This document may be outdated. Please refer to the latest configuration files:
The backend URL for the console API. This is used to construct the authorization callback. If left empty, it defaults to the same domain as the application. Example: https://api.console.dify.ai
The front-end URL of the console web interface. This is used to construct front-end addresses and for CORS configuration. If left empty, it defaults to the same domain as the application. Example: https://console.dify.ai
The Service API URL, used to display Service API Base URL in the front-end. If left empty, it defaults to the same domain as the application. Example: https://api.dify.ai
The WebApp API backend URL, used to specify the backend URL for the front-end API. If left empty, it defaults to the same domain as the application. Example: https://app.dify.ai
The WebApp URL, used to display File preview or download Url to the front-end or as Multi-model inputs; If left empty, it defaults to the same domain as the application. Example: https://udify.app/
The prefix for file preview or download URLs, used to display these URLs in the front-end and provide them as input for multi-modal models. To prevent forgery, image preview URLs are signed and expire after 5 minutes.
Startup mode: This is only available when launched using docker. It is not applicable when running from source code.
Debug mode: Disabled by default. It’s recommended to enable this setting during local development to prevent issues caused by monkey patching.
Flask debug mode: When enabled, it outputs trace information in the API responses, facilitating easier debugging.
A secret key used for securely signing session cookies and encrypting sensitive information in the database.
This variable must be set before the first launch.
Run openssl rand -base64 42
to generate a strong key for it.
Deployment environment:
The log output level. Default is INFO. For production environments, it’s recommended to set this to ERROR.
When set to true, database migrations are automatically executed on container startup. This is only available when launched using docker and does not apply when running from source code.
For source code launches, you need to manually run flask db upgrade
in the api directory.
Controls the version checking policy. If set to false, the system will not call https://updates.dify.ai
to check for updates.
Currently, the version check interface based on CloudFlare Worker is not directly accessible in China. Setting this variable to an empty value will disable this API call.
Default value: 60000 (milliseconds). Specifies the timeout for text generation and workflow processes. This setting prevents system-wide service disruptions caused by individual processes exceeding their allocated time.
Used to change the OpenAI base address, default is https://api.openai.com/v1.
When OpenAI cannot be accessed in China, replace it with a domestic mirror address, or when a local model provides OpenAI compatible API, it can be replaced.
Only effective when starting with docker image or docker-compose.
DIFY_BIND_ADDRESS: API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
DIFY_PORT: API service binding port number, default to 5001.
SERVER_WORKER_AMOUNT: The number of API server workers, i.e., the number of gevent workers. Formula: number of cpu cores x 2 + 1
Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
SERVER_WORKER_CLASS: Defaults to gevent. If using windows, it can be switched to sync or solo.
GUNICORN_TIMEOUT: Request handling timeout. Default is 200. Recommended value is 360 to support longer SSE (Server-Sent Events) connection times.
CELERY_WORKER_CLASS: Similar to SERVER_WORKER_CLASS
. Default is gevent. If using windows, it can be switched to sync or solo.
CELERY_WORKER_AMOUNT: The number of Celery workers. The default is 1, and can be set as needed.
The database uses PostgreSQL. Please use the public schema.
This Redis configuration is used for caching and for pub/sub during conversation.
<sentinel1_ip>:<sentinel1_port>,<sentinel2_ip>:<sentinel2_port>,<sentinel3_ip>:<sentinel3_port>
CELERY_BROKER_URL
Format as follows(direct connection mode):
Example: redis://:difyai123456@redis:6379/1
Sentinel mode:
Example: sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1
BROKER_USE_SSL: If set to true, use SSL protocol for connection, default is false
CELERY_USE_SENTINEL: If set to true, Sentinel mode will be enabled, default is false
CELERY_SENTINEL_MASTER_NAME: The service name of Sentinel, i.e., Master Name
CELERY_SENTINEL_SOCKET_TIMEOUT: Timeout for connecting to Sentinel, default value: 0.1, unit: seconds
Used to set the front-end cross-domain access policy.
*
, that is, all domains can access.*
, that is, all domains can access.Used to store uploaded data set files, team/tenant encryption keys, and other files.
STORAGE_TYPE
Type of storage facility
local (default): Local file storage, if this option is selected, the following STORAGE_LOCAL_PATH
configuration needs to be set.
s3: S3 object storage, if this option is selected, the following S3_ prefixed configurations need to be set.
azure-blob: Azure Blob object storage, if this option is selected, the following AZURE_BLOB_ prefixed configurations need to be set.
aliyun-oss: Alibaba Cloud OSS object storage, if this option is selected, the following ALIYUN_OSS_ prefixed configurations need to be set.
huawei-obs: Huawei OBS object storage, if this option is selected, the following HUAWEI_OBS_ prefixed configurations need to be set.
volcengine-tos: Volcengine TOS object storage, if this option is selected, the following VOLCENGINE_TOS_ prefixed configurations need to be set.
tencent-cos: Tencent Cloud COS object storage, if this option is selected, the following TENCENT_COS_ prefixed configurations need to be set.
