From f1796ca044cc6e69007fd5f3ab72c640f7a3dd9c Mon Sep 17 00:00:00 2001 From: lintsinghua Date: Wed, 17 Dec 2025 15:33:53 +0800 Subject: [PATCH] =?UTF-8?q?fix(docker):=20=E7=A6=81=E7=94=A8=E4=BB=A3?= =?UTF-8?q?=E7=90=86=E7=8E=AF=E5=A2=83=E5=8F=98=E9=87=8F=E9=98=B2=E6=AD=A2?= =?UTF-8?q?=E7=BD=91=E7=BB=9C=E5=B9=B2=E6=89=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 在 Docker 容器配置中禁用 HTTP/HTTPS 代理环境变量,防止代理设置干扰容器网络连接 同时优化 sandbox 工具的环境变量处理逻辑 --- .../app/services/agent/tools/sandbox_tool.py | 42 ++++++++++++++----- docker-compose.prod.cn.yml | 7 ++++ docker-compose.prod.yml | 7 ++++ docker-compose.yml | 7 ++++ 4 files changed, 52 insertions(+), 11 deletions(-) diff --git a/backend/app/services/agent/tools/sandbox_tool.py b/backend/app/services/agent/tools/sandbox_tool.py index 78fbee5..49977f3 100644 --- a/backend/app/services/agent/tools/sandbox_tool.py +++ b/backend/app/services/agent/tools/sandbox_tool.py @@ -108,7 +108,19 @@ class SandboxManager: } timeout = timeout or self.config.timeout - + + # 禁用代理环境变量,防止 Docker 自动注入的代理干扰容器网络 + no_proxy_env = { + "HTTP_PROXY": "", + "HTTPS_PROXY": "", + "http_proxy": "", + "https_proxy": "", + "NO_PROXY": "*", + "no_proxy": "*", + } + # 合并用户传入的环境变量(用户变量优先) + container_env = {**no_proxy_env, **(env or {})} + try: # 创建临时目录 with tempfile.TemporaryDirectory() as temp_dir: @@ -131,7 +143,7 @@ class SandboxManager: "/tmp": "rw,size=100m,mode=1777" }, "working_dir": working_dir or "/workspace", - "environment": env or {}, + "environment": container_env, # 安全配置 "cap_drop": ["ALL"], "security_opt": ["no-new-privileges:true"], @@ -222,14 +234,22 @@ class SandboxManager: timeout = timeout or self.config.timeout - try: - # 🔥 清除代理环境变量的方式:在命令前添加 unset - # 因为设置空字符串会导致工具尝试解析空 URI 而出错 - unset_proxy_prefix = "unset HTTP_PROXY HTTPS_PROXY http_proxy https_proxy; " - wrapped_command = unset_proxy_prefix + command + # 禁用代理环境变量,防止 Docker 自动注入的代理干扰容器网络 + no_proxy_env = { + "HTTP_PROXY": "", + "HTTPS_PROXY": "", + "http_proxy": "", + "https_proxy": "", + "NO_PROXY": "*", + "no_proxy": "*", + } + # 合并用户传入的环境变量(用户变量优先) + container_env = {**no_proxy_env, **(env or {})} - # 用户传入的环境变量 - container_env = env or {} + try: + # 清除代理环境变量:在命令前添加 unset(双重保险) + unset_proxy_prefix = "unset HTTP_PROXY HTTPS_PROXY http_proxy https_proxy ALL_PROXY all_proxy 2>/dev/null; " + wrapped_command = unset_proxy_prefix + command # 准备容器配置 container_config = { @@ -247,10 +267,10 @@ class SandboxManager: }, "tmpfs": { "/home/sandbox": "rw,size=100m,mode=1777", - "/tmp": "rw,size=100m,mode=1777" # 🔥 添加 /tmp 目录供工具写入临时文件 + "/tmp": "rw,size=100m,mode=1777" # 添加 /tmp 目录供工具写入临时文件 }, "working_dir": "/workspace", - "environment": container_env, # 🔥 用户传入的环境变量 + "environment": container_env, "cap_drop": ["ALL"], "security_opt": ["no-new-privileges:true"], } diff --git a/docker-compose.prod.cn.yml b/docker-compose.prod.cn.yml index d7847ca..5f32aed 100644 --- a/docker-compose.prod.cn.yml +++ b/docker-compose.prod.cn.yml @@ -90,6 +90,13 @@ services: restart: unless-stopped ports: - "3000:80" + environment: + # 禁用代理 - nginx 需要直连后端 + - HTTP_PROXY= + - HTTPS_PROXY= + - http_proxy= + - https_proxy= + - NO_PROXY=* depends_on: - backend networks: diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 2d7baa9..1151d91 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -86,6 +86,13 @@ services: restart: unless-stopped ports: - "3000:80" + environment: + # 禁用代理 - nginx 需要直连后端 + - HTTP_PROXY= + - HTTPS_PROXY= + - http_proxy= + - https_proxy= + - NO_PROXY=* depends_on: - backend networks: diff --git a/docker-compose.yml b/docker-compose.yml index 6078ac0..3e9791d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -85,6 +85,13 @@ services: - ./frontend/nginx.conf:/etc/nginx/conf.d/default.conf:ro # 挂载 nginx 配置 ports: - "3000:80" # Nginx 监听 80 端口 + environment: + # 禁用代理 - nginx 需要直连后端 + - HTTP_PROXY= + - HTTPS_PROXY= + - http_proxy= + - https_proxy= + - NO_PROXY=* depends_on: - backend networks: