dify

Paused

App Files Files Community

dify / docker-legacy /docker-compose.yaml

Severian

initial commit

a8b3f00 12 months ago

raw

history blame

24.3 kB

	version: '3'
	services:
	# API service
	api:
	image: langgenius/dify-api:0.11.0
	restart: always
	environment:
	# Startup mode, 'api' starts the API server.
	MODE: api
	# The log level for the application. Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
	LOG_LEVEL: INFO
	# enable DEBUG mode to output more logs
	# DEBUG : true
	# A secret key that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`.
	SECRET_KEY: sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
	# The base URL of console application web frontend, refers to the Console base URL of WEB service if console domain is
	# different from api or web app domain.
	# example: http://cloud.dify.ai
	CONSOLE_WEB_URL: ''
	# Password for admin user initialization.
	# If left unset, admin user will not be prompted for a password when creating the initial admin account.
	INIT_PASSWORD: ''
	# The base URL of console application api server, refers to the Console base URL of WEB service if console domain is
	# different from api or web app domain.
	# example: http://cloud.dify.ai
	CONSOLE_API_URL: ''
	# The URL prefix for Service API endpoints, refers to the base URL of the current API service if api domain is
	# different from console domain.
	# example: http://api.dify.ai
	SERVICE_API_URL: ''
	# The URL prefix for Web APP frontend, refers to the Web App base URL of WEB service if web app domain is different from
	# console or api domain.
	# example: http://udify.app
	APP_WEB_URL: ''
	# File preview or download Url prefix.
	# used to display File preview or download Url to the front-end or as Multi-model inputs;
	# Url is signed and has expiration time.
	FILES_URL: ''
	# File Access Time specifies a time interval in seconds for the file to be accessed.
	# The default value is 300 seconds.
	FILES_ACCESS_TIMEOUT: 300
	# The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
	APP_MAX_ACTIVE_REQUESTS: 0
	# When enabled, migrations will be executed prior to application startup and the application will start after the migrations have completed.
	MIGRATION_ENABLED: 'true'
	# The configurations of postgres database connection.
	# It is consistent with the configuration in the 'db' service below.
	DB_USERNAME: postgres
	DB_PASSWORD: difyai123456
	DB_HOST: db
	DB_PORT: 5432
	DB_DATABASE: dify
	# The configurations of redis connection.
	# It is consistent with the configuration in the 'redis' service below.
	REDIS_HOST: redis
	REDIS_PORT: 6379
	REDIS_USERNAME: ''
	REDIS_PASSWORD: difyai123456
	REDIS_USE_SSL: 'false'
	# use redis db 0 for redis cache
	REDIS_DB: 0
	# The configurations of celery broker.
	# Use redis as the broker, and redis db 1 for celery broker.
	CELERY_BROKER_URL: redis://:difyai123456@redis:6379/1
	# Specifies the allowed origins for cross-origin requests to the Web API, e.g. https://dify.app or * for all origins.
	WEB_API_CORS_ALLOW_ORIGINS: '*'
	# Specifies the allowed origins for cross-origin requests to the console API, e.g. https://cloud.dify.ai or * for all origins.
	CONSOLE_CORS_ALLOW_ORIGINS: '*'
	# CSRF Cookie settings
	# Controls whether a cookie is sent with cross-site requests,
	# providing some protection against cross-site request forgery attacks
	#
	# Default: `SameSite=Lax, Secure=false, HttpOnly=true`
	# This default configuration supports same-origin requests using either HTTP or HTTPS,
	# but does not support cross-origin requests. It is suitable for local debugging purposes.
	#
	# If you want to enable cross-origin support,
	# you must use the HTTPS protocol and set the configuration to `SameSite=None, Secure=true, HttpOnly=true`.
	#
	# The type of storage to use for storing user files. Supported values are `local` and `s3` and `azure-blob` and `google-storage`, Default: `local`
	STORAGE_TYPE: local
	# The path to the local storage directory, the directory relative the root path of API service codes or absolute path. Default: `storage` or `/home/john/storage`.
	# only available when STORAGE_TYPE is `local`.
	STORAGE_LOCAL_PATH: storage
	# The S3 storage configurations, only available when STORAGE_TYPE is `s3`.
	S3_USE_AWS_MANAGED_IAM: 'false'
	S3_ENDPOINT: 'https://xxx.r2.cloudflarestorage.com'
	S3_BUCKET_NAME: 'difyai'
	S3_ACCESS_KEY: 'ak-difyai'
	S3_SECRET_KEY: 'sk-difyai'
	S3_REGION: 'us-east-1'
	# The Azure Blob storage configurations, only available when STORAGE_TYPE is `azure-blob`.
	AZURE_BLOB_ACCOUNT_NAME: 'difyai'
	AZURE_BLOB_ACCOUNT_KEY: 'difyai'
	AZURE_BLOB_CONTAINER_NAME: 'difyai-container'
	AZURE_BLOB_ACCOUNT_URL: 'https://<your_account_name>.blob.core.windows.net'
	# The Google storage configurations, only available when STORAGE_TYPE is `google-storage`.
	GOOGLE_STORAGE_BUCKET_NAME: 'yout-bucket-name'
	# if you want to use Application Default Credentials, you can leave GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 empty.
	GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: 'your-google-service-account-json-base64-string'
	# The Alibaba Cloud OSS configurations, only available when STORAGE_TYPE is `aliyun-oss`
	ALIYUN_OSS_BUCKET_NAME: 'your-bucket-name'
	ALIYUN_OSS_ACCESS_KEY: 'your-access-key'
	ALIYUN_OSS_SECRET_KEY: 'your-secret-key'
	ALIYUN_OSS_ENDPOINT: 'https://oss-ap-southeast-1-internal.aliyuncs.com'
	ALIYUN_OSS_REGION: 'ap-southeast-1'
	ALIYUN_OSS_AUTH_VERSION: 'v4'
	# The Tencent COS storage configurations, only available when STORAGE_TYPE is `tencent-cos`.
	TENCENT_COS_BUCKET_NAME: 'your-bucket-name'
	TENCENT_COS_SECRET_KEY: 'your-secret-key'
	TENCENT_COS_SECRET_ID: 'your-secret-id'
	TENCENT_COS_REGION: 'your-region'
	TENCENT_COS_SCHEME: 'your-scheme'
	# The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`,`pgvector`, `chroma`, 'opensearch', 'tidb_vector'.
	VECTOR_STORE: weaviate
	# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
	WEAVIATE_ENDPOINT: http://weaviate:8080
	# The Weaviate API key.
	WEAVIATE_API_KEY: WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
	# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
	QDRANT_URL: http://qdrant:6333
	# The Qdrant API key.
	QDRANT_API_KEY: difyai123456
	# The Qdrant client timeout setting.
	QDRANT_CLIENT_TIMEOUT: 20
	# The Qdrant client enable gRPC mode.
	QDRANT_GRPC_ENABLED: 'false'
	# The Qdrant server gRPC mode PORT.
	QDRANT_GRPC_PORT: 6334
	# Milvus configuration Only available when VECTOR_STORE is `milvus`.
	# The milvus uri.
	MILVUS_URI: http://127.0.0.1:19530
	# The milvus token.
	MILVUS_TOKEN: ''
	# The milvus username.
	MILVUS_USER: root
	# The milvus password.
	MILVUS_PASSWORD: Milvus
	# relyt configurations
	RELYT_HOST: db
	RELYT_PORT: 5432
	RELYT_USER: postgres
	RELYT_PASSWORD: difyai123456
	RELYT_DATABASE: postgres
	# pgvector configurations
	PGVECTOR_HOST: pgvector
	PGVECTOR_PORT: 5432
	PGVECTOR_USER: postgres
	PGVECTOR_PASSWORD: difyai123456
	PGVECTOR_DATABASE: dify
	# tidb vector configurations
	TIDB_VECTOR_HOST: tidb
	TIDB_VECTOR_PORT: 4000
	TIDB_VECTOR_USER: xxx.root
	TIDB_VECTOR_PASSWORD: xxxxxx
	TIDB_VECTOR_DATABASE: dify
	# oracle configurations
	ORACLE_HOST: oracle
	ORACLE_PORT: 1521
	ORACLE_USER: dify
	ORACLE_PASSWORD: dify
	ORACLE_DATABASE: FREEPDB1
	# Chroma configuration
	CHROMA_HOST: 127.0.0.1
	CHROMA_PORT: 8000
	CHROMA_TENANT: default_tenant
	CHROMA_DATABASE: default_database
	CHROMA_AUTH_PROVIDER: chromadb.auth.token_authn.TokenAuthClientProvider
	CHROMA_AUTH_CREDENTIALS: xxxxxx
	# ElasticSearch Config
	ELASTICSEARCH_HOST: 127.0.0.1
	ELASTICSEARCH_PORT: 9200
	ELASTICSEARCH_USERNAME: elastic
	ELASTICSEARCH_PASSWORD: elastic
	# Mail configuration, support: resend, smtp
	MAIL_TYPE: ''
	# default send from email address, if not specified
	MAIL_DEFAULT_SEND_FROM: 'YOUR EMAIL FROM (eg: no-reply <[email protected]>)'
	SMTP_SERVER: ''
	SMTP_PORT: 465
	SMTP_USERNAME: ''
	SMTP_PASSWORD: ''
	SMTP_USE_TLS: 'true'
	SMTP_OPPORTUNISTIC_TLS: 'false'
	# the api-key for resend (https://resend.com)
	RESEND_API_KEY: ''
	RESEND_API_URL: https://api.resend.com
	# The DSN for Sentry error reporting. If not set, Sentry error reporting will be disabled.
	SENTRY_DSN: ''
	# The sample rate for Sentry events. Default: `1.0`
	SENTRY_TRACES_SAMPLE_RATE: 1.0
	# The sample rate for Sentry profiles. Default: `1.0`
	SENTRY_PROFILES_SAMPLE_RATE: 1.0
	# Notion import configuration, support public and internal
	NOTION_INTEGRATION_TYPE: public
	NOTION_CLIENT_SECRET: you-client-secret
	NOTION_CLIENT_ID: you-client-id
	NOTION_INTERNAL_SECRET: you-internal-secret
	# The sandbox service endpoint.
	CODE_EXECUTION_ENDPOINT: "http://sandbox:8194"
	CODE_EXECUTION_API_KEY: dify-sandbox
	CODE_MAX_NUMBER: 9223372036854775807
	CODE_MIN_NUMBER: -9223372036854775808
	CODE_MAX_STRING_LENGTH: 80000
	TEMPLATE_TRANSFORM_MAX_LENGTH: 80000
	CODE_MAX_STRING_ARRAY_LENGTH: 30
	CODE_MAX_OBJECT_ARRAY_LENGTH: 30
	CODE_MAX_NUMBER_ARRAY_LENGTH: 1000
	# SSRF Proxy server
	SSRF_PROXY_HTTP_URL: 'http://ssrf_proxy:3128'
	SSRF_PROXY_HTTPS_URL: 'http://ssrf_proxy:3128'
	# Indexing configuration
	INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: 1000
	depends_on:
	- db
	- redis
	volumes:
	# Mount the storage directory to the container, for storing user files.
	- ./volumes/app/storage:/app/api/storage
	# uncomment to expose dify-api port to host
	# ports:
	# - "5001:5001"
	networks:
	- ssrf_proxy_network
	- default

