ALIYUN::SAE::Application类型用于创建SAE应用。
语法
{
"Type": "ALIYUN::SAE::Application",
"Properties": {
"Timezone": String,
"AppDescription": String,
"MountDesc": String,
"NasId": String,
"WarStartOptions": String,
"Liveness": String,
"Memory": Integer,
"WebContainer": String,
"SlsConfigs": String,
"Cpu": Integer,
"Deploy": Boolean,
"PackageVersion": String,
"AppName": String,
"Jdk": String,
"JarStartArgs": String,
"PreStop": String,
"Readiness": String,
"PackageType": String,
"CommandArgs": String,
"Envs": String,
"VSwitchId": String,
"ImageUrl": String,
"PostStart": String,
"JarStartOptions": String,
"MountHost": String,
"Replicas": Integer,
"CustomHostAlias": String,
"VpcId": String,
"Tags": List,
"SecurityGroupId": String,
"Command": String,
"EdasContainerVersion": String,
"PackageUrl": String,
"NamespaceId": String,
"AssociateEip": Boolean,
"AcrInstanceId": String,
"OssAkId": String,
"ProgrammingLanguage": String,
"OssAkSecret": String,
"Python": String,
"BaseAppId": String,
"EnableEbpf": String,
"PhpArmsConfigLocation": String,
"PhpConfig": String,
"MicroRegistrationConfig": String,
"TerminationGracePeriodSeconds": Integer,
"ConfigMapMountDesc": String,
"PvtzDiscoverySvc": String,
"AcrAssumeRoleArn": String,
"TomcatConfig": String,
"AppSource": String,
"PythonModules": String,
"NasConfigs": String,
"MicroRegistration": String,
"ServiceTags": String,
"ImagePullSecrets": String,
"AutoConfig": Boolean,
"KafkaConfigs": String,
"Php": String,
"OssMountDescs": List,
"PhpConfigLocation": String,
"SaeVersion": String,
"NewSaeVersion": String,
"EnableNewArms": Boolean,
"EnableSidecarResourceIsolated": Boolean,
"SidecarContainersConfig": List,
"InitContainersConfig": List
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AppName | String | 是 | 否 | 应用名称。 | 长度不超过36个字符,必须以英文字母开头。可包含英文字母、数字和短划线(-)。 |
Cpu | Integer | 是 | 否 | 每个实例所需的CPU。目前仅支持固定规格的实例类型。 | 取值:
单位:毫核。 |
Memory | Integer | 是 | 否 | 每个实例所需的内存。目前仅支持固定规格的实例类型。 | 与CPU为一一对应关系,目前仅支持以下固定规格:
单位:MB。 |
Replicas | Integer | 是 | 否 | 初始实例数。 | 无 |
PackageType | String | 是 | 否 | 应用包类型。 | 取值:
|
Timezone | String | 否 | 是 | 时区。 | 默认值:Asia/Shanghai。 |
AppDescription | String | 否 | 否 | 应用描述信息。 | 长度不超过1024个字符。 |
MountDesc | String | 否 | 是 | 挂载描述。 | 无 |
NasId | String | 否 | 是 | 挂载的NAS的ID。 | NAS必须有可用的挂载点创建额度,或者其挂载点已经在专有网络内的交换机上。如果不指定该参数,而是指定了MountDesc参数,则默认自动购买一个NAS并挂载到VPC内的交换机上。 |
WarStartOptions | String | 否 | 是 | War包启动应用选项。 | 应用默认启动命令: |
Liveness | String | 否 | 是 | 容器健康检查,健康检查失败的容器将重启。 | 目前仅支持容器内下发命令的方式。例如: |
WebContainer | String | 否 | 是 | 部署包依赖的Tomcat版本。 | 镜像不支持该参数。 |
SlsConfigs | String | 否 | 是 | 文件日志采集配置。 | 无 |
Deploy | Boolean | 否 | 否 | 是否立即部署。 | 取值:
|
Tags | List | 否 | 是 | 标签。 | 最多支持20个标签。 |
PackageVersion | String | 否 | 是 | 部署的包的版本号。 | PackageType取值为War或FatJar时必须指定该参数。 |
Jdk | String | 否 | 是 | 部署包依赖的JDK版本。 | 镜像不支持该参数。 |
JarStartArgs | String | 否 | 是 | JAR包启动应用参数。 | 应用默认启动命令: |
PreStop | String | 否 | 是 | 容器删除前执行脚本。 | 容器删除前执行脚本,例如: |
Readiness | String | 否 | 是 | 应用启动状态检查脚本。 | 应用启动状态检查脚本,例如: 多次健康检查失败的容器将被重启。不通过健康检查的容器将不会有SLB流量进入。 |
CommandArgs | String | 否 | 是 | 镜像启动命令参数。 | 无 |
Envs | String | 否 | 是 | 容器环境变量参数。 | 容器环境变量参数的格式:
|
VSwitchId | String | 否 | 否 | 应用实例弹性网卡所在的交换机。 | 该交换机必须位于上述专有网络内。交换机与EDAS命名空间存在绑定关系。不指定该参数则为命名空间绑定的VSwitchId。 |
ImageUrl | String | 否 | 是 | 镜像地址。 | 只有Image类型应用可以配置镜像地址。 |
PostStart | String | 否 | 是 | 容器启动后执行脚本。 | 容器启动后执行脚本,例如: |
JarStartOptions | String | 否 | 是 | JAR包启动应用选项。 | 应用默认启动命令: |
MountHost | String | 否 | 是 | NAS在专有网络内的挂载点。 | 无 |
CustomHostAlias | String | 否 | 是 | 容器内自定义host映射。 | 容器内自定义host映射,格式:
|
VpcId | String | 否 | 否 | SAE命名空间对应的专有网络。 | 在SAE中,一个命名空间只能对应一个专有网络,且不能修改。第一次在命名空间内创建SAE应用将形成绑定关系。多个命名空间可以对应一个专有网络。不填则默认为命名空间绑定的VpcId。 |
SecurityGroupId | String | 否 | 否 | 安全组ID。 | 无 |
Command | String | 否 | 是 | 镜像启动命令。 | 该命令必须为容器内存在的可执行的对象。例如:sleep。 设置该命令将导致镜像原本的启动命令失效。 |
EdasContainerVersion | String | 否 | 是 | EDAS Pandora应用使用的运行环境。 | 无 |
PackageUrl | String | 否 | 是 | 部署包地址。 | PackageType取值为War或FatJar时该参数有效。 |
NamespaceId | String | 是 | 否 | EDAS命名空间对应ID。 | 仅支持名称为小写英文字母和短划线(-)的命名空间,必须以小写英文字母开头。 |
AssociateEip | Boolean | 否 | 否 | 是否绑定 EIP。 | 取值说明如下:
|
AcrInstanceId | String | 否 | 是 | ACR 企业版实例 ID。 | 无 |
OssAkId | String | 否 | 否 | OSS 读写的 AccessKey ID。 | 无 |
ProgrammingLanguage | String | 否 | 否 | 创建应用的技术栈语言。 | 取值说明如下:
|
OssAkSecret | String | 否 | 否 | OSS 读写的 AccessKey Secret。 | 无 |
Python | String | 否 | 否 | Python 环境。 | 支持 PYTHON 3.9.15。 |
BaseAppId | String | 否 | 否 | 基础应用 ID。 | 无 |
EnableEbpf | String | 否 | 否 | 基于 eBPF 技术,对非 Java 应用开启应用监控能力。 | 取值说明如下:
|
PhpArmsConfigLocation | String | 否 | 否 | PHP 应用监控挂载路径,需要您保证 PHP 服务器一定会加载这个路径的配置文件。 | 您无需关注配置内容,SAE 会自动渲染正确的配置文件。 |
PhpConfig | String | 否 | 否 | PHP 配置文件内容。 | 无 |
MicroRegistrationConfig | String | 否 | 否 | 注册中心配置信息。 | 无 |
TerminationGracePeriodSeconds | Integer | 否 | 否 | 优雅下线超时时间。 | 默认为 30,单位为秒。取值范围为 1~300。 |
ConfigMapMountDesc | String | 否 | 否 | ConfigMap挂载描述。 | 使用在命名空间配置项页面创建的配置项来向容器中注入配置信息。参数说明如下:
说明 可通过传递 |
PvtzDiscoverySvc | String | 否 | 否 | 开启 K8s Service 服务注册发现。 | 取值说明如下:
|
AcrAssumeRoleArn | String | 否 | 否 | 跨账号拉取镜像时所需的 RAM 角色的 ARN。 | 更多信息,请参见为RAM角色授权。 |
TomcatConfig | String | 否 | 否 | Tomcat 文件配置。 | 设置为""或"{}"表示删除配置:
|
AppSource | String | 否 | 否 | 微服务应用。 | 可选值:
|
PythonModules | String | 否 | 否 | 自定义安装模块依赖。 | 默认安装根目录下 requirements.txt 定义的依赖项。如果未配置或自定义软件包,可以指定安装的依赖。 |
NasConfigs | String | 否 | 否 | 挂载 NAS 的配置。 | 取值说明如下:
|
MicroRegistration | String | 否 | 否 | 选择 Nacos 注册中心。 | 取值说明如下:
|
ServiceTags | String | 否 | 否 | 应用配置的灰度标签。 | 无 |
ImagePullSecrets | String | 否 | 否 | 对应保密字典 ID。 | 无 |
AutoConfig | Boolean | 否 | 否 | 是否自动配置网络环境。 | 取值说明如下:
说明 如果选择为true,则传其他的NamespaceId会被忽略。 |
KafkaConfigs | String | 否 | 否 | 日志采集到 Kafka 的配置汇总信息。 | 取值说明如下:
|
Php | String | 否 | 否 | PHP 部署包依赖的 PHP 版本。 | 无。 |
OssMountDescs | List | 否 | 否 | OSS 挂载描述信息。 | 参数说明如下:
|
PhpConfigLocation | String | 否 | 否 | PHP 应用启动配置挂载路径 | 需要您保证 PHP 服务器会使用这个配置文件启动。 |
SaeVersion | String | 否 | 否 | SAE 版本。 | 支持版本如下:
|
NewSaeVersion | String | 否 | 否 | 新SAE版本。 | 取值:
|
EnableNewArms | Boolean | 否 | 否 | 是否启用新的Arms功能。 | 取值:
|
EnableSidecarResourceIsolated | Boolean | 否 | 是 | 是否启用 Sidecar 资源隔离。 | 取值:
|
SidecarContainersConfig | List | 否 | 是 | 容器配置信息列表。 | 更多信息,请参考SidecarContainersConfig属性。 |
InitContainersConfig | List | 否 | 是 | 初始化容器配置列表。 | 更多信息,请参考InitContainersConfig属性。 |
SidecarContainersConfig语法
"SidecarContainersConfig": [
{
"CommandArgs": String,
"AcrInstanceId": String,
"Memory": Integer,
"Name": String,
"EmptyDirDesc": String,
"Command": String,
"ImageUrl": String,
"Cpu": Integer,
"Envs": String,
"ConfigMapMountDesc": String
}
] SidecarContainersConfig属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
CommandArgs | String | 否 | 是 | 要在init容器中运行的命令参数。 | 无 |
AcrInstanceId | String | 否 | 是 | ACR实例的ID。 | 无 |
Memory | Integer | 是 | 是 | 分配给Sidecar容器的内存量。 | 无 |
Name | String | 是 | 是 | Sidecar容器的名称。 | 无 |
EmptyDirDesc | String | 否 | 是 | EMPTYDIR装载说明。 | 无 |
Command | String | 否 | 是 | 要在init容器中运行的命令。 | 无 |
ImageUrl | String | 否 | 是 | 镜像地址。 | 仅映像类型的应用程序可配置为镜像地址。 |
Cpu | Integer | 是 | 是 | 分配给Sidecar容器的CPU核心数。 | 无 |
Envs | String | 否 | 是 | 容器环境变量参数。 | 示例: |
ConfigMapMountDesc | String | 否 | 是 | ConfigMap装载说明。 | 无 |
InitContainersConfig语法
"InitContainersConfig": [
{
"Command": String,
"ConfigMapMountDesc": String,
"ImageUrl": String,
"CommandArgs": String,
"Envs": String,
"Name": String
}
] InitContainersConfig属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Command | String | 否 | 是 | 要在init容器中运行的命令。 | 无 |
ConfigMapMountDesc | String | 否 | 否 | ConfigMap装载说明。 | 无 |
ImageUrl | String | 否 | 是 | 镜像地址。 | 仅映像类型的应用程序可配置为镜像地址。 |
CommandArgs | String | 否 | 是 | 要在init容器中运行的命令参数。 | 无 |
Envs | String | 否 | 是 | 容器环境变量参数。 | 示例: |
Name | String | 是 | 是 | 初始化容器的名称。 | 无 |
Tags语法
"Tags": [
{
"Key": String,
"Value": String
}
] Tags属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Key | String | 是 | 否 | 标签键。 | 长度为1~128个字符,不能以 |
Value | String | 否 | 否 | 标签值。 | 长度为0~128个字符,不能以 |
返回值
Fn::GetAtt
AppId:应用ID。
ChangeOrderId:发布单ID,用于查询任务执行状态。
示例
场景 1 :创建SAE应用。
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
NamespaceId:
Type: String
Description: |-
EDAS namespace corresponding to ID. Canada supports only the name of the scribe lowercase namespace must begin with a letter.
Namespace can interface to obtain from DescribeNamespaceList.
VpcId:
Type: String
AssociationProperty: ALIYUN::ECS::VPC::VPCId
VSwitchId:
Type: String
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
AssociationPropertyMetadata:
VpcId: ${VpcId}
SecurityGroupId:
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
VpcId: ${VpcId}
Resources:
Application:
Type: ALIYUN::SAE::Application
Properties:
AppName: TestApp
NamespaceId:
Ref: NamespaceId
VpcId:
Ref: VpcId
VSwitchId:
Ref: VSwitchId
SecurityGroupId:
Ref: SecurityGroupId
Cpu: 500
Memory: 1024
Replicas: 2
PackageType: War
Deploy: true
Timezone: Asia/Shanghai
Outputs: {}{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"NamespaceId": {
"Type": "String",
"Description": "EDAS namespace corresponding to ID. Canada supports only the name of the scribe lowercase namespace must begin with a letter.\nNamespace can interface to obtain from DescribeNamespaceList."
},
"VpcId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"VSwitchId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"AssociationPropertyMetadata": {
"VpcId": "${VpcId}"
}
},
"SecurityGroupId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
"AssociationPropertyMetadata": {
"VpcId": "${VpcId}"
}
}
},
"Resources": {
"Application": {
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "TestApp",
"NamespaceId": {
"Ref": "NamespaceId"
},
"VpcId": {
"Ref": "VpcId"
},
"VSwitchId": {
"Ref": "VSwitchId"
},
"SecurityGroupId": {
"Ref": "SecurityGroupId"
},
"Cpu": 500,
"Memory": 1024,
"Replicas": 2,
"PackageType": "War",
"Deploy": true,
"Timezone": "Asia/Shanghai"
}
}
},
"Outputs": {
}
}场景 2 :创建SAE应用、命名空间及SLB绑定。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建SAE应用、命名空间及SLB绑定,配置ECS资源与负载均衡,自动化部署容器应用。
en: Create SAE applications, namespaces, and SLB bindings, configure ECS resources
with load balancing, and automate the deployment of containerized applications.
Parameters:
ZoneId:
Type: String
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
VpcId:
Type: String
AssociationProperty: ALIYUN::ECS::VPC::VPCId
VSwitchId:
Type: String
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
AssociationPropertyMetadata:
VpcId: VpcId
ZoneId: ZoneId
SecurityGroupId:
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
VpcId: VpcId
NamespaceName:
Type: String
Description: 命名空间名称
Default: mytest
NamespaceId:
Type: String
Description: 命名空间ID
Default: mytest
Description:
Type: String
Description: 命名空间的描述信息
Default: null
AppName:
Type: String
Description: 应用名称
Default: test
LoadBalancerSpec:
Type: String
Description: 负载均衡实例的规格
Default: slb.s2.medium
Resources:
LoadBalancer:
Type: ALIYUN::SLB::LoadBalancer
Properties:
MasterZoneId:
Ref: ZoneId
LoadBalancerSpec:
Ref: LoadBalancerSpec
Namespace:
Type: ALIYUN::SAE::Namespace
Properties:
NamespaceName:
Ref: NamespaceName
NamespaceId:
Fn::Sub: ${ALIYUN::Region}:${NamespaceId}
NamespaceDescription:
Ref: Description
DependsOn: LoadBalancer
SaeApp:
Type: ALIYUN::SAE::Application
Properties:
VpcId:
Ref: VpcId
VSwitchId:
Ref: VSwitchId
SecurityGroupId:
Ref: SecurityGroupId
AppName:
Ref: AppName
NamespaceId:
Fn::GetAtt:
- Namespace
- NamespaceId
Cpu: 500
Memory: 1024
Replicas: 2
Deploy: true
Timezone: Asia/Shanghai
SaeVersion: v2
AutoConfig: false
PackageType: Image
Jdk: Dragonwell 21
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:web-springboot-hellosae-v1.0
ProgrammingLanguage: java
AppSource: micro_service
DependsOn:
- Namespace
BindSlb:
Type: ALIYUN::SAE::SlbBinding
Properties:
AppId:
Ref: SaeApp
Intranet: '[{"port": 80, "targetPort": 8080, "protocol": "TCP"}]'
InternetSlbId:
Ref: LoadBalancer
DependsOn:
- LoadBalancer
- SaeApp
Outputs:
AppId:
Value:
Fn::GetAtt:
- SaeApp
- AppId
ChangeOrderId:
Value:
Fn::GetAtt:
- SaeApp
- ChangeOrderId
NamespaceId:
Value:
Fn::GetAtt:
- Namespace
- NamespaceId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "创建SAE应用、命名空间及SLB绑定,配置ECS资源与负载均衡,自动化部署容器应用。",
"en": "Create SAE applications, namespaces, and SLB bindings, configure ECS resources with load balancing, and automate the deployment of containerized applications."
},
"Parameters": {
"ZoneId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance:ZoneId"
},
"VpcId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"VSwitchId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"AssociationPropertyMetadata": {
"VpcId": "VpcId",
"ZoneId": "ZoneId"
}
},
"SecurityGroupId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
"AssociationPropertyMetadata": {
"VpcId": "VpcId"
}
},
"NamespaceName": {
"Type": "String",
"Description": "命名空间名称",
"Default": "mytest"
},
"NamespaceId": {
"Type": "String",
"Description": "命名空间ID",
"Default": "mytest"
},
"Description": {
"Type": "String",
"Description": "命名空间的描述信息",
"Default": null
},
"AppName": {
"Type": "String",
"Description": "应用名称",
"Default": "test"
},
"LoadBalancerSpec": {
"Type": "String",
"Description": "负载均衡实例的规格",
"Default": "slb.s2.medium"
}
},
"Resources": {
"LoadBalancer": {
"Type": "ALIYUN::SLB::LoadBalancer",
"Properties": {
"MasterZoneId": {
"Ref": "ZoneId"
},
"LoadBalancerSpec": {
"Ref": "LoadBalancerSpec"
}
}
},
"Namespace": {
"Type": "ALIYUN::SAE::Namespace",
"Properties": {
"NamespaceName": {
"Ref": "NamespaceName"
},
"NamespaceId": {
"Fn::Sub": "${ALIYUN::Region}:${NamespaceId}"
},
"NamespaceDescription": {
"Ref": "Description"
}
},
"DependsOn": "LoadBalancer"
},
"SaeApp": {
"Type": "ALIYUN::SAE::Application",
"Properties": {
"VpcId": {
"Ref": "VpcId"
},
"VSwitchId": {
"Ref": "VSwitchId"
},
"SecurityGroupId": {
"Ref": "SecurityGroupId"
},
"AppName": {
"Ref": "AppName"
},
"NamespaceId": {
"Fn::GetAtt": [
"Namespace",
"NamespaceId"
]
},
"Cpu": 500,
"Memory": 1024,
"Replicas": 2,
"Deploy": true,
"Timezone": "Asia/Shanghai",
"SaeVersion": "v2",
"AutoConfig": false,
"PackageType": "Image",
"Jdk": "Dragonwell 21",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:web-springboot-hellosae-v1.0"
},
"ProgrammingLanguage": "java",
"AppSource": "micro_service"
},
"DependsOn": [
"Namespace"
]
},
"BindSlb": {
"Type": "ALIYUN::SAE::SlbBinding",
"Properties": {
"AppId": {
"Ref": "SaeApp"
},
"Intranet": "[{\"port\": 80, \"targetPort\": 8080, \"protocol\": \"TCP\"}]",
"InternetSlbId": {
"Ref": "LoadBalancer"
}
},
"DependsOn": [
"LoadBalancer",
"SaeApp"
]
}
},
"Outputs": {
"AppId": {
"Value": {
"Fn::GetAtt": [
"SaeApp",
"AppId"
]
}
},
"ChangeOrderId": {
"Value": {
"Fn::GetAtt": [
"SaeApp",
"ChangeOrderId"
]
}
},
"NamespaceId": {
"Value": {
"Fn::GetAtt": [
"Namespace",
"NamespaceId"
]
}
}
}
}场景 3 :通过Serverless应用引擎部署生产环境 Dify 平台。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 通过Serverless应用引擎部署生产环境 Dify 平台。
en: Deploy the production environment Dify platform through the Serverless application engine.
Parameters:
CommonName:
Type: String
Default: Dify
NamespaceName:
Type: String
Label:
en: Namespace Name
zh-cn: 命名空间名称
Description:
zh-cn: 命名空间名称,仅支持小写字母和数字
en: Namespace name, only lowercase letters and numbers are supported.
AllowedPattern: '^[a-z0-9]+$'
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 3
Prefix: dify
CharacterClasses:
- Class: lowercase
min: 2
- Class: "number"
min: 1
ZoneId1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId2
Label:
en: Availability Zone 2
zh-cn: 可用区1
ZoneId2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId1
Label:
en: Availability Zone 2
zh-cn: 可用区2
InstanceType:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId1}
Label:
en: Instance Type
zh-cn: 实例规格
ADBPGAccount:
Default: dify
Type: String
Label:
zh-cn: 数据库账号
en: DB Account
ADBPGPassword:
NoEcho: true
Type: String
Label:
zh-cn: 数据库账号密码
en: DB Account Password
AssociationProperty: ALIYUN::RDS::Instance::AccountPassword
InstancePassword:
Type: String
Label:
en: Server login Password
zh-cn: 登录密码
Description:
en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)
AssociationProperty: ALIYUN::ECS::Instance::Password
RedisInstancePassword:
Type: String
Label:
en: Instance Password
zh-cn: 实例密码
Description:
en: 'The Redis password used by Dify should be 8 to 32 characters. It only supports a combination of upper and lower case English and numbers. Please do not use any other characters.'
zh-cn: 8-32个字符, Dify使用的Redis密码仅支持英文大小写和数字组合,请不要使用其它字符。
ConstraintDescription:
en: 'The Redis password used by Dify should be 8 to 32 characters. It only supports a combination of upper and lower case English and numbers. Please do not use any other characters.'
zh-cn: 8-32个字符, Dify使用的Redis密码仅支持英文大小写和数字组合,请不要使用其它字符。
AllowedPattern: ^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?\d)[A-Za-z0-9]{8,32}$
MinLength: '8'
MaxLength: '32'
NoEcho: true
DBInstanceClass:
Type: String
Label:
en: Instance Class
zh-cn: 实例规格
Default: pg.n4m.2c.2m
Required: true
AssociationProperty: ALIYUN::RDS::Instance::InstanceType
AssociationPropertyMetadata:
ZoneId: ${ZoneId}
EngineVersion: '17.0'
Engine: PostgreSQL
Category: HighAvailability
InstanceChargeType: Postpaid
DBInstanceStorageType: cloud_essd
CommodityCode: bards
PostgresSQLPassword:
Type: String
NoEcho: true
Label:
en: Database Account Password
zh-cn: 数据库账号密码
AssociationProperty: ALIYUN::RDS::Instance::AccountPassword
PostgresSQLUserName:
Type: String
Label:
en: Database Account
zh-cn: 数据库账号
# mysql 5.7/8.0 适用该规则
AllowedPattern: ^(?!dbo\b|login\b|admin\b|administrator\b|adminsys\b|alimail\b|aliyun\b|apache\b|appadmin\b|apsara\b|aurora\b|bulkadmin\b|cangjie\b|cdn\b|client\b|cm\b|dataengine\b|dayu\b|dba\b|dbcreator\b|developer\b|diskadmin\b|distribution\b|dns\b|download\b|eagleye\b|f5\b|faq\b|fuxi\b|galaxy\b|gongcao\b|gongming\b|groupon\b|ha\b|help\b|host\b|hostmaster\b|houyi\b|hr\b|info\b|information_schema\b|kuafu\b|lvs\b|manager\b|master\b|meituan\b|model\b|monitor\b|msdb\b|mssqld\b|mssqlsystemresource\b|mysql\b|nas\b|net\b|netops\b|netweb\b|news\b|no-reply\b|ntp\b|nuwa\b|nvwa\b|operator\b|opr\b|ops\b|opsdb\b|oracle\b|pangu\b|pe\b|post\b|postmaster\b|processadmin\b|public\b|qq\b|replicator\b|reply\b|root\b|sa\b|sales\b|san\b|security\b|securityadmin\b|serveradmin\b|services\b|setupadmin\b|shennong\b|siteops\b|sqlengine\b|sqlonline\b|squid\b|ssladmin\b|support\b|sys\b|sysadmin\b|syslog\b|system\b|taoyun\b|tempdb\b|test\b|tianyun\b|wangwang\b|eb\b|webmaster\b|webnet\b|xtrabak\b|youchao\b|yum\b|yunti\b|zhongkui\b|database\b|add\b|except\b|percent\b|all\b|exec\b|plan\b|alter\b|execute\b|precision\b|and\b|exists\b|primary\b|any\b|exit\b|print\b|as\b|fetch\b|proc\b|asc\b|file\b|procedure\b|authorization\b|fillfactor\b|public\b|backup\b|for\b|raiserror\b|begin\b|foreign\b|read\b|between\b|freetext\b|readtext\b|break\b|freetexttable\b|reconfigure\b|browse\b|from\b|references\b|bulk\b|full\b|replication\b|by\b|function\b|restore\b|cascade\b|goto\b|restrict\b|case\b|grant\b|return\b|check\b|group\b|revoke\b|checkpoint\b|having\b|right\b|close\b|holdlock\b|rollback\b|clustered\b|identity\b|rowcount\b|coalesce\b|identity_insert\b|rowguidcol\b|collate\b|identitycol\b|rule\b|column\b|if\b|save\b|commit\b|in\b|schema\b|compute\b|index\b|select\b|constraint\b|inner\b|session_user\b|contains\b|insert\b|set\b|containstable\b|intersect\b|setuser\b|continue\b|into\b|shutdown\b|convert\b|is\b|some\b|create\b|join\b|statistics\b|cross\b|key\b|system_user\b|current\b|kill\b|table\b|current_date\b|left\b|textsize\b|current_time\b|like\b|then\b|current_timestamp\b|lineno\b|to\b|current_user\b|load\b|top\b|cursor\b|national\b|tran\b|database\b|nocheck\b|transaction\b|dbcc\b|nonclustered\b|trigger\b|deallocate\b|not\b|truncate\b|declare\b|null\b|tsequal\b|default\b|nullif\b|union\b|delete\b|of\b|unique\b|deny\b|off\b|update\b|desc\b|offsets\b|updatetext\b|disk\b|on\b|use\b|distinct\b|open\b|user\b|distributed\b|opendatasource\b|values\b|double\b|openquery\b|varying\b|drop\b|openrowset\b|view\b|dummy\b|openxml\b|waitfor\b|dump\b|option\b|when\b|else\b|or\b|where\b|end\b|order\b|while\b|errlvl\b|outer\b|with\b|escape\b|over\b|writetext\b|add\b|analyze\b|asc\b|between\b|blob\b|call\b|change\b|check\b|condition\b|continue\b|cross\b|current_timestamp\b|database\b|day_microsecond\b|dec\b|default\b|desc\b|distinct\b|double\b|each\b|enclosed\b|exit\b|fetch\b|float8\b|foreign\b|goto\b|having\b|hour_minute\b|ignore\b|infile\b|insensitive\b|int1\b|int4\b|interval\b|iterate\b|keys\b|leading\b|like\b|lines\b|localtimestamp\b|longblob\b|low_priority\b|mediumint\b|minute_microsecond\b|modifies\b|no_write_to_binlog\b|on\b|optionally\b|out\b|precision\b|purge\b|read\b|references\b|rename\b|require\b|revoke\b|schema\b|select\b|set\b|spatial\b|sqlexception\b|sql_big_result\b|ssl\b|table\b|tinyblob\b|to\b|true\b|unique\b|update\b|using\b|utc_timestamp\b|varchar\b|when\b|with\b|xor\b|all\b|and\b|asensitive\b|bigint\b|both\b|cascade\b|char\b|collate\b|connection\b|convert\b|current_date\b|current_user\b|databases\b|day_minute\b|decimal\b|delayed\b|describe\b|distinctrow\b|drop\b|else\b|escaped\b|explain\b|float\b|for\b|from\b|grant\b|high_priority\b|hour_second\b|in\b|inner\b|insert\b|int2\b|int8\b|into\b|join\b|kill\b|leave\b|limit\b|load\b|lock\b|longtext\b|match\b|mediumtext\b|minute_second\b|natural\b|null\b|optimize\b|or\b|outer\b|primary\b|raid0\b|reads\b|regexp\b|repeat\b|restrict\b|right\b|schemas\b|sensitive\b|show\b|specific\b|sqlstate\b|sql_calc_found_rows\b|starting\b|terminated\b|tinyint\b|trailing\b|undo\b|unlock\b|usage\b|utc_date\b|values\b|varcharacter\b|where\b|write\b|year_month\b|alter\b|as\b|before\b|binary\b|by\b|case\b|character\b|column\b|constraint\b|create\b|current_time\b|cursor\b|day_hour\b|day_second\b|declare\b|delete\b|deterministic\b|div\b|dual\b|elseif\b|exists\b|false\b|float4\b|force\b|fulltext\b|group\b|hour_microsecond\b|if\b|index\b|inout\b|int\b|int3\b|integer\b|is\b|key\b|label\b|left\b|linear\b|localtime\b|long\b|loop\b|mediumblob\b|middleint\b|mod\b|not\b|numeric\b|option\b|order\b|outfile\b|procedure\b|range\b|real\b|release\b|replace\b|return\b|rlike\b|second_microsecond\b|separator\b|smallint\b|sql\b|sqlwarning\b|sql_small_result\b|straight_join\b|then\b|tinytext\b|trigger\b|union\b|unsigned\b|use\b|utc_time\b|varbinary\b|varying\b|while\b|x509\b|zerofill)([a-zA-Z][a-zA-Z0-9_]{0,30}[a-zA-Z0-9])$
ConstraintDescription:
en: The value can be up to 32 characters in length and can contain letters, digits, and underscores (_). The value must start with a letter and end with a letter or digit. For more information about invalid characters, see 详见<a href="https://help.aliyun.com/zh/rds/developer-reference/forbidden-keywords" target="_blank">Forbidden keywords table</a>.
