Open allentern opened 2 days ago
Hello @allentern! I'm here to assist you with any bugs, questions, or contributions you have while waiting for a human maintainer. Let's tackle this together!
To resolve the network issue error Failed to execute code, which is likely a network issue, please check if the sandbox service is running. (Error: [Errno 113] No route to host)
when executing Python code in a self-hosted Dify environment using Docker, ensure that the sandbox
service is properly configured and running. Specifically, check the following:
Sandbox Service Configuration: Ensure that the sandbox
service is correctly defined in your docker-compose.middleware.yaml
file. The provided configuration looks correct, but verify that the SANDBOX_PORT
is set to 8194
and that the ENABLE_NETWORK
is set to 'true'
.
Network Configuration: The sandbox
service is part of the ssrf_proxy_network
, which is defined as an internal network. This means it cannot access outside networks. Ensure that the ssrf_proxy
service is also correctly configured and running, as it acts as a proxy for the sandbox
service.
Service Status: Check if the sandbox
service is running without issues. You can do this by running:
docker-compose -f docker-compose.middleware.yaml ps
Ensure that the sandbox
service is listed and its status is Up
.
Network Connectivity: Verify that there is no network connectivity issue between the sandbox
service and other services it needs to communicate with. You can use Docker's network inspection tools to check this:
docker network inspect ssrf_proxy_network
Proxy Configuration: Ensure that the ssrf_proxy
service is correctly configured and that the squid.conf
file is properly set up to fit your network environment. The sandbox
service relies on this proxy for network access.
Additionally, ensure that your .env
file is correctly configured. Here are some relevant environment variables from the docker/.env.example
file:
# Environment Variables for sandbox Service
# The API key for the sandbox service
API_KEY=dify-sandbox
# The mode in which the Gin framework runs
GIN_MODE=release
# The timeout for the worker in seconds
WORKER_TIMEOUT=15
# Enable network for the sandbox service
ENABLE_NETWORK=true
# HTTP proxy URL for SSRF protection
HTTP_PROXY=http://ssrf_proxy:3128
# HTTPS proxy URL for SSRF protection
HTTPS_PROXY=http://ssrf_proxy:3128
# The port on which the sandbox service runs
SANDBOX_PORT=8194
Ensure these variables are correctly set in your environment. If all configurations are correct and the services are running, but the issue persists, there might be a deeper network configuration issue that needs to be addressed.
Refer to the docker-compose.yaml
file for additional configuration details:
# The DifySandbox
sandbox:
image: langgenius/dify-sandbox:0.2.1
restart: always
environment:
API_KEY: ${API_KEY:-dify-sandbox}
GIN_MODE: ${GIN_MODE:-release}
WORKER_TIMEOUT: ${WORKER_TIMEOUT:-15}
ENABLE_NETWORK: ${ENABLE_NETWORK:-true}
HTTP_PROXY: ${HTTP_PROXY:-http://ssrf_proxy:3128}
HTTPS_PROXY: ${HTTPS_PROXY:-http://ssrf_proxy:3128}
SANDBOX_PORT: ${SANDBOX_PORT:-8194}
volumes:
- ./volumes/sandbox/dependencies:/dependencies
networks:
- ssrf_proxy_network
# ssrf_proxy server
ssrf_proxy:
image: ubuntu/squid:latest
restart: always
volumes:
- ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
- ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint.sh
entrypoint: ["sh", "-c", "chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"]
environment:
HTTP_PORT: ${HTTP_PORT:-3128}
COREDUMP_DIR: ${COREDUMP_DIR:-/var/spool/squid}
REVERSE_PROXY_PORT: ${REVERSE_PROXY_PORT:-8194}
SANDBOX_HOST: ${SANDBOX_HOST:-sandbox}
SANDBOX_PORT: ${SANDBOX_PORT:-8194}
networks:
- ssrf_proxy_network
- default
Ensure that these configurations are correctly set up and that the services are running as expected [1][2][3][4][5].
To continue talking to Dosu, mention @dosu.
Self Checks
Dify version
v0.6.12-fix1, v0.6.12
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
Failed to execute code, which is likely a network issue, please check if the sandbox service is running. ( Error: [Errno 113] No route to host )
log:
(base) root@iplus-s1:/home/rag/dify/docker# docker logs -f docker-ssrf_proxy-1 [ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process [ENTRYPOINT] replacing environment variables in the template 2024/07/02 11:08:39| NETDB state saved; 0 entries, 1 msec 2024/07/02 11:49:21| Logfile: opening log stdio:/var/spool/squid/netdb.state 2024/07/02 11:49:21| Logfile: closing log stdio:/var/spool/squid/netdb.state 2024/07/02 11:49:21| NETDB state saved; 0 entries, 0 msec 2024/07/02 12:41:21| Logfile: opening log stdio:/var/spool/squid/netdb.state 2024/07/02 12:41:21| Logfile: closing log stdio:/var/spool/squid/netdb.state 2024/07/02 12:41:21| NETDB state saved; 0 entries, 0 msec 2024/07/02 13:37:31| Logfile: opening log stdio:/var/spool/squid/netdb.state 2024/07/02 13:37:31| Logfile: closing log stdio:/var/spool/squid/netdb.state 2024/07/02 13:37:31| NETDB state saved; 0 entries, 0 msec 2024/07/02 14:10:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/07/02 14:10:23| Created PID file (/run/squid.pid) 2024/07/02 14:10:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/07/02 14:10:23| Created PID file (/run/squid.pid) 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Creating missing swap directories 2024/07/02 14:10:23| No cache_dir stores are configured. 2024/07/02 14:10:23| Creating missing swap directories 2024/07/02 14:10:23| No cache_dir stores are configured. 2024/07/02 14:10:23| Removing PID file (/run/squid.pid) 2024/07/02 14:10:23| Removing PID file (/run/squid.pid) [ENTRYPOINT] starting squid 2024/07/02 14:10:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/07/02 14:10:23| Created PID file (/run/squid.pid) 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Starting Squid Cache version 6.6 for x86_64-pc-linux-gnu... 2024/07/02 14:10:23| Service Name: squid 2024/07/02 14:10:23| Process ID 45 2024/07/02 14:10:23| Process Roles: master worker 2024/07/02 14:10:23| With 1024 file descriptors available 2024/07/02 14:10:23| Initializing IP Cache... 2024/07/02 14:10:23| DNS IPv4 socket created at 0.0.0.0, FD 8 2024/07/02 14:10:23| Adding nameserver 127.0.0.11 from /etc/resolv.conf 2024/07/02 14:10:23| Adding ndots 1 from /etc/resolv.conf 2024/07/02 14:10:23| Logfile: opening log daemon:/var/log/squid/access.log 2024/07/02 14:10:23| Logfile Daemon: opening log /var/log/squid/access.log 2024/07/02 14:10:23| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2024/07/02 14:10:23| Store logging disabled 2024/07/02 14:10:23| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2024/07/02 14:10:23| Target number of buckets: 1008 2024/07/02 14:10:23| Using 8192 Store buckets 2024/07/02 14:10:23| Max Mem size: 262144 KB 2024/07/02 14:10:23| Max Swap size: 0 KB 2024/07/02 14:10:23| Using Least Load store dir selection 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Finished loading MIME types and icons. 2024/07/02 14:10:23| HTCP Disabled. 2024/07/02 14:10:23| Pinger socket opened on FD 14 2024/07/02 14:10:23| Squid plugin modules loaded: 0 2024/07/02 14:10:23| Adaptation support is off. 2024/07/02 14:10:23| Accepting HTTP Socket connections at conn2 local=0.0.0.0:3128 remote=[::] FD 11 flags=9 listening port: 3128 2024/07/02 14:10:23| Accepting reverse-proxy HTTP Socket connections at conn4 local=0.0.0.0:8194 remote=[::] FD 12 flags=9 listening port: 8194 2024/07/02 14:10:23| Configuring Parent sandbox 2024/07/02 14:10:23| ERROR: Connection to sandbox failed 2024/07/02 14:10:23| Detected DEAD Parent: sandbox 2024/07/02 14:10:23 pinger| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23 pinger| Initialising ICMP pinger ... 2024/07/02 14:10:23 pinger| ICMP socket opened. 2024/07/02 14:10:23 pinger| ICMPv6 socket opened 2024/07/02 14:10:24| storeLateRelease: released 0 objects
✔️ Expected Behavior
Python code can be executed.
❌ Actual Behavior
I've been going through issues and documentation for a whole day, from sandbox to various configuration files, without success. I'm on the verge of frustration and really hope you can help resolve this issue. Thanks u.