diff --git a/backend/Dockerfile b/backend/Dockerfile index f8feefdda76..2f8de6e7996 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -12,7 +12,6 @@ ARG DANSWER_VERSION=0.8-dev ENV DANSWER_VERSION=${DANSWER_VERSION} \ DANSWER_RUNNING_IN_DOCKER="true" -ARG CA_CERT_CONTENT="" RUN echo "DANSWER_VERSION: ${DANSWER_VERSION}" # Install system dependencies @@ -39,15 +38,6 @@ RUN apt-get update && \ apt-get clean -# Conditionally write the CA certificate and update certificates -RUN if [ -n "$CA_CERT_CONTENT" ]; then \ - echo "Adding custom CA certificate"; \ - echo "$CA_CERT_CONTENT" > /usr/local/share/ca-certificates/my-ca.crt && \ - chmod 644 /usr/local/share/ca-certificates/my-ca.crt && \ - update-ca-certificates; \ -else \ - echo "No custom CA certificate provided"; \ -fi # Install Python dependencies # Remove py which is pulled in by retry, py is not needed and is a CVE @@ -87,7 +77,6 @@ RUN apt-get update && \ RUN python -c "from tokenizers import Tokenizer; \ Tokenizer.from_pretrained('nomic-ai/nomic-embed-text-v1')" - # Pre-downloading NLTK for setups with limited egress RUN python -c "import nltk; \ nltk.download('stopwords', quiet=True); \ diff --git a/deployment/docker_compose/docker-compose.dev.yml b/deployment/docker_compose/docker-compose.dev.yml index 7b31689c8f3..34be985c01d 100644 --- a/deployment/docker_compose/docker-compose.dev.yml +++ b/deployment/docker_compose/docker-compose.dev.yml @@ -79,8 +79,8 @@ services: # Leave this on pretty please? Nothing sensitive is collected! # https://docs.danswer.dev/more/telemetry - DISABLE_TELEMETRY=${DISABLE_TELEMETRY:-} - - LOG_LEVEL=${LOG_LEVEL:-info} # Set to debug to get more fine-grained logs - - LOG_ALL_MODEL_INTERACTIONS=${LOG_ALL_MODEL_INTERACTIONS:-} # LiteLLM Verbose Logging + - LOG_LEVEL=${LOG_LEVEL:-info} # Set to debug to get more fine-grained logs + - LOG_ALL_MODEL_INTERACTIONS=${LOG_ALL_MODEL_INTERACTIONS:-} # LiteLLM Verbose Logging # Log all of Danswer prompts and interactions with the LLM - LOG_DANSWER_MODEL_INTERACTIONS=${LOG_DANSWER_MODEL_INTERACTIONS:-} # If set to `true` will enable additional logs about Vespa query performance @@ -96,7 +96,7 @@ services: # Chat Configs - HARD_DELETE_CHATS=${HARD_DELETE_CHATS:-} - + # Enterprise Edition only - ENABLE_PAID_ENTERPRISE_EDITION_FEATURES=${ENABLE_PAID_ENTERPRISE_EDITION_FEATURES:-false} - API_KEY_HASH_ROUNDS=${API_KEY_HASH_ROUNDS:-} @@ -114,7 +114,12 @@ services: build: context: ../../backend dockerfile: Dockerfile - command: /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf + command: > + /bin/sh -c " + if [ -f /etc/ssl/certs/custom-ca.crt ]; then + update-ca-certificates; + fi && + /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf" depends_on: - relational_db - index @@ -197,8 +202,8 @@ services: # Leave this on pretty please? Nothing sensitive is collected! # https://docs.danswer.dev/more/telemetry - DISABLE_TELEMETRY=${DISABLE_TELEMETRY:-} - - LOG_LEVEL=${LOG_LEVEL:-info} # Set to debug to get more fine-grained logs - - LOG_ALL_MODEL_INTERACTIONS=${LOG_ALL_MODEL_INTERACTIONS:-} # LiteLLM Verbose Logging + - LOG_LEVEL=${LOG_LEVEL:-info} # Set to debug to get more fine-grained logs + - LOG_ALL_MODEL_INTERACTIONS=${LOG_ALL_MODEL_INTERACTIONS:-} # LiteLLM Verbose Logging # Log all of Danswer prompts and interactions with the LLM - LOG_DANSWER_MODEL_INTERACTIONS=${LOG_DANSWER_MODEL_INTERACTIONS:-} - LOG_VESPA_TIMING_INFORMATION=${LOG_VESPA_TIMING_INFORMATION:-} @@ -215,6 +220,11 @@ services: options: max-size: "50m" max-file: "6" + # Uncomment the following lines if you need to include a custom CA certificate + # Optional volume mount for CA certificate + # volumes: + # # Maps to the CA_CERT_PATH environment variable in the Dockerfile + # - ${CA_CERT_PATH:-./custom-ca.crt}:/etc/ssl/certs/custom-ca.crt:ro web_server: image: danswer/danswer-web-server:${IMAGE_TAG:-latest} @@ -295,7 +305,7 @@ services: # Set to debug to get more fine-grained logs - LOG_LEVEL=${LOG_LEVEL:-info} - CLIENT_EMBEDDING_TIMEOUT=${CLIENT_EMBEDDING_TIMEOUT:-} - + # Analytics Configs - SENTRY_DSN=${SENTRY_DSN:-} volumes: @@ -338,7 +348,7 @@ services: image: nginx:1.23.4-alpine restart: always # nginx will immediately crash with `nginx: [emerg] host not found in upstream` - # if api_server / web_server are not up + # if api_server / web_server are not up depends_on: - api_server - web_server @@ -354,20 +364,20 @@ services: options: max-size: "50m" max-file: "6" - # The specified script waits for the api_server to start up. - # Without this we've seen issues where nginx shows no error logs but + # The specified script waits for the api_server to start up. + # Without this we've seen issues where nginx shows no error logs but # does not recieve any traffic # NOTE: we have to use dos2unix to remove Carriage Return chars from the file # in order to make this work on both Unix-like systems and windows - command: > + command: > /bin/sh -c "dos2unix /etc/nginx/conf.d/run-nginx.sh - && /etc/nginx/conf.d/run-nginx.sh app.conf.template.dev" + && /etc/nginx/conf.d/run-nginx.sh app.conf.template.dev" cache: image: redis:7.4-alpine restart: always ports: - - '6379:6379' + - "6379:6379" # docker silently mounts /data even without an explicit volume mount, which enables # persistence. explicitly setting save and appendonly forces ephemeral behavior. command: redis-server --save "" --appendonly no diff --git a/deployment/docker_compose/docker-compose.prod.yml b/deployment/docker_compose/docker-compose.prod.yml index eaeaa7646b7..d4ba321736e 100644 --- a/deployment/docker_compose/docker-compose.prod.yml +++ b/deployment/docker_compose/docker-compose.prod.yml @@ -5,7 +5,8 @@ services: context: ../../backend dockerfile: Dockerfile command: > - /bin/sh -c "alembic upgrade head && + /bin/sh -c " + alembic upgrade head && echo \"Starting Danswer Api Server\" && uvicorn danswer.main:app --host 0.0.0.0 --port 8080" depends_on: @@ -29,14 +30,17 @@ services: options: max-size: "50m" max-file: "6" - - background: image: danswer/danswer-backend:${IMAGE_TAG:-latest} build: context: ../../backend dockerfile: Dockerfile - command: /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf + command: > + /bin/sh -c " + if [ -f /etc/ssl/certs/custom-ca.crt ]; then + update-ca-certificates; + fi && + /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf" depends_on: - relational_db - index @@ -60,6 +64,10 @@ services: options: max-size: "50m" max-file: "6" + # Uncomment the following lines if you need to include a custom CA certificate + # volumes: + # # Maps to the CA_CERT_PATH environment variable in the Dockerfile + # - ${CA_CERT_PATH:-./custom-ca.crt}:/etc/ssl/certs/custom-ca.crt:ro web_server: image: danswer/danswer-web-server:${IMAGE_TAG:-latest} @@ -86,7 +94,6 @@ services: max-size: "50m" max-file: "6" - relational_db: image: postgres:15.2-alpine command: -c 'max_connections=250' @@ -102,7 +109,6 @@ services: max-size: "50m" max-file: "6" - inference_model_server: image: danswer/danswer-model-server:${IMAGE_TAG:-latest} build: @@ -129,7 +135,6 @@ services: max-size: "50m" max-file: "6" - indexing_model_server: image: danswer/danswer-model-server:${IMAGE_TAG:-latest} build: @@ -158,7 +163,6 @@ services: max-size: "50m" max-file: "6" - # This container name cannot have an underscore in it due to Vespa expectations of the URL index: image: vespaengine/vespa:8.277.17 @@ -174,12 +178,11 @@ services: max-size: "50m" max-file: "6" - nginx: image: nginx:1.23.4-alpine restart: always # nginx will immediately crash with `nginx: [emerg] host not found in upstream` - # if api_server / web_server are not up + # if api_server / web_server are not up depends_on: - api_server - web_server @@ -190,26 +193,25 @@ services: - ../data/nginx:/etc/nginx/conf.d - ../data/certbot/conf:/etc/letsencrypt - ../data/certbot/www:/var/www/certbot - # sleep a little bit to allow the web_server / api_server to start up. - # Without this we've seen issues where nginx shows no error logs but + # sleep a little bit to allow the web_server / api_server to start up. + # Without this we've seen issues where nginx shows no error logs but # does not recieve any traffic logging: driver: json-file options: max-size: "50m" max-file: "6" - # The specified script waits for the api_server to start up. - # Without this we've seen issues where nginx shows no error logs but - # does not recieve any traffic + # The specified script waits for the api_server to start up. + # Without this we've seen issues where nginx shows no error logs but + # does not recieve any traffic # NOTE: we have to use dos2unix to