zh-cn: 由小写字母、大写字母、数字、下划线(_)组成,以字母开头,以字母或数字结尾,最多32个字符。其他非法字符,详见<a href="https://help.aliyun.com/zh/rds/developer-reference/forbidden-keywords" target="_blank">禁用关键字表</a>。
Default: db_user
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName:
Fn::Sub: ${CommonName}-VPC_HZ
VSwitch1:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-vsw_001
VSwitch2:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.2.0/24
ZoneId:
Ref: ZoneId2
VSwitchName:
Fn::Sub: ${CommonName}-vsw_002
Sleep:
DependsOn:
- VSwitch1
- VSwitch2
Type: ALIYUN::ROS::Sleep
Properties:
DeleteDuration: 300
SecurityGroup:
Type: 'ALIYUN::ECS::SecurityGroup'
Properties:
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-SecurityGroup_1
SecurityGroupIngress:
- PortRange: 80/80
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 3000/3000
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 5001/5001
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 5002/5002
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 5003/5003
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 8080/8080
Priority: 1
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
EcsInstance:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_x64_20G_alibase_
InstanceName:
Fn::Sub: ${CommonName}-ecs
InstanceType:
Ref: InstanceType
SystemDiskCategory: cloud_essd
MaxAmount: 1
SystemDiskSize: 40
InternetMaxBandwidthOut: 5
Password:
Ref: InstancePassword
RunCommand:
Type: ALIYUN::ECS::RunCommand
Properties:
CommandContent:
Fn::Sub:
|
#!/bin/sh
echo "sk-$(openssl rand -hex 16)"
Type: RunShellScript
InstanceIds:
- Ref: EcsInstance
RunCommand2:
DependsOn:
- RunCommand
Type: ALIYUN::ECS::RunCommand
Properties:
CommandContent:
Fn::Sub:
|
#!/bin/sh
export ROS_DEPLOY=true
curl -fsSL https://help-static-aliyun-doc.aliyuncs.com/install-script/dify/sae/install.sh | bash
Type: RunShellScript
InstanceIds:
- Ref: EcsInstance
RedisInstance:
Type: ALIYUN::REDIS::Instance
Properties:
ZoneId:
Ref: ZoneId1
SecondaryZoneId:
Ref: ZoneId2
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
InstanceClass: redis.shard.large.y.ee
EvictionPolicy: noeviction
InstanceName:
Fn::Sub: ${CommonName}-Redis
EngineVersion: '7.0'
Password:
Ref: RedisInstancePassword
REDISWhitelist:
Type: ALIYUN::REDIS::Whitelist
Properties:
InstanceId:
Ref: RedisInstance
SecurityIps: 192.168.0.0/16
ADBPGInstance:
Type: ALIYUN::GPDB::DBInstance
Properties:
EngineVersion: '7.0'
VectorConfigurationStatus: True
InstanceSpec: 4C32G
ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
SegNodeNum: 4
SegStorageType: cloud_essd
SegDiskPerformanceLevel: pl1
StorageSize: 50
VPCId:
Ref: Vpc
SecurityIPList: 192.168.0.0/16
DBInstanceDescription:
Fn::Sub: ${CommonName}
PayType: Postpaid
DBInstanceCategory: HighAvailability
DBInstanceMode: StorageElastic
ProdType: standard
GPDBAccount:
Type: ALIYUN::GPDB::Account
Properties:
DBInstanceId:
Fn::GetAtt:
- ADBPGInstance
- DBInstanceId
AccountPassword:
Ref: ADBPGPassword
AccountName:
Ref: ADBPGAccount
SaeNamespace:
DependsOn:
- PostgreSQLInstance
- RedisInstance
- ADBPGInstance
- PluginNas
- APINas
Type: ALIYUN::SAE::Namespace
Properties:
NamespaceName:
Ref: NamespaceName
NamespaceId:
Fn::Sub: ${ALIYUN::Region}:${NamespaceName}
VpcId:
Ref: Vpc
PostgreSQLInstance:
Type: ALIYUN::RDS::DBInstance
Properties:
ZoneId:
Ref: ZoneId1
SlaveZoneIds:
- Ref: ZoneId2
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
DBInstanceClass:
Ref: DBInstanceClass
DBInstanceStorage: 50
Engine: PostgreSQL
EngineVersion: '17.0'
SecurityIPList: 192.168.0.0/16
Category: HighAvailability
MasterUserType: Super
MasterUserPassword:
Ref: PostgresSQLPassword
MasterUsername:
Ref: PostgresSQLUserName
DBInstanceStorageType: cloud_essd
DifyDataBase:
Type: ALIYUN::RDS::Database
Properties:
CharacterSetName: utf8
DBInstanceId:
Fn::GetAtt:
- PostgreSQLInstance
- DBInstanceId
DBName: dify
DifySetUpDataBase:
Type: ALIYUN::RDS::Database
DependsOn: DifyDataBase
Properties:
CharacterSetName: UTF8
DBInstanceId:
Fn::GetAtt:
- PostgreSQLInstance
- DBInstanceId
DBName: dify_setups
RdsAccountPrivilege:
Type: ALIYUN::RDS::AccountPrivilege
DependsOn: DifySetUpDataBase
Properties:
AccountPrivilege: DBOwner
DBInstanceId:
Ref: PostgreSQLInstance
DBName: dify
AccountName:
Ref: PostgresSQLUserName
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
NatGatewayName:
Fn::Sub: ${CommonName}-nat
InternetChargeType: PayByLcu
EipBindMode: NAT
Eip:
Type: 'ALIYUN::VPC::EIP'
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: 'ALIYUN::VPC::EIPAssociation'
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
SNat:
Type: 'ALIYUN::VPC::SnatEntry'
DependsOn: EipAssociation
Properties:
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatEntryName:
Fn::Sub: ${CommonName}-snat
SourceVSwitchIds:
- Ref: VSwitch1
- Ref: VSwitch2
SnatIp:
Fn::GetAtt:
- Eip
- EipAddress
APINas:
Type: ALIYUN::NAS::FileSystem
Properties:
ProtocolType: NFS
FileSystemType: standard
DeletionForce: true
StorageType: Performance
Description:
Fn::Sub: ${CommonName}-API-NAS
APINasMountTarget:
Type: ALIYUN::NAS::MountTarget
Properties:
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
NetworkType: Vpc
AccessGroupName: DEFAULT_VPC_GROUP_NAME
FileSystemId:
Ref: APINas
PluginNas:
Type: ALIYUN::NAS::FileSystem
Properties:
ProtocolType: NFS
FileSystemType: standard
DeletionForce: true
StorageType: Performance
Description:
Fn::Sub: ${CommonName}-Plugin-NAS
PluginNasMountTarget:
Type: ALIYUN::NAS::MountTarget
Properties:
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
NetworkType: Vpc
AccessGroupName: DEFAULT_VPC_GROUP_NAME
FileSystemId:
Ref: PluginNas
SuperOpsUser:
Type: 'ALIYUN::RAM::User'
Properties:
UserName:
Fn::Sub: SuperOps-${ALIYUN::StackId}
Policies:
- PolicyName:
'Fn::Join':
- '-'
- - DifySuperOpsPolicy
- Ref: 'ALIYUN::StackName'
PolicyDocument:
Version: '1'
Statement:
- Effect: Allow
Action:
- 'gpdb:*'
Resource:
- '*'
PolicyAttachments:
System:
- AliyunSTSAssumeRoleAccess
- AliyunRAMReadOnlyAccess
AccessKey:
Type: 'ALIYUN::RAM::AccessKey'
Properties:
UserName:
'Fn::GetAtt':
- SuperOpsUser
- UserName
DifyApiConfigMap:
Type: ALIYUN::SAE::ConfigMap
Properties:
Data:
MAIL_DEFAULT_SEND_FROM: 'YOUR EMAIL FROM (eg: no-reply <no-reply@dify.ai>)'
SENTRY_PROFILES_SAMPLE_RATE: '1'
MARKETPLACE_ENABLED: 'true'
DB_PORT: '5432'
VECTOR_STORE: analyticdb
LOG_LEVEL: INFO
DB_DATABASE: dify
REDIS_USE_SSL: 'false'
STORAGE_LOCAL_PATH: /app/api/storage
SENTRY_TRACES_SAMPLE_RATE: '1'
MODE: api
WEB_API_CORS_ALLOW_ORIGINS: '*'
RESEND_API_URL: https://api.resend.com
ANALYTICDB_INSTANCE_ID:
Fn::GetAtt:
- ADBPGInstance
- DBInstanceId
CODE_EXECUTION_ENDPOINT: http://dify-sandbox:8194
REDIS_HOST:
Fn::GetAtt:
- RedisInstance
- ConnectionDomain
REDIS_DB: '0'
REDIS_PORT: '6379'
MAIL_TYPE: resend
ANALYTICDB_REGION_ID:
Ref: ALIYUN::Region
MIGRATION_ENABLED: 'true'
CONSOLE_CORS_ALLOW_ORIGINS: '*'
PLUGIN_DAEMON_URL: http://dify-plugin-daemon:5002
STORAGE_TYPE: local
DB_HOST:
Fn::GetAtt:
- PostgreSQLInstance
- InnerConnectionString
NamespaceId:
Ref: SaeNamespace
Name: dify-api
DifyApiSecret:
Type: 'ALIYUN::SAE::Secret'
Properties:
NamespaceId:
Ref: SaeNamespace
SecretName: dify-api
SecretType: Opaque
SecretData:
ANALYTICDB_ACCOUNT:
Ref: ADBPGAccount
ANALYTICDB_KEY_ID:
Fn::GetAtt:
- AccessKey
- AccessKeyId
ANALYTICDB_KEY_SECRET:
Fn::GetAtt:
- AccessKey
- AccessKeySecret
ANALYTICDB_NAMESPACE: difyns
ANALYTICDB_NAMESPACE_PASSWORD:
Ref: ADBPGPassword
ANALYTICDB_PASSWORD:
Ref: ADBPGPassword
CELERY_BROKER_URL:
Fn::Sub:
- redis://:${REDIS_PASSWORD}@${REDIS_HOST}:6379/0
- REDIS_PASSWORD:
Ref: RedisInstancePassword
REDIS_HOST:
Fn::GetAtt:
- RedisInstance
- ConnectionDomain
CODE_EXECUTION_API_KEY: dify-sandbox
DB_PASSWORD:
Ref: PostgresSQLPassword
DB_USERNAME:
Ref: PostgresSQLUserName
INNER_API_KEY_FOR_PLUGIN: QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1
PLUGIN_DAEMON_KEY: lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
REDIS_PASSWORD:
Ref: RedisInstancePassword
REDIS_USERNAME: default
RESEND_API_KEY: xxxx
SECRET_KEY:
!Base64Decode
Fn::Jq:
- First
- .[0].Output
- Fn::GetAtt:
- RunCommand
- InvokeResults
DifyWorkerConfigMap:
Type: ALIYUN::SAE::ConfigMap
Properties:
Data:
MAIL_DEFAULT_SEND_FROM: 'YOUR EMAIL FROM (eg: no-reply <no-reply@dify.ai>)'
SENTRY_PROFILES_SAMPLE_RATE: '1'
MARKETPLACE_ENABLED: 'true'
DB_PORT: '5432'
VECTOR_STORE: analyticdb
LOG_LEVEL: INFO
DB_DATABASE: dify
REDIS_USE_SSL: 'false'
STORAGE_LOCAL_PATH: /app/api/storage
SENTRY_TRACES_SAMPLE_RATE: '1'
MODE: worker
WEB_API_CORS_ALLOW_ORIGINS: '*'
RESEND_API_URL: https://api.resend.com
ANALYTICDB_INSTANCE_ID:
Fn::GetAtt:
- ADBPGInstance
- DBInstanceId
REDIS_HOST:
Fn::GetAtt:
- RedisInstance
- ConnectionDomain
REDIS_DB: '0'
REDIS_PORT: '6379'
MAIL_TYPE: resend
ANALYTICDB_REGION_ID:
Ref: ALIYUN::Region
MIGRATION_ENABLED: 'true'
CONSOLE_CORS_ALLOW_ORIGINS: '*'
PLUGIN_DAEMON_URL: http://dify-plugin-daemon:5002
STORAGE_TYPE: local
DB_HOST:
Fn::GetAtt:
- PostgreSQLInstance
- InnerConnectionString
NamespaceId:
Ref: SaeNamespace
Name: dify-worker
DifyWorkerSecret:
Type: 'ALIYUN::SAE::Secret'
Properties:
NamespaceId:
Ref: SaeNamespace
SecretName: dify-worker
SecretType: Opaque
SecretData:
ANALYTICDB_ACCOUNT:
Ref: ADBPGAccount
ANALYTICDB_KEY_ID:
Fn::GetAtt:
- AccessKey
- AccessKeyId
ANALYTICDB_KEY_SECRET:
Fn::GetAtt:
- AccessKey
- AccessKeySecret
ANALYTICDB_NAMESPACE: difyns
ANALYTICDB_NAMESPACE_PASSWORD:
Ref: ADBPGPassword
ANALYTICDB_PASSWORD:
Ref: ADBPGPassword
CELERY_BROKER_URL:
Fn::Sub:
- redis://:${REDIS_PASSWORD}@${REDIS_HOST}:6379/0
- REDIS_PASSWORD:
Ref: RedisInstancePassword
REDIS_HOST:
Fn::GetAtt:
- RedisInstance
- ConnectionDomain
DB_PASSWORD:
Ref: PostgresSQLPassword
DB_USERNAME:
Ref: PostgresSQLUserName
INNER_API_KEY_FOR_PLUGIN: QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1
PLUGIN_DAEMON_KEY: lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
REDIS_PASSWORD:
Ref: RedisInstancePassword
REDIS_USERNAME: default
RESEND_API_KEY: xxxx
SECRET_KEY:
!Base64Decode
Fn::Jq:
- First
- .[0].Output
- Fn::GetAtt:
- RunCommand
- InvokeResults
DifyPluginDaemonConfigMap:
Type: 'ALIYUN::SAE::ConfigMap'
Properties:
NamespaceId:
Ref: SaeNamespace
Name: dify-plugin-daemon
Data:
SERVER_PORT: "5002"
PLUGIN_REMOTE_INSTALLING_HOST: "0.0.0.0"
REDIS_DB: "0"
REDIS_HOST:
Fn::GetAtt:
- RedisInstance
- ConnectionDomain
MARKETPLACE_ENABLED: "true"
DB_PORT: "5432"
REDIS_USE_SSL: "false"
PLUGIN_WORKING_PATH: /app/storage/cwd
DB_HOST:
Fn::GetAtt:
- PostgreSQLInstance
- InnerConnectionString
PIP_MIRROR_URL: http://mirrors.aliyun.com/pypi/simple/
REDIS_PORT: "6379"
PLUGIN_REMOTE_INSTALLING_PORT: "5003"
MAX_PLUGIN_PACKAGE_SIZE: "52428800"
DB_DATABASE: dify_plugin
DIFY_INNER_API_URL: http://dify-api:5001
DifyPluginDaemonSecret:
Type: 'ALIYUN::SAE::Secret'
Properties:
NamespaceId:
Ref: SaeNamespace
SecretName: dify-plugin-daemon
SecretType: Opaque
SecretData:
DB_PASSWORD:
Ref: PostgresSQLPassword
DB_USERNAME:
Ref: PostgresSQLUserName
DIFY_INNER_API_KEY: QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1
REDIS_PASSWORD:
Ref: RedisInstancePassword
REDIS_USERNAME: default
SERVER_KEY: lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
DifySandboxConfigMap:
Type: 'ALIYUN::SAE::ConfigMap'
Properties:
NamespaceId:
Ref: SaeNamespace
Name: dify-sandbox
Data:
GIN_MODE: release
SANDBOX_PORT: "8194"
DifySandboxSecret:
Type: 'ALIYUN::SAE::Secret'
Properties:
NamespaceId:
Ref: SaeNamespace
SecretName: dify-sandbox
SecretType: Opaque
SecretData:
API_KEY: dify-sandbox
DifyWebConfigMap:
Type: 'ALIYUN::SAE::ConfigMap'
Properties:
NamespaceId:
Ref: SaeNamespace
Name: dify-web
Data:
MARKETPLACE_ENABLED: "true"
MARKETPLACE_URL: https://marketplace.dify.ai
