dify部署及SSL自签实现
背景
项目A开发同学需要部署一套dify来测试某些功能
使用docker compose方式部署
从github中clone仓库,推到私有gitlab
下载其中的镜像到云上私仓
替换镜像
启动
部署
docker配置 略
# clone dify仓库
git clone --single-branch https://github.com/langgenius/dify.git
cd dify
git remote -v
git remote remove origin
# 配置远程仓库为私有镜像仓库 后期做一些二次开发
git remote add origing xxxx
取出镜像
(base) root@dev:/tmp/dify# grep -i image ./docker/docker-compose.yaml UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}image: langgenius/dify-api:1.9.2image: langgenius/dify-api:1.9.2image: langgenius/dify-api:1.9.2image: langgenius/dify-web:1.9.2image: postgres:15-alpineimage: redis:6-alpineimage: langgenius/dify-sandbox:0.2.12image: langgenius/dify-plugin-daemon:0.3.3-localimage: ubuntu/squid:latestimage: certbot/certbotimage: nginx:latestimage: semitechnologies/weaviate:1.27.0image: langgenius/qdrant:v1.7.3image: pgvector/pgvector:pg16# get image from https://www.vastdata.com.cn/image: vastdata/vastbase-vectorimage: tensorchord/pgvecto-rs:pg16-v0.3.0image: ghcr.io/chroma-core/chroma:0.5.20image: oceanbase/oceanbase-ce:4.3.5-ltsimage: container-registry.oracle.com/database/free:latestimage: quay.io/coreos/etcd:v3.5.5image: minio/minio:RELEASE.2023-03-20T20-16-18Zimage: milvusdb/milvus:v2.5.15image: opensearchproject/opensearch:latestimage: opensearchproject/opensearch-dashboards:latestimage: opengauss/opengauss:7.0.0-RC1image: myscale/myscaledb:1.6.4image: matrixorigin/matrixone:2.1.1image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3image: docker.elastic.co/kibana/kibana:8.14.3image: downloads.unstructured.io/unstructured-io/unstructured-api:latest
将这些镜像转入私仓
for i in `grep image: ./docker/docker-compose.yaml | awk -F ': ' '{print $2}'`;do docker pull $i && docker tag $i xxx/dify/$i; docker push xxx/dify/$i ;done
#!/bin/bash# Define your repository URL
REPO_URL="x.com/xx/dify"# Process the docker-compose.yaml to get the image names
grep image: docker-compose.yaml | uniq -c | awk -F ': ' '{print $2}' | while read image; do# Extract the image name after the last '/' (if any)image_name=$(echo $image | awk -F'/' '{print $NF}')# Tag the image with the desired repository and tag formatdocker tag $image $REPO_URL/$image_namedocker push $image $REPO_URL/$image_name
donecd dify/docker/
cp .env.example .env
docker compose up
docker compose ps
.env中需要配置的变量
FILES_URL=http://xxxx.com
INTERNAL_FILES_URL=http://api:5001
# ------------------------------
# Environment Variables for Nginx reverse proxy
# ------------------------------
NGINX_SERVER_NAME=xxx
NGINX_HTTPS_ENABLED=false
# HTTP port
NGINX_PORT=80
# SSL settings are only applied when HTTPS_ENABLED is true
NGINX_SSL_PORT=443
# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
# and modify the env vars below accordingly.
NGINX_SSL_CERT_FILENAME=_x
NGINX_SSL_CERT_KEY_FILENAME=_.x
NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3# Nginx performance tuning
NGINX_WORKER_PROCESSES=auto
NGINX_CLIENT_MAX_BODY_SIZE=100M
NGINX_KEEPALIVE_TIMEOUT=65# Proxy settings
NGINX_PROXY_READ_TIMEOUT=3600s
NGINX_PROXY_SEND_TIMEOUT=3600s# Set true to accept requests for /.well-known/acme-challenge/
NGINX_ENABLE_CERTBOT_CHALLENGE=false# ------------------------------
# Certbot Configuration
# ------------------------------# Email address (required to get certificates from Let's Encrypt)
CERTBOT_EMAIL=your_email@example.com# Domain name
CERTBOT_DOMAIN=your_domain.com# certbot command options
# i.e: --force-renewal --dry-run --test-cert --debug
CERTBOT_OPTIONS=certbot实现SSL自签名
- 使用http方式将nginx运行;允许访问
.well-known/acme-challenge/
vim .env
NGINX_ENABLE_CERTBOT_CHALLENGE=true
- 使用certbot容器来申请ssl证书
# ------------------------------
# Environment Variables for Nginx reverse proxy
# ------------------------------
NGINX_SERVER_NAME=aa.bb.com
NGINX_HTTPS_ENABLED=false
# HTTP port
NGINX_PORT=80
# SSL settings are only applied when HTTPS_ENABLED is true
NGINX_SSL_PORT=443
# if HTTPS_ENABLED is true, you're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
# and modify the env vars below accordingly.
NGINX_SSL_CERT_FILENAME=dify.crt
NGINX_SSL_CERT_KEY_FILENAME=dify.key
NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3# Nginx performance tuning
NGINX_WORKER_PROCESSES=auto
NGINX_CLIENT_MAX_BODY_SIZE=100M
NGINX_KEEPALIVE_TIMEOUT=65# Proxy settings
NGINX_PROXY_READ_TIMEOUT=3600s
NGINX_PROXY_SEND_TIMEOUT=3600s# Set true to accept requests for /.well-known/acme-challenge/
NGINX_ENABLE_CERTBOT_CHALLENGE=true# ------------------------------
# Certbot Configuration
# ------------------------------# Email address (required to get certificates from Let's Encrypt)
CERTBOT_EMAIL=your123@qq.com# Domain name
CERTBOT_DOMAIN=aa.bb.com# certbot command options
# i.e: --force-renewal --dry-run --test-cert --debug
CERTBOT_OPTIONS=--force-renewal- 复制SSL证书到nginx指定路径下
# nginx证书存放路径
/data/dify/docker/nginx/ssl
- 配置.env变量文件
NGINX_HTTPS_ENABLED=true
- 重启nginx加载证书及域名
# 进入nginx容器中
nginx -s reload
# docker compose重启
docker-compose restart nginx
# 删除容器重新创建references
官方中文文档
https://docs.dify.ai/zh-hans/introduction
github源码仓库
https://github.com/langgenius/dify