forked from FlowiseAI/Flowise
-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathrender.yaml
More file actions
362 lines (347 loc) · 12.6 KB
/
render.yaml
File metadata and controls
362 lines (347 loc) · 12.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
# Exported from Render on 2024-11-07T15:50:51Z
services:
# =========================================
# Web Application Configuration (Frontend)
# =========================================
- type: web
name: aai-unified1-web
runtime: docker
repo: https://github.com/the-answerai/theanswer
plan: starter
envVars:
# =========================================
# Web Application Configuration
# =========================================
- key: NODE_ENV
value: production
- key: PORT
value: '3000'
- key: HOSTNAME
value: '0.0.0.0'
- key: NEXT_TELEMETRY_DISABLED
value: '1'
- key: DEBUG
value: 'true'
- key: LOG_LEVEL
value: 'debug'
- key: ANALYZE
value: 'false'
- key: AUTH0_DEBUG
value: 'true'
- key: VERBOSE
value: 'true'
# =========================================
# Web Database Configuration
# =========================================
- key: DATABASE_TYPE
value: postgres
- key: DATABASE_NAME
fromDatabase:
name: aai-unified3-database
property: database
- key: DATABASE_HOST
fromDatabase:
name: aai-unified3-database
property: host
- key: DATABASE_PORT
fromDatabase:
name: aai-unified3-database
property: port
# Database name will be set from DATABASE_SECRET
- key: DATABASE_USER
fromDatabase:
name: aai-unified3-database
property: user
- key: DATABASE_PASSWORD
fromDatabase:
name: aai-unified3-database
property: password
# DATABASE_URL will be constructed by entrypoint.sh from DATABASE_SECRET
- key: DATABASE_SECRET
value: '{"engine":"postgres","host":"${DATABASE_HOST}","port":"${DATABASE_PORT}","dbname":"${DATABASE_NAME}","username":"${DATABASE_USER}","password":"${DATABASE_PASSWORD}"}'
# =========================================
# Web Auth0 Configuration (Must Match Backend)
# =========================================
- key: AUTH0_DOMAIN
sync: false
- key: AUTH0_BASE_URL
sync: false
- key: AUTH0_SECRET
sync: false
- key: AUTH0_CLIENT_ID
sync: false
- key: AUTH0_CLIENT_SECRET
sync: false
- key: AUTH0_AUDIENCE
sync: false
- key: AUTH0_ISSUER_BASE_URL
sync: false
- key: AUTH0_ORGANIZATION_ID
sync: false
- key: AUTH0_TOKEN_SIGN_ALG
value: 'RS256'
- key: AUTH0_SCOPE
value: 'openid profile email'
- key: AUTH0_JWKS_URI
sync: false
# =========================================
# Web Domain Configurations
# =========================================
- key: ANSWERAI_DOMAIN
fromService:
name: aai-unified1-web
type: web
property: hostport
- key: FLOWISE_DOMAIN
fromService:
name: aai-unified2-flowise
type: web
property: hostport
- key: DOMAIN
fromService:
name: aai-unified2-flowise
type: web
property: hostport
- key: API_HOST
fromService:
name: aai-unified2-flowise
type: web
property: hostport
# =========================================
# Web External Services
# =========================================
- key: REDIS_URL
fromService:
name: aai-unified4-redis
type: redis
property: connectionString
- key: BILLING_STRIPE_SECRET_KEY
sync: false
region: virginia
dockerContext: .
dockerfilePath: ./apps/web/Dockerfile
healthCheckPath: /healthcheck
domains:
- subdomain.theanswer.ai
- web.subdomain.theanswer.ai
# =========================================
# Flowise Application Configuration (Backend)
# =========================================
- type: web
name: aai-unified2-flowise
runtime: docker
repo: https://github.com/the-answerai/theanswer
plan: standard
envVars:
# =========================================
# Flowise Application Configuration
# =========================================
- key: NODE_ENV
value: production
- key: PORT
value: '4000'
- key: DEBUG
value: 'true'
- key: LOG_LEVEL
value: 'warn'
- key: LOG_PATH
value: '/var/data'
- key: DISABLE_FLOWISE_TELEMETRY
value: 'true'
- key: AUTH0_DEBUG
value: 'true'
- key: VERBOSE
value: 'true'
- key: NUMBER_OF_PROXIES
value: '1'
- key: FLOWISE_API_KEY
generateValue: true
- key: SESSION_SECRET
generateValue: true
# =========================================
# Flowise Database Configuration
# =========================================
# DATABASE_URL will be constructed from DATABASE_SECRET
- key: DATABASE_TYPE
value: postgres
- key: DATABASE_NAME
fromDatabase:
name: aai-unified3-database
property: database
- key: DATABASE_HOST
fromDatabase:
name: aai-unified3-database
property: host
- key: DATABASE_PORT
fromDatabase:
name: aai-unified3-database
property: port
# Database name will be set from DATABASE_SECRET
- key: DATABASE_USER
fromDatabase:
name: aai-unified3-database
property: user
- key: DATABASE_PASSWORD
fromDatabase:
name: aai-unified3-database
property: password
