simplify

backend/Dockerfile

@@ -12,7 +12,6 @@ ARG DANSWER_VERSION=0.8-dev
 ENV DANSWER_VERSION=${DANSWER_VERSION} \
     DANSWER_RUNNING_IN_DOCKER="true"
 
-ARG CA_CERT_CONTENT=""
 
 RUN echo "DANSWER_VERSION: ${DANSWER_VERSION}"
 # Install system dependencies
@@ -39,15 +38,6 @@ RUN apt-get update && \
     apt-get clean
 
 
-# Conditionally write the CA certificate and update certificates
-RUN if [ -n "$CA_CERT_CONTENT" ]; then \
-    echo "Adding custom CA certificate"; \
-    echo "$CA_CERT_CONTENT" > /usr/local/share/ca-certificates/my-ca.crt && \
-    chmod 644 /usr/local/share/ca-certificates/my-ca.crt && \
-    update-ca-certificates; \
-else \
-    echo "No custom CA certificate provided"; \
-fi
 
 # Install Python dependencies
 # Remove py which is pulled in by retry, py is not needed and is a CVE
@@ -87,7 +77,6 @@ RUN apt-get update && \
 RUN python -c "from tokenizers import Tokenizer; \
 Tokenizer.from_pretrained('nomic-ai/nomic-embed-text-v1')"
 
-
 # Pre-downloading NLTK for setups with limited egress
 RUN python -c "import nltk; \
 nltk.download('stopwords', quiet=True); \
@@ -111,6 +100,7 @@ COPY supervisord.conf /usr/etc/supervisord.conf
 
 # Escape hatch
 COPY ./scripts/force_delete_connector_by_id.py /app/scripts/force_delete_connector_by_id.py
+COPY ./scripts/initialize_ca_cert.py /app/scripts/initialize_ca_cert.py
 
 # Put logo in assets
 COPY ./assets /app/assets

deployment/docker_compose/docker-compose.prod.yml

@@ -5,7 +5,11 @@ services:
       context: ../../backend
       dockerfile: Dockerfile
     command: >
-      /bin/sh -c "alembic upgrade head &&
+      /bin/sh -c "
+      if [ -f /usr/local/share/ca-certificates/my-ca.crt ]; then
+        update-ca-certificates;
+      fi &&
+      alembic upgrade head &&
       echo \"Starting Danswer Api Server\" &&
       uvicorn danswer.main:app --host 0.0.0.0 --port 8080"
     depends_on:
@@ -29,14 +33,22 @@ services:
       options:
         max-size: "50m"
         max-file: "6"
-
+    # Optional volume mount for CA certificate
+    volumes:
+      # Uncomment the following line if you need to include a custom CA certificate
+      # - ${CA_CERT_PATH:-./my-ca.crt}:/usr/local/share/ca-certificates/my-ca.crt:ro
 
   background:
     image: danswer/danswer-backend:${IMAGE_TAG:-latest}
     build:
       context: ../../backend
       dockerfile: Dockerfile
-    command: /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
+    command: >
+      /bin/sh -c "
+      if [ -f /usr/local/share/ca-certificates/my-ca.crt ]; then
+        update-ca-certificates;
+      fi &&
+      /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf"
     depends_on:
       - relational_db
       - index
@@ -60,6 +72,10 @@ services:
       options:
         max-size: "50m"
         max-file: "6"
+    # Optional volume mount for CA certificate
+    volumes:
+      # Uncomment the following line if you need to include a custom CA certificate
+      # - ${CA_CERT_PATH:-./my-ca.crt}:/usr/local/share/ca-certificates/my-ca.crt:ro
 
   web_server:
     image: danswer/danswer-web-server:${IMAGE_TAG:-latest}
@@ -86,7 +102,6 @@ services:
         max-size: "50m"
         max-file: "6"
 
-
   relational_db:
     image: postgres:15.2-alpine
     command: -c 'max_connections=250'
@@ -102,7 +117,6 @@ services:
         max-size: "50m"
         max-file: "6"
 
-
   inference_model_server:
     image: danswer/danswer-model-server:${IMAGE_TAG:-latest}
     build:
@@ -129,7 +143,6 @@ services:
         max-size: "50m"
         max-file: "6"
 
-
   indexing_model_server:
     image: danswer/danswer-model-server:${IMAGE_TAG:-latest}
     build:
@@ -158,7 +171,6 @@ services:
         max-size: "50m"
         max-file: "6"
 
-
   # This container name cannot have an underscore in it due to Vespa expectations of the URL
   index:
     image: vespaengine/vespa:8.277.17
@@ -174,12 +186,11 @@ services:
         max-size: "50m"
         max-file: "6"
 
