Failed to execute code, which is likely a network issue, please check if the sandbox service is running. ( Error: [Errno 113] No route to host )

langgenius / dify

Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.

Other

36.25k stars 4.89k forks source link

Self Checks

[X] This is only for bug report, if you would like to ask a question, please head to Discussions.
[X] I have searched for existing issues search for existing issues, including closed ones.
[X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
[X] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
[X] Please do not modify this template :) and fill in all the required fields.

Dify version

v0.6.12-fix1, v0.6.12

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

Pulled the latest code,
Changed port 443 to 4443,
Started Docker,
Configured all system models,
Created a new flow, added a code node with Python, but encountered an error upon execution. Failed to execute code, which is likely a network issue, please check if the sandbox service is running. ( Error: [Errno 113] No route to host )

log: (base) root@iplus-s1:/home/rag/dify/docker# docker logs -f docker-ssrf_proxy-1 [ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process [ENTRYPOINT] replacing environment variables in the template 2024/07/02 11:08:39| NETDB state saved; 0 entries, 1 msec 2024/07/02 11:49:21| Logfile: opening log stdio:/var/spool/squid/netdb.state 2024/07/02 11:49:21| Logfile: closing log stdio:/var/spool/squid/netdb.state 2024/07/02 11:49:21| NETDB state saved; 0 entries, 0 msec 2024/07/02 12:41:21| Logfile: opening log stdio:/var/spool/squid/netdb.state 2024/07/02 12:41:21| Logfile: closing log stdio:/var/spool/squid/netdb.state 2024/07/02 12:41:21| NETDB state saved; 0 entries, 0 msec 2024/07/02 13:37:31| Logfile: opening log stdio:/var/spool/squid/netdb.state 2024/07/02 13:37:31| Logfile: closing log stdio:/var/spool/squid/netdb.state 2024/07/02 13:37:31| NETDB state saved; 0 entries, 0 msec 2024/07/02 14:10:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/07/02 14:10:23| Created PID file (/run/squid.pid) 2024/07/02 14:10:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/07/02 14:10:23| Created PID file (/run/squid.pid) 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Creating missing swap directories 2024/07/02 14:10:23| No cache_dir stores are configured. 2024/07/02 14:10:23| Creating missing swap directories 2024/07/02 14:10:23| No cache_dir stores are configured. 2024/07/02 14:10:23| Removing PID file (/run/squid.pid) 2024/07/02 14:10:23| Removing PID file (/run/squid.pid) [ENTRYPOINT] starting squid 2024/07/02 14:10:23| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| aclIpParseIpData: IPv6 has not been enabled. 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1) 2024/07/02 14:10:23| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1) 2024/07/02 14:10:23| Created PID file (/run/squid.pid) 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Starting Squid Cache version 6.6 for x86_64-pc-linux-gnu... 2024/07/02 14:10:23| Service Name: squid 2024/07/02 14:10:23| Process ID 45 2024/07/02 14:10:23| Process Roles: master worker 2024/07/02 14:10:23| With 1024 file descriptors available 2024/07/02 14:10:23| Initializing IP Cache... 2024/07/02 14:10:23| DNS IPv4 socket created at 0.0.0.0, FD 8 2024/07/02 14:10:23| Adding nameserver 127.0.0.11 from /etc/resolv.conf 2024/07/02 14:10:23| Adding ndots 1 from /etc/resolv.conf 2024/07/02 14:10:23| Logfile: opening log daemon:/var/log/squid/access.log 2024/07/02 14:10:23| Logfile Daemon: opening log /var/log/squid/access.log 2024/07/02 14:10:23| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2024/07/02 14:10:23| Store logging disabled 2024/07/02 14:10:23| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2024/07/02 14:10:23| Target number of buckets: 1008 2024/07/02 14:10:23| Using 8192 Store buckets 2024/07/02 14:10:23| Max Mem size: 262144 KB 2024/07/02 14:10:23| Max Swap size: 0 KB 2024/07/02 14:10:23| Using Least Load store dir selection 2024/07/02 14:10:23| Set Current Directory to /var/spool/squid 2024/07/02 14:10:23| Finished loading MIME types and icons. 2024/07/02 14:10:23| HTCP Disabled. 2024/07/02 14:10:23| Pinger socket opened on FD 14 2024/07/02 14:10:23| Squid plugin modules loaded: 0 2024/07/02 14:10:23| Adaptation support is off. 2024/07/02 14:10:23| Accepting HTTP Socket connections at conn2 local=0.0.0.0:3128 remote=[::] FD 11 flags=9 listening port: 3128 2024/07/02 14:10:23| Accepting reverse-proxy HTTP Socket connections at conn4 local=0.0.0.0:8194 remote=[::] FD 12 flags=9 listening port: 8194 2024/07/02 14:10:23| Configuring Parent sandbox 2024/07/02 14:10:23| ERROR: Connection to sandbox failed 2024/07/02 14:10:23| Detected DEAD Parent: sandbox 2024/07/02 14:10:23 pinger| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. 2024/07/02 14:10:23 pinger| Initialising ICMP pinger ... 2024/07/02 14:10:23 pinger| ICMP socket opened. 2024/07/02 14:10:23 pinger| ICMPv6 socket opened 2024/07/02 14:10:24| storeLateRelease: released 0 objects

✔️ Expected Behavior

Python code can be executed.

❌ Actual Behavior

I've been going through issues and documentation for a whole day, from sandbox to various configuration files, without success. I'm on the verge of frustration and really hope you can help resolve this issue. Thanks u.

Hello @allentern! I'm here to assist you with any bugs, questions, or contributions you have while waiting for a human maintainer. Let's tackle this together!

To resolve the network issue error Failed to execute code, which is likely a network issue, please check if the sandbox service is running. (Error: [Errno 113] No route to host) when executing Python code in a self-hosted Dify environment using Docker, ensure that the sandbox service is properly configured and running. Specifically, check the following:

Sandbox Service Configuration: Ensure that the sandbox service is correctly defined in your docker-compose.middleware.yaml file. The provided configuration looks correct, but verify that the SANDBOX_PORT is set to 8194 and that the ENABLE_NETWORK is set to 'true'.
Network Configuration: The sandbox service is part of the ssrf_proxy_network, which is defined as an internal network. This means it cannot access outside networks. Ensure that the ssrf_proxy service is also correctly configured and running, as it acts as a proxy for the sandbox service.
Service Status: Check if the sandbox service is running without issues. You can do this by running:
```
docker-compose -f docker-compose.middleware.yaml ps
```
Ensure that the sandbox service is listed and its status is Up.
Network Connectivity: Verify that there is no network connectivity issue between the sandbox service and other services it needs to communicate with. You can use Docker's network inspection tools to check this:
```
docker network inspect ssrf_proxy_network
```
Proxy Configuration: Ensure that the ssrf_proxy service is correctly configured and that the squid.conf file is properly set up to fit your network environment. The sandbox service relies on this proxy for network access.

Additionally, ensure that your .env file is correctly configured. Here are some relevant environment variables from the docker/.env.example file:

# Environment Variables for sandbox Service

# The API key for the sandbox service
API_KEY=dify-sandbox
# The mode in which the Gin framework runs
GIN_MODE=release
# The timeout for the worker in seconds
WORKER_TIMEOUT=15
# Enable network for the sandbox service
ENABLE_NETWORK=true
# HTTP proxy URL for SSRF protection
HTTP_PROXY=http://ssrf_proxy:3128
# HTTPS proxy URL for SSRF protection
HTTPS_PROXY=http://ssrf_proxy:3128
# The port on which the sandbox service runs
SANDBOX_PORT=8194

Ensure these variables are correctly set in your environment. If all configurations are correct and the services are running, but the issue persists, there might be a deeper network configuration issue that needs to be addressed.

Refer to the docker-compose.yaml file for additional configuration details:

# The DifySandbox
sandbox:
  image: langgenius/dify-sandbox:0.2.1
  restart: always
  environment:
    API_KEY: ${API_KEY:-dify-sandbox}
    GIN_MODE: ${GIN_MODE:-release}
    WORKER_TIMEOUT: ${WORKER_TIMEOUT:-15}
    ENABLE_NETWORK: ${ENABLE_NETWORK:-true}
    HTTP_PROXY: ${HTTP_PROXY:-http://ssrf_proxy:3128}
    HTTPS_PROXY: ${HTTPS_PROXY:-http://ssrf_proxy:3128}
    SANDBOX_PORT: ${SANDBOX_PORT:-8194}
  volumes:
    - ./volumes/sandbox/dependencies:/dependencies
  networks:
    - ssrf_proxy_network

# ssrf_proxy server
ssrf_proxy:
  image: ubuntu/squid:latest
  restart: always
  volumes:
    - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
    - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint.sh
  entrypoint: ["sh", "-c", "chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh"]
  environment:
    HTTP_PORT: ${HTTP_PORT:-3128}
    COREDUMP_DIR: ${COREDUMP_DIR:-/var/spool/squid}
    REVERSE_PROXY_PORT: ${REVERSE_PROXY_PORT:-8194}
    SANDBOX_HOST: ${SANDBOX_HOST:-sandbox}
    SANDBOX_PORT: ${SANDBOX_PORT:-8194}
  networks:
    - ssrf_proxy_network
    - default

Ensure that these configurations are correctly set up and that the services are running as expected ^[1]^[2]^[3]^[4]^[5].

To continue talking to Dosu, mention @dosu.

langgenius / dify