	# worker service
	# The Celery worker for processing the queue.
	worker:
	image: langgenius/dify-api:0.11.0
	restart: always
	environment:
	CONSOLE_WEB_URL: ''
	# Startup mode, 'worker' starts the Celery worker for processing the queue.
	MODE: worker

	# --- All the configurations below are the same as those in the 'api' service. ---

	# The log level for the application. Supported values are `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
	LOG_LEVEL: INFO
	# A secret key that is used for securely signing the session cookie and encrypting sensitive information on the database. You can generate a strong key using `openssl rand -base64 42`.
	# same as the API service
	SECRET_KEY: sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
	# The configurations of postgres database connection.
	# It is consistent with the configuration in the 'db' service below.
	DB_USERNAME: postgres
	DB_PASSWORD: difyai123456
	DB_HOST: db
	DB_PORT: 5432
	DB_DATABASE: dify
	# The configurations of redis cache connection.
	REDIS_HOST: redis
	REDIS_PORT: 6379
	REDIS_USERNAME: ''
	REDIS_PASSWORD: difyai123456
	REDIS_DB: 0
	REDIS_USE_SSL: 'false'
	# The configurations of celery broker.
	CELERY_BROKER_URL: redis://:difyai123456@redis:6379/1
	# The type of storage to use for storing user files. Supported values are `local` and `s3` and `azure-blob` and `google-storage`, Default: `local`
	STORAGE_TYPE: local
	STORAGE_LOCAL_PATH: storage
	# The S3 storage configurations, only available when STORAGE_TYPE is `s3`.
	S3_USE_AWS_MANAGED_IAM: 'false'
	S3_ENDPOINT: 'https://xxx.r2.cloudflarestorage.com'
	S3_BUCKET_NAME: 'difyai'
	S3_ACCESS_KEY: 'ak-difyai'
	S3_SECRET_KEY: 'sk-difyai'
	S3_REGION: 'us-east-1'
	# The Azure Blob storage configurations, only available when STORAGE_TYPE is `azure-blob`.
	AZURE_BLOB_ACCOUNT_NAME: 'difyai'
	AZURE_BLOB_ACCOUNT_KEY: 'difyai'
	AZURE_BLOB_CONTAINER_NAME: 'difyai-container'
	AZURE_BLOB_ACCOUNT_URL: 'https://<your_account_name>.blob.core.windows.net'
	# The Google storage configurations, only available when STORAGE_TYPE is `google-storage`.
	GOOGLE_STORAGE_BUCKET_NAME: 'yout-bucket-name'
	# if you want to use Application Default Credentials, you can leave GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64 empty.
	GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: 'your-google-service-account-json-base64-string'
	# The Alibaba Cloud OSS configurations, only available when STORAGE_TYPE is `aliyun-oss`
	ALIYUN_OSS_BUCKET_NAME: 'your-bucket-name'
	ALIYUN_OSS_ACCESS_KEY: 'your-access-key'
	ALIYUN_OSS_SECRET_KEY: 'your-secret-key'
	ALIYUN_OSS_ENDPOINT: 'https://oss-ap-southeast-1-internal.aliyuncs.com'
	ALIYUN_OSS_REGION: 'ap-southeast-1'
	ALIYUN_OSS_AUTH_VERSION: 'v4'
	# The Tencent COS storage configurations, only available when STORAGE_TYPE is `tencent-cos`.
	TENCENT_COS_BUCKET_NAME: 'your-bucket-name'
	TENCENT_COS_SECRET_KEY: 'your-secret-key'
	TENCENT_COS_SECRET_ID: 'your-secret-id'
	TENCENT_COS_REGION: 'your-region'
	TENCENT_COS_SCHEME: 'your-scheme'
	# The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`, `pgvector`, `chroma`, 'opensearch', 'tidb_vector'.
