Network & Connectivity
502 Bad Gateway
Nginx is forwarding to wrong container IPs. Get current container IPs:
Find these lines:
Update dify/docker/nginx/conf.d:
- Replace
http://api:5001 with http://172.19.0.7:5001
- Replace
http://web:3000 with http://172.19.0.5:3000
Restart nginx or reload configuration. Note: IPs change on container restart.
Cannot access localhost services
Docker containers can’t reach host services via 127.0.0.1. Use your machine’s local network IP instead.
Example: For OpenLLM running on host, configure Dify with http://192.168.1.100:port (your actual local IP).
Page loads forever with CORS errors
Domain/URL changes cause cross-origin issues. Update in docker-compose.yml:
CONSOLE_API_URL - Backend URL for console API
CONSOLE_WEB_URL - Frontend URL for console web
SERVICE_API_URL - Service API URL
APP_API_URL - WebApp API backend URL
APP_WEB_URL - WebApp URL
Mounting & Volumes
Nginx configuration mount failure
Error:
Clone the complete project and run from docker directory:
Port conflicts
Port 80 already in use? Either:
-
Stop the conflicting service (usually Apache/Nginx):
-
Or change port mapping in
docker-compose.yaml:
Container Management
View background shell outputs
List running shells:
Check shell output:
Container restart issues
After system reboot, containers may fail to connect. Ensure proper startup order:
Wait for all services to be healthy before accessing.
SSRF Proxy
The ssrf_proxy container prevents Server-Side Request Forgery attacks.
Customize proxy rules
Edit docker/volumes/ssrf_proxy/squid.conf to add ACL rules:
Restart the proxy container after changes.
Why is SSRF_PROXY needed?
Prevents services from making unauthorized requests to internal network resources. The proxy intercepts and filters all outbound requests from sandboxed services.Last modified on June 10, 2026