主要就是不要用nigx 代理 一用就是出问题;
cat /etc/systemd/system/docker.service.d/http-proxy.conf
cat /etc/docker/daemon.json
✅ docker pull 用的是:系统服务代理(1 号位置)
✅ docker 下载加速用的是:daemon.json(2 号位置)
✅ 终端代理不影响 docker pull
docker-compose是低版本
您之前用的是 docker-compose(V1),它不支持新配置语法。现在用 docker compose(V2,注意没有横线)就能正常工作了。
Docker Compose V2 已经集成在 Docker 中,直接使用:
使用 docker compose(没有横线)而不是 docker-compose
docker compose version
docker compose version
添加服务器地址配置--------------解决局域网访问---127.0.0.1 返回错误问题
验证是否添加成功
tail -15 .env
添加3000端口配置
cd ~/dify/docker
使用 sudo 创建文件
sudo tee docker-compose.override.yaml << 'EOF'
services:
web:
ports:
- "80:3000"
api:
ports:
- "5001:5001"
plugin_daemon:
ports:
- "5003:5003"
nginx:
restart: "no"
command: ["/bin/sh", "-c", "exit 0"]
ssrf_proxy:
restart: "no"
command: ["/bin/sh", "-c", "exit 0"]
EOF
验证文件已创建
cat docker-compose.override.yaml
重启服务
docker compose down
docker compose up -d
等待启动
sleep 20
查看端口映射
docker ps --format "table {{.Names}}\t{{.Ports}}"
测试访问
curl -I http://localhost:3000
curl http://localhost:5001/health
重新创建容器
sudo docker compose down
sudo docker compose up -d
等待启动
sleep 15
查看端口映射
sudo docker ps --format "table {{.Names}}\t{{.Ports}}"
测试 API
curl http://192.168.0.21:5001/health
测试 Web
curl -I http://192.168.0.21:3000
ollama pull bge-m3 拉镜像
ollama run bge-m3 "你好" 测试
使用 sudo 创建文件
sudo tee docker-compose.override.yaml << 'EOF'
services:
web:
ports:
- "3000:3000"
api:
ports:
- "5001:5001"
plugin_daemon:
ports:
- "5003:5003"
nginx:
restart: "no"
command: ["/bin/sh", "-c", "exit 0"]
ssrf_proxy:
restart: "no"
command: ["/bin/sh", "-c", "exit 0"]
EOF
1:# 停止并删除 API 容器
docker stop docker-api-1
docker rm docker-api-1
重新创建 API 容器,清除所有代理变量
docker run -d \
--name docker-api-1 \
--network docker_default \
-p 5001:5001 \
-e MODE=api \
-e MARKETPLACE_ENABLED=true \
-e MARKETPLACE_API_URL=https://marketplace.dify.ai \
-e DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true \
-e SANDBOX_HTTP_PROXY= \
-e SANDBOX_HTTPS_PROXY= \
-e SSRF_PROXY_HTTP_URL= \
-e SSRF_PROXY_HTTPS_URL= \
-e HTTP_PROXY= \
-e HTTPS_PROXY= \
-e NO_PROXY=localhost,127.0.0.1,192.168.0.21 \
langgenius/dify-api:1.14.1
- 同样修改插件守护进程
docker stop docker-plugin_daemon-1
docker rm docker-plugin_daemon-1
docker run -d \
--name docker-plugin_daemon-1 \
--network docker_default \
-p 5003:5003 \
-e MARKETPLACE_ENABLED=true \
-e HTTP_PROXY= \
-e HTTPS_PROXY= \
langgenius/dify-plugin-daemon:0.6.0-local
- 确保 .env 文件中没有代理配置
主要添加这些
服务器地址配置(添加于 2026-05-15)
CONSOLE_API_URL=http://192.168.0.21:5001
