✨ feat(dify): add comprehensive environment configuration template

- introduce .env.example with 1140+ configuration options for API service and worker - enhance configuration coverage for database, redis, vector stores, and storage providers - add new datasource configuration options for website readers (jinareader, firecrawl, watercrawl) - expand vector store support with additional providers including matrixone, opengauss, tablestore, and vastbase - improve workflow configuration with enhanced storage options and security settings 📝 docs(dify): update configuration templates and documentation - enhance nginx configuration with improved variable substitution and MCP proxy support - update squid proxy configuration with additional security rules and increased buffer size - improve oracle database initialization scripts with world_lexer preference - update tidb configuration files and docker-compose for version compatibility ♻️ refactor(structure): reorganize project directory layout - move configuration files from conf/ subdirectory to app root for better clarity - rename envs/dify.env to dify.env for consistency - update file paths in docker-compose.yml to reflect new directory structure - remove redundant configuration files and consolidate volumes 🔧 chore(dify): simplify form configuration and remove obsolete scripts - remove database and vector store port configurations from data.yml form fields - eliminate obsolete initialization and upgrade scripts - add new pgvector docker-entrypoint.sh script for pg_bigm installation support - update docker-compose.yml with enhanced environment variables and service configurations
2025-11-10 16:06:50 +08:00 · 2025-11-10 16:06:50 +08:00 · 2d7c9d3671
parent 9ee8206a5a
commit 2d7c9d3671
37 changed files with 1635 additions and 621 deletions
--- a/apps/audiobookshelf/latest/docker-compose.yml
+++ b/apps/audiobookshelf/latest/docker-compose.yml
@ -12,6 +12,7 @@ services:
      - "${DATA_PATH}:/config"
      - "${DATA_PATH3}:/metadata"
    image: advplyr/audiobookshelf:latest
+    pull_policy: always
    labels:
      createdBy: "Apps"

--- a/apps/dify/1.9.2/.env.example
+++ b/apps/dify/1.9.2/.env.example
--- a/apps/dify/1.9.2/conf/certbot/README.md
+++ b/apps/dify/1.9.2/conf/certbot/README.md
--- a/apps/dify/1.9.2/conf/certbot/docker-entrypoint.sh
+++ b/apps/dify/1.9.2/conf/certbot/docker-entrypoint.sh
--- a/apps/dify/1.9.2/conf/certbot/update-cert.template.txt
+++ b/apps/dify/1.9.2/conf/certbot/update-cert.template.txt
--- a/apps/dify/1.9.2/conf/couchbase-server/Dockerfile
+++ b/apps/dify/1.9.2/conf/couchbase-server/Dockerfile
@ -1,4 +0,0 @@
-FROM couchbase/server:latest AS stage_base
-# FROM couchbase:latest AS stage_base 
-COPY init-cbserver.sh /opt/couchbase/init/
-RUN chmod +x /opt/couchbase/init/init-cbserver.sh
--- a/apps/dify/1.9.2/conf/volumes/oceanbase/init.d/vec_memory.sql
+++ b/apps/dify/1.9.2/conf/volumes/oceanbase/init.d/vec_memory.sql
@ -1 +0,0 @@
-ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;
--- a/apps/dify/1.9.2/couchbase-server/Dockerfile
+++ b/apps/dify/1.9.2/couchbase-server/Dockerfile
@ -0,0 +1,4 @@
+FROM couchbase/server:latest AS stage_base
+# FROM couchbase:latest AS stage_base
+COPY init-cbserver.sh /opt/couchbase/init/
+RUN chmod +x /opt/couchbase/init/init-cbserver.sh
--- a/apps/dify/1.9.2/conf/couchbase-server/init-cbserver.sh
+++ b/apps/dify/1.9.2/conf/couchbase-server/init-cbserver.sh
--- a/apps/dify/1.9.2/data.yml
+++ b/apps/dify/1.9.2/data.yml
@ -1,23 +1,10 @@
 additionalProperties:
  formFields:
-    - default: "./data"
-      edit: true
-      envKey: DIFY_ROOT_PATH
-      labelZh: 数据持久化路径
-      labelEn: Data persistence path
-      label:
-        en: Data persistence path
-        zh: 数据持久化路径
-      required: true
-      type: text
    - default: 8080
      edit: true
      envKey: PANEL_APP_PORT_HTTP
      labelZh: 网站端口
      labelEn: WebUI port
-      label:
-        en: WebUI port
-        zh: 网站端口
      required: true
      rule: paramPort
      type: number
@ -26,87 +13,6 @@ additionalProperties:
      envKey: PANEL_APP_PORT_HTTPS
      labelZh: HTTPS 端口
      labelEn: HTTPS port
-      label:
-        en: HTTPS port
-        zh: HTTPS 端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 5432
-      edit: true
-      envKey: EXPOSE_DB_PORT
-      labelZh: 数据库端口
-      labelEn: Database port
-      label:
-        en: Database port
-        zh: 数据库端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 5003
-      edit: true
-      envKey: EXPOSE_PLUGIN_DEBUGGING_PORT
-      labelZh: 插件调试端口
-      labelEn: Plugin debugging port
-      label:
-        en: Plugin debugging port
-        zh: 插件调试端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 19530
-      disabled: true
-      edit: true
-      envKey: MILVUS_STANDALONE_API_PORT
-      labelZh: Milvus 接口端口
-      labelEn: Milvus API port
-      label:
-        en: Milvus API port
-        zh: Milvus 接口端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 9091
-      disabled: true
-      envKey: MILVUS_STANDALONE_SERVER_PORT
-      labelZh: Milvus 服务端口
-      labelEn: Milvus server port
-      label:
-        en: Milvus server port
-        zh: Milvus 服务端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 8123
-      edit: true
-      envKey: MYSCALE_PORT
-      labelZh: MyScale 端口
-      labelEn: MyScale port
-      label:
-        en: MyScale port
-        zh: MyScale 端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 9200
-      edit: true
-      envKey: ELASTICSEARCH_PORT
-      labelZh: Elasticsearch 端口
-      labelEn: Elasticsearch port
-      label:
-        en: Elasticsearch port
-        zh: Elasticsearch 端口
-      required: true
-      rule: paramPort
-      type: number
-    - default: 5601
-      edit: true
-      envKey: KIBANA_PORT
-      labelZh: Kibana 端口
-      labelEn: Kibana port
-      label:
-        en: Kibana port
-        zh: Kibana 端口
      required: true
      rule: paramPort
      type: number
--- a/apps/dify/1.9.2/envs/dify.env
+++ b/apps/dify/1.9.2/envs/dify.env
@ -39,6 +39,12 @@ APP_WEB_URL=
 # File preview or download Url prefix.
 # used to display File preview or download Url to the front-end or as Multi-model inputs;
 # Url is signed and has expiration time.
+# Setting FILES_URL is required for file processing plugins.
+#   - For https://example.com, use FILES_URL=https://example.com
+#   - For http://example.com, use FILES_URL=http://example.com
+#   Recommendation: use a dedicated domain (e.g., https://upload.example.com).
+#   Alternatively, use http://<your-ip>:5001 or http://api:5001,
+#   ensuring port 5001 is externally accessible (see docker-compose.yaml).
 FILES_URL=

 # ------------------------------
@ -68,7 +74,11 @@ DEBUG=false
 # which is convenient for debugging.
 FLASK_DEBUG=false

-# A secretkey that is used for securely signing the session cookie
+# Enable request logging, which will log the request and response information.
+# And the log level is DEBUG
+ENABLE_REQUEST_LOGGING=False
+
+# A secret key that is used for securely signing the session cookie
 # and encrypting sensitive information on the database.
 # You can generate a strong key using `openssl rand -base64 42`.
 SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
@ -76,7 +86,7 @@ SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U
 # Password for admin user initialization.
 # If left unset, admin user will not be prompted for a password
 # when creating the initial admin account.
-# The length of the password cannot exceed 30 charactors.
+# The length of the password cannot exceed 30 characters.
 INIT_PASSWORD=

 # Deployment environment.
@ -174,6 +184,12 @@ CELERY_MIN_WORKERS=
 API_TOOL_DEFAULT_CONNECT_TIMEOUT=10
 API_TOOL_DEFAULT_READ_TIMEOUT=60

+# -------------------------------
+# Datasource Configuration
+# --------------------------------
+ENABLE_WEBSITE_JINAREADER=true
+ENABLE_WEBSITE_FIRECRAWL=true
+ENABLE_WEBSITE_WATERCRAWL=true

 # ------------------------------
 # Database Configuration
@ -269,6 +285,7 @@ BROKER_USE_SSL=false
 # If you are using Redis Sentinel for high availability, configure the following settings.
 CELERY_USE_SENTINEL=false
 CELERY_SENTINEL_MASTER_NAME=
+CELERY_SENTINEL_PASSWORD=
 CELERY_SENTINEL_SOCKET_TIMEOUT=0.1

 # ------------------------------
@ -344,7 +361,7 @@ TENCENT_COS_SCHEME=your-scheme

 # Oracle Storage Configuration
 #
-OCI_ENDPOINT=https://objectstorage.us-ashburn-1.oraclecloud.com
+OCI_ENDPOINT=https://your-object-storage-namespace.compat.objectstorage.us-ashburn-1.oraclecloud.com
 OCI_BUCKET_NAME=your-bucket-name
 OCI_ACCESS_KEY=your-access-key
 OCI_SECRET_KEY=your-secret-key
@ -383,7 +400,7 @@ SUPABASE_URL=your-server-url
 # ------------------------------

 # The type of vector store to use.
-# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `tidb_vector`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`.
+# Supported values are `weaviate`, `qdrant`, `milvus`, `myscale`, `relyt`, `pgvector`, `pgvecto-rs`, `chroma`, `opensearch`, `oracle`, `tencent`, `elasticsearch`, `elasticsearch-ja`, `analyticdb`, `couchbase`, `vikingdb`, `oceanbase`, `opengauss`, `tablestore`,`vastbase`,`tidb`,`tidb_on_qdrant`,`baidu`,`lindorm`,`huawei_cloud`,`upstash`, `matrixone`.
 VECTOR_STORE=weaviate

 # The Weaviate endpoint URL. Only available when VECTOR_STORE is `weaviate`.
@ -396,14 +413,17 @@ QDRANT_API_KEY=difyai123456
 QDRANT_CLIENT_TIMEOUT=20
 QDRANT_GRPC_ENABLED=false
 QDRANT_GRPC_PORT=6334
+QDRANT_REPLICATION_FACTOR=1

-# Milvus configuration Only available when VECTOR_STORE is `milvus`.
+# Milvus configuration. Only available when VECTOR_STORE is `milvus`.
 # The milvus uri.
-MILVUS_URI=http://127.0.0.1:19530
+MILVUS_URI=http://host.docker.internal:19530
+MILVUS_DATABASE=
 MILVUS_TOKEN=
-MILVUS_USER=root
-MILVUS_PASSWORD=Milvus
+MILVUS_USER=
+MILVUS_PASSWORD=
 MILVUS_ENABLE_HYBRID_SEARCH=False
+MILVUS_ANALYZER_PARAMS=

