milvusdb/milvus:v2.5.0-beta + networks: + - milvus + ports: + - 19530:19530 + - 9091:9091 + profiles: + - milvus + volumes: + - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus + minio: + command: minio server /minio_data --console-address ":9001" + container_name: milvus-minio-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + healthcheck: + interval: 30s + retries: 3 + test: + - CMD + - curl + - -f + - http://localhost:9000/minio/health/live + timeout: 20s + image: minio/minio:RELEASE.2023-03-20T20-16-18Z + networks: + - milvus + profiles: + - milvus + volumes: + - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data + myscale: + container_name: myscale-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + image: myscale/myscaledb:1.6.4 + ports: + - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123} + profiles: + - myscale + restart: always + tty: true + volumes: + - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse + - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server + - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml + nginx: + container_name: nginx-dify + depends_on: + - api + - web + entrypoint: + - sh + - -c + - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\ + \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + image: nginx:latest + ports: + - ${EXPOSE_NGINX_PORT:-80}:${NGINX_PORT:-80} + - ${EXPOSE_NGINX_SSL_PORT:-443}:${NGINX_SSL_PORT:-443} + restart: always + volumes: + - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template + - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template + - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template + - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d + - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh + - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl + - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live + - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt + - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html + oceanbase: + container_name: oceanbase-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OB_SERVER_IP: 127.0.0.1 + OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215 + profiles: + - oceanbase + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob + - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster + - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d + opensearch: + container_name: opensearch-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + image: opensearchproject/opensearch:latest + networks: + - opensearch-net + profiles: + - opensearch + ulimits: + memlock: + hard: ${OPENSEARCH_MEMLOCK_HARD:--1} + soft: ${OPENSEARCH_MEMLOCK_SOFT:--1} + nofile: + hard: ${OPENSEARCH_NOFILE_HARD:-65536} + soft: ${OPENSEARCH_NOFILE_SOFT:-65536} + volumes: + - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data + opensearch-dashboards: + container_name: opensearch-dashboards-dify + depends_on: + - opensearch + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + OPENSEARCH_HOSTS: '["https://opensearch:9200"]' + image: opensearchproject/opensearch-dashboards:latest + networks: + - opensearch-net + profiles: + - opensearch + volumes: + - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml + oracle: + container_name: oracle-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + image: container-registry.oracle.com/database/free:latest + profiles: + - oracle + restart: always + volumes: + - source: oradata + target: /opt/oracle/oradata + type: volume + - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup + pgvecto-rs: + container_name: pgvecto-rs-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGVECTOR_PGUSER:-postgres} + POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + healthcheck: + interval: 1s + retries: 30 + test: + - CMD + - pg_isready + timeout: 3s + image: tensorchord/pgvecto-rs:pg16-v0.3.0 + profiles: + - pgvecto-rs + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data + pgvector: + container_name: pgvector-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGVECTOR_PGUSER:-postgres} + POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + healthcheck: + interval: 1s + retries: 30 + test: + - CMD + - pg_isready + timeout: 3s + image: pgvector/pgvector:pg16 + profiles: + - pgvector + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data + qdrant: + container_name: qdrant-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + image: langgenius/qdrant:v1.7.3 + profiles: + - qdrant + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage + redis: + command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456} + container_name: redis-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456} + healthcheck: + test: + - CMD + - redis-cli + - ping + image: redis:6-alpine + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/redis/data:/data + sandbox: + container_name: sandbox-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + GIN_MODE: ${SANDBOX_GIN_MODE:-release} + HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + healthcheck: + test: + - CMD + - curl + - -f + - http://localhost:8194/health + image: langgenius/dify-sandbox:0.2.10 + networks: + - ssrf_proxy_network + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies + ssrf_proxy: + container_name: ssrf_proxy-dify + entrypoint: + - sh + - -c + - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh\ + \ && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + image: ubuntu/squid:latest + networks: + - ssrf_proxy_network + - default + restart: always + volumes: + - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template + - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh + unstructured: + container_name: unstructured-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + image: downloads.unstructured.io/unstructured-io/unstructured-api:latest + profiles: + - unstructured + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data + weaviate: + container_name: weaviate-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false} + AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + image: semitechnologies/weaviate:1.19.0 + profiles: + - '' + - weaviate + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate + web: + container_name: web-dify + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + APP_API_URL: ${APP_API_URL:-} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CSP_WHITELIST: ${CSP_WHITELIST:-} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-} + NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0} + SENTRY_DSN: ${WEB_SENTRY_DSN:-} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-} + image: langgenius/dify-web:0.15.3 + restart: always + worker: + container_name: worker-dify + depends_on: + - db + - redis + env_file: + - ./envs/global.env + - ./envs/dify.env + - .env + environment: + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} + ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} + ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} + ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} + ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} + ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} + ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} + ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} + ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} + ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} + ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} + ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} + ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} + ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} + ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} + ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} + ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} + ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} + ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} + ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} + API_SENTRY_DSN: ${API_SENTRY_DSN:-} + API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} + API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} + APP_API_URL: ${APP_API_URL:-} + APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} + APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} + APP_WEB_URL: ${APP_WEB_URL:-} + AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} + AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} + AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} + AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} + BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} + BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} + BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} + BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} + BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} + BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} + BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} + BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} + BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} + BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} + BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} + BROKER_USE_SSL: ${BROKER_USE_SSL:-false} + CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} + CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} + CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} + CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} + CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} + CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} + CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} + CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} + CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} + CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} + CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} + CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} + CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} + CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} + CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} + CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} + CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + CHROMA_PORT: ${CHROMA_PORT:-8000} + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} + CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} + CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} + CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} + CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} + CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} + CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} + CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} + CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} + CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} + CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} + CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} + CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} + CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} + CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} + CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} + COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} + COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} + COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} + COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} + COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} + CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} + CSP_WHITELIST: ${CSP_WHITELIST:-} + DB_DATABASE: ${DB_DATABASE:-dify} + DB_HOST: ${DB_HOST:-db} + DB_PASSWORD: ${DB_PASSWORD:-difyai123456} + DB_PORT: ${DB_PORT:-5432} + DB_USERNAME: ${DB_USERNAME:-postgres} + DEBUG: ${DEBUG:-false} + DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} + DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} + DIFY_PORT: ${DIFY_PORT:-5001} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} + ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} + ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + ETL_TYPE: ${ETL_TYPE:-dify} + EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} + EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} + FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} + FILES_URL: ${FILES_URL:-} + FLASK_DEBUG: ${FLASK_DEBUG:-false} + GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} + GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} + GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} + HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} + HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} + HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} + HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} + HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} + HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} + INIT_PASSWORD: ${INIT_PASSWORD:-} + INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} + KIBANA_PORT: ${KIBANA_PORT:-5601} + LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} + LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} + LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} + LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} + LOG_FILE: ${LOG_FILE:-/app/logs/server.log} + LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} + LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_TZ: ${LOG_TZ:-UTC} + MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} + MAIL_TYPE: ${MAIL_TYPE:-resend} + MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} + MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} + MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} + MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} + MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} + MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} + MILVUS_TOKEN: ${MILVUS_TOKEN:-} + MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} + MILVUS_USER: ${MILVUS_USER:-root} + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + MODE: worker + MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} + MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} + MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} + MYSCALE_HOST: ${MYSCALE_HOST:-myscale} + MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} + MYSCALE_PORT: ${MYSCALE_PORT:-8123} + MYSCALE_USER: ${MYSCALE_USER:-default} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} + NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} + NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} + NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} + OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} + OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} + OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} + OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} + OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} + OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} + OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} + OCI_REGION: ${OCI_REGION:-us-ashburn-1} + OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} + OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} + OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} + OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} + OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} + OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} + OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} + OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} + OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} + OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} + OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} + OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} + ORACLE_HOST: ${ORACLE_HOST:-oracle} + ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} + ORACLE_PORT: ${ORACLE_PORT:-1521} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + ORACLE_USER: ${ORACLE_USER:-dify} + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-${DB_USERNAME}} + PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} + PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} + PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} + PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} + PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} + PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} + PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} + PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + PGVECTOR_USER: ${PGVECTOR_USER:-postgres} + PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} + PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} + PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} + PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} + PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} + POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} + POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} + POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} + POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} + POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} + POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} + POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} + POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} + POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} + POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} + POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} + POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} + PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} + QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} + QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} + QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} + REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} + REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} + REDIS_DB: ${REDIS_DB:-0} + REDIS_HOST: ${REDIS_HOST:-redis} + REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} + REDIS_PORT: ${REDIS_PORT:-6379} + REDIS_SENTINELS: ${REDIS_SENTINELS:-} + REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} + REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} + REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} + REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} + REDIS_USERNAME: ${REDIS_USERNAME:-} + REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} + REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} + REDIS_USE_SSL: ${REDIS_USE_SSL:-false} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} + RELYT_DATABASE: ${RELYT_DATABASE:-postgres} + RELYT_HOST: ${RELYT_HOST:-db} + RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} + RELYT_PORT: ${RELYT_PORT:-5432} + RELYT_USER: ${RELYT_USER:-postgres} + RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} + RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} + RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} + S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} + S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} + S3_ENDPOINT: ${S3_ENDPOINT:-} + S3_REGION: ${S3_REGION:-us-east-1} + S3_SECRET_KEY: ${S3_SECRET_KEY:-} + S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} + SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} + SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} + SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} + SENTRY_DSN: ${API_SENTRY_DSN:-} + SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} + SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} + SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} + SERVICE_API_URL: ${SERVICE_API_URL:-} + SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_PORT: ${SMTP_PORT:-465} + SMTP_SERVER: ${SMTP_SERVER:-} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_USE_TLS: ${SMTP_USE_TLS:-true} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} + SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} + SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} + SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} + SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} + SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} + SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} + SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} + SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} + SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + STORAGE_TYPE: ${STORAGE_TYPE:-opendal} + SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} + SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} + SUPABASE_URL: ${SUPABASE_URL:-your-server-url} + TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} + TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} + TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} + TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} + TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} + TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} + TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} + TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} + TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} + TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} + TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} + TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} + TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} + TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} + TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} + TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} + TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} + TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} + TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} + TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} + TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} + TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} + TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} + TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} + TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} + TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} + TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} + TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} + TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} + UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} + UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} + UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} + UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} + UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} + UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} + UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} + UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} + UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} + VECTOR_STORE: ${VECTOR_STORE:-weaviate} + VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} + VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} + VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} + VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} + VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} + VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} + VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} + VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} + VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} + VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} + VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} + VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} + WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} + WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} + WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} + WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} + WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} + WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} + WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} + WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} + image: langgenius/dify-api:0.15.3 + networks: + - ssrf_proxy_network + - default + restart: always + volumes: + - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage +volumes: + dify_es01_data: null + oradata: null +x-shared-env: + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60} + ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-your-access-key} + ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4} + ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-your-bucket-name} + ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-https://oss-ap-southeast-1-internal.aliyuncs.com} + ALIYUN_OSS_PATH: ${ALIYUN_OSS_PATH:-your-path} + ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-ap-southeast-1} + ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-your-secret-key} + ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-testaccount} + ANALYTICDB_HOST: ${ANALYTICDB_HOST:-gp-test.aliyuncs.com} + ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-gp-ab123456} + ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-your-ak} + ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-your-sk} + ANALYTICDB_MAX_CONNECTION: ${ANALYTICDB_MAX_CONNECTION:-5} + ANALYTICDB_MIN_CONNECTION: ${ANALYTICDB_MIN_CONNECTION:-1} + ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify} + ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-difypassword} + ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-testpassword} + ANALYTICDB_PORT: ${ANALYTICDB_PORT:-5432} + ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-cn-hangzhou} + API_SENTRY_DSN: ${API_SENTRY_DSN:-} + API_SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0} + API_SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0} + API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10} + API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60} + APP_API_URL: ${APP_API_URL:-} + APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0} + APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200} + APP_WEB_URL: ${APP_WEB_URL:-} + AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-difyai} + AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-difyai} + AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-https://.blob.core.windows.net} + AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-difyai-container} + BAIDU_OBS_ACCESS_KEY: ${BAIDU_OBS_ACCESS_KEY:-your-access-key} + BAIDU_OBS_BUCKET_NAME: ${BAIDU_OBS_BUCKET_NAME:-your-bucket-name} + BAIDU_OBS_ENDPOINT: ${BAIDU_OBS_ENDPOINT:-your-server-url} + BAIDU_OBS_SECRET_KEY: ${BAIDU_OBS_SECRET_KEY:-your-secret-key} + BAIDU_VECTOR_DB_ACCOUNT: ${BAIDU_VECTOR_DB_ACCOUNT:-root} + BAIDU_VECTOR_DB_API_KEY: ${BAIDU_VECTOR_DB_API_KEY:-dify} + BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS: ${BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS:-30000} + BAIDU_VECTOR_DB_DATABASE: ${BAIDU_VECTOR_DB_DATABASE:-dify} + BAIDU_VECTOR_DB_ENDPOINT: ${BAIDU_VECTOR_DB_ENDPOINT:-http://127.0.0.1:5287} + BAIDU_VECTOR_DB_REPLICAS: ${BAIDU_VECTOR_DB_REPLICAS:-3} + BAIDU_VECTOR_DB_SHARD: ${BAIDU_VECTOR_DB_SHARD:-1} + BROKER_USE_SSL: ${BROKER_USE_SSL:-false} + CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false} + CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://:difyai123456@redis:6379/1} + CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-} + CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-} + CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-} + CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1} + CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false} + CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-} + CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-} + CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-your_domain.com} + CERTBOT_EMAIL: ${CERTBOT_EMAIL:-your_email@example.com} + CERTBOT_OPTIONS: ${CERTBOT_OPTIONS:-} + CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai} + CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-} + CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider} + CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database} + CHROMA_HOST: ${CHROMA_HOST:-127.0.0.1} + CHROMA_IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE} + CHROMA_PORT: ${CHROMA_PORT:-8000} + CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} + CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} + CHROMA_TENANT: ${CHROMA_TENANT:-default_tenant} + CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} + CODE_EXECUTION_CONNECT_TIMEOUT: ${CODE_EXECUTION_CONNECT_TIMEOUT:-10} + CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} + CODE_EXECUTION_READ_TIMEOUT: ${CODE_EXECUTION_READ_TIMEOUT:-60} + CODE_EXECUTION_WRITE_TIMEOUT: ${CODE_EXECUTION_WRITE_TIMEOUT:-10} + CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024} + CODE_MAX_DEPTH: ${CODE_MAX_DEPTH:-5} + CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} + CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} + CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} + CODE_MAX_PRECISION: ${CODE_MAX_PRECISION:-20} + CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} + CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} + CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808} + CONSOLE_API_URL: ${CONSOLE_API_URL:-} + CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*} + CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-} + COUCHBASE_BUCKET_NAME: ${COUCHBASE_BUCKET_NAME:-Embeddings} + COUCHBASE_CONNECTION_STRING: ${COUCHBASE_CONNECTION_STRING:-couchbase://couchbase-server} + COUCHBASE_PASSWORD: ${COUCHBASE_PASSWORD:-password} + COUCHBASE_SCOPE_NAME: ${COUCHBASE_SCOPE_NAME:-_default} + COUCHBASE_USER: ${COUCHBASE_USER:-Administrator} + CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false} + CSP_WHITELIST: ${CSP_WHITELIST:-} + DB_DATABASE: ${DB_DATABASE:-dify} + DB_HOST: ${DB_HOST:-db} + DB_PASSWORD: ${DB_PASSWORD:-difyai123456} + DB_PORT: ${DB_PORT:-5432} + DB_USERNAME: ${DB_USERNAME:-postgres} + DEBUG: ${DEBUG:-false} + DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} + DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0} + DIFY_PORT: ${DIFY_PORT:-5001} + ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0} + ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic} + ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} + ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic} + ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision} + ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000} + ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} + ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296} + ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000} + ETL_TYPE: ${ETL_TYPE:-dify} + EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080} + EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443} + FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} + FILES_URL: ${FILES_URL:-} + FLASK_DEBUG: ${FLASK_DEBUG:-false} + GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-your-bucket-name} + GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-} + GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360} + HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760} + HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576} + HUAWEI_OBS_ACCESS_KEY: ${HUAWEI_OBS_ACCESS_KEY:-your-access-key} + HUAWEI_OBS_BUCKET_NAME: ${HUAWEI_OBS_BUCKET_NAME:-your-bucket-name} + HUAWEI_OBS_SECRET_KEY: ${HUAWEI_OBS_SECRET_KEY:-your-secret-key} + HUAWEI_OBS_SERVER: ${HUAWEI_OBS_SERVER:-your-server-url} + INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000} + INIT_PASSWORD: ${INIT_PASSWORD:-} + INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72} + KIBANA_PORT: ${KIBANA_PORT:-5601} + LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm} + LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070} + LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm} + LOG_DATEFORMAT: ${LOG_DATEFORMAT:-%Y-%m-%d %H:%M:%S} + LOG_FILE: ${LOG_FILE:-/app/logs/server.log} + LOG_FILE_BACKUP_COUNT: ${LOG_FILE_BACKUP_COUNT:-5} + LOG_FILE_MAX_SIZE: ${LOG_FILE_MAX_SIZE:-20} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_TZ: ${LOG_TZ:-UTC} + MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-} + MAIL_TYPE: ${MAIL_TYPE:-resend} + MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100} + MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800} + MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} + MILVUS_AUTHORIZATION_ENABLED: ${MILVUS_AUTHORIZATION_ENABLED:-true} + MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False} + MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus} + MILVUS_TOKEN: ${MILVUS_TOKEN:-} + MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530} + MILVUS_USER: ${MILVUS_USER:-root} + MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} + MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} + MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} + MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64} + MYSCALE_DATABASE: ${MYSCALE_DATABASE:-dify} + MYSCALE_FTS_PARAMS: ${MYSCALE_FTS_PARAMS:-} + MYSCALE_HOST: ${MYSCALE_HOST:-myscale} + MYSCALE_PASSWORD: ${MYSCALE_PASSWORD:-} + MYSCALE_PORT: ${MYSCALE_PORT:-8123} + MYSCALE_USER: ${MYSCALE_USER:-default} + NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} + NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} + NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false} + NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} + NGINX_PORT: ${NGINX_PORT:-80} + NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} + NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} + NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} + NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} + NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} + NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} + NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} + NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} + NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-} + NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-} + NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public} + NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-} + OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai} + OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G} + OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test} + OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase} + OCEANBASE_VECTOR_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456} + OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881} + OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test} + OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key} + OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name} + OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com} + OCI_REGION: ${OCI_REGION:-us-ashburn-1} + OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key} + OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1} + OPENDAL_FS_ROOT: ${OPENDAL_FS_ROOT:-storage} + OPENDAL_SCHEME: ${OPENDAL_SCHEME:-fs} + OPENSEARCH_BOOTSTRAP_MEMORY_LOCK: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} + OPENSEARCH_DISCOVERY_TYPE: ${OPENSEARCH_DISCOVERY_TYPE:-single-node} + OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch} + OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} + OPENSEARCH_JAVA_OPTS_MAX: ${OPENSEARCH_JAVA_OPTS_MAX:-1024m} + OPENSEARCH_JAVA_OPTS_MIN: ${OPENSEARCH_JAVA_OPTS_MIN:-512m} + OPENSEARCH_MEMLOCK_HARD: ${OPENSEARCH_MEMLOCK_HARD:--1} + OPENSEARCH_MEMLOCK_SOFT: ${OPENSEARCH_MEMLOCK_SOFT:--1} + OPENSEARCH_NOFILE_HARD: ${OPENSEARCH_NOFILE_HARD:-65536} + OPENSEARCH_NOFILE_SOFT: ${OPENSEARCH_NOFILE_SOFT:-65536} + OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin} + OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200} + OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true} + OPENSEARCH_USER: ${OPENSEARCH_USER:-admin} + ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8} + ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1} + ORACLE_HOST: ${ORACLE_HOST:-oracle} + ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify} + ORACLE_PORT: ${ORACLE_PORT:-1521} + ORACLE_PWD: ${ORACLE_PWD:-Dify123456} + ORACLE_USER: ${ORACLE_USER:-dify} + PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} + PGUSER: ${PGUSER:-${DB_USERNAME}} + PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify} + PGVECTOR_HOST: ${PGVECTOR_HOST:-pgvector} + PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5} + PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1} + PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD:-difyai123456} + PGVECTOR_PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} + PGVECTOR_PGUSER: ${PGVECTOR_PGUSER:-postgres} + PGVECTOR_PORT: ${PGVECTOR_PORT:-5432} + PGVECTOR_POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} + PGVECTOR_POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} + PGVECTOR_USER: ${PGVECTOR_USER:-postgres} + PGVECTO_RS_DATABASE: ${PGVECTO_RS_DATABASE:-dify} + PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs} + PGVECTO_RS_PASSWORD: ${PGVECTO_RS_PASSWORD:-difyai123456} + PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432} + PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres} + POSITION_PROVIDER_EXCLUDES: ${POSITION_PROVIDER_EXCLUDES:-} + POSITION_PROVIDER_INCLUDES: ${POSITION_PROVIDER_INCLUDES:-} + POSITION_PROVIDER_PINS: ${POSITION_PROVIDER_PINS:-} + POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-} + POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-} + POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-} + POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}} + POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB} + POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB} + POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}} + POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB} + POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB} + PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512} + QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} + QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20} + QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false} + QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334} + QDRANT_URL: ${QDRANT_URL:-http://qdrant:6333} + REDIS_CLUSTERS: ${REDIS_CLUSTERS:-} + REDIS_CLUSTERS_PASSWORD: ${REDIS_CLUSTERS_PASSWORD:-} + REDIS_DB: ${REDIS_DB:-0} + REDIS_HOST: ${REDIS_HOST:-redis} + REDIS_PASSWORD: ${REDIS_PASSWORD:-difyai123456} + REDIS_PORT: ${REDIS_PORT:-6379} + REDIS_SENTINELS: ${REDIS_SENTINELS:-} + REDIS_SENTINEL_PASSWORD: ${REDIS_SENTINEL_PASSWORD:-} + REDIS_SENTINEL_SERVICE_NAME: ${REDIS_SENTINEL_SERVICE_NAME:-} + REDIS_SENTINEL_SOCKET_TIMEOUT: ${REDIS_SENTINEL_SOCKET_TIMEOUT:-0.1} + REDIS_SENTINEL_USERNAME: ${REDIS_SENTINEL_USERNAME:-} + REDIS_USERNAME: ${REDIS_USERNAME:-} + REDIS_USE_CLUSTERS: ${REDIS_USE_CLUSTERS:-false} + REDIS_USE_SENTINEL: ${REDIS_USE_SENTINEL:-false} + REDIS_USE_SSL: ${REDIS_USE_SSL:-false} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30} + RELYT_DATABASE: ${RELYT_DATABASE:-postgres} + RELYT_HOST: ${RELYT_HOST:-db} + RELYT_PASSWORD: ${RELYT_PASSWORD:-difyai123456} + RELYT_PORT: ${RELYT_PORT:-5432} + RELYT_USER: ${RELYT_USER:-postgres} + RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key} + RESEND_API_URL: ${RESEND_API_URL:-https://api.resend.com} + RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5} + S3_ACCESS_KEY: ${S3_ACCESS_KEY:-} + S3_BUCKET_NAME: ${S3_BUCKET_NAME:-difyai} + S3_ENDPOINT: ${S3_ENDPOINT:-} + S3_REGION: ${S3_REGION:-us-east-1} + S3_SECRET_KEY: ${S3_SECRET_KEY:-} + S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false} + SANDBOX_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox} + SANDBOX_ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true} + SANDBOX_GIN_MODE: ${SANDBOX_GIN_MODE:-release} + SANDBOX_HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128} + SANDBOX_HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128} + SANDBOX_PORT: ${SANDBOX_PORT:-8194} + SANDBOX_WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15} + SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} + SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U} + SENTRY_DSN: ${SENTRY_DSN:-} + SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-1} + SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-gevent} + SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10} + SERVICE_API_URL: ${SERVICE_API_URL:-} + SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false} + SMTP_PASSWORD: ${SMTP_PASSWORD:-} + SMTP_PORT: ${SMTP_PORT:-465} + SMTP_SERVER: ${SMTP_SERVER:-} + SMTP_USERNAME: ${SMTP_USERNAME:-} + SMTP_USE_TLS: ${SMTP_USE_TLS:-true} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false} + SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600} + SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30} + SSRF_COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid} + SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5} + SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5} + SSRF_DEFAULT_TIME_OUT: ${SSRF_DEFAULT_TIME_OUT:-5} + SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5} + SSRF_HTTP_PORT: ${SSRF_HTTP_PORT:-3128} + SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128} + SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128} + SSRF_REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194} + SSRF_SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox} + STORAGE_TYPE: ${STORAGE_TYPE:-opendal} + SUPABASE_API_KEY: ${SUPABASE_API_KEY:-your-access-key} + SUPABASE_BUCKET_NAME: ${SUPABASE_BUCKET_NAME:-your-bucket-name} + SUPABASE_URL: ${SUPABASE_URL:-your-server-url} + TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} + TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-your-bucket-name} + TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region} + TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme} + TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id} + TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-your-secret-key} + TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify} + TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify} + TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2} + TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1} + TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30} + TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1} + TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify} + TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000} + TIDB_API_URL: ${TIDB_API_URL:-http://127.0.0.1} + TIDB_IAM_API_URL: ${TIDB_IAM_API_URL:-http://127.0.0.1} + TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify} + TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20} + TIDB_ON_QDRANT_GRPC_ENABLED: ${TIDB_ON_QDRANT_GRPC_ENABLED:-false} + TIDB_ON_QDRANT_GRPC_PORT: ${TIDB_ON_QDRANT_GRPC_PORT:-6334} + TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1} + TIDB_PRIVATE_KEY: ${TIDB_PRIVATE_KEY:-dify} + TIDB_PROJECT_ID: ${TIDB_PROJECT_ID:-dify} + TIDB_PUBLIC_KEY: ${TIDB_PUBLIC_KEY:-dify} + TIDB_REGION: ${TIDB_REGION:-regions/aws-us-east-1} + TIDB_SPEND_LIMIT: ${TIDB_SPEND_LIMIT:-100} + TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify} + TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb} + TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-} + TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000} + TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-} + TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10} + UNSTRUCTURED_API_KEY: ${UNSTRUCTURED_API_KEY:-} + UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL:-} + UPLOAD_AUDIO_FILE_SIZE_LIMIT: ${UPLOAD_AUDIO_FILE_SIZE_LIMIT:-50} + UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5} + UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15} + UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10} + UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100} + UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify} + UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io} + VECTOR_STORE: ${VECTOR_STORE:-weaviate} + VIKINGDB_ACCESS_KEY: ${VIKINGDB_ACCESS_KEY:-your-ak} + VIKINGDB_CONNECTION_TIMEOUT: ${VIKINGDB_CONNECTION_TIMEOUT:-30} + VIKINGDB_HOST: ${VIKINGDB_HOST:-api-vikingdb.xxx.volces.com} + VIKINGDB_REGION: ${VIKINGDB_REGION:-cn-shanghai} + VIKINGDB_SCHEMA: ${VIKINGDB_SCHEMA:-http} + VIKINGDB_SECRET_KEY: ${VIKINGDB_SECRET_KEY:-your-sk} + VIKINGDB_SOCKET_TIMEOUT: ${VIKINGDB_SOCKET_TIMEOUT:-30} + VOLCENGINE_TOS_ACCESS_KEY: ${VOLCENGINE_TOS_ACCESS_KEY:-your-access-key} + VOLCENGINE_TOS_BUCKET_NAME: ${VOLCENGINE_TOS_BUCKET_NAME:-your-bucket-name} + VOLCENGINE_TOS_ENDPOINT: ${VOLCENGINE_TOS_ENDPOINT:-your-server-url} + VOLCENGINE_TOS_REGION: ${VOLCENGINE_TOS_REGION:-your-region} + VOLCENGINE_TOS_SECRET_KEY: ${VOLCENGINE_TOS_SECRET_KEY:-your-secret-key} + WEAVIATE_API_KEY: ${WEAVIATE_API_KEY:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} + WEAVIATE_AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true} + WEAVIATE_AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} + WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true} + WEAVIATE_AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} + WEAVIATE_CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1} + WEAVIATE_DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none} + WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080} + WEAVIATE_PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate} + WEAVIATE_QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25} + WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*} + WEB_SENTRY_DSN: ${WEB_SENTRY_DSN:-} + WORKFLOW_CALL_MAX_DEPTH: ${WORKFLOW_CALL_MAX_DEPTH:-5} + WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10} + WORKFLOW_MAX_EXECUTION_STEPS: ${WORKFLOW_MAX_EXECUTION_STEPS:-500} + WORKFLOW_MAX_EXECUTION_TIME: ${WORKFLOW_MAX_EXECUTION_TIME:-1200} + WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3} diff --git a/dockge/dify/envs/default.env b/dockge/dify/envs/default.env new file mode 100644 index 00000000..cd05f46e --- /dev/null +++ b/dockge/dify/envs/default.env @@ -0,0 +1,2 @@ +# copyright© 2024 XinJiang Ms Studio +ENV_FILE=.env diff --git a/dockge/dify/envs/dify.env b/dockge/dify/envs/dify.env new file mode 100644 index 00000000..3bc79059 --- /dev/null +++ b/dockge/dify/envs/dify.env @@ -0,0 +1,938 @@ +# ------------------------------ +# Environment Variables for API service & worker +# ------------------------------ + +# ------------------------------ +# Common Variables +# ------------------------------ + +# The backend URL of the console API, +# used to concatenate the authorization callback. +# If empty, it is the same domain. +# Example: https://api.console.dify.ai +CONSOLE_API_URL= + +# The front-end URL of the console web, +# used to concatenate some front-end addresses and for CORS configuration use. +# If empty, it is the same domain. +# Example: https://console.dify.ai +CONSOLE_WEB_URL= + +# Service API Url, +# used to display Service API Base Url to the front-end. +# If empty, it is the same domain. +# Example: https://api.dify.ai +SERVICE_API_URL= + +# WebApp API backend Url, +# used to declare the back-end URL for the front-end API. +# If empty, it is the same domain. +# Example: https://api.app.dify.ai +APP_API_URL= + +# WebApp Url, +# used to display WebAPP API Base Url to the front-end. +# If empty, it is the same domain. +# Example: https://app.dify.ai +APP_WEB_URL= + +# File preview or download Url prefix. +# used to display File preview or download Url to the front-end or as Multi-model inputs; +# Url is signed and has expiration time. +FILES_URL= + +# ------------------------------ +# Server Configuration +# ------------------------------ + +# The log level for the application. +# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL` +LOG_LEVEL=INFO +# Log file path +LOG_FILE=/app/logs/server.log +# Log file max size, the unit is MB +LOG_FILE_MAX_SIZE=20 +# Log file max backup count +LOG_FILE_BACKUP_COUNT=5 +# Log dateformat +LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S +# Log Timezone +LOG_TZ=UTC + +# Debug mode, default is false. +# It is recommended to turn on this configuration for local development +# to prevent some problems caused by monkey patch. +DEBUG=false + +# Flask debug mode, it can output trace information at the interface when turned on, +# which is convenient for debugging. +FLASK_DEBUG=false + +# A secretkey that is used