CONSOLE_WEB_URL=http://192.168.0.21:3000
SERVICE_API_URL=http://192.168.0.21:5001
APP_API_URL=http://192.168.0.21:5001
APP_WEB_URL=http://192.168.0.21:3000
FILES_URL=http://192.168.0.21:5001
NEXT_PUBLIC_API_PREFIX=http://192.168.0.21:5001/console/api
NEXT_PUBLIC_PUBLIC_API_PREFIX=http://192.168.0.21:5001/api
NEXT_PUBLIC_COOKIE_DOMAIN=192.168.0.21
禁用插件下载的 SSRF 代理
DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true
禁用全局代理
HTTP_PROXY=
HTTPS_PROXY=
NO_PROXY=localhost,127.0.0.1,192.168.0.21,.local
确保插件市场启用
MARKETPLACE_ENABLED=true
MARKETPLACE_API_URL=https://marketplace.dify.ai
禁用代理
DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true
HTTP_PROXY=
HTTPS_PROXY=
cd ~/dify/docker
注释掉所有代理相关的行
sed -i 's/^SANDBOX_HTTP_PROXY=/#SANDBOX_HTTP_PROXY=/g' .env
sed -i 's/^SANDBOX_HTTPS_PROXY=/#SANDBOX_HTTPS_PROXY=/g' .env
sed -i 's/^SSRF_PROXY_HTTP_URL=/#SSRF_PROXY_HTTP_URL=/g' .env
sed -i 's/^SSRF_PROXY_HTTPS_URL=/#SSRF_PROXY_HTTPS_URL=/g' .env
添加禁用代理的配置
echo "" >> .env
echo "# 禁用代理" >> .env
echo "DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true" >> .env
echo "HTTP_PROXY=" >> .env
echo "HTTPS_PROXY=" >> .env
//这个不需要了 -------------------------------------------------不行的时候可以试下
4:重启 Worker 容器
docker stop docker-worker-1 docker-worker_beat-1
docker rm docker-worker-1 docker-worker_beat-1
docker run -d \
--name docker-worker-1 \
--network docker_default \
-e MODE=worker \
-e HTTP_PROXY= \
-e HTTPS_PROXY= \
langgenius/dify-api:1.14.1
docker run -d \
--name docker-worker_beat-1 \
--network docker_default \
-e MODE=worker_beat \
-e HTTP_PROXY= \
-e HTTPS_PROXY= \
langgenius/dify-api:1.14.1
//这个不需要了 -------------------------------------------------
- 验证
验证 API 容器没有代理变量
docker exec docker-api-1 env | grep -i proxy
应该只看到 DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true
不应该有 SANDBOX_HTTP_PROXY 或 SSRF_PROXY_HTTP_URL
Docker 守护进程的 DNS 配置
daemon.json
sunyujian@sunyujian-All-Series:~/dify/docker$ cat /etc/docker/daemon.json
{
"dns": ["223.5.5.5", "119.29.29.29", "8.8.8.8"],
"dns-search": [],
"registry-mirrors": [
"https://docker.m.daocloud.io",
]
}
,env
Runtime and security
LANG=C.UTF-8
LC_ALL=C.UTF-8
PYTHONIOENCODING=utf-8
UV_CACHE_DIR=/tmp/.uv-cache
Leave empty to auto-generate a persistent key in the storage directory.
SECRET_KEY=
INIT_PASSWORD=
DEPLOY_ENV=PRODUCTION
CHECK_UPDATE_URL=https://updates.dify.ai
OPENAI_API_BASE=https://api.openai.com/v1
MIGRATION_ENABLED=true
FILES_ACCESS_TIMEOUT=300
Remove `collaboration` from COMPOSE_PROFILES to stop the dedicated websocket service.
