#!/bin/sh # For Langfuse v2, explicitly disable ClickHouse echo "=== LANGFUSE V2 - CLICKHOUSE NOT REQUIRED ===" unset CLICKHOUSE_URL unset CLICKHOUSE_MIGRATION_URL unset CLICKHOUSE_USER unset CLICKHOUSE_PASSWORD # Check if using external database (for persistence) if [ -n "$EXTERNAL_DATABASE_URL" ]; then echo "=== USING EXTERNAL DATABASE (PERSISTENT) ===" echo "Database host: ${EXTERNAL_DATABASE_URL%%/*}" export DATABASE_URL="$EXTERNAL_DATABASE_URL" echo "Data will persist across restarts!" else echo "=== USING LOCAL DATABASE (EPHEMERAL) ===" echo "WARNING: HF Spaces has NO persistent storage!" echo "All data will be LOST when the Space restarts." echo "To fix: Use an external database like Neon.tech" echo "Set EXTERNAL_DATABASE_URL secret in HF Space settings" # Create postgres user if it doesn't exist echo "Setting up postgres user..." if ! id postgres >/dev/null 2>&1; then addgroup -g 70 -S postgres 2>/dev/null || true adduser -u 70 -S -D -G postgres -H -h /data/postgresql -s /bin/sh postgres 2>/dev/null || true fi # Create necessary directories in the persistent /data volume echo "Creating necessary directories in the persistent /data volume..." mkdir -p /data/postgresql/data /data/postgresql/run chown -R postgres:postgres /data/postgresql chmod 0700 /data/postgresql/data chmod 0755 /data/postgresql/run # Initialize PostgreSQL if not already initialized echo "Initializing PostgreSQL if not already initialized..." if [ ! -f "/data/postgresql/data/PG_VERSION" ]; then # Initialize database as postgres user echo "Initializing database..." su postgres -c "initdb -D /data/postgresql/data" # Modify pg_hba.conf to allow local connections echo "local all all trust" > /data/postgresql/data/pg_hba.conf echo "host all all 127.0.0.1/32 trust" >> /data/postgresql/data/pg_hba.conf echo "host all all ::1/128 trust" >> /data/postgresql/data/pg_hba.conf echo "host all all 0.0.0.0/0 trust" >> /data/postgresql/data/pg_hba.conf echo "host all all ::/0 trust" >> /data/postgresql/data/pg_hba.conf chown postgres:postgres /data/postgresql/data/pg_hba.conf fi # Start PostgreSQL with the persistent directories as postgres user echo "Starting PostgreSQL..." su postgres -c "pg_ctl -D /data/postgresql/data -o '-c listen_addresses=\"*\" -c unix_socket_directories=\"/data/postgresql/run\"' start" # Wait for PostgreSQL to be ready (with timeout) echo "Waiting for PostgreSQL to be ready..." max_attempts=30 attempt=0 until pg_isready -h localhost -p 5432 2>/dev/null || [ $attempt -ge $max_attempts ]; do echo "Waiting for PostgreSQL to be ready... ($attempt/$max_attempts)" sleep 2 attempt=$((attempt + 1)) done if [ $attempt -ge $max_attempts ]; then echo "ERROR: PostgreSQL failed to start after $max_attempts attempts" exit 1 fi echo "PostgreSQL is ready!" # Create database and roles echo "Creating database and roles..." su postgres -c "createuser -h /data/postgresql/run -s postgres 2>/dev/null || true" su postgres -c "createdb -h /data/postgresql/run node 2>/dev/null || true" # Set local DATABASE_URL export DATABASE_URL="postgresql://postgres:postgres@localhost:5432/node" fi # Set NEXTAUTH_URL based on SPACE_HOST if available if [ -n "$SPACE_ID" ]; then echo "Setting NEXTAUTH_URL to https://huggingface.co/spaces/${SPACE_ID}" export NEXTAUTH_URL="https://${SPACE_HOST}" else echo "WARNING: SPACE_ID not found" fi # Generate NEXTAUTH_SECRET if not set (required for authentication) if [ -z "$NEXTAUTH_SECRET" ]; then echo "WARNING: NEXTAUTH_SECRET not set, generating random secret..." echo "For production, please set this as a persistent secret in HF Space settings!" export NEXTAUTH_SECRET=$(openssl rand -hex 32) fi # Generate SALT if not set (required for API key encryption) if [ -z "$SALT" ]; then echo "WARNING: SALT not set, generating random salt..." echo "For production, please set this as a persistent secret in HF Space settings!" export SALT=$(openssl rand -hex 32) fi # Export these environment variables to influence Next.js binding export HOSTNAME="0.0.0.0" export HOST="0.0.0.0" export PORT=3000 # Disable CSP headers to allow for embedded use within HF export LANGFUSE_CSP_DISABLE="true" # Only enable HF OAuth if the required variables are present if [ -n "$OAUTH_CLIENT_ID" ] && [ -n "$OAUTH_CLIENT_SECRET" ]; then echo "HF OAuth variables detected, enabling HF authentication..." export AUTH_CUSTOM_CLIENT_ID=$OAUTH_CLIENT_ID export AUTH_CUSTOM_CLIENT_SECRET=$OAUTH_CLIENT_SECRET export AUTH_CUSTOM_ISSUER=$OPENID_PROVIDER_URL export AUTH_CUSTOM_SCOPE=$OAUTH_SCOPES export AUTH_CUSTOM_NAME="Hugging Face" export AUTH_DISABLE_USERNAME_PASSWORD="true" else echo "No HF OAuth configured, using standard email/password authentication..." export AUTH_DISABLE_USERNAME_PASSWORD="false" fi # Pass through AUTH_DISABLE_SIGNUP value if set, default to false if not set if [ -n "$AUTH_DISABLE_SIGNUP" ]; then export AUTH_DISABLE_SIGNUP="$AUTH_DISABLE_SIGNUP" else export AUTH_DISABLE_SIGNUP="false" fi # Headless initialization: auto-create admin account if credentials are provided if [ -n "$LANGFUSE_INIT_USER_EMAIL" ] && [ -n "$LANGFUSE_INIT_USER_PASSWORD" ]; then echo "Headless initialization enabled - admin account will be auto-created" echo "Email: $LANGFUSE_INIT_USER_EMAIL" export LANGFUSE_INIT_ORG_ID="default-org" export LANGFUSE_INIT_ORG_NAME="My Organization" export LANGFUSE_INIT_PROJECT_ID="default-project" export LANGFUSE_INIT_PROJECT_NAME="My Project" # Also disable signup since you have a pre-created account export AUTH_DISABLE_SIGNUP="true" echo "Signup disabled - only the pre-created admin account can log in" fi # Start Next.js in the background echo "Starting Next.js..." ./web/entrypoint.sh node ./web/server.js \ --keepAliveTimeout 110000