Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dify startup failed #89

Open
shenhai-ran opened this issue Dec 13, 2024 · 4 comments
Open

Dify startup failed #89

shenhai-ran opened this issue Dec 13, 2024 · 4 comments

Comments

@shenhai-ran
Copy link

I am trying to setup Dify, and it was successful with pull

harbor pull dify

however when i try to start up with

harbor up dify

I got error as follows:

[+] Building 2.3s (9/11)                                                                                                                                    docker:default
 => [dify-openai internal] load build definition from Dockerfile                                                                                                      0.0s
 => => transferring dockerfile: 222B                                                                                                                                  0.0s
 => [dify-openai internal] load metadata for docker.io/pkgxdev/pkgx:latest                                                                                            1.0s
 => [dify-openai auth] pkgxdev/pkgx:pull token for registry-1.docker.io                                                                                               0.0s
 => [dify-openai internal] load .dockerignore                                                                                                                         0.0s
 => => transferring context: 2B                                                                                                                                       0.0s
 => [dify-openai 1/6] FROM docker.io/pkgxdev/pkgx:latest@sha256:ee3e4c59bd8b575765d5ab4234872bbe17434921ac47d4a0cc549218288aafba                                      0.1s
 => => resolve docker.io/pkgxdev/pkgx:latest@sha256:ee3e4c59bd8b575765d5ab4234872bbe17434921ac47d4a0cc549218288aafba                                                  0.0s
 => [dify-openai internal] load build context                                                                                                                         0.0s
 => => transferring context: 90B                                                                                                                                      0.0s
 => CACHED [dify-openai 2/6] WORKDIR /dify2openai                                                                                                                     0.0s
 => CACHED [dify-openai 3/6] RUN pkgx install node@20 npm                                                                                                             0.0s
 => ERROR [dify-openai 4/6] RUN node --version && npm --version                                                                                                       1.1s
------
 > [dify-openai 4/6] RUN node --version && npm --version:
0.555 × unexpected error error sending request for url (https://dist.pkgx.dev/gnu.org/mpc/linux/x86-64/versions.txt): client error (Connect): invalid peer certificate: UnknownIssuer
0.555 │ TypeError: error sending request for url (https://dist.pkgx.dev/gnu.org/mpc/linux/x86-64/versions.txt): client error (Connect): invalid peer certificate: UnknownIssuer
0.555 │     at async mainFetch (ext:deno_fetch/26_fetch.js:170:12)
0.555 │     at async fetch (ext:deno_fetch/26_fetch.js:392:7)
0.555 │     at async Object.get (https://deno.land/x/[email protected]/src/hooks/useInventory.ts:18:15)
0.555 │     at async Object.select (https://deno.land/x/[email protected]/src/hooks/useInventory.ts:8:20)
0.555 │     at async Promise.all (index 3)
0.555 │     at async resolve (https://deno.land/x/[email protected]/src/plumbing/resolve.ts:55:3)
0.555 │     at async default (file:///tmp/deno-compile-pkgx/pkgx/src/prefab/install.ts:11:51)
0.555 │     at async default (file:///tmp/deno-compile-pkgx/pkgx/src/modes/x.ts:31:18)
0.555 │     at async default (file:///tmp/deno-compile-pkgx/pkgx/src/app.ts:60:11)
0.555 │     at async file:///tmp/deno-compile-pkgx/pkgx/entrypoint.ts:59:3
0.556 ╰─➤ https://github.com/pkgxdev/pkgx/issues/new
------
failed to solve: process "/bin/bash -c node --version && npm --version" did not complete successfully: exit code: 1

I am using corporate network, so I do have a self signed certificate and it is installed to trust store on WSL2 Arch Linux

Thanks for your help!
@shenhai-ran
Copy link
Author

I removed the dify-openai service in the compose yaml file, at least dify can startup

@ZacharyKehlGEAppliances
Copy link
Contributor

Do you still get this issue if you update the dify version via harbor config set dify.version 0.14.1.

If that doesn't fix it you could try:

  1. Add the certificate path to the dify/override.env file that Harbor uses:
NODE_EXTRA_CA_CERTS=/path/to/your/corporate/certificate.pem
  1. Create a service-specific compose file for your build that includes the certificate configuration:
# compose.dify.yml

services:
  dify-openai:
    environment:
      - NODE_EXTRA_CA_CERTS=/path/to/your/corporate/certificate.pem
    volumes:
      - /path/to/your/corporate/certificate.pem:/path/to/your/corporate/certificate.pem:ro
  1. Since I think Harbor supports config interpolation, you could also use variable substitution in your compose file:
HARBOR_CERT_PATH=/path/to/your/corporate/certificate.pem

Then open $(harbor home)/.env:

harbor config set HARBOR_CERT_PATH=/path/to/your/corporate/certificate.pem

Check these documents for further information:
https://github.com/av/harbor/wiki/1.-Harbor-User-Guide#environment-variables
https://github.com/av/harbor/wiki/6.-Harbor-Compose-Setup
https://github.com/av/harbor/wiki/2.3.3-Satellite:-Dify#configuration

If this works, let me know and I can start a PR to add this option in the .yml for future updates.

@shenhai-ran
Copy link
Author

Hello,

Thanks for your help. Unfortunately, it doesn't work for me. I still have the same issue. After looking into deeper, I think the errors start from the Dockerfile at build process, maybe modification at compose.dify.yml is not sufficient?

So I tried with <harbor>/dify/openai/Dockerfile as follow:

FROM pkgxdev/pkgx

WORKDIR /dify2openai

RUN apt-get update && apt-get install -y ca-certificates curl
COPY ./ca-certificates/ /usr/local/share/ca-certificates/
RUN update-ca-certificates

ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt

# Install + warmup
RUN pkgx install node@20 npm
RUN node --version

After build the image and run in container, it turn out that with update certificates, I can actually use curl to access https://dist.pkgx.dev/gnu.org/mpc/linux/x86-64/versions.txt. But I still got the error as before.

I don't know what I can try right now, any ideas? @ZacharyKehlGEAppliances

Thanks.

@av
Copy link
Owner

av commented Dec 29, 2024

I suspect it might be due to your corporate firewall being very picky about SSL connections it allows and enforcing traffic inspection on all of the allowed ones. pkgx is a fairly exotic thing, so it's understandable if there are no rules in your network to allow for it. Luckily, dify-openai didn't really needed it, so I switched to plain node:20 image that uses NPM. The latter is fairly common and I hope that it'll work for your network as is.

Please try updating for v0.2.21, and rebuild the dify-openai:

harbor update
harbor build dify

See if this build command fails, if not - the issue should be resolved. Otherwise it might really be the case where you need to embed the certs into a Dockerfile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shenhai-ran @av @ZacharyKehlGEAppliances