search

langgenius / dify

Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.
https://dify.ai
Other
50.8k stars 7.3k forks source link

docker-ssrf_proxy can't start: "Squid Cache (Version 6.6): Terminated abnormally." #8193

Closed TaoAaron closed 1 month ago

TaoAaron commented 1 month ago

Self Checks

Dify version

V0.7.2

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

platform: arm64 linux ubuntu20.04

  1. deoploy the dify on the platfrom: cd docker; docker compose up -d; use "docker ps",every container run success

    dify1

  2. reboot the system

  3. use "docker ps" check the container status, we can find that docker-ssrf_proxy-1 always restarting .

    dify2

✔️ Expected Behavior

docker-ssrf_proxy-1 should be start success.

❌ Actual Behavior

docker-ssrf_proxy abnorml

squid
dosubot[bot] commented 1 month ago

Hello, @TaoAaron! I'm here to help you with any bugs, questions, or contributions you have for the project. Let's work together to solve this issue.

The docker-ssrf_proxy container is in a restarting state with the error "Squid Cache (Version 6.6): Terminated abnormally" because the squid.conf file might not be properly configured to fit your network environment. The docker-compose.middleware.yaml file specifies:

ssrf_proxy:
  image: ubuntu/squid:latest
  restart: always
  volumes:
    - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
    - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
  entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
  environment:
    # pls clearly modify the squid env vars to fit your network environment.
    HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
    COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
    REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
    SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
    SANDBOX_PORT: ${SANDBOX_PORT:-8194}
  ports:
    - "${EXPOSE_SSRF_PROXY_PORT:-3128}:${SSRF_HTTP_PORT:-3128}"
    - "${EXPOSE_SANDBOX_PORT:-8194}:${SANDBOX_PORT:-8194}"
  networks:
    - ssrf_proxy_network
    - default

Ensure that the squid.conf.template file located at ./ssrf_proxy/squid.conf.template is correctly configured for your network environment. Additionally, verify that the docker-entrypoint.sh script is correctly set up and that the environment variables are properly defined. Misconfigurations in these files or scripts can cause Squid to terminate abnormally.

To customize the proxy behavior, you can modify the squid.conf file located at docker/volumes/ssrf_proxy/squid.conf. For example, if you want to allow the 192.168.101.0/24 network to be accessed by the proxy but restrict access to an IP address 192.168.101.19 that contains sensitive data, you can add the following rules to squid.conf:

acl restricted_ip dst 192.168.101.19
acl localnet src 192.168.101.0/24

http_access deny restricted_ip
http_access allow localnet
http_access deny all

This is a basic example, and you can customize the rules to fit your specific needs. For more information about configuring squid, refer to the official documentation [1][2][3].

To continue talking to Dosu, mention @dosu.