The variables listed in this document are for reference only. For a full list of environment variables, please refer to the
.env.example file. If you can’t find a specific variable in the .values.yaml file, please check the FAQs for guidance.Common Variables
CONSOLE_API_URL
The backend URL for the console API. This is used to construct the authorization callback. If left empty, it defaults to the same domain as the application. Example:https://api.console.dify.ai
CONSOLE_WEB_URL
The front-end URL of the console web interface. This is used to construct front-end addresses and for CORS configuration. If left empty, it defaults to the same domain as the application. Example:https://console.dify.ai
SERVICE_API_URL
The Service API URL, used to display Service API Base URL in the front-end. If left empty, it defaults to the same domain as the application. Example:https://api.dify.ai
APP_API_URL
The WebApp API backend URL, used to specify the backend URL for the front-end API. If left empty, it defaults to the same domain as the application. Example:https://app.dify.ai
APP_WEB_URL
The WebApp URL, used to display File preview or download Url to the front-end or as Multi-model inputs; If left empty, it defaults to the same domain as the application. Example:https://udify.app/
FILES_URL
The prefix for file preview or download URLs, used to display these URLs in the front-end and provide them as input for multi-modal models. To prevent forgery, image preview URLs are signed and expire after 5 minutes.Server
MODE
Startup mode: This is only available when launched using docker. It is not applicable when running from source code.- api Start API Server.
- worker Start asynchronous queue worker.
DEBUG
Debug mode: Disabled by default. It’s recommended to enable this setting during local development to prevent issues caused by monkey patching.FLASK_DEBUG
Flask debug mode: When enabled, it outputs trace information in the API responses, facilitating easier debugging.SECRET_KEY
A secret key used for securely signing session cookies and encrypting sensitive information in the database. This variable must be set before the first launch. Runopenssl rand -base64 42 to generate a strong key for it.
DEPLOY_ENV
Deployment environment:- PRODUCTION (default) Production environment.
- TESTING Testing environment. There will be a distinct color label on the front-end page, indicating that this environment is a testing environment.
LOG_LEVEL
The log output level. Default is INFO. For production environments, it’s recommended to set this to ERROR.MIGRATION_ENABLED
When set to true, database migrations are automatically executed on container startup. This is only available when launched using docker and does not apply when running from source code. For source code launches, you need to manually runflask db upgrade in the api directory.
CHECK_UPDATE_URL
Controls the version checking policy. If set to false, the system will not callhttps://updates.dify.ai to check for updates.
Currently, the version check interface based on CloudFlare Worker is not directly accessible in China. Setting this variable to an empty value will disable this API call.
TEXT_GENERATION_TIMEOUT_MS
Default value: 60000 (milliseconds). Specifies the timeout for text generation and workflow processes. This setting prevents system-wide service disruptions caused by individual processes exceeding their allocated time.OPENAI_API_BASE
Used to change the OpenAI base address, default is https://api.openai.com/v1. When OpenAI cannot be accessed in China, replace it with a domestic mirror address, or when a local model provides OpenAI compatible API, it can be replaced.Container Startup Related Configuration
Only effective when starting with docker image or docker-compose.- DIFY_BIND_ADDRESS API service binding address, default: 0.0.0.0, i.e., all addresses can be accessed.
- DIFY_PORT API service binding port number, default to 5001.
-
SERVER_WORKER_AMOUNT
The number of API server workers, i.e., the number of gevent workers. Default is
1. Recommended formula:number of cpu cores x 2 + 1Reference: https://docs.gunicorn.org/en/stable/design.html#how-many-workers - SERVER_WORKER_CLASS Defaults to gevent. If using windows, it can be switched to sync or solo.
- GUNICORN_TIMEOUT Request handling timeout. Default is 360, to support longer SSE (Server-Sent Events) connection times.
