Traefik instead or a optional/additional reverse proxy alternative

[AdsonCicilioti]

Hi guys!

Has anyone implemented Dify with a Traefik?

If not, would it be possible to point out what are the requirements to implement another type of reverse proxy instead of Nginx?

[thibaudbrg]

Hi, I did it myself last week.
I does work but I struggled a lot tho because the apps do not provide enough logs. I ended up discovering that dify-api doesn't work if you associate this container with more than 1 docker networks (and I wanted to have a specific network named dify for all the apps + the traefik network given to dify-web and dify-api.

So right now, i forgot about the idea of having a specific dify subnetworks and only put traefik as the main network for the apps to communicate.

So in then end here is my current compose:

  # API service
  dify-api:
    image: localhost/langgenius/dify-api:0.6.9
    container_name: dify-api
    restart: always
    ports:
      - "5001:5001"
    networks:
#      - ssrf_proxy_network
      #- dify
      - t2_proxy
    environment:
      MODE: api
      OPENAI_API_KEY: $OPENAI_API_KEY
      LOG_LEVEL: DEBUG
      DEBUG : true
      SECRET_KEY: $DIFY_API_KEY

      CONSOLE_WEB_URL:
      INIT_PASSWORD: ''
      CONSOLE_API_URL:
      SERVICE_API_URL:
      APP_WEB_URL:
      FILES_URL:
      FILES_ACCESS_TIMEOUT: 300
      MIGRATION_ENABLED: 'true'

      # The configurations of postgres database connection.
      DB_USERNAME: $POSTGRES_USER
      DB_PASSWORD: $POSTGRES_PASSWORD
      DB_HOST: dify-postgresql
      DB_PORT: 5432
      DB_DATABASE: $POSTGRES_DB

      # The configurations of redis cache connection.
      REDIS_HOST: redis
      REDIS_PORT: 6379
      REDIS_USERNAME: $REDIS_USERNAME
      REDIS_PASSWORD: $REDIS_PASSWORD
      REDIS_DB: 0
      REDIS_USE_SSL: 'false'
      # The configurations of celery broker.
      CELERY_BROKER_URL: redis://$REDIS_USERNAME:$REDIS_PASSWORD@redis:6379/1
      WEB_API_CORS_ALLOW_ORIGINS: '*'
      CONSOLE_CORS_ALLOW_ORIGINS: '*'

      STORAGE_TYPE: local
      STORAGE_LOCAL_PATH: storage

      # The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`.
      VECTOR_STORE: $WEAVIATE_VECTOR_STORE
      WEAVIATE_ENDPOINT: http://weaviate:8080
      WEAVIATE_API_KEY: $WEAVIATE_API_KEY

      # The sandbox service endpoint.
      CODE_EXECUTION_ENDPOINT: "http://dify-sandbox:8194"
      CODE_EXECUTION_API_KEY: $DIFY_SANDBOX_API_KEY
      CODE_MAX_NUMBER: 9223372036854775807
      CODE_MIN_NUMBER: -9223372036854775808
      CODE_MAX_STRING_LENGTH: 80000
      TEMPLATE_TRANSFORM_MAX_LENGTH: 80000
      CODE_MAX_STRING_ARRAY_LENGTH: 30
      CODE_MAX_OBJECT_ARRAY_LENGTH: 30
      CODE_MAX_NUMBER_ARRAY_LENGTH: 1000

      ## SSRF Proxy server
#      SSRF_PROXY_HTTP_URL: 'http://dify-ssrf_proxy:3128'
#      SSRF_PROXY_HTTPS_URL: 'http://dify-ssrf_proxy:3128'
      
      # Indexing configuration
      INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: 1000
    depends_on:
      - dify-postgresql
      - redis
      - weaviate
    volumes:
      - $PODMANDIR/appdata/dify/storage:/app/api/storage
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.dify-api-rtr.entrypoints=https"
      - "traefik.http.routers.dify-api-rtr.rule=Host(`api.dify.$DOMAINNAME2`)"
      # HTTP Services
      - "traefik.http.routers.dify-api-rtr.service=dify-api-svc"
      - "traefik.http.services.dify-api-svc.loadbalancer.server.port=5001"
      # Middlewares
      - "traefik.http.routers.dify-api-rtr.middlewares=chain-no-auth@file"


#==============================================================================================================================================
#==============================================================================================================================================
#==============================================================================================================================================


  # worker service
  # The Celery worker for processing the queue.
  dify-api-worker:
    image: localhost/langgenius/dify-api:0.6.9
    restart: always
    container_name: dify-api-worker
    networks:
#      - ssrf_proxy_network
      #- dify
      - t2_proxy
    environment:
      CONSOLE_WEB_URL: 'https://dify-web:3000'
      # Startup mode, 'worker' starts the Celery worker for processing the queue.
      MODE: worker

      LOG_LEVEL: DEBUG
      DEBUG : true
      SECRET_KEY: $DIFY_API_KEY

      # The configurations of postgres database connection.
      DB_USERNAME: $POSTGRES_USER
      DB_PASSWORD: $POSTGRES_PASSWORD
      DB_HOST: dify-postgresql
      DB_PORT: 5432
      DB_DATABASE: $POSTGRES_DB

      # The configurations of redis cache connection.
      REDIS_HOST: redis
      REDIS_PORT: 6379
      REDIS_USERNAME: $REDIS_USERNAME
      REDIS_PASSWORD: $REDIS_PASSWORD
      REDIS_DB: 0
      REDIS_USE_SSL: 'false'
      # The configurations of celery broker.
      CELERY_BROKER_URL: redis://$REDIS_USERNAME:$REDIS_PASSWORD@redis:6379/1
      WEB_API_CORS_ALLOW_ORIGINS: '*'
      CONSOLE_CORS_ALLOW_ORIGINS: '*'

      STORAGE_TYPE: local
      STORAGE_LOCAL_PATH: storage

      # The type of vector store to use. Supported values are `weaviate`, `qdrant`, `milvus`, `relyt`.
      VECTOR_STORE: $WEAVIATE_VECTOR_STORE
      WEAVIATE_ENDPOINT: http://weaviate:8080
      WEAVIATE_API_KEY: $WEAVIATE_API_KEY

      # The sandbox service endpoint.
      CODE_EXECUTION_ENDPOINT: "http://dify-sandbox:8194"
      CODE_EXECUTION_API_KEY: $DIFY_SANDBOX_API_KEY
      CODE_MAX_NUMBER: 9223372036854775807
      CODE_MIN_NUMBER: -9223372036854775808
      CODE_MAX_STRING_LENGTH: 80000
      TEMPLATE_TRANSFORM_MAX_LENGTH: 80000
      CODE_MAX_STRING_ARRAY_LENGTH: 30
      CODE_MAX_OBJECT_ARRAY_LENGTH: 30
      CODE_MAX_NUMBER_ARRAY_LENGTH: 1000

      ## SSRF Proxy server
#      SSRF_PROXY_HTTP_URL: 'http://dify-ssrf_proxy:3128'
#      SSRF_PROXY_HTTPS_URL: 'http://dify-ssrf_proxy:3128'
      
      # Indexing configuration
      INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: 1000
    depends_on:
      - dify-postgresql
      - redis
    volumes:
      # Mount the storage directory to the container, for storing user files.
      - $PODMANDIR/appdata/dify/storage:/app/api/storage
      


#==============================================================================================================================================
#==============================================================================================================================================
#==============================================================================================================================================


  # Frontend web application.
  dify-web:
    image: localhost/langgenius/dify-web:0.6.9
    container_name: dify-web
    restart: always
    # ports:
    #  - "3000:3000"
    networks:
      - t2_proxy
      #- dify
    environment:
      CONSOLE_API_URL:
      APP_API_URL:
      SENTRY_DSN: '' # Disabled if empty
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.dify-web-rtr.entrypoints=https"
      - "traefik.http.routers.dify-web-rtr.rule=Host(`dify.$DOMAINNAME2`)"
      # HTTP Services
      - "traefik.http.routers.dify-web-rtr.service=dify-web-svc"
      - "traefik.http.services.dify-web-svc.loadbalancer.server.port=3000"
      # Middlewares
      - "traefik.http.routers.dify-web-rtr.middlewares=chain-no-auth@file"


#==============================================================================================================================================
#==============================================================================================================================================
#==============================================================================================================================================


  # The DifySandbox
  dify-sandbox:
    image: localhost/langgenius/dify-sandbox:0.2.0
    container_name: dify-sandbox
    restart: always
    networks:
      #- dify
      - t2_proxy
#      - ssrf_proxy_network
    environment:
      # You can generate a strong key using `openssl rand -base64 42`.
      API_KEY: $DIFY_SANDBOX_API_KEY
      GIN_MODE: 'release'
      WORKER_TIMEOUT: 15
      ENABLE_NETWORK: 'true'
#      HTTP_PROXY: 'http://dify-ssrf_proxy:3128'
#      HTTPS_PROXY: 'http://dify-ssrf_proxy:3128'
    volumes:
      - $PODMANDIR/appdata/dify/sandbox/dependencies:/dependencies



#==============================================================================================================================================
#==============================================================================================================================================
#==============================================================================================================================================


  # The postgres database.
  dify-postgresql:
    image: localhost/library/postgres:15-alpine
    container_name: dify-postgresql
    restart: always
    networks:
     #- dify
     - t2_proxy
    #ports:
    #  - "5432:5432"
    environment:
      PGUSER: $POSTGRES_USER
      POSTGRES_PASSWORD: $POSTGRES_PASSWORD
      POSTGRES_DB: $POSTGRES_DB
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - $PODMANDIR/appdata/dify/postgresql/data:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD", "pg_isready" ]
      interval: 1s
      timeout: 3s
      retries: 30



#==============================================================================================================================================
#==============================================================================================================================================
#==============================================================================================================================================


  # The redis cache.
  redis:
    image: localhost/library/redis:6-alpine
    container_name: redis
    restart: always
    networks:
     #- dify
     - t2_proxy
    ports:
      - "6379:6379"
    volumes:
      - $PODMANDIR/appdata/redis/data:/data
    command: redis-server --requirepass $REDIS_PASSWORD --appendonly yes --maxmemory 512mb --maxmemory-policy allkeys-lru
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]




#==============================================================================================================================================
#==============================================================================================================================================
#==============================================================================================================================================


  # The Weaviate vector store.
  weaviate:
    image: localhost/semitechnologies/weaviate:latest
    container_name: weaviate
    restart: always
    networks:
      #- dify
      - t2_proxy
    # ports:
    #   - "8432:8080"
    volumes:
      # Mount the Weaviate data directory to the container.
      - $PODMANDIR/appdata/weaviate:/var/lib/weaviate
    environment:
      # The Weaviate configurations
      # You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
      QUERY_DEFAULTS_LIMIT: 25
      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'false'
      PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
      DEFAULT_VECTORIZER_MODULE: 'none'
      CLUSTER_HOSTNAME: 'node1'
      DISABLE_TELEMETRY: 'true'
      AUTHENTICATION_APIKEY_ENABLED: 'true'
      AUTHENTICATION_APIKEY_ALLOWED_KEYS: $WEAVIATE_API_KEY
      AUTHENTICATION_APIKEY_USERS: $WEAVIATE_EMAIL
      AUTHORIZATION_ADMINLIST_ENABLED: 'true'
      AUTHORIZATION_ADMINLIST_USERS: $WEAVIATE_EMAIL
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.weaviate-rtr.entrypoints=https"
      - "traefik.http.routers.weaviate-rtr.rule=Host(`weaviate.$DOMAINNAME2`)"
      # HTTP Services
      - "traefik.http.routers.weaviate-rtr.service=weaviate-svc"
      - "traefik.http.services.weaviate-svc.loadbalancer.server.port=8080"
      # Middlewares
      - "traefik.http.routers.weaviate-rtr.middlewares=chain-no-auth@file"

Note that i didn't setup the ssrf_proxy image but it should work without running into much more problems. Also you might need to adjust

CONSOLE_API_URL:
APP_API_URL:

if the dify-web container cannot reach dify-api (use inspect element in your browser). You could choose wheter you'd like the containers to communicate internally (should be by default) with :

CONSOLE_API_URL: 'http://dify-api:5001'
APP_API_URL: 'http://dify-api:5001'

or you might choose to let the containers communicate through traefik, but you can run into a blocked:mixedcontent issue.

[assistaplus]

thanks for this will check it out asap!

[assistaplus]

Hello Again,

Thank you for sharing your configuration, @thibaudbrg! I'd greatly appreciate it if you could also share your Traefik configuration. I'm encountering 404 errors every time I deploy my Traefik instance, despite already having Dify running successfully.

I'm considering redeploying the entire stack to resolve this issue. but i think its just some config issues in my dockercompose or setup files from treafik. Also I notice in your config you did not use nginx? So this you left out also since treafik is handeling this?

I'm particularly interested in understanding how you've configured the communication between containers and how Traefik handles the routing for different Dify services.

Thank you in advance for any additional information or guidance you can provide!