The backend URL of the console API, used to concatenate the authorization callback. If empty, it is the same domain. Example: https://api.console.dify.ai
The front-end URL of the console web, used to concatenate some front-end addresses and for CORS configuration use. If empty, it is the same domain. Example: https://console.dify.ai
Service API Url, used to display Service API Base Url to the front-end. If empty, it is the same domain. Example: https://api.dify.ai
WebApp API backend Url, used to declare the back-end URL for the front-end API. If empty, it is the same domain. Example: https://app.dify.ai
WebApp Url, used to display WebAPP API Base Url to the front-end. If empty, it is the same domain. Example: https://api.app.dify.ai
File preview or download URL prefix, used to display the file preview or download URL to the front-end or as a multi-modal model input; In order to prevent others from forging, the image preview URL is signed and has a 5-minute expiration time.
Startup mode, only available when starting with docker, not effective when starting from source code.
-
api
Start API Server.
-
worker
Start asynchronous queue worker.
Debug mode, default is false. It is recommended to turn on this configuration for local development to prevent some problems caused by monkey patch.
Flask debug mode, it can output trace information at the interface when turned on, which is convenient for debugging.
A key used to securely sign session cookies and encrypt sensitive information in the database.
This variable needs to be set when starting for the first time.
You can use openssl rand -base64 42
to generate a strong key.
Deployment environment.
-
PRODUCTION (default)
Production environment.
-
TESTING
Testing environment. There will be a distinct color label on the front-end page, indicating that this environment is a testing environment.
Log output level, default is INFO.
It is recommended to set it to ERROR for production.
When set to true, the database migration will be automatically executed when the container starts, only available when starting with docker, not effective when starting from source code.
You need to manually execute flask db upgrade
in the api directory when starting from source code.
Whether to enable the version check policy. If set to false, https://updates.dify.ai
will not be called for version check.
Since the version interface based on CloudFlare Worker cannot be directly accessed in China at present, setting this variable to empty can shield this interface call.
Used to change the OpenAI base address, default is https://api.openai.com/v1.
When OpenAI cannot be accessed in China, replace it with a domestic mirror address, or when a local model provides OpenAI compatible API, it can be replaced.
Only effective when starting with docker image or docker-compose.
-
DIFY_BIND_ADDRESS
API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
-
DIFY_PORT
API service binding port number, default 5001.
-
SERVER_WORKER_AMOUNT
The number of API server workers, i.e., the number of gevent workers. Formula:
number of cpu cores x 2 + 1
Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
-
SERVER_WORKER_CLASS
Defaults to gevent. If using windows, it can be switched to sync or solo.
-
GUNICORN_TIMEOUT
Request handling timeout. The default is 200, it is recommended to set it to 360 to support a longer sse connection time.
-
CELERY_WORKER_CLASS
Similar to
SERVER_WORKER_CLASS
. Default is gevent. If using windows, it can be switched to sync or solo. -
CELERY_WORKER_AMOUNT
The number of Celery workers. The default is 1, and can be set as needed.
The database uses PostgreSQL. Please use the public schema.
- DB_USERNAME: username
- DB_PASSWORD: password
- DB_HOST: database host
- DB_PORT: database port number, default is 5432
- DB_DATABASE: database name
- SQLALCHEMY_POOL_SIZE: The size of the database connection pool. The default is 30 connections, which can be appropriately increased.
- SQLALCHEMY_POOL_RECYCLE: Database connection pool recycling time, the default is 3600 seconds.
- SQLALCHEMY_ECHO: Whether to print SQL, default is false.
This Redis configuration is used for caching and for pub/sub during conversation.
- REDIS_HOST: Redis host
- REDIS_PORT: Redis port, default is 6379
- REDIS_DB: Redis Database, default is 0. Please use a different Database from Session Redis and Celery Broker.
- REDIS_USERNAME: Redis username, default is empty
- REDIS_PASSWORD: Redis password, default is empty. It is strongly recommended to set a password.
