# Docker Compose for Dify Self-Hosted # 西安云美电子科技有限公司 - 企业知识库 # 版本:基于 Dify v1.x 社区版 # # 使用方法: # cp .env.example .env # 编辑 .env 填写实际值 # docker compose up -d services: ### ======================== 基础设施 ======================== # PostgreSQL 数据库 db: image: postgres:15-alpine restart: always environment: POSTGRES_USER: ${POSTGRES_USER:-postgres} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_DB: ${POSTGRES_DB:-dify} volumes: - db_data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"] interval: 10s timeout: 5s retries: 5 networks: - dify-network # Redis 缓存 redis: image: redis:7-alpine restart: always command: redis-server --requirepass ${REDIS_PASSWORD} --appendonly yes volumes: - redis_data:/data healthcheck: test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"] interval: 10s timeout: 5s retries: 5 networks: - dify-network ### ======================== Dify 核心服务 ======================== # Dify API 后端 api: image: langgenius/dify-api:latest restart: always environment: # 基础配置 - MODE=${DIFY_MODE:-api} - LOG_LEVEL=${LOG_LEVEL:-INFO} - LOG_FILE=${LOG_FILE:-} - SECRET_KEY=${SECRET_KEY} # 数据库配置 - DB_USERNAME=${POSTGRES_USER:-postgres} - DB_PASSWORD=${POSTGRES_PASSWORD} - DB_HOST=db - DB_PORT=5432 - DB_DATABASE=${POSTGRES_DB:-dify} # Redis 配置 - REDIS_HOST=redis - REDIS_PORT=6379 - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_DB=${REDIS_DB:-0} # 存储配置 - STORAGE_TYPE=${STORAGE_TYPE:-local} - STORAGE_LOCAL_PATH=/app/api/storage # 向量数据库 - VECTOR_STORE=${VECTOR_STORE:-qdrant} - QDRANT_URL=http://qdrant:6333 - QDRANT_API_KEY=${QDRANT_API_KEY:-} # S3 配置(可选) - S3_USE_CUSTOM_DOMAIN=${S3_USE_CUSTOM_DOMAIN:-true} - S3_ENDPOINT=${S3_ENDPOINT:-} - S3_BUCKET_NAME=${S3_BUCKET_NAME:-} - S3_ACCESS_KEY=${S3_ACCESS_KEY:-} - S3_SECRET_KEY=${S3_SECRET_KEY:-} - S3_REGION=${S3_REGION:-} # SandBox 配置 - CODE_EXECUTION_API_KEY=${SANDBOX_API_KEY:-} - CODE_EXECUTION_API_URL=${SANDBOX_URL:-} # 模型配置(DeepSeek) - DEEPSEEK_API_BASE=${DEEPSEEK_API_BASE:-https://api.deepseek.com} - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY:-} # 其他 - HTTP_APP_PORT=5001 - CELERY_BROKER_URL=redis://:${REDIS_PASSWORD}@redis:6379/1 - CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:6379/1 volumes: - api_storage:/app/api/storage - app_data:/app/data depends_on: db: condition: service_healthy redis: condition: service_healthy networks: - dify-network # Dify Web 前端 web: image: langgenius/dify-web:latest restart: always environment: - NEXT_PUBLIC_API_BASE_URL=${NEXT_PUBLIC_API_BASE_URL:-} - NEXT_PUBLIC_DEPLOY_ENV=${NEXT_PUBLIC_DEPLOY_ENV:-PRODUCTION} # 不使用 Nginx 时可直接访问 Web(设置 WEB_PORT=3000 启用) ports: - "${WEB_PORT:-}" volumes: - web_config:/app/config depends_on: - api networks: - dify-network # Dify Worker(异步任务处理) worker: image: langgenius/dify-api:latest restart: always environment: # 基础配置 - MODE=${DIFY_MODE:-worker} - LOG_LEVEL=${LOG_LEVEL:-INFO} - SECRET_KEY=${SECRET_KEY} # 数据库配置 - DB_USERNAME=${POSTGRES_USER:-postgres} - DB_PASSWORD=${POSTGRES_PASSWORD} - DB_HOST=db - DB_PORT=5432 - DB_DATABASE=${POSTGRES_DB:-dify} # Redis 配置 - REDIS_HOST=redis - REDIS_PORT=6379 - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_DB=${REDIS_DB:-0} # 存储配置 - STORAGE_TYPE=${STORAGE_TYPE:-local} - STORAGE_LOCAL_PATH=/app/api/storage # 向量数据库 - VECTOR_STORE=${VECTOR_STORE:-qdrant} - QDRANT_URL=http://qdrant:6333 - QDRANT_API_KEY=${QDRANT_API_KEY:-} # 模型配置(DeepSeek) - DEEPSEEK_API_BASE=${DEEPSEEK_API_BASE:-https://api.deepseek.com} - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY:-} # Celery - CELERY_BROKER_URL=redis://:${REDIS_PASSWORD}@redis:6379/1 - CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:6379/1 volumes: - api_storage:/app/api/storage - app_data:/app/data depends_on: db: condition: service_healthy redis: condition: service_healthy networks: - dify-network ### ======================== 向量数据库 ======================== # Qdrant 向量数据库(默认) qdrant: image: qdrant/qdrant:latest restart: always volumes: - qdrant_data:/qdrant/storage environment: - QDRANT_API_KEY=${QDRANT_API_KEY:-} ports: - "${QDRANT_PORT:-6333}:6333" networks: - dify-network ### ======================== 安全与代理 ======================== # Nginx 反向代理 nginx: image: nginx:alpine restart: always ports: - "${NGINX_PORT:-80}:80" - "${NGINX_SSL_PORT:-443}:443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/ssl:/etc/nginx/ssl:ro - nginx_logs:/var/log/nginx depends_on: - api - web networks: - dify-network # SSRF 代理(安全防护) ssrf-proxy: image: ubuntu/squid:latest restart: always volumes: - ./ssrf-proxy/squid.conf.template:/etc/squid/squid.conf.template:ro environment: - HTTP_PROXY_PORT=${SSRF_PROXY_PORT:-3128} ports: - "${SSRF_PROXY_PORT:-3128}:3128" networks: - dify-network ### ======================== 可选服务 ======================== # Sandbox 代码执行环境(可选,按需启用) # sandbox: # image: langgenius/dify-sandbox:latest # restart: always # environment: # - API_KEY=${SANDBOX_API_KEY} # - GIN_MODE=release # - WORKER_TIMEOUT=${SANDBOX_WORKER_TIMEOUT:-15} # - ENABLE_NETWORK=${SANDBOX_ENABLE_NETWORK:-true} # volumes: # - sandbox_data:/data # networks: # - dify-network # Elasticsearch(可选,替代 Qdrant) # elasticsearch: # image: elasticsearch:8.11.0 # restart: always # volumes: # - es_data:/usr/share/elasticsearch/data # environment: # - discovery.type=single-node # - xpack.security.enabled=false # - ES_JAVA_OPTS=-Xms512m -Xmx512m # networks: # - dify-network # Weaviate(可选,替代 Qdrant) # weaviate: # image: semitechnologies/weaviate:latest # restart: always # volumes: # - weaviate_data:/var/lib/weaviate # environment: # - QUERY_DEFAULTS_LIMIT=25 # - AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true # - PERSISTENCE_DATA_PATH=/var/lib/weaviate # ports: # - "8080:8080" # networks: # - dify-network volumes: db_data: redis_data: api_storage: app_data: qdrant_data: nginx_logs: # sandbox_data: # es_data: # weaviate_data: networks: dify-network: driver: bridge