KNet/onyx
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

made coolify-ready

Browse source
This commit is contained in:
KARMACOMA 2025-12-13 19:44:44 +01:00
parent 964e1219bc
commit f4bf6fad60
3 changed files with 86 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
.env Normal file
View file

199
docker-compose.yml
View file

@ -37,11 +37,8 @@
name: onyx
services:
api_server:
onyx-api_server:
image: ${ONYX_BACKEND_IMAGE:-onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}}
build:
context: ../../backend
dockerfile: Dockerfile
command: >
/bin/sh -c "alembic upgrade head &&
echo \"Starting Onyx Api Server\" &&
@ -51,12 +48,14 @@ services:
- path: .env
required: false
depends_on:
- relational_db
- index
- cache
- inference_model_server
- minio
- onyx-relational_db
- onyx-index
- onyx-cache
- onyx-inference_model_server
- onyx-minio
restart: unless-stopped
expose:
- "8080"
# DEV: To expose ports, either:
# 1. Use docker-compose.dev.yml: docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d
# 2. Uncomment the ports below
@ -65,11 +64,11 @@ services:
environment:
# Auth Settings
- AUTH_TYPE=${AUTH_TYPE:-basic}
- POSTGRES_HOST=${POSTGRES_HOST:-relational_db}
- VESPA_HOST=${VESPA_HOST:-index}
- REDIS_HOST=${REDIS_HOST:-cache}
- MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-inference_model_server}
- S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://minio:9000}
- POSTGRES_HOST=${POSTGRES_HOST:-onyx-relational_db}
- VESPA_HOST=${VESPA_HOST:-onyx-index}
- REDIS_HOST=${REDIS_HOST:-onyx-cache}
- MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-onyx-inference_model_server}
- S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://onyx-minio:9000}
- S3_AWS_ACCESS_KEY_ID=${S3_AWS_ACCESS_KEY_ID:-minioadmin}
- S3_AWS_SECRET_ACCESS_KEY=${S3_AWS_SECRET_ACCESS_KEY:-minioadmin}
# PRODUCTION: Uncomment the line below to use if IAM_AUTH is true and you are using iam auth for postgres
@ -84,13 +83,10 @@ services:
max-file: "6"
# Optional, only for debugging purposes
volumes:
- api_server_logs:/var/log/onyx
- onyx-api_server_logs:/var/log/onyx
background:
onyx-background:
image: ${ONYX_BACKEND_IMAGE:-onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}}
build:
context: ../../backend
dockerfile: Dockerfile
command: >
/bin/sh -c "
if [ -f /etc/ssl/certs/custom-ca.crt ]; then
@ -101,20 +97,20 @@ services:
- path: .env
required: false
depends_on:
- relational_db
- index
- cache
- inference_model_server
- indexing_model_server
- onyx-relational_db
- onyx-index
- onyx-cache
- onyx-inference_model_server
- onyx-indexing_model_server
restart: unless-stopped
environment:
- USE_LIGHTWEIGHT_BACKGROUND_WORKER=${USE_LIGHTWEIGHT_BACKGROUND_WORKER:-true}
- POSTGRES_HOST=${POSTGRES_HOST:-relational_db}
- VESPA_HOST=${VESPA_HOST:-index}
- REDIS_HOST=${REDIS_HOST:-cache}
- MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-inference_model_server}
- INDEXING_MODEL_SERVER_HOST=${INDEXING_MODEL_SERVER_HOST:-indexing_model_server}
- S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://minio:9000}
- POSTGRES_HOST=${POSTGRES_HOST:-onyx-relational_db}
- VESPA_HOST=${VESPA_HOST:-onyx-index}
- REDIS_HOST=${REDIS_HOST:-onyx-cache}
- MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-onyx-inference_model_server}
- INDEXING_MODEL_SERVER_HOST=${INDEXING_MODEL_SERVER_HOST:-onyx-indexing_model_server}
- S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://onyx-minio:9000}
