Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Environment:Langgenius Dify Docker Deployment Environment

From Leeroopedia


Knowledge Sources
Domains Infrastructure, Deployment
Last Updated 2026-02-08 11:00 GMT

Overview

Docker Compose deployment environment for the Dify LLM application platform, orchestrating API, Worker, Web, Nginx, Sandbox, Plugin Daemon, and SSRF Proxy services with PostgreSQL and Redis infrastructure.

Description

This environment defines the complete containerized deployment stack for Dify. It uses Docker Compose to orchestrate 8+ services including the Flask API server (Gunicorn with gevent workers), Celery background workers, a Next.js frontend served via PM2 cluster mode, an Nginx reverse proxy, a code execution sandbox with SSRF protection via Squid proxy, and a plugin daemon. The stack requires PostgreSQL (or MySQL/OceanBase) for persistent storage and Redis for caching, message brokering, and pub/sub communication.

Usage

Use this environment for any production or staging deployment of the Dify platform. It is the mandatory prerequisite for running the Docker Deployment workflow, including the Env_Template_Copy, Docker_Compose_Up, Dify_Env_Sync, and Web_Entrypoint implementations.

System Requirements

Category Requirement Notes
OS Linux (Ubuntu 20.04+ recommended) Docker Desktop available for macOS/Windows development
Docker Docker Engine 20.10+ Compose V2 required (bundled with modern Docker)
CPU 2+ cores minimum Formula for API workers: (CPU cores x 2) + 1 for sync, 1 for gevent
RAM 4GB minimum, 8GB+ recommended Vector databases and OpenSearch may need additional memory
Disk 20GB+ SSD High IOPS for database and file storage volumes at ./volumes/
Network Ports 80, 443 (Nginx), 5001 (API), 5002 (Plugin) Internal bridge networks for service isolation

Dependencies

Container Images

  • `langgenius/dify-api` = 1.12.1 (API server and Celery worker)
  • `langgenius/dify-web` = 1.12.1 (Next.js frontend)
  • `langgenius/dify-sandbox` = 0.2.12 (Code execution sandbox)
  • `langgenius/dify-plugin-daemon` = 0.5.3-local (Plugin runtime)
  • `nginx:latest` (Reverse proxy)
  • `ubuntu/squid:latest` (SSRF proxy)
  • `postgres:15-alpine` (Default database)
  • `redis:6-alpine` (Cache and message broker)

Infrastructure Services

  • PostgreSQL 15 (default) or MySQL 8.0 or OceanBase 4.3.5
  • Redis 6 with password authentication
  • Squid SSRF proxy for outbound request filtering

Credentials

The following environment variables must be set in `.env`:

  • `SECRET_KEY`: Flask secret key for session encryption and token signing.
  • `DB_PASSWORD`: PostgreSQL database password (default: difyai123456).
  • `REDIS_PASSWORD`: Redis authentication password (default: difyai123456).
  • `INIT_PASSWORD`: Initial admin account password for first-time setup.
  • `SANDBOX_API_KEY`: API key for sandbox code execution service.
  • `PLUGIN_DAEMON_KEY`: Authentication key for the plugin daemon service.
  • `PLUGIN_DIFY_INNER_API_KEY`: Internal API key for plugin-to-API communication.
  • `CODE_EXECUTION_API_KEY`: API key for the code sandbox endpoint.

WARNING: Change all default passwords and keys before production deployment.

Quick Install

# Clone the repository
git clone https://github.com/langgenius/dify.git
cd dify/docker

# Copy environment template
cp .env.example .env

# Edit .env to change default passwords
# vim .env

# Start all services
docker compose up -d

Code Evidence

Container startup orchestration from `docker/docker-compose.yaml:689-706`:

init_permissions:
    image: busybox:latest
    command: >
      /bin/sh -c "FLAG_FILE=/app/api/storage/.init_permissions;
      if [ -f $$FLAG_FILE ]; then exit 0; fi;
      chown -R 1001:1001 /app/api/storage && touch $$FLAG_FILE"
    volumes:
      - ./volumes/app/storage:/app/api/storage
    restart: "no"

Service dependency chain from `docker/docker-compose.yaml:725-727`:

api:
    depends_on:
      init_permissions:
        condition: service_completed_successfully

SSRF proxy security ACL from `docker/ssrf_proxy/squid.conf.template:22-30`:

acl allowed_domains dstdomain .marketplace.dify.ai
http_access allow allowed_domains
http_access deny all

Common Errors

Error Message Cause Solution
Permission denied on /app/api/storage init_permissions service failed Run `chown -R 1001:1001 ./volumes/app/storage` manually
Connection refused to db_postgres:5432 Database not ready at API startup Verify health check passes: `pg_isready -h db_postgres -U postgres -d dify`
Redis AUTH required Redis password mismatch Ensure `REDIS_PASSWORD` in `.env` matches the Redis service config
502 Bad Gateway from Nginx API service not yet started Wait for migrations to complete; check `docker compose logs api`

Compatibility Notes

  • Linux: Fully supported; recommended for production.
  • macOS/Windows: Docker Desktop supported for development; volume performance may be slower.
  • ARM64: All official Dify images support linux/amd64 and linux/arm64.
  • Database alternatives: MySQL 8.0 and OceanBase 4.3.5 are supported via `DB_TYPE` and `COMPOSE_PROFILES`.

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment