feat: add FILES_API_URL for storage file ticket API endpoints

api/.env.example

@@ -733,6 +733,14 @@ SANDBOX_DIFY_CLI_ROOT=
 # For external sandbox (e.g., e2b): use a publicly accessible URL
 CLI_API_URL=http://localhost:5001
 
+# Base URL for storage file ticket API endpoints (upload/download).
+# Used by sandbox containers (internal or external like e2b) that need an absolute,
+# routable address to reach the Dify API file endpoints.
+# Falls back to FILES_URL if not specified.
+# For local development: http://localhost:5001
+# For Docker deployment: http://api:5001
+FILES_API_URL=http://localhost:5001
+
 # Optional defaults for SSH sandbox provider setup (for manual config/CLI usage).
 # Middleware/local dev usually uses 127.0.0.1:2222; full docker deployment usually uses agentbox:22.
 SSH_SANDBOX_HOST=127.0.0.1

api/configs/feature/__init__.py

@@ -347,6 +347,15 @@ class FileAccessConfig(BaseSettings):
         default="",
     )
 
+    FILES_API_URL: str = Field(
+        description="Base URL for storage file ticket API endpoints."
+        " Used by sandbox containers (internal or external like e2b) that need"
+        " an absolute, routable address to upload/download files via the API."
+        " Falls back to FILES_URL if not specified."
+        " For Docker deployments, set to http://api:5001.",
+        default="",
+    )
+
     FILES_ACCESS_TIMEOUT: int = Field(
         description="Expiration time in seconds for file access URLs",
         default=300,

api/extensions/storage/file_presign_storage.py

@@ -13,7 +13,7 @@ Usage:
     upload_url = presign_storage.get_upload_url("path/to/file.txt", expires_in=3600)
 
 When the underlying storage doesn't support presigned URLs, the fallback URLs follow the format:
-    {FILES_URL}/files/storage-tickets/{token}
+    {FILES_API_URL}/files/storage-files/{token}  (falls back to FILES_URL)
 
 The token is a UUID that maps to the real storage key in Redis.
 """

api/services/storage_ticket_service.py

@@ -14,7 +14,7 @@ Usage:
     url = StorageTicketService.create_upload_url("path/to/file.txt", expires_in=300, max_bytes=10*1024*1024)
 
 URL format:
-    {FILES_URL}/files/storage-files/{token}
+    {FILES_API_URL}/files/storage-files/{token}  (falls back to FILES_URL)
 
 The token is validated by looking up the Redis key, which contains:
     - op: "download" or "upload"
@@ -138,5 +138,5 @@ class StorageTicketService:
     @classmethod
     def _build_url(cls, token: str) -> str:
         """Build the full URL for a token."""
-        base_url = dify_config.FILES_URL
+        base_url = dify_config.FILES_API_URL
         return f"{base_url}/files/storage-files/{token}"

docker/.env.example

@@ -1009,6 +1009,12 @@ SANDBOX_DIFY_CLI_ROOT=
 # For external sandbox (e.g., e2b): use a publicly accessible URL
 CLI_API_URL=http://api:5001
 
+# Base URL for storage file ticket API endpoints (upload/download).
+# Used by sandbox containers (internal or external like e2b) that need an absolute,
+# routable address to reach the Dify API file endpoints.
+# Falls back to FILES_URL if not specified.
+FILES_API_URL=http://api:5001
+
 # The sandbox service endpoint.
 CODE_EXECUTION_ENDPOINT=http://sandbox:8194
 CODE_EXECUTION_API_KEY=dify-sandbox

docker/docker-compose.yaml

@@ -437,6 +437,7 @@ x-shared-env: &shared-api-worker-env
   OWNER_TRANSFER_TOKEN_EXPIRY_MINUTES: ${OWNER_TRANSFER_TOKEN_EXPIRY_MINUTES:-5}
   SANDBOX_DIFY_CLI_ROOT: ${SANDBOX_DIFY_CLI_ROOT:-}
   CLI_API_URL: ${CLI_API_URL:-http://api:5001}
+  FILES_API_URL: ${FILES_API_URL:-http://api:5001}
   CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
   CODE_EXECUTION_API_KEY: ${CODE_EXECUTION_API_KEY:-dify-sandbox}
   CODE_EXECUTION_SSL_VERIFY: ${CODE_EXECUTION_SSL_VERIFY:-True}