diff --git a/docker/README.md b/docker/README.md index c63d73851..9f7fc069a 100644 --- a/docker/README.md +++ b/docker/README.md @@ -6,6 +6,7 @@ - 🐳 [Docker Compose](#-docker-compose) - 🐬 [Docker environment variables](#-docker-environment-variables) - 🐋 [Service configuration](#-service-configuration) +- 📋 [Setup Examples](#-setup-examples) @@ -192,3 +193,77 @@ The [.env](./.env) file contains important environment variables for Docker. > [!TIP] > If you do not set the default LLM here, configure the default LLM on the **Settings** page in the RAGFlow UI. + + +## 📋 Setup Examples + +### 🔒 HTTPS Setup + +#### Prerequisites + +- A registered domain name pointing to your server +- Port 80 and 443 open on your server +- Docker and Docker Compose installed + +#### Getting and configuring certificates (Let's Encrypt) + +If you want your instance to be available under `https`, follow these steps: + +1. **Install Certbot and obtain certificates** + ```bash + # Ubuntu/Debian + sudo apt update && sudo apt install certbot + + # CentOS/RHEL + sudo yum install certbot + + # Obtain certificates (replace with your actual domain) + sudo certbot certonly --standalone -d your-ragflow-domain.com + ``` + +2. **Locate your certificates** + Once generated, your certificates will be located at: + - Certificate: `/etc/letsencrypt/live/your-ragflow-domain.com/fullchain.pem` + - Private key: `/etc/letsencrypt/live/your-ragflow-domain.com/privkey.pem` + +3. **Update docker-compose.yml** + Add the certificate volumes to the `ragflow` service in your `docker-compose.yml`: + ```yaml + services: + ragflow: + # ...existing configuration... + volumes: + # SSL certificates + - /etc/letsencrypt/live/your-ragflow-domain.com/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro + - /etc/letsencrypt/live/your-ragflow-domain.com/privkey.pem:/etc/nginx/ssl/privkey.pem:ro + # Switch to HTTPS nginx configuration + - ./nginx/ragflow.https.conf:/etc/nginx/conf.d/ragflow.conf + # ...other existing volumes... + + ``` + +4. **Update nginx configuration** + Edit `nginx/ragflow.https.conf` and replace `my_ragflow_domain.com` with your actual domain name. + +5. **Restart the services** + ```bash + docker-compose down + docker-compose up -d + ``` + + +> [!IMPORTANT] +> - Ensure your domain's DNS A record points to your server's IP address +> - Stop any services running on ports 80/443 before obtaining certificates with `--standalone` + +> [!TIP] +> For development or testing, you can use self-signed certificates, but browsers will show security warnings. + +#### Alternative: Using existing certificates + +If you already have SSL certificates from another provider: + +1. Place your certificates in a directory accessible to Docker +2. Update the volume paths in `docker-compose.yml` to point to your certificate files +3. Ensure the certificate file contains the full certificate chain +4. Follow steps 4-5 from the Let's Encrypt guide above \ No newline at end of file diff --git a/docker/nginx/ragflow.https.conf b/docker/nginx/ragflow.https.conf new file mode 100644 index 000000000..69aa3885f --- /dev/null +++ b/docker/nginx/ragflow.https.conf @@ -0,0 +1,41 @@ +server { + listen 80; + server_name your-ragflow-domain.com; + return 301 https://$host$request_uri; +} + + + +server { + listen 443 ssl; + server_name your-ragflow-domain.com; + + ssl_certificate /etc/nginx/ssl/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/privkey.pem; + + root /ragflow/web/dist; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 9; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + location ~ ^/(v1|api) { + proxy_pass http://ragflow:9380; + include proxy.conf; + } + + + location / { + index index.html; + try_files $uri $uri/ /index.html; + } + + # Cache-Control: max-age~@~AExpires + location ~ ^/static/(css|js|media)/ { + expires 10y; + access_log off; + } +}