 # MyScale configuration, only available when VECTOR_STORE is `myscale`
 # For multi-language support, please set MYSCALE_FTS_PARAMS with referring to:
@ -431,6 +451,17 @@ PGVECTOR_PASSWORD=difyai123456
 PGVECTOR_DATABASE=dify
 PGVECTOR_MIN_CONNECTION=1
 PGVECTOR_MAX_CONNECTION=5
+PGVECTOR_PG_BIGM=false
+PGVECTOR_PG_BIGM_VERSION=1.2-20240606
+
+# vastbase configurations, only available when VECTOR_STORE is `vastbase`
+VASTBASE_HOST=vastbase
+VASTBASE_PORT=5432
+VASTBASE_USER=dify
+VASTBASE_PASSWORD=Difyai123456
+VASTBASE_DATABASE=dify
+VASTBASE_MIN_CONNECTION=1
+VASTBASE_MAX_CONNECTION=5

 # pgvecto-rs configurations, only available when VECTOR_STORE is `pgvecto-rs`
 PGVECTO_RS_HOST=pgvecto-rs
@ -453,13 +484,20 @@ ANALYTICDB_PORT=5432
 ANALYTICDB_MIN_CONNECTION=1
 ANALYTICDB_MAX_CONNECTION=5

-# TiDB vector configurations, only available when VECTOR_STORE is `tidb`
+# TiDB vector configurations, only available when VECTOR_STORE is `tidb_vector`
 TIDB_VECTOR_HOST=tidb
 TIDB_VECTOR_PORT=4000
 TIDB_VECTOR_USER=
 TIDB_VECTOR_PASSWORD=
 TIDB_VECTOR_DATABASE=dify

+# Matrixone vector configurations.
+MATRIXONE_HOST=matrixone
+MATRIXONE_PORT=6001
+MATRIXONE_USER=dump
+MATRIXONE_PASSWORD=111
+MATRIXONE_DATABASE=dify
+
 # Tidb on qdrant configuration, only available when VECTOR_STORE is `tidb_on_qdrant`
 TIDB_ON_QDRANT_URL=http://127.0.0.1
 TIDB_ON_QDRANT_API_KEY=dify
@ -483,11 +521,13 @@ CHROMA_AUTH_PROVIDER=chromadb.auth.token_authn.TokenAuthClientProvider
 CHROMA_AUTH_CREDENTIALS=

 # Oracle configuration, only available when VECTOR_STORE is `oracle`
-ORACLE_HOST=oracle
-ORACLE_PORT=1521
 ORACLE_USER=dify
 ORACLE_PASSWORD=dify
-ORACLE_DATABASE=FREEPDB1
+ORACLE_DSN=oracle:1521/FREEPDB1
+ORACLE_CONFIG_DIR=/app/api/storage/wallet
+ORACLE_WALLET_LOCATION=/app/api/storage/wallet
+ORACLE_WALLET_PASSWORD=dify
+ORACLE_IS_AUTONOMOUS=false

 # relyt configurations, only available when VECTOR_STORE is `relyt`
 RELYT_HOST=db
@ -499,9 +539,14 @@ RELYT_DATABASE=postgres
 # open search configuration, only available when VECTOR_STORE is `opensearch`
 OPENSEARCH_HOST=opensearch
 OPENSEARCH_PORT=9200
+OPENSEARCH_SECURE=true
+OPENSEARCH_VERIFY_CERTS=true
+OPENSEARCH_AUTH_METHOD=basic
 OPENSEARCH_USER=admin
 OPENSEARCH_PASSWORD=admin
-OPENSEARCH_SECURE=true
+# If using AWS managed IAM, e.g. Managed Cluster or OpenSearch Serverless
+OPENSEARCH_AWS_REGION=ap-southeast-1
+OPENSEARCH_AWS_SERVICE=aoss

 # tencent vector configurations, only available when VECTOR_STORE is `tencent`
 TENCENT_VECTOR_DB_URL=http://127.0.0.1
@ -511,6 +556,7 @@ TENCENT_VECTOR_DB_USERNAME=dify
 TENCENT_VECTOR_DB_DATABASE=dify
 TENCENT_VECTOR_DB_SHARD=1
 TENCENT_VECTOR_DB_REPLICAS=2
+TENCENT_VECTOR_DB_ENABLE_HYBRID_SEARCH=false

 # ElasticSearch configuration, only available when VECTOR_STORE is `elasticsearch`
 ELASTICSEARCH_HOST=0.0.0.0
@ -541,6 +587,7 @@ VIKINGDB_SOCKET_TIMEOUT=30
 LINDORM_URL=http://lindorm:30070
 LINDORM_USERNAME=lindorm
 LINDORM_PASSWORD=lindorm
+LINDORM_QUERY_TIMEOUT=1

 # OceanBase Vector configuration, only available when VECTOR_STORE is `oceanbase`
 OCEANBASE_VECTOR_HOST=oceanbase
@ -550,11 +597,34 @@ OCEANBASE_VECTOR_PASSWORD=difyai123456
 OCEANBASE_VECTOR_DATABASE=test
 OCEANBASE_CLUSTER_NAME=difyai
 OCEANBASE_MEMORY_LIMIT=6G
+OCEANBASE_ENABLE_HYBRID_SEARCH=false
+
+# opengauss configurations, only available when VECTOR_STORE is `opengauss`
+OPENGAUSS_HOST=opengauss
+OPENGAUSS_PORT=6600
+OPENGAUSS_USER=postgres
+OPENGAUSS_PASSWORD=Dify@123
+OPENGAUSS_DATABASE=dify
+OPENGAUSS_MIN_CONNECTION=1
+OPENGAUSS_MAX_CONNECTION=5
+OPENGAUSS_ENABLE_PQ=false
+
+# huawei cloud search service vector configurations, only available when VECTOR_STORE is `huawei_cloud`
+HUAWEI_CLOUD_HOSTS=https://127.0.0.1:9200
+HUAWEI_CLOUD_USER=admin
+HUAWEI_CLOUD_PASSWORD=admin

 # Upstash Vector configuration, only available when VECTOR_STORE is `upstash`
 UPSTASH_VECTOR_URL=https://xxx-vector.upstash.io
 UPSTASH_VECTOR_TOKEN=dify

+# TableStore Vector configuration
+# (only used when VECTOR_STORE is tablestore)
+TABLESTORE_ENDPOINT=https://instance-name.cn-hangzhou.ots.aliyuncs.com
+TABLESTORE_INSTANCE_NAME=instance-name
+TABLESTORE_ACCESS_KEY_ID=xxx
+TABLESTORE_ACCESS_KEY_SECRET=xxx
+
 # ------------------------------
 # Knowledge Configuration
 # ------------------------------
@ -593,6 +663,11 @@ PROMPT_GENERATION_MAX_TOKENS=512
 # Default: 1024 tokens.
 CODE_GENERATION_MAX_TOKENS=1024

+# Enable or disable plugin based token counting. If disabled, token counting will return 0.
+# This can improve performance by skipping token counting operations.
+# Default: false (disabled).
+PLUGIN_BASED_TOKEN_COUNTING_ENABLED=false
+
 # ------------------------------
 # Multi-modal Configuration
 # ------------------------------
@ -652,10 +727,11 @@ NOTION_INTERNAL_SECRET=
 # Mail related configuration
 # ------------------------------

-# Mail type, support: resend, smtp
+# Mail type, support: resend, smtp, sendgrid
 MAIL_TYPE=resend

 # Default send from email address, if not specified
+# If using SendGrid, use the 'from' field for authentication if necessary.
 MAIL_DEFAULT_SEND_FROM=

 # API-Key for the Resend email provider, used when MAIL_TYPE is `resend`.
@ -671,6 +747,9 @@ SMTP_PASSWORD=
 SMTP_USE_TLS=true
 SMTP_OPPORTUNISTIC_TLS=false

+# Sendgid configuration
+SENDGRID_API_KEY=
+
 # ------------------------------
 # Others Configuration
 # ------------------------------
@ -709,15 +788,37 @@ MAX_VARIABLE_SIZE=204800
 WORKFLOW_PARALLEL_DEPTH_LIMIT=3
 WORKFLOW_FILE_UPLOAD_LIMIT=10

+# Workflow storage configuration
+# Options: rdbms, hybrid
+# rdbms: Use only the relational database (default)
+# hybrid: Save new data to object storage, read from both object storage and RDBMS
+WORKFLOW_NODE_EXECUTION_STORAGE=rdbms
+
 # HTTP request node in workflow configuration
 HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
 HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576
+HTTP_REQUEST_NODE_SSL_VERIFY=True
+
+# Respect X-* headers to redirect clients
+RESPECT_XFORWARD_HEADERS_ENABLED=false

 # SSRF Proxy server HTTP URL
 SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
 # SSRF Proxy server HTTPS URL
 SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128

+# Maximum loop count in the workflow
+LOOP_NODE_MAX_COUNT=100
+
+# The maximum number of tools that can be used in the agent.
+MAX_TOOLS_NUM=10
+
+# Maximum number of Parallelism branches in the workflow
+MAX_PARALLEL_LIMIT=10
+
+# The maximum number of iterations for agent setting
+MAX_ITERATIONS_NUM=99
+
 # ------------------------------
 # Environment Variables for web Service
 # ------------------------------
@ -725,11 +826,15 @@ SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
 # The timeout for the text generation in millisecond
 TEXT_GENERATION_TIMEOUT_MS=60000

+# Allow rendering unsafe URLs which have "data:" scheme.
+ALLOW_UNSAFE_DATA_SCHEME=false
+
 # ------------------------------
 # Environment Variables for db Service
 # ------------------------------

-PGUSER=${DB_USERNAME}
+# The name of the default postgres user.
+POSTGRES_USER=${DB_USERNAME}
 # The password for the default postgres user.
 POSTGRES_PASSWORD=${DB_PASSWORD}
 # The name of the default postgres database.
@ -785,7 +890,7 @@ CHROMA_IS_PERSISTENT=TRUE

 # ------------------------------
 # Environment Variables for Oracle Service
-# (only used when VECTOR_STORE is Oracle)
+# (only used when VECTOR_STORE is oracle)
 # ------------------------------
 ORACLE_PWD=Dify123456
 ORACLE_CHARACTERSET=AL32UTF8
@ -856,7 +961,7 @@ NGINX_SSL_PROTOCOLS=TLSv1.1 TLSv1.2 TLSv1.3

 # Nginx performance tuning
 NGINX_WORKER_PROCESSES=auto
-NGINX_CLIENT_MAX_BODY_SIZE=15M
+NGINX_CLIENT_MAX_BODY_SIZE=100M
 NGINX_KEEPALIVE_TIMEOUT=65

 # Proxy settings
@ -954,6 +1059,7 @@ PLUGIN_DEBUGGING_PORT=5003
 EXPOSE_PLUGIN_DEBUGGING_HOST=localhost
 EXPOSE_PLUGIN_DEBUGGING_PORT=5003

+# If this key is changed, DIFY_INNER_API_KEY in plugin_daemon service must also be updated or agent node will fail.
 PLUGIN_DIFY_INNER_API_KEY=QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1
 PLUGIN_DIFY_INNER_API_URL=http://api:5001

@ -963,3 +1069,72 @@ MARKETPLACE_ENABLED=true
 MARKETPLACE_API_URL=https://marketplace.dify.ai

 FORCE_VERIFYING_SIGNATURE=true
+
+PLUGIN_PYTHON_ENV_INIT_TIMEOUT=120
+PLUGIN_MAX_EXECUTION_TIMEOUT=600
+# PIP_MIRROR_URL=https://pypi.tuna.tsinghua.edu.cn/simple
+PIP_MIRROR_URL=
+
+# https://github.com/langgenius/dify-plugin-daemon/blob/main/.env.example
+# Plugin storage type, local aws_s3 tencent_cos azure_blob aliyun_oss volcengine_tos
+PLUGIN_STORAGE_TYPE=local
+PLUGIN_STORAGE_LOCAL_ROOT=/app/storage
+PLUGIN_WORKING_PATH=/app/storage/cwd
+PLUGIN_INSTALLED_PATH=plugin
+PLUGIN_PACKAGE_CACHE_PATH=plugin_packages
+PLUGIN_MEDIA_CACHE_PATH=assets
+# Plugin oss bucket
+PLUGIN_STORAGE_OSS_BUCKET=
+# Plugin oss s3 credentials
+PLUGIN_S3_USE_AWS=false
+PLUGIN_S3_USE_AWS_MANAGED_IAM=false
+PLUGIN_S3_ENDPOINT=
+PLUGIN_S3_USE_PATH_STYLE=false
+PLUGIN_AWS_ACCESS_KEY=
+PLUGIN_AWS_SECRET_KEY=
+PLUGIN_AWS_REGION=
+# Plugin oss azure blob
+PLUGIN_AZURE_BLOB_STORAGE_CONTAINER_NAME=
+PLUGIN_AZURE_BLOB_STORAGE_CONNECTION_STRING=
+# Plugin oss tencent cos
+PLUGIN_TENCENT_COS_SECRET_KEY=
+PLUGIN_TENCENT_COS_SECRET_ID=
+PLUGIN_TENCENT_COS_REGION=
+# Plugin oss aliyun oss
+PLUGIN_ALIYUN_OSS_REGION=
+PLUGIN_ALIYUN_OSS_ENDPOINT=
+PLUGIN_ALIYUN_OSS_ACCESS_KEY_ID=
+PLUGIN_ALIYUN_OSS_ACCESS_KEY_SECRET=
+PLUGIN_ALIYUN_OSS_AUTH_VERSION=v4
+PLUGIN_ALIYUN_OSS_PATH=
+# Plugin oss volcengine tos
+PLUGIN_VOLCENGINE_TOS_ENDPOINT=
+PLUGIN_VOLCENGINE_TOS_ACCESS_KEY=
+PLUGIN_VOLCENGINE_TOS_SECRET_KEY=
+PLUGIN_VOLCENGINE_TOS_REGION=
+
+# ------------------------------
+# OTLP Collector Configuration
+# ------------------------------
+ENABLE_OTEL=false
+OTLP_BASE_ENDPOINT=http://localhost:4318
+OTLP_API_KEY=
+OTEL_EXPORTER_OTLP_PROTOCOL=
+OTEL_EXPORTER_TYPE=otlp
+OTEL_SAMPLING_RATE=0.1
+OTEL_BATCH_EXPORT_SCHEDULE_DELAY=5000
+OTEL_MAX_QUEUE_SIZE=2048
+OTEL_MAX_EXPORT_BATCH_SIZE=512
+OTEL_METRIC_EXPORT_INTERVAL=60000
+OTEL_BATCH_EXPORT_TIMEOUT=10000
+OTEL_METRIC_EXPORT_TIMEOUT=30000
+
+# Prevent Clickjacking
+ALLOW_EMBED=false
+
+# Dataset queue monitor configuration
+QUEUE_MONITOR_THRESHOLD=200
+# You can configure multiple ones, separated by commas. eg: test1@dify.ai,test2@dify.ai
+QUEUE_MONITOR_ALERT_EMAILS=
+# Monitor interval in minutes, default is 30 minutes
+QUEUE_MONITOR_INTERVAL=30
--- a/apps/dify/1.9.2/docker-compose.yml
+++ b/apps/dify/1.9.2/docker-compose.yml
@ -19,6 +19,7 @@ x-shared-env: &shared-api-worker-env
  LOG_TZ: ${LOG_TZ:-UTC}
  DEBUG: ${DEBUG:-false}
  FLASK_DEBUG: ${FLASK_DEBUG:-false}
+  ENABLE_REQUEST_LOGGING: ${ENABLE_REQUEST_LOGGING:-False}
  SECRET_KEY: ${SECRET_KEY:-sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U}
  INIT_PASSWORD: ${INIT_PASSWORD:-}
  DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
@ -43,6 +44,9 @@ x-shared-env: &shared-api-worker-env
  CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
  API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
  API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
+  ENABLE_WEBSITE_JINAREADER: ${ENABLE_WEBSITE_JINAREADER:-true}
+  ENABLE_WEBSITE_FIRECRAWL: ${ENABLE_WEBSITE_FIRECRAWL:-true}
+  ENABLE_WEBSITE_WATERCRAWL: ${ENABLE_WEBSITE_WATERCRAWL:-true}
  DB_USERNAME: ${DB_USERNAME:-postgres}
  DB_PASSWORD: ${DB_PASSWORD:-difyai123456}
  DB_HOST: ${DB_HOST:-db}
@ -75,6 +79,7 @@ x-shared-env: &shared-api-worker-env
  BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
  CELERY_USE_SENTINEL: ${CELERY_USE_SENTINEL:-false}
  CELERY_SENTINEL_MASTER_NAME: ${CELERY_SENTINEL_MASTER_NAME:-}
+  CELERY_SENTINEL_PASSWORD: ${CELERY_SENTINEL_PASSWORD:-}
  CELERY_SENTINEL_SOCKET_TIMEOUT: ${CELERY_SENTINEL_SOCKET_TIMEOUT:-0.1}
  WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
  CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
@ -105,7 +110,7 @@ x-shared-env: &shared-api-worker-env
  TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-your-secret-id}
  TENCENT_COS_REGION: ${TENCENT_COS_REGION:-your-region}
  TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-your-scheme}
-  OCI_ENDPOINT: ${OCI_ENDPOINT:-https://objectstorage.us-ashburn-1.oraclecloud.com}
+  OCI_ENDPOINT: ${OCI_ENDPOINT:-https://your-object-storage-namespace.compat.objectstorage.us-ashburn-1.oraclecloud.com}
  OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-your-bucket-name}
  OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-your-access-key}
  OCI_SECRET_KEY: ${OCI_SECRET_KEY:-your-secret-key}
@ -134,11 +139,14 @@ x-shared-env: &shared-api-worker-env
  QDRANT_CLIENT_TIMEOUT: ${QDRANT_CLIENT_TIMEOUT:-20}
  QDRANT_GRPC_ENABLED: ${QDRANT_GRPC_ENABLED:-false}
  QDRANT_GRPC_PORT: ${QDRANT_GRPC_PORT:-6334}
-  MILVUS_URI: ${MILVUS_URI:-http://127.0.0.1:19530}
+  QDRANT_REPLICATION_FACTOR: ${QDRANT_REPLICATION_FACTOR:-1}
+  MILVUS_URI: ${MILVUS_URI:-http://host.docker.internal:19530}
+  MILVUS_DATABASE: ${MILVUS_DATABASE:-}
  MILVUS_TOKEN: ${MILVUS_TOKEN:-}
-  MILVUS_USER: ${MILVUS_USER:-root}
-  MILVUS_PASSWORD: ${MILVUS_PASSWORD:-Milvus}
+  MILVUS_USER: ${MILVUS_USER:-}
+  MILVUS_PASSWORD: ${MILVUS_PASSWORD:-}
  MILVUS_ENABLE_HYBRID_SEARCH: ${MILVUS_ENABLE_HYBRID_SEARCH:-False}
+  MILVUS_ANALYZER_PARAMS: ${MILVUS_ANALYZER_PARAMS:-}
  MYSCALE_HOST: ${MYSCALE_HOST:-myscale}
  MYSCALE_PORT: ${MYSCALE_PORT:-8123}
  MYSCALE_USER: ${MYSCALE_USER:-default}
@ -157,6 +165,15 @@ x-shared-env: &shared-api-worker-env
  PGVECTOR_DATABASE: ${PGVECTOR_DATABASE:-dify}
  PGVECTOR_MIN_CONNECTION: ${PGVECTOR_MIN_CONNECTION:-1}
  PGVECTOR_MAX_CONNECTION: ${PGVECTOR_MAX_CONNECTION:-5}
+  PGVECTOR_PG_BIGM: ${PGVECTOR_PG_BIGM:-false}
+  PGVECTOR_PG_BIGM_VERSION: ${PGVECTOR_PG_BIGM_VERSION:-1.2-20240606}
+  VASTBASE_HOST: ${VASTBASE_HOST:-vastbase}
+  VASTBASE_PORT: ${VASTBASE_PORT:-5432}
+  VASTBASE_USER: ${VASTBASE_USER:-dify}
+  VASTBASE_PASSWORD: ${VASTBASE_PASSWORD:-Difyai123456}
+  VASTBASE_DATABASE: ${VASTBASE_DATABASE:-dify}
+  VASTBASE_MIN_CONNECTION: ${VASTBASE_MIN_CONNECTION:-1}
+  VASTBASE_MAX_CONNECTION: ${VASTBASE_MAX_CONNECTION:-5}
  PGVECTO_RS_HOST: ${PGVECTO_RS_HOST:-pgvecto-rs}
  PGVECTO_RS_PORT: ${PGVECTO_RS_PORT:-5432}
  PGVECTO_RS_USER: ${PGVECTO_RS_USER:-postgres}
@ -179,6 +196,11 @@ x-shared-env: &shared-api-worker-env
  TIDB_VECTOR_USER: ${TIDB_VECTOR_USER:-}
  TIDB_VECTOR_PASSWORD: ${TIDB_VECTOR_PASSWORD:-}
  TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
+  MATRIXONE_HOST: ${MATRIXONE_HOST:-matrixone}
+  MATRIXONE_PORT: ${MATRIXONE_PORT:-6001}
+  MATRIXONE_USER: ${MATRIXONE_USER:-dump}
+  MATRIXONE_PASSWORD: ${MATRIXONE_PASSWORD:-111}
+  MATRIXONE_DATABASE: ${MATRIXONE_DATABASE:-dify}
  TIDB_ON_QDRANT_URL: ${TIDB_ON_QDRANT_URL:-http://127.0.0.1}
  TIDB_ON_QDRANT_API_KEY: ${TIDB_ON_QDRANT_API_KEY:-dify}
  TIDB_ON_QDRANT_CLIENT_TIMEOUT: ${TIDB_ON_QDRANT_CLIENT_TIMEOUT:-20}
@ -197,11 +219,13 @@ x-shared-env: &shared-api-worker-env
  CHROMA_DATABASE: ${CHROMA_DATABASE:-default_database}
  CHROMA_AUTH_PROVIDER: ${CHROMA_AUTH_PROVIDER:-chromadb.auth.token_authn.TokenAuthClientProvider}
  CHROMA_AUTH_CREDENTIALS: ${CHROMA_AUTH_CREDENTIALS:-}
-  ORACLE_HOST: ${ORACLE_HOST:-oracle}
-  ORACLE_PORT: ${ORACLE_PORT:-1521}
  ORACLE_USER: ${ORACLE_USER:-dify}
  ORACLE_PASSWORD: ${ORACLE_PASSWORD:-dify}
-  ORACLE_DATABASE: ${ORACLE_DATABASE:-FREEPDB1}
+  ORACLE_DSN: ${ORACLE_DSN:-oracle:1521/FREEPDB1}
+  ORACLE_CONFIG_DIR: ${ORACLE_CONFIG_DIR:-/app/api/storage/wallet}
+  ORACLE_WALLET_LOCATION: ${ORACLE_WALLET_LOCATION:-/app/api/storage/wallet}
+  ORACLE_WALLET_PASSWORD: ${ORACLE_WALLET_PASSWORD:-dify}
+  ORACLE_IS_AUTONOMOUS: ${ORACLE_IS_AUTONOMOUS:-false}
  RELYT_HOST: ${RELYT_HOST:-db}
  RELYT_PORT: ${RELYT_PORT:-5432}
  RELYT_USER: ${RELYT_USER:-postgres}
@ -209,9 +233,13 @@ x-shared-env: &shared-api-worker-env
  RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
  OPENSEARCH_HOST: ${OPENSEARCH_HOST:-opensearch}
  OPENSEARCH_PORT: ${OPENSEARCH_PORT:-9200}
+  OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+  OPENSEARCH_VERIFY_CERTS: ${OPENSEARCH_VERIFY_CERTS:-true}
+  OPENSEARCH_AUTH_METHOD: ${OPENSEARCH_AUTH_METHOD:-basic}
  OPENSEARCH_USER: ${OPENSEARCH_USER:-admin}
  OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD:-admin}
-  OPENSEARCH_SECURE: ${OPENSEARCH_SECURE:-true}
+  OPENSEARCH_AWS_REGION: ${OPENSEARCH_AWS_REGION:-ap-southeast-1}
+  OPENSEARCH_AWS_SERVICE: ${OPENSEARCH_AWS_SERVICE:-aoss}
  TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
  TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
  TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
@ -219,6 +247,7 @@ x-shared-env: &shared-api-worker-env
  TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
  TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
  TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
+  TENCENT_VECTOR_DB_ENABLE_HYBRID_SEARCH: ${TENCENT_VECTOR_DB_ENABLE_HYBRID_SEARCH:-false}
  ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:-0.0.0.0}
  ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200}
  ELASTICSEARCH_USERNAME: ${ELASTICSEARCH_USERNAME:-elastic}
@ -241,6 +270,7 @@ x-shared-env: &shared-api-worker-env
  LINDORM_URL: ${LINDORM_URL:-http://lindorm:30070}
  LINDORM_USERNAME: ${LINDORM_USERNAME:-lindorm}
  LINDORM_PASSWORD: ${LINDORM_PASSWORD:-lindorm}
+  LINDORM_QUERY_TIMEOUT: ${LINDORM_QUERY_TIMEOUT:-1}
  OCEANBASE_VECTOR_HOST: ${OCEANBASE_VECTOR_HOST:-oceanbase}
  OCEANBASE_VECTOR_PORT: ${OCEANBASE_VECTOR_PORT:-2881}
  OCEANBASE_VECTOR_USER: ${OCEANBASE_VECTOR_USER:-root@test}
@ -248,8 +278,24 @@ x-shared-env: &shared-api-worker-env
  OCEANBASE_VECTOR_DATABASE: ${OCEANBASE_VECTOR_DATABASE:-test}
  OCEANBASE_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
  OCEANBASE_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
+  OCEANBASE_ENABLE_HYBRID_SEARCH: ${OCEANBASE_ENABLE_HYBRID_SEARCH:-false}
+  OPENGAUSS_HOST: ${OPENGAUSS_HOST:-opengauss}
+  OPENGAUSS_PORT: ${OPENGAUSS_PORT:-6600}
+  OPENGAUSS_USER: ${OPENGAUSS_USER:-postgres}
+  OPENGAUSS_PASSWORD: ${OPENGAUSS_PASSWORD:-Dify@123}
+  OPENGAUSS_DATABASE: ${OPENGAUSS_DATABASE:-dify}
+  OPENGAUSS_MIN_CONNECTION: ${OPENGAUSS_MIN_CONNECTION:-1}
+  OPENGAUSS_MAX_CONNECTION: ${OPENGAUSS_MAX_CONNECTION:-5}
+  OPENGAUSS_ENABLE_PQ: ${OPENGAUSS_ENABLE_PQ:-false}
+  HUAWEI_CLOUD_HOSTS: ${HUAWEI_CLOUD_HOSTS:-https://127.0.0.1:9200}
+  HUAWEI_CLOUD_USER: ${HUAWEI_CLOUD_USER:-admin}
+  HUAWEI_CLOUD_PASSWORD: ${HUAWEI_CLOUD_PASSWORD:-admin}
  UPSTASH_VECTOR_URL: ${UPSTASH_VECTOR_URL:-https://xxx-vector.upstash.io}
  UPSTASH_VECTOR_TOKEN: ${UPSTASH_VECTOR_TOKEN:-dify}
+  TABLESTORE_ENDPOINT: ${TABLESTORE_ENDPOINT:-https://instance-name.cn-hangzhou.ots.aliyuncs.com}
+  TABLESTORE_INSTANCE_NAME: ${TABLESTORE_INSTANCE_NAME:-instance-name}
+  TABLESTORE_ACCESS_KEY_ID: ${TABLESTORE_ACCESS_KEY_ID:-xxx}
+  TABLESTORE_ACCESS_KEY_SECRET: ${TABLESTORE_ACCESS_KEY_SECRET:-xxx}
  UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
  UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
  ETL_TYPE: ${ETL_TYPE:-dify}
@ -258,6 +304,7 @@ x-shared-env: &shared-api-worker-env
  SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true}
  PROMPT_GENERATION_MAX_TOKENS: ${PROMPT_GENERATION_MAX_TOKENS:-512}
  CODE_GENERATION_MAX_TOKENS: ${CODE_GENERATION_MAX_TOKENS:-1024}
+  PLUGIN_BASED_TOKEN_COUNTING_ENABLED: ${PLUGIN_BASED_TOKEN_COUNTING_ENABLED:-false}
  MULTIMODAL_SEND_FORMAT: ${MULTIMODAL_SEND_FORMAT:-base64}
  UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
  UPLOAD_VIDEO_FILE_SIZE_LIMIT: ${UPLOAD_VIDEO_FILE_SIZE_LIMIT:-100}
@ -281,6 +328,7 @@ x-shared-env: &shared-api-worker-env
  SMTP_PASSWORD: ${SMTP_PASSWORD:-}
  SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
  SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
+  SENDGRID_API_KEY: ${SENDGRID_API_KEY:-}
  INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-4000}
  INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
  RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
@ -304,12 +352,20 @@ x-shared-env: &shared-api-worker-env
  MAX_VARIABLE_SIZE: ${MAX_VARIABLE_SIZE:-204800}
  WORKFLOW_PARALLEL_DEPTH_LIMIT: ${WORKFLOW_PARALLEL_DEPTH_LIMIT:-3}
  WORKFLOW_FILE_UPLOAD_LIMIT: ${WORKFLOW_FILE_UPLOAD_LIMIT:-10}
+  WORKFLOW_NODE_EXECUTION_STORAGE: ${WORKFLOW_NODE_EXECUTION_STORAGE:-rdbms}
  HTTP_REQUEST_NODE_MAX_BINARY_SIZE: ${HTTP_REQUEST_NODE_MAX_BINARY_SIZE:-10485760}
  HTTP_REQUEST_NODE_MAX_TEXT_SIZE: ${HTTP_REQUEST_NODE_MAX_TEXT_SIZE:-1048576}
+  HTTP_REQUEST_NODE_SSL_VERIFY: ${HTTP_REQUEST_NODE_SSL_VERIFY:-True}
+  RESPECT_XFORWARD_HEADERS_ENABLED: ${RESPECT_XFORWARD_HEADERS_ENABLED:-false}
  SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
  SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
+  LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
+  MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
+  MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
+  MAX_ITERATIONS_NUM: ${MAX_ITERATIONS_NUM:-99}
  TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
-  PGUSER: ${PGUSER:-${DB_USERNAME}}
+  ALLOW_UNSAFE_DATA_SCHEME: ${ALLOW_UNSAFE_DATA_SCHEME:-false}
+  POSTGRES_USER: ${POSTGRES_USER:-${DB_USERNAME}}
  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-${DB_PASSWORD}}
  POSTGRES_DB: ${POSTGRES_DB:-${DB_DATABASE}}
  PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
@ -365,7 +421,7 @@ x-shared-env: &shared-api-worker-env
  NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
  NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
  NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
-  NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+  NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-100M}
  NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
  NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
  NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
@ -381,8 +437,8 @@ x-shared-env: &shared-api-worker-env
  SSRF_DEFAULT_CONNECT_TIME_OUT: ${SSRF_DEFAULT_CONNECT_TIME_OUT:-5}
  SSRF_DEFAULT_READ_TIME_OUT: ${SSRF_DEFAULT_READ_TIME_OUT:-5}
  SSRF_DEFAULT_WRITE_TIME_OUT: ${SSRF_DEFAULT_WRITE_TIME_OUT:-5}
-  EXPOSE_NGINX_PORT: ${PANEL_APP_PORT_HTTP:-8080}
-  EXPOSE_NGINX_SSL_PORT: ${PANEL_APP_PORT_HTTPS:-8443}
+  EXPOSE_NGINX_PORT: ${EXPOSE_NGINX_PORT:-80}
+  EXPOSE_NGINX_SSL_PORT: ${EXPOSE_NGINX_SSL_PORT:-443}
  POSITION_TOOL_PINS: ${POSITION_TOOL_PINS:-}
  POSITION_TOOL_INCLUDES: ${POSITION_TOOL_INCLUDES:-}
  POSITION_TOOL_EXCLUDES: ${POSITION_TOOL_EXCLUDES:-}
@ -410,53 +466,104 @@ x-shared-env: &shared-api-worker-env
  MARKETPLACE_ENABLED: ${MARKETPLACE_ENABLED:-true}
  MARKETPLACE_API_URL: ${MARKETPLACE_API_URL:-https://marketplace.dify.ai}
  FORCE_VERIFYING_SIGNATURE: ${FORCE_VERIFYING_SIGNATURE:-true}
-
+  PLUGIN_PYTHON_ENV_INIT_TIMEOUT: ${PLUGIN_PYTHON_ENV_INIT_TIMEOUT:-120}
+  PLUGIN_MAX_EXECUTION_TIMEOUT: ${PLUGIN_MAX_EXECUTION_TIMEOUT:-600}
+  PIP_MIRROR_URL: ${PIP_MIRROR_URL:-}
+  PLUGIN_STORAGE_TYPE: ${PLUGIN_STORAGE_TYPE:-local}
+  PLUGIN_STORAGE_LOCAL_ROOT: ${PLUGIN_STORAGE_LOCAL_ROOT:-/app/storage}
+  PLUGIN_WORKING_PATH: ${PLUGIN_WORKING_PATH:-/app/storage/cwd}
+  PLUGIN_INSTALLED_PATH: ${PLUGIN_INSTALLED_PATH:-plugin}
+  PLUGIN_PACKAGE_CACHE_PATH: ${PLUGIN_PACKAGE_CACHE_PATH:-plugin_packages}
+  PLUGIN_MEDIA_CACHE_PATH: ${PLUGIN_MEDIA_CACHE_PATH:-assets}
+  PLUGIN_STORAGE_OSS_BUCKET: ${PLUGIN_STORAGE_OSS_BUCKET:-}
+  PLUGIN_S3_USE_AWS: ${PLUGIN_S3_USE_AWS:-false}
+  PLUGIN_S3_USE_AWS_MANAGED_IAM: ${PLUGIN_S3_USE_AWS_MANAGED_IAM:-false}
+  PLUGIN_S3_ENDPOINT: ${PLUGIN_S3_ENDPOINT:-}
+  PLUGIN_S3_USE_PATH_STYLE: ${PLUGIN_S3_USE_PATH_STYLE:-false}
+  PLUGIN_AWS_ACCESS_KEY: ${PLUGIN_AWS_ACCESS_KEY:-}
+  PLUGIN_AWS_SECRET_KEY: ${PLUGIN_AWS_SECRET_KEY:-}
+  PLUGIN_AWS_REGION: ${PLUGIN_AWS_REGION:-}
+  PLUGIN_AZURE_BLOB_STORAGE_CONTAINER_NAME: ${PLUGIN_AZURE_BLOB_STORAGE_CONTAINER_NAME:-}
+  PLUGIN_AZURE_BLOB_STORAGE_CONNECTION_STRING: ${PLUGIN_AZURE_BLOB_STORAGE_CONNECTION_STRING:-}
+  PLUGIN_TENCENT_COS_SECRET_KEY: ${PLUGIN_TENCENT_COS_SECRET_KEY:-}
+  PLUGIN_TENCENT_COS_SECRET_ID: ${PLUGIN_TENCENT_COS_SECRET_ID:-}
+  PLUGIN_TENCENT_COS_REGION: ${PLUGIN_TENCENT_COS_REGION:-}
+  PLUGIN_ALIYUN_OSS_REGION: ${PLUGIN_ALIYUN_OSS_REGION:-}
+  PLUGIN_ALIYUN_OSS_ENDPOINT: ${PLUGIN_ALIYUN_OSS_ENDPOINT:-}
+  PLUGIN_ALIYUN_OSS_ACCESS_KEY_ID: ${PLUGIN_ALIYUN_OSS_ACCESS_KEY_ID:-}
+  PLUGIN_ALIYUN_OSS_ACCESS_KEY_SECRET: ${PLUGIN_ALIYUN_OSS_ACCESS_KEY_SECRET:-}
+  PLUGIN_ALIYUN_OSS_AUTH_VERSION: ${PLUGIN_ALIYUN_OSS_AUTH_VERSION:-v4}
+  PLUGIN_ALIYUN_OSS_PATH: ${PLUGIN_ALIYUN_OSS_PATH:-}
+  PLUGIN_VOLCENGINE_TOS_ENDPOINT: ${PLUGIN_VOLCENGINE_TOS_ENDPOINT:-}
+  PLUGIN_VOLCENGINE_TOS_ACCESS_KEY: ${PLUGIN_VOLCENGINE_TOS_ACCESS_KEY:-}
+  PLUGIN_VOLCENGINE_TOS_SECRET_KEY: ${PLUGIN_VOLCENGINE_TOS_SECRET_KEY:-}
+  PLUGIN_VOLCENGINE_TOS_REGION: ${PLUGIN_VOLCENGINE_TOS_REGION:-}
