Merge branch 'master' of ssh://49.234.3.145:222/wangys/schoolNews

2025-11-28 15:20:34 +08:00
parent 96e9419496 bbe8866cce
commit 66da76bbcc
11 changed files with 13 additions and 304 deletions
--- a/doc/部署.md
+++ b/doc/部署.md
@@ -71,6 +71,7 @@ docker-compose restart
 ```bash
 cd docker/dify
 docker-compose up -d
 sudo chown -R 1001:1001 ./volumes/app/storage # 新版dify用非root用户启动，需要修改docker卷的权限
 ```
 ## 配置dify工作流
--- a/docker/dify/.env
+++ b/docker/dify/.env
@@ -133,8 +133,6 @@ ACCESS_TOKEN_EXPIRE_MINUTES=60
 # Refresh token expiration time in days
 REFRESH_TOKEN_EXPIRE_DAYS=30
 # The default number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
 APP_DEFAULT_ACTIVE_REQUESTS=0
 # The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
 APP_MAX_ACTIVE_REQUESTS=0
 APP_MAX_EXECUTION_TIME=1200
@@ -1265,7 +1263,7 @@ COMPOSE_PROFILES=${VECTOR_STORE:-weaviate},${DB_TYPE:-postgresql}
 # ------------------------------
 # Docker Compose Service Expose Host Port Configurations
 # ------------------------------
-EXPOSE_NGINX_PORT=80
+EXPOSE_NGINX_PORT=8000
 EXPOSE_NGINX_SSL_PORT=443
 # ----------------------------------------------------------------------------
@@ -1333,8 +1331,8 @@ PLUGIN_STDIO_MAX_BUFFER_SIZE=5242880
 PLUGIN_PYTHON_ENV_INIT_TIMEOUT=120
 PLUGIN_MAX_EXECUTION_TIMEOUT=600
 # PIP_MIRROR_URL=https://pypi.tuna.tsinghua.edu.cn/simple
 PIP_MIRROR_URL=https://pypi.tuna.tsinghua.edu.cn/simple
 # PIP_MIRROR_URL=
 # https://github.com/langgenius/dify-plugin-daemon/blob/main/.env.example
 # Plugin storage type, local aws_s3 tencent_cos azure_blob aliyun_oss volcengine_tos
--- a/docker/dify/.env.example
+++ b/docker/dify/.env.example
@@ -133,8 +133,6 @@ ACCESS_TOKEN_EXPIRE_MINUTES=60
 # Refresh token expiration time in days
 REFRESH_TOKEN_EXPIRE_DAYS=30
 # The default number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
 APP_DEFAULT_ACTIVE_REQUESTS=0
 # The maximum number of active requests for the application, where 0 means unlimited, should be a non-negative integer.
 APP_MAX_ACTIVE_REQUESTS=0
 APP_MAX_EXECUTION_TIME=1200
--- a/docker/dify/docker-compose-template.yaml
+++ b/docker/dify/docker-compose-template.yaml
@@ -676,7 +676,7 @@ services:
  milvus-standalone:
    container_name: milvus-standalone
-    image: milvusdb/milvus:v2.6.3
+    image: milvusdb/milvus:v2.5.15
    profiles:
      - milvus
    command: ["milvus", "run", "standalone"]
--- a/docker/dify/docker-compose.yaml
+++ b/docker/dify/docker-compose.yaml
@@ -34,7 +34,6 @@ x-shared-env: &shared-api-worker-env
  FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
  ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-60}
  REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
  APP_DEFAULT_ACTIVE_REQUESTS: ${APP_DEFAULT_ACTIVE_REQUESTS:-0}
  APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
  APP_MAX_EXECUTION_TIME: ${APP_MAX_EXECUTION_TIME:-1200}
  DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
@@ -770,8 +769,8 @@ services:
  # The PostgreSQL database.
  db_postgres:
    image: postgres:15-alpine
-    profiles:
+    # profiles:
-      - postgresql
+    #   - postgresql
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
@@ -1037,12 +1036,15 @@ services:
    ports:
      - "${EXPOSE_NGINX_PORT:-80}:${NGINX_PORT:-80}"
      - "${EXPOSE_NGINX_SSL_PORT:-443}:${NGINX_SSL_PORT:-443}"
    networks:
      - ssrf_proxy_network
      - default
  # The Weaviate vector store.
  weaviate:
    image: semitechnologies/weaviate:1.27.0
-    profiles:
+    # profiles:
-      - weaviate
+    #   - weaviate
    restart: always
    volumes:
      # Mount the Weaviate data directory to the con tainer.
@@ -1311,7 +1313,7 @@ services:
  milvus-standalone:
    container_name: milvus-standalone
-    image: milvusdb/milvus:v2.6.3
+    image: milvusdb/milvus:v2.5.15
    profiles:
      - milvus
    command: ["milvus", "run", "standalone"]
@@ -1500,7 +1502,7 @@ networks:
  # create a network between sandbox, api and ssrf_proxy, and can not access outside.
  ssrf_proxy_network:
    driver: bridge
-    internal: true
+    internal: true  # 修改为false以允许访问外部网络（如192.168.0.64）
  milvus:
    driver: bridge
  opensearch-net:
--- a/docker/dify/version
+++ b/docker/dify/version
@@ -1 +0,0 @@
 1.10.1
--- a/docker/dify/volumes/myscale/config/users.d/custom_users_config.xml
+++ b/docker/dify/volumes/myscale/config/users.d/custom_users_config.xml
@@ -1,17 +0,0 @@
 <clickhouse>
    <users>
        <default>
            <password></password>
            <networks>
                <ip>::1</ip> <!-- change to ::/0 to allow access from all addresses -->
                <ip>127.0.0.1</ip>
                <ip>10.0.0.0/8</ip>
                <ip>172.16.0.0/12</ip>
                <ip>192.168.0.0/16</ip>
            </networks>
            <profile>default</profile>
            <quota>default</quota>
            <access_management>1</access_management>
        </default>
    </users>
 </clickhouse>
--- a/docker/dify/volumes/oceanbase/init.d/vec_memory.sql
+++ b/docker/dify/volumes/oceanbase/init.d/vec_memory.sql
@@ -1 +0,0 @@
 ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;