remove Carriage Return chars from the file # in order to make this work on both Unix-like systems and windows - command: > + command: > /bin/sh -c "dos2unix /etc/nginx/conf.d/run-nginx.sh && /etc/nginx/conf.d/run-nginx.sh app.conf.template" env_file: - .env.nginx - # follows https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 certbot: image: certbot/certbot @@ -224,17 +226,15 @@ services: max-file: "6" entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - cache: image: redis:7.4-alpine restart: always ports: - - '6379:6379' + - "6379:6379" # docker silently mounts /data even without an explicit volume mount, which enables # persistence. explicitly setting save and appendonly forces ephemeral behavior. command: redis-server --save "" --appendonly no - volumes: db_volume: vespa_volume: diff --git a/deployment/kubernetes/api_server-service-deployment.yaml b/deployment/kubernetes/api_server-service-deployment.yaml index ccbbc906d61..0e1cd79af58 100644 --- a/deployment/kubernetes/api_server-service-deployment.yaml +++ b/deployment/kubernetes/api_server-service-deployment.yaml @@ -27,36 +27,36 @@ spec: app: api-server spec: containers: - - name: api-server - image: danswer/danswer-backend:latest - imagePullPolicy: IfNotPresent - command: - - "/bin/sh" - - "-c" - - | - alembic upgrade head && - echo "Starting Danswer Api Server" && - uvicorn danswer.main:app --host 0.0.0.0 --port 8080 - ports: - - containerPort: 8080 - # There are some extra values since this is shared between services - # There are no conflicts though, extra env variables are simply ignored - env: - - name: OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: danswer-secrets - key: google_oauth_client_id - - name: OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: danswer-secrets - key: google_oauth_client_secret - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: danswer-secrets - key: redis_password - envFrom: - - configMapRef: - name: env-configmap + - name: api-server + image: danswer/danswer-backend:latest + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-c" + - | + alembic upgrade head && + echo "Starting Danswer Api Server" && + uvicorn danswer.main:app --host 0.0.0.0 --port 8080 + ports: + - containerPort: 8080 + # There are some extra values since this is shared between services + # There are no conflicts though, extra env variables are simply ignored + env: + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: danswer-secrets + key: google_oauth_client_id + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: danswer-secrets + key: google_oauth_client_secret + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: danswer-secrets + key: redis_password + envFrom: + - configMapRef: + name: env-configmap diff --git a/deployment/kubernetes/background-deployment.yaml b/deployment/kubernetes/background-deployment.yaml index dcb3c89a0c6..4989d889fdf 100644 --- a/deployment/kubernetes/background-deployment.yaml +++ b/deployment/kubernetes/background-deployment.yaml @@ -13,18 +13,35 @@ spec: app: background spec: containers: - - name: background - image: danswer/danswer-backend:latest - imagePullPolicy: IfNotPresent - command: ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] - # There are some extra values since this is shared between services - # There are no conflicts though, extra env variables are simply ignored - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: danswer-secrets - key: redis_password - envFrom: - - configMapRef: - name: env-configmap \ No newline at end of file + - name: background + image: danswer/danswer-backend:latest + imagePullPolicy: IfNotPresent + command: + [ + "/usr/bin/supervisord", + "-c", + "/etc/supervisor/conf.d/supervisord.conf", + ] + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: danswer-secrets + key: redis_password + envFrom: + - configMapRef: + name: env-configmap + # Uncomment the following lines if you need to include a custom CA certificate + # Optional volume mount for CA certificate + # volumeMounts: + # - name: my-ca-cert-volume + # mountPath: /etc/ssl/certs/custom-ca.crt + # subPath: my-ca.crt + # Optional volume for CA certificate + # volumes: + # - name: my-cas-cert-volume + # secret: + # secretName: my-ca-cert + # items: + # - key: my-ca.crt + # path: my-ca.crt