	VECTOR_STORE: weaviate
	# The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
	WEAVIATE_ENDPOINT: http://weaviate:8080
	# The Weaviate API key.
	WEAVIATE_API_KEY: WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
	# The Qdrant endpoint URL. Only available when VECTOR_STORE is `qdrant`.
	QDRANT_URL: http://qdrant:6333
	# The Qdrant API key.
	QDRANT_API_KEY: difyai123456
	# The Qdrant client timeout setting.
	QDRANT_CLIENT_TIMEOUT: 20
	# The Qdrant client enable gRPC mode.
	QDRANT_GRPC_ENABLED: 'false'
	# The Qdrant server gRPC mode PORT.
	QDRANT_GRPC_PORT: 6334
	# Milvus configuration Only available when VECTOR_STORE is `milvus`.
	# The milvus uri.
	MILVUS_URI: http://127.0.0.1:19530
	# The milvus token.
	MILVUS_PORT: ''
	# The milvus username.
	MILVUS_USER: root
	# The milvus password.
	MILVUS_PASSWORD: Milvus
	# Mail configuration, support: resend
	MAIL_TYPE: ''
	# default send from email address, if not specified
	MAIL_DEFAULT_SEND_FROM: 'YOUR EMAIL FROM (eg: no-reply <[email protected]>)'
	SMTP_SERVER: ''
	SMTP_PORT: 465
	SMTP_USERNAME: ''
	SMTP_PASSWORD: ''
	SMTP_USE_TLS: 'true'
	SMTP_OPPORTUNISTIC_TLS: 'false'
	# the api-key for resend (https://resend.com)
	RESEND_API_KEY: ''
	RESEND_API_URL: https://api.resend.com
	# relyt configurations
	RELYT_HOST: db
	RELYT_PORT: 5432
	RELYT_USER: postgres
	RELYT_PASSWORD: difyai123456
	RELYT_DATABASE: postgres
	# tencent configurations
	TENCENT_VECTOR_DB_URL: http://127.0.0.1
	TENCENT_VECTOR_DB_API_KEY: dify
	TENCENT_VECTOR_DB_TIMEOUT: 30
	TENCENT_VECTOR_DB_USERNAME: dify
	TENCENT_VECTOR_DB_DATABASE: dify
	TENCENT_VECTOR_DB_SHARD: 1
	TENCENT_VECTOR_DB_REPLICAS: 2
	# OpenSearch configuration
	OPENSEARCH_HOST: 127.0.0.1
	OPENSEARCH_PORT: 9200
	OPENSEARCH_USER: admin
	OPENSEARCH_PASSWORD: admin
	OPENSEARCH_SECURE: 'true'
	# pgvector configurations
	PGVECTOR_HOST: pgvector
	PGVECTOR_PORT: 5432
	PGVECTOR_USER: postgres
	PGVECTOR_PASSWORD: difyai123456
	PGVECTOR_DATABASE: dify
	# tidb vector configurations
	TIDB_VECTOR_HOST: tidb
	TIDB_VECTOR_PORT: 4000
	TIDB_VECTOR_USER: xxx.root
	TIDB_VECTOR_PASSWORD: xxxxxx
	TIDB_VECTOR_DATABASE: dify
	# oracle configurations
	ORACLE_HOST: oracle
	ORACLE_PORT: 1521
	ORACLE_USER: dify
	ORACLE_PASSWORD: dify
	ORACLE_DATABASE: FREEPDB1
	# Chroma configuration
	CHROMA_HOST: 127.0.0.1
	CHROMA_PORT: 8000
	CHROMA_TENANT: default_tenant
	CHROMA_DATABASE: default_database
	CHROMA_AUTH_PROVIDER: chromadb.auth.token_authn.TokenAuthClientProvider
	CHROMA_AUTH_CREDENTIALS: xxxxxx
	# ElasticSearch Config
	ELASTICSEARCH_HOST: 127.0.0.1
	ELASTICSEARCH_PORT: 9200
	ELASTICSEARCH_USERNAME: elastic
	ELASTICSEARCH_PASSWORD: elastic
	# Notion import configuration, support public and internal
	NOTION_INTEGRATION_TYPE: public
	NOTION_CLIENT_SECRET: you-client-secret
	NOTION_CLIENT_ID: you-client-id
	NOTION_INTERNAL_SECRET: you-internal-secret
	# Indexing configuration
	INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: 1000
	depends_on:
	- db
	- redis
	volumes:
	# Mount the storage directory to the container, for storing user files.
	- ./volumes/app/storage:/app/api/storage
	networks:
	- ssrf_proxy_network
	- default