+  ENABLE_OTEL: ${ENABLE_OTEL:-false}
+  OTLP_BASE_ENDPOINT: ${OTLP_BASE_ENDPOINT:-http://localhost:4318}
+  OTLP_API_KEY: ${OTLP_API_KEY:-}
+  OTEL_EXPORTER_OTLP_PROTOCOL: ${OTEL_EXPORTER_OTLP_PROTOCOL:-}
+  OTEL_EXPORTER_TYPE: ${OTEL_EXPORTER_TYPE:-otlp}
+  OTEL_SAMPLING_RATE: ${OTEL_SAMPLING_RATE:-0.1}
+  OTEL_BATCH_EXPORT_SCHEDULE_DELAY: ${OTEL_BATCH_EXPORT_SCHEDULE_DELAY:-5000}
+  OTEL_MAX_QUEUE_SIZE: ${OTEL_MAX_QUEUE_SIZE:-2048}
+  OTEL_MAX_EXPORT_BATCH_SIZE: ${OTEL_MAX_EXPORT_BATCH_SIZE:-512}
+  OTEL_METRIC_EXPORT_INTERVAL: ${OTEL_METRIC_EXPORT_INTERVAL:-60000}
+  OTEL_BATCH_EXPORT_TIMEOUT: ${OTEL_BATCH_EXPORT_TIMEOUT:-10000}
+  OTEL_METRIC_EXPORT_TIMEOUT: ${OTEL_METRIC_EXPORT_TIMEOUT:-30000}
+  ALLOW_EMBED: ${ALLOW_EMBED:-false}
+  QUEUE_MONITOR_THRESHOLD: ${QUEUE_MONITOR_THRESHOLD:-200}
+  QUEUE_MONITOR_ALERT_EMAILS: ${QUEUE_MONITOR_ALERT_EMAILS:-}
+  QUEUE_MONITOR_INTERVAL: ${QUEUE_MONITOR_INTERVAL:-30}
 services:
  api:
    image: langgenius/dify-api:1.9.2
-    container_name: api-${CONTAINER_NAME}
+    env_file:
+      - dify.env
    restart: always
    environment:
      <<: *shared-api-worker-env
      MODE: api
-      SENTRY_DSN: ${API_SENTRY_DSN:-}
      SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
      SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
-      PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
+      PLUGIN_REMOTE_INSTALL_HOST: ${EXPOSE_PLUGIN_DEBUGGING_HOST:-localhost}
+      PLUGIN_REMOTE_INSTALL_PORT: ${EXPOSE_PLUGIN_DEBUGGING_PORT:-5003}
      INNER_API_KEY_FOR_PLUGIN: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1}
    depends_on:
-      - db
-      - redis
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+      - ./volumes/app/storage:/app/api/storage
    networks:
      - ssrf_proxy_network
      - default
-
  worker:
    image: langgenius/dify-api:1.9.2
-    container_name: worker-${CONTAINER_NAME}
+    env_file:
+      - dify.env
    restart: always
    environment:
      <<: *shared-api-worker-env
      MODE: worker
-      SENTRY_DSN: ${API_SENTRY_DSN:-}
      SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
      SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
-      PLUGIN_MAX_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
      INNER_API_KEY_FOR_PLUGIN: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1}
    depends_on:
-      - db
-      - redis
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/app/storage:/app/api/storage
+      - ./volumes/app/storage:/app/api/storage
    networks:
      - ssrf_proxy_network
      - default
-
  web:
    image: langgenius/dify-web:1.9.2
    container_name: ${CONTAINER_NAME}
+    env_file:
+      - dify.env
    restart: always
    environment:
      CONSOLE_API_URL: ${CONSOLE_API_URL:-}
@ -465,51 +572,68 @@ services:
      NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
      TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
      CSP_WHITELIST: ${CSP_WHITELIST:-}
+      ALLOW_EMBED: ${ALLOW_EMBED:-false}
+      ALLOW_UNSAFE_DATA_SCHEME: ${ALLOW_UNSAFE_DATA_SCHEME:-false}
      MARKETPLACE_API_URL: ${MARKETPLACE_API_URL:-https://marketplace.dify.ai}
      MARKETPLACE_URL: ${MARKETPLACE_URL:-https://marketplace.dify.ai}
      TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
      INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}
-
+      PM2_INSTANCES: ${PM2_INSTANCES:-2}
+      LOOP_NODE_MAX_COUNT: ${LOOP_NODE_MAX_COUNT:-100}
+      MAX_TOOLS_NUM: ${MAX_TOOLS_NUM:-10}
+      MAX_PARALLEL_LIMIT: ${MAX_PARALLEL_LIMIT:-10}
+      MAX_ITERATIONS_NUM: ${MAX_ITERATIONS_NUM:-99}
+      ENABLE_WEBSITE_JINAREADER: ${ENABLE_WEBSITE_JINAREADER:-true}
+      ENABLE_WEBSITE_FIRECRAWL: ${ENABLE_WEBSITE_FIRECRAWL:-true}
+      ENABLE_WEBSITE_WATERCRAWL: ${ENABLE_WEBSITE_WATERCRAWL:-true}
  db:
    image: postgres:15-alpine
-    container_name: db-${CONTAINER_NAME}
+    env_file:
+      - dify.env
    restart: always
    environment:
-      PGUSER: ${PGUSER:-postgres}
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}
      POSTGRES_DB: ${POSTGRES_DB:-dify}
      PGDATA: ${PGDATA:-/var/lib/postgresql/data/pgdata}
-    command: >
-      postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'
-               -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'
-               -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'
-               -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'
-               -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'
+    command: "postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'\n   \
+      \      -c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'\n         -c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'\n\
+      \         -c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'\n\
+      \         -c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'\n"
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/db/data:/var/lib/postgresql/data
+      - ./volumes/db/data:/var/lib/postgresql/data
    healthcheck:
-      test: [ 'CMD', 'pg_isready' ]
+      test:
+        - CMD
+        - pg_isready
+        - -h
+        - db
+        - -U
+        - ${PGUSER:-postgres}
+        - -d
+        - ${POSTGRES_DB:-dify}
      interval: 1s
      timeout: 3s
-      retries: 30
-    ports:
-      - '${EXPOSE_DB_PORT:-5432}:5432'
-
+      retries: 60
  redis:
    image: redis:6-alpine
-    container_name: redis-${CONTAINER_NAME}
+    env_file:
+      - dify.env
    restart: always
    environment:
      REDISCLI_AUTH: ${REDIS_PASSWORD:-difyai123456}
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/redis/data:/data
+      - ./volumes/redis/data:/data
    command: redis-server --requirepass ${REDIS_PASSWORD:-difyai123456}
    healthcheck:
-      test: [ 'CMD', 'redis-cli', 'ping' ]
-
+      test:
+        - CMD
+        - redis-cli
+        - ping
  sandbox:
    image: langgenius/dify-sandbox:0.2.12
-    container_name: sandbox-${CONTAINER_NAME}
+    env_file:
+      - dify.env
    restart: always
    environment:
      API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
@ -519,45 +643,64 @@ services:
      HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
      HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
      SANDBOX_PORT: ${SANDBOX_PORT:-8194}
+      PIP_MIRROR_URL: ${PIP_MIRROR_URL:-}
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/sandbox/dependencies:/dependencies
-      - ${DIFY_ROOT_PATH}/volumes/sandbox/conf:/conf
+      - ./volumes/sandbox/dependencies:/dependencies
+      - ./volumes/sandbox/conf:/conf
    healthcheck:
-      test: [ 'CMD', 'curl', '-f', 'http://localhost:8194/health' ]
+      test:
+        - CMD
+        - curl
+        - -f
+        - http://localhost:8194/health
    networks:
      - ssrf_proxy_network
-
  plugin_daemon:
-    image: langgenius/dify-plugin-daemon:0.4.0-local
-    container_name: plugin_daemon-${CONTAINER_NAME}
+    image: langgenius/dify-plugin-daemon:0.1.3-local
+    env_file:
+      - dify.env
    restart: always
    environment:
      <<: *shared-api-worker-env
-      DB_DATABASE: ${DB_PLUGIN_DATABASE:-dify_plugin}
      SERVER_PORT: ${PLUGIN_DAEMON_PORT:-5002}
      SERVER_KEY: ${PLUGIN_DAEMON_KEY:-lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi}
      MAX_PLUGIN_PACKAGE_SIZE: ${PLUGIN_MAX_PACKAGE_SIZE:-52428800}
      PPROF_ENABLED: ${PLUGIN_PPROF_ENABLED:-false}
      DIFY_INNER_API_URL: ${PLUGIN_DIFY_INNER_API_URL:-http://api:5001}
-      DIFY_INNER_API_KEY: ${INNER_API_KEY_FOR_PLUGIN:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1}
-      PLUGIN_REMOTE_INSTALLING_HOST: ${PLUGIN_REMOTE_INSTALL_HOST:-0.0.0.0}
-      PLUGIN_REMOTE_INSTALLING_PORT: ${PLUGIN_REMOTE_INSTALL_PORT:-5003}
-      PLUGIN_WORKING_PATH: ${PLUGIN_WORKING_PATH:-/app/storage/cwd}
-      FORCE_VERIFYING_SIGNATURE: ${FORCE_VERIFYING_SIGNATURE:-true}
+      DIFY_INNER_API_KEY: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1}
+      PLUGIN_REMOTE_INSTALLING_HOST: ${PLUGIN_DEBUGGING_HOST:-0.0.0.0}
+      PLUGIN_REMOTE_INSTALLING_PORT: ${PLUGIN_DEBUGGING_PORT:-5003}
+      PYTHON_ENV_INIT_TIMEOUT: ${PLUGIN_PYTHON_ENV_INIT_TIMEOUT:-120}
+      S3_USE_AWS: ${PLUGIN_S3_USE_AWS:-false}
+      S3_USE_PATH_STYLE: ${PLUGIN_S3_USE_PATH_STYLE:-false}
+      AWS_ACCESS_KEY: ${PLUGIN_AWS_ACCESS_KEY:-}
+      AWS_SECRET_KEY: ${PLUGIN_AWS_SECRET_KEY:-}
+      AWS_REGION: ${PLUGIN_AWS_REGION:-}