STORAGE_LOCAL_PATH
Default is storage, that is, it is stored in the storage directory of the current directory.
If you are deploying with docker or docker-compose, be sure to mount the /app/api/storage
directory in both containers to the same local directory, otherwise, you may encounter file not found errors.
S3_ENDPOINT: S3 endpoint address
S3_BUCKET_NAME: S3 bucket name
S3_ACCESS_KEY: S3 Access Key
S3_SECRET_KEY: S3 Secret Key
S3_REGION: S3 region information, such as: us-east-1
AZURE_BLOB_ACCOUNT_NAME: your-account-name eg, ‘difyai’
AZURE_BLOB_ACCOUNT_KEY: your-account-key eg, ‘difyai’
AZURE_BLOB_CONTAINER_NAME: your-container-name eg, ‘difyai-container’
AZURE_BLOB_ACCOUNT_URL: ‘https://your_account_name.blob.core.windows.net’
ALIYUN_OSS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
ALIYUN_OSS_ACCESS_KEY: your-access-key eg, ‘difyai’
ALIYUN_OSS_SECRET_KEY: your-secret-key eg, ‘difyai’
ALIYUN_OSS_ENDPOINT: https://oss-ap-southeast-1-internal.aliyuncs.com # reference: https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints
ALIYUN_OSS_REGION: ap-southeast-1 # reference: https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints
ALIYUN_OSS_AUTH_VERSION: v4
ALIYUN_OSS_PATH: your-path # Don’t start with ’/’. OSS doesn’t support leading slash in object names. reference: https://www.alibabacloud.com/help/en/oss/support/0016-00000005
HUAWEI_OBS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
HUAWEI_OBS_SECRET_KEY: your-secret-key eg, ‘difyai’
HUAWEI_OBS_ACCESS_KEY: your-access-key eg, ‘difyai’
HUAWEI_OBS_SERVER: your-server-url # reference: https://support.huaweicloud.com/sdk-python-devg-obs/obs_22_0500.html
VOLCENGINE_TOS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
VOLCENGINE_TOS_SECRET_KEY: your-secret-key eg, ‘difyai’
VOLCENGINE_TOS_ACCESS_KEY: your-access-key eg, ‘difyai’
VOLCENGINE_TOS_REGION: your-region eg, ‘cn-guangzhou’ # reference: https://www.volcengine.com/docs/6349/107356
VOLCENGINE_TOS_ENDPOINT: your-endpoint eg, ‘tos-cn-guangzhou.volces.com’ # reference: https://www.volcengine.com/docs/6349/107356
TENCENT_COS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
TENCENT_COS_SECRET_KEY: your-secret-key eg, ‘difyai’
TENCENT_COS_SECRET_ID: your-secret-id eg, ‘difyai’
TENCENT_COS_REGION: your-region eg, ‘ap-guangzhou’ # reference: https://cloud.tencent.com/document/product/436/6224
TENCENT_COS_SCHEME: specify http/https protocol to access COS
VECTOR_STORE
Available enumeration types include:
weaviate
qdrant
milvus
zilliz
(share the same configuration as milvus
)myscale
pinecone
(not yet open)analyticdb
couchbase
oceanbase
tablestore
lindorm
tencent
opengauss
WEAVIATE_ENDPOINT
Weaviate endpoint address, such as: http://weaviate:8080
.
WEAVIATE_API_KEY
The api-key credential used to connect to Weaviate.
WEAVIATE_BATCH_SIZE
The number of index Objects created in batches in Weaviate, default is 100.
Refer to this document: https://weaviate.io/developers/weaviate/manage-data/import#how-to-set-batch-parameters
WEAVIATE_GRPC_ENABLED
Whether to use the gRPC method to interact with Weaviate, performance will greatly increase when enabled, may not be usable locally, default is true.
QDRANT_URL
Qdrant endpoint address, such as: https://your-qdrant-cluster-url.qdrant.tech/
QDRANT_API_KEY
The api-key credential used to connect to Qdrant.
PINECONE_API_KEY
The api-key credential used to connect to Pinecone.
PINECONE_ENVIRONMENT
The environment where Pinecone is located, such as: us-east4-gcp
MILVUS_URI
Milvus uri configuration. e.g. http://host.docker.internal:19530
. For Zilliz Cloud, adjust the uri and token to the Public Endpoint and API Key.
MILVUS_TOKEN
Milvus token configuration, default is empty.
MILVUS_USER
Milvus user configuration, default is empty.
MILVUS_PASSWORD
Milvus password configuration, default is empty.
MYSCALE_HOST
MyScale host configuration.
