mirror of
https://gitee.com/dify_ai/dify.git
synced 2024-12-05 12:48:32 +08:00
27c8deb4ec
Signed-off-by: forrestsocool <sensensudo@gmail.com>
624 lines
20 KiB
Plaintext
624 lines
20 KiB
Plaintext
# ------------------------------
|
|
# Environment Variables for API service & worker
|
|
# ------------------------------
|
|
|
|
# ------------------------------
|
|
# Common Variables
|
|
# ------------------------------
|
|
|
|
# The backend URL of the console API,
|
|
# used to concatenate the authorization callback.
|
|
# If empty, it is the same domain.
|
|
# Example: https://api.console.dify.ai
|
|
CONSOLE_API_URL=
|
|
|
|
# The front-end URL of the console web,
|
|
# used to concatenate some front-end addresses and for CORS configuration use.
|
|
# If empty, it is the same domain.
|
|
# Example: https://console.dify.ai
|
|
CONSOLE_WEB_URL=
|
|
|
|
# Service API Url,
|
|
# used to display Service API Base Url to the front-end.
|
|
# If empty, it is the same domain.
|
|
# Example: https://api.dify.ai
|
|
SERVICE_API_URL=
|
|
|
|
# WebApp API backend Url,
|
|
# used to declare the back-end URL for the front-end API.
|
|
# If empty, it is the same domain.
|
|
# Example: https://api.app.dify.ai
|
|
APP_API_URL=
|
|
|
|
# WebApp Url,
|
|
# used to display WebAPP API Base Url to the front-end.
|
|
# If empty, it is the same domain.
|
|
# Example: https://app.dify.ai
|
|
APP_WEB_URL=
|
|
|
|
# File preview or download Url prefix.
|
|
# used to display File preview or download Url to the front-end or as Multi-model inputs;
|
|
# Url is signed and has expiration time.
|
|
FILES_URL=
|
|
|
|
# ------------------------------
|
|
# Server Configuration
|
|
# ------------------------------
|
|
|
|
# The log level for the application.
|
|
# Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
|
|
LOG_LEVEL=INFO
|
|
|
|
# Debug mode, default is false.
|
|
# It is recommended to turn on this configuration for local development
|
|
# to prevent some problems caused by monkey patch.
|
|
DEBUG=false
|
|
|
|
# Flask debug mode, it can output trace information at the interface when turned on,
|
|
# which is convenient for debugging.
|
|
FLASK_DEBUG=false
|
|
|
|
# A secretkey that is used for securely signing the session cookie
|
|
# and encrypting sensitive information on the database.
|
|
# You can generate a strong key using `openssl rand -base64 42`.
|
|
SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
|
|
|
|
# Password for admin user initialization.
|
|
# If left unset, admin user will not be prompted for a password
|
|
# when creating the initial admin account.
|
|
INIT_PASSWORD=
|
|
|
|
# Deployment environment.
|
|
# Supported values are `PRODUCTION`, `TESTING`. Default is `PRODUCTION`.
|
|
# Testing environment. There will be a distinct color label on the front-end page,
|
|
# indicating that this environment is a testing environment.
|
|
DEPLOY_ENV=PRODUCTION
|
|
|
|
# Whether to enable the version check policy.
|
|
# If set to empty, https://updates.dify.ai will not be called for version check.
|
|
CHECK_UPDATE_URL=https://updates.dify.ai
|
|
|
|
# Used to change the OpenAI base address, default is https://api.openai.com/v1.
|
|
# When OpenAI cannot be accessed in China, replace it with a domestic mirror address,
|
|
# or when a local model provides OpenAI compatible API, it can be replaced.
|
|
OPENAI_API_BASE=https://api.openai.com/v1
|
|
|
|
# When enabled, migrations will be executed prior to application startup
|
|
# and the application will start after the migrations have completed.
|
|
MIGRATION_ENABLED=true
|
|
|
|
# File Access Time specifies a time interval in seconds for the file to be accessed.
|
|
# The default value is 300 seconds.
|
|
FILES_ACCESS_TIMEOUT=300
|
|
|
|
# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
|
|
APP_MAX_ACTIVE_REQUESTS=0
|
|
|
|
# ------------------------------
|
|
# Container Startup Related Configuration
|
|
# Only effective when starting with docker image or docker-compose.
|
|
# ------------------------------
|
|
|
|
# API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
|
|
DIFY_BIND_ADDRESS=0.0.0.0
|
|
|
|
# API service binding port number, default 5001.
|
|
DIFY_PORT=5001
|
|
|
|
# The number of API server workers, i.e., the number of gevent workers.
|
|
# Formula: number of cpu cores x 2 + 1
|
|
# Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
|
|
SERVER_WORKER_AMOUNT=
|
|
|
|
# Defaults to gevent. If using windows, it can be switched to sync or solo.
|
|
SERVER_WORKER_CLASS=
|
|
|
|
# Similar to SERVER_WORKER_CLASS. Default is gevent.
|
|
# If using windows, it can be switched to sync or solo.
|
|
CELERY_WORKER_CLASS=
|
|
|
|
# Request handling timeout. The default is 200,
|
|
# it is recommended to set it to 360 to support a longer sse connection time.
|
|
GUNICORN_TIMEOUT=360
|
|
|
|
# The number of Celery workers. The default is 1, and can be set as needed.
|
|
CELERY_WORKER_AMOUNT=
|
|
|
|
# API Tool configuration
|
|
API_TOOL_DEFAULT_CONNECT_TIMEOUT=10
|
|
API_TOOL_DEFAULT_READ_TIMEOUT=60
|
|
|
|
# ------------------------------
|
|
# Database Configuration
|
|
# The database uses PostgreSQL. Please use the public schema.
|
|
# It is consistent with the configuration in the 'db' service below.
|
|
# ------------------------------
|
|
|
|
DB_USERNAME=postgres
|
|
DB_PASSWORD=difyai123456
|
|
DB_HOST=db
|
|
DB_PORT=5432
|
|
DB_DATABASE=dify
|
|
# The size of the database connection pool.
|
|
# The default is 30 connections, which can be appropriately increased.
|
|
SQLALCHEMY_POOL_SIZE=30
|
|
# Database connection pool recycling time, the default is 3600 seconds.
|
|
SQLALCHEMY_POOL_RECYCLE=3600
|
|
# Whether to print SQL, default is false.
|
|
SQLALCHEMY_ECHO=false
|
|
|
|
# ------------------------------
|
|
# Redis Configuration
|
|
# This Redis configuration is used for caching and for pub/sub during conversation.
|
|
# ------------------------------
|
|
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
REDIS_USERNAME=
|
|
REDIS_PASSWORD=difyai123456
|
|
REDIS_USE_SSL=false
|
|
|
|
# ------------------------------
|
|
# Celery Configuration
|
|
# ------------------------------
|
|
|
|
# Use redis as the broker, and redis db 1 for celery broker.
|
|
# Format as follows: `redis://<redis_username>:<redis_password>@<redis_host>:<redis_port>/<redis_database>`
|
|
# Example: redis://:difyai123456@redis:6379/1
|
|
CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1
|
|
BROKER_USE_SSL=false
|
|
|
|
# ------------------------------
|
|
# CORS Configuration
|
|
# Used to set the front-end cross-domain access policy.
|
|
# ------------------------------
|
|
|
|
# Specifies the allowed origins for cross-origin requests to the Web API,
|
|
# e.g. https://dify.app or * for all origins.
|
|
WEB_API_CORS_ALLOW_ORIGINS=*
|
|
|
|
# Specifies the allowed origins for cross-origin requests to the console API,
|
|
# e.g. https://cloud.dify.ai or * for all origins.
|
|
CONSOLE_CORS_ALLOW_ORIGINS=*
|
|
|
|
# ------------------------------
|
|
# File Storage Configuration
|
|
# ------------------------------
|
|
|
|
# The type of storage to use for storing user files.
|
|
# Supported values are `local` and `s3` and `azure-blob` and `google-storage` and `tencent-cos`,
|
|
# Default: `local`
|
|
STORAGE_TYPE=local
|
|
|
|
# S3 Configuration
|
|
# Whether to use AWS managed IAM roles for authenticating with the S3 service.
|
|
# If set to false, the access key and secret key must be provided.
|
|
S3_USE_AWS_MANAGED_IAM=false
|
|
# The endpoint of the S3 service.
|
|
S3_ENDPOINT=
|
|
# The region of the S3 service.
|
|
S3_REGION=us-east-1
|
|
# The name of the S3 bucket to use for storing files.
|
|
S3_BUCKET_NAME=difyai
|
|
# The access key to use for authenticating with the S3 service.
|
|
S3_ACCESS_KEY=
|
|
# The secret key to use for authenticating with the S3 service.
|
|
S3_SECRET_KEY=
|
|
|
|
# Azure Blob Configuration
|
|
# The name of the Azure Blob Storage account to use for storing files.
|
|
AZURE_BLOB_ACCOUNT_NAME=difyai
|
|
# The access key to use for authenticating with the Azure Blob Storage account.
|
|
AZURE_BLOB_ACCOUNT_KEY=difyai
|
|
# The name of the Azure Blob Storage container to use for storing files.
|
|
AZURE_BLOB_CONTAINER_NAME=difyai-container
|
|
# The URL of the Azure Blob Storage account.
|
|
AZURE_BLOB_ACCOUNT_URL=https://<your_account_name>.blob.core.windows.net
|
|
|
|
# Google Storage Configuration
|
|
# The name of the Google Storage bucket to use for storing files.
|
|
GOOGLE_STORAGE_BUCKET_NAME=your-bucket-name
|
|
# The service account JSON key to use for authenticating with the Google Storage service.
|
|
GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64=your-google-service-account-json-base64-string
|
|
|
|
# The Alibaba Cloud OSS configurations,
|
|
# only available when STORAGE_TYPE is `aliyun-oss`
|
|
ALIYUN_OSS_BUCKET_NAME=your-bucket-name
|
|
ALIYUN_OSS_ACCESS_KEY=your-access-key
|
|
ALIYUN_OSS_SECRET_KEY=your-secret-key
|
|
ALIYUN_OSS_ENDPOINT=https://oss-ap-southeast-1-internal.aliyuncs.com
|
|
ALIYUN_OSS_REGION=ap-southeast-1
|
|
ALIYUN_OSS_AUTH_VERSION=v4
|
|
|
|
# Tencent COS Configuration
|
|
# The name of the Tencent COS bucket to use for storing files.
|
|
TENCENT_COS_BUCKET_NAME=your-bucket-name
|
|
# The secret key to use for authenticating with the Tencent COS service.
|
|
TENCENT_COS_SECRET_KEY=your-secret-key
|
|
# The secret id to use for authenticating with the Tencent COS service.
|
|
TENCENT_COS_SECRET_ID=your-secret-id
|
|
# The region of the Tencent COS service.
|
|
TENCENT_COS_REGION=your-region
|
|
# The scheme of the Tencent COS service.
|
|
TENCENT_COS_SCHEME=your-scheme
|
|
|
|
# ------------------------------
|
|
# Vector Database Configuration
|
|
# ------------------------------
|
|
|
|
# The type of vector store to use.
|
|
# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`.
|
|
VECTOR_STORE=weaviate
|
|
|
|
# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
|
|
WEAVIATE_ENDPOINT=http://weaviate:8080
|
|
# The Weaviate API key.
|
|
WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
|
|
|
|
# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
|
|
QDRANT_URL=http://qdrant:6333
|
|
# The Qdrant API key.
|
|
QDRANT_API_KEY=difyai123456
|
|
# The Qdrant client timeout setting.
|
|
QDRANT_CLIENT_TIMEOUT=20
|
|
# The Qdrant client enable gRPC mode.
|
|
QDRANT_GRPC_ENABLED=false
|
|
# The Qdrant server gRPC mode PORT.
|
|
QDRANT_GRPC_PORT=6334
|
|
|
|
# Milvus configuration Only available when VECTOR_STORE is `milvus`.
|
|
# The milvus host.
|
|
MILVUS_HOST=127.0.0.1
|
|
# The milvus host.
|
|
MILVUS_PORT=19530
|
|
# The milvus username.
|
|
MILVUS_USER=root
|
|
# The milvus password.
|
|
MILVUS_PASSWORD=Milvus
|
|
# The milvus tls switch.
|
|
MILVUS_SECURE=false
|
|
|
|
# MyScale configuration, only available when VECTOR_STORE is `myscale`
|
|
# For multi-language support, please set MYSCALE_FTS_PARAMS with referring to:
|
|
# https://myscale.com/docs/en/text-search/#understanding-fts-index-parameters
|
|
MYSCALE_HOST=myscale
|
|
MYSCALE_PORT=8123
|
|
MYSCALE_USER=default
|
|
MYSCALE_PASSWORD=
|
|
MYSCALE_DATABASE=dify
|
|
MYSCALE_FTS_PARAMS=
|
|
|
|
# pgvector configurations, only available when VECTOR_STORE is `pgvecto-rs or pgvector`
|
|
PGVECTOR_HOST=pgvector
|
|
PGVECTOR_PORT=5432
|
|
PGVECTOR_USER=postgres
|
|
PGVECTOR_PASSWORD=difyai123456
|
|
PGVECTOR_DATABASE=dify
|
|
|
|
# TiDB vector configurations, only available when VECTOR_STORE is `tidb`
|
|
TIDB_VECTOR_HOST=tidb
|
|
TIDB_VECTOR_PORT=4000
|
|
TIDB_VECTOR_USER=xxx.root
|
|
TIDB_VECTOR_PASSWORD=xxxxxx
|
|
TIDB_VECTOR_DATABASE=dify
|
|
|
|
# Chroma configuration, only available when VECTOR_STORE is `chroma`
|
|
CHROMA_HOST=127.0.0.1
|
|
CHROMA_PORT=8000
|
|
CHROMA_TENANT=default_tenant
|
|
CHROMA_DATABASE=default_database
|
|
CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider
|
|
CHROMA_AUTH_CREDENTIALS=xxxxxx
|
|
|
|
# Oracle configuration, only available when VECTOR_STORE is `oracle`
|
|
ORACLE_HOST=oracle
|
|
ORACLE_PORT=1521
|
|
ORACLE_USER=dify
|
|
ORACLE_PASSWORD=dify
|
|
ORACLE_DATABASE=FREEPDB1
|
|
|
|
# relyt configurations, only available when VECTOR_STORE is `relyt`
|
|
RELYT_HOST=db
|
|
RELYT_PORT=5432
|
|
RELYT_USER=postgres
|
|
RELYT_PASSWORD=difyai123456
|
|
RELYT_DATABASE=postgres
|
|
|
|
# open search configuration, only available when VECTOR_STORE is `opensearch`
|
|
OPENSEARCH_HOST=opensearch
|
|
OPENSEARCH_PORT=9200
|
|
OPENSEARCH_USER=admin
|
|
OPENSEARCH_PASSWORD=admin
|
|
OPENSEARCH_SECURE=true
|
|
|
|
# tencent vector configurations, only available when VECTOR_STORE is `tencent`
|
|
TENCENT_VECTOR_DB_URL=http://127.0.0.1
|
|
TENCENT_VECTOR_DB_API_KEY=dify
|
|
TENCENT_VECTOR_DB_TIMEOUT=30
|
|
TENCENT_VECTOR_DB_USERNAME=dify
|
|
TENCENT_VECTOR_DB_DATABASE=dify
|
|
TENCENT_VECTOR_DB_SHARD=1
|
|
TENCENT_VECTOR_DB_REPLICAS=2
|
|
|
|
# ------------------------------
|
|
# Knowledge Configuration
|
|
# ------------------------------
|
|
|
|
# Upload file size limit, default 15M.
|
|
UPLOAD_FILE_SIZE_LIMIT=15
|
|
|
|
# The maximum number of files that can be uploaded at a time, default 5.
|
|
UPLOAD_FILE_BATCH_LIMIT=5
|
|
|
|
# ETl type, support: `dify`, `Unstructured`
|
|
# `dify` Dify's proprietary file extraction scheme
|
|
# `Unstructured` Unstructured.io file extraction scheme
|
|
ETL_TYPE=dify
|
|
|
|
# Unstructured API path, needs to be configured when ETL_TYPE is Unstructured.
|
|
# For example: http://unstructured:8000/general/v0/general
|
|
UNSTRUCTURED_API_URL=
|
|
|
|
# ------------------------------
|
|
# Multi-modal Configuration
|
|
# ------------------------------
|
|
|
|
# The format of the image sent when the multi-modal model is input,
|
|
# the default is base64, optional url.
|
|
# The delay of the call in url mode will be lower than that in base64 mode.
|
|
# It is generally recommended to use the more compatible base64 mode.
|
|
# If configured as url, you need to configure FILES_URL as an externally accessible address so that the multi-modal model can access the image.
|
|
MULTIMODAL_SEND_IMAGE_FORMAT=base64
|
|
|
|
# Upload image file size limit, default 10M.
|
|
UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
|
|
|
|
# ------------------------------
|
|
# Sentry Configuration
|
|
# Used for application monitoring and error log tracking.
|
|
# ------------------------------
|
|
|
|
# API Service Sentry DSN address, default is empty, when empty,
|
|
# all monitoring information is not reported to Sentry.
|
|
# If not set, Sentry error reporting will be disabled.
|
|
API_SENTRY_DSN=
|
|
|
|
# API Service The reporting ratio of Sentry events, if it is 0.01, it is 1%.
|
|
API_SENTRY_TRACES_SAMPLE_RATE=1.0
|
|
|
|
# API Service The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
|
|
API_SENTRY_PROFILES_SAMPLE_RATE=1.0
|
|
|
|
# Web Service Sentry DSN address, default is empty, when empty,
|
|
# all monitoring information is not reported to Sentry.
|
|
# If not set, Sentry error reporting will be disabled.
|
|
WEB_SENTRY_DSN=
|
|
|
|
# ------------------------------
|
|
# Notion Integration Configuration
|
|
# Variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
|
|
# ------------------------------
|
|
|
|
# Configure as "public" or "internal".
|
|
# Since Notion's OAuth redirect URL only supports HTTPS,
|
|
# if deploying locally, please use Notion's internal integration.
|
|
NOTION_INTEGRATION_TYPE=public
|
|
# Notion OAuth client secret (used for public integration type)
|
|
NOTION_CLIENT_SECRET=
|
|
# Notion OAuth client id (used for public integration type)
|
|
NOTION_CLIENT_ID=
|
|
# Notion internal integration secret.
|
|
# If the value of NOTION_INTEGRATION_TYPE is "internal",
|
|
# you need to configure this variable.
|
|
NOTION_INTERNAL_SECRET=
|
|
|
|
# ------------------------------
|
|
# Mail related configuration
|
|
# ------------------------------
|
|
|
|
# Mail type, support: resend, smtp
|
|
MAIL_TYPE=resend
|
|
|
|
# Default send from email address, if not specified
|
|
MAIL_DEFAULT_SEND_FROM=
|
|
|
|
# API-Key for the Resend email provider, used when MAIL_TYPE is `resend`.
|
|
RESEND_API_KEY=your-resend-api-key
|
|
|
|
# SMTP server configuration, used when MAIL_TYPE is `smtp`
|
|
SMTP_SERVER=
|
|
SMTP_PORT=465
|
|
SMTP_USERNAME=
|
|
SMTP_PASSWORD=
|
|
SMTP_USE_TLS=true
|
|
SMTP_OPPORTUNISTIC_TLS=false
|
|
|
|
# ------------------------------
|
|
# Others Configuration
|
|
# ------------------------------
|
|
|
|
# Maximum length of segmentation tokens for indexing
|
|
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=1000
|
|
|
|
# Member invitation link valid time (hours),
|
|
# Default: 72.
|
|
INVITE_EXPIRY_HOURS=72
|
|
|
|
# Reset password token valid time (hours),
|
|
# Default: 24.
|
|
RESET_PASSWORD_TOKEN_EXPIRY_HOURS=24
|
|
|
|
# The sandbox service endpoint.
|
|
CODE_EXECUTION_ENDPOINT=http://sandbox:8194
|
|
CODE_MAX_NUMBER=9223372036854775807
|
|
CODE_MIN_NUMBER=-9223372036854775808
|
|
CODE_MAX_STRING_LENGTH=80000
|
|
TEMPLATE_TRANSFORM_MAX_LENGTH=80000
|
|
CODE_MAX_STRING_ARRAY_LENGTH=30
|
|
CODE_MAX_OBJECT_ARRAY_LENGTH=30
|
|
CODE_MAX_NUMBER_ARRAY_LENGTH=1000
|
|
|
|
# SSRF Proxy server HTTP URL
|
|
SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
|
|
# SSRF Proxy server HTTPS URL
|
|
SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
|
|
|
|
# ------------------------------
|
|
# Environment Variables for db Service
|
|
# ------------------------------
|
|
|
|
PGUSER=${DB_USERNAME}
|
|
# The password for the default postgres user.
|
|
POSTGRES_PASSWORD=${DB_PASSWORD}
|
|
# The name of the default postgres database.
|
|
POSTGRES_DB=${DB_DATABASE}
|
|
# postgres data directory
|
|
PGDATA=/var/lib/postgresql/data/pgdata
|
|
|
|
# ------------------------------
|
|
# Environment Variables for sandbox Service
|
|
# ------------------------------
|
|
|
|
# The API key for the sandbox service
|
|
SANDBOX_API_KEY=dify-sandbox
|
|
# The mode in which the Gin framework runs
|
|
SANDBOX_GIN_MODE=release
|
|
# The timeout for the worker in seconds
|
|
SANDBOX_WORKER_TIMEOUT=15
|
|
# Enable network for the sandbox service
|
|
SANDBOX_ENABLE_NETWORK=true
|
|
# HTTP proxy URL for SSRF protection
|
|
SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
|
|
# HTTPS proxy URL for SSRF protection
|
|
SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
|
|
# The port on which the sandbox service runs
|
|
SANDBOX_PORT=8194
|
|
|
|
# ------------------------------
|
|
# Environment Variables for weaviate Service
|
|
# (only used when VECTOR_STORE is weaviate)
|
|
# ------------------------------
|
|
WEAVIATE_PERSISTENCE_DATA_PATH='/var/lib/weaviate'