- S3_AWS_ACCESS_KEY_ID=${S3_AWS_ACCESS_KEY_ID:-minioadmin}
- S3_AWS_SECRET_ACCESS_KEY=${S3_AWS_SECRET_ACCESS_KEY:-minioadmin}
# PRODUCTION: Uncomment the line below to use if IAM_AUTH is true and you are using iam auth for postgres
@ -124,7 +120,7 @@ services:
- "host.docker.internal:host-gateway"
# Optional, only for debugging purposes
volumes:
- background_logs:/var/log/onyx
- onyx-background_logs:/var/log/onyx
logging:
driver: json-file
options:
@ -140,36 +136,29 @@ services:
# # Maps to the CA_CERT_PATH environment variable in the Dockerfile
# - ${CA_CERT_PATH:-./custom-ca.crt}:/etc/ssl/certs/custom-ca.crt:ro
web_server:
onyx-web_server:
image: ${ONYX_WEB_SERVER_IMAGE:-onyxdotapp/onyx-web-server:${IMAGE_TAG:-latest}}
build:
context: ../../web
dockerfile: Dockerfile
args:
- NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS:-}
- NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS:-}
- NEXT_PUBLIC_DISABLE_LOGOUT=${NEXT_PUBLIC_DISABLE_LOGOUT:-}
- NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN=${NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN:-}
- NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED=${NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED:-}
# Enterprise Edition only
- NEXT_PUBLIC_THEME=${NEXT_PUBLIC_THEME:-}
# DO NOT TURN ON unless you have EXPLICIT PERMISSION from Onyx.
- NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED=${NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED:-false}
- NODE_OPTIONS=${NODE_OPTIONS:-"--max-old-space-size=4096"}
env_file:
- path: .env
required: false
depends_on:
- api_server
- onyx-api_server
restart: unless-stopped
expose:
- "3000"
environment:
- INTERNAL_URL=${INTERNAL_URL:-http://api_server:8080}
- INTERNAL_URL=${INTERNAL_URL:-http://onyx-api_server:8080}
- NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS:-}
- NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS:-}
- NEXT_PUBLIC_DISABLE_LOGOUT=${NEXT_PUBLIC_DISABLE_LOGOUT:-}
- NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN=${NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN:-}
- NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED=${NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED:-}
- NEXT_PUBLIC_THEME=${NEXT_PUBLIC_THEME:-}
- NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED=${NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED:-true}
- NODE_OPTIONS=${NODE_OPTIONS:-"--max-old-space-size=4096"}
mcp_server:
onyx-mcp_server:
image: ${ONYX_BACKEND_IMAGE:-onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}}
build:
context: ../../backend
dockerfile: Dockerfile
command: >
/bin/sh -c "if [ \"${MCP_SERVER_ENABLED:-}\" != \"True\" ] && [ \"${MCP_SERVER_ENABLED:-}\" != \"true\" ]; then
echo 'MCP server is disabled (MCP_SERVER_ENABLED=false), skipping...';
@ -181,18 +170,18 @@ services:
- path: .env
required: false
depends_on:
- relational_db
- cache
- onyx-relational_db
- onyx-cache
restart: "no"
environment:
- POSTGRES_HOST=${POSTGRES_HOST:-relational_db}
- REDIS_HOST=${REDIS_HOST:-cache}
- POSTGRES_HOST=${POSTGRES_HOST:-onyx-relational_db}
- REDIS_HOST=${REDIS_HOST:-onyx-cache}
# MCP Server Configuration
- MCP_SERVER_ENABLED=${MCP_SERVER_ENABLED:-false}
- MCP_SERVER_PORT=${MCP_SERVER_PORT:-8090}
- MCP_SERVER_CORS_ORIGINS=${MCP_SERVER_CORS_ORIGINS:-}
- API_SERVER_PROTOCOL=${API_SERVER_PROTOCOL:-http}
- API_SERVER_HOST=${API_SERVER_HOST:-api_server}
