dify icon indicating copy to clipboard operation
dify copied to clipboard
Published 1 week ago verified publisher icon langgenius

The http proxy environment variable of Dify plugin_daemon only supports uppercase letters.

Open anadamasayuki opened this issue 8 months ago • 1 comments

Self Checks

  • [x] This is only for bug report, if you would like to ask a question, please head to Discussions.
  • [x] I have searched for existing issues search for existing issues, including closed ones.
  • [x] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
  • [x] [FOR CHINESE USERS] 请务必使用英文提交 Issue,否则会被关闭。谢谢!:)
  • [x] Please do not modify this template :) and fill in all the required fields.

Dify version

1.3.0

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

In a self-hosted environment under an HTTP(S) proxy, set the following proxy environment variables in docker-compose.yaml .

services:
  plugin_daemon:
    environment;
      http(s)_proxy: http://proxy-host:port

The http(s)_proxy environment variables specified in lowercase are valid in sandbox and api containers, but not in plugin_daemon.

plugin_daemon supports resolving python dependencies under http(s) proxy. https://github.com/langgenius/dify-plugin-daemon/blob/main/internal/core/plugin_manager/launcher.go#L132-L143

	localPluginRuntime := local_runtime.NewLocalPluginRuntime(local_runtime.LocalPluginRuntimeConfig{
		PythonInterpreterPath:     p.pythonInterpreterPath,

		HttpProxy:                 p.HttpProxy,
		HttpsProxy:                p.HttpsProxy,
		NoProxy:                   p.NoProxy,

	})

However, the plugin_daemon configuration only reads the proxy environment variable in uppercase. https://github.com/langgenius/dify-plugin-daemon/blob/main/internal/types/app/config.go#L131-L132

	HttpProxy  string `envconfig:"HTTP_PROXY"`
	HttpsProxy string `envconfig:"HTTPS_PROXY"`

If the uppercase HTTP(S)_PROXY setting is empty and the lowercase http(s)_proxy is defined, I would like it to take precedence.

✔️ Expected Behavior

It will be possible to install plugins on the marketplace from behind the http(s) proxy.

❌ Actual Behavior

plugin_daemon gives the following error.

runtime error: invalid memory address or nil pointer dereference

anadamasayuki avatar Apr 25 '25 05:04 anadamasayuki

Hello @anadamasayuki! I'm Dosu, here to assist you with bugs, answer your questions, and help you become a contributor. I'm ready to help while you wait for a human maintainer.

The issue you're experiencing with the Dify plugin_daemon only recognizing uppercase HTTP_PROXY and HTTPS_PROXY environment variables is a known behavior. The plugin_daemon is explicitly configured to use these uppercase variables, as indicated in the codebase. The lowercase http(s)_proxy variables are not recognized, which leads to runtime errors when the uppercase variables are not set [1].

To resolve this, you should set both the uppercase and lowercase proxy environment variables in your configuration. This can be done by including both versions in your docker-compose.yaml file under the plugin_daemon service environment section. This approach ensures compatibility with systems that require lowercase proxy settings while still adhering to the current configuration of the plugin_daemon [1].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other

dosubot[bot] avatar Apr 25 '25 05:04 dosubot[bot]

@crazywoola Do we need to modify the code of plugin_daemon? Or just modify docker-compose.yaml

kenwoodjw avatar Apr 29 '25 15:04 kenwoodjw

Hi all, I have a similar issue like this. I am trying to add Volcengine in my air-gapped-behind-VPN Dify 1.3.1, and I got constantly 400 error of

api-1            | 2025-06-10 07:09:46.876 INFO [Thread-2 (process_request_thread)] [_internal.py:97] - 172.19.0.10 - - [10/Jun/2025 07:09:46] "POST /console/api/workspaces/current/model-providers/langgenius/volcengine_maas/volcengine_maas/models HTTP/1.1" 400 -

After some tcpdump tries, I focused on the plugin_daemon, I had already mount my ca-certs and set proxy server in docker-compose.yaml like this for plugin_daemon:

   envs:
      HTTP_PROXY: http://server:port
      HTTPS_PROXY: http://server:port
      NO_PROXY: ssrf_proxy,api,weaviate,gdrant,db,redis,web,worker,sandbox,plugin_daemon,localhost,127.0.0.1,172.19.*.*

   ports:
      - "${EXPOSE_PLUGIN_DEBUGGING_PORT:-5003}:${PLUGIN_DEBUGGING_PORT:-5003}"
   volumes:
      - /etc/pki/tls/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
      - ./volumes/plugin_daemon:/app/storage

I can successfully curl the endpoint of volcengine and even access to API, however, when I add the model in the Volcengine plugin, it still got 400 error, when I dump the packets, it seems the ca-cert didn't load properly, the dump from Wireshark looks like this:

52	0.496160	src_ip	dst_proxy_ip	TLSv1.3	79	60716	proxy_port	Alert (Level: Fatal, Description: Unknown CA)

I am pretty sure that the proxy I set in the yaml worked, only the ca-certs didn't mount, any suggestion or idea?

skylinenzo avatar Jun 10 '25 07:06 skylinenzo

same problem

knu-code avatar Oct 28 '25 06:10 knu-code