	# Frontend web application.
	web:
	image: langgenius/dify-web:0.11.0
	restart: always
	environment:
	# The base URL of console application api server, refers to the Console base URL of WEB service if console domain is
	# different from api or web app domain.
	# example: http://cloud.dify.ai
	CONSOLE_API_URL: ''
	# The URL for Web APP api server, refers to the Web App base URL of WEB service if web app domain is different from
	# console or api domain.
	# example: http://udify.app
	APP_API_URL: ''
	# The DSN for Sentry error reporting. If not set, Sentry error reporting will be disabled.
	SENTRY_DSN: ''
	# uncomment to expose dify-web port to host
	# ports:
	# - "3000:3000"

	# The postgres database.
	db:
	image: postgres:15-alpine
	restart: always
	environment:
	PGUSER: postgres
	# The password for the default postgres user.
	POSTGRES_PASSWORD: difyai123456
	# The name of the default postgres database.
	POSTGRES_DB: dify
	# postgres data directory
	PGDATA: /var/lib/postgresql/data/pgdata
	volumes:
	- ./volumes/db/data:/var/lib/postgresql/data
	# notice!: if you use windows-wsl2, postgres may not work properly due to the ntfs issue.you can use volumes to mount the data directory to the host.
	# if you use the following config, you need to uncomment the volumes configuration below at the end of the file.
	# - postgres:/var/lib/postgresql/data
	# uncomment to expose db(postgresql) port to host
	# ports:
	# - "5432:5432"
	healthcheck:
	test: [ "CMD", "pg_isready" ]
	interval: 1s
	timeout: 3s
	retries: 30

	# The redis cache.
	redis:
	image: redis:6-alpine
	restart: always
	volumes:
	# Mount the redis data directory to the container.
	- ./volumes/redis/data:/data
	# Set the redis password when startup redis server.
	command: redis-server --requirepass difyai123456
	healthcheck:
	test: [ "CMD", "redis-cli", "ping" ]
	# uncomment to expose redis port to host
	# ports:
	# - "6379:6379"

