# How to Install Dify on Ubuntu 24 with Nginx as reverse proxy for public domain

Before installing Dify on Ubuntu 24, ensure your system meets the following requirements:

**System Requirements:**

* CPU: 2+ cores
    
* RAM: 4+ GB
    
* Storage: 20+ GB free space
    
* Ubuntu 24.04 LTS with sudo privileges
    
* A registered domain name pointing to your server's IP address
    

## Step 1: Update System and Install Dependencies

First, update your Ubuntu system and install the required dependencies:

```bash
sudo apt update && sudo apt upgrade -y
sudo apt install -y curl git docker.io docker-compose nginx
```

**Start and enable Docker:**

```bash
sudo systemctl enable --now docker
sudo usermod -aG docker $USER
newgrp docker
```

**Verify Docker installation:**

```bash
docker --version
docker-compose --version
```

## Step 2: Install and Configure Nginx

**Install Nginx and start the service:**

```bash
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
```

**Configure firewall to allow HTTP and HTTPS traffic:**

```bash
sudo ufw allow 'Nginx Full'
sudo ufw enable
```

## Step 3: Clone and Configure Dify

**Clone the Dify repository:**

```bash
git clone https://github.com/langgenius/dify.git
cd dify/docker
```

**Copy and configure environment variables:**

```bash
cp .env.example .env
```

**Modify the** `.env` file to change default ports (since Nginx will use ports 80 and 443):

```bash
nano .env
```

**Update these port configurations in the** `.env` file:

```bash
# Change default ports to avoid conflicts with Nginx
EXPOSE_NGINX_PORT=8080
EXPOSE_NGINX_SSL_PORT=8443

# Configure URL variables for your domain
CONSOLE_API_URL=https://yourdomain.com
CONSOLE_WEB_URL=https://yourdomain.com
SERVICE_API_URL=https://yourdomain.com
APP_API_URL=https://yourdomain.com
APP_WEB_URL=https://yourdomain.com
FILES_URL=https://yourdomain.com
```

## Step 4: Start Dify Services

**Start Dify with Docker Compose:**

```bash
docker compose up -d
```

**Verify all containers are running:**

```bash
docker compose ps
```

You should see containers for api, worker, web, nginx, db, redis, weaviate, sandbox, and ssrf\_proxy.

## Step 5: Configure Nginx Reverse Proxy

**Create a new Nginx server block for your domain:**

```bash
sudo nano /etc/nginx/sites-available/yourdomain.com
```

**Add the following configuration:**

```nginx
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    
    # Proxy all requests to Dify
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        
        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # Timeouts
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        
        # Buffer settings
        proxy_buffers 32 4k;
        client_max_body_size 50M;
    }
}
```

**Enable the site and test configuration:**

```bash
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default  # Remove default site
sudo nginx -t
sudo systemctl reload nginx
```

## Step 6: Install SSL Certificate with Let's Encrypt

**Install Certbot:**

```bash
sudo apt install certbot python3-certbot-nginx -y
```

**Obtain and configure SSL certificate:**

```bash
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
```

During the process, Certbot will:

* Automatically detect your Nginx configuration
    
* Obtain an SSL certificate from Let's Encrypt
    
* Modify your Nginx configuration to use HTTPS
    
* Set up automatic HTTP to HTTPS redirects
    

**Verify SSL configuration:**

```bash
sudo nginx -t
sudo systemctl reload nginx
```

## Step 7: Configure Automatic SSL Renewal

**Test automatic renewal:**

```bash
sudo certbot renew --dry-run
```

The renewal process should complete successfully, ensuring your SSL certificates will be automatically renewed.

## Step 8: Access and Initialize Dify

**Access your Dify installation:**

1. Open your browser and navigate to [`https://yourdomain.com/install`](https://yourdomain.com/install)
    
2. Create your admin account and complete the initial setup
    
3. Access the main Dify interface at [`https://yourdomain.com`](https://yourdomain.com)
    

## Verification and Troubleshooting

**Check Dify container status:**

```bash
cd dify/docker
docker compose ps
```

**View container logs if needed:**

```bash
docker compose logs -f
```

**Monitor Nginx logs:**

```bash
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
```

## Security Considerations

1. **Firewall Configuration:** Ensure only necessary ports (80, 443, 22 for SSH) are open
    
2. **Regular Updates:** Keep Ubuntu, Docker, and Dify updated regularly
    
3. **SSL Security:** Let's Encrypt certificates are automatically renewed every 90 days
    
4. **Access Control:** Consider implementing additional access controls if needed
    

## Updating Dify

To update Dify to the latest version:

```bash
cd dify/docker
docker compose down
git pull origin main
docker compose pull
docker compose up -d
```

Remember to backup your data and check for any configuration changes in the `.env.example` file that may need to be applied to your `.env` file.

This setup provides you with a production-ready Dify installation accessible via your public domain with SSL encryption, properly reverse-proxied through Nginx for optimal performance and security.