# =========================================
# Flowise Auth0 Configuration (Must Match Frontend)
# =========================================
- key: AUTH0_DOMAIN
sync: false
- key: AUTH0_BASE_URL
sync: false
- key: AUTH0_SECRET
sync: false
- key: AUTH0_CLIENT_ID
sync: false
- key: AUTH0_CLIENT_SECRET
sync: false
- key: AUTH0_AUDIENCE
sync: false
- key: AUTH0_ISSUER_BASE_URL
sync: false
- key: AUTH0_ORGANIZATION_ID
sync: false
- key: AUTH0_TOKEN_SIGN_ALG
value: 'RS256'
- key: AUTH0_SCOPE
value: 'openid profile email'
- key: AUTH0_JWKS_URI
sync: false
# =========================================
# Flowise Domain Configuration
# =========================================
- key: CHATFLOW_DOMAIN
fromService:
name: aai-unified2-flowise
type: web
property: hostport
- key: DOMAIN
fromService:
name: aai-unified2-flowise
type: web
property: hostport
- key: FLOWISE_DOMAIN
fromService:
name: aai-unified2-flowise
type: web
property: hostport
- key: ANSWERAI_DOMAIN
fromService:
name: aai-unified1-web
type: web
property: hostport
# =========================================
# Flowise Security & API Keys
# =========================================
# ⚠️ CRITICAL: FLOWISE_SECRETKEY_OVERWRITE is REQUIRED for Render deployments
# Render containers are ephemeral - without this variable, each deploy generates
# a new encryption key, making ALL stored credentials permanently unreadable.
# Generate once with: openssl rand -base64 32
# Store as a Render secret and NEVER regenerate unless rotating credentials.
- key: FLOWISE_SECRETKEY_OVERWRITE
sync: false
- key: SECRETKEY_PATH
value: '/var/data'
- key: APIKEY_STORAGE_TYPE
value: 'db'
- key: APIKEY_PATH
value: '/var/data'
# =========================================
# Flowise CORS & Iframe Settings
# =========================================
- key: CORS_ORIGINS
value: '*'
- key: IFRAME_ORIGINS
value: '*'
# =========================================
# Flowise Redis Configuration
# =========================================
- key: REDIS_URL
fromService:
name: aai-unified4-redis
type: redis
property: connectionString
- key: AAI_DEFAULT_REDIS_URL
fromService:
name: aai-unified4-redis
type: redis
property: connectionString
# =========================================
# Flowise Storage Configuration
# =========================================
- key: STORAGE_TYPE
sync: false
- key: S3_STORAGE_BUCKET_NAME
sync: false
- key: S3_STORAGE_ACCESS_KEY_ID
sync: false
- key: S3_STORAGE_SECRET_ACCESS_KEY
sync: false
- key: S3_STORAGE_REGION
sync: false
# S3_FORCE_PATH_STYLE: false for AWS S3, true for S3-compatible services (MinIO, DigitalOcean, etc.)
- key: S3_FORCE_PATH_STYLE
value: 'false'
# =========================================
# Flowise Langfuse Tracing
# =========================================
- key: LANGFUSE_HOST
sync: false
- key: LANGFUSE_PUBLIC_KEY
sync: false
- key: LANGFUSE_SECRET_KEY
sync: false
# =========================================
# Flowise External Services
# =========================================
- key: AAI_DEFAULT_OPENAI_API_KEY
sync: false
region: virginia
dockerContext: .
dockerfilePath: ./Dockerfile
healthCheckPath: /api/v1/ping
domains:
- api.subdomain.theanswer.ai
- flowise.subdomain.theanswer.ai
# ================================================================
# Redis Application Configuration (Cache)
# ================================================================
- type: keyvalue
name: aai-unified4-redis
plan: free
region: virginia
maxmemoryPolicy: allkeys-lru
ipAllowList: []
# ================================================================
# Database Application Configuration (Postgres)
# ================================================================
databases:
- name: aai-unified3-database
databaseName: aai_unified_database
user: admin
plan: basic-256mb
region: virginia
postgresMajorVersion: '16'
# CURRENT SETTING: Internal-Renderonly access (most secure for Database services)
ipAllowList: []
# =========================================
# SECURITY WARNING - DATABASE ACCESS CONTROL
# =========================================
# ⚠️ CRITICAL: Never use 0.0.0.0/0 for database access - this opens your database to the entire internet!
# ⚠️ ALWAYS use specific IP addresses or internal-only access for production databases
#
# SECURE CONFIGURATION GUIDELINES:
# • Use /32 CIDR notation for single IP addresses (most secure)
# • Use /24 CIDR notation only for trusted corporate VPN subnets
# • Never use broader ranges like /16 or /8 for database access
# • Check your current IP at https://ipchicken.com before adding home office access
#
# Examples:
# ipAllowList:
# - source: 203.0.113.4/32
# description: home-office-single-ip (check ipchicken.com for current IP)
# - source: 198.51.100.0/24
# description: corporate-vpn-subnet (only for trusted VPN ranges)