--- a/docker/dify/volumes/opensearch/opensearch_dashboards.yml
+++ b/docker/dify/volumes/opensearch/opensearch_dashboards.yml
@@ -1,222 +0,0 @@
 ---
 # Copyright OpenSearch Contributors
 # SPDX-License-Identifier: Apache-2.0
 # Description:
 # Default configuration for OpenSearch Dashboards
 # OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
 # server.port: 5601
 # Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
 # The default is 'localhost', which usually means remote machines will not be able to connect.
 # To allow connections from remote users, set this parameter to a non-loopback address.
 # server.host: "localhost"
 # Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
 # Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
 # from requests it receives, and to prevent a deprecation warning at startup.
 # This setting cannot end in a slash.
 # server.basePath: ""
 # Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
 # `server.basePath` or require that they are rewritten by your reverse proxy.
 # server.rewriteBasePath: false
 # The maximum payload size in bytes for incoming server requests.
 # server.maxPayloadBytes: 1048576
 # The OpenSearch Dashboards server's name.  This is used for display purposes.
 # server.name: "your-hostname"
 # The URLs of the OpenSearch instances to use for all your queries.
 # opensearch.hosts: ["http://localhost:9200"]
 # OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
 # dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
 # opensearchDashboards.index: ".opensearch_dashboards"
 # The default application to load.
 # opensearchDashboards.defaultAppId: "home"
 # Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
 # This settings should be used for large clusters or for clusters with ingest heavy nodes.
 # It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
 #
 # It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
 # This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
 # e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
 # Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
 # opensearch.optimizedHealthcheckId: "cluster_id"
 # If your OpenSearch is protected with basic authentication, these settings provide
 # the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
 # index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
 # is proxied through the OpenSearch Dashboards server.
 # opensearch.username: "opensearch_dashboards_system"
 # opensearch.password: "pass"
 # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
 # These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
 # server.ssl.enabled: false
 # server.ssl.certificate: /path/to/your/server.crt
 # server.ssl.key: /path/to/your/server.key
 # Optional settings that provide the paths to the PEM-format SSL certificate and key files.
 # These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
 # xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
 # opensearch.ssl.certificate: /path/to/your/client.crt
 # opensearch.ssl.key: /path/to/your/client.key
 # Optional setting that enables you to specify a path to the PEM file for the certificate
 # authority for your OpenSearch instance.
 # opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
 # To disregard the validity of SSL certificates, change this setting's value to 'none'.
 # opensearch.ssl.verificationMode: full
 # Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
 # the opensearch.requestTimeout setting.
 # opensearch.pingTimeout: 1500
 # Time in milliseconds to wait for responses from the back end or OpenSearch. This value
 # must be a positive integer.
 # opensearch.requestTimeout: 30000
 # List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
 # headers, set this value to [] (an empty list).
 # opensearch.requestHeadersWhitelist: [ authorization ]
 # Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
 # by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration.
 # opensearch.customHeaders: {}
 # Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
 # opensearch.shardTimeout: 30000
 # Logs queries sent to OpenSearch. Requires logging.verbose set to true.
 # opensearch.logQueries: false
 # Specifies the path where OpenSearch Dashboards creates the process ID file.
 # pid.file: /var/run/opensearchDashboards.pid
 # Enables you to specify a file where OpenSearch Dashboards stores log output.
 # logging.dest: stdout
 # Set the value of this setting to true to suppress all logging output.
 # logging.silent: false
 # Set the value of this setting to true to suppress all logging output other than error messages.
 # logging.quiet: false
 # Set the value of this setting to true to log all events, including system usage information
 # and all requests.
 # logging.verbose: false
 # Set the interval in milliseconds to sample system and process performance
 # metrics. Minimum is 100ms. Defaults to 5000.
 # ops.interval: 5000
 # Specifies locale to be used for all localizable strings, dates and number formats.
 # Supported languages are the following: English - en , by default , Chinese - zh-CN .
 # i18n.locale: "en"
 # Set the allowlist to check input graphite Url. Allowlist is the default check list.
 # vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']
 # Set the blocklist to check input graphite Url. Blocklist is an IP list.
 # Below is an example for reference
 # vis_type_timeline.graphiteBlockedIPs: [
 #  //Loopback
 #  '127.0.0.0/8',
 #  '::1/128',
 #  //Link-local Address for IPv6
 #  'fe80::/10',
 #  //Private IP address for IPv4
 #  '10.0.0.0/8',
 #  '172.16.0.0/12',
 #  '192.168.0.0/16',
 #  //Unique local address (ULA)
 #  'fc00::/7',
 #  //Reserved IP address
 #  '0.0.0.0/8',
 #  '100.64.0.0/10',
 #  '192.0.0.0/24',
 #  '192.0.2.0/24',
 #  '198.18.0.0/15',
 #  '192.88.99.0/24',
 #  '198.51.100.0/24',
 #  '203.0.113.0/24',
 #  '224.0.0.0/4',
 #  '240.0.0.0/4',
 #  '255.255.255.255/32',
 #  '::/128',
 #  '2001:db8::/32',
 #  'ff00::/8',
 # ]
 # vis_type_timeline.graphiteBlockedIPs: []
 # opensearchDashboards.branding:
 #   logo:
 #     defaultUrl: ""
 #     darkModeUrl: ""
 #   mark:
 #     defaultUrl: ""
 #     darkModeUrl: ""
 #   loadingLogo:
 #     defaultUrl: ""
 #     darkModeUrl: ""
 #   faviconUrl: ""
 #   applicationTitle: ""
 # Set the value of this setting to true to capture region blocked warnings and errors
 # for your map rendering services.
 # map.showRegionBlockedWarning: false%
 # Set the value of this setting to false to suppress search usage telemetry
 # for reducing the load of OpenSearch cluster.
 # data.search.usageTelemetry.enabled: false
 # 2.4 renames 'wizard.enabled: false' to 'vis_builder.enabled: false'
 # Set the value of this setting to false to disable VisBuilder
 # functionality in Visualization.
 # vis_builder.enabled: false
 # 2.4 New Experimental Feature
 # Set the value of this setting to true to enable the experimental multiple data source
 # support feature. Use with caution.
 # data_source.enabled: false
 # Set the value of these settings to customize crypto materials to encryption saved credentials
 # in data sources.
 # data_source.encryption.wrappingKeyName: 'changeme'
 # data_source.encryption.wrappingKeyNamespace: 'changeme'
 # data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 # 2.6 New ML Commons Dashboards Feature
 # Set the value of this setting to true to enable the ml commons dashboards
 # ml_commons_dashboards.enabled: false
 # 2.12 New experimental Assistant Dashboards Feature
 # Set the value of this setting to true to enable the assistant dashboards
 # assistant.chat.enabled: false
 # 2.13 New Query Assistant Feature
 # Set the value of this setting to false to disable the query assistant
 # observability.query_assist.enabled: false
 # 2.14 Enable Ui Metric Collectors in Usage Collector
 # Set the value of this setting to true to enable UI Metric collections
 # usageCollection.uiMetric.enabled: false
 opensearch.hosts: [https://localhost:9200]
 opensearch.ssl.verificationMode: none
 opensearch.username: admin
 opensearch.password: 'Qazwsxedc!@#123'
 opensearch.requestHeadersWhitelist: [authorization, securitytenant]
 opensearch_security.multitenancy.enabled: true
 opensearch_security.multitenancy.tenants.preferred: [Private, Global]
 opensearch_security.readonly_mode.roles: [kibana_read_only]
 # Use this setting if you are running opensearch-dashboards without https
 opensearch_security.cookie.secure: false
 server.host: '0.0.0.0'
--- a/docker/dify/volumes/sandbox/conf/config.yaml
+++ b/docker/dify/volumes/sandbox/conf/config.yaml
@@ -1,14 +0,0 @@
 app:
  port: 8194
  debug: True
  key: dify-sandbox
 max_workers: 4
 max_requests: 50
 worker_timeout: 5
 python_path: /usr/local/bin/python3
 enable_network: True # please make sure there is no network risk in your environment
 allowed_syscalls: # please leave it empty if you have no idea how seccomp works
 proxy:
  socks5: ''
  http: ''
  https: ''
--- a/docker/dify/volumes/sandbox/conf/config.yaml.example
+++ b/docker/dify/volumes/sandbox/conf/config.yaml.example
@@ -1,35 +0,0 @@
 app:
  port: 8194
  debug: True
  key: dify-sandbox
 max_workers: 4
 max_requests: 50
 worker_timeout: 5
 python_path: /usr/local/bin/python3
 python_lib_path:
  - /usr/local/lib/python3.10
  - /usr/lib/python3.10
  - /usr/lib/python3
  - /usr/lib/x86_64-linux-gnu
  - /etc/ssl/certs/ca-certificates.crt
  - /etc/nsswitch.conf
  - /etc/hosts
  - /etc/resolv.conf
  - /run/systemd/resolve/stub-resolv.conf
  - /run/resolvconf/resolv.conf
  - /etc/localtime
  - /usr/share/zoneinfo
  - /etc/timezone
  # add more paths if needed
 python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple
 nodejs_path: /usr/local/bin/node
 enable_network: True
 allowed_syscalls:
  - 1
  - 2
  - 3
  # add all the syscalls which you require
 proxy:
  socks5: ''
  http: ''
  https: ''
		`@@ -1 +0,0 @@`
			`ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;`