x-shared-env: &shared-api-worker-env # The log level for the application. Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL` LOG_LEVEL: ${LOG_LEVEL:-INFO} # Debug mode, default is false. It is recommended to turn on this configuration for local development to prevent some problems caused by monkey patch. DEBUG: ${DEBUG:-false} # Flask debug mode, it can output trace information at the interface when turned on, which is convenient for debugging. FLASK_DEBUG: ${FLASK_DEBUG:-false} # A secretkey that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`. SECRET_KEY: ${SECRET_KEY} # Password for admin user initialization. # If left unset, admin user will not be prompted for a password when creating the initial admin account. INIT_PASSWORD: ${INIT_PASSWORD} # The base URL of console application web frontend, refers to the Console base URL of WEB service if console domain is # different from api or web app domain. # example: http://cloud.dify.ai CONSOLE_WEB_URL: ${CONSOLE_WEB_URL} # The base URL of console application api server, refers to the Console base URL of WEB service if console domain is # different from api or web app domain. # example: http://cloud.dify.ai CONSOLE_API_URL: ${CONSOLE_API_URL} # The URL prefix for Service API endpoints, refers to the base URL of the current API service if api domain is # different from console domain. # example: http://api.dify.ai SERVICE_API_URL: ${SERVICE_API_URL} # The URL prefix for Web APP frontend, refers to the Web App base URL of WEB service if web app domain is different from # console or api domain. # example: http://udify.app APP_WEB_URL: ${APP_WEB_URL} # Whether to enable the version check policy. If set to false, https://updates.dify.ai will not be called for version check. CHECK_UPDATE_URL: ${CHECK_UPDATE_URL} # Used to change the OpenAI base address, default is https://api.openai.com/v1. # When OpenAI cannot be accessed in China, replace it with a domestic mirror address, # or when a local model provides OpenAI compatible API, it can be replaced. OPENAI_API_BASE: ${OPENAI_API_BASE} # File preview or download Url prefix. # used to display File preview or download Url to the front-end or as Multi-model inputs; # Url is signed and has expiration time. FILES_URL: ${FILES_URL} # File Access Time specifies a time interval in seconds for the file to be accessed. # The default value is 300 seconds. FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300} # When enabled, migrations will be executed prior to application startup and the application will start after the migrations have completed. MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true} # Deployment environment. # Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`. # Testing environment. There will be a distinct color label on the front-end page, # indicating that this environment is a testing environment. DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION} # API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed. DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS} # API service binding port number, default 5001. DIFY_PORT: ${DIFY_PORT} # The number of API server workers, i.e., the number of gevent workers. # Formula: number of cpu cores x 2 + 1 # Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT} # Defaults to gevent. If using windows, it can be switched to sync or solo. SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS} # Similar to SERVER_WORKER_CLASS. Default is gevent. # If using windows, it can be switched to sync or solo. CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS} # Request handling timeout. The default is 200, # it is recommended to set it to 360 to support a longer sse connection time. GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT} # The number of Celery workers. The default is 1, and can be set as needed. CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT} # The configurations of postgres database connection. # It is consistent with the configuration in the 'db' service below. DB_USERNAME: ${DB_USERNAME} DB_PASSWORD: ${DB_PASSWORD} DB_HOST: ${DB_HOST} DB_PORT: ${DB_PORT} DB_DATABASE: ${DB_DATABASE} # The size of the database connection pool. # The default is 30 connections, which can be appropriately increased. SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE} # Database connection pool recycling time, the default is 3600 seconds. SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE} # Whether to print SQL, default is false. SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO} # The configurations of redis connection. # It is consistent with the configuration in the 'redis' service below. REDIS_HOST: ${REDIS_HOST} REDIS_PORT: ${REDIS_PORT:-6379} REDIS_USERNAME: ${REDIS_USERNAME} REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_USE_SSL: ${REDIS_USE_SSL} # Redis Database, default is 0. Please use a different Database from Session Redis and Celery Broker. REDIS_DB: 0 # The configurations of celery broker. # Use redis as the broker, and redis db 1 for celery broker. CELERY_BROKER_URL: ${CELERY_BROKER_URL} BROKER_USE_SSL: ${BROKER_USE_SSL} # Specifies the allowed origins for cross-origin requests to the Web API, e.g. https://dify.app or * for all origins. WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS} # Specifies the allowed origins for cross-origin requests to the console API, e.g. https://cloud.dify.ai or * for all origins. CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS} # The type of storage to use for storing user files. Supported values are `local` and `s3` and `azure-blob` and `google-storage`, Default: `local` STORAGE_TYPE: ${STORAGE_TYPE} # The path to the local storage directory, the directory relative the root path of API service codes or absolute path. Default: `storage` or `/home/john/storage`. # only available when STORAGE_TYPE is `local`. STORAGE_LOCAL_PATH: storage # The S3 storage configurations, only available when STORAGE_TYPE is `s3`. S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM} S3_ENDPOINT: ${S3_ENDPOINT} S3_BUCKET_NAME: ${S3_BUCKET_NAME} S3_ACCESS_KEY: ${S3_ACCESS_KEY} S3_SECRET_KEY: ${S3_SECRET_KEY} S3_REGION: ${S3_REGION} # The Azure Blob storage configurations, only available when STORAGE_TYPE is `azure-blob`. AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME} AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY} AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME} AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL} # The Google storage configurations, only available when STORAGE_TYPE is `google-storage`. GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME} # if you want to use Application Default Credentials, you can leave GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 empty. GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64} # The Alibaba Cloud OSS configurations, only available when STORAGE_TYPE is `aliyun-oss` ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME} ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY} ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY} ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT} ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION} ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION} # The Tencent COS storage configurations, only available when STORAGE_TYPE is `tencent-cos`. TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME} TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY} TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID} TENCENT_COS_REGION: ${TENCENT_COS_REGION} TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME} # The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`, `pgvector`, `chroma`, 'opensearch', 'tidb_vector'. VECTOR_STORE: ${VECTOR_STORE} # The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`. WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT} # The Weaviate API key. WEAVIATE_API_KEY: ${WEAVIATE_API_KEY} # The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`. QDRANT_URL: ${QDRANT_URL} # The Qdrant API key. QDRANT_API_KEY: ${QDRANT_API_KEY} # The Qdrant client timeout setting. QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT} # The Qdrant client enable gRPC mode. QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED} # The Qdrant server gRPC mode PORT. QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT} # Milvus configuration Only available when VECTOR_STORE is `milvus`. # The milvus host. MILVUS_HOST: ${MILVUS_HOST} # The milvus host. MILVUS_PORT: ${MILVUS_PORT} # The milvus username. MILVUS_USER: ${MILVUS_USER} # The milvus password. MILVUS_PASSWORD: ${MILVUS_PASSWORD} # The milvus tls switch. MILVUS_SECURE: ${MILVUS_SECURE} # relyt configurations RELYT_HOST: ${RELYT_HOST} RELYT_PORT: ${RELYT_PORT} RELYT_USER: ${RELYT_USER} RELYT_PASSWORD: ${RELYT_PASSWORD} RELYT_DATABASE: ${RELYT_DATABASE} # pgvector configurations PGVECTOR_HOST: ${PGVECTOR_HOST} PGVECTOR_PORT: ${PGVECTOR_PORT} PGVECTOR_USER: ${PGVECTOR_USER} PGVECTOR_PASSWORD: ${PGVECTOR_PASSWORD} PGVECTOR_DATABASE: ${PGVECTOR_DATABASE} # tidb vector configurations TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST} TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT} TIDB_VECTOR_USER: ${TIDB_VECTOR_USER} TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD} TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE} # oracle configurations ORACLE_HOST: ${ORACLE_HOST} ORACLE_PORT: ${ORACLE_PORT} ORACLE_USER: ${ORACLE_USER} ORACLE_PASSWORD: ${ORACLE_PASSWORD} ORACLE_DATABASE: ${ORACLE_DATABASE} # Chroma configuration CHROMA_HOST: ${CHROMA_HOST} CHROMA_PORT: ${CHROMA_PORT} CHROMA_TENANT: ${CHROMA_TENANT} CHROMA_DATABASE: ${CHROMA_DATABASE} CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER} CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS} # OpenSearch configuration OPENSEARCH_HOST: ${OPENSEARCH_HOST} OPENSEARCH_PORT: ${OPENSEARCH_PORT} OPENSEARCH_USER: ${OPENSEARCH_USER} OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD} OPENSEARCH_SECURE: ${OPENSEARCH_SECURE} # tencent configurations TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL} TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY} TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT} TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME} TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE} TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD} TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS} # Knowledge Configuration # Upload file size limit, default 15M. UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT} # The maximum number of files that can be uploaded at a time, default 5. UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT} # `dify` Dify's proprietary file extraction scheme # `Unstructured` Unstructured.io file extraction scheme ETL_TYPE: ${ETL_TYPE} # Unstructured API path, needs to be configured when ETL_TYPE is Unstructured. UNSTRUCTURED_API_URL: ${UNSTRUCTURED_API_URL} # Multi-modal Configuration # The format of the image sent when the multi-modal model is input, the default is base64, optional url. MULTIMODAL_SEND_IMAGE_FORMAT: ${MULTIMODAL_SEND_IMAGE_FORMAT} # Upload image file size limit, default 10M. UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT} # The DSN for Sentry error reporting. If not set, Sentry error reporting will be disabled. SENTRY_DSN: ${SENTRY_DSN} # The sample rate for Sentry events. Default: `1.0` SENTRY_TRACES_SAMPLE_RATE: ${SENTRY_TRACES_SAMPLE_RATE} # The sample rate for Sentry profiles. Default: `1.0` SENTRY_PROFILES_SAMPLE_RATE: ${SENTRY_PROFILES_SAMPLE_RATE} # Notion import configuration, support public and internal NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE} NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET} NOTION_CLIENT_ID: ${NOTION_CLIENT_ID} NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET} # Mail configuration, support: resend, smtp MAIL_TYPE: ${MAIL_TYPE} # default send from email address, if not specified MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM} SMTP_SERVER: ${SMTP_SERVER} SMTP_PORT: ${SMTP_PORT} SMTP_USERNAME: ${SMTP_USERNAME} SMTP_PASSWORD: ${SMTP_PASSWORD} SMTP_USE_TLS: ${SMTP_USE_TLS} SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS} # the api-key for resend (https://resend.com) RESEND_API_KEY: ${RESEND_API_KEY} RESEND_API_URL: https://api.resend.com # Indexing configuration INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH} # Other configurations INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS} CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194} CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox} CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807} CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:- -9223372036854775808} CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000} TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000} CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30} CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30} CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000} SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-'http://ssrf_proxy:3128'} SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-'http://ssrf_proxy:3128'} services: # API service api: image: langgenius/dify-api:0.6.12 restart: always environment: # Use the shared environment variables. <<: *shared-api-worker-env # Startup mode, 'api' starts the API server. MODE: api depends_on: - db - redis volumes: # Mount the storage directory to the container, for storing user files. - ./volumes/app/storage:/app/api/storage # uncomment to expose dify-api port to host # ports: # - "5001:5001" networks: - ssrf_proxy_network - default # worker service # The Celery worker for processing the queue. worker: image: langgenius/dify-api:0.6.12 restart: always environment: # Use the shared environment variables. <<: *shared-api-worker-env # Startup mode, 'worker' starts the Celery worker for processing the queue. MODE: worker depends_on: - db - redis volumes: # Mount the storage directory to the container, for storing user files. - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default # Frontend web application. web: image: langgenius/dify-web:0.6.12 restart: always environment: CONSOLE_API_URL: ${CONSOLE_API_URL:-} APP_API_URL: ${APP_API_URL:-} SENTRY_DSN: ${SENTRY_DSN:-} # uncomment to expose dify-web port to host # ports: # - "3000:3000" # The postgres database. db: image: postgres:15-alpine restart: always environment: PGUSER: ${PGUSER:-postgres} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456} POSTGRES_DB: ${POSTGRES_DB:-dify} PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} volumes: - ./volumes/db/data:/var/lib/postgresql/data # uncomment to expose db(postgresql) port to host # ports: # - "5432:5432" healthcheck: test: [ "CMD", "pg_isready" ] interval: 1s timeout: 3s retries: 30 # The redis cache. redis: image: redis:6-alpine restart: always volumes: # Mount the redis data directory to the container. - ./volumes/redis/data:/data # Set the redis password when startup redis server. command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456} healthcheck: test: [ "CMD", "redis-cli", "ping" ] # uncomment to expose redis port to host # ports: # - "6379:6379" # The DifySandbox sandbox: image: langgenius/dify-sandbox:0.2.1 restart: always environment: # The DifySandbox configurations # Make sure you are changing this key for your deployment with a strong key. # You can generate a strong key using `openssl rand -base64 42`. API_KEY: ${API_KEY:-dify-sandbox} GIN_MODE: ${GIN_MODE:-release} WORKER_TIMEOUT: ${WORKER_TIMEOUT:-15} ENABLE_NETWORK: ${ENABLE_NETWORK:-true} HTTP_PROXY: ${HTTP_PROXY:-http://ssrf_proxy:3128} HTTPS_PROXY: ${HTTPS_PROXY:-http://ssrf_proxy:3128} SANDBOX_PORT: ${SANDBOX_PORT:-8194} volumes: - ./volumes/sandbox/dependencies:/dependencies networks: - ssrf_proxy_network # ssrf_proxy server # for more information, please refer to # https://docs.dify.ai/getting-started/install-self-hosted/install-faq#id-16.-why-is-ssrf_proxy-needed ssrf_proxy: image: ubuntu/squid:latest restart: always volumes: - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint.sh entrypoint: /docker-entrypoint.sh environment: # pls clearly modify the squid env vars to fit your network environment. HTTP_PORT: ${HTTP_PORT:-3128} COREDUMP_DIR: ${COREDUMP_DIR:-/var/spool/squid} REVERSE_PROXY_PORT: ${REVERSE_PROXY_PORT:-8194} SANDBOX_HOST: ${SANDBOX_HOST:-sandbox} SANDBOX_PORT: ${SANDBOX_PORT:-8194} networks: - ssrf_proxy_network - default # The nginx reverse proxy. # used for reverse proxying the API service and Web service. nginx: image: nginx:latest restart: always volumes: - ./nginx/nginx.conf.template:/etc/nginx/nginx.conf.template - ./nginx/proxy.conf.template:/etc/nginx/proxy.conf.template - ./nginx/conf.d:/etc/nginx/conf.d - ./nginx/docker-entrypoint.sh:/docker-entrypoint.sh - ./nginx/ssl:/etc/ssl entrypoint: /docker-entrypoint.sh environment: NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_} HTTPS_ENABLED: ${HTTPS_ENABLED:-false} NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443} # You're required to add your own SSL certificates/keys to the `./nginx/ssl` directory # and modify the env vars below in .env if HTTPS_ENABLED is true. NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt} NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key} NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3} NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto} NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M} NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65} NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s} NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} depends_on: - api - web ports: - "${NGINX_PORT:-80}:80" - "${NGINX_SSL_PORT:-443}:443" # The Weaviate vector store. weaviate: image: semitechnologies/weaviate:1.19.0 profiles: - weaviate restart: always volumes: # Mount the Weaviate data directory to the con tainer. - ./volumes/weaviate:/var/lib/weaviate environment: # The Weaviate configurations # You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information. PERSISTENCE_DATA_PATH: ${PERSISTENCE_DATA_PATH:-/var/lib/weaviate} QUERY_DEFAULTS_LIMIT: ${QUERY_DEFAULTS_LIMIT:-25} AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false} DEFAULT_VECTORIZER_MODULE: ${DEFAULT_VECTORIZER_MODULE:-none} CLUSTER_HOSTNAME: ${CLUSTER_HOSTNAME:-node1} AUTHENTICATION_APIKEY_ENABLED: ${AUTHENTICATION_APIKEY_ENABLED:-true} AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih} AUTHENTICATION_APIKEY_USERS: ${AUTHENTICATION_APIKEY_USERS:-hello@dify.ai} AUTHORIZATION_ADMINLIST_ENABLED: ${AUTHORIZATION_ADMINLIST_ENABLED:-true} AUTHORIZATION_ADMINLIST_USERS: ${AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai} # uncomment to expose weaviate port to host ports: - "8080:8080" # Qdrant vector store. # (if used, you need to set VECTOR_STORE to qdrant in the api & worker service.) qdrant: image: langgenius/qdrant:v1.7.3 profiles: - qdrant restart: always volumes: - ./volumes/qdrant:/qdrant/storage environment: QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456} # uncomment to expose qdrant port to host ports: - "6333:6333" - "6334:6334" # The pgvector vector database. pgvector: image: pgvector/pgvector:pg16 profiles: - pgvector restart: always environment: PGUSER: ${PGVECTOR_PGUSER:-postgres} # The password for the default postgres user. POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456} # The name of the default postgres database. POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify} # postgres data directory PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata} volumes: - ./volumes/pgvector/data:/var/lib/postgresql/data # uncomment to expose db(postgresql) port to host ports: - "5433:5432" healthcheck: test: [ "CMD", "pg_isready" ] interval: 1s timeout: 3s retries: 30 # pgvecto-rs vector store pgvecto-rs: image: tensorchord/pgvecto-rs:pg16-v0.2.0 profiles: - pgvecto-rs restart: always environment: PGUSER: ${PGUSER:-postgres} # The password for the default postgres user. POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456} # The name of the default postgres database. POSTGRES_DB: ${POSTGRES_DB:-dify} # postgres data directory PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata} volumes: - ./volumes/pgvecto_rs/data:/var/lib/postgresql/data # uncomment to expose db(postgresql) port to host ports: - "5431:5432" healthcheck: test: [ "CMD", "pg_isready" ] interval: 1s timeout: 3s retries: 30 # Chroma vector database chroma: image: ghcr.io/chroma-core/chroma:0.5.1 profiles: - chroma restart: always volumes: - ./volumes/chroma:/chroma/chroma environment: CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456} CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider} IS_PERSISTENT: ${IS_PERSISTENT:-TRUE} ports: - "8000:8000" oracle: image: container-registry.oracle.com/database/free:latest profiles: - oracle restart: always ports: - 1521:1521 volumes: - type: volume source: oradata target: /opt/oracle/oradata - ./startupscripts:/opt/oracle/scripts/startup environment: - ORACLE_PWD=${ORACLE_PWD:-Dify123456} - ORACLE_CHARACTERSET=${ORACLE_CHARACTERSET:-AL32UTF8} # Milvus vector database services etcd: container_name: milvus-etcd image: quay.io/coreos/etcd:v3.5.5 profiles: - milvus environment: - ETCD_AUTO_COMPACTION_MODE=${ETCD_AUTO_COMPACTION_MODE:-revision} - ETCD_AUTO_COMPACTION_RETENTION=${ETCD_AUTO_COMPACTION_RETENTION:-1000} - ETCD_QUOTA_BACKEND_BYTES=${ETCD_QUOTA_BACKEND_BYTES:-4294967296} - ETCD_SNAPSHOT_COUNT=${ETCD_SNAPSHOT_COUNT:-50000} volumes: - ./volumes/milvus/etcd:/etcd command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd healthcheck: test: ["CMD", "etcdctl", "endpoint", "health"] interval: 30s timeout: 20s retries: 3 networks: - milvus minio: container_name: milvus-minio image: minio/minio:RELEASE.2023-03-20T20-16-18Z profiles: - milvus environment: MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin} MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin} ports: - "9001:9001" - "9000:9000" volumes: - ./volumes/milvus/minio:/minio_data command: minio server /minio_data --console-address ":9001" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 networks: - milvus milvus-standalone: container_name: milvus-standalone image: milvusdb/milvus:v2.3.1 profiles: - milvus command: ["milvus", "run", "standalone"] environment: ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379} MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000} common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true} volumes: - ./volumes/milvus/milvus:/var/lib/milvus healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9091/healthz"] interval: 30s start_period: 90s timeout: 20s retries: 3 ports: - "19530:19530" - "9091:9091" depends_on: - "etcd" - "minio" networks: - milvus opensearch: container_name: opensearch image: opensearchproject/opensearch:latest profiles: - opensearch environment: - discovery.type=${OPENSEARCH_DISCOVERY_TYPE:-single-node} - bootstrap.memory_lock=${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true} - OPENSEARCH_JAVA_OPTS=-Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m} - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123} ulimits: memlock: soft: ${OPENSEARCH_MEMLOCK_SOFT:--1} hard: ${OPENSEARCH_MEMLOCK_HARD:--1} nofile: soft: ${OPENSEARCH_NOFILE_SOFT:-65536} hard: ${OPENSEARCH_NOFILE_HARD:-65536} volumes: - ./volumes/opensearch/data:/usr/share/opensearch/data ports: - "9200:9200" - "9600:9600" networks: - opensearch-net opensearch-dashboards: container_name: opensearch-dashboards image: opensearchproject/opensearch-dashboards:latest profiles: - opensearch ports: - "5601:5601" expose: - "5601" environment: OPENSEARCH_HOSTS: '["https://opensearch:9200"]' volumes: - ./volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml networks: - opensearch-net depends_on: - opensearch networks: # create a network between sandbox, api and ssrf_proxy, and can not access outside. ssrf_proxy_network: driver: bridge internal: true milvus: driver: bridge opensearch-net: driver: bridge internal: true volumes: oradata: