Dockerfile

# Base image
FROM python:3.12-slim-bookworm AS base

# Set shared environment variables
ENV POETRY_VERSION=1.8.4 \
    POETRY_NO_INTERACTION=1 \
    POETRY_VIRTUALENVS_CREATE=true \
    POETRY_VIRTUALENVS_IN_PROJECT=true \
    POETRY_CACHE_DIR=/tmp/poetry_cache \
    PYTHONDONTWRITEBYTECODE=1

# Create users first
RUN useradd -m -u 1000 user

# Install system dependencies and set up directories
RUN apt-get update && apt-get install -y \
    postgresql \
    && rm -rf /var/lib/apt/lists/* \
    && mkdir -p /var/run/postgresql /var/lib/postgresql/data \
    && chown postgres:postgres /var/run/postgresql /var/lib/postgresql/data \
    && chmod 2777 /var/run/postgresql \
    && chmod 700 /var/lib/postgresql/data

# Create application directories
RUN mkdir -p /app/api /app/web /data/storage && \
    chown -R user:user /app /data && \
    chmod 777 /data /app && \
    chown -R postgres:postgres /var/lib/postgresql/data && \
    chmod 700 /var/lib/postgresql/data

# Install remaining system dependencies
RUN apt-get update && apt-get install -y \
    curl \
    git \
    gcc \
    python3-dev \
    libgmp-dev \
    libmpfr-dev \
    libmpc-dev \
    nodejs \
    npm \
    postgresql \
    postgresql-contrib \
    && rm -rf /var/lib/apt/lists/* \
    && pip install --no-cache-dir "poetry==${POETRY_VERSION}"

# Initialize PostgreSQL database as postgres user
USER postgres
RUN /usr/lib/postgresql/15/bin/initdb -D /var/lib/postgresql/data && \
    echo "host all  all    0.0.0.0/0  md5" >> /var/lib/postgresql/data/pg_hba.conf && \
    echo "listen_addresses='*'" >> /var/lib/postgresql/data/postgresql.conf && \
    echo "unix_socket_directories = '/var/run/postgresql'" >> /var/lib/postgresql/data/postgresql.conf

# Switch to user for remaining operations
USER user

# Set environment for user
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# Pull official images
FROM langgenius/dify-web:latest AS web
FROM langgenius/dify-api:latest AS api

# Final stage
FROM base

# Set up directory structure
WORKDIR /app
RUN mkdir -p api web /data/storage && \
    chown -R user:user /app /data

# Copy from official images with correct ownership
COPY --from=web --chown=user:user /app/web /app/web/
COPY --from=api --chown=user:user /app/api /app/api/

# Install API dependencies using Poetry
WORKDIR /app/api
COPY --from=api --chown=user /app/api/pyproject.toml /app/api/poetry.lock /app/api/poetry.toml ./
RUN poetry install --no-root --no-dev

# Create symlink for persistent storage
RUN ln -s /data/storage /app/api/storage

# Set environment variables
ENV FLASK_APP=app.py \
    EDITION=SELF_HOSTED \
    DEPLOY_ENV=PRODUCTION \
    MODE=api \
    LOG_LEVEL=INFO \
    DEBUG=false \
    FLASK_DEBUG=false \
    SECRET_KEY=sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U \
    CONSOLE_API_URL=https://${SPACE_ID}.hf.space \
    CONSOLE_WEB_URL=https://${SPACE_ID}.hf.space \
    SERVICE_API_URL=https://${SPACE_ID}.hf.space \
    APP_WEB_URL=https://${SPACE_ID}.hf.space \
    DIFY_PORT=7860 \
    DIFY_BIND_ADDRESS=0.0.0.0 \
    DB_USERNAME=${POSTGRES_USER:-postgres} \
    DB_PASSWORD=${POSTGRES_PASSWORD:-difyai123456} \
    DB_HOST=${POSTGRES_HOST:-localhost} \
    DB_PORT=${POSTGRES_PORT:-5432} \
    DB_DATABASE=${POSTGRES_DB:-dify} \
    REDIS_HOST=localhost \
    REDIS_PORT=6379 \
    REDIS_PASSWORD=difyai123456 \
    CELERY_BROKER_URL=amqp://guest:guest@localhost:5672// \
    CELERY_RESULT_BACKEND=redis://localhost:6379/0 \
    PYTHONPATH=/app/api \
    STORAGE_PATH=/data/storage

EXPOSE 7860 3000

# Create startup script with connection retries
RUN echo '#!/bin/bash\n\
echo "===== Application Startup at $(date "+%Y-%m-%d %H:%M:%S") ====="\n\
\n\
# Start PostgreSQL with proper permissions\n\
mkdir -p /var/log/postgresql\n\
chown postgres:postgres /var/log/postgresql\n\
su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /var/lib/postgresql/data -l /var/log/postgresql/postgresql.log start"\n\
\n\
max_tries=30\n\
count=0\n\
echo "Checking database connection..."\n\
until PGPASSWORD="${DB_PASSWORD}" psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USERNAME}" -d postgres -c "SELECT 1" > /dev/null 2>&1; do\n\
    echo "Waiting for database connection... (${count}/${max_tries})"\n\
    sleep 2\n\
    count=$((count+1))\n\
    if [ $count -gt $max_tries ]; then\n\
        echo "Failed to connect to database after ${max_tries} attempts"\n\
        exit 1\n\
    fi\n\
done\n\
\n\
# Create database if it doesnt exist\n\
PGPASSWORD="${DB_PASSWORD}" psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USERNAME}" -d postgres -c "CREATE DATABASE ${DB_DATABASE};" || true\n\
\n\
echo "Database connection successful"\n\
\n\
# Start application services\n\
cd /app/api && poetry run python -m flask db upgrade\n\
\n\
cd /app/api && poetry run python -m gunicorn app:app \
    --bind ${DIFY_BIND_ADDRESS:-0.0.0.0}:${DIFY_PORT:-7860} \
    --worker-class gevent \
    --workers 1 \
    --timeout 300 \
    --preload &\n\
\n\
cd /app/web && node server.js &\n\
\n\
wait' > /app/entrypoint.sh && \
chmod +x /app/entrypoint.sh

WORKDIR /app

CMD ["./entrypoint.sh"]