MARKETPLACE_API_URL: https://marketplace.dify.ai
DifyNginxConfigMap:
Type: 'ALIYUN::SAE::ConfigMap'
Properties:
NamespaceId:
Ref: SaeNamespace
Name: dify-nginx
Data:
default.conf: |-
server {
listen 80;
server_name _;
location /console/api {
proxy_pass http://dify-api:5001;
include proxy.conf;
}
location /api {
proxy_pass http://dify-api:5001;
include proxy.conf;
}
location /v1 {
proxy_pass http://dify-api:5001;
include proxy.conf;
}
location /files {
proxy_pass http://dify-api:5001;
include proxy.conf;
}
location /explore {
proxy_pass http://dify-web:3000;
proxy_set_header Dify-Hook-Url $scheme://$host$request_uri;
include proxy.conf;
}
location /e/ {
proxy_pass http://dify-plugin-daemon:5002;
proxy_set_header Dify-Hook-Url $scheme://$host$request_uri;
include proxy.conf;
}
location / {
proxy_pass http://dify-web:3000;
include proxy.conf;
}
}
nginx.conf: |-
user nginx;
worker_processes auto;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
client_max_body_size 15M;
include /etc/nginx/conf.d/*.conf;
}
proxy.conf: |-
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
DifyApiApp:
DependsOn:
- SaeNamespace
- DifyApiConfigMap
- DifyApiSecret
- ADBPGInstance
Type: 'ALIYUN::SAE::Application'
Properties:
AppName: dify-api
SaeVersion: v2
AutoConfig: false
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
VSwitchId:
Fn::Sub:
- '${VSwitch1},${VSwitch2}'
- VSwitch1:
Ref: VSwitch1
VSwitch2:
Ref: VSwitch2
Replicas: 1
NamespaceId:
Ref: SaeNamespace
Cpu: 1000
Memory: 2048
PackageType: Image
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-api-v1.6.0
ProgrammingLanguage: python
AppSource: micro_service
Timezone: Asia/Shanghai
NasConfigs:
Fn::Sub:
- '[{"mountDomain":"${MOUNT_DOMAIN}","mountPath":"/app/api/storage","nasId":"${NAS_ID}","nasPath":"dify-api","readOnly":false,"volumeName":"nas-1"}]'
- MOUNT_DOMAIN:
Fn::GetAtt:
- APINasMountTarget
- MountTargetDomain
NAS_ID:
Fn::GetAtt:
- APINas
- FileSystemId
PvtzDiscoverySvc:
Fn::Sub:
- '{"enable":"true","namespaceId":"${REGION_ID}:${NAMESPACE}","portAndProtocol":{"5001:TCP":"5001"},"portProtocols":[],"pvtzDiscoveryName":"${REGION_ID}-${USER_ID}","serviceName":"dify-api.${NAMESPACE}"}'
- NAMESPACE:
Ref: NamespaceName
USER_ID:
Ref: ALIYUN::TenantId
REGION_ID:
Ref: ALIYUN::Region
Envs:
Fn::Sub:
- '[{"name":"APP_WEB_URL"},{"name":"FILES_URL"},{"name":"CODE_MAX_DEPTH","value":"5"},{"name":"CODE_MAX_OBJECT_ARRAY_LENGTH","value":"30"},{"name":"CHECK_UPDATE_URL"},{"name":"CODE_MAX_STRING_ARRAY_LENGTH","value":"30"},{"name":"SERVICE_API_URL"},{"name":"sae-sys-secret-all-dify-api","valueFrom":{"secretRef":{"secretId":${SECRET_ID},"key":""}}},{"name":"CODE_MAX_PRECISION","value":"20"},{"name":"CONSOLE_API_URL"},{"name":"TEMPLATE_TRANSFORM_MAX_LENGTH","value":"80000"},{"name":"CODE_MAX_NUMBER","value":"9223372036854775807"},{"name":"CODE_MAX_NUMBER_ARRAY_LENGTH","value":"1000"},{"name":"CONSOLE_WEB_URL"},{"name":"CODE_MIN_NUMBER","value":"-9223372036854775808"},{"name":"CODE_MAX_STRING_LENGTH","value":"80000"},{"name":"SENTRY_DSN"},{"name":"CODE_EXECUTION_API_KEY","valueFrom":{"secretRef":{"secretId":${SANDBOX_SECRET_ID},"key":"API_KEY"}}},{"name":"sae-sys-configmap-all-dify-api","valueFrom":{"configMapRef":{"configMapId":${CONFIGMAP_ID},"key":""}}}]'
- CONFIGMAP_ID:
Fn::GetAtt:
- DifyApiConfigMap
- ConfigMapId
SECRET_ID:
Fn::GetAtt:
- DifyApiSecret
- SecretId
SANDBOX_SECRET_ID:
Fn::GetAtt:
- DifySandboxSecret
- SecretId
DifyWorkerApp:
DependsOn:
- SaeNamespace
- DifyWorkerConfigMap
- DifyWorkerSecret
Type: 'ALIYUN::SAE::Application'
Properties:
AppName: dify-worker
SaeVersion: v2
AutoConfig: false
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
VSwitchId:
Fn::Sub:
- '${VSwitch1},${VSwitch2}'
- VSwitch1:
Ref: VSwitch1
VSwitch2:
Ref: VSwitch2
Replicas: 1
NamespaceId:
Ref: SaeNamespace
Cpu: 1000
Memory: 2048
PackageType: Image
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-api-v1.6.0
ProgrammingLanguage: python
AppSource: micro_service
Timezone: Asia/Shanghai
NasConfigs:
Fn::Sub:
- '[{"mountDomain":"${MOUNT_DOMAIN}","mountPath":"/app/api/storage","nasId":"${NAS_ID}","nasPath":"dify-api","readOnly":false,"volumeName":"nas-1"}]'
- MOUNT_DOMAIN:
Fn::GetAtt:
- APINasMountTarget
- MountTargetDomain
NAS_ID:
Fn::GetAtt:
- APINas
- FileSystemId
Envs:
Fn::Sub:
- '[{"name":"sae-sys-secret-all-dify-worker","valueFrom":{"secretRef":{"secretId":${SECRET_ID},"key":""}}},{"name":"sae-sys-configmap-all-dify-worker","valueFrom":{"configMapRef":{"configMapId":${CONFIGMAP_ID},"key":""}}},{"name":"CONSOLE_WEB_URL"}]'
- CONFIGMAP_ID:
Fn::GetAtt:
- DifyWorkerConfigMap
- ConfigMapId
SECRET_ID:
Fn::GetAtt:
- DifyWorkerSecret
- SecretId
DifyPluginDaemonApp:
DependsOn:
- SaeNamespace
- DifyPluginDaemonConfigMap
- DifyPluginDaemonSecret
Type: 'ALIYUN::SAE::Application'
Properties:
AppName: dify-plugin-daemon
SaeVersion: v2
AutoConfig: false
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
VSwitchId:
Fn::Sub:
- '${VSwitch1},${VSwitch2}'
- VSwitch1:
Ref: VSwitch1
VSwitch2:
Ref: VSwitch2
Replicas: 1
NamespaceId:
Ref: SaeNamespace
Cpu: 1000
Memory: 2048
PackageType: Image
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-plugin-daemon-v0.1.3-local
ProgrammingLanguage: golang
AppSource: micro_service
Timezone: Asia/Shanghai
NasConfigs:
Fn::Sub:
- '[{"mountDomain":"${MOUNT_DOMAIN}","mountPath":"/app/storage","nasId":"${NAS_ID}","nasPath":"dify-plugin-daemon","readOnly":false,"volumeName":"nas-1"}]'
- MOUNT_DOMAIN:
Fn::GetAtt:
- PluginNasMountTarget
- MountTargetDomain
NAS_ID:
Fn::GetAtt:
- PluginNas
- FileSystemId
PvtzDiscoverySvc:
Fn::Sub:
- '{"enable":"true","namespaceId":"${REGION_ID}:${NAMESPACE}","portAndProtocol":{"5003:TCP":"5003","5002:TCP":"5002"},"portProtocols":[],"pvtzDiscoveryName":"${REGION_ID}-${USER_ID}","serviceName":"dify-plugin-daemon.${NAMESPACE}"}'
- NAMESPACE:
Ref: NamespaceName
USER_ID:
Ref: ALIYUN::TenantId
REGION_ID:
Ref: ALIYUN::Region
Envs:
Fn::Sub:
- '[{"name":"sae-sys-secret-all-dify-plugin-daemon","valueFrom":{"secretRef":{"secretId":${SECRET_ID},"key":""}}},{"name":"sae-sys-configmap-all-dify-plugin-daemon","valueFrom":{"configMapRef":{"configMapId":${CONFIGMAP_ID},"key":""}}}]'
- CONFIGMAP_ID:
Fn::GetAtt:
- DifyPluginDaemonConfigMap
- ConfigMapId
SECRET_ID:
Fn::GetAtt:
- DifyPluginDaemonSecret
- SecretId
DifySandboxApp:
DependsOn:
- SaeNamespace
- DifySandboxConfigMap
- DifySandboxSecret
Type: 'ALIYUN::SAE::Application'
Properties:
AppName: dify-sandbox
SaeVersion: v2
AutoConfig: false
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
VSwitchId:
Fn::Sub:
- '${VSwitch1},${VSwitch2}'
- VSwitch1:
Ref: VSwitch1
VSwitch2:
Ref: VSwitch2
Replicas: 1
NamespaceId:
Ref: SaeNamespace
Cpu: 1000
Memory: 2048
PackageType: Image
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-sandbox-v0.2.12
ProgrammingLanguage: golang
AppSource: micro_service
Timezone: Asia/Shanghai
PvtzDiscoverySvc:
Fn::Sub:
- '{"enable":"true","namespaceId":"${REGION_ID}:${NAMESPACE}","portAndProtocol":{"8194:TCP":"8194"},"portProtocols":[],"pvtzDiscoveryName":"${REGION_ID}-${USER_ID}","serviceName":"dify-sandbox.${NAMESPACE}"}'
- NAMESPACE:
Ref: NamespaceName
USER_ID:
Ref: ALIYUN::TenantId
REGION_ID:
Ref: ALIYUN::Region
Envs:
Fn::Sub:
- '[{"name":"sae-sys-secret-all-dify-sandbox","valueFrom":{"secretRef":{"secretId":${SECRET_ID},"key":""}}},{"name":"WORKER_TIMEOUT","value":"15"},{"name":"sae-sys-configmap-all-dify-sandbox","valueFrom":{"configMapRef":{"configMapId":${CONFIGMAP_ID},"key":""}}}]'
- CONFIGMAP_ID:
Fn::GetAtt:
- DifySandboxConfigMap
- ConfigMapId
SECRET_ID:
Fn::GetAtt:
- DifySandboxSecret
- SecretId
DifyWebApp:
DependsOn:
- SaeNamespace
- DifyWebConfigMap
Type: 'ALIYUN::SAE::Application'
Properties:
AppName: dify-web
SaeVersion: v2
AutoConfig: false
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
VSwitchId:
Fn::Sub:
- '${VSwitch1},${VSwitch2}'
- VSwitch1:
Ref: VSwitch1
VSwitch2:
Ref: VSwitch2
Replicas: 1
NamespaceId:
Ref: SaeNamespace
Cpu: 1000
Memory: 2048
PackageType: Image
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-web-v1.6.0
ProgrammingLanguage: other
AppSource: micro_service
Timezone: Asia/Shanghai
PvtzDiscoverySvc:
Fn::Sub:
- '{"enable":"true","namespaceId":"${REGION_ID}:${NAMESPACE}","portAndProtocol":{"3000:TCP":"3000"},"portProtocols":[],"pvtzDiscoveryName":"${REGION_ID}-${USER_ID}","serviceName":"dify-web.${NAMESPACE}"}'
- NAMESPACE:
Ref: NamespaceName
USER_ID:
Ref: ALIYUN::TenantId
REGION_ID:
Ref: ALIYUN::Region
Envs:
Fn::Sub:
- '[{"name":"sae-sys-configmap-all-dify-web","valueFrom":{"configMapRef":{"configMapId":${CONFIGMAP_ID},"key":""}}},{"name":"APP_API_URL"},{"name":"CONSOLE_API_URL"},{"name":"EDITION","value":"SELF_HOSTED"}]'
- CONFIGMAP_ID:
Fn::GetAtt:
- DifyWebConfigMap
- ConfigMapId
DifyNginxApp:
DependsOn:
- SaeNamespace
- DifyNginxConfigMap
Type: 'ALIYUN::SAE::Application'
Properties:
AppName: dify-nginx
SaeVersion: v2
AutoConfig: false
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
VSwitchId:
Fn::Sub:
- '${VSwitch1},${VSwitch2}'
- VSwitch1:
Ref: VSwitch1
VSwitch2:
Ref: VSwitch2
Replicas: 1
NamespaceId:
Ref: SaeNamespace
Cpu: 1000
Memory: 2048
PackageType: Image
ImageUrl:
Fn::Sub: registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:nginx-v1.23.4
ProgrammingLanguage: other
AppSource: micro_service
Timezone: Asia/Shanghai
ConfigMapMountDesc:
Fn::Sub:
- '[{"MountPath":"/etc/nginx/conf.d/default.conf","ConfigMapId":${CONFIGMAP_ID},"ConfigMapName":"dify-nginx","Key":"default.conf"},{"MountPath":"/etc/nginx/nginx.conf","ConfigMapId":${CONFIGMAP_ID},"ConfigMapName":"dify-nginx","Key":"nginx.conf"},{"MountPath":"/etc/nginx/proxy.conf","ConfigMapId":${CONFIGMAP_ID},"ConfigMapName":"dify-nginx","Key":"proxy.conf"}]'
- CONFIGMAP_ID:
Fn::GetAtt:
- DifyNginxConfigMap
- ConfigMapId
InternetClb:
Type: ALIYUN::SLB::LoadBalancer
Properties:
LoadBalancerName:
Ref: ALIYUN::StackName
LoadBalancerSpec: slb.s2.medium
AddressType: internet
BackendAppBindClb:
Type: 'ALIYUN::SAE::SlbBinding'
DependsOn:
- DifyNginxApp
- InternetClb
Properties:
InternetSlbId:
Fn::GetAtt:
- InternetClb
- LoadBalancerId
Internet: '[{"port": 80, "targetPort": 80, "protocol": "TCP"}]'
AppId:
Fn::GetAtt:
- DifyNginxApp
- AppId
Outputs:
DifyAddress:
Label:
zh-cn: dify服务地址。
en: dify service address.
Description:
zh-cn: dify服务地址。
en: dify service address.
Value:
Fn::Sub:
- http://${ServerAddress}:80
- ServerAddress:
Fn::GetAtt:
- InternetClb
- IpAddress
PostgresName:
Label:
zh-cn: Postgres 用户名
en: Postgres username
Description:
zh-cn: AnalyticDB PostgreSQL 的用户名。
en: The username of AnalyticDB PostgreSQL.
Value:
Ref: ADBPGAccount
PostgresPassword:
Label:
zh-cn: Postgres 密码
en: Postgres password
Description:
zh-cn: AnalyticDB PostgreSQL 的密码。
en: The password of AnalyticDB PostgreSQL.
NoEcho: true
Value:
Ref: ADBPGPassword
PostgresConnectionString:
Label:
zh-cn: Postgres 数据库地址
en: Postgres database address
Description:
zh-cn: AnalyticDB PostgreSQL 的内网连接地址。
en: The internal network connection address of AnalyticDB PostgreSQL.
Value:
Fn::GetAtt:
- ADBPGInstance
- ConnectionString
APINasFileSystemId:
Label:
zh-cn: API NAS 文件系统
en: API NAS file System
Description:
zh-cn: NAS 文件系统。
en: NAS file System.
Value:
Ref: APINas
APINasMountTarget:
Label:
zh-cn: API NAS 挂载点
en: API NAS MountTarget
Description:
zh-cn: NAS 挂载点。
en: NAS MountTarget.
Value:
Ref: APINasMountTarget
PluginNasFileSystemId:
Label:
zh-cn: API NAS 文件系统
en: API NAS file System
Description:
zh-cn: NAS 文件系统。
en: NAS file System.
Value:
Ref: PluginNas
PluginNasMountTarget:
Label:
zh-cn: API NAS 挂载点
en: API NAS MountTarget
Description:
zh-cn: NAS 挂载点。
en: NAS MountTarget.