- REDIS_USE_SSL: Whether to use SSL protocol for connection, default is false
-
CELERY_BROKER_URL
Format as follows:
redis://<redis_username>:<redis_password>@<redis_host>:<redis_port>/<redis_database>
Example:
redis://:difyai123456@redis:6379/1
-
BROKER_USE_SSL
If set to true, use SSL protocol for connection, default is false
Used to set the front-end cross-domain access policy.
-
CONSOLE_CORS_ALLOW_ORIGINS
Console CORS cross-domain policy, default is
*
, that is, all domains can access. -
WEB_API_CORS_ALLOW_ORIGINS
WebAPP CORS cross-domain policy, default is
*
, that is, all domains can access.
Used to store uploaded data set files, team/tenant encryption keys, and other files.
-
STORAGE_TYPE
Type of storage facility
-
local (default)
Local file storage, if this option is selected, the following
STORAGE_LOCAL_PATH
configuration needs to be set. -
s3
S3 object storage, if this option is selected, the following S3_ prefixed configurations need to be set.
-
azure-blob
Azure Blob object storage, if this option is selected, the following AZURE_BLOB_ prefixed configurations need to be set.
-
-
STORAGE_LOCAL_PATH
Default is storage, that is, it is stored in the storage directory of the current directory.
If you are deploying with docker or docker-compose, be sure to mount the
/app/api/storage
directory in both containers to the same local directory, otherwise, you may encounter file not found errors. -
S3_ENDPOINT: S3 endpoint address
-
S3_BUCKET_NAME: S3 bucket name
-
S3_ACCESS_KEY: S3 Access Key
-
S3_SECRET_KEY: S3 Secret Key
-
S3_REGION: S3 region information, such as: us-east-1
-
AZURE_BLOB_ACCOUNT_NAME: your-account-name eg, 'difyai'
-
AZURE_BLOB_ACCOUNT_KEY: your-account-key eg, 'difyai'
-
AZURE_BLOB_CONTAINER_NAME: your-container-name eg, 'difyai-container'
-
AZURE_BLOB_ACCOUNT_URL: 'https://<your_account_name>.blob.core.windows.net'
-
VECTOR_STORE
- Available enumeration types include:
weaviate
qdrant
milvus
zilliz
(share the same configuration asmilvus
)pinecone
(not yet open)
- Available enumeration types include:
-
WEAVIATE_ENDPOINT
Weaviate endpoint address, such as:
http://weaviate:8080
. -
WEAVIATE_API_KEY
The api-key credential used to connect to Weaviate.
-
WEAVIATE_BATCH_SIZE
The number of index Objects created in batches in Weaviate, default is 100.
Refer to this document: https://weaviate.io/developers/weaviate/manage-data/import#how-to-set-batch-parameters
-
WEAVIATE_GRPC_ENABLED
Whether to use the gRPC method to interact with Weaviate, performance will greatly increase when enabled, may not be usable locally, default is true.
-
QDRANT_URL
Qdrant endpoint address, such as:
https://your-qdrant-cluster-url.qdrant.tech/
-
QDRANT_API_KEY
The api-key credential used to connect to Qdrant.
-
PINECONE_API_KEY
The api-key credential used to connect to Pinecone.
-
PINECONE_ENVIRONMENT
The environment where Pinecone is located, such as:
us-east4-gcp
-
MILVUS_HOST
Milvus host configuration.
-
MILVUS_PORT
Milvus port configuration.
-
MILVUS_USER
Milvus user configuration, default is empty.
-
MILVUS_PASSWORD
Milvus password configuration, default is empty.
-
MILVUS_SECURE
Whether Milvus uses SSL connection, default is false.
-
UPLOAD_FILE_SIZE_LIMIT:
Upload file size limit, default 15M.
-
UPLOAD_FILE_BATCH_LIMIT
The maximum number of files that can be uploaded at a time, default 5.
-
ETL_TYPE
Available enumeration types include:
-
dify
Dify's proprietary file extraction scheme
-
Unstructured
Unstructured.io file extraction scheme
-
-
UNSTRUCTURED_API_URL
Unstructured API path, needs to be configured when ETL_TYPE is Unstructured.