-
CELERY_WORKER_CLASS
Similar to
SERVER_WORKER_CLASS. Default is gevent. If using windows, it can be switched to sync or solo. - CELERY_WORKER_AMOUNT The number of Celery workers. The default is 1, and can be set as needed.
Database Configuration
The database uses PostgreSQL. Please use the public schema.- DB_USERNAME: username
- DB_PASSWORD: password
- DB_HOST: database host
- DB_PORT: database port number, default is 5432
- DB_DATABASE: database name
- SQLALCHEMY_POOL_SIZE: The size of the database connection pool. The default is 30 connections, which can be appropriately increased.
- SQLALCHEMY_POOL_RECYCLE: Database connection pool recycling time, the default is 3600 seconds.
- SQLALCHEMY_ECHO: Whether to print SQL, default is false.
Redis Configuration
This Redis configuration is used for caching and for pub/sub during conversation.- REDIS_HOST: Redis host
- REDIS_PORT: Redis port, default is 6379
- REDIS_DB: Redis Database, default is 0. Please use a different Database from Session Redis and Celery Broker.
- REDIS_USERNAME: Redis username, default is empty
- REDIS_PASSWORD: Redis password, default is empty. It is strongly recommended to set a password.
- REDIS_USE_SSL: Whether to use SSL protocol for connection, default is false
- REDIS_USE_SENTINEL: Use Redis Sentinel to connect to Redis servers
- REDIS_SENTINELS: Sentinel nodes, format:
<sentinel1_ip>:<sentinel1_port>,<sentinel2_ip>:<sentinel2_port>,<sentinel3_ip>:<sentinel3_port> - REDIS_SENTINEL_SERVICE_NAME: Sentinel service name, same as Master Name
- REDIS_SENTINEL_USERNAME: Username for Sentinel
- REDIS_SENTINEL_PASSWORD: Password for Sentinel
- REDIS_SENTINEL_SOCKET_TIMEOUT: Sentinel timeout, default value: 0.1, unit: seconds
Celery Configuration
-
CELERY_BROKER_URL
Format as follows(direct connection mode):
Example:
redis://:difyai123456@redis:6379/1Sentinel mode:Example:sentinel://localhost:26379/1;sentinel://localhost:26380/1;sentinel://localhost:26381/1 - BROKER_USE_SSL If set to true, use SSL protocol for connection, default is false
- CELERY_USE_SENTINEL If set to true, Sentinel mode will be enabled, default is false
- CELERY_SENTINEL_MASTER_NAME The service name of Sentinel, i.e., Master Name
- CELERY_SENTINEL_SOCKET_TIMEOUT Timeout for connecting to Sentinel, default value: 0.1, unit: seconds
CORS Configuration
Used to set the front-end cross-domain access policy.-
CONSOLE_CORS_ALLOW_ORIGINS
Console CORS cross-domain policy, default is
*, that is, all domains can access. -
WEB_API_CORS_ALLOW_ORIGINS
WebAPP CORS cross-domain policy, default is
*, that is, all domains can access.
File Storage Configuration
Used to store uploaded data set files, team/tenant encryption keys, and other files.-
STORAGE_TYPE
Type of storage facility. Default is
opendal. The values below are for.env/ Docker Compose; Helm deployments usepersistence.typeinvalues.yamlinstead (noopendalsupport).-
opendal (default in Docker Compose)
Storage via Apache OpenDAL. Set
OPENDAL_SCHEMEto choose the backend (defaultfs, local filesystem). Scheme-specific options follow theOPENDAL_<SCHEME>_<CONFIG>naming. -
local (default in Helm)
Local file storage. Internally maps to OpenDAL
fs. If this option is selected, set theSTORAGE_LOCAL_PATHconfiguration below. - s3 S3 object storage, if this option is selected, the following S3_ prefixed configurations need to be set.
- azure-blob Azure Blob object storage, if this option is selected, the following AZURE_BLOB_ prefixed configurations need to be set.
- huawei-obs Huawei OBS object storage, if this option is selected, the following HUAWEI_OBS_ prefixed configurations need to be set.
- volcengine-tos Volcengine TOS object storage, if this option is selected, the following VOLCENGINE_TOS_ prefixed configurations need to be set.
-
opendal (default in Docker Compose)
Storage via Apache OpenDAL. Set
-
OPENDAL_SCHEME
The OpenDAL storage scheme, default is
fs(local filesystem). -
OPENDAL_FS_ROOT
Root directory for the OpenDAL local filesystem, default is
storage. -
STORAGE_LOCAL_PATH
Default is storage, that is, it is stored in the storage directory of the current directory.
If you are deploying with docker or docker-compose, be sure to mount the
/app/api/storagedirectory in both containers to the same local directory, otherwise, you may encounter file not found errors. - S3_ENDPOINT: S3 endpoint address
- S3_BUCKET_NAME: S3 bucket name
- S3_ACCESS_KEY: S3 Access Key
- S3_SECRET_KEY: S3 Secret Key
- S3_REGION: S3 region information, such as: us-east-1
- AZURE_BLOB_ACCOUNT_NAME: your-account-name eg, ‘difyai’
- AZURE_BLOB_ACCOUNT_KEY: your-account-key eg, ‘difyai’
- AZURE_BLOB_CONTAINER_NAME: your-container-name eg, ‘difyai-container’
- AZURE_BLOB_ACCOUNT_URL: ‘https://<your_account_name>.blob.core.windows.net’
- ALIYUN_OSS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
- ALIYUN_OSS_ACCESS_KEY: your-access-key eg, ‘difyai’
- ALIYUN_OSS_SECRET_KEY: your-secret-key eg, ‘difyai’
- ALIYUN_OSS_ENDPOINT: https://oss-ap-southeast-1-internal.aliyuncs.com # reference: https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints
- ALIYUN_OSS_REGION: ap-southeast-1 # reference: https://www.alibabacloud.com/help/en/oss/user-guide/regions-and-endpoints
- ALIYUN_OSS_AUTH_VERSION: v4
- ALIYUN_OSS_PATH: your-path # Don’t start with ’/’. OSS doesn’t support leading slash in object names. reference: https://www.alibabacloud.com/help/en/oss/support/0016-00000005
- HUAWEI_OBS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
- HUAWEI_OBS_SECRET_KEY: your-secret-key eg, ‘difyai’
- HUAWEI_OBS_ACCESS_KEY: your-access-key eg, ‘difyai’
- HUAWEI_OBS_SERVER: your-server-url # reference: https://support.huaweicloud.com/sdk-python-devg-obs/obs_22_0500.html
- VOLCENGINE_TOS_BUCKET_NAME: your-bucket-name eg, ‘difyai’
- VOLCENGINE_TOS_SECRET_KEY: your-secret-key eg, ‘difyai’
- VOLCENGINE_TOS_ACCESS_KEY: your-access-key eg, ‘difyai’
- VOLCENGINE_TOS_REGION: your-region eg, ‘cn-guangzhou’ # reference: https://www.volcengine.com/docs/6349/107356
- VOLCENGINE_TOS_ENDPOINT: your-endpoint eg, ‘tos-cn-guangzhou.volces.com’ # reference: https://www.volcengine.com/docs/6349/107356
Vector Database Configuration
-
VECTOR_STORE
- Available enumeration types include:
weaviateqdrantmilvuszilliz(share the same configuration asmilvus)myscalepinecone(not yet open)analyticdbcouchbase
- Available enumeration types include:
-
WEAVIATE_ENDPOINT
Weaviate endpoint address, such as:
http://weaviate:8080. - WEAVIATE_API_KEY The api-key credential used to connect to Weaviate.
-
WEAVIATE_GRPC_ENDPOINT
The Weaviate gRPC endpoint, such as:
grpc://weaviate:50051. Using gRPC greatly increases performance. -
WEAVIATE_TOKENIZATION
The tokenization method used by Weaviate, default is
word. -
QDRANT_URL
Qdrant endpoint address, such as:
https://your-qdrant-cluster-url.qdrant.tech/ - QDRANT_API_KEY The api-key credential used to connect to Qdrant.
- PINECONE_API_KEY The api-key credential used to connect to Pinecone.
-
PINECONE_ENVIRONMENT
The environment where Pinecone is located, such as:
us-east4-gcp -
MILVUS_URI
Milvus uri configuration. e.g.
http://host.docker.internal:19530. For Zilliz Cloud, adjust the uri and token to the Public Endpoint and API Key. - MILVUS_TOKEN Milvus token configuration, default is empty.
- MILVUS_USER Milvus user configuration, default is empty.
- MILVUS_PASSWORD Milvus password configuration, default is empty.
- MYSCALE_HOST MyScale host configuration.
- MYSCALE_PORT MyScale port configuration.
-
MYSCALE_USER
MyScale user configuration, default is
default. - MYSCALE_PASSWORD MyScale password configuration, default is empty.
-
MYSCALE_DATABASE
MyScale database configuration, default is
dify. - MYSCALE_FTS_PARAMS MyScale text-search params, check MyScale docs for multi-language support, default is empty.
- ANALYTICDB_KEY_ID The access key ID used for Aliyun OpenAPI authentication. Read the Analyticdb documentation to create your AccessKey.
- ANALYTICDB_KEY_SECRET The access key secret used for Aliyun OpenAPI authentication.
-
ANALYTICDB_INSTANCE_ID
The unique identifier for your AnalyticDB instance, such as :
gp-xxxxxx. Read the Analyticdb documentation to create your instance. -
ANALYTICDB_REGION_ID
The region identifier where the AnalyticDB instance is located, such as:
cn-hangzhou. - ANALYTICDB_ACCOUNT The account name used to connect to the AnalyticDB instance. Read the Analyticdb documentation to create an account.
- ANALYTICDB_PASSWORD The password for the account used to connect to the AnalyticDB instance.
-
ANALYTICDB_NAMESPACE
The namespace(schema) within the AnalyticDB instance that you wish to interact with, such as
dify. If this namespace does not exist, it will be created automatically. - ANALYTICDB_NAMESPACE_PASSWORD The password for the namespace(schema). If the namespace does not exist, it will be created with this password.
- COUCHBASE_CONNECTION_STRING The connection string for the Couchbase cluster.
- COUCHBASE_USER The username for the database user.
- COUCHBASE_PASSWORD The password for the database user.
- COUCHBASE_BUCKET_NAME The name of the bucket to use.
- COUCHBASE_SCOPE_NAME The name of the scope to use.
Knowledge Configuration
- UPLOAD_FILE_SIZE_LIMIT: Upload file size limit, default 15M.
- UPLOAD_FILE_BATCH_LIMIT The maximum number of files that can be uploaded at a time, default 5.
-
ETL_TYPE
Available enumeration types include: (default is
Unstructured)- dify Dify’s proprietary file extraction scheme
- Unstructured Unstructured.io file extraction scheme
-
UNSTRUCTURED_API_URL
Unstructured API path, needs to be configured when ETL_TYPE is Unstructured.
For example:
http://unstructured:8000/general/v0/general - TOP_K_MAX_VALUE The maximum top-k value of RAG, default 10.
Multi-modal Configuration
-
MULTIMODAL_SEND_FORMAT
The format of the image sent when the multi-modal model is input, the default is
base64, optionalurl. The delay of the call inurlmode will be lower than that inbase64mode. It is generally recommended to use the more compatiblebase64mode. If configured asurl, you need to configureFILES_URLas an externally accessible address so that the multi-modal model can access the image. - UPLOAD_IMAGE_FILE_SIZE_LIMIT Upload image file size limit, default 10M.
Sentry Configuration
Used for application monitoring and error log tracking.- SENTRY_DSN Sentry DSN address, default is empty, when empty, all monitoring information is not reported to Sentry.
- SENTRY_TRACES_SAMPLE_RATE The reporting ratio of Sentry events, if it is 0.01, it is 1%.
- SENTRY_PROFILES_SAMPLE_RATE The reporting ratio of Sentry profiles, if it is 0.01, it is 1%.
Notion Integration Configuration
Notion integration configuration variables can be obtained by applying for Notion integration: https://www.notion.so/my-integrations- NOTION_INTEGRATION_TYPE: Configure as “public” or “internal”. Since Notion’s OAuth redirect URL only supports HTTPS, if deploying locally, please use Notion’s internal integration.
- NOTION_CLIENT_SECRET: Notion OAuth client secret (used for public integration type).
- NOTION_CLIENT_ID: OAuth client ID (used for public integration type).
- NOTION_INTERNAL_SECRET: Notion internal integration secret. If the value of
NOTION_INTEGRATION_TYPEis “internal”, you need to configure this variable.
Mail related configuration
- MAIL_TYPE
- resend
- MAIL_DEFAULT_SEND_FROM
The sender’s email name, such as: no-reply no-reply@dify.ai, not mandatory. - RESEND_API_KEY
API-Key for the Resend email provider, can be obtained from API-Key.
- MAIL_DEFAULT_SEND_FROM
- smtp
- SMTP_SERVER
SMTP server address - SMTP_PORT
SMTP server port number - SMTP_USERNAME
SMTP username - SMTP_PASSWORD
SMTP password - SMTP_USE_TLS
Whether to use TLS, default is false - MAIL_DEFAULT_SEND_FROM
The sender’s email name, such as: no-reply no-reply@dify.ai, not mandatory.
- SMTP_SERVER
- resend
ModelProvider & Tool Position Configuration
Used to specify the model providers and tools that can be used in the app. These settings allow you to customize which tools and model providers are available, as well as their order and inclusion/exclusion in the app’s interface. For a list of available tools and model providers, please refer to the provided links.-
POSITION_TOOL_PINS
Pin specific tools to the top of the list, ensuring they appear first in the interface. (Use comma-separated values with no spaces between items.)
Example:
POSITION_TOOL_PINS=bing,google -
POSITION_TOOL_INCLUDES
Specify the tools to be included in the app. Only the tools listed here will be available for use. If not set, all tools will be included unless specified in POSITION_TOOL_EXCLUDES. (Use comma-separated values with no spaces between items.)
Example:
POSITION_TOOL_INCLUDES=bing,google -
POSITION_TOOL_EXCLUDES
Exclude specific tools from being displayed or used in the app. Tools listed here will be omitted from the available options, except for pinned tools. (Use comma-separated values with no spaces between items.)
Example:
POSITION_TOOL_EXCLUDES=yahoo,wolframalpha -
POSITION_PROVIDER_PINS
Pin specific model providers to the top of the list, ensuring they appear first in the interface. (Use comma-separated values with no spaces between items.)
Example:
POSITION_PROVIDER_PINS=openai,openllm -
POSITION_PROVIDER_INCLUDES
Specify the model providers to be included in the app. Only the providers listed here will be available for use. If not set, all providers will be included unless specified in POSITION_PROVIDER_EXCLUDES. (Use comma-separated values with no spaces between items.)
Example:
POSITION_PROVIDER_INCLUDES=cohere,upstage -
POSITION_PROVIDER_EXCLUDES
Exclude specific model providers from being displayed or used in the app. Providers listed here will be omitted from the available options, except for pinned providers. (Use comma-separated values with no spaces between items.)
Example:
POSITION_PROVIDER_EXCLUDES=openrouter,ollama
Others
- INVITE_EXPIRY_HOURS: Member invitation link valid time (hours), Default: 72.
- HTTP_REQUEST_NODE_MAX_TEXT_SIZE:The maximum text size of the HTTP request node in the workflow, default 1MB。
- HTTP_REQUEST_NODE_MAX_BINARY_SIZE:The maximum binary size of HTTP request nodes in the workflow, default 10MB。
Web Frontend
SENTRY_DSN
Sentry DSN address, default is empty, when empty, all monitoring information is not reported to Sentry.Deprecated
CONSOLE_URL
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced by:Console URL, used to concatenate the authorization callback, console front-end address, and CORS configuration use. If empty, it is the same domain. Example:CONSOLE_API_URLandCONSOLE_WEB_URL.
https://console.dify.ai.
API_URL
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced by SERVICE_API_URL.
API URL, used to display Service API Base URL to the front-end. If empty, it is the same domain. Example: https://api.dify.ai
APP_URL
⚠️ Modified in 0.3.8, will be deprecated in 0.4.9, replaced byWebApp Url, used to display WebAPP API Base Url to the front-end. If empty, it is the same domain. Example:APP_API_URLandAPP_WEB_URL.
https://udify.app/
Session Configuration
⚠️ This configuration is no longer valid since v0.3.24.Only used by the API service for interface identity verification.
-
SESSION_TYPE:
Session component type
- redis (default) If you choose this, you need to set the environment variables starting with SESSION_REDIS_ below.
- sqlalchemy If you choose this, the current database connection will be used and the sessions table will be used to read and write session records.
- SESSION_REDIS_HOST: Redis host
- SESSION_REDIS_PORT: Redis port, default is 6379
- SESSION_REDIS_DB: Redis Database, default is 0. Please use a different Database from Redis and Celery Broker.
- SESSION_REDIS_USERNAME: Redis username, default is empty
- SESSION_REDIS_PASSWORD: Redis password, default is empty. It is strongly recommended to set a password.
- SESSION_REDIS_USE_SSL: Whether to use SSL protocol for connection, default is false
Cookie Policy Configuration
⚠️ This configuration is no longer valid since v0.3.24.Used to set the browser policy for session cookies used for identity verification.
- COOKIE_HTTPONLY Cookie HttpOnly configuration, default is true.
- COOKIE_SAMESITE Cookie SameSite configuration, default is Lax.
- COOKIE_SECURE Cookie Secure configuration, default is false.
Chunk Length Configuration
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH
Configuration for document chunk length. It is used to control the size of text segments when processing long documents. Default: 4000. Larger Chunks- Retain more context within each chunk, ideal for tasks requiring a broader understanding of the text.
- Reduce the total number of chunks, lowering processing time and storage overhead.
- Provide finer granularity, improving accuracy for tasks like extraction or summarization.
- Reduce the risk of exceeding model token limits, making it safer for models with stricter constraints.
- Choose larger chunks for context-heavy tasks like sentiment analysis or document summarization.
- Choose smaller chunks for fine-grained tasks such as keyword extraction or paragraph-level processing.
Special Environment Variables Explanation
serverWorkerAmount: This ENV is used atAPIservice.- Default value is
9, if you are in testing environment, you can set it to1to save resources. - The number of API server workers, i.e., the number of gevent workers. Formula:
number of cpu cores x 2 + 1 - Reference
- Default value is
celeryWorkerAmount: This ENV is used atWorkerservice.- Default value is
9, if you are in testing environment, you can set it to1to save resources.
- Default value is
Click here to download the values.yaml file.
FAQs
How to add environment variables that are not found in the values.yaml file, but available in the .env.example file?
Please add or modify the variable in the values.yaml file followed by the example below. For instance, to add ENV_FROM_COMMUNITY1 and ENV_FROM_COMMUNITY2 to the values.yaml file:
How to configure HTTP_PROXY and HTTPS_PROXY?
Sometimes, for security reasons, you may need to configure the HTTP_PROXY and HTTPS_PROXY environment variables for the Dify API service.
You can use the extraEnv field in the values.yaml file.