+      AZURE_BLOB_STORAGE_CONNECTION_STRING: ${PLUGIN_AZURE_BLOB_STORAGE_CONNECTION_STRING:-}
+      AZURE_BLOB_STORAGE_CONTAINER_NAME: ${PLUGIN_AZURE_BLOB_STORAGE_CONTAINER_NAME:-}
+      ALIYUN_OSS_ACCESS_KEY_ID: ${PLUGIN_ALIYUN_OSS_ACCESS_KEY_ID:-}
+      ALIYUN_OSS_ACCESS_KEY_SECRET: ${PLUGIN_ALIYUN_OSS_ACCESS_KEY_SECRET:-}
    ports:
-      - "${EXPOSE_PLUGIN_DEBUGGING_PORT:-5003}:${PLUGIN_DEBUGGING_PORT:-5003}"
+      - ${EXPOSE_PLUGIN_DEBUGGING_PORT:-5003}:${PLUGIN_DEBUGGING_PORT:-5003}
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/plugin_daemon:/app/storage
-
-
+      - ./volumes/plugin_daemon:/app/storage
+    depends_on:
+      db:
+        condition: service_healthy
  ssrf_proxy:
    image: ubuntu/squid:latest
-    container_name: ssrf_proxy-${CONTAINER_NAME}
+    pull_policy: always
+    env_file:
+      - dify.env
    restart: always
    volumes:
-      - ${DIFY_ROOT_PATH}/ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
-      - ${DIFY_ROOT_PATH}/ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
-    entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
+      - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
+      - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+    entrypoint:
+      - sh
+      - -c
+      - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//'\
+        \ /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"
    environment:
      HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
      COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
@ -567,41 +710,27 @@ services:
    networks:
      - ssrf_proxy_network
      - default
-
-  certbot:
-    image: certbot/certbot
-    container_name: certbot-${CONTAINER_NAME}
-    profiles:
-      - certbot
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
-      - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
-      - ${DIFY_ROOT_PATH}/volumes/certbot/logs:/var/log/letsencrypt
-      - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live
-      - ${DIFY_ROOT_PATH}/certbot/update-cert.template.txt:/update-cert.template.txt
-      - ${DIFY_ROOT_PATH}/certbot/docker-entrypoint.sh:/docker-entrypoint.sh
-    environment:
-      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
-      - CERTBOT_DOMAIN=${CERTBOT_DOMAIN}
-      - CERTBOT_OPTIONS=${CERTBOT_OPTIONS:-}
-    entrypoint: [ '/docker-entrypoint.sh' ]
-    command: [ 'tail', '-f', '/dev/null' ]
-
  nginx:
    image: nginx:latest
-    container_name: nginx-${CONTAINER_NAME}
+    pull_policy: always
+    env_file:
+      - dify.env
    restart: always
    volumes:
-      - ${DIFY_ROOT_PATH}/nginx/nginx.conf.template:/etc/nginx/nginx.conf.template
-      - ${DIFY_ROOT_PATH}/nginx/proxy.conf.template:/etc/nginx/proxy.conf.template
-      - ${DIFY_ROOT_PATH}/nginx/https.conf.template:/etc/nginx/https.conf.template
-      - ${DIFY_ROOT_PATH}/nginx/conf.d:/etc/nginx/conf.d
-      - ${DIFY_ROOT_PATH}/nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh
-      - ${DIFY_ROOT_PATH}/nginx/ssl:/etc/ssl # cert dir (legacy)
-      - ${DIFY_ROOT_PATH}/volumes/certbot/conf/live:/etc/letsencrypt/live # cert dir (with certbot container)
-      - ${DIFY_ROOT_PATH}/volumes/certbot/conf:/etc/letsencrypt
-      - ${DIFY_ROOT_PATH}/volumes/certbot/www:/var/www/html
-    entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
+      - ./nginx/nginx.conf.template:/etc/nginx/nginx.conf.template
+      - ./nginx/proxy.conf.template:/etc/nginx/proxy.conf.template
+      - ./nginx/https.conf.template:/etc/nginx/https.conf.template
+      - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+      - ./nginx/ssl:/etc/ssl
+      - ./volumes/certbot/conf/live:/etc/letsencrypt/live
+      - ./volumes/certbot/conf:/etc/letsencrypt
+      - ./volumes/certbot/www:/var/www/html
+    entrypoint:
+      - sh
+      - -c
+      - "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//'\
+        \ /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"
    environment:
      NGINX_SERVER_NAME: ${NGINX_SERVER_NAME:-_}
      NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
@ -611,7 +740,7 @@ services:
      NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
      NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
      NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
-      NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
+      NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-100M}
      NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
      NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
      NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
@ -621,18 +750,18 @@ services:
      - api
      - web
    ports:
-      - '${PANEL_APP_PORT_HTTP:-80}:${NGINX_PORT:-80}'
-      - '${PANEL_APP_PORT_HTTPS:-443}:${NGINX_SSL_PORT:-443}'
-
+      - ${PANEL_APP_PORT_HTTP}:${NGINX_PORT:-80}
+      - ${PANEL_APP_PORT_HTTPS}:${NGINX_SSL_PORT:-443}
  weaviate:
-    image: semitechnologies/weaviate:1.33.4
-    container_name: weaviate-${CONTAINER_NAME}
+    image: semitechnologies/weaviate:1.19.0
+    env_file:
+      - dify.env
    profiles:
      - ''
      - weaviate
    restart: always
    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/weaviate:/var/lib/weaviate
+      - ./volumes/weaviate:/var/lib/weaviate
    environment:
      PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
      QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
@ -644,318 +773,9 @@ services:
      AUTHENTICATION_APIKEY_USERS: ${WEAVIATE_AUTHENTICATION_APIKEY_USERS:-hello@dify.ai}
      AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
      AUTHORIZATION_ADMINLIST_USERS: ${WEAVIATE_AUTHORIZATION_ADMINLIST_USERS:-hello@dify.ai}
-
-  qdrant:
-    image: langgenius/qdrant:v1.8.3
-    container_name: qdrant-${CONTAINER_NAME}
-    profiles:
-      - qdrant
-    restart: always
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/qdrant:/qdrant/storage
-    environment:
-      QDRANT_API_KEY: ${QDRANT_API_KEY:-difyai123456}
-
-  couchbase-server:
-    build: ./conf/couchbase-server
-    profiles:
-      - couchbase
-    restart: always
-    environment:
-      - CLUSTER_NAME=dify_search
-      - COUCHBASE_ADMINISTRATOR_USERNAME=${COUCHBASE_USER:-Administrator}
-      - COUCHBASE_ADMINISTRATOR_PASSWORD=${COUCHBASE_PASSWORD:-password}
-      - COUCHBASE_BUCKET=${COUCHBASE_BUCKET_NAME:-Embeddings}
-      - COUCHBASE_BUCKET_RAMSIZE=512
-      - COUCHBASE_RAM_SIZE=2048
-      - COUCHBASE_EVENTING_RAM_SIZE=512
-      - COUCHBASE_INDEX_RAM_SIZE=512
-      - COUCHBASE_FTS_RAM_SIZE=1024
-    hostname: couchbase-server
-    container_name: couchbase-server
-    working_dir: /opt/couchbase
-    stdin_open: true
-    tty: true
-    entrypoint: [ "" ]
-    command: sh -c "/opt/couchbase/init/init-cbserver.sh"
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/couchbase/data:/opt/couchbase/var/lib/couchbase/data
-    healthcheck:
-      test: [ "CMD-SHELL", "curl -s -f -u Administrator:password http://localhost:8091/pools/default/buckets | grep -q '\\[{' || exit 1" ]
-      interval: 10s
-      retries: 10
-      start_period: 30s
-      timeout: 10s
-
-  pgvector:
-    image: pgvector/pgvector:pg16
-    container_name: pgvector-${CONTAINER_NAME}
-    profiles:
-      - pgvector
-    restart: always
-    environment:
-      PGUSER: ${PGVECTOR_PGUSER:-postgres}
-      POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
-      POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
-      PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/pgvector/data:/var/lib/postgresql/data
-    healthcheck:
-      test: [ 'CMD', 'pg_isready' ]
-      interval: 1s
-      timeout: 3s
-      retries: 30
-
-  pgvecto-rs:
-    image: tensorchord/pgvecto-rs:pg16-v0.3.0
-    container_name: pgvecto-rs-${CONTAINER_NAME}
-    profiles:
-      - pgvecto-rs
-    restart: always
-    environment:
-      PGUSER: ${PGVECTOR_PGUSER:-postgres}
-      POSTGRES_PASSWORD: ${PGVECTOR_POSTGRES_PASSWORD:-difyai123456}
-      POSTGRES_DB: ${PGVECTOR_POSTGRES_DB:-dify}
-      PGDATA: ${PGVECTOR_PGDATA:-/var/lib/postgresql/data/pgdata}
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/pgvecto_rs/data:/var/lib/postgresql/data
-    healthcheck:
-      test: [ 'CMD', 'pg_isready' ]
-      interval: 1s
-      timeout: 3s
-      retries: 30
-
-  chroma:
-    image: ghcr.io/chroma-core/chroma:1.3.3
-    container_name: chroma-${CONTAINER_NAME}
-    profiles:
-      - chroma
-    restart: always