ENABLE_COLLABORATION_MODE=true
Logging and server workers
LOG_LEVEL=INFO
LOG_OUTPUT_FORMAT=text
LOG_FILE=/app/logs/server.log
LOG_FILE_MAX_SIZE=20
LOG_FILE_BACKUP_COUNT=5
LOG_DATEFORMAT=%Y-%m-%d %H:%M:%S
LOG_TZ=UTC
DEBUG=false
FLASK_DEBUG=false
ENABLE_REQUEST_LOGGING=False
DIFY_BIND_ADDRESS=0.0.0.0
DIFY_PORT=5001
SERVER_WORKER_AMOUNT=1
SERVER_WORKER_CLASS=gevent
SERVER_WORKER_CONNECTIONS=10
API_WEBSOCKET_WORKER_CLASS=geventwebsocket.gunicorn.workers.GeventWebSocketWorker
API_WEBSOCKET_WORKER_CONNECTIONS=1000
API_WEBSOCKET_GUNICORN_TIMEOUT=360
GUNICORN_TIMEOUT=360
CELERY_WORKER_CLASS=
CELERY_WORKER_AMOUNT=4
CELERY_AUTO_SCALE=false
CELERY_MAX_WORKERS=
CELERY_MIN_WORKERS=
COMPOSE_WORKER_HEALTHCHECK_DISABLED=true
COMPOSE_WORKER_HEALTHCHECK_INTERVAL=30s
COMPOSE_WORKER_HEALTHCHECK_TIMEOUT=30s
Database
DB_TYPE=postgresql
DB_USERNAME=postgres
DB_PASSWORD=difyai123456
DB_HOST=db_postgres
DB_PORT=5432
DB_DATABASE=dify
SQLALCHEMY_POOL_SIZE=30
SQLALCHEMY_MAX_OVERFLOW=10
SQLALCHEMY_POOL_RECYCLE=3600
SQLALCHEMY_ECHO=false
SQLALCHEMY_POOL_PRE_PING=false
SQLALCHEMY_POOL_USE_LIFO=false
SQLALCHEMY_POOL_TIMEOUT=30
SQLALCHEMY_POOL_RESET_ON_RETURN=rollback
PGDATA=/var/lib/postgresql/data/pgdata
POSTGRES_MAX_CONNECTIONS=200
POSTGRES_SHARED_BUFFERS=128MB
POSTGRES_WORK_MEM=4MB
POSTGRES_MAINTENANCE_WORK_MEM=64MB
POSTGRES_EFFECTIVE_CACHE_SIZE=4096MB
POSTGRES_STATEMENT_TIMEOUT=0
POSTGRES_IDLE_IN_TRANSACTION_SESSION_TIMEOUT=0
Redis and Celery
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_USERNAME=
REDIS_PASSWORD=difyai123456
REDIS_USE_SSL=false
REDIS_SSL_CERT_REQS=CERT_NONE
REDIS_SSL_CA_CERTS=
REDIS_SSL_CERTFILE=
REDIS_SSL_KEYFILE=
REDIS_DB=0
REDIS_KEY_PREFIX=
REDIS_MAX_CONNECTIONS=
REDIS_RETRY_RETRIES=3
REDIS_RETRY_BACKOFF_BASE=1.0
REDIS_RETRY_BACKOFF_CAP=10.0
REDIS_SOCKET_TIMEOUT=5.0
REDIS_SOCKET_CONNECT_TIMEOUT=5.0
REDIS_HEALTH_CHECK_INTERVAL=30
CELERY_BROKER_URL=redis://:difyai123456@redis:6379/1
CELERY_BACKEND=redis
BROKER_USE_SSL=false
CELERY_TASK_ANNOTATIONS=null
EVENT_BUS_REDIS_URL=
EVENT_BUS_REDIS_CHANNEL_TYPE=pubsub
EVENT_BUS_REDIS_USE_CLUSTERS=false
Web and app limits
WEB_API_CORS_ALLOW_ORIGINS=*
CONSOLE_CORS_ALLOW_ORIGINS=*
COOKIE_DOMAIN=
NEXT_PUBLIC_COOKIE_DOMAIN=
NEXT_PUBLIC_BATCH_CONCURRENCY=5
API_SENTRY_DSN=
API_SENTRY_TRACES_SAMPLE_RATE=1.0
API_SENTRY_PROFILES_SAMPLE_RATE=1.0
WEB_SENTRY_DSN=
AMPLITUDE_API_KEY=
TEXT_GENERATION_TIMEOUT_MS=60000
CSP_WHITELIST=
ALLOW_EMBED=false
ALLOW_INLINE_STYLES=false
ALLOW_UNSAFE_DATA_SCHEME=false
TOP_K_MAX_VALUE=10
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
LOOP_NODE_MAX_COUNT=100
MAX_TOOLS_NUM=10
MAX_PARALLEL_LIMIT=10
MAX_ITERATIONS_NUM=99
MAX_TREE_DEPTH=50
ENABLE_WEBSITE_JINAREADER=true
ENABLE_WEBSITE_FIRECRAWL=true
ENABLE_WEBSITE_WATERCRAWL=true
NEXT_PUBLIC_ENABLE_SINGLE_DOLLAR_LATEX=false
EXPERIMENTAL_ENABLE_VINEXT=false
Storage and default vector store
STORAGE_TYPE=opendal
OPENDAL_SCHEME=fs
OPENDAL_FS_ROOT=storage
VECTOR_STORE=weaviate
VECTOR_INDEX_NAME_PREFIX=Vector_index
WEAVIATE_ENDPOINT=http://weaviate:8080
WEAVIATE_API_KEY=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
WEAVIATE_GRPC_ENDPOINT=grpc://weaviate:50051
WEAVIATE_TOKENIZATION=word
WEAVIATE_PERSISTENCE_DATA_PATH=/var/lib/weaviate
WEAVIATE_QUERY_DEFAULTS_LIMIT=25
WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
WEAVIATE_DEFAULT_VECTORIZER_MODULE=none
WEAVIATE_CLUSTER_HOSTNAME=node1
WEAVIATE_AUTHENTICATION_APIKEY_ENABLED=true
WEAVIATE_AUTHENTICATION_APIKEY_ALLOWED_KEYS=WVF5YThaHlkYwhGUSmCRgsX3tD5ngdN8pkih
WEAVIATE_AUTHENTICATION_APIKEY_USERS=hello@dify.ai
WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED=true
WEAVIATE_AUTHORIZATION_ADMINLIST_USERS=hello@dify.ai
WEAVIATE_DISABLE_TELEMETRY=false
WEAVIATE_ENABLE_TOKENIZER_GSE=false
WEAVIATE_ENABLE_TOKENIZER_KAGOME_JA=false
WEAVIATE_ENABLE_TOKENIZER_KAGOME_KR=false
Sandbox and SSRF proxy
CODE_EXECUTION_ENDPOINT=http://sandbox:8194
CODE_EXECUTION_API_KEY=dify-sandbox
CODE_EXECUTION_SSL_VERIFY=True
CODE_EXECUTION_POOL_MAX_CONNECTIONS=100
CODE_EXECUTION_POOL_MAX_KEEPALIVE_CONNECTIONS=20
CODE_EXECUTION_POOL_KEEPALIVE_EXPIRY=5.0
CODE_EXECUTION_CONNECT_TIMEOUT=10
CODE_EXECUTION_READ_TIMEOUT=60
CODE_EXECUTION_WRITE_TIMEOUT=10
SANDBOX_API_KEY=dify-sandbox
SANDBOX_GIN_MODE=release
SANDBOX_WORKER_TIMEOUT=15
SANDBOX_ENABLE_NETWORK=true
#SANDBOX_HTTP_PROXY=http://ssrf_proxy:3128
#SANDBOX_HTTPS_PROXY=http://ssrf_proxy:3128
SANDBOX_PORT=8194
PIP_MIRROR_URL=
#SSRF_PROXY_HTTP_URL=http://ssrf_proxy:3128
#SSRF_PROXY_HTTPS_URL=http://ssrf_proxy:3128
SSRF_HTTP_PORT=3128
SSRF_COREDUMP_DIR=/var/spool/squid
SSRF_REVERSE_PROXY_PORT=8194
SSRF_SANDBOX_HOST=sandbox
SSRF_DEFAULT_TIME_OUT=5
SSRF_DEFAULT_CONNECT_TIME_OUT=5
SSRF_DEFAULT_READ_TIME_OUT=5
SSRF_DEFAULT_WRITE_TIME_OUT=5
SSRF_POOL_MAX_CONNECTIONS=100
SSRF_POOL_MAX_KEEPALIVE_CONNECTIONS=20
SSRF_POOL_KEEPALIVE_EXPIRY=5.0