For example:
http://unstructured:8000/general/v0/general
-
MULTIMODAL_SEND_IMAGE_FORMAT
The format of the image sent when the multi-modal model is input, the default is
base64
, optionalurl
. The delay of the call inurl
mode will be lower than that inbase64
mode. It is generally recommended to use the more compatiblebase64
mode. If configured asurl
, you need to configureFILES_URL
as an externally accessible address so that the multi-modal model can access the image. -
UPLOAD_IMAGE_FILE_SIZE_LIMIT
Upload image file size limit, default 10M.
Used for application monitoring and error log tracking.
-
SENTRY_DSN
Sentry DSN address, default is empty, when empty, all monitoring information is not reported to Sentry.
-
SENTRY_TRACES_SAMPLE_RATE
The reporting ratio of Sentry events, if it is 0.01, it is 1%.
-
SENTRY_PROFILES_SAMPLE_RATE
The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
Notion integration configuration variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations
- NOTION_INTEGRATION_TYPE: Configure as "public" or "internal". Since Notion's OAuth redirect URL only supports HTTPS, if deploying locally, please use Notion's internal integration.
- NOTION_CLIENT_SECRET: Notion OAuth client secret (used for public integration type)
- NOTION_CLIENT_ID: OAuth client ID (used for public integration type)
- NOTION_INTERNAL_SECRET: Notion internal integration secret. If the value of
NOTION_INTEGRATION_TYPE
is "internal", you need to configure this variable.
- MAIL_TYPE
- resend
- MAIL_DEFAULT_SEND_FROM
The sender's email name, such as: no-reply no-reply@dify.ai, not mandatory. - RESEND_API_KEY
API-Key for the Resend email provider, can be obtained from API-Key.
- MAIL_DEFAULT_SEND_FROM
- smtp
- SMTP_SERVER
SMTP server address - SMTP_PORT
SMTP server port number - SMTP_USERNAME
SMTP username - SMTP_PASSWORD
SMTP password - SMTP_USE_TLS
Whether to use TLS, default is false - MAIL_DEFAULT_SEND_FROM
The sender's email name, such as: no-reply no-reply@dify.ai, not mandatory.
- SMTP_SERVER
- resend
- INVITE_EXPIRY_HOURS: Member invitation link valid time (hours), Default: 72.
Sentry DSN address, default is empty, when empty, all monitoring information is not reported to Sentry.
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced by:CONSOLE_API_URL
andCONSOLE_WEB_URL
.
Console URL, used to concatenate the authorization callback, console front-end address, and CORS configuration use. If empty, it is the same domain. Example: https://console.dify.ai
.
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced bySERVICE_API_URL
.
API URL, used to display Service API Base URL to the front-end. If empty, it is the same domain. Example: https://api.dify.ai
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced byAPP_API_URL
andAPP_WEB_URL
.
WebApp Url, used to display WebAPP API Base Url to the front-end. If empty, it is the same domain. Example: https://api.app.dify.ai
⚠️ This configuration is no longer valid since v0.3.24.
Only used by the API service for interface identity verification.
-
SESSION_TYPE:
Session component type
-
redis (default)
If you choose this, you need to set the environment variables starting with SESSION_REDIS_ below.
-
sqlalchemy
If you choose this, the current database connection will be used and the sessions table will be used to read and write session records.
-
-
SESSION_REDIS_HOST: Redis host
-
SESSION_REDIS_PORT: Redis port, default is 6379
-
SESSION_REDIS_DB: Redis Database, default is 0. Please use a different Database from Redis and Celery Broker.
-
SESSION_REDIS_USERNAME: Redis username, default is empty
-
SESSION_REDIS_PASSWORD: Redis password, default is empty. It is strongly recommended to set a password.
-
SESSION_REDIS_USE_SSL: Whether to use SSL protocol for connection, default is false
⚠️ This configuration is no longer valid since v0.3.24.
Used to set the browser policy for session cookies used for identity verification.
-
COOKIE_HTTPONLY
Cookie HttpOnly configuration, default is true.
-
COOKIE_SAMESITE
Cookie SameSite configuration, default is Lax.
-
COOKIE_SECURE
Cookie Secure configuration, default is false.