Value:
Ref: PluginNasMountTarget
RedisConnectionString:
Label:
zh-cn: Redis 连接地址
en: Redis connection address
Description:
zh-cn: Redis 连接地址。
en: Redis connection address.
Value:
Fn::GetAtt:
- RedisInstance
- ConnectionDomain
RedisName:
Label:
zh-cn: Redis 用户名
en: Redis username
Description:
zh-cn: Redis 的用户名。
en: The username of Redis.
Value: default
RedisInstancePassword:
Label:
zh-cn: Redis 密码
en: Redis password
Description:
zh-cn: Redis 的密码。
en: The password of Redis.
NoEcho: true
Value:
Ref: RedisInstancePassword
PostgreSQLDBName:
Label:
zh-cn: 数据库名称
en: DBName
Description:
zh-cn: RDS PostgreSQL 的数据库名称。
en: The database name of RDS PostgreSQL.
Value: dify
PostgreSQLConnectionString:
Label:
zh-cn: RDS 数据库地址
en: RDS Database address
Description:
zh-cn: RDS PostgreSQL 的内网连接地址。
en: The internal network connection address of RDS PostgreSQL.
Value:
Fn::GetAtt:
- PostgreSQLInstance
- InnerConnectionString
PostgreSQLAccount:
Label:
zh-cn: RDS 用户名
en: RDS Account
Description:
zh-cn: RDS PostgreSQL 的用户名。
en: The username of RDS PostgreSQL.
Value:
Ref: PostgresSQLUserName
PostgreSQLPassword:
Label:
zh-cn: RDS 密码
en: RDS Password
Description:
zh-cn: RDS PostgreSQL 的密码。
en: The password of RDS PostgreSQL.
NoEcho: true
Value:
Ref: PostgresSQLPassword
NameSpace:
Label:
zh-cn: 命名空间
en: NameSpace
Description:
zh-cn: 命名空间。
en: NameSpace.
Value:
Fn::Sub: ${ALIYUN::Region}:${NamespaceName}
Vpc:
Label:
zh-cn: Vpc ID
en: Vpc ID
Description:
zh-cn: Vpc ID。
en: Vpc ID。
Value:
Ref: Vpc
Vsw:
Label:
zh-cn: 交换机 ID
en: Vsw ID
Description:
zh-cn: 交换机 ID。
en: Vsw ID.
Value:
Ref: VSwitch1
Sg:
Label:
zh-cn: 安全组 ID
en: Security Group ID
Description:
zh-cn: 安全组 ID。
en: Security Group ID.
Value:
Ref: SecurityGroup
SecretKey:
Label:
zh-cn: Secret Key
en: Secret Key
Description:
zh-cn: 用于安全签名以及加密数据库中的敏感信息。
en: Used for secure signatures and encrypting sensitive information in the database.
NoEcho: true
Value:
!Base64Decode
Fn::Jq:
- First
- .[0].Output
- Fn::GetAtt:
- RunCommand
- InvokeResults
dify-nginx:
Label:
zh-cn: dify-nginx的应用地址
en: The application address of dify-nginx
Description:
zh-cn: dify-nginx的应用地址,在应用访问设置,基于 CLB 访问,查看公网访问地址。
en: The application address of dify-nginx,In the application access Settings, based on CLB access, view the public network access address.
Value:
Fn::Sub: https://saenext.console.aliyun.com/${ALIYUN::Region}/app-list/${DifyNginxApp.AppId}/micro-app/base?name=dify-nginx
ECSInstanceId:
Label:
zh-cn: dify-nginx的应用地址
en: The application address of dify-nginx
Description:
zh-cn: ECS实例ID,此实例部署了示例电商系统。
en: ECS instance ID. This instance deploys the sample e-commerce system.
Value:
Fn::Select:
- 0
- Fn::GetAtt:
- EcsInstance
- InstanceIds
Console@DemoUrl:
Description:
zh-cn: 应用程序访问域名,即本方案的电商系统地址。
en: The application accesses the domain name, which is the address of the e-commerce system of this solution.
Value:
Fn::Sub:
- http://${PublicIp}
- PublicIp:
Fn::Select:
- 0
- Fn::GetAtt:
- EcsInstance
- PublicIps
Metadata:
'ALIYUN::ROS::Interface':
Outputs:
- DifyAddress
- ECSInstanceId
- Console@DemoUrl
- dify-nginx
- NameSpace
- Vpc
- Vsw
- Sg
- PostgreSQLDBName
- PostgreSQLConnectionString
- PostgreSQLAccount
- PostgreSQLPassword
- PostgresName
- PostgresPassword
- PostgresConnectionString
- APINasFileSystemId
- APINasMountTarget
- PluginNasFileSystemId
- PluginNasMountTarget
- RedisConnectionString
- RedisName
- RedisInstancePassword
- SecretKey
ParameterGroups:
- Parameters:
- ZoneId1
- ZoneId2
Label:
default:
en: Availability Zone
zh-cn: 可用区
- Parameters:
- InstanceType
- InstancePassword
Label:
default:
en: Cloud Server ECS
zh-cn: 云服务器 ECS
- Parameters:
- RedisInstancePassword
Label:
default:
en: Cloud database Tair (compatible with Redis)
zh-cn: 云数据库Tair(兼容Redis)
- Parameters:
- ADBPGAccount
- ADBPGPassword
Label:
default:
en: Cloud-native data warehouse AnalyticDB PostgreSQL version
zh-cn: 云原生数据仓库AnalyticDB PostgreSQL版
- Parameters:
- DBInstanceClass
- RdsDatabaseName
- PostgresSQLUserName
- PostgresSQLPassword
Label:
default:
en: Cloud database RDS PostgreSQL
zh-cn: 云数据库 RDS PostgreSQL
- Parameters:
- NamespaceName
Label:
default:
en: Serverless Application Engine SAE
zh-cn: Serverless 应用引擎 SAE
TemplateTags:
- acs:technical-solution:internet-application-development:通过Serverless应用引擎部署生产环境 Dify 平台-tech_solu_251
Hidden:
- CommonName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "通过Serverless应用引擎部署生产环境 Dify 平台。",
"en": "Deploy the production environment Dify platform through the Serverless application engine."
},
"Parameters": {
"CommonName": {
"Type": "String",
"Default": "Dify"
},
"NamespaceName": {
"Type": "String",
"Label": {
"en": "Namespace Name",
"zh-cn": "命名空间名称"
},
"Description": {
"zh-cn": "命名空间名称,仅支持小写字母和数字",
"en": "Namespace name, only lowercase letters and numbers are supported."
},
"AllowedPattern": "^[a-z0-9]+$",
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 3,
"Prefix": "dify",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 2
},
{
"Class": "number",
"min": 1
}
]
}
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId2"
]
},
"Label": {
"en": "Availability Zone 2",
"zh-cn": "可用区1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "Availability Zone 2",
"zh-cn": "可用区2"
}
},
"InstanceType": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId1}"
},
"Label": {
"en": "Instance Type",
"zh-cn": "实例规格"
}
},
"ADBPGAccount": {
"Default": "dify",
"Type": "String",
"Label": {
"zh-cn": "数据库账号",
"en": "DB Account"
}
},
"ADBPGPassword": {
"NoEcho": true,
"Type": "String",
"Label": {
"zh-cn": "数据库账号密码",
"en": "DB Account Password"
},
"AssociationProperty": "ALIYUN::RDS::Instance::AccountPassword"
},
"InstancePassword": {
"Type": "String",
"Label": {
"en": "Server login Password",
"zh-cn": "登录密码"
},
"Description": {
"en": "Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)",
"zh-cn": "服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)"
},
"AssociationProperty": "ALIYUN::ECS::Instance::Password"
},
"RedisInstancePassword": {
"Type": "String",
"Label": {
"en": "Instance Password",
"zh-cn": "实例密码"
},
"Description": {
"en": "The Redis password used by Dify should be 8 to 32 characters. It only supports a combination of upper and lower case English and numbers. Please do not use any other characters.",
"zh-cn": "8-32个字符, Dify使用的Redis密码仅支持英文大小写和数字组合,请不要使用其它字符。"
},
"ConstraintDescription": {
"en": "The Redis password used by Dify should be 8 to 32 characters. It only supports a combination of upper and lower case English and numbers. Please do not use any other characters.",
"zh-cn": "8-32个字符, Dify使用的Redis密码仅支持英文大小写和数字组合,请不要使用其它字符。"
},
"AllowedPattern": "^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?\\d)[A-Za-z0-9]{8,32}$",
"MinLength": "8",
"MaxLength": "32",
"NoEcho": true
},
"DBInstanceClass": {
"Type": "String",
"Label": {
"en": "Instance Class",
"zh-cn": "实例规格"
},
"Default": "pg.n4m.2c.2m",
"Required": true,
"AssociationProperty": "ALIYUN::RDS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"ZoneId": "${ZoneId}",
"EngineVersion": "17.0",
"Engine": "PostgreSQL",
"Category": "HighAvailability",
"InstanceChargeType": "Postpaid",
"DBInstanceStorageType": "cloud_essd",
"CommodityCode": "bards"
}
},
"PostgresSQLPassword": {
"Type": "String",
"NoEcho": true,
"Label": {
"en": "Database Account Password",
"zh-cn": "数据库账号密码"
},
"AssociationProperty": "ALIYUN::RDS::Instance::AccountPassword"
},
"PostgresSQLUserName": {
"Type": "String",
"Label": {
"en": "Database Account",
"zh-cn": "数据库账号"
},
"AllowedPattern": "^(?!dbo\\b|login\\b|admin\\b|administrator\\b|adminsys\\b|alimail\\b|aliyun\\b|apache\\b|appadmin\\b|apsara\\b|aurora\\b|bulkadmin\\b|cangjie\\b|cdn\\b|client\\b|cm\\b|dataengine\\b|dayu\\b|dba\\b|dbcreator\\b|developer\\b|diskadmin\\b|distribution\\b|dns\\b|download\\b|eagleye\\b|f5\\b|faq\\b|fuxi\\b|galaxy\\b|gongcao\\b|gongming\\b|groupon\\b|ha\\b|help\\b|host\\b|hostmaster\\b|houyi\\b|hr\\b|info\\b|information_schema\\b|kuafu\\b|lvs\\b|manager\\b|master\\b|meituan\\b|model\\b|monitor\\b|msdb\\b|mssqld\\b|mssqlsystemresource\\b|mysql\\b|nas\\b|net\\b|netops\\b|netweb\\b|news\\b|no-reply\\b|ntp\\b|nuwa\\b|nvwa\\b|operator\\b|opr\\b|ops\\b|opsdb\\b|oracle\\b|pangu\\b|pe\\b|post\\b|postmaster\\b|processadmin\\b|public\\b|qq\\b|replicator\\b|reply\\b|root\\b|sa\\b|sales\\b|san\\b|security\\b|securityadmin\\b|serveradmin\\b|services\\b|setupadmin\\b|shennong\\b|siteops\\b|sqlengine\\b|sqlonline\\b|squid\\b|ssladmin\\b|support\\b|sys\\b|sysadmin\\b|syslog\\b|system\\b|taoyun\\b|tempdb\\b|test\\b|tianyun\\b|wangwang\\b|eb\\b|webmaster\\b|webnet\\b|xtrabak\\b|youchao\\b|yum\\b|yunti\\b|zhongkui\\b|database\\b|add\\b|except\\b|percent\\b|all\\b|exec\\b|plan\\b|alter\\b|execute\\b|precision\\b|and\\b|exists\\b|primary\\b|any\\b|exit\\b|print\\b|as\\b|fetch\\b|proc\\b|asc\\b|file\\b|procedure\\b|authorization\\b|fillfactor\\b|public\\b|backup\\b|for\\b|raiserror\\b|begin\\b|foreign\\b|read\\b|between\\b|freetext\\b|readtext\\b|break\\b|freetexttable\\b|reconfigure\\b|browse\\b|from\\b|references\\b|bulk\\b|full\\b|replication\\b|by\\b|function\\b|restore\\b|cascade\\b|goto\\b|restrict\\b|case\\b|grant\\b|return\\b|check\\b|group\\b|revoke\\b|checkpoint\\b|having\\b|right\\b|close\\b|holdlock\\b|rollback\\b|clustered\\b|identity\\b|rowcount\\b|coalesce\\b|identity_insert\\b|rowguidcol\\b|collate\\b|identitycol\\b|rule\\b|column\\b|if\\b|save\\b|commit\\b|in\\b|schema\\b|compute\\b|index\\b|select\\b|constraint\\b|inner\\b|session_user\\b|contains\\b|insert\\b|set\\b|containstable\\b|intersect\\b|setuser\\b|continue\\b|into\\b|shutdown\\b|convert\\b|is\\b|some\\b|create\\b|join\\b|statistics\\b|cross\\b|key\\b|system_user\\b|current\\b|kill\\b|table\\b|current_date\\b|left\\b|textsize\\b|current_time\\b|like\\b|then\\b|current_timestamp\\b|lineno\\b|to\\b|current_user\\b|load\\b|top\\b|cursor\\b|national\\b|tran\\b|database\\b|nocheck\\b|transaction\\b|dbcc\\b|nonclustered\\b|trigger\\b|deallocate\\b|not\\b|truncate\\b|declare\\b|null\\b|tsequal\\b|default\\b|nullif\\b|union\\b|delete\\b|of\\b|unique\\b|deny\\b|off\\b|update\\b|desc\\b|offsets\\b|updatetext\\b|disk\\b|on\\b|use\\b|distinct\\b|open\\b|user\\b|distributed\\b|opendatasource\\b|values\\b|double\\b|openquery\\b|varying\\b|drop\\b|openrowset\\b|view\\b|dummy\\b|openxml\\b|waitfor\\b|dump\\b|option\\b|when\\b|else\\b|or\\b|where\\b|end\\b|order\\b|while\\b|errlvl\\b|outer\\b|with\\b|escape\\b|over\\b|writetext\\b|add\\b|analyze\\b|asc\\b|between\\b|blob\\b|call\\b|change\\b|check\\b|condition\\b|continue\\b|cross\\b|current_timestamp\\b|database\\b|day_microsecond\\b|dec\\b|default\\b|desc\\b|distinct\\b|double\\b|each\\b|enclosed\\b|exit\\b|fetch\\b|float8\\b|foreign\\b|goto\\b|having\\b|hour_minute\\b|ignore\\b|infile\\b|insensitive\\b|int1\\b|int4\\b|interval\\b|iterate\\b|keys\\b|leading\\b|like\\b|lines\\b|localtimestamp\\b|longblob\\b|low_priority\\b|mediumint\\b|minute_microsecond\\b|modifies\\b|no_write_to_binlog\\b|on\\b|optionally\\b|out\\b|precision\\b|purge\\b|read\\b|references\\b|rename\\b|require\\b|revoke\\b|schema\\b|select\\b|set\\b|spatial\\b|sqlexception\\b|sql_big_result\\b|ssl\\b|table\\b|tinyblob\\b|to\\b|true\\b|unique\\b|update\\b|using\\b|utc_timestamp\\b|varchar\\b|when\\b|with\\b|xor\\b|all\\b|and\\b|asensitive\\b|bigint\\b|both\\b|cascade\\b|char\\b|collate\\b|connection\\b|convert\\b|current_date\\b|current_user\\b|databases\\b|day_minute\\b|decimal\\b|delayed\\b|describe\\b|distinctrow\\b|drop\\b|else\\b|escaped\\b|explain\\b|float\\b|for\\b|from\\b|grant\\b|high_priority\\b|hour_second\\b|in\\b|inner\\b|insert\\b|int2\\b|int8\\b|into\\b|join\\b|kill\\b|leave\\b|limit\\b|load\\b|lock\\b|longtext\\b|match\\b|mediumtext\\b|minute_second\\b|natural\\b|null\\b|optimize\\b|or\\b|outer\\b|primary\\b|raid0\\b|reads\\b|regexp\\b|repeat\\b|restrict\\b|right\\b|schemas\\b|sensitive\\b|show\\b|specific\\b|sqlstate\\b|sql_calc_found_rows\\b|starting\\b|terminated\\b|tinyint\\b|trailing\\b|undo\\b|unlock\\b|usage\\b|utc_date\\b|values\\b|varcharacter\\b|where\\b|write\\b|year_month\\b|alter\\b|as\\b|before\\b|binary\\b|by\\b|case\\b|character\\b|column\\b|constraint\\b|create\\b|current_time\\b|cursor\\b|day_hour\\b|day_second\\b|declare\\b|delete\\b|deterministic\\b|div\\b|dual\\b|elseif\\b|exists\\b|false\\b|float4\\b|force\\b|fulltext\\b|group\\b|hour_microsecond\\b|if\\b|index\\b|inout\\b|int\\b|int3\\b|integer\\b|is\\b|key\\b|label\\b|left\\b|linear\\b|localtime\\b|long\\b|loop\\b|mediumblob\\b|middleint\\b|mod\\b|not\\b|numeric\\b|option\\b|order\\b|outfile\\b|procedure\\b|range\\b|real\\b|release\\b|replace\\b|return\\b|rlike\\b|second_microsecond\\b|separator\\b|smallint\\b|sql\\b|sqlwarning\\b|sql_small_result\\b|straight_join\\b|then\\b|tinytext\\b|trigger\\b|union\\b|unsigned\\b|use\\b|utc_time\\b|varbinary\\b|varying\\b|while\\b|x509\\b|zerofill)([a-zA-Z][a-zA-Z0-9_]{0,30}[a-zA-Z0-9])$",
"ConstraintDescription": {
"en": "The value can be up to 32 characters in length and can contain letters, digits, and underscores (_). The value must start with a letter and end with a letter or digit. For more information about invalid characters, see 详见<a href=\"https://help.aliyun.com/zh/rds/developer-reference/forbidden-keywords\" target=\"_blank\">Forbidden keywords table</a>.",
"zh-cn": "由小写字母、大写字母、数字、下划线(_)组成,以字母开头,以字母或数字结尾,最多32个字符。其他非法字符,详见<a href=\"https://help.aliyun.com/zh/rds/developer-reference/forbidden-keywords\" target=\"_blank\">禁用关键字表</a>。"
},
"Default": "db_user"
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-VPC_HZ"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw_001"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.2.0/24",
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw_002"
}
}
},
"Sleep": {
"DependsOn": [
"VSwitch1",
"VSwitch2"
],
"Type": "ALIYUN::ROS::Sleep",
"Properties": {
"DeleteDuration": 300
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-SecurityGroup_1"
},
"SecurityGroupIngress": [
{
"PortRange": "80/80",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "3000/3000",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "5001/5001",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "5002/5002",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "5003/5003",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "8080/8080",
"Priority": 1,
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
}
]
}
},
"EcsInstance": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_x64_20G_alibase_",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs"
},
"InstanceType": {
"Ref": "InstanceType"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"SystemDiskSize": 40,
"InternetMaxBandwidthOut": 5,
"Password": {
"Ref": "InstancePassword"
}
}
},
"RunCommand": {
"Type": "ALIYUN::ECS::RunCommand",
"Properties": {
"CommandContent": {
"Fn::Sub": "#!/bin/sh\necho \"sk-$(openssl rand -hex 16)\"\n"
},
"Type": "RunShellScript",
"InstanceIds": [
{
"Ref": "EcsInstance"
}
]
}
},
"RunCommand2": {
"DependsOn": [
"RunCommand"
],
"Type": "ALIYUN::ECS::RunCommand",
"Properties": {
"CommandContent": {
"Fn::Sub": "#!/bin/sh\nexport ROS_DEPLOY=true\ncurl -fsSL https://help-static-aliyun-doc.aliyuncs.com/install-script/dify/sae/install.sh | bash\n"
},
"Type": "RunShellScript",
"InstanceIds": [
{
"Ref": "EcsInstance"
}
]
}
},
"RedisInstance": {
"Type": "ALIYUN::REDIS::Instance",
"Properties": {
"ZoneId": {
"Ref": "ZoneId1"
},
"SecondaryZoneId": {
"Ref": "ZoneId2"
},
"VpcId": {
"Ref": "Vpc"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"InstanceClass": "redis.shard.large.y.ee",
"EvictionPolicy": "noeviction",
"InstanceName": {
"Fn::Sub": "${CommonName}-Redis"
},
"EngineVersion": "7.0",
"Password": {
"Ref": "RedisInstancePassword"
}
}
},
"REDISWhitelist": {
"Type": "ALIYUN::REDIS::Whitelist",
"Properties": {
"InstanceId": {
"Ref": "RedisInstance"
},
"SecurityIps": "192.168.0.0/16"
}
},
"ADBPGInstance": {
"Type": "ALIYUN::GPDB::DBInstance",
"Properties": {
"EngineVersion": "7.0",
"VectorConfigurationStatus": true,
"InstanceSpec": "4C32G",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"SegNodeNum": 4,
"SegStorageType": "cloud_essd",
"SegDiskPerformanceLevel": "pl1",
"StorageSize": 50,
"VPCId": {
"Ref": "Vpc"
},
"SecurityIPList": "192.168.0.0/16",
"DBInstanceDescription": {
"Fn::Sub": "${CommonName}"
},
"PayType": "Postpaid",
"DBInstanceCategory": "HighAvailability",
"DBInstanceMode": "StorageElastic",
"ProdType": "standard"
}
},
"GPDBAccount": {
"Type": "ALIYUN::GPDB::Account",
"Properties": {
"DBInstanceId": {
"Fn::GetAtt": [
"ADBPGInstance",
"DBInstanceId"
]
},
"AccountPassword": {
"Ref": "ADBPGPassword"
},
"AccountName": {
"Ref": "ADBPGAccount"
}
}
},
"SaeNamespace": {
"DependsOn": [
"PostgreSQLInstance",
"RedisInstance",
"ADBPGInstance",
"PluginNas",
"APINas"
],
"Type": "ALIYUN::SAE::Namespace",
"Properties": {
"NamespaceName": {
"Ref": "NamespaceName"
},
"NamespaceId": {
"Fn::Sub": "${ALIYUN::Region}:${NamespaceName}"
},
"VpcId": {
"Ref": "Vpc"
}
}
},
"PostgreSQLInstance": {
"Type": "ALIYUN::RDS::DBInstance",
"Properties": {
"ZoneId": {
"Ref": "ZoneId1"
},
"SlaveZoneIds": [
{
"Ref": "ZoneId2"
}
],
"VpcId": {
"Ref": "Vpc"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"DBInstanceClass": {
"Ref": "DBInstanceClass"
},
"DBInstanceStorage": 50,
"Engine": "PostgreSQL",
"EngineVersion": "17.0",
"SecurityIPList": "192.168.0.0/16",
"Category": "HighAvailability",
"MasterUserType": "Super",
"MasterUserPassword": {
"Ref": "PostgresSQLPassword"
},
"MasterUsername": {
"Ref": "PostgresSQLUserName"
},
"DBInstanceStorageType": "cloud_essd"
}
},
"DifyDataBase": {
"Type": "ALIYUN::RDS::Database",
"Properties": {
"CharacterSetName": "utf8",
"DBInstanceId": {
"Fn::GetAtt": [
"PostgreSQLInstance",
"DBInstanceId"
]
},
"DBName": "dify"
}
},
"DifySetUpDataBase": {
"Type": "ALIYUN::RDS::Database",
"DependsOn": "DifyDataBase",
"Properties": {
"CharacterSetName": "UTF8",
"DBInstanceId": {
"Fn::GetAtt": [
"PostgreSQLInstance",
"DBInstanceId"
]
},
"DBName": "dify_setups"
}
},
"RdsAccountPrivilege": {
"Type": "ALIYUN::RDS::AccountPrivilege",
"DependsOn": "DifySetUpDataBase",
"Properties": {
"AccountPrivilege": "DBOwner",
"DBInstanceId": {
"Ref": "PostgreSQLInstance"
},
"DBName": "dify",
"AccountName": {
"Ref": "PostgresSQLUserName"
}
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"NatGatewayName": {
"Fn::Sub": "${CommonName}-nat"
},
"InternetChargeType": "PayByLcu",
"EipBindMode": "NAT"
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
},
"SNat": {
"Type": "ALIYUN::VPC::SnatEntry",
"DependsOn": "EipAssociation",
"Properties": {
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SnatEntryName": {
"Fn::Sub": "${CommonName}-snat"
},
"SourceVSwitchIds": [
{
"Ref": "VSwitch1"
},
{
"Ref": "VSwitch2"
}
],
"SnatIp": {
"Fn::GetAtt": [
"Eip",
"EipAddress"
]
}
}
},
"APINas": {
"Type": "ALIYUN::NAS::FileSystem",
"Properties": {
"ProtocolType": "NFS",
"FileSystemType": "standard",
"DeletionForce": true,
"StorageType": "Performance",
"Description": {
"Fn::Sub": "${CommonName}-API-NAS"
}
}
},
"APINasMountTarget": {
"Type": "ALIYUN::NAS::MountTarget",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"NetworkType": "Vpc",
"AccessGroupName": "DEFAULT_VPC_GROUP_NAME",
"FileSystemId": {
"Ref": "APINas"
}
}
},
"PluginNas": {
"Type": "ALIYUN::NAS::FileSystem",
"Properties": {
"ProtocolType": "NFS",
"FileSystemType": "standard",
"DeletionForce": true,
"StorageType": "Performance",
"Description": {
"Fn::Sub": "${CommonName}-Plugin-NAS"
}
}
},
"PluginNasMountTarget": {
"Type": "ALIYUN::NAS::MountTarget",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"NetworkType": "Vpc",
"AccessGroupName": "DEFAULT_VPC_GROUP_NAME",
"FileSystemId": {
"Ref": "PluginNas"
}
}
},
"SuperOpsUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Fn::Sub": "SuperOps-${ALIYUN::StackId}"
},
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"-",
[
"DifySuperOpsPolicy",
{
"Ref": "ALIYUN::StackName"
}
]
]
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"gpdb:*"
],
"Resource": [
"*"
]
}
]
}
}
],
"PolicyAttachments": {
"System": [
"AliyunSTSAssumeRoleAccess",
"AliyunRAMReadOnlyAccess"
]
}
}
},
"AccessKey": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"SuperOpsUser",
"UserName"
]
}
}
},
"DifyApiConfigMap": {
"Type": "ALIYUN::SAE::ConfigMap",
"Properties": {
"Data": {
"MAIL_DEFAULT_SEND_FROM": "YOUR EMAIL FROM (eg: no-reply <no-reply@dify.ai>)",
"SENTRY_PROFILES_SAMPLE_RATE": "1",
"MARKETPLACE_ENABLED": "true",
"DB_PORT": "5432",
"VECTOR_STORE": "analyticdb",
"LOG_LEVEL": "INFO",
"DB_DATABASE": "dify",
"REDIS_USE_SSL": "false",
"STORAGE_LOCAL_PATH": "/app/api/storage",
"SENTRY_TRACES_SAMPLE_RATE": "1",
"MODE": "api",
"WEB_API_CORS_ALLOW_ORIGINS": "*",
"RESEND_API_URL": "https://api.resend.com",
"ANALYTICDB_INSTANCE_ID": {
"Fn::GetAtt": [
"ADBPGInstance",
"DBInstanceId"
]
},
"CODE_EXECUTION_ENDPOINT": "http://dify-sandbox:8194",
"REDIS_HOST": {
"Fn::GetAtt": [
"RedisInstance",
"ConnectionDomain"
]
},
"REDIS_DB": "0",
"REDIS_PORT": "6379",
"MAIL_TYPE": "resend",
"ANALYTICDB_REGION_ID": {
"Ref": "ALIYUN::Region"
},
"MIGRATION_ENABLED": "true",
"CONSOLE_CORS_ALLOW_ORIGINS": "*",
"PLUGIN_DAEMON_URL": "http://dify-plugin-daemon:5002",
"STORAGE_TYPE": "local",
"DB_HOST": {
"Fn::GetAtt": [
"PostgreSQLInstance",
"InnerConnectionString"
]
}
},
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Name": "dify-api"
}
},
"DifyApiSecret": {
"Type": "ALIYUN::SAE::Secret",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"SecretName": "dify-api",
"SecretType": "Opaque",
"SecretData": {
"ANALYTICDB_ACCOUNT": {
"Ref": "ADBPGAccount"
},
"ANALYTICDB_KEY_ID": {
"Fn::GetAtt": [
"AccessKey",
"AccessKeyId"
]
},
"ANALYTICDB_KEY_SECRET": {
"Fn::GetAtt": [
"AccessKey",
"AccessKeySecret"
]
},
"ANALYTICDB_NAMESPACE": "difyns",
"ANALYTICDB_NAMESPACE_PASSWORD": {
"Ref": "ADBPGPassword"
},
"ANALYTICDB_PASSWORD": {
"Ref": "ADBPGPassword"
},
"CELERY_BROKER_URL": {
"Fn::Sub": [
"redis://:${REDIS_PASSWORD}@${REDIS_HOST}:6379/0",
{
"REDIS_PASSWORD": {
"Ref": "RedisInstancePassword"
},
"REDIS_HOST": {
"Fn::GetAtt": [
"RedisInstance",
"ConnectionDomain"
]
}
}
]
},
"CODE_EXECUTION_API_KEY": "dify-sandbox",
"DB_PASSWORD": {
"Ref": "PostgresSQLPassword"
},
"DB_USERNAME": {
"Ref": "PostgresSQLUserName"
},
"INNER_API_KEY_FOR_PLUGIN": "QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1",
"PLUGIN_DAEMON_KEY": "lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi",
"REDIS_PASSWORD": {
"Ref": "RedisInstancePassword"
},
"REDIS_USERNAME": "default",
"RESEND_API_KEY": "xxxx",
"SECRET_KEY": {
"Fn::Base64Decode": {
"Fn::Jq": [
"First",
".[0].Output",
{
"Fn::GetAtt": [
"RunCommand",
"InvokeResults"
]
}
]
}
}
}
}
},
"DifyWorkerConfigMap": {
"Type": "ALIYUN::SAE::ConfigMap",
"Properties": {
"Data": {
"MAIL_DEFAULT_SEND_FROM": "YOUR EMAIL FROM (eg: no-reply <no-reply@dify.ai>)",
"SENTRY_PROFILES_SAMPLE_RATE": "1",
"MARKETPLACE_ENABLED": "true",
"DB_PORT": "5432",
"VECTOR_STORE": "analyticdb",
"LOG_LEVEL": "INFO",
"DB_DATABASE": "dify",
"REDIS_USE_SSL": "false",
"STORAGE_LOCAL_PATH": "/app/api/storage",
"SENTRY_TRACES_SAMPLE_RATE": "1",
"MODE": "worker",
"WEB_API_CORS_ALLOW_ORIGINS": "*",
"RESEND_API_URL": "https://api.resend.com",
"ANALYTICDB_INSTANCE_ID": {
"Fn::GetAtt": [
"ADBPGInstance",
"DBInstanceId"
]
},
"REDIS_HOST": {
"Fn::GetAtt": [
"RedisInstance",
"ConnectionDomain"
]
},
"REDIS_DB": "0",
"REDIS_PORT": "6379",
"MAIL_TYPE": "resend",
"ANALYTICDB_REGION_ID": {
"Ref": "ALIYUN::Region"
},
"MIGRATION_ENABLED": "true",
"CONSOLE_CORS_ALLOW_ORIGINS": "*",
"PLUGIN_DAEMON_URL": "http://dify-plugin-daemon:5002",
"STORAGE_TYPE": "local",
"DB_HOST": {
"Fn::GetAtt": [
"PostgreSQLInstance",
"InnerConnectionString"
]
}
},
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Name": "dify-worker"
}
},
"DifyWorkerSecret": {
"Type": "ALIYUN::SAE::Secret",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"SecretName": "dify-worker",
"SecretType": "Opaque",
"SecretData": {
"ANALYTICDB_ACCOUNT": {
"Ref": "ADBPGAccount"
},
"ANALYTICDB_KEY_ID": {
"Fn::GetAtt": [
"AccessKey",
"AccessKeyId"
]
},
"ANALYTICDB_KEY_SECRET": {
"Fn::GetAtt": [
"AccessKey",
"AccessKeySecret"
]
},
"ANALYTICDB_NAMESPACE": "difyns",
"ANALYTICDB_NAMESPACE_PASSWORD": {
"Ref": "ADBPGPassword"
},
"ANALYTICDB_PASSWORD": {
"Ref": "ADBPGPassword"
},
"CELERY_BROKER_URL": {
"Fn::Sub": [
"redis://:${REDIS_PASSWORD}@${REDIS_HOST}:6379/0",
{
"REDIS_PASSWORD": {
"Ref": "RedisInstancePassword"
},
"REDIS_HOST": {
"Fn::GetAtt": [
"RedisInstance",
"ConnectionDomain"
]
}
}
]
},
"DB_PASSWORD": {
"Ref": "PostgresSQLPassword"
},
"DB_USERNAME": {
"Ref": "PostgresSQLUserName"
},
"INNER_API_KEY_FOR_PLUGIN": "QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1",
"PLUGIN_DAEMON_KEY": "lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi",
"REDIS_PASSWORD": {
"Ref": "RedisInstancePassword"
},
"REDIS_USERNAME": "default",
"RESEND_API_KEY": "xxxx",
"SECRET_KEY": {
"Fn::Base64Decode": {
"Fn::Jq": [
"First",
".[0].Output",
{
"Fn::GetAtt": [
"RunCommand",
"InvokeResults"
]
}
]
}
}
}
}
},
"DifyPluginDaemonConfigMap": {
"Type": "ALIYUN::SAE::ConfigMap",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Name": "dify-plugin-daemon",
"Data": {
"SERVER_PORT": "5002",
"PLUGIN_REMOTE_INSTALLING_HOST": "0.0.0.0",
"REDIS_DB": "0",
"REDIS_HOST": {
"Fn::GetAtt": [
"RedisInstance",
"ConnectionDomain"
]
},
"MARKETPLACE_ENABLED": "true",
"DB_PORT": "5432",
"REDIS_USE_SSL": "false",
"PLUGIN_WORKING_PATH": "/app/storage/cwd",
"DB_HOST": {
"Fn::GetAtt": [
"PostgreSQLInstance",
"InnerConnectionString"
]
},
"PIP_MIRROR_URL": "http://mirrors.aliyun.com/pypi/simple/",
"REDIS_PORT": "6379",
"PLUGIN_REMOTE_INSTALLING_PORT": "5003",
"MAX_PLUGIN_PACKAGE_SIZE": "52428800",
"DB_DATABASE": "dify_plugin",
"DIFY_INNER_API_URL": "http://dify-api:5001"
}
}
},
"DifyPluginDaemonSecret": {
"Type": "ALIYUN::SAE::Secret",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"SecretName": "dify-plugin-daemon",
"SecretType": "Opaque",
"SecretData": {
"DB_PASSWORD": {
"Ref": "PostgresSQLPassword"
},
"DB_USERNAME": {
"Ref": "PostgresSQLUserName"
},
"DIFY_INNER_API_KEY": "QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1",
"REDIS_PASSWORD": {
"Ref": "RedisInstancePassword"
},
"REDIS_USERNAME": "default",
"SERVER_KEY": "lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi"
}
}
},
"DifySandboxConfigMap": {
"Type": "ALIYUN::SAE::ConfigMap",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Name": "dify-sandbox",
"Data": {
"GIN_MODE": "release",
"SANDBOX_PORT": "8194"
}
}
},
"DifySandboxSecret": {
"Type": "ALIYUN::SAE::Secret",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"SecretName": "dify-sandbox",
"SecretType": "Opaque",
"SecretData": {
"API_KEY": "dify-sandbox"
}
}
},
"DifyWebConfigMap": {
"Type": "ALIYUN::SAE::ConfigMap",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Name": "dify-web",
"Data": {
"MARKETPLACE_ENABLED": "true",
"MARKETPLACE_URL": "https://marketplace.dify.ai",
"MARKETPLACE_API_URL": "https://marketplace.dify.ai"
}
}
},
"DifyNginxConfigMap": {
"Type": "ALIYUN::SAE::ConfigMap",
"Properties": {
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Name": "dify-nginx",
"Data": {
"default.conf": "server {\n listen 80;\n server_name _;\n\n location /console/api {\n proxy_pass http://dify-api:5001;\n include proxy.conf;\n }\n\n location /api {\n proxy_pass http://dify-api:5001;\n include proxy.conf;\n }\n\n location /v1 {\n proxy_pass http://dify-api:5001;\n include proxy.conf;\n }\n\n location /files {\n proxy_pass http://dify-api:5001;\n include proxy.conf;\n }\n\n location /explore {\n proxy_pass http://dify-web:3000;\n proxy_set_header Dify-Hook-Url $scheme://$host$request_uri;\n include proxy.conf;\n }\n\n location /e/ {\n proxy_pass http://dify-plugin-daemon:5002;\n proxy_set_header Dify-Hook-Url $scheme://$host$request_uri;\n include proxy.conf;\n }\n\n location / {\n proxy_pass http://dify-web:3000;\n include proxy.conf;\n }\n }",
"nginx.conf": "user nginx;\n worker_processes auto;\n pid /var/run/nginx.pid;\n\n\n events {\n worker_connections 1024;\n }\n\n\n http {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n\n log_format main '$remote_addr - $remote_user [$time_local] \"$request\" '\n '$status $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n sendfile on;\n #tcp_nopush on;\n\n keepalive_timeout 65;\n\n #gzip on;\n client_max_body_size 15M;\n\n include /etc/nginx/conf.d/*.conf;\n }",
"proxy.conf": "proxy_set_header Host $host;\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\nproxy_set_header X-Forwarded-Proto $scheme;\nproxy_set_header X-Forwarded-Port $server_port;\nproxy_http_version 1.1;\nproxy_set_header Connection \"\";\nproxy_buffering off;\nproxy_read_timeout 3600s;\nproxy_send_timeout 3600s;"
}
}
},
"DifyApiApp": {
"DependsOn": [
"SaeNamespace",
"DifyApiConfigMap",
"DifyApiSecret",
"ADBPGInstance"
],
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "dify-api",
"SaeVersion": "v2",
"AutoConfig": false,
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VSwitchId": {
"Fn::Sub": [
"${VSwitch1},${VSwitch2}",
{
"VSwitch1": {
"Ref": "VSwitch1"
},
"VSwitch2": {
"Ref": "VSwitch2"
}
}
]
},
"Replicas": 1,
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Cpu": 1000,
"Memory": 2048,
"PackageType": "Image",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-api-v1.6.0"
},
"ProgrammingLanguage": "python",
"AppSource": "micro_service",
"Timezone": "Asia/Shanghai",
"NasConfigs": {
"Fn::Sub": [
"[{\"mountDomain\":\"${MOUNT_DOMAIN}\",\"mountPath\":\"/app/api/storage\",\"nasId\":\"${NAS_ID}\",\"nasPath\":\"dify-api\",\"readOnly\":false,\"volumeName\":\"nas-1\"}]",
{
"MOUNT_DOMAIN": {
"Fn::GetAtt": [
"APINasMountTarget",
"MountTargetDomain"
]
},
"NAS_ID": {
"Fn::GetAtt": [
"APINas",
"FileSystemId"
]
}
}
]
},
"PvtzDiscoverySvc": {
"Fn::Sub": [
"{\"enable\":\"true\",\"namespaceId\":\"${REGION_ID}:${NAMESPACE}\",\"portAndProtocol\":{\"5001:TCP\":\"5001\"},\"portProtocols\":[],\"pvtzDiscoveryName\":\"${REGION_ID}-${USER_ID}\",\"serviceName\":\"dify-api.${NAMESPACE}\"}",
{
"NAMESPACE": {
"Ref": "NamespaceName"
},
"USER_ID": {
"Ref": "ALIYUN::TenantId"
},
"REGION_ID": {
"Ref": "ALIYUN::Region"
}
}
]
},
"Envs": {
"Fn::Sub": [
"[{\"name\":\"APP_WEB_URL\"},{\"name\":\"FILES_URL\"},{\"name\":\"CODE_MAX_DEPTH\",\"value\":\"5\"},{\"name\":\"CODE_MAX_OBJECT_ARRAY_LENGTH\",\"value\":\"30\"},{\"name\":\"CHECK_UPDATE_URL\"},{\"name\":\"CODE_MAX_STRING_ARRAY_LENGTH\",\"value\":\"30\"},{\"name\":\"SERVICE_API_URL\"},{\"name\":\"sae-sys-secret-all-dify-api\",\"valueFrom\":{\"secretRef\":{\"secretId\":${SECRET_ID},\"key\":\"\"}}},{\"name\":\"CODE_MAX_PRECISION\",\"value\":\"20\"},{\"name\":\"CONSOLE_API_URL\"},{\"name\":\"TEMPLATE_TRANSFORM_MAX_LENGTH\",\"value\":\"80000\"},{\"name\":\"CODE_MAX_NUMBER\",\"value\":\"9223372036854775807\"},{\"name\":\"CODE_MAX_NUMBER_ARRAY_LENGTH\",\"value\":\"1000\"},{\"name\":\"CONSOLE_WEB_URL\"},{\"name\":\"CODE_MIN_NUMBER\",\"value\":\"-9223372036854775808\"},{\"name\":\"CODE_MAX_STRING_LENGTH\",\"value\":\"80000\"},{\"name\":\"SENTRY_DSN\"},{\"name\":\"CODE_EXECUTION_API_KEY\",\"valueFrom\":{\"secretRef\":{\"secretId\":${SANDBOX_SECRET_ID},\"key\":\"API_KEY\"}}},{\"name\":\"sae-sys-configmap-all-dify-api\",\"valueFrom\":{\"configMapRef\":{\"configMapId\":${CONFIGMAP_ID},\"key\":\"\"}}}]",
{
"CONFIGMAP_ID": {
"Fn::GetAtt": [
"DifyApiConfigMap",
"ConfigMapId"
]
},
"SECRET_ID": {
"Fn::GetAtt": [
"DifyApiSecret",
"SecretId"
]
},
"SANDBOX_SECRET_ID": {
"Fn::GetAtt": [
"DifySandboxSecret",
"SecretId"
]
}
}
]
}
}
},
"DifyWorkerApp": {
"DependsOn": [
"SaeNamespace",
"DifyWorkerConfigMap",
"DifyWorkerSecret"
],
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "dify-worker",
"SaeVersion": "v2",
"AutoConfig": false,
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VSwitchId": {
"Fn::Sub": [
"${VSwitch1},${VSwitch2}",
{
"VSwitch1": {
"Ref": "VSwitch1"
},
"VSwitch2": {
"Ref": "VSwitch2"
}
}
]
},
"Replicas": 1,
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Cpu": 1000,
"Memory": 2048,
"PackageType": "Image",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-api-v1.6.0"
},
"ProgrammingLanguage": "python",
"AppSource": "micro_service",
"Timezone": "Asia/Shanghai",
"NasConfigs": {
"Fn::Sub": [
"[{\"mountDomain\":\"${MOUNT_DOMAIN}\",\"mountPath\":\"/app/api/storage\",\"nasId\":\"${NAS_ID}\",\"nasPath\":\"dify-api\",\"readOnly\":false,\"volumeName\":\"nas-1\"}]",
{
"MOUNT_DOMAIN": {
"Fn::GetAtt": [
"APINasMountTarget",
"MountTargetDomain"
]
},
"NAS_ID": {
"Fn::GetAtt": [
"APINas",
"FileSystemId"
]
}
}
]
},
"Envs": {
"Fn::Sub": [
"[{\"name\":\"sae-sys-secret-all-dify-worker\",\"valueFrom\":{\"secretRef\":{\"secretId\":${SECRET_ID},\"key\":\"\"}}},{\"name\":\"sae-sys-configmap-all-dify-worker\",\"valueFrom\":{\"configMapRef\":{\"configMapId\":${CONFIGMAP_ID},\"key\":\"\"}}},{\"name\":\"CONSOLE_WEB_URL\"}]",
{
"CONFIGMAP_ID": {
"Fn::GetAtt": [
"DifyWorkerConfigMap",
"ConfigMapId"
]
},
"SECRET_ID": {
"Fn::GetAtt": [
"DifyWorkerSecret",
"SecretId"
]
}
}
]
}
}
},
"DifyPluginDaemonApp": {
"DependsOn": [
"SaeNamespace",
"DifyPluginDaemonConfigMap",
"DifyPluginDaemonSecret"
],
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "dify-plugin-daemon",
"SaeVersion": "v2",
"AutoConfig": false,
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VSwitchId": {
"Fn::Sub": [
"${VSwitch1},${VSwitch2}",
{
"VSwitch1": {
"Ref": "VSwitch1"
},
"VSwitch2": {
"Ref": "VSwitch2"
}
}
]
},
"Replicas": 1,
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Cpu": 1000,
"Memory": 2048,
"PackageType": "Image",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-plugin-daemon-v0.1.3-local"
},
"ProgrammingLanguage": "golang",
"AppSource": "micro_service",
"Timezone": "Asia/Shanghai",
"NasConfigs": {
"Fn::Sub": [
"[{\"mountDomain\":\"${MOUNT_DOMAIN}\",\"mountPath\":\"/app/storage\",\"nasId\":\"${NAS_ID}\",\"nasPath\":\"dify-plugin-daemon\",\"readOnly\":false,\"volumeName\":\"nas-1\"}]",
{
"MOUNT_DOMAIN": {
"Fn::GetAtt": [
"PluginNasMountTarget",
"MountTargetDomain"
]
},
"NAS_ID": {
"Fn::GetAtt": [
"PluginNas",
"FileSystemId"
]
}
}
]
},
"PvtzDiscoverySvc": {
"Fn::Sub": [
"{\"enable\":\"true\",\"namespaceId\":\"${REGION_ID}:${NAMESPACE}\",\"portAndProtocol\":{\"5003:TCP\":\"5003\",\"5002:TCP\":\"5002\"},\"portProtocols\":[],\"pvtzDiscoveryName\":\"${REGION_ID}-${USER_ID}\",\"serviceName\":\"dify-plugin-daemon.${NAMESPACE}\"}",
{
"NAMESPACE": {
"Ref": "NamespaceName"
},
"USER_ID": {
"Ref": "ALIYUN::TenantId"
},
"REGION_ID": {
"Ref": "ALIYUN::Region"
}
}
]
},
"Envs": {
"Fn::Sub": [
"[{\"name\":\"sae-sys-secret-all-dify-plugin-daemon\",\"valueFrom\":{\"secretRef\":{\"secretId\":${SECRET_ID},\"key\":\"\"}}},{\"name\":\"sae-sys-configmap-all-dify-plugin-daemon\",\"valueFrom\":{\"configMapRef\":{\"configMapId\":${CONFIGMAP_ID},\"key\":\"\"}}}]",
{
"CONFIGMAP_ID": {
"Fn::GetAtt": [
"DifyPluginDaemonConfigMap",
"ConfigMapId"
]
},
"SECRET_ID": {
"Fn::GetAtt": [
"DifyPluginDaemonSecret",
"SecretId"
]
}
}
]
}
}
},
"DifySandboxApp": {
"DependsOn": [
"SaeNamespace",
"DifySandboxConfigMap",
"DifySandboxSecret"
],
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "dify-sandbox",
"SaeVersion": "v2",
"AutoConfig": false,