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/chroma:/chroma/chroma
-    environment:
-      CHROMA_SERVER_AUTHN_CREDENTIALS: ${CHROMA_SERVER_AUTHN_CREDENTIALS:-difyai123456}
-      CHROMA_SERVER_AUTHN_PROVIDER: ${CHROMA_SERVER_AUTHN_PROVIDER:-chromadb.auth.token_authn.TokenAuthenticationServerProvider}
-      IS_PERSISTENT: ${CHROMA_IS_PERSISTENT:-TRUE}
-
-  oceanbase:
-    image: quay.io/oceanbase/oceanbase-ce:4.3.3.0-100000142024101215
-    container_name: oceanbase-${CONTAINER_NAME}
-    profiles:
-      - oceanbase
-    restart: always
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/oceanbase/data:/root/ob
-      - ${DIFY_ROOT_PATH}/volumes/oceanbase/conf:/root/.obd/cluster
-      - ${DIFY_ROOT_PATH}/volumes/oceanbase/init.d:/root/boot/init.d
-    environment:
-      OB_MEMORY_LIMIT: ${OCEANBASE_MEMORY_LIMIT:-6G}
-      OB_SYS_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
-      OB_TENANT_PASSWORD: ${OCEANBASE_VECTOR_PASSWORD:-difyai123456}
-      OB_CLUSTER_NAME: ${OCEANBASE_CLUSTER_NAME:-difyai}
-      OB_SERVER_IP: '127.0.0.1'
-
-  oracle:
-    image: container-registry.oracle.com/database/free:latest
-    container_name: oracle-${CONTAINER_NAME}
-    profiles:
-      - oracle
-    restart: always
-    volumes:
-      - source: oradata
-        type: volume
-        target: /opt/oracle/oradata
-      - ${DIFY_ROOT_PATH}/startupscripts:/opt/oracle/scripts/startup
-    environment:
-      ORACLE_PWD: ${ORACLE_PWD:-Dify123456}
-      ORACLE_CHARACTERSET: ${ORACLE_CHARACTERSET:-AL32UTF8}
-
-  etcd:
-    image: quay.io/coreos/etcd:v3.6.5
-    container_name: milvus-etcd-${CONTAINER_NAME}
-    profiles:
-      - milvus
-    environment:
-      ETCD_AUTO_COMPACTION_MODE: ${ETCD_AUTO_COMPACTION_MODE:-revision}
-      ETCD_AUTO_COMPACTION_RETENTION: ${ETCD_AUTO_COMPACTION_RETENTION:-1000}
-      ETCD_QUOTA_BACKEND_BYTES: ${ETCD_QUOTA_BACKEND_BYTES:-4294967296}
-      ETCD_SNAPSHOT_COUNT: ${ETCD_SNAPSHOT_COUNT:-50000}
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/milvus/etcd:/etcd
-    command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd
-    healthcheck:
-      test: [ 'CMD', 'etcdctl', 'endpoint', 'health' ]
-      interval: 30s
-      timeout: 20s
-      retries: 3
-    networks:
-      - milvus
-
-  minio:
-    image: minio/minio:RELEASE.2023-03-20T20-16-18Z
-    container_name: milvus-minio-${CONTAINER_NAME}
-    profiles:
-      - milvus
-    environment:
-      MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-minioadmin}
-      MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-minioadmin}
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/milvus/minio:/minio_data
-    command: minio server /minio_data --console-address ":9001"
-    healthcheck:
-      test: [ 'CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live' ]
-      interval: 30s
-      timeout: 20s
-      retries: 3
-    networks:
-      - milvus
-
-  milvus-standalone:
-    image: milvusdb/milvus:v2.5.0-beta
-    container_name: milvus-standalone-${CONTAINER_NAME}
-    profiles:
-      - milvus
-    command: [ 'milvus', 'run', 'standalone' ]
-    environment:
-      ETCD_ENDPOINTS: ${ETCD_ENDPOINTS:-etcd:2379}
-      MINIO_ADDRESS: ${MINIO_ADDRESS:-minio:9000}
-      common.security.authorizationEnabled: ${MILVUS_AUTHORIZATION_ENABLED:-true}
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/milvus/milvus:/var/lib/milvus
-    healthcheck:
-      test: [ 'CMD', 'curl', '-f', 'http://localhost:9091/healthz' ]
-      interval: 30s
-      start_period: 90s
-      timeout: 20s
-      retries: 3
-    depends_on:
-      - etcd
-      - minio
-    ports:
-      - 19530:19530
-      - 9091:9091
-    networks:
-      - milvus
-
-  opensearch:
-    image: opensearchproject/opensearch:latest
-    container_name: opensearch-${CONTAINER_NAME}
-    profiles:
-      - opensearch
-    environment:
-      discovery.type: ${OPENSEARCH_DISCOVERY_TYPE:-single-node}
-      bootstrap.memory_lock: ${OPENSEARCH_BOOTSTRAP_MEMORY_LOCK:-true}
-      OPENSEARCH_JAVA_OPTS: -Xms${OPENSEARCH_JAVA_OPTS_MIN:-512m} -Xmx${OPENSEARCH_JAVA_OPTS_MAX:-1024m}
-      OPENSEARCH_INITIAL_ADMIN_PASSWORD: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD:-Qazwsxedc!@#123}
-    ulimits:
-      memlock:
-        soft: ${OPENSEARCH_MEMLOCK_SOFT:--1}
-        hard: ${OPENSEARCH_MEMLOCK_HARD:--1}
-      nofile:
-        soft: ${OPENSEARCH_NOFILE_SOFT:-65536}
-        hard: ${OPENSEARCH_NOFILE_HARD:-65536}
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/opensearch/data:/usr/share/opensearch/data
-    networks:
-      - opensearch-net
-
-  opensearch-dashboards:
-    image: opensearchproject/opensearch-dashboards:latest
-    container_name: opensearch-dashboards-${CONTAINER_NAME}
-    profiles:
-      - opensearch
-    environment:
-      OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
-    networks:
-      - opensearch-net
-    depends_on:
-      - opensearch
-
-  myscale:
-    image: myscale/myscaledb:1.8.0
-    container_name: myscale-${CONTAINER_NAME}
-    profiles:
-      - myscale
-    restart: always
-    tty: true
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/myscale/data:/var/lib/clickhouse
-      - ${DIFY_ROOT_PATH}/volumes/myscale/log:/var/log/clickhouse-server
-      - ${DIFY_ROOT_PATH}/volumes/myscale/config/users.d/custom_users_config.xml:/etc/clickhouse-server/users.d/custom_users_config.xml
-    ports:
-      - ${MYSCALE_PORT:-8123}:${MYSCALE_PORT:-8123}
-
-  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:9.2.0
-    container_name: elasticsearch-${CONTAINER_NAME}
-    profiles:
-      - elasticsearch
-      - elasticsearch-ja
-    restart: always
-    volumes:
-      - ${DIFY_ROOT_PATH}/elasticsearch/docker-entrypoint.sh:/docker-entrypoint-mount.sh
-      - dify_es01_data:/usr/share/elasticsearch/data
-    environment:
-      ELASTIC_PASSWORD: ${ELASTICSEARCH_PASSWORD:-elastic}
-      VECTOR_STORE: ${VECTOR_STORE:-}
-      cluster.name: dify-es-cluster
-      node.name: dify-es0
-      discovery.type: single-node
-      xpack.license.self_generated.type: basic
-      xpack.security.enabled: 'true'
-      xpack.security.enrollment.enabled: 'false'
-      xpack.security.http.ssl.enabled: 'false'
-    ports:
-      - ${ELASTICSEARCH_PORT:-9200}:9200
-    deploy:
-      resources:
-        limits:
-          memory: 2g
-    entrypoint: [ 'sh', '-c', "sh /docker-entrypoint-mount.sh" ]
-    healthcheck:
-      test: [ 'CMD', 'curl', '-s', 'http://localhost:9200/_cluster/health?pretty' ]
-      interval: 30s
-      timeout: 10s
-      retries: 50
-
-  kibana:
-    image: docker.elastic.co/kibana/kibana:9.2.0
-    container_name: kibana-${CONTAINER_NAME}
-    profiles:
-      - elasticsearch
-    depends_on:
-      - elasticsearch
-    restart: always
-    environment:
-      XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa
-      NO_PROXY: localhost,127.0.0.1,elasticsearch,kibana
-      XPACK_SECURITY_ENABLED: 'true'
-      XPACK_SECURITY_ENROLLMENT_ENABLED: 'false'
-      XPACK_SECURITY_HTTP_SSL_ENABLED: 'false'
-      XPACK_FLEET_ISAIRGAPPED: 'true'
-      I18N_LOCALE: zh-CN
-      SERVER_PORT: '5601'
-      ELASTICSEARCH_HOSTS: http://elasticsearch:9200
-    ports:
-      - ${KIBANA_PORT:-5601}:5601
-    healthcheck:
-      test: [ 'CMD-SHELL', 'curl -s http://localhost:5601 >/dev/null || exit 1' ]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-  unstructured:
-    image: downloads.unstructured.io/unstructured-io/unstructured-api:latest
-    container_name: unstructured-${CONTAINER_NAME}
-    profiles:
-      - unstructured
-    restart: always
-    volumes:
-      - ${DIFY_ROOT_PATH}/volumes/unstructured:/app/data
-
 networks:
+  default:
+    driver: bridge
  ssrf_proxy_network:
    driver: bridge
    internal: true
@ -964,7 +784,6 @@ networks:
  opensearch-net:
    driver: bridge
    internal: true
-
 volumes:
-  oradata:
-  dify_es01_data:
+  oradata: null
+  dify_es01_data: null
--- a/apps/dify/1.9.2/conf/elasticsearch/docker-entrypoint.sh
+++ b/apps/dify/1.9.2/conf/elasticsearch/docker-entrypoint.sh
--- a/apps/dify/1.9.2/conf/nginx/conf.d/default.conf.template
+++ b/apps/dify/1.9.2/conf/nginx/conf.d/default.conf.template
@ -39,7 +39,10 @@ server {
      proxy_pass http://web:3000;
      include proxy.conf;
    }
-
+    location /mcp {
+      proxy_pass http://api:5001;
+      include proxy.conf;
+    }
    # placeholder for acme challenge location
    ${ACME_CHALLENGE_LOCATION}

