# Base image FROM python:3.12-slim-bookworm AS base # Set shared environment variables ENV POETRY_VERSION=1.8.4 \ POETRY_NO_INTERACTION=1 \ POETRY_VIRTUALENVS_CREATE=true \ POETRY_VIRTUALENVS_IN_PROJECT=true \ POETRY_CACHE_DIR=/tmp/poetry_cache \ PYTHONDONTWRITEBYTECODE=1 # Create users first with specific GID/UID for HF Spaces compatibility RUN groupadd -g 1000 user && \ useradd -m -u 1000 -g user user && \ usermod -aG postgres user # Install system dependencies and set up directories with correct permissions RUN apt-get update && apt-get install -y \ postgresql \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /var/run/postgresql /var/lib/postgresql/data /var/log/postgresql \ && chown -R postgres:postgres /var/run/postgresql /var/lib/postgresql/data /var/log/postgresql \ && chmod 2777 /var/run/postgresql \ && chmod 700 /var/lib/postgresql/data # Create application directories RUN mkdir -p /app/api /app/web /data/storage && \ chown -R user:user /app /data && \ chmod 777 /data /app && \ chown -R postgres:postgres /var/lib/postgresql/data && \ chmod 700 /var/lib/postgresql/data # Install remaining system dependencies RUN apt-get update && apt-get install -y \ curl \ git \ gcc \ python3-dev \ libgmp-dev \ libmpfr-dev \ libmpc-dev \ nodejs \ npm \ postgresql \ postgresql-contrib \ && rm -rf /var/lib/apt/lists/* \ && pip install --no-cache-dir "poetry==${POETRY_VERSION}" # Initialize PostgreSQL database as postgres user USER postgres RUN /usr/lib/postgresql/15/bin/initdb -D /var/lib/postgresql/data && \ echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf && \ echo "listen_addresses='*'" >> /var/lib/postgresql/data/postgresql.conf && \ echo "unix_socket_directories = '/var/run/postgresql'" >> /var/lib/postgresql/data/postgresql.conf # Switch to user for remaining operations USER user # Set environment for user ENV HOME=/home/user \ PATH=/home/user/.local/bin:$PATH # Pull official images FROM langgenius/dify-web:latest AS web FROM langgenius/dify-api:latest AS api # Final stage FROM base # Set up directory structure WORKDIR /app RUN mkdir -p api web /data/storage && \ chown -R user:user /app /data # Copy from official images with correct ownership COPY --from=web --chown=user:user /app/web /app/web/ COPY --from=api --chown=user:user /app/api /app/api/ # Install API dependencies using Poetry WORKDIR /app/api COPY --from=api --chown=user /app/api/pyproject.toml /app/api/poetry.lock /app/api/poetry.toml ./ RUN poetry install --no-root --no-dev # Create symlink for persistent storage RUN ln -s /data/storage /app/api/storage # Set environment variables ENV FLASK_APP=app.py \ EDITION=SELF_HOSTED \ DEPLOY_ENV=PRODUCTION \ MODE=api \ LOG_LEVEL=INFO \ DEBUG=false \ FLASK_DEBUG=false \ SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U \ CONSOLE_API_URL=https://${SPACE_ID}.hf.space \ CONSOLE_WEB_URL=https://${SPACE_ID}.hf.space \ SERVICE_API_URL=https://${SPACE_ID}.hf.space \ APP_WEB_URL=https://${SPACE_ID}.hf.space \ DIFY_PORT=7860 \ DIFY_BIND_ADDRESS=0.0.0.0 \ DB_USERNAME=${POSTGRES_USER:-postgres} \ DB_PASSWORD=${POSTGRES_PASSWORD:-difyai123456} \ DB_HOST=${POSTGRES_HOST:-localhost} \ DB_PORT=${POSTGRES_PORT:-5432} \ DB_DATABASE=${POSTGRES_DB:-dify} \ REDIS_HOST=localhost \ REDIS_PORT=6379 \ REDIS_PASSWORD=difyai123456 \ CELERY_BROKER_URL=amqp://guest:guest@localhost:5672// \ CELERY_RESULT_BACKEND=redis://localhost:6379/0 \ PYTHONPATH=/app/api \ STORAGE_PATH=/data/storage EXPOSE 7860 3000 # Create startup script with connection retries RUN echo '#!/bin/bash\n\ echo "===== Application Startup at $(date "+%Y-%m-%d %H:%M:%S") ====="\n\ \n\ # Ensure PostgreSQL directories have correct permissions\n\ mkdir -p /var/log/postgresql /var/run/postgresql\n\ chown -R postgres:postgres /var/log/postgresql /var/run/postgresql /var/lib/postgresql/data\n\ chmod 2777 /var/run/postgresql\n\ chmod 700 /var/lib/postgresql/data\n\ \n\ # Start PostgreSQL as postgres user without using su command\n\ runuser -u postgres -- /usr/lib/postgresql/15/bin/pg_ctl -D /var/lib/postgresql/data \ -l /var/log/postgresql/postgresql.log start\n\ \n\ # Wait for PostgreSQL to start\n\ max_tries=30\n\ count=0\n\ echo "Checking database connection..."\n\ until PGPASSWORD="${DB_PASSWORD}" psql -h localhost -p 5432 -U postgres -c "SELECT 1" > /dev/null 2>&1; do\n\ echo "Waiting for database connection... (${count}/${max_tries})"\n\ sleep 2\n\ count=$((count+1))\n\ if [ $count -gt $max_tries ]; then\n\ echo "Failed to connect to database after ${max_tries} attempts"\n\ exit 1\n\ fi\n\ done\n\ \n\ # Create database and set up permissions\n\ PGPASSWORD="${DB_PASSWORD}" psql -h localhost -p 5432 -U postgres <<-EOSQL\n\ CREATE DATABASE ${DB_DATABASE} WITH OWNER ${DB_USERNAME};\n\ ALTER USER ${DB_USERNAME} WITH PASSWORD '\''${DB_PASSWORD}'\'';\n\ EOSQL\n\ \n\ echo "Database connection successful"\n\ \n\ # Start application services\n\ cd /app/api && poetry run python -m flask db upgrade\n\ \n\ cd /app/api && poetry run python -m gunicorn app:app \ --bind ${DIFY_BIND_ADDRESS:-0.0.0.0}:${DIFY_PORT:-7860} \ --worker-class gevent \ --workers 1 \ --timeout 300 \ --preload &\n\ \n\ cd /app/web && node server.js &\n\ \n\ wait' > /app/entrypoint.sh && \ chmod +x /app/entrypoint.sh WORKDIR /app CMD ["./entrypoint.sh"]