	# The Weaviate vector store.
	weaviate:
	image: semitechnologies/weaviate:1.19.0
	restart: always
	volumes:
	# Mount the Weaviate data directory to the container.
	- ./volumes/weaviate:/var/lib/weaviate
	environment:
	# The Weaviate configurations
	# You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
	QUERY_DEFAULTS_LIMIT: 25
	AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'false'
	PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
	DEFAULT_VECTORIZER_MODULE: 'none'
	CLUSTER_HOSTNAME: 'node1'
	AUTHENTICATION_APIKEY_ENABLED: 'true'
	AUTHENTICATION_APIKEY_ALLOWED_KEYS: 'WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih'
	AUTHENTICATION_APIKEY_USERS: '[email protected]'
	AUTHORIZATION_ADMINLIST_ENABLED: 'true'
	AUTHORIZATION_ADMINLIST_USERS: '[email protected]'
	# uncomment to expose weaviate port to host
	# ports:
	# - "8080:8080"

	# The DifySandbox
	sandbox:
	image: langgenius/dify-sandbox:0.2.1
	restart: always
	environment:
	# The DifySandbox configurations
	# Make sure you are changing this key for your deployment with a strong key.
	# You can generate a strong key using `openssl rand -base64 42`.
	API_KEY: dify-sandbox
	GIN_MODE: 'release'
	WORKER_TIMEOUT: 15
	ENABLE_NETWORK: 'true'
	HTTP_PROXY: 'http://ssrf_proxy:3128'
	HTTPS_PROXY: 'http://ssrf_proxy:3128'
	SANDBOX_PORT: 8194
	volumes:
	- ./volumes/sandbox/dependencies:/dependencies
	networks:
	- ssrf_proxy_network

	# ssrf_proxy server
	# for more information, please refer to
	# https://docs.dify.ai/learn-more/faq/install-faq#id-18.-why-is-ssrf_proxy-needed
	ssrf_proxy:
	image: ubuntu/squid:latest
	restart: always
	volumes:
	# pls clearly modify the squid.conf file to fit your network environment.
	- ./volumes/ssrf_proxy/squid.conf:/etc/squid/squid.conf
	networks:
	- ssrf_proxy_network
	- default
	# Qdrant vector store.
	# uncomment to use qdrant as vector store.
	# (if uncommented, you need to comment out the weaviate service above,
	# and set VECTOR_STORE to qdrant in the api & worker service.)
	# qdrant:
	# image: langgenius/qdrant:v1.7.3
	# restart: always
	# volumes:
	# - ./volumes/qdrant:/qdrant/storage
	# environment:
	# QDRANT_API_KEY: 'difyai123456'
	# # uncomment to expose qdrant port to host
	# # ports:
	# # - "6333:6333"
	# # - "6334:6334"

	# The pgvector vector database.
	# Uncomment to use qdrant as vector store.
	# pgvector:
	# image: pgvector/pgvector:pg16
	# restart: always
	# environment:
	# PGUSER: postgres
	# # The password for the default postgres user.
	# POSTGRES_PASSWORD: difyai123456
	# # The name of the default postgres database.
	# POSTGRES_DB: dify
	# # postgres data directory
	# PGDATA: /var/lib/postgresql/data/pgdata
	# volumes:
	# - ./volumes/pgvector/data:/var/lib/postgresql/data
	# # uncomment to expose db(postgresql) port to host
	# # ports:
	# # - "5433:5432"
	# healthcheck:
	# test: [ "CMD", "pg_isready" ]
	# interval: 1s
	# timeout: 3s
	# retries: 30

	# The oracle vector database.
	# Uncomment to use oracle23ai as vector store. Also need to Uncomment volumes block
	# oracle:
	# image: container-registry.oracle.com/database/free:latest
	# restart: always
	# ports:
	# - 1521:1521
	# volumes:
	# - type: volume
	# source: oradata
	# target: /opt/oracle/oradata
	# - ./startupscripts:/opt/oracle/scripts/startup
	# environment:
	# - ORACLE_PWD=Dify123456
	# - ORACLE_CHARACTERSET=AL32UTF8


	# The nginx reverse proxy.
	# used for reverse proxying the API service and Web service.
	nginx:
	image: nginx:latest
	restart: always
	volumes:
	- ./nginx/nginx.conf:/etc/nginx/nginx.conf
	- ./nginx/proxy.conf:/etc/nginx/proxy.conf
	- ./nginx/conf.d:/etc/nginx/conf.d
	#- ./nginx/ssl:/etc/ssl
	depends_on:
	- api
	- web
	ports:
	- "80:80"
	#- "443:443"
	# notice: if you use windows-wsl2, postgres may not work properly due to the ntfs issue.you can use volumes to mount the data directory to the host.
	# volumes:
	# postgres:
	networks:
	# create a network between sandbox, api and ssrf_proxy, and can not access outside.
	ssrf_proxy_network:
	driver: bridge
	internal: true

	#volumes:
	# oradata: