From 4d38798dd561a269220f24e140878dc9a62a7a59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9D=9E=E6=B3=95=E6=93=8D=E4=BD=9C?= <hjlarry@163.com>
Date: Wed, 30 Oct 2024 15:45:51 +0800
Subject: [PATCH] chore: mount config file of sandbox (#8576)

---
 docker/docker-compose.middleware.yaml         |  1 +
 docker/volumes/sandbox/conf/config.yaml       | 14 ++++++++
 .../volumes/sandbox/conf/config.yaml.example  | 35 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 docker/volumes/sandbox/conf/config.yaml
 create mode 100644 docker/volumes/sandbox/conf/config.yaml.example

diff --git a/docker/docker-compose.middleware.yaml b/docker/docker-compose.middleware.yaml
index 31624285b1..2eea273e72 100644
--- a/docker/docker-compose.middleware.yaml
+++ b/docker/docker-compose.middleware.yaml
@@ -56,6 +56,7 @@ services:
       SANDBOX_PORT: ${SANDBOX_PORT:-8194}
     volumes:
       - ./volumes/sandbox/dependencies:/dependencies
+      - ./volumes/sandbox/conf:/conf
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:8194/health" ]
     networks:
diff --git a/docker/volumes/sandbox/conf/config.yaml b/docker/volumes/sandbox/conf/config.yaml
new file mode 100644
index 0000000000..8c1a1deb54
--- /dev/null
+++ b/docker/volumes/sandbox/conf/config.yaml
@@ -0,0 +1,14 @@
+app:
+  port: 8194
+  debug: True
+  key: dify-sandbox
+max_workers: 4
+max_requests: 50
+worker_timeout: 5
+python_path: /usr/local/bin/python3
+enable_network: True # please make sure there is no network risk in your environment
+allowed_syscalls: # please leave it empty if you have no idea how seccomp works
+proxy:
+  socks5: ''
+  http: ''
+  https: ''
diff --git a/docker/volumes/sandbox/conf/config.yaml.example b/docker/volumes/sandbox/conf/config.yaml.example
new file mode 100644
index 0000000000..f92c19e51a
--- /dev/null
+++ b/docker/volumes/sandbox/conf/config.yaml.example
@@ -0,0 +1,35 @@
+app:
+  port: 8194
+  debug: True
+  key: dify-sandbox
+max_workers: 4
+max_requests: 50
+worker_timeout: 5
+python_path: /usr/local/bin/python3
+python_lib_path:
+  - /usr/local/lib/python3.10
+  - /usr/lib/python3.10
+  - /usr/lib/python3
+  - /usr/lib/x86_64-linux-gnu
+  - /etc/ssl/certs/ca-certificates.crt
+  - /etc/nsswitch.conf
+  - /etc/hosts
+  - /etc/resolv.conf
+  - /run/systemd/resolve/stub-resolv.conf
+  - /run/resolvconf/resolv.conf
+  - /etc/localtime
+  - /usr/share/zoneinfo
+  - /etc/timezone
+  # add more paths if needed
+python_pip_mirror_url: https://pypi.tuna.tsinghua.edu.cn/simple
+nodejs_path: /usr/local/bin/node
+enable_network: True
+allowed_syscalls:
+  - 1
+  - 2
+  - 3
+  # add all the syscalls which you require
+proxy:
+  socks5: ''
+  http: ''
+  https: ''