Skip to main content
HashnodeTenten - AI / ML DevelopmentTenten - AI / ML Development

Command Palette

Search for a command to run...

How to Install Dify on Ubuntu 24 with Nginx as reverse proxy for public domain

Updated
4 min read
How to Install Dify on Ubuntu 24 with Nginx as reverse proxy for public domain
E
Erik Chen

Before installing Dify on Ubuntu 24, ensure your system meets the following requirements:

System Requirements:

  • CPU: 2+ cores

  • RAM: 4+ GB

  • Storage: 20+ GB free space

  • Ubuntu 24.04 LTS with sudo privileges

  • A registered domain name pointing to your server's IP address

Step 1: Update System and Install Dependencies

First, update your Ubuntu system and install the required dependencies:

sudo apt update && sudo apt upgrade -y
sudo apt install -y curl git docker.io docker-compose nginx

Start and enable Docker:

sudo systemctl enable --now docker
sudo usermod -aG docker $USER
newgrp docker

Verify Docker installation:

docker --version
docker-compose --version

Step 2: Install and Configure Nginx

Install Nginx and start the service:

sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx

Configure firewall to allow HTTP and HTTPS traffic:

sudo ufw allow 'Nginx Full'
sudo ufw enable

Step 3: Clone and Configure Dify

Clone the Dify repository:

git clone https://github.com/langgenius/dify.git
cd dify/docker

Copy and configure environment variables:

cp .env.example .env

Modify the .env file to change default ports (since Nginx will use ports 80 and 443):

nano .env

Update these port configurations in the .env file:

# Change default ports to avoid conflicts with Nginx
EXPOSE_NGINX_PORT=8080
EXPOSE_NGINX_SSL_PORT=8443

# Configure URL variables for your domain
CONSOLE_API_URL=https://yourdomain.com
CONSOLE_WEB_URL=https://yourdomain.com
SERVICE_API_URL=https://yourdomain.com
APP_API_URL=https://yourdomain.com
APP_WEB_URL=https://yourdomain.com
FILES_URL=https://yourdomain.com

Step 4: Start Dify Services

Start Dify with Docker Compose:

docker compose up -d

Verify all containers are running:

docker compose ps

You should see containers for api, worker, web, nginx, db, redis, weaviate, sandbox, and ssrf_proxy.

Step 5: Configure Nginx Reverse Proxy

Create a new Nginx server block for your domain:

sudo nano /etc/nginx/sites-available/yourdomain.com

Add the following configuration:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    # Proxy all requests to Dify
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Timeouts
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;

        # Buffer settings
        proxy_buffers 32 4k;
        client_max_body_size 50M;
    }
}

Enable the site and test configuration:

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default  # Remove default site
sudo nginx -t
sudo systemctl reload nginx

Step 6: Install SSL Certificate with Let's Encrypt

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y

Obtain and configure SSL certificate:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

During the process, Certbot will:

  • Automatically detect your Nginx configuration

  • Obtain an SSL certificate from Let's Encrypt

  • Modify your Nginx configuration to use HTTPS

  • Set up automatic HTTP to HTTPS redirects

Verify SSL configuration:

sudo nginx -t
sudo systemctl reload nginx

Step 7: Configure Automatic SSL Renewal

Test automatic renewal:

sudo certbot renew --dry-run

The renewal process should complete successfully, ensuring your SSL certificates will be automatically renewed.

Step 8: Access and Initialize Dify

Access your Dify installation:

  1. Open your browser and navigate to https://yourdomain.com/install

  2. Create your admin account and complete the initial setup

  3. Access the main Dify interface at https://yourdomain.com

Verification and Troubleshooting

Check Dify container status:

cd dify/docker
docker compose ps

View container logs if needed:

docker compose logs -f

Monitor Nginx logs:

sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

Security Considerations

  1. Firewall Configuration: Ensure only necessary ports (80, 443, 22 for SSH) are open

  2. Regular Updates: Keep Ubuntu, Docker, and Dify updated regularly

  3. SSL Security: Let's Encrypt certificates are automatically renewed every 90 days

  4. Access Control: Consider implementing additional access controls if needed

Updating Dify

To update Dify to the latest version:

cd dify/docker
docker compose down
git pull origin main
docker compose pull
docker compose up -d

Remember to backup your data and check for any configuration changes in the .env.example file that may need to be applied to your .env file.

This setup provides you with a production-ready Dify installation accessible via your public domain with SSL encryption, properly reverse-proxied through Nginx for optimal performance and security.

#dify#ai#agentic-ai

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

T

Tenten - AI / ML Development

225 posts

🚀 Revolutionize your business with AI! 🤖 Trusted by tech giants since 2013, we're your go-to LLM experts. From startups to corporations, we bring ideas to life with custom AI solutions