Skip to content

Docker Issues

Network & Connectivity

502 Bad Gateway

Nginx is forwarding to wrong container IPs. Get current container IPs:

docker ps -q | xargs -n 1 docker inspect --format '{{ .Name }}: {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'

Find these lines: 

/docker-web-1: 172.19.0.5
/docker-api-1: 172.19.0.7

Update flexai/docker/nginx/conf.d: - Replace http://api:5001 with http://172.19.0.7:5001 - Replace http://web:3000 with http://172.19.0.5:3000

Restart nginx or reload configuration. Note: IPs change on container restart.

Cannot access localhost services

Docker containers can't reach host services via 127.0.0.1. Use your machine's local network IP instead.

Example: For OpenLLM running on host, configure FlexAI with http://192.168.1.100:port (your actual local IP).

Page loads forever with CORS errors

Domain/URL changes cause cross-origin issues. Update in docker-compose.yml:

  • CONSOLE_API_URL - Backend URL for console API
  • CONSOLE_WEB_URL - Frontend URL for console web
  • SERVICE_API_URL - Service API URL
  • APP_API_URL - WebApp API backend URL
  • APP_WEB_URL - WebApp URL

Mounting & Volumes

Nginx configuration mount failure

Error: 

Error mounting "/run/desktop/mnt/host/d/Documents/docker/nginx/nginx.conf" to rootfs at "/etc/nginx/nginx.conf": not a directory

Clone the complete project and run from docker directory:

git clone https://github.com/flexai/flexai.git
cd dify/docker
docker compose up -d

Port conflicts

Port 80 already in use? Either:

  1. Stop the conflicting service (usually Apache/Nginx): 

    sudo service nginx stop
sudo service apache2 stop

  2. Or change port mapping in docker-compose.yaml: 

    ports:
  - "8080:80"  # Map to different port

Container Management

View background shell outputs

List running shells: 

docker exec -it docker-api-1 ls /tmp/shells/

Check shell output: 

docker exec -it docker-api-1 cat /tmp/shells/[shell-id]/output.log

Container restart issues

After system reboot, containers may fail to connect. Ensure proper startup order:

docker compose down
docker compose up -d

Wait for all services to be healthy before accessing.

SSRF Proxy

The ssrf_proxy container prevents Server-Side Request Forgery attacks.

Customize proxy rules

Edit docker/volumes/ssrf_proxy/squid.conf to add ACL rules:

# Block access to sensitive internal IP
acl restricted_ip dst 192.168.101.19
acl localnet src 192.168.101.0/24

http_access deny restricted_ip
http_access allow localnet
http_access deny all

Restart the proxy container after changes.

Why is SSRF_PROXY needed?

Prevents services from making unauthorized requests to internal network resources. The proxy intercepts and filters all outbound requests from sandboxed services.