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VSwitchId": {
"Fn::Sub": [
"${VSwitch1},${VSwitch2}",
{
"VSwitch1": {
"Ref": "VSwitch1"
},
"VSwitch2": {
"Ref": "VSwitch2"
}
}
]
},
"Replicas": 1,
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Cpu": 1000,
"Memory": 2048,
"PackageType": "Image",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-sandbox-v0.2.12"
},
"ProgrammingLanguage": "golang",
"AppSource": "micro_service",
"Timezone": "Asia/Shanghai",
"PvtzDiscoverySvc": {
"Fn::Sub": [
"{\"enable\":\"true\",\"namespaceId\":\"${REGION_ID}:${NAMESPACE}\",\"portAndProtocol\":{\"8194:TCP\":\"8194\"},\"portProtocols\":[],\"pvtzDiscoveryName\":\"${REGION_ID}-${USER_ID}\",\"serviceName\":\"dify-sandbox.${NAMESPACE}\"}",
{
"NAMESPACE": {
"Ref": "NamespaceName"
},
"USER_ID": {
"Ref": "ALIYUN::TenantId"
},
"REGION_ID": {
"Ref": "ALIYUN::Region"
}
}
]
},
"Envs": {
"Fn::Sub": [
"[{\"name\":\"sae-sys-secret-all-dify-sandbox\",\"valueFrom\":{\"secretRef\":{\"secretId\":${SECRET_ID},\"key\":\"\"}}},{\"name\":\"WORKER_TIMEOUT\",\"value\":\"15\"},{\"name\":\"sae-sys-configmap-all-dify-sandbox\",\"valueFrom\":{\"configMapRef\":{\"configMapId\":${CONFIGMAP_ID},\"key\":\"\"}}}]",
{
"CONFIGMAP_ID": {
"Fn::GetAtt": [
"DifySandboxConfigMap",
"ConfigMapId"
]
},
"SECRET_ID": {
"Fn::GetAtt": [
"DifySandboxSecret",
"SecretId"
]
}
}
]
}
}
},
"DifyWebApp": {
"DependsOn": [
"SaeNamespace",
"DifyWebConfigMap"
],
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "dify-web",
"SaeVersion": "v2",
"AutoConfig": false,
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VSwitchId": {
"Fn::Sub": [
"${VSwitch1},${VSwitch2}",
{
"VSwitch1": {
"Ref": "VSwitch1"
},
"VSwitch2": {
"Ref": "VSwitch2"
}
}
]
},
"Replicas": 1,
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Cpu": 1000,
"Memory": 2048,
"PackageType": "Image",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:dify-web-v1.6.0"
},
"ProgrammingLanguage": "other",
"AppSource": "micro_service",
"Timezone": "Asia/Shanghai",
"PvtzDiscoverySvc": {
"Fn::Sub": [
"{\"enable\":\"true\",\"namespaceId\":\"${REGION_ID}:${NAMESPACE}\",\"portAndProtocol\":{\"3000:TCP\":\"3000\"},\"portProtocols\":[],\"pvtzDiscoveryName\":\"${REGION_ID}-${USER_ID}\",\"serviceName\":\"dify-web.${NAMESPACE}\"}",
{
"NAMESPACE": {
"Ref": "NamespaceName"
},
"USER_ID": {
"Ref": "ALIYUN::TenantId"
},
"REGION_ID": {
"Ref": "ALIYUN::Region"
}
}
]
},
"Envs": {
"Fn::Sub": [
"[{\"name\":\"sae-sys-configmap-all-dify-web\",\"valueFrom\":{\"configMapRef\":{\"configMapId\":${CONFIGMAP_ID},\"key\":\"\"}}},{\"name\":\"APP_API_URL\"},{\"name\":\"CONSOLE_API_URL\"},{\"name\":\"EDITION\",\"value\":\"SELF_HOSTED\"}]",
{
"CONFIGMAP_ID": {
"Fn::GetAtt": [
"DifyWebConfigMap",
"ConfigMapId"
]
}
}
]
}
}
},
"DifyNginxApp": {
"DependsOn": [
"SaeNamespace",
"DifyNginxConfigMap"
],
"Type": "ALIYUN::SAE::Application",
"Properties": {
"AppName": "dify-nginx",
"SaeVersion": "v2",
"AutoConfig": false,
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VSwitchId": {
"Fn::Sub": [
"${VSwitch1},${VSwitch2}",
{
"VSwitch1": {
"Ref": "VSwitch1"
},
"VSwitch2": {
"Ref": "VSwitch2"
}
}
]
},
"Replicas": 1,
"NamespaceId": {
"Ref": "SaeNamespace"
},
"Cpu": 1000,
"Memory": 2048,
"PackageType": "Image",
"ImageUrl": {
"Fn::Sub": "registry.${ALIYUN::Region}.aliyuncs.com/sae-serverless-demo/sae-demo:nginx-v1.23.4"
},
"ProgrammingLanguage": "other",
"AppSource": "micro_service",
"Timezone": "Asia/Shanghai",
"ConfigMapMountDesc": {
"Fn::Sub": [
"[{\"MountPath\":\"/etc/nginx/conf.d/default.conf\",\"ConfigMapId\":${CONFIGMAP_ID},\"ConfigMapName\":\"dify-nginx\",\"Key\":\"default.conf\"},{\"MountPath\":\"/etc/nginx/nginx.conf\",\"ConfigMapId\":${CONFIGMAP_ID},\"ConfigMapName\":\"dify-nginx\",\"Key\":\"nginx.conf\"},{\"MountPath\":\"/etc/nginx/proxy.conf\",\"ConfigMapId\":${CONFIGMAP_ID},\"ConfigMapName\":\"dify-nginx\",\"Key\":\"proxy.conf\"}]",
{
"CONFIGMAP_ID": {
"Fn::GetAtt": [
"DifyNginxConfigMap",
"ConfigMapId"
]
}
}
]
}
}
},
"InternetClb": {
"Type": "ALIYUN::SLB::LoadBalancer",
"Properties": {
"LoadBalancerName": {
"Ref": "ALIYUN::StackName"
},
"LoadBalancerSpec": "slb.s2.medium",
"AddressType": "internet"
}
},
"BackendAppBindClb": {
"Type": "ALIYUN::SAE::SlbBinding",
"DependsOn": [
"DifyNginxApp",
"InternetClb"
],
"Properties": {
"InternetSlbId": {
"Fn::GetAtt": [
"InternetClb",
"LoadBalancerId"
]
},
"Internet": "[{\"port\": 80, \"targetPort\": 80, \"protocol\": \"TCP\"}]",
"AppId": {
"Fn::GetAtt": [
"DifyNginxApp",
"AppId"
]
}
}
}
},
"Outputs": {
"DifyAddress": {
"Label": {
"zh-cn": "dify服务地址。",
"en": "dify service address."
},
"Description": {
"zh-cn": "dify服务地址。",
"en": "dify service address."
},
"Value": {
"Fn::Sub": [
"http://${ServerAddress}:80",
{
"ServerAddress": {
"Fn::GetAtt": [
"InternetClb",
"IpAddress"
]
}
}
]
}
},
"PostgresName": {
"Label": {
"zh-cn": "Postgres 用户名",
"en": "Postgres username"
},
"Description": {
"zh-cn": "AnalyticDB PostgreSQL 的用户名。",
"en": "The username of AnalyticDB PostgreSQL."
},
"Value": {
"Ref": "ADBPGAccount"
}
},
"PostgresPassword": {
"Label": {
"zh-cn": "Postgres 密码",
"en": "Postgres password"
},
"Description": {
"zh-cn": "AnalyticDB PostgreSQL 的密码。",
"en": "The password of AnalyticDB PostgreSQL."
},
"NoEcho": true,
"Value": {
"Ref": "ADBPGPassword"
}
},
"PostgresConnectionString": {
"Label": {
"zh-cn": "Postgres 数据库地址",
"en": "Postgres database address"
},
"Description": {
"zh-cn": "AnalyticDB PostgreSQL 的内网连接地址。",
"en": "The internal network connection address of AnalyticDB PostgreSQL."
},
"Value": {
"Fn::GetAtt": [
"ADBPGInstance",
"ConnectionString"
]
}
},
"APINasFileSystemId": {
"Label": {
"zh-cn": "API NAS 文件系统",
"en": "API NAS file System"
},
"Description": {
"zh-cn": "NAS 文件系统。",
"en": "NAS file System."
},
"Value": {
"Ref": "APINas"
}
},
"APINasMountTarget": {
"Label": {
"zh-cn": "API NAS 挂载点",
"en": "API NAS MountTarget"
},
"Description": {
"zh-cn": "NAS 挂载点。",
"en": "NAS MountTarget."
},
"Value": {
"Ref": "APINasMountTarget"
}
},
"PluginNasFileSystemId": {
"Label": {
"zh-cn": "API NAS 文件系统",
"en": "API NAS file System"
},
"Description": {
"zh-cn": "NAS 文件系统。",
"en": "NAS file System."
},
"Value": {
"Ref": "PluginNas"
}
},
"PluginNasMountTarget": {
"Label": {
"zh-cn": "API NAS 挂载点",
"en": "API NAS MountTarget"
},
"Description": {
"zh-cn": "NAS 挂载点。",
"en": "NAS MountTarget."
},
"Value": {
"Ref": "PluginNasMountTarget"
}
},
"RedisConnectionString": {
"Label": {
"zh-cn": "Redis 连接地址",
"en": "Redis connection address"
},
"Description": {
"zh-cn": "Redis 连接地址。",
"en": "Redis connection address."
},
"Value": {
"Fn::GetAtt": [
"RedisInstance",
"ConnectionDomain"
]
}
},
"RedisName": {
"Label": {
"zh-cn": "Redis 用户名",
"en": "Redis username"
},
"Description": {
"zh-cn": "Redis 的用户名。",
"en": "The username of Redis."
},
"Value": "default"
},
"RedisInstancePassword": {
"Label": {
"zh-cn": "Redis 密码",
"en": "Redis password"
},
"Description": {
"zh-cn": "Redis 的密码。",
"en": "The password of Redis."
},
"NoEcho": true,
"Value": {
"Ref": "RedisInstancePassword"
}
},
"PostgreSQLDBName": {
"Label": {
"zh-cn": "数据库名称",
"en": "DBName"
},
"Description": {
"zh-cn": "RDS PostgreSQL 的数据库名称。",
"en": "The database name of RDS PostgreSQL."
},
"Value": "dify"
},
"PostgreSQLConnectionString": {
"Label": {
"zh-cn": "RDS 数据库地址",
"en": "RDS Database address"
},
"Description": {
"zh-cn": "RDS PostgreSQL 的内网连接地址。",
"en": "The internal network connection address of RDS PostgreSQL."
},
"Value": {
"Fn::GetAtt": [
"PostgreSQLInstance",
"InnerConnectionString"
]
}
},
"PostgreSQLAccount": {
"Label": {
"zh-cn": "RDS 用户名",
"en": "RDS Account"
},
"Description": {
"zh-cn": "RDS PostgreSQL 的用户名。",
"en": "The username of RDS PostgreSQL."
},
"Value": {
"Ref": "PostgresSQLUserName"
}
},
"PostgreSQLPassword": {
"Label": {
"zh-cn": "RDS 密码",
"en": "RDS Password"
},
"Description": {
"zh-cn": "RDS PostgreSQL 的密码。",
"en": "The password of RDS PostgreSQL."
},
"NoEcho": true,
"Value": {
"Ref": "PostgresSQLPassword"
}
},
"NameSpace": {
"Label": {
"zh-cn": "命名空间",
"en": "NameSpace"
},
"Description": {
"zh-cn": "命名空间。",
"en": "NameSpace."
},
"Value": {
"Fn::Sub": "${ALIYUN::Region}:${NamespaceName}"
}
},
"Vpc": {
"Label": {
"zh-cn": "Vpc ID",
"en": "Vpc ID"
},
"Description": {
"zh-cn": "Vpc ID。",
"en": "Vpc ID。"
},
"Value": {
"Ref": "Vpc"
}
},
"Vsw": {
"Label": {
"zh-cn": "交换机 ID",
"en": "Vsw ID"
},
"Description": {
"zh-cn": "交换机 ID。",
"en": "Vsw ID."
},
"Value": {
"Ref": "VSwitch1"
}
},
"Sg": {
"Label": {
"zh-cn": "安全组 ID",
"en": "Security Group ID"
},
"Description": {
"zh-cn": "安全组 ID。",
"en": "Security Group ID."
},
"Value": {
"Ref": "SecurityGroup"
}
},
"SecretKey": {
"Label": {
"zh-cn": "Secret Key",
"en": "Secret Key"
},
"Description": {
"zh-cn": "用于安全签名以及加密数据库中的敏感信息。",
"en": "Used for secure signatures and encrypting sensitive information in the database."
},
"NoEcho": true,
"Value": {
"Fn::Base64Decode": {
"Fn::Jq": [
"First",
".[0].Output",
{
"Fn::GetAtt": [
"RunCommand",
"InvokeResults"
]
}
]
}
}
},
"dify-nginx": {
"Label": {
"zh-cn": "dify-nginx的应用地址",
"en": "The application address of dify-nginx"
},
"Description": {
"zh-cn": "dify-nginx的应用地址,在应用访问设置,基于 CLB 访问,查看公网访问地址。",
"en": "The application address of dify-nginx,In the application access Settings, based on CLB access, view the public network access address."
},
"Value": {
"Fn::Sub": "https://saenext.console.aliyun.com/${ALIYUN::Region}/app-list/${DifyNginxApp.AppId}/micro-app/base?name=dify-nginx"
}
},
"ECSInstanceId": {
"Label": {
"zh-cn": "dify-nginx的应用地址",
"en": "The application address of dify-nginx"
},
"Description": {
"zh-cn": "ECS实例ID,此实例部署了示例电商系统。",
"en": "ECS instance ID. This instance deploys the sample e-commerce system."
},
"Value": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"EcsInstance",
"InstanceIds"
]
}
]
}
},
"Console@DemoUrl": {
"Description": {
"zh-cn": "应用程序访问域名,即本方案的电商系统地址。",
"en": "The application accesses the domain name, which is the address of the e-commerce system of this solution."
},
"Value": {
"Fn::Sub": [
"http://${PublicIp}",
{
"PublicIp": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"EcsInstance",
"PublicIps"
]
}
]
}
}
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"Outputs": [
"DifyAddress",
"ECSInstanceId",
"Console@DemoUrl",
"dify-nginx",
"NameSpace",
"Vpc",
"Vsw",
"Sg",
"PostgreSQLDBName",
"PostgreSQLConnectionString",
"PostgreSQLAccount",
"PostgreSQLPassword",
"PostgresName",
"PostgresPassword",
"PostgresConnectionString",
"APINasFileSystemId",
"APINasMountTarget",
"PluginNasFileSystemId",
"PluginNasMountTarget",
"RedisConnectionString",
"RedisName",
"RedisInstancePassword",
"SecretKey"
],
"ParameterGroups": [
{
"Parameters": [
"ZoneId1",
"ZoneId2"
],
"Label": {
"default": {
"en": "Availability Zone",
"zh-cn": "可用区"
}
}
},
{
"Parameters": [
"InstanceType",
"InstancePassword"
],
"Label": {
"default": {
"en": "Cloud Server ECS",
"zh-cn": "云服务器 ECS"
}
}
},
{
"Parameters": [
"RedisInstancePassword"
],
"Label": {
"default": {
"en": "Cloud database Tair (compatible with Redis)",
"zh-cn": "云数据库Tair(兼容Redis)"
}
}
},
{
"Parameters": [
"ADBPGAccount",
"ADBPGPassword"
],
"Label": {
"default": {
"en": "Cloud-native data warehouse AnalyticDB PostgreSQL version",
"zh-cn": "云原生数据仓库AnalyticDB PostgreSQL版"
}
}
},
{
"Parameters": [
"DBInstanceClass",
"RdsDatabaseName",
"PostgresSQLUserName",
"PostgresSQLPassword"
],
"Label": {
"default": {
"en": "Cloud database RDS PostgreSQL",
"zh-cn": "云数据库 RDS PostgreSQL"
}
}
},
{
"Parameters": [
"NamespaceName"
],
"Label": {
"default": {
"en": "Serverless Application Engine SAE",
"zh-cn": "Serverless 应用引擎 SAE"
}
}
}
],
"TemplateTags": [
"acs:technical-solution:internet-application-development:通过Serverless应用引擎部署生产环境 Dify 平台-tech_solu_251"
],
"Hidden": [
"CommonName"
]
}
}
}该文章对您有帮助吗?