Plugin daemon
DB_PLUGIN_DATABASE=dify_plugin
EXPOSE_PLUGIN_DAEMON_PORT=5002
PLUGIN_DAEMON_PORT=5002
PLUGIN_DAEMON_KEY=lYkiYYT6owG+71oLerGzA7GXCgOT++6ovaezWAjpCjf+Sjc3ZtU+qUEi
PLUGIN_DAEMON_URL=http://plugin_daemon:5002
PLUGIN_MAX_PACKAGE_SIZE=52428800
PLUGIN_MODEL_SCHEMA_CACHE_TTL=3600
PLUGIN_PPROF_ENABLED=false
PLUGIN_DEBUGGING_HOST=0.0.0.0
PLUGIN_DEBUGGING_PORT=5003
EXPOSE_PLUGIN_DEBUGGING_HOST=localhost
EXPOSE_PLUGIN_DEBUGGING_PORT=5003
PLUGIN_DIFY_INNER_API_KEY=QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1
PLUGIN_DIFY_INNER_API_URL=http://api:5001
FORCE_VERIFYING_SIGNATURE=true
PLUGIN_STDIO_BUFFER_SIZE=1024
PLUGIN_STDIO_MAX_BUFFER_SIZE=5242880
PLUGIN_PYTHON_ENV_INIT_TIMEOUT=120
PLUGIN_MAX_EXECUTION_TIMEOUT=600
PLUGIN_STORAGE_TYPE=local
PLUGIN_STORAGE_LOCAL_ROOT=/app/storage
PLUGIN_WORKING_PATH=/app/storage/cwd
PLUGIN_INSTALLED_PATH=plugin
PLUGIN_PACKAGE_CACHE_PATH=plugin_packages
PLUGIN_MEDIA_CACHE_PATH=assets
PLUGIN_STORAGE_OSS_BUCKET=
PLUGIN_SENTRY_ENABLED=false
PLUGIN_SENTRY_DSN=
MARKETPLACE_ENABLED=true
MARKETPLACE_API_URL=https://marketplace.dify.ai
MARKETPLACE_URL=
Nginx and Docker Compose
NGINX_SERVER_NAME=_
NGINX_HTTPS_ENABLED=false
NGINX_PORT=80
NGINX_SSL_PORT=443
NGINX_SSL_CERT_FILENAME=dify.crt
NGINX_SSL_CERT_KEY_FILENAME=dify.key
NGINX_SSL_PROTOCOLS=TLSv1.2 TLSv1.3
NGINX_WORKER_PROCESSES=auto
NGINX_CLIENT_MAX_BODY_SIZE=100M
NGINX_KEEPALIVE_TIMEOUT=65
NGINX_PROXY_READ_TIMEOUT=3600s
NGINX_PROXY_SEND_TIMEOUT=3600s
NGINX_ENABLE_CERTBOT_CHALLENGE=false
NGINX_SOCKET_IO_UPSTREAM=api_websocket:5001
EXPOSE_NGINX_PORT=80
EXPOSE_NGINX_SSL_PORT=443
COMPOSE_PROFILES={VECTOR_STORE:-weaviate},{DB_TYPE:-postgresql},collaboration
增加的是下面的部分
服务器地址配置(添加于 2026-05-15)
CONSOLE_API_URL=http://192.168.0.21:5001
CONSOLE_WEB_URL=http://192.168.0.21:3000
SERVICE_API_URL=http://192.168.0.21:5001
APP_API_URL=http://192.168.0.21:5001
APP_WEB_URL=http://192.168.0.21:3000
FILES_URL=http://192.168.0.21:5001
NEXT_PUBLIC_API_PREFIX=http://192.168.0.21:5001/console/api
NEXT_PUBLIC_PUBLIC_API_PREFIX=http://192.168.0.21:5001/api
NEXT_PUBLIC_COOKIE_DOMAIN=192.168.0.21
禁用插件下载的 SSRF 代理
DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true
禁用全局代理
HTTP_PROXY=
HTTPS_PROXY=
NO_PROXY=localhost,127.0.0.1,192.168.0.21,.local
确保插件市场启用
MARKETPLACE_ENABLED=true
MARKETPLACE_API_URL=https://marketplace.dify.ai
禁用代理
DISABLE_SSRF_PROXY_FOR_PLUGIN_INSTALL=true
HTTP_PROXY=
HTTPS_PROXY=