dify/docker/docker-compose.middleware.yaml

services:
  # The postgres database.
  db:
    image: postgres:15-alpine
    restart: always
    env_file:
      - ./middleware.env
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
      POSTGRES_DB: ${POSTGRES_DB:-dify}
      PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
    volumes:
      - ./volumes/db/data:/var/lib/postgresql/data
    ports:
      - "${EXPOSE_POSTGRES_PORT:-5432}:5432"

  # The redis cache.
  redis:
    image: redis:6-alpine
    restart: always
    volumes:
      # Mount the redis data directory to the container.
      - ./volumes/redis/data:/data
    # Set the redis password when startup redis server.
    command: redis-server --requirepass difyai123456
    ports:
      - "${EXPOSE_REDIS_PORT:-6379}:6379"

  # The DifySandbox
  sandbox:
    image: langgenius/dify-sandbox:0.2.1
    restart: always
    environment:
      # The DifySandbox configurations
      # Make sure you are changing this key for your deployment with a strong key.
      # You can generate a strong key using `openssl rand -base64 42`.
      API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
      GIN_MODE: ${SANDBOX_GIN_MODE:-release}
      WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
      ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
      HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
      HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
      SANDBOX_PORT: ${SANDBOX_PORT:-8194}
    volumes:
      - ./volumes/sandbox/dependencies:/dependencies
    networks:
      - ssrf_proxy_network

  # ssrf_proxy server
  # for more information, please refer to
  # https://docs.dify.ai/learn-more/faq/self-host-faq#id-18.-why-is-ssrf_proxy-needed
  ssrf_proxy:
    image: ubuntu/squid:latest
    restart: always
    volumes:
      - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
      - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
    entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
    environment:
      # pls clearly modify the squid env vars to fit your network environment.
      HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
      COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
      REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
      SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
      SANDBOX_PORT: ${SANDBOX_PORT:-8194}
    ports:
      - "${EXPOSE_SSRF_PROXY_PORT:-3128}:${SSRF_HTTP_PORT:-3128}"
      - "${EXPOSE_SANDBOX_PORT:-8194}:${SANDBOX_PORT:-8194}"
    networks:
      - ssrf_proxy_network
      - default

  # The Weaviate vector store.
  weaviate:
    image: semitechnologies/weaviate:1.19.0
    profiles:
      - weaviate
    restart: always
    volumes:
      # Mount the Weaviate data directory to the container.
      - ./volumes/weaviate:/var/lib/weaviate
    env_file:
      - ./middleware.env
    environment:
      # The Weaviate configurations
      # You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
      PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
      QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
      DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
      CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
      AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
      AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}
      AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
      AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
      AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
    ports:
      - "${EXPOSE_WEAVIATE_PORT:-8080}:8080"

networks:
  # create a network between sandbox, api and ssrf_proxy, and can not access outside.
  ssrf_proxy_network:
    driver: bridge
    internal: true
Initial commit 2023-05-15 08:51:32 +08:00			`services:`
			`# The postgres database.`
			`db:`
			`image: postgres:15-alpine`
			`restart: always`
Chore/improve deployment flow (#4299) Co-authored-by: 天魂 <365125264@qq.com> 2024-06-28 17:37:52 +08:00			`env_file:`
			`- ./middleware.env`
Initial commit 2023-05-15 08:51:32 +08:00			`environment:`
Chore/improve deployment flow (#4299) Co-authored-by: 天魂 <365125264@qq.com> 2024-06-28 17:37:52 +08:00			`POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}`
			`POSTGRES_DB: ${POSTGRES_DB:-dify}`
			`PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}`
Initial commit 2023-05-15 08:51:32 +08:00			`volumes:`
			`- ./volumes/db/data:/var/lib/postgresql/data`
			`ports:`
chore: remove port expose in docker compose (#5754) Co-authored-by: Chenhe Gu <guchenhe@gmail.com> 2024-06-30 10:31:31 +08:00			`- "${EXPOSE_POSTGRES_PORT:-5432}:5432"`
Initial commit 2023-05-15 08:51:32 +08:00
			`# The redis cache.`
			`redis:`
			`image: redis:6-alpine`
			`restart: always`
			`volumes:`
			`# Mount the redis data directory to the container.`
			`- ./volumes/redis/data:/data`
			`# Set the redis password when startup redis server.`
			`command: redis-server --requirepass difyai123456`
			`ports:`
chore: remove port expose in docker compose (#5754) Co-authored-by: Chenhe Gu <guchenhe@gmail.com> 2024-06-30 10:31:31 +08:00			`- "${EXPOSE_REDIS_PORT:-6379}:6379"`
feat: qdrant support in docker compose (#1286) 2023-10-08 12:04:04 -05:00
FEAT: NEW WORKFLOW ENGINE (#3160) Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: Yeuoly <admin@srmxy.cn> Co-authored-by: JzoNg <jzongcode@gmail.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> Co-authored-by: jyong <jyong@dify.ai> Co-authored-by: nite-knite <nkCoding@gmail.com> Co-authored-by: jyong <718720800@qq.com> 2024-04-08 18:51:46 +08:00			`# The DifySandbox`
			`sandbox:`
chore: upgrade sandbox (#4839) 2024-06-02 11:30:14 +08:00			`image: langgenius/dify-sandbox:0.2.1`
FEAT: NEW WORKFLOW ENGINE (#3160) Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: Yeuoly <admin@srmxy.cn> Co-authored-by: JzoNg <jzongcode@gmail.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> Co-authored-by: jyong <jyong@dify.ai> Co-authored-by: nite-knite <nkCoding@gmail.com> Co-authored-by: jyong <718720800@qq.com> 2024-04-08 18:51:46 +08:00			`restart: always`
			`environment:`
			`# The DifySandbox configurations`
improve: code upgrade (#4231) 2024-05-13 14:39:14 +08:00			`# Make sure you are changing this key for your deployment with a strong key.`
			# You can generate a strong key using `openssl rand -base64 42`.
Chore/improve docker compose (#5784) 2024-07-01 01:11:33 +08:00			`API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}`
			`GIN_MODE: ${SANDBOX_GIN_MODE:-release}`
			`WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}`
			`ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}`
			`HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}`
			`HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}`
Chore/improve deployment flow (#4299) Co-authored-by: 天魂 <365125264@qq.com> 2024-06-28 17:37:52 +08:00			`SANDBOX_PORT: ${SANDBOX_PORT:-8194}`
improve: code upgrade (#4231) 2024-05-13 14:39:14 +08:00			`volumes:`
			`- ./volumes/sandbox/dependencies:/dependencies`
			`networks:`
			`- ssrf_proxy_network`

			`# ssrf_proxy server`
			`# for more information, please refer to`
Chores: add missing profile for middleware docker compose cmd and fix ssrf-proxy doc link (#6372) Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> 2024-07-24 19:36:06 +08:00			`# https://docs.dify.ai/learn-more/faq/self-host-faq#id-18.-why-is-ssrf_proxy-needed`
improve: code upgrade (#4231) 2024-05-13 14:39:14 +08:00			`ssrf_proxy:`
			`image: ubuntu/squid:latest`
			`restart: always`
Chore/improve deployment flow (#4299) Co-authored-by: 天魂 <365125264@qq.com> 2024-06-28 17:37:52 +08:00			`volumes:`
			`- ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template`
Chore/improve docker compose (#5784) 2024-07-01 01:11:33 +08:00			`- ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh`
fix: ssrf proxy and nginx entrypoint command in docker-compose files (#5803) 2024-07-01 14:48:27 +08:00			`entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]`
Chore/improve deployment flow (#4299) Co-authored-by: 天魂 <365125264@qq.com> 2024-06-28 17:37:52 +08:00			`environment:`
			`# pls clearly modify the squid env vars to fit your network environment.`
chore: remove port expose in docker compose (#5754) Co-authored-by: Chenhe Gu <guchenhe@gmail.com> 2024-06-30 10:31:31 +08:00			`HTTP_PORT: ${SSRF_HTTP_PORT:-3128}`
Chore/improve docker compose (#5784) 2024-07-01 01:11:33 +08:00			`COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}`
			`REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}`
			`SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}`
Chore/improve deployment flow (#4299) Co-authored-by: 天魂 <365125264@qq.com> 2024-06-28 17:37:52 +08:00			`SANDBOX_PORT: ${SANDBOX_PORT:-8194}`
chore: remove port expose in docker compose (#5754) Co-authored-by: Chenhe Gu <guchenhe@gmail.com> 2024-06-30 10:31:31 +08:00			`ports:`
			`- "${EXPOSE_SSRF_PROXY_PORT:-3128}:${SSRF_HTTP_PORT:-3128}"`
			`- "${EXPOSE_SANDBOX_PORT:-8194}:${SANDBOX_PORT:-8194}"`
improve: code upgrade (#4231) 2024-05-13 14:39:14 +08:00			`networks:`
			`- ssrf_proxy_network`
			`- default`

chore: remove port expose in docker compose (#5754) Co-authored-by: Chenhe Gu <guchenhe@gmail.com> 2024-06-30 10:31:31 +08:00			`# The Weaviate vector store.`
			`weaviate:`
			`image: semitechnologies/weaviate:1.19.0`
			`profiles:`
			`- weaviate`
			`restart: always`
			`volumes:`
			`# Mount the Weaviate data directory to the container.`
			`- ./volumes/weaviate:/var/lib/weaviate`
			`env_file:`
			`- ./middleware.env`
			`environment:`
			`# The Weaviate configurations`
			`# You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.`
Chore/improve docker compose (#5784) 2024-07-01 01:11:33 +08:00			`PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}`
			`QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}`
			`AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}`
			`DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}`
			`CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}`
			`AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}`
			`AUTHENTICATION_APIKEY_ALLOWED_KEYS: ${WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS:-WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih}`
			`AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}`
			`AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}`
			`AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}`
chore: remove port expose in docker compose (#5754) Co-authored-by: Chenhe Gu <guchenhe@gmail.com> 2024-06-30 10:31:31 +08:00			`ports:`
			`- "${EXPOSE_WEAVIATE_PORT:-8080}:8080"`

improve: code upgrade (#4231) 2024-05-13 14:39:14 +08:00			`networks:`
			`# create a network between sandbox, api and ssrf_proxy, and can not access outside.`
			`ssrf_proxy_network:`
			`driver: bridge`
			`internal: true`