api/storage/privkeys
directory. This file is used to encrypt the large model keys, so its loss is irreversible. You can reset the encryption key pair with the following commands:
api
directory
CONSOLE_CORS_ALLOW_ORIGINS
Console CORS policy, default is *
, meaning all domains can access.
WEB_API_CORS_ALLOW_ORIGINS
WebAPP CORS policy, default is *
, meaning all domains can access.
docker-compose.yml
to the new domain:
CONSOLE_API_URL:
Backend URL for the console API.
CONSOLE_WEB_URL:
Frontend URL for the console web.
SERVICE_API_URL:
URL for the service API.
APP_API_URL:
Backend URL for the WebApp API.
APP_WEB_URL:
URL for the WebApp.
For more information, please refer to: Environment Variables
api
directory and run the following command to migrate the database structure to the latest version:
flask db upgrade
NOTION_INTEGRATION_TYPE
: This value should be configured as public/internal. Since Notion’s OAuth redirect address only supports https, use Notion’s internal integration for local deployment.NOTION_CLIENT_SECRET
: Notion OAuth client secret (for public integration type).NOTION_CLIENT_ID
: OAuth client ID (for public integration type).NOTION_INTERNAL_SECRET
: Notion internal integration secret. If the value of NOTION_INTEGRATION_TYPE
is internal, configure this variable.tenants
table of the database.
APP_WEB_URL
configuration domain in docker_compose.yaml
.
dify/docker/volumes
directory.
docker-compose.yaml
to map port 80 to another port. Typically, Apache and Nginx occupy this port, which can be resolved by stopping these two services.
sudo apt-get update
, then sudo apt-get install ffmpeg
.sudo yum install epel-release
sudo rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
sudo yum update
sudo yum install ffmpeg ffmpeg-devel
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew install ffmpeg
docker-compose up -d
.
.env
fileVECTOR_STORE=qdrant
to migrate to Qdrantdocker-compose.yaml
docker-compose.yaml
, you might notice some services configured with SSRF_PROXY
and HTTP_PROXY
environment variables, all pointing to an ssrf_proxy
container. This is to prevent SSRF attacks. For more information on SSRF attacks, you can read this article.
To avoid unnecessary risks, we configure a proxy for all services that might cause SSRF attacks and force services like Sandbox to only access external networks through the proxy, ensuring your data and service security. By default, this proxy does not intercept any local requests, but you can customize the proxy behavior by modifying the squid
configuration file.
docker/volumes/ssrf_proxy/squid.conf
, you can find the squid
configuration file. You can customize the proxy behavior here, such as adding ACL rules to restrict proxy access or adding http_access
rules to restrict proxy access. For example, your local network can access the 192.168.101.0/24
segment, but 192.168.101.19
has sensitive data that you don’t want local deployment Dify users to access, but other IPs can. You can add the following rules in squid.conf
:
dify/docker/nginx/conf.d
, replace http://api:5001
with http://172.19.0.7:5001
, and replace http://web:3000
with http://172.19.0.5:3000
, then restart the Nginx container or reload the configuration.
These IP addresses are examples, you must execute the command to get your own IP addresses, do not fill them in directly. You might need to reconfigure the IP addresses when restarting the relevant containers.
CSP_WHITELIST
parameter in the .env
configuration file and enter the domain names that you can allow, such as all URLs and API request addresses related to product use.
This behavior helps reduce potential XSS attacks. For more information on CSP recommendations, see Content Security Policy.
nginx
configuration in the docker-compose.yaml
file.
.env
fileSTORAGE_TYPE=aliyun-oss
docker-compose.yaml
STORAGE_TYPE: aliyun-oss
clear-free-plan-tenant-expired-logs
command. For example, to delete logs older than 30 days, run the following command:
618b5d66-a1f5-4b6b-8d12-f171182a1cb2
.--tenant_ids
option to specify the tenant ID.--days
option will be deleted.free_plan_tenant_expired_logs
directory
flask clear-free-plan-tenant-expired-logs
command first exports any logs marked for deletion to the free_plan_tenant_expired_logs
directory before actually deleting them. If you want to free up storage space, it’s a good idea to delete this directory afterward.free_plan_tenant_expired_logs
directory may vary depending on your storage type. The above command is an example for environments with the default settings.VACUUM
for PostgreSQL) as well.clear-orphaned-file-records
command and the remove-orphaned-files-on-storage
command.
STORAGE_TYPE
is set to opendal
).
If you are using a storage type other than OpenDAL, you will need to manually delete unused files or help implement the scan
method for the storage interface.--force
(-f
) option for both commands.