--- a/apps/dify/1.9.2/conf/nginx/docker-entrypoint.sh
+++ b/apps/dify/1.9.2/conf/nginx/docker-entrypoint.sh
@ -1,5 +1,7 @@
 #!/bin/bash

+HTTPS_CONFIG=''
+
 if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then
    # Check if the certificate and key files for the specified domain exist
    if [ -n "${CERTBOT_DOMAIN}" ] && \
@ -20,6 +22,7 @@ if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then
    # Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template
    envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
 fi
+export HTTPS_CONFIG

 if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then
    ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }'
@ -33,7 +36,7 @@ env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -)
 envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
 envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf

-envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
+envsubst "$env_vars" < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf

 # Start Nginx using the default entrypoint
 exec nginx -g 'daemon off;'
--- a/apps/dify/1.9.2/conf/nginx/https.conf.template
+++ b/apps/dify/1.9.2/conf/nginx/https.conf.template
--- a/apps/dify/1.9.2/conf/nginx/nginx.conf.template
+++ b/apps/dify/1.9.2/conf/nginx/nginx.conf.template
--- a/apps/dify/1.9.2/conf/nginx/proxy.conf.template
+++ b/apps/dify/1.9.2/conf/nginx/proxy.conf.template
--- a/apps/dify/1.9.2/conf/nginx/ssl/.gitkeep
+++ b/apps/dify/1.9.2/conf/nginx/ssl/.gitkeep
--- a/apps/dify/1.9.2/pgvector/docker-entrypoint.sh
+++ b/apps/dify/1.9.2/pgvector/docker-entrypoint.sh
@ -0,0 +1,24 @@
+#!/bin/bash
+
+PG_MAJOR=16
+
+if [ "${PG_BIGM}" = "true" ]; then
+  # install pg_bigm
+  apt-get update
+  apt-get install -y curl make gcc postgresql-server-dev-${PG_MAJOR}
+
+  curl -LO https://github.com/pgbigm/pg_bigm/archive/refs/tags/v${PG_BIGM_VERSION}.tar.gz
+  tar xf v${PG_BIGM_VERSION}.tar.gz
+  cd pg_bigm-${PG_BIGM_VERSION} || exit 1
+  make USE_PGXS=1 PG_CONFIG=/usr/bin/pg_config
+  make USE_PGXS=1 PG_CONFIG=/usr/bin/pg_config install
+
+  cd - || exit 1
+  rm -rf v${PG_BIGM_VERSION}.tar.gz pg_bigm-${PG_BIGM_VERSION}
+
+  # enable pg_bigm
+  sed -i -e 's/^#\s*shared_preload_libraries.*/shared_preload_libraries = '\''pg_bigm'\''/' /var/lib/postgresql/data/pgdata/postgresql.conf
+fi
+
+# Run the original entrypoint script
+exec /usr/local/bin/docker-entrypoint.sh postgres
--- a/apps/dify/1.9.2/scripts/init.sh
+++ b/apps/dify/1.9.2/scripts/init.sh
@ -1,26 +0,0 @@
-#!/bin/bash
-
-if [ -f .env ]; then
-  source .env
-
-  mkdir -p "$DIFY_ROOT_PATH"
-
-  cp -r conf/. "$DIFY_ROOT_PATH/"
-
-  env_source="envs/dify.env"
-  if [ -f "$env_source" ]; then
-    while IFS='=' read -r key value; do
-      if [[ -z "$key" || "$key" =~ ^# ]]; then
-        continue
-      fi
-      if ! grep -q "^$key=" .env; then
-        echo "$key=$value" >> .env
-      fi
-    done < "$env_source"
-  fi
-
-  echo "Check Finish."
-
-else
-  echo "Error: .env file not found."
-fi
--- a/apps/dify/1.9.2/scripts/upgrade.sh
+++ b/apps/dify/1.9.2/scripts/upgrade.sh
@ -1,37 +0,0 @@
-#!/bin/bash
-
-if [ -f .env ]; then
-  source .env
-
-  mkdir -p "$DIFY_ROOT_PATH"
-
-  if [ -d "conf" ]; then
-      find conf -type f | while read -r file; do
-        dest="$DIFY_ROOT_PATH/${file#conf/}"
-        if [ ! -e "$dest" ]; then
-          mkdir -p "$(dirname "$dest")"
-          cp "$file" "$dest"
-        fi
-      done
-      echo "Conf files copied to $DIFY_ROOT_PATH."
-    else
-      echo "Warning: conf directory not found."
-    fi
-
-  env_source="envs/dify.env"
-  if [ -f "$env_source" ]; then
-    while IFS='=' read -r key value; do
-      if [[ -z "$key" || "$key" =~ ^# ]]; then
-        continue
-      fi
-      if ! grep -q "^$key=" .env; then
-        echo "$key=$value" >> .env
-      fi
-    done < "$env_source"
-  fi
-
-  echo "Check Finish."
-
-else
-  echo "Error: .env file not found."
-fi
--- a/apps/dify/1.9.2/conf/ssrf_proxy/docker-entrypoint.sh
+++ b/apps/dify/1.9.2/conf/ssrf_proxy/docker-entrypoint.sh
--- a/apps/dify/1.9.2/conf/ssrf_proxy/squid.conf.template
+++ b/apps/dify/1.9.2/conf/ssrf_proxy/squid.conf.template
@ -19,6 +19,8 @@ acl Safe_ports port 488		# gss-http
 acl Safe_ports port 591		# filemaker
 acl Safe_ports port 777		# multiling http
 acl CONNECT method CONNECT
+acl allowed_domains dstdomain .marketplace.dify.ai
+http_access allow allowed_domains
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 http_access allow localhost manager
@ -49,3 +51,6 @@ http_port ${REVERSE_PROXY_PORT} accel vhost
 cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
 acl src_all src all
 http_access allow src_all
+
+# Unless the option's size is increased, an error will occur when uploading more than two files.
+client_request_buffer_max_size 100 MB
--- a/apps/dify/1.9.2/conf/startupscripts/init.sh
+++ b/apps/dify/1.9.2/conf/startupscripts/init.sh
--- a/apps/dify/1.9.2/conf/startupscripts/init_user.script
+++ b/apps/dify/1.9.2/conf/startupscripts/init_user.script
@ -5,6 +5,6 @@ create user dify identified by dify DEFAULT TABLESPACE users quota unlimited on
 grant DB_DEVELOPER_ROLE to dify;

 BEGIN
-CTX_DDL.CREATE_PREFERENCE('my_chinese_vgram_lexer','CHINESE_VGRAM_LEXER');
+CTX_DDL.CREATE_PREFERENCE('dify.world_lexer','WORLD_LEXER');
 END;
 /
--- a/apps/dify/1.9.2/conf/tidb/config/pd.toml
+++ b/apps/dify/1.9.2/conf/tidb/config/pd.toml
--- a/apps/dify/1.9.2/conf/tidb/config/tiflash-learner.toml
+++ b/apps/dify/1.9.2/conf/tidb/config/tiflash-learner.toml
--- a/apps/dify/1.9.2/conf/tidb/config/tiflash.toml
+++ b/apps/dify/1.9.2/conf/tidb/config/tiflash.toml
--- a/apps/dify/1.9.2/conf/tidb/docker-compose.yaml
+++ b/apps/dify/1.9.2/conf/tidb/docker-compose.yaml
@ -1,6 +1,6 @@
 services:
  pd0:
-    image: pingcap/pd:v8.5.3
+    image: pingcap/pd:v8.5.1
    # ports:
    #  - "2379"
    volumes:
@ -19,7 +19,7 @@ services:
      - --log-file=/logs/pd.log
    restart: on-failure
  tikv:
-    image: pingcap/tikv:v8.5.3
+    image: pingcap/tikv:v8.5.1
    volumes:
      - ./volumes/data:/data
      - ./volumes/logs:/logs
@ -34,7 +34,7 @@ services:
      - "pd0"
    restart: on-failure
  tidb:
-    image: pingcap/tidb:v8.5.3
+    image: pingcap/tidb:v8.5.1
    # ports:
    #   - "4000:4000"
    volumes:
@ -48,7 +48,7 @@ services:
      - "tikv"
    restart: on-failure
  tiflash:
-    image: pingcap/tiflash:v8.5.3
+    image: pingcap/tiflash:v8.5.1
    volumes:
      - ./config/tiflash.toml:/tiflash.toml:ro
      - ./config/tiflash-learner.toml:/tiflash-learner.toml:ro
--- a/apps/dify/1.9.2/conf/volumes/myscale/config/users.d/custom_users_config.xml
+++ b/apps/dify/1.9.2/conf/volumes/myscale/config/users.d/custom_users_config.xml
--- a/apps/dify/1.9.2/volumes/oceanbase/init.d/vec_memory.sql
+++ b/apps/dify/1.9.2/volumes/oceanbase/init.d/vec_memory.sql
@ -0,0 +1 @@
+ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;
--- a/apps/dify/1.9.2/conf/volumes/opensearch/opensearch_dashboards.yml
+++ b/apps/dify/1.9.2/conf/volumes/opensearch/opensearch_dashboards.yml
--- a/apps/dify/1.9.2/conf/volumes/sandbox/conf/config.yaml
+++ b/apps/dify/1.9.2/conf/volumes/sandbox/conf/config.yaml
--- a/apps/dify/1.9.2/conf/volumes/sandbox/conf/config.yaml.example
+++ b/apps/dify/1.9.2/conf/volumes/sandbox/conf/config.yaml.example
--- a/apps/dify/1.9.2/conf/volumes/sandbox/dependencies/python-requirements.txt
+++ b/apps/dify/1.9.2/conf/volumes/sandbox/dependencies/python-requirements.txt
--- a/apps/netdisk-fast-download/main/docker-compose.yml
+++ b/apps/netdisk-fast-download/main/docker-compose.yml
@ -1,6 +1,7 @@
 services:
  netdisk-fast-download:
    image: ghcr.io/qaiu/netdisk-fast-download:main
+    pull_policy: always
    container_name: ${CONTAINER_NAME}
    restart: unless-stopped
    networks:
				`@ -1 +0,0 @@`
				`ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;`
				`@ -0,0 +1 @@`
				`ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;`