- API_SERVER_HOST=${API_SERVER_HOST:-onyx-api_server}
- API_SERVER_PORT=${API_SERVER_PORT:-8080}
extra_hosts:
- "host.docker.internal:host-gateway"
@ -203,13 +192,10 @@ services:
max-file: "6"
# Optional, only for debugging purposes
volumes:
- mcp_server_logs:/var/log/onyx
- onyx-mcp_server_logs:/var/log/onyx
inference_model_server:
onyx-inference_model_server:
image: ${ONYX_MODEL_SERVER_IMAGE:-onyxdotapp/onyx-model-server:${IMAGE_TAG:-latest}}
build:
context: ../../backend
dockerfile: Dockerfile.model_server
# GPU Support: Uncomment the following lines to enable GPU support
# Requires nvidia-container-toolkit to be installed on the host
# deploy:
@ -232,20 +218,17 @@ services:
restart: unless-stopped
volumes:
# Not necessary, this is just to reduce download time during startup
- model_cache_huggingface:/app/.cache/huggingface/
- onyx-model_cache_huggingface:/app/.cache/huggingface/
# Optional, only for debugging purposes
- inference_model_server_logs:/var/log/onyx
- onyx-inference_model_server_logs:/var/log/onyx
logging:
driver: json-file
options:
max-size: "50m"
max-file: "6"
indexing_model_server:
onyx-indexing_model_server:
image: ${ONYX_MODEL_SERVER_IMAGE:-onyxdotapp/onyx-model-server:${IMAGE_TAG:-latest}}
build:
context: ../../backend
dockerfile: Dockerfile.model_server
# GPU Support: Uncomment the following lines to enable GPU support
# Requires nvidia-container-toolkit to be installed on the host
# deploy:
@ -270,16 +253,16 @@ services:
- INDEXING_ONLY=True
volumes:
# Not necessary, this is just to reduce download time during startup
- indexing_huggingface_model_cache:/app/.cache/huggingface/
- onyx-indexing_huggingface_model_cache:/app/.cache/huggingface/
# Optional, only for debugging purposes
- indexing_model_server_logs:/var/log/onyx
- onyx-indexing_model_server_logs:/var/log/onyx
logging:
driver: json-file
options:
max-size: "50m"
max-file: "6"
relational_db:
onyx-relational_db:
image: postgres:15.2-alpine
shm_size: 1g
command: -c 'max_connections=250'
@ -297,10 +280,10 @@ services:
# ports:
# - "5432:5432"
volumes:
- db_volume:/var/lib/postgresql/data
- onyx-db_volume:/var/lib/postgresql/data
# This container name cannot have an underscore in it due to Vespa expectations of the URL
index:
onyx-index:
image: vespaengine/vespa:8.609.39
restart: unless-stopped
env_file:
@ -315,54 +298,14 @@ services:
# - "19071:19071"
# - "8081:8081"
volumes:
- vespa_volume:/opt/vespa/var
- onyx-vespa_volume:/opt/vespa/var
logging:
driver: json-file
options:
max-size: "50m"
max-file: "6"
nginx:
image: nginx:1.25.5-alpine
restart: unless-stopped
# nginx will immediately crash with `nginx: [emerg] host not found in upstream`
# if api_server / web_server are not up
depends_on:
- api_server
- web_server
env_file:
- path: .env
required: false
environment:
- DOMAIN=localhost
# Nginx proxy timeout settings (in seconds)
- NGINX_PROXY_CONNECT_TIMEOUT=${NGINX_PROXY_CONNECT_TIMEOUT:-300}
- NGINX_PROXY_SEND_TIMEOUT=${NGINX_PROXY_SEND_TIMEOUT:-300}
- NGINX_PROXY_READ_TIMEOUT=${NGINX_PROXY_READ_TIMEOUT:-300}
ports:
- "${HOST_PORT_80:-80}:80"
- "${HOST_PORT:-3000}:80" # allow for localhost:3000 usage, since that is the norm
volumes:
- ../data/nginx:/etc/nginx/conf.d
# PRODUCTION: Add SSL certificate volumes for HTTPS support:
# - ../data/certbot/conf:/etc/letsencrypt
# - ../data/certbot/www:/var/www/certbot
logging:
driver: json-file
options:
max-size: "50m"
max-file: "6"
# The specified script waits for the api_server to start up.
# Without this we've seen issues where nginx shows no error logs but
# does not receive any traffic
# NOTE: we have to use dos2unix to remove Carriage Return chars from the file
# in order to make this work on both Unix-like systems and windows
# PRODUCTION: Change to app.conf.template.prod for production nginx config
command: >
/bin/sh -c "dos2unix /etc/nginx/conf.d/run-nginx.sh
&& /etc/nginx/conf.d/run-nginx.sh app.conf.template"
cache:
onyx-cache:
image: redis:7.4-alpine
restart: unless-stopped
# DEV: To expose ports, either:
@ -380,7 +323,7 @@ services:
tmpfs:
- /data
minio:
onyx-minio:
image: minio/minio:RELEASE.2025-07-23T15-54-02Z-cpuv1
restart: unless-stopped
# DEV: To expose ports, either:
@ -398,7 +341,7 @@ services:
# Note: we've seen the default bucket creation logic not work in some cases
MINIO_DEFAULT_BUCKETS: ${S3_FILE_STORE_BUCKET_NAME:-onyx-file-store-bucket}
volumes:
- minio_data:/data
- onyx-minio_data:/data
command: server /data --console-address ":9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
@ -406,7 +349,7 @@ services:
timeout: 20s
retries: 3
code-interpreter:
onyx-code-interpreter:
image: onyxdotapp/code-interpreter:${CODE_INTERPRETER_IMAGE_TAG:-latest}
entrypoint: ["/bin/bash", "-c"]
command: >
@ -447,15 +390,15 @@ services:
volumes:
# Necessary for persisting data for use
db_volume:
vespa_volume: # Created by the container itself
minio_data:
onyx-db_volume:
onyx-vespa_volume: # Created by the container itself
onyx-minio_data:
# Caches to prevent re-downloading models, not strictly necessary
model_cache_huggingface:
indexing_huggingface_model_cache:
onyx-model_cache_huggingface:
onyx-indexing_huggingface_model_cache:
# Logs preserved across container restarts
api_server_logs:
background_logs:
mcp_server_logs:
inference_model_server_logs:
indexing_model_server_logs:
onyx-api_server_logs:
onyx-background_logs:
onyx-mcp_server_logs:
onyx-inference_model_server_logs:
onyx-indexing_model_server_logs:

22
env.template
View file

@ -54,7 +54,7 @@ POSTGRES_PASSWORD=password
# DB_READONLY_PASSWORD=
## MinIO/S3 Configuration
S3_ENDPOINT_URL=http://minio:9000
S3_ENDPOINT_URL=http://onyx-minio:9000
S3_AWS_ACCESS_KEY_ID=minioadmin
S3_AWS_SECRET_ACCESS_KEY=minioadmin
S3_FILE_STORE_BUCKET_NAME=onyx-file-store-bucket
@ -223,9 +223,17 @@ LOG_INDIVIDUAL_MODEL_TOKENS=False
# NEXT_PUBLIC_CUSTOM_REFRESH_URL=
## Pointer to services
POSTGRES_HOST=relational_db
VESPA_HOST=index
REDIS_HOST=cache
MODEL_SERVER_HOST=inference_model_server
INDEXING_MODEL_SERVER_HOST=indexing_model_server
INTERNAL_URL=http://api_server:8080
POSTGRES_HOST=onyx-relational_db
VESPA_HOST=onyx-index
REDIS_HOST=onyx-cache
MODEL_SERVER_HOST=onyx-inference_model_server
INDEXING_MODEL_SERVER_HOST=onyx-indexing_model_server
INTERNAL_URL=http://onyx-api_server:8080
## Traefik / Coolify routing
# Hostname (no scheme) Traefik should route to, e.g. onyx.example.com
TRAEFIK_HOSTNAME=onyx.example.com
# Comma separated entrypoints that Coolify/Traefik exposes (usually websecure)
TRAEFIK_ENTRYPOINTS=websecure
# Optional cert resolver name inside Traefik
TRAEFIK_CERT_RESOLVER=coolify