for securely signing the session cookie +# and encrypting sensitive information on the database. +# You can generate a strong key using `openssl rand -base64 42`. +SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U + +# Password for admin user initialization. +# If left unset, admin user will not be prompted for a password +# when creating the initial admin account. +# The length of the password cannot exceed 30 charactors. +INIT_PASSWORD= + +# Deployment environment. +# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`. +# Testing environment. There will be a distinct color label on the front-end page, +# indicating that this environment is a testing environment. +DEPLOY_ENV=PRODUCTION + +# Whether to enable the version check policy. +# If set to empty, https://updates.dify.ai will be called for version check. +CHECK_UPDATE_URL=https://updates.dify.ai + +# Used to change the OpenAI base address, default is https://api.openai.com/v1. +# When OpenAI cannot be accessed in China, replace it with a domestic mirror address, +# or when a local model provides OpenAI compatible API, it can be replaced. +OPENAI_API_BASE=https://api.openai.com/v1 + +# When enabled, migrations will be executed prior to application startup +# and the application will start after the migrations have completed. +MIGRATION_ENABLED=true + +# File Access Time specifies a time interval in seconds for the file to be accessed. +# The default value is 300 seconds. +FILES_ACCESS_TIMEOUT=300 + +# Access token expiration time in minutes +ACCESS_TOKEN_EXPIRE_MINUTES=60 + +# Refresh token expiration time in days +REFRESH_TOKEN_EXPIRE_DAYS=30 + +# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer. +APP_MAX_ACTIVE_REQUESTS=0 +APP_MAX_EXECUTION_TIME=1200 + +# ------------------------------ +# Container Startup Related Configuration +# Only effective when starting with docker image or docker-compose. +# ------------------------------ + +# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed. +DIFY_BIND_ADDRESS=0.0.0.0 + +# API service binding port number, default 5001. +DIFY_PORT=5001 + +# The number of API server workers, i.e., the number of workers. +# Formula: number of cpu cores x 2 + 1 for sync, 1 for Gevent +# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers +SERVER_WORKER_AMOUNT=1 + +# Defaults to gevent. If using windows, it can be switched to sync or solo. +SERVER_WORKER_CLASS=gevent + +# Default number of worker connections, the default is 10. +SERVER_WORKER_CONNECTIONS=10 + +# Similar to SERVER_WORKER_CLASS. +# If using windows, it can be switched to sync or solo. +CELERY_WORKER_CLASS= + +# Request handling timeout. The default is 200, +# it is recommended to set it to 360 to support a longer sse connection time. +GUNICORN_TIMEOUT=360 + +# The number of Celery workers. The default is 1, and can be set as needed. +CELERY_WORKER_AMOUNT= + +# Flag indicating whether to enable autoscaling of Celery workers. +# +# Autoscaling is useful when tasks are CPU intensive and can be dynamically +# allocated and deallocated based on the workload. +# +# When autoscaling is enabled, the maximum and minimum number of workers can +# be specified. The autoscaling algorithm will dynamically adjust the number +# of workers within the specified range. +# +# Default is false (i.e., autoscaling is disabled). +# +# Example: +# CELERY_AUTO_SCALE=true +CELERY_AUTO_SCALE=false + +# The maximum number of Celery workers that can be autoscaled. +# This is optional and only used when autoscaling is enabled. +# Default is not set. +CELERY_MAX_WORKERS= + +# The minimum number of Celery workers that can be autoscaled. +# This is optional and only used when autoscaling is enabled. +# Default is not set. +CELERY_MIN_WORKERS= + +# API Tool configuration +API_TOOL_DEFAULT_CONNECT_TIMEOUT=10 +API_TOOL_DEFAULT_READ_TIMEOUT=60 + + +# ------------------------------ +# Database Configuration +# The database uses PostgreSQL. Please use the public schema. +# It is consistent with the configuration in the 'db' service below. +# ------------------------------ + +DB_USERNAME=postgres +DB_PASSWORD=difyai123456 +DB_HOST=db +DB_PORT=5432 +DB_DATABASE=dify +# The size of the database connection pool. +# The default is 30 connections, which can be appropriately increased. +SQLALCHEMY_POOL_SIZE=30 +# Database connection pool recycling time, the default is 3600 seconds. +SQLALCHEMY_POOL_RECYCLE=3600 +# Whether to print SQL, default is false. +SQLALCHEMY_ECHO=false + +# Maximum number of connections to the database +# Default is 100 +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-MAX-CONNECTIONS +POSTGRES_MAX_CONNECTIONS=100 + +# Sets the amount of shared memory used for postgres's shared buffers. +# Default is 128MB +# Recommended value: 25% of available memory +# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-SHARED-BUFFERS +POSTGRES_SHARED_BUFFERS=128MB + +# Sets the amount of memory used by each database worker for working space. +# Default is 4MB +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-WORK-MEM +POSTGRES_WORK_MEM=4MB + +# Sets the amount of memory reserved for maintenance activities. +# Default is 64MB +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-resource.html#GUC-MAINTENANCE-WORK-MEM +POSTGRES_MAINTENANCE_WORK_MEM=64MB + +# Sets the planner's assumption about the effective cache size. +# Default is 4096MB +# +# Reference: https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-EFFECTIVE-CACHE-SIZE +POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB + +# ------------------------------ +# Redis Configuration +# This Redis configuration is used for caching and for pub/sub during conversation. +# ------------------------------ + +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_USERNAME= +REDIS_PASSWORD=difyai123456 +REDIS_USE_SSL=false +REDIS_DB=0 + +# Whether to use Redis Sentinel mode. +# If set to true, the application will automatically discover and connect to the master node through Sentinel. +REDIS_USE_SENTINEL=false + +# List of Redis Sentinel nodes. If Sentinel mode is enabled, provide at least one Sentinel IP and port. +# Format: `:,:,:` +REDIS_SENTINELS= +REDIS_SENTINEL_SERVICE_NAME= +REDIS_SENTINEL_USERNAME= +REDIS_SENTINEL_PASSWORD= +REDIS_SENTINEL_SOCKET_TIMEOUT=0.1 + +# List of Redis Cluster nodes. If Cluster mode is enabled, provide at least one Cluster IP and port. +# Format: `:,:,:` +REDIS_USE_CLUSTERS=false +REDIS_CLUSTERS= +REDIS_CLUSTERS_PASSWORD= + +# ------------------------------ +# Celery Configuration +# ------------------------------ + +# Use redis as the broker, and redis db 1 for celery broker. +# Format as follows: `redis://:@:/` +# Example: redis://:difyai123456@redis:6379/1 +# If use Redis Sentinel, format as follows: `sentinel://:@:/` +# Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1 +CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1 +BROKER_USE_SSL=false + +# If you are using Redis Sentinel for high availability, configure the following settings. +CELERY_USE_SENTINEL=false +CELERY_SENTINEL_MASTER_NAME= +CELERY_SENTINEL_SOCKET_TIMEOUT=0.1 + +# ------------------------------ +# CORS Configuration +# Used to set the front-end cross-domain access policy. +# ------------------------------ + +# Specifies the allowed origins for cross-origin requests to the Web API, +# e.g. https://dify.app or * for all origins. +WEB_API_CORS_ALLOW_ORIGINS=* + +# Specifies the allowed origins for cross-origin requests to the console API, +# e.g. https://cloud.dify.ai or * for all origins. +CONSOLE_CORS_ALLOW_ORIGINS=* + +# ------------------------------ +# File Storage Configuration +# ------------------------------ + +# The type of storage to use for storing user files. +STORAGE_TYPE=opendal + +# Apache OpenDAL Configuration +# The configuration for OpenDAL consists of the following format: OPENDAL__. +# You can find all the service configurations (CONFIG_NAME) in the repository at: https://github.com/apache/opendal/tree/main/core/src/services. +# Dify will scan configurations starting with OPENDAL_ and automatically apply them. +# The scheme name for the OpenDAL storage. +OPENDAL_SCHEME=fs +# Configurations for OpenDAL Local File System. +OPENDAL_FS_ROOT=storage + +# S3 Configuration +# +S3_ENDPOINT= +S3_REGION=us-east-1 +S3_BUCKET_NAME=difyai +S3_ACCESS_KEY= +S3_SECRET_KEY= +# Whether to use AWS managed IAM roles for authenticating with the S3 service. +# If set to false, the access key and secret key must be provided. +S3_USE_AWS_MANAGED_IAM=false + +# Azure Blob Configuration +# +AZURE_BLOB_ACCOUNT_NAME=difyai +AZURE_BLOB_ACCOUNT_KEY=difyai +AZURE_BLOB_CONTAINER_NAME=difyai-container +AZURE_BLOB_ACCOUNT_URL=https://.blob.core.windows.net + +# Google Storage Configuration +# +GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name +GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64= + +# The Alibaba Cloud OSS configurations, +# +ALIYUN_OSS_BUCKET_NAME=your-bucket-name +ALIYUN_OSS_ACCESS_KEY=your-access-key +ALIYUN_OSS_SECRET_KEY=your-secret-key +ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com +ALIYUN_OSS_REGION=ap-southeast-1 +ALIYUN_OSS_AUTH_VERSION=v4 +# Don't start with '/'. OSS doesn't support leading slash in object names. +ALIYUN_OSS_PATH=your-path + +# Tencent COS Configuration +# +TENCENT_COS_BUCKET_NAME=your-bucket-name +TENCENT_COS_SECRET_KEY=your-secret-key +TENCENT_COS_SECRET_ID=your-secret-id +TENCENT_COS_REGION=your-region +TENCENT_COS_SCHEME=your-scheme + +# Oracle Storage Configuration +# +OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com +OCI_BUCKET_NAME=your-bucket-name +OCI_ACCESS_KEY=your-access-key +OCI_SECRET_KEY=your-secret-key +OCI_REGION=us-ashburn-1 + +# Huawei OBS Configuration +# +HUAWEI_OBS_BUCKET_NAME=your-bucket-name +HUAWEI_OBS_SECRET_KEY=your-secret-key +HUAWEI_OBS_ACCESS_KEY=your-access-key +HUAWEI_OBS_SERVER=your-server-url + +# Volcengine TOS Configuration +# +VOLCENGINE_TOS_BUCKET_NAME=your-bucket-name +VOLCENGINE_TOS_SECRET_KEY=your-secret-key +VOLCENGINE_TOS_ACCESS_KEY=your-access-key +VOLCENGINE_TOS_ENDPOINT=your-server-url +VOLCENGINE_TOS_REGION=your-region + +# Baidu OBS Storage Configuration +# +BAIDU_OBS_BUCKET_NAME=your-bucket-name +BAIDU_OBS_SECRET_KEY=your-secret-key +BAIDU_OBS_ACCESS_KEY=your-access-key +BAIDU_OBS_ENDPOINT=your-server-url + +# Supabase Storage Configuration +# +SUPABASE_BUCKET_NAME=your-bucket-name +SUPABASE_API_KEY=your-access-key +SUPABASE_URL=your-server-url + +# ------------------------------ +# Vector Database Configuration +# ------------------------------ + +# The type of vector store to use. +# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`. +VECTOR_STORE=weaviate + +# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`. +WEAVIATE_ENDPOINT=http://weaviate:8080 +WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih + +# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`. +QDRANT_URL=http://qdrant:6333 +QDRANT_API_KEY=difyai123456 +QDRANT_CLIENT_TIMEOUT=20 +QDRANT_GRPC_ENABLED=false +QDRANT_GRPC_PORT=6334 + +# Milvus configuration Only available when VECTOR_STORE is `milvus`. +# The milvus uri. +MILVUS_URI=http://127.0.0.1:19530 +MILVUS_TOKEN= +MILVUS_USER=root +MILVUS_PASSWORD=Milvus +MILVUS_ENABLE_HYBRID_SEARCH=False + +# MyScale configuration, only available when VECTOR_STORE is `myscale` +# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to: +# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters +MYSCALE_HOST=myscale +MYSCALE_PORT=8123 +MYSCALE_USER=default +MYSCALE_PASSWORD= +MYSCALE_DATABASE=dify +MYSCALE_FTS_PARAMS= + +# Couchbase configurations, only available when VECTOR_STORE is `couchbase` +# The connection string must include hostname defined in the docker-compose file (couchbase-server in this case) +COUCHBASE_CONNECTION_STRING=couchbase://couchbase-server +COUCHBASE_USER=Administrator +COUCHBASE_PASSWORD=password +COUCHBASE_BUCKET_NAME=Embeddings +COUCHBASE_SCOPE_NAME=_default + +# pgvector configurations, only available when VECTOR_STORE is `pgvector` +PGVECTOR_HOST=pgvector +PGVECTOR_PORT=5432 +PGVECTOR_USER=postgres +PGVECTOR_PASSWORD=difyai123456 +PGVECTOR_DATABASE=dify +PGVECTOR_MIN_CONNECTION=1 +PGVECTOR_MAX_CONNECTION=5 + +# pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs` +PGVECTO_RS_HOST=pgvecto-rs +PGVECTO_RS_PORT=5432 +PGVECTO_RS_USER=postgres +PGVECTO_RS_PASSWORD=difyai123456 +PGVECTO_RS_DATABASE=dify + +# analyticdb configurations, only available when VECTOR_STORE is `analyticdb` +ANALYTICDB_KEY_ID=your-ak +ANALYTICDB_KEY_SECRET=your-sk +ANALYTICDB_REGION_ID=cn-hangzhou +ANALYTICDB_INSTANCE_ID=gp-ab123456 +ANALYTICDB_ACCOUNT=testaccount +ANALYTICDB_PASSWORD=testpassword +ANALYTICDB_NAMESPACE=dify +ANALYTICDB_NAMESPACE_PASSWORD=difypassword +ANALYTICDB_HOST=gp-test.aliyuncs.com +ANALYTICDB_PORT=5432 +ANALYTICDB_MIN_CONNECTION=1 +ANALYTICDB_MAX_CONNECTION=5 + +# TiDB vector configurations, only available when VECTOR_STORE is `tidb` +TIDB_VECTOR_HOST=tidb +TIDB_VECTOR_PORT=4000 +TIDB_VECTOR_USER= +TIDB_VECTOR_PASSWORD= +TIDB_VECTOR_DATABASE=dify + +# Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant` +TIDB_ON_QDRANT_URL=http://127.0.0.1 +TIDB_ON_QDRANT_API_KEY=dify +TIDB_ON_QDRANT_CLIENT_TIMEOUT=20 +TIDB_ON_QDRANT_GRPC_ENABLED=false +TIDB_ON_QDRANT_GRPC_PORT=6334 +TIDB_PUBLIC_KEY=dify +TIDB_PRIVATE_KEY=dify +TIDB_API_URL=http://127.0.0.1 +TIDB_IAM_API_URL=http://127.0.0.1 +TIDB_REGION=regions/aws-us-east-1 +TIDB_PROJECT_ID=dify +TIDB_SPEND_LIMIT=100 + +# Chroma configuration, only available when VECTOR_STORE is `chroma` +CHROMA_HOST=127.0.0.1 +CHROMA_PORT=8000 +CHROMA_TENANT=default_tenant +CHROMA_DATABASE=default_database +CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider +CHROMA_AUTH_CREDENTIALS= + +# Oracle configuration, only available when VECTOR_STORE is `oracle` +ORACLE_HOST=oracle +ORACLE_PORT=1521 +ORACLE_USER=dify +ORACLE_PASSWORD=dify +ORACLE_DATABASE=FREEPDB1 + +# relyt configurations, only available when VECTOR_STORE is `relyt` +RELYT_HOST=db +RELYT_PORT=5432 +RELYT_USER=postgres +RELYT_PASSWORD=difyai123456 +RELYT_DATABASE=postgres + +# open search configuration, only available when VECTOR_STORE is `opensearch` +OPENSEARCH_HOST=opensearch +OPENSEARCH_PORT=9200 +OPENSEARCH_USER=admin +OPENSEARCH_PASSWORD=admin +OPENSEARCH_SECURE=true + +# tencent vector configurations, only available when VECTOR_STORE is `tencent` +TENCENT_VECTOR_DB_URL=http://127.0.0.1 +TENCENT_VECTOR_DB_API_KEY=dify +TENCENT_VECTOR_DB_TIMEOUT=30 +TENCENT_VECTOR_DB_USERNAME=dify +TENCENT_VECTOR_DB_DATABASE=dify +TENCENT_VECTOR_DB_SHARD=1 +TENCENT_VECTOR_DB_REPLICAS=2 + +# ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch` +ELASTICSEARCH_HOST=0.0.0.0 +ELASTICSEARCH_PORT=9200 +ELASTICSEARCH_USERNAME=elastic +ELASTICSEARCH_PASSWORD=elastic +KIBANA_PORT=5601 + +# baidu vector configurations, only available when VECTOR_STORE is `baidu` +BAIDU_VECTOR_DB_ENDPOINT=http://127.0.0.1:5287 +BAIDU_VECTOR_DB_CONNECTION_TIMEOUT_MS=30000 +BAIDU_VECTOR_DB_ACCOUNT=root +BAIDU_VECTOR_DB_API_KEY=dify +BAIDU_VECTOR_DB_DATABASE=dify +BAIDU_VECTOR_DB_SHARD=1 +BAIDU_VECTOR_DB_REPLICAS=3 + +# VikingDB configurations, only available when VECTOR_STORE is `vikingdb` +VIKINGDB_ACCESS_KEY=your-ak +VIKINGDB_SECRET_KEY=your-sk +VIKINGDB_REGION=cn-shanghai +VIKINGDB_HOST=api-vikingdb.xxx.volces.com +VIKINGDB_SCHEMA=http +VIKINGDB_CONNECTION_TIMEOUT=30 +VIKINGDB_SOCKET_TIMEOUT=30 + +# Lindorm configuration, only available when VECTOR_STORE is `lindorm` +LINDORM_URL=http://lindorm:30070 +LINDORM_USERNAME=lindorm +LINDORM_PASSWORD=lindorm + +# OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase` +OCEANBASE_VECTOR_HOST=oceanbase +OCEANBASE_VECTOR_PORT=2881 +OCEANBASE_VECTOR_USER=root@test +OCEANBASE_VECTOR_PASSWORD=difyai123456 +OCEANBASE_VECTOR_DATABASE=test +OCEANBASE_CLUSTER_NAME=difyai +OCEANBASE_MEMORY_LIMIT=6G + +# Upstash Vector configuration, only available when VECTOR_STORE is `upstash` +UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io +UPSTASH_VECTOR_TOKEN=dify + +# ------------------------------ +# Knowledge Configuration +# ------------------------------ + +# Upload file size limit, default 15M. +UPLOAD_FILE_SIZE_LIMIT=15 + +# The maximum number of files that can be uploaded at a time, default 5. +UPLOAD_FILE_BATCH_LIMIT=5 + +# ETL type, support: `dify`, `Unstructured` +# `dify` Dify's proprietary file extraction scheme +# `Unstructured` Unstructured.io file extraction scheme +ETL_TYPE=dify + +# Unstructured API path and API key, needs to be configured when ETL_TYPE is Unstructured +# Or using Unstructured for document extractor node for pptx. +# For example: http://unstructured:8000/general/v0/general +UNSTRUCTURED_API_URL= +UNSTRUCTURED_API_KEY= +SCARF_NO_ANALYTICS=true + +# ------------------------------ +# Model Configuration +# ------------------------------ + +# The maximum number of tokens allowed for prompt generation. +# This setting controls the upper limit of tokens that can be used by the LLM +# when generating a prompt in the prompt generation tool. +# Default: 512 tokens. +PROMPT_GENERATION_MAX_TOKENS=512 + +# The maximum number of tokens allowed for code generation. +# This setting controls the upper limit of tokens that can be used by the LLM +# when generating code in the code generation tool. +# Default: 1024 tokens. +CODE_GENERATION_MAX_TOKENS=1024 + +# ------------------------------ +# Multi-modal Configuration +# ------------------------------ + +# The format of the image/video/audio/document sent when the multi-modal model is input, +# the default is base64, optional url. +# The delay of the call in url mode will be lower than that in base64 mode. +# It is generally recommended to use the more compatible base64 mode. +# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image/video/audio/document. +MULTIMODAL_SEND_FORMAT=base64 +# Upload image file size limit, default 10M. +UPLOAD_IMAGE_FILE_SIZE_LIMIT=10 +# Upload video file size limit, default 100M. +UPLOAD_VIDEO_FILE_SIZE_LIMIT=100 +# Upload audio file size limit, default 50M. +UPLOAD_AUDIO_FILE_SIZE_LIMIT=50 + +# ------------------------------ +# Sentry Configuration +# Used for application monitoring and error log tracking. +# ------------------------------ +SENTRY_DSN= + +# API Service Sentry DSN address, default is empty, when empty, +# all monitoring information is not reported to Sentry. +# If not set, Sentry error reporting will be disabled. +API_SENTRY_DSN= +# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%. +API_SENTRY_TRACES_SAMPLE_RATE=1.0 +# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%. +API_SENTRY_PROFILES_SAMPLE_RATE=1.0 + +# Web Service Sentry DSN address, default is empty, when empty, +# all monitoring information is not reported to Sentry. +# If not set, Sentry error reporting will be disabled. +WEB_SENTRY_DSN= + +# ------------------------------ +# Notion Integration Configuration +# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations +# ------------------------------ + +# Configure as "public" or "internal". +# Since Notion's OAuth redirect URL only supports HTTPS, +# if deploying locally, please use Notion's internal integration. +NOTION_INTEGRATION_TYPE=public +# Notion OAuth client secret (used for public integration type) +NOTION_CLIENT_SECRET= +# Notion OAuth client id (used for public integration type) +NOTION_CLIENT_ID= +# Notion internal integration secret. +# If the value of NOTION_INTEGRATION_TYPE is "internal", +# you need to configure this variable. +NOTION_INTERNAL_SECRET= + +# ------------------------------ +# Mail related configuration +# ------------------------------ + +# Mail type, support: resend, smtp +MAIL_TYPE=resend + +# Default send from email address, if not specified +MAIL_DEFAULT_SEND_FROM= + +# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`. +RESEND_API_URL=https://api.resend.com +RESEND_API_KEY=your-resend-api-key + + +# SMTP server configuration, used when MAIL_TYPE is `smtp` +SMTP_SERVER= +SMTP_PORT=465 +SMTP_USERNAME= +SMTP_PASSWORD= +SMTP_USE_TLS=true +SMTP_OPPORTUNISTIC_TLS=false + +# ------------------------------ +# Others Configuration +# ------------------------------ + +# Maximum length of segmentation tokens for indexing +INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000 + +# Member invitation link valid time (hours), +# Default: 72. +INVITE_EXPIRY_HOURS=72 + +# Reset password token valid time (minutes), +RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5 + +# The sandbox service endpoint. +CODE_EXECUTION_ENDPOINT=http://sandbox:8194 +CODE_EXECUTION_API_KEY=dify-sandbox +CODE_MAX_NUMBER=9223372036854775807 +CODE_MIN_NUMBER=-9223372036854775808 +CODE_MAX_DEPTH=5 +CODE_MAX_PRECISION=20 +CODE_MAX_STRING_LENGTH=80000 +CODE_MAX_STRING_ARRAY_LENGTH=30 +CODE_MAX_OBJECT_ARRAY_LENGTH=30 +CODE_MAX_NUMBER_ARRAY_LENGTH=1000 +CODE_EXECUTION_CONNECT_TIMEOUT=10 +CODE_EXECUTION_READ_TIMEOUT=60 +CODE_EXECUTION_WRITE_TIMEOUT=10 +TEMPLATE_TRANSFORM_MAX_LENGTH=80000 + +# Workflow runtime configuration +WORKFLOW_MAX_EXECUTION_STEPS=500 +WORKFLOW_MAX_EXECUTION_TIME=1200 +WORKFLOW_CALL_MAX_DEPTH=5 +MAX_VARIABLE_SIZE=204800 +WORKFLOW_PARALLEL_DEPTH_LIMIT=3 +WORKFLOW_FILE_UPLOAD_LIMIT=10 + +# HTTP request node in workflow configuration +HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760 +HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576 + +# SSRF Proxy server HTTP URL +SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128 +# SSRF Proxy server HTTPS URL +SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128 + +# ------------------------------ +# Environment Variables for web Service +# ------------------------------ + +# The timeout for the text generation in millisecond +TEXT_GENERATION_TIMEOUT_MS=60000 + +# ------------------------------ +# Environment Variables for db Service +# ------------------------------ + +PGUSER=${DB_USERNAME} +# The password for the default postgres user. +POSTGRES_PASSWORD=${DB_PASSWORD} +# The name of the default postgres database. +POSTGRES_DB=${DB_DATABASE} +# postgres data directory +PGDATA=/var/lib/postgresql/data/pgdata + +# ------------------------------ +# Environment Variables for sandbox Service +# ------------------------------ + +# The API key for the sandbox service +SANDBOX_API_KEY=dify-sandbox +# The mode in which the Gin framework runs +SANDBOX_GIN_MODE=release +# The timeout for the worker in seconds +SANDBOX_WORKER_TIMEOUT=15 +# Enable network for the sandbox service +SANDBOX_ENABLE_NETWORK=true +# HTTP proxy URL for SSRF protection +SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128 +# HTTPS proxy URL for SSRF protection +SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128 +# The port on which the sandbox service runs +SANDBOX_PORT=8194 + +# ------------------------------ +# Environment Variables for weaviate Service +# (only used when VECTOR_STORE is weaviate) +# ------------------------------ +WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate +WEAVIATE_QUERY_DEFAULTS_LIMIT=25 +WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true +WEAVIATE_DEFAULT_VECTORIZER_MODULE=none +WEAVIATE_CLUSTER_HOSTNAME=node1 +WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true +WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih +WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai +WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true +WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai + +# ------------------------------ +# Environment Variables for Chroma +# (only used when VECTOR_STORE is chroma) +# ------------------------------ + +# Authentication credentials for Chroma server +CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456 +# Authentication provider for Chroma server +CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider +# Persistence setting for Chroma server +CHROMA_IS_PERSISTENT=TRUE + +# ------------------------------ +# Environment Variables for Oracle Service +# (only used when VECTOR_STORE is Oracle) +# ------------------------------ +ORACLE_PWD=Dify123456 +ORACLE_CHARACTERSET=AL32UTF8 + +# ------------------------------ +# Environment Variables for milvus Service +# (only used when VECTOR_STORE is milvus) +# ------------------------------ +# ETCD configuration for auto compaction mode +ETCD_AUTO_COMPACTION_MODE=revision +# ETCD configuration for auto compaction retention in terms of number of revisions +ETCD_AUTO_COMPACTION_RETENTION=1000 +# ETCD configuration for backend quota in bytes +ETCD_QUOTA_BACKEND_BYTES=4294967296 +# ETCD configuration for the number of changes before triggering a snapshot +ETCD_SNAPSHOT_COUNT=50000 +# MinIO access key for authentication +MINIO_ACCESS_KEY=minioadmin +# MinIO secret key for authentication +MINIO_SECRET_KEY=minioadmin +# ETCD service endpoints +ETCD_ENDPOINTS=etcd:2379 +# MinIO service address +MINIO_ADDRESS=minio:9000 +# Enable or disable security authorization +MILVUS_AUTHORIZATION_ENABLED=true + +# ------------------------------ +# Environment Variables for pgvector / pgvector-rs Service +# (only used when VECTOR_STORE is pgvector / pgvector-rs) +# ------------------------------ +PGVECTOR_PGUSER=postgres +# The password for the default postgres user. +PGVECTOR_POSTGRES_PASSWORD=difyai123456 +# The name of the default postgres database. +PGVECTOR_POSTGRES_DB=dify +# postgres data directory +PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata + +# ------------------------------ +# Environment Variables for opensearch +# (only used when VECTOR_STORE is opensearch) +# ------------------------------ +OPENSEARCH_DISCOVERY_TYPE=single-node +OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true +OPENSEARCH_JAVA_OPTS_MIN=512m +OPENSEARCH_JAVA_OPTS_MAX=1024m +OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123 +OPENSEARCH_MEMLOCK_SOFT=-1 +OPENSEARCH_MEMLOCK_HARD=-1 +OPENSEARCH_NOFILE_SOFT=65536 +OPENSEARCH_NOFILE_HARD=65536 + +# ------------------------------ +# Environment Variables for Nginx reverse proxy +# ------------------------------ +NGINX_SERVER_NAME=_ +NGINX_HTTPS_ENABLED=false +# HTTP port +NGINX_PORT=80 +# SSL settings are only applied when HTTPS_ENABLED is true +NGINX_SSL_PORT=443 +# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory +# and modify the env vars below accordingly. +NGINX_SSL_CERT_FILENAME=dify.crt +NGINX_SSL_CERT_KEY_FILENAME=dify.key +NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3 + +# Nginx performance tuning +NGINX_WORKER_PROCESSES=auto +NGINX_CLIENT_MAX_BODY_SIZE=15M +NGINX_KEEPALIVE_TIMEOUT=65 + +# Proxy settings +NGINX_PROXY_READ_TIMEOUT=3600s +NGINX_PROXY_SEND_TIMEOUT=3600s + +# Set true to accept requests for /.well-known/acme-challenge/ +NGINX_ENABLE_CERTBOT_CHALLENGE=false + +# ------------------------------ +# Certbot Configuration +# ------------------------------ + +# Email address (required to get certificates from Let's Encrypt) +CERTBOT_EMAIL=your_email@example.com + +# Domain name +CERTBOT_DOMAIN=your_domain.com + +# certbot command options +# i.e: --force-renewal --dry-run --test-cert --debug +CERTBOT_OPTIONS= + +# ------------------------------ +# Environment Variables for SSRF Proxy +# ------------------------------ +SSRF_HTTP_PORT=3128 +SSRF_COREDUMP_DIR=/var/spool/squid +SSRF_REVERSE_PROXY_PORT=8194 +SSRF_SANDBOX_HOST=sandbox +SSRF_DEFAULT_TIME_OUT=5 +SSRF_DEFAULT_CONNECT_TIME_OUT=5 +SSRF_DEFAULT_READ_TIME_OUT=5 +SSRF_DEFAULT_WRITE_TIME_OUT=5 + +# ------------------------------ +# docker env var for specifying vector db type at startup +# (based on the vector db type, the corresponding docker +# compose profile will be used) +# if you want to use unstructured, add ',unstructured' to the end +# ------------------------------ +COMPOSE_PROFILES=${VECTOR_STORE:-weaviate} + +# ------------------------------ +# Docker Compose Service Expose Host Port Configurations +# ------------------------------ +EXPOSE_NGINX_PORT=80 +EXPOSE_NGINX_SSL_PORT=443 + +# ---------------------------------------------------------------------------- +# ModelProvider & Tool Position Configuration +# Used to specify the model providers and tools that can be used in the app. +# ---------------------------------------------------------------------------- + +# Pin, include, and exclude tools +# Use comma-separated values with no spaces between items. +# Example: POSITION_TOOL_PINS=bing,google +POSITION_TOOL_PINS= +POSITION_TOOL_INCLUDES= +POSITION_TOOL_EXCLUDES= + +# Pin, include, and exclude model providers +# Use comma-separated values with no spaces between items. +# Example: POSITION_PROVIDER_PINS=openai,openllm +POSITION_PROVIDER_PINS= +POSITION_PROVIDER_INCLUDES= +POSITION_PROVIDER_EXCLUDES= + +# CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +CSP_WHITELIST= + +# Enable or disable create tidb service job +CREATE_TIDB_SERVICE_JOB_ENABLED=false + +# Maximum number of submitted thread count in a ThreadPool for parallel node execution +MAX_SUBMIT_COUNT=100 + +# The maximum number of top-k value for RAG. +TOP_K_MAX_VALUE=10 diff --git a/dockge/dify/envs/global.env b/dockge/dify/envs/global.env new file mode 100644 index 00000000..e10989fe --- /dev/null +++ b/dockge/dify/envs/global.env @@ -0,0 +1,2 @@ +# copyright© 2024 XinJiang Ms Studio +TZ=Asia/Shanghai