|
|
WEAVIATE_QUERY_DEFAULTS_LIMIT=25
|
|
WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
|
|
WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
|
|
WEAVIATE_CLUSTER_HOSTNAME=node1
|
|
WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
|
|
WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
|
|
WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
|
|
WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
|
|
WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
|
|
|
|
# ------------------------------
|
|
# Environment Variables for Chroma
|
|
# (only used when VECTOR_STORE is chroma)
|
|
# ------------------------------
|
|
|
|
# Authentication credentials for Chroma server
|
|
CHROMA_SERVER_AUTHN_CREDENTIALS=difyai123456
|
|
# Authentication provider for Chroma server
|
|
CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
|
|
# Persistence setting for Chroma server
|
|
CHROMA_IS_PERSISTENT=TRUE
|
|
|
|
# ------------------------------
|
|
# Environment Variables for Oracle Service
|
|
# (only used when VECTOR_STORE is Oracle)
|
|
# ------------------------------
|
|
ORACLE_PWD=Dify123456
|
|
ORACLE_CHARACTERSET=AL32UTF8
|
|
|
|
# ------------------------------
|
|
# Environment Variables for milvus Service
|
|
# (only used when VECTOR_STORE is milvus)
|
|
# ------------------------------
|
|
# ETCD configuration for auto compaction mode
|
|
ETCD_AUTO_COMPACTION_MODE=revision
|
|
# ETCD configuration for auto compaction retention in terms of number of revisions
|
|
ETCD_AUTO_COMPACTION_RETENTION=1000
|
|
# ETCD configuration for backend quota in bytes
|
|
ETCD_QUOTA_BACKEND_BYTES=4294967296
|
|
# ETCD configuration for the number of changes before triggering a snapshot
|
|
ETCD_SNAPSHOT_COUNT=50000
|
|
# MinIO access key for authentication
|
|
MINIO_ACCESS_KEY=minioadmin
|
|
# MinIO secret key for authentication
|
|
MINIO_SECRET_KEY=minioadmin
|
|
# ETCD service endpoints
|
|
ETCD_ENDPOINTS=etcd:2379
|
|
# MinIO service address
|
|
MINIO_ADDRESS=minio:9000
|
|
# Enable or disable security authorization
|
|
MILVUS_AUTHORIZATION_ENABLED=true
|
|
|
|
# ------------------------------
|
|
# Environment Variables for pgvector / pgvector-rs Service
|
|
# (only used when VECTOR_STORE is pgvector / pgvector-rs)
|
|
# ------------------------------
|
|
PGVECTOR_PGUSER=postgres
|
|
# The password for the default postgres user.
|
|
PGVECTOR_POSTGRES_PASSWORD=difyai123456
|
|
# The name of the default postgres database.
|
|
PGVECTOR_POSTGRES_DB=dify
|
|
# postgres data directory
|
|
PGVECTOR_PGDATA=/var/lib/postgresql/data/pgdata
|
|
|
|
# ------------------------------
|
|
# Environment Variables for opensearch
|
|
# (only used when VECTOR_STORE is opensearch)
|
|
# ------------------------------
|
|
OPENSEARCH_DISCOVERY_TYPE=single-node
|
|
OPENSEARCH_BOOTSTRAP_MEMORY_LOCK=true
|
|
OPENSEARCH_JAVA_OPTS_MIN=512m
|
|
OPENSEARCH_JAVA_OPTS_MAX=1024m
|
|
OPENSEARCH_INITIAL_ADMIN_PASSWORD=Qazwsxedc!@#123
|
|
OPENSEARCH_MEMLOCK_SOFT=-1
|
|
OPENSEARCH_MEMLOCK_HARD=-1
|
|
OPENSEARCH_NOFILE_SOFT=65536
|
|
OPENSEARCH_NOFILE_HARD=65536
|
|
|
|
# ------------------------------
|
|
# Environment Variables for Nginx reverse proxy
|
|
# ------------------------------
|
|
NGINX_SERVER_NAME=_
|
|
NGINX_HTTPS_ENABLED=false
|
|
# HTTP port
|
|
NGINX_PORT=80
|
|
# SSL settings are only applied when HTTPS_ENABLED is true
|
|
NGINX_SSL_PORT=443
|
|
# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
|
|
# and modify the env vars below accordingly.
|
|
NGINX_SSL_CERT_FILENAME=dify.crt
|
|
NGINX_SSL_CERT_KEY_FILENAME=dify.key
|
|
NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3
|
|
|
|
# Nginx performance tuning
|
|
NGINX_WORKER_PROCESSES=auto
|
|
NGINX_CLIENT_MAX_BODY_SIZE=15M
|
|
NGINX_KEEPALIVE_TIMEOUT=65
|
|
|
|
# Proxy settings
|
|
NGINX_PROXY_READ_TIMEOUT=3600s
|
|
NGINX_PROXY_SEND_TIMEOUT=3600s
|
|
|
|
# ------------------------------
|
|
# Environment Variables for SSRF Proxy
|
|
# ------------------------------
|
|
SSRF_HTTP_PORT=3128
|
|
SSRF_COREDUMP_DIR=/var/spool/squid
|
|
SSRF_REVERSE_PROXY_PORT=8194
|
|
SSRF_SANDBOX_HOST=sandbox
|
|
|
|
# ------------------------------
|
|
# docker env var for specifying vector db type at startup
|
|
# (based on the vector db type, the corresponding docker
|
|
# compose profile will be used)
|
|
# ------------------------------
|
|
COMPOSE_PROFILES=${VECTOR_STORE:-weaviate}
|
|
|
|
# ------------------------------
|
|
# Docker Compose Service Expose Host Port Configurations
|
|
# ------------------------------
|
|
EXPOSE_NGINX_PORT=80
|
|
EXPOSE_NGINX_SSL_PORT=443
|