-
   nginx:
     image: nginx:1.23.4-alpine
     restart: always
     # nginx will immediately crash with `nginx: [emerg] host not found in upstream`
-    # if api_server / web_server are not up 
+    # if api_server / web_server are not up
     depends_on:
       - api_server
       - web_server
@@ -190,26 +201,25 @@ services:
       - ../data/nginx:/etc/nginx/conf.d
       - ../data/certbot/conf:/etc/letsencrypt
       - ../data/certbot/www:/var/www/certbot
-    # sleep a little bit to allow the web_server / api_server to start up. 
-    # Without this we've seen issues where nginx shows no error logs but 
+    # sleep a little bit to allow the web_server / api_server to start up.
+    # Without this we've seen issues where nginx shows no error logs but
     # does not recieve any traffic
     logging:
       driver: json-file
       options:
         max-size: "50m"
         max-file: "6"
-    # The specified script waits for the api_server to start up. 
-    # Without this we've seen issues where nginx shows no error logs but 
-    # does not recieve any traffic  
+    # The specified script waits for the api_server to start up.
+    # Without this we've seen issues where nginx shows no error logs but
+    # does not recieve any traffic
     # NOTE: we have to use dos2unix to remove Carriage Return chars from the file
     # in order to make this work on both Unix-like systems and windows
-    command: > 
+    command: >
       /bin/sh -c "dos2unix /etc/nginx/conf.d/run-nginx.sh 
       && /etc/nginx/conf.d/run-nginx.sh app.conf.template"
     env_file:
       - .env.nginx
 
-
   # follows https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
   certbot:
     image: certbot/certbot
@@ -224,17 +234,15 @@ services:
         max-file: "6"
     entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
 
-
   cache:
     image: redis:7.4-alpine
     restart: always
     ports:
-      - '6379:6379'
+      - "6379:6379"
     # docker silently mounts /data even without an explicit volume mount, which enables
     # persistence. explicitly setting save and appendonly forces ephemeral behavior.
     command: redis-server --save "" --appendonly no
 
-
 volumes:
   db_volume:
   vespa_volume:

deployment/kubernetes/api_server-service-deployment.yaml

@@ -27,36 +27,52 @@ spec:
         app: api-server
     spec:
       containers:
-      - name: api-server
-        image: danswer/danswer-backend:latest
-        imagePullPolicy: IfNotPresent
-        command:
-          - "/bin/sh"
-          - "-c"
-          - |
-            alembic upgrade head &&
-            echo "Starting Danswer Api Server" &&
-            uvicorn danswer.main:app --host 0.0.0.0 --port 8080
-        ports:
-        - containerPort: 8080
-        # There are some extra values since this is shared between services
-        # There are no conflicts though, extra env variables are simply ignored
-        env:
-        - name: OAUTH_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              name: danswer-secrets
-              key: google_oauth_client_id
-        - name: OAUTH_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: danswer-secrets
-              key: google_oauth_client_secret
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: danswer-secrets
-              key: redis_password
-        envFrom:
-        - configMapRef:
-            name: env-configmap
+        - name: api-server
+          image: danswer/danswer-backend:latest
+          imagePullPolicy: IfNotPresent
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              if [ -f /usr/local/share/ca-certificates/my-ca.crt ]; then
+                update-ca-certificates;
+              fi &&
+              alembic upgrade head &&
+              echo "Starting Danswer Api Server" &&
+              uvicorn danswer.main:app --host 0.0.0.0 --port 8080
+          ports:
+            - containerPort: 8080
+          # Existing environment variables
+          env:
+            - name: OAUTH_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: danswer-secrets
+                  key: google_oauth_client_id
+            - name: OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: danswer-secrets
+                  key: google_oauth_client_secret
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: danswer-secrets
+                  key: redis_password
+          envFrom:
+            - configMapRef:
+                name: env-configmap
+          # Optional volume mount for CA certificate - feel free to comment out
+          # If not necessary
+          volumeMounts:
+            - name: my-ca-cert-volume
+              mountPath: /etc/ssl/certs/my-ca.crt
+              subPath: my-ca.crt
+      # Optional volume for CA certificate
+      volumes:
+        - name: my-ca-cert-volume
+          secret:
+            secretName: my-ca-cert
+            items:
+              - key: my-ca.crt
+                path: my-ca.crt

deployment/kubernetes/background-deployment.yaml

@@ -13,18 +13,35 @@ spec:
         app: background
     spec:
       containers:
-      - name: background
-        image: danswer/danswer-backend:latest
-        imagePullPolicy: IfNotPresent
-        command: ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
-        # There are some extra values since this is shared between services
-        # There are no conflicts though, extra env variables are simply ignored
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: danswer-secrets
-              key: redis_password
-        envFrom:
-        - configMapRef:
-            name: env-configmap
+        - name: background
+          image: danswer/danswer-backend:latest
+          imagePullPolicy: IfNotPresent
+          command:
+            [
+              "/usr/bin/supervisord",
+              "-c",
+              "/etc/supervisor/conf.d/supervisord.conf",
+            ]
+          # Existing environment variables
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: danswer-secrets
+                  key: redis_password
+          envFrom:
+            - configMapRef:
+                name: env-configmap
+          # Optional volume mount for CA certificate
+          volumeMounts:
+            - name: my-ca-cert-volume
+              mountPath: /etc/ssl/certs/my-ca.crt
+              subPath: my-ca.crt
+      # Optional volume for CA certificate
+      volumes:
+        - name: my-ca-cert-volume
+          secret:
+            secretName: my-ca-cert
+            items:
+              - key: my-ca.crt
+                path: my-ca.crt

web/src/app/chat/ChatPage.tsx

@@ -2512,7 +2512,10 @@ export function ChatPage({
               )}
             </div>
           </div>
-          <FixedLogo chat />
+          <FixedLogo
+            chat
+            toggledBackground={toggledSidebar || showDocSidebar}
+          />
         </div>
       </div>
       <DocumentSidebar

web/src/app/chat/sessionSidebar/ChatSessionDisplay.tsx

@@ -145,7 +145,7 @@ export function ChatSessionDisplay({
                     ${
                       isSelected
                         ? "to-background-chat-hover"
-                        : " to-background-chat-selected group-hover:to-background-chat-hover"
+                        : " to-background-chat-hove group-hover:to-background-chat-selected"
                     } `}
                   />
                 </p>

web/src/app/chat/shared_chat_search/FixedLogo.tsx

@@ -8,7 +8,13 @@ import Link from "next/link";
 import { useContext } from "react";
 import { FiSidebar } from "react-icons/fi";
 
-export default function FixedLogo({ chat }: { chat?: boolean }) {
+export default function FixedLogo({
+  chat,
+  toggledBackground,
+}: {
+  chat?: boolean;
+  toggledBackground?: boolean;
+}) {
   const combinedSettings = useContext(SettingsContext);
   const settings = combinedSettings?.settings;
   const enterpriseSettings = combinedSettings?.enterpriseSettings;
@@ -28,7 +34,7 @@ export default function FixedLogo({ chat }: { chat?: boolean }) {
           <div className="w-full">
             {enterpriseSettings && enterpriseSettings.application_name ? (
               <div>
-                <HeaderTitle chat={chat}>
+                <HeaderTitle toggledBackground={toggledBackground} chat={chat}>
                   {enterpriseSettings.application_name}
                 </HeaderTitle>
                 {!NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED && (
@@ -36,7 +42,9 @@ export default function FixedLogo({ chat }: { chat?: boolean }) {
                 )}
               </div>
             ) : (
-              <HeaderTitle chat={chat}>Danswer</HeaderTitle>
+              <HeaderTitle toggledBackground={toggledBackground} chat={chat}>
+                Danswer
+              </HeaderTitle>
             )}
           </div>
         </div>

web/src/components/BasicClickable.tsx

@@ -108,7 +108,7 @@ export function BasicSelectable({
               ? "bg-background-chat-selected"
               : "bg-hover"
             : chat
-              ? "bg-background-chat-hover"
+              ? "hover:bg-background-chat-hover"
               : "hover:bg-hover"
         }
         ${fullWidth ? "w-full" : ""}`}

web/src/components/header/HeaderTitle.tsx

@@ -5,9 +5,11 @@ import React from "react";
 export function HeaderTitle({
   children,
   chat,
+  toggledBackground,
 }: {
   children: JSX.Element | string;
   chat?: boolean;
+  toggledBackground?: boolean;
 }) {
   const isString = typeof children === "string";
   const textSize = isString && children.length > 10 ? "text-xl" : "text-2xl";
@@ -15,7 +17,11 @@ export function HeaderTitle({
   return (
     <h1
       className={`${textSize} ${
-        chat ? "text-text-sidebar-header" : "text-text-header"
+        chat
+          ? toggledBackground
+            ? "text-text-sidebar-toggled-header"
+            : "text-text-sidebar-header"
+          : "text-text-header"
       } break-words line-clamp-2 ellipsis text-strong leading-none font-bold`}
     >
       {children}

web/src/components/header/LogoType.tsx

@@ -37,7 +37,9 @@ export default function LogoType({
 
   return (
     <div
-      className={`${hideOnMobile && "mobile:hidden"} z-[100] mb-auto shrink-0 flex items-center text-xl font-bold`}
+      className={`${
+        hideOnMobile && "mobile:hidden"
+      } z-[100] mb-auto shrink-0 flex items-center text-xl font-bold`}
     >
       {toggleSidebar && page == "chat" ? (
         <button
@@ -55,7 +57,9 @@ export default function LogoType({
         </div>
       )}
       <div
-        className={`cursor-pointer ${showArrow ? "desktop:invisible" : "invisible"} break-words inline-block w-fit ml-2 text-text-700 text-xl`}
+        className={`cursor-pointer ${
+          showArrow ? "desktop:invisible" : "invisible"
+        } break-words inline-block w-fit ml-2 text-text-700 text-xl`}
       >
         <div className="max-w-[175px]">
           {enterpriseSettings && enterpriseSettings.application_name ? (
@@ -102,7 +106,7 @@ export default function LogoType({
           content={toggled ? `Unpin sidebar` : "Pin sidebar"}
         >
           <button
-            className="mr-3 my-auto ml-auto"
+            className="text-red-500 mr-3 my-auto ml-auto"
             onClick={() => {
               toggleSidebar();
               if (toggled) {
@@ -111,9 +115,9 @@ export default function LogoType({
             }}
           >
             {!toggled && !combinedSettings?.isMobile ? (
-              <RightToLineIcon />
+              <RightToLineIcon className="text-sidebar-toggle" />
             ) : (
-              <LeftToLineIcon />
+              <LeftToLineIcon className="text-sidebar-toggle" />
             )}
           </button>
         </Tooltip>

web/src/components/search/SearchSection.tsx

@@ -851,7 +851,7 @@ export const SearchSection = ({
           </div>
         </div>
       </div>
-      <FixedLogo chat />
+      <FixedLogo chat toggledBackground={toggledSidebar || showDocSidebar} />
     </>
   );
 };

web/tailwind-themes/tailwind.config.js

@@ -83,7 +83,7 @@ module.exports = {
         "non-selectable": "var(--non-selectable)",
 
         // background
-        background: "var(--background)",
+        background: "#EDEDF1",
         "background-100": "var(--background-100)",
         "background-125": "var(--background-125)",
         "background-150": "var(--background-150)",
@@ -95,27 +95,38 @@ module.exports = {
         "background-700": "var(--background-700)",
         "background-800": "var(--background-800)",
         "background-900": "var(--background-900)",
+        "background-toggle": "var(--background-100)",
 
+        "toggled-background": "var(--background-500)",
+        "untoggled-background": "var(--background-300)",
         "background-inverted": "var(--background-inverted)",
         "background-emphasis": "var(--background-emphasis)",
         "background-strong": "var(--background-strong)",
         "background-search": "var(--white)",
 
+        "text-sidebar-toggled-header": "var(--text-200)",
+        "text-sidebar-header": "var(--text-900)",
+        "text-sidebar-dark": "var(--text-200)",
+
+        "search-answer-border": "var(--background-300)",
+
+        "background-chat-hover": "#1D4ED8",
+        "background-chat-selected": "#1D4ED8",
         // colors for sidebar in chat, search, and manage settings
-        "background-sidebar": "var(--background-100)",
+        "background-sidebar": "#0021A5",
         "background-settings-sidebar": "var(--background-100)",
-        "background-chatbar": "var(--background-100)",
-        "text-sidebar": "var(--text-500)",
+        "background-chatbar": "#FFFFFF",
+        "text-sidebar": "#FFFFFF",
 
         // Settings
-        "text-sidebar-subtle": "var(--text-500)",
+        "text-sidebar-subtle": "#A9D4FF",
         "icon-settings-sidebar": "var(--text-600)",
         "text-settings-sidebar": "var(--text-600)",
         "text-settings-sidebar-strong": "var(--text-900)",
         "background-settings-hover": "var(--background-200)",
 
         // Background for chat messages (user bubbles)
-        user: "var(--user-bubble)",
+        user: "#0021A5",
 
         // Colors for the search toggle buttons
         "background-agentic-toggled": "var(--light-success)",
@@ -129,9 +140,11 @@ module.exports = {
         "star-indicator": "var(--background-100)",
 
         // Backgrounds for submit buttons on search and chat
-        "submit-background": "var(--background-800)",
+        "submit-background": "#0021A5",
         "disabled-submit-background": "var(--background-400)",
 
+        "sidebar-toggle": "var(--text-200)",
+
         input: "var(--white)",
 
         "text-50": "var(--text-50)",
@@ -146,7 +159,7 @@ module.exports = {
         "text-900": "var(--text-900)",
         "text-950": "var(--text-950)",
 
-        "user-text": "var(--text-800)",
+        "user-text": "#FFFFFF",
 
         description: "var(--text-400)",
         subtle: "var(--text-500)",