Skip to main content

Network & Connectivity

502 Bad Gateway

Nginx is forwarding to wrong container IPs. Get current container IPs:
Find these lines:
Update dify/docker/nginx/conf.d:
  • Replace http://api:5001 with http://172.19.0.7:5001
  • Replace http://web:3000 with http://172.19.0.5:3000
Restart nginx or reload configuration. Note: IPs change on container restart.

Cannot access localhost services

Docker containers can’t reach host services via 127.0.0.1. Use your machine’s local network IP instead. Example: For OpenLLM running on host, configure Dify with http://192.168.1.100:port (your actual local IP).

Page loads forever with CORS errors

Domain/URL changes cause cross-origin issues. Update in docker-compose.yml:
  • CONSOLE_API_URL - Backend URL for console API
  • CONSOLE_WEB_URL - Frontend URL for console web
  • SERVICE_API_URL - Service API URL
  • APP_API_URL - WebApp API backend URL
  • APP_WEB_URL - WebApp URL

Mounting & Volumes

Nginx configuration mount failure

Error:
Clone the complete project and run from docker directory:

Port conflicts

Port 80 already in use? Either:
  1. Stop the conflicting service (usually Apache/Nginx):
  2. Or change port mapping in docker-compose.yaml:

Container Management

View background shell outputs

List running shells:
Check shell output:

Container restart issues

After system reboot, containers may fail to connect. Ensure proper startup order:
Wait for all services to be healthy before accessing.

SSRF Proxy

The ssrf_proxy container prevents Server-Side Request Forgery attacks.

Customize proxy rules

Edit docker/volumes/ssrf_proxy/squid.conf to add ACL rules:
Restart the proxy container after changes.

Why is SSRF_PROXY needed?

Prevents services from making unauthorized requests to internal network resources. The proxy intercepts and filters all outbound requests from sandboxed services.
Last modified on June 10, 2026