SSL error when importing requests library in Dify workflow code execution module

ZPerling commented 2 days ago

Self Checks

[X] This is only for bug report, if you would like to ask a question, please head to Discussions.
[X] I have searched for existing issues search for existing issues, including closed ones.
[X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
[X] [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
[X] Please do not modify this template :) and fill in all the required fields.

Dify version

0.10.2

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

When importing the Python requests library in the Dify workflow code execution module, an SSL exception is thrown. I previously saw a similar issue that was reportedly resolved by upgrading sandbox to version 0.2.9. However, after upgrading, the problem persisted.

Today, I upgraded to the latest versions (Dify 0.10.2 and sandbox 0.2.10), but the issue still remains.

Below is a screenshot of the specific error:

dify-sandbox log：

2024/11/04 08:19:57 setup.go:29: [INFO]initializing nodejs runner environment...
2024/11/04 08:19:57 setup.go:85: [INFO]nodejs runner environment initialized
2024/11/04 08:19:57 setup.go:33: [INFO]initializing python runner environment...
2024/11/04 08:19:57 config.go:129: [INFO]network has been enabled
2024/11/04 08:19:57 config.go:145: [INFO]using https proxy: http://ssrf_proxy:3128
2024/11/04 08:19:57 config.go:154: [INFO]using http proxy: http://ssrf_proxy:3128
2024/11/04 08:19:57 server.go:20: [INFO]config init success
2024/11/04 08:19:57 server.go:26: [INFO]runner dependencies init success
2024/11/04 08:19:57 cocrrent.go:31: [INFO]setting max requests to 50
2024/11/04 08:19:57 cocrrent.go:13: [INFO]setting max workers to 4
2024/11/04 08:19:57 server.go:47: [INFO]installing python dependencies...
2024/11/04 08:19:57 server.go:53: [INFO]python dependencies installed
2024/11/04 08:19:57 server.go:55: [INFO]initializing python dependencies sandbox...
2024/11/04 08:20:04 env.go:30: [WARN]python lib path /usr/lib/python3 is not available
2024/11/04 08:20:08 env.go:30: [WARN]python lib path /run/systemd/resolve/stub-resolv.conf is not available
2024/11/04 08:20:08 env.go:30: [WARN]python lib path /run/resolvconf/resolv.conf is not available
2024/11/04 08:20:12 server.go:60: [INFO]python dependencies sandbox initialized
[GIN] 2024/11/04 - 08:20:27 | 200 |      23.184µs |             ::1 | GET      "/health"
[GIN] 2024/11/04 - 08:20:57 | 200 |      36.027µs |             ::1 | GET      "/health"
[GIN] 2024/11/04 - 08:21:27 | 200 |       26.57µs |             ::1 | GET      "/health"
[GIN] 2024/11/04 - 08:21:57 | 200 |      29.175µs |             ::1 | GET      "/health"
[GIN] 2024/11/04 - 08:22:18 | 200 |  112.636625ms |      172.25.0.9 | POST     "/v1/sandbox/run"

✔️ Expected Behavior

Python requests library should work normally

❌ Actual Behavior

Python requests not work

dosubot[bot] commented 2 days ago

Hey, @ZPerling! I'm here to assist with bug fixes, answer your questions, and help you become a contributor. Let's tackle this issue together!

There is a similar closed issue regarding the requests module not functioning well in the sandbox environment due to missing character detection dependencies like chardet or charset_normalizer. To resolve this, you can add one of these dependencies to your pyproject.toml file:

[tool.poetry.dependencies]
# existing dependencies
chardet = "~5.1.0"  # Add this line to include chardet
# or
charset_normalizer = "~3.2.0"  # Add this line to include charset_normalizer

Additionally, the SSL error might be related to certificate verification issues. Here are some steps you can take:

Install Root Certificates: Ensure your system has the necessary root certificates installed. On Ubuntu, you can run:
```
sudo apt-get update
sudo apt-get install ca-certificates
```
Check Python SSL Configuration: Ensure the SSL module is correctly configured. Updating Python or the certifi package can help:
```
pip install --upgrade certifi
```
Docker Configuration: If running Dify in Docker, ensure the container has access to the host's CA certificates. You might need to mount the host's certificate directory into the container.

These steps should help address the SSL error you're encountering ^[1]^[2].

To continue talking to Dosu, mention @dosu.

crazywoola commented 2 days ago

It seems there is something wrong with you network configurations.

ZPerling commented 2 days ago

@crazywoola thanks for your response.

I've only added the 'default' network to the sandbox section in the Docker Compose file. Could this be related to the problem? Here's the relevant code:

sandbox:
    image: langgenius/dify-sandbox:0.2.10
    restart: always
    environment:
      API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
      GIN_MODE: ${SANDBOX_GIN_MODE:-release}
      WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
      ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
      HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
      HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
      SANDBOX_PORT: ${SANDBOX_PORT:-8194}
    volumes:
      - ./volumes/sandbox/dependencies:/dependencies
    healthcheck:
      test: ['CMD', 'curl', '-f', 'http://localhost:8194/health']
    networks:
      - ssrf_proxy_network
      - default

langgenius / dify