MYSCALE_PORT
MyScale port configuration.
MYSCALE_USER
MyScale user configuration, default is default
.
MYSCALE_PASSWORD
MyScale password configuration, default is empty.
MYSCALE_DATABASE
MyScale database configuration, default is default
.
MYSCALE_FTS_PARAMS
MyScale text-search params, check MyScale docs for multi-language support, default is empty.
ANALYTICDB_KEY_ID
The access key ID used for Aliyun OpenAPI authentication. Read the Analyticdb documentation to create your AccessKey.
ANALYTICDB_KEY_SECRET
The access key secret used for Aliyun OpenAPI authentication.
ANALYTICDB_INSTANCE_ID
The unique identifier for your AnalyticDB instance, such as : gp-xxxxxx
. Read the Analyticdb documentation to create your instance.
ANALYTICDB_REGION_ID
The region identifier where the AnalyticDB instance is located, such as: cn-hangzhou
.
ANALYTICDB_ACCOUNT
The account name used to connect to the AnalyticDB instance. Read the Analyticdb documentation to create an account.
ANALYTICDB_PASSWORD
The password for the account used to connect to the AnalyticDB instance.
ANALYTICDB_NAMESPACE
The namespace(schema) within the AnalyticDB instance that you wish to interact with, such as dify
. If this namespace does not exist, it will be created automatically.
ANALYTICDB_NAMESPACE_PASSWORD
The password for the namespace(schema). If the namespace does not exist, it will be created with this password.
COUCHBASE_CONNECTION_STRING
The connection string for the Couchbase cluster.
COUCHBASE_USER
The username for the database user.
COUCHBASE_PASSWORD
The password for the database user.
COUCHBASE_BUCKET_NAME
The name of the bucket to use.
COUCHBASE_SCOPE_NAME
The name of the scope to use.
OCEANBASE_VECTOR_HOST
The hostname or IP address of OceanBase vector database.
OCEANBASE_VECTOR_PORT
The port of OceanBase vector database.
OCEANBASE_VECTOR_USER
The username of OceanBase vector database.
OCEANBASE_VECTOR_PASSWORD
The password of OceanBase vector database user.
OCEANBASE_VECTOR_DATABASE
The database name of OceanBase vector database.
OCEANBASE_CLUSTER_NAME
The cluster name of OceanBase vector database, only available for Docker deployment.
OCEANBASE_MEMORY_LIMIT
The memory limit of OceanBase vector database, only available for Docker deployment.
TABLESTORE_ENDPOINT
The endpoint address of the TableStore server (e.g. ‘https://instance-name.cn-hangzhou.ots.aliyuncs.com’)
TABLESTORE_INSTANCE_NAME
The instance name to access TableStore server (e.g. ‘instance-name’)
TABLESTORE_ACCESS_KEY_ID
The accessKey id for the instance name
TABLESTORE_ACCESS_KEY_SECRET
The accessKey secret for the instance name
LINDORM_URL
The URL of LINDORM search engine,you can get it from the console
LINDORM_USERNAME
The username of lindorm search engine
LINDORM_PASSWORD
The password of lindorm search engine
TENCENT_VECTOR_DB_URL
The access address for Tencent Cloud VectorDB can be obtained from the console.
TENCENT_VECTOR_DB_API_KEY
The API key (password) for the VectorDB server is used for identity authentication. Key Management.
TENCENT_VECTOR_DB_USERNAME
The vector database account, default ‘root’. Account Management.
TENCENT_VECTOR_DB_TIMEOUT
Set the default request timeout duration.
TENCENT_VECTOR_DB_DATABASE
Set up a Database for storing data. Create Database.
TENCENT_VECTOR_DB_SHARD
Specify the number of shards.
TENCENT_VECTOR_DB_REPLICAS
Specify the number of replicas.
TENCENT_VECTOR_DB_ENABLE_HYBRID_SEARCH
Specify whether to enable HybridSearch. Sparse Vector Documentation.
MATRIXONE_HOST
The host of Matrixone database, default value is matrixone.
MATRIXONE_PORT
The port of Matrixone database, default value is 6001.
MATRIXONE_USER
The user of Matrixone database, default value is dump.
MATRIXONE_PASSWORD
The password of Matrixone database, default value is 111.
MATRIXONE_DATABASE
The database of Matrixone database, default value is dify.
OPENGAUSS_HOST
The hostname or IP address of the openGauss vector database.
OPENGAUSS_PORT
The port of the openGauss vector database.
OPENGAUSS_USER
The username of the openGauss vector database.
OPENGAUSS_PASSWORD
The password of the openGauss vector database.
OPENGAUSS_DATABASE
The database name of the openGauss vector database.
OPENGAUSS_MIN_CONNECTION
Min connection of the openGauss vector database.
OPENGAUSS_MAX_CONNECTION
Max connection of the openGauss vector database.
OPENGAUSS_ENABLE_PQ
Enabling PQ Acceleration for the openGauss vector database.
UPLOAD_FILE_SIZE_LIMIT: Upload file size limit, default 15M.
UPLOAD_FILE_BATCH_LIMIT: The maximum number of files that can be uploaded at a time, default 5.
ETL_TYPE
Available enumeration types include:
UNSTRUCTURED_API_URL
Unstructured API path, needs to be configured when ETL_TYPE is Unstructured.
For example: http://unstructured:8000/general/v0/general
TOP_K_MAX_VALUE
The maximum top-k value of RAG, default 10.
MULTIMODAL_SEND_IMAGE_FORMAT
The format of the image sent when the multi-modal model is input, the default is base64
, optional url
. The delay of the call in url
mode will be lower than that in base64
mode. It is generally recommended to use the more compatible base64
mode. If configured as url
, you need to configure FILES_URL
as an externally accessible address so that the multi-modal model can access the image.
UPLOAD_IMAGE_FILE_SIZE_LIMIT: Upload image file size limit, default 10M.
Used for application monitoring and error log tracking.
Notion integration configuration variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
NOTION_INTEGRATION_TYPE
is “internal”, you need to configure this variable.MAIL_TYPE
resend
smtp
sendgrid
For more details about the SendGrid email provider, please refer to the SendGrid documentation.
Used to specify the model providers and tools that can be used in the app. These settings allow you to customize which tools and model providers are available, as well as their order and inclusion/exclusion in the app’s interface.
For a list of available tools and model providers, please refer to the provided links.
POSITION_TOOL_PINS
Pin specific tools to the top of the list, ensuring they appear first in the interface. (Use comma-separated values with no spaces between items.)
Example: POSITION_TOOL_PINS=bing,google
POSITION_TOOL_INCLUDES
Specify the tools to be included in the app. Only the tools listed here will be available for use. If not set, all tools will be included unless specified in POSITION_TOOL_EXCLUDES. (Use comma-separated values with no spaces between items.)
Example: POSITION_TOOL_INCLUDES=bing,google
POSITION_TOOL_EXCLUDES
Exclude specific tools from being displayed or used in the app. Tools listed here will be omitted from the available options, except for pinned tools. (Use comma-separated values with no spaces between items.)
Example: POSITION_TOOL_EXCLUDES=yahoo,wolframalpha
POSITION_PROVIDER_PINS
Pin specific model providers to the top of the list, ensuring they appear first in the interface. (Use comma-separated values with no spaces between items.)
Example: POSITION_PROVIDER_PINS=openai,openllm
POSITION_PROVIDER_INCLUDES
Specify the model providers to be included in the app. Only the providers listed here will be available for use. If not set, all providers will be included unless specified in POSITION_PROVIDER_EXCLUDES. (Use comma-separated values with no spaces between items.)
Example: POSITION_PROVIDER_INCLUDES=cohere,upstage
POSITION_PROVIDER_EXCLUDES
Exclude specific model providers from being displayed or used in the app. Providers listed here will be omitted from the available options, except for pinned providers. (Use comma-separated values with no spaces between items.)
Example: POSITION_PROVIDER_EXCLUDES=openrouter,ollama
Sentry DSN address, default is empty, when empty, all monitoring information is not reported to Sentry.
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced by:
CONSOLE_API_URL
andCONSOLE_WEB_URL
.
Console URL, used to concatenate the authorization callback, console front-end address, and CORS configuration use. If empty, it is the same domain. Example: https://console.dify.ai
.
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced by
SERVICE_API_URL
.
API URL, used to display Service API Base URL to the front-end. If empty, it is the same domain. Example: https://api.dify.ai
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced by
APP_API_URL
andAPP_WEB_URL
.
WebApp Url, used to display WebAPP API Base Url to the front-end. If empty, it is the same domain. Example: https://udify.app/
⚠️ This configuration is no longer valid since v0.3.24.
Only used by the API service for interface identity verification.
SESSION_TYPE: Session component type
SESSION_REDIS_HOST: Redis host
SESSION_REDIS_PORT: Redis port, default is 6379
SESSION_REDIS_DB: Redis Database, default is 0. Please use a different Database from Redis and Celery Broker.
SESSION_REDIS_USERNAME: Redis username, default is empty
SESSION_REDIS_PASSWORD: Redis password, default is empty. It is strongly recommended to set a password.
SESSION_REDIS_USE_SSL: Whether to use SSL protocol for connection, default is false
⚠️ This configuration is no longer valid since v0.3.24.
Used to set the browser policy for session cookies used for identity verification.
Configuration for document chunk length. It is used to control the size of text segments when processing long documents. Default: 500. Maximum: 4000.
Larger Chunks
Smaller Chunks
Configuration Recommendations
Edit this page | Report an issue