使用docker-compose部署端口模式来做 basePath 代理，nginx 反向代理后无法登录

[ZYWNB666]

📦 部署环境

Docker

📦 部署模式

服务端模式(lobe-chat-database 镜像), 客户端模式(lobe-chat 镜像)

📌 软件版本

latest

💻 系统环境

Ubuntu

🌐 浏览器

Chrome

🐛 问题描述

# 其他环境变量，视需求而定，可以参照客户端版本的环境变量配置，注意不要有 ACCESS_CODE
OPENAI_API_KEY=sk-Amvu*********0a0PiF17l4mxEzQ
OPENAI_PROXY_URL=https://api.openai.cn/v1
# OPENAI_MODEL_LIST=...


# ===================
# ===== 预设配置 =====
# ===================
# 如没有特殊需要不用更改
LOBE_PORT=3210
CASDOOR_PORT=8000
MINIO_PORT=9000
APP_URL=https://chat.domain.top
AUTH_URL=https://chat.domain.top/api/auth

# Postgres 相关，也即 DB 必须的环境变量
LOBE_DB_NAME=lobechat
POSTGRES_PASSWORD=uWNZugjBqixf8dxC

AUTH_CASDOOR_ISSUER=https://chat.domain.top
# Casdoor secret
AUTH_CASDOOR_ID=a387vf1a2249
AUTH_CASDOOR_SECRET=1ebf85a41ec12341953ce43f083a

# MinIO S3 配置
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=21d78eea

# 在下方配置 minio 中添加的桶
S3_PUBLIC_DOMAIN=http://127.0.0.1:9000
S3_ENDPOINT=http://127.0.0.1:9000
MINIO_LOBE_BUCKET=lobe

# 为 casdoor 配置
origin=https://chat.domain.top

📷 复现步骤

nginx反向代理这么写的

upstream lobechat{
    least_conn;
    server 127.0.0.1:3210 max_fails=2 fail_timeout=5s;
}

server {
    listen       443 ssl;
    listen       80;
    server_name  chat.domain.top;

    client_max_body_size 200M;

    ssl_certificate /etc/nginx/ssl/ALL-domain.top.pem;
    ssl_certificate_key /etc/nginx/ssl/ALL-domain.top.key;
    ssl_session_timeout 1m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000" always;

    charset utf-8;

    if ($server_port = 80) {
        return 301 https://$host$request_uri;
    }

location /.well-known/openid-configuration {
  proxy_pass http://127.0.0.1:8000;  # 转发到 localhost:8000
  proxy_set_header Host $host;  # 保留原始主机头
  proxy_set_header X-Real-IP $remote_addr;  # 保留客户端真实IP
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # 保留转发的IP
  proxy_set_header X-Forwarded-Proto $scheme;  # 保留请求协议
}

    location /login {
    proxy_pass http://127.0.0.1:8000;
    }

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_connect_timeout 180s;
        proxy_send_timeout 180s;
        proxy_read_timeout 180s;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_next_upstream_tries 3;

        chunked_transfer_encoding on;
        proxy_buffering off;

        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 5;
        gzip_buffers 16 16k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss;

        proxy_pass http://lobechat;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

🚦 期望结果

目前是到登录界面就白屏

📝 补充信息

No response

[lobehubbot]

👀 @ZYWNB666

Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事，并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

[dosubot[bot]]

Hey, @ZYWNB666! I'm here to help you with your Docker deployment issue. Let's get to the bottom of this together!

I found a similar closed issue where the problem was related to the Nginx configuration. The solution was to comment out the line proxy_buffering off; in the Nginx configuration, which allowed the initialization to proceed normally ^[1].

You might want to try this solution to see if it resolves the blank screen issue during the login process.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}

[cy948]

casdoor的origin应该是casdoor反代后的域名。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

The origin of casdoor should be the domain name after the anti-generation of the casdoor.

[CliffHan]

跟反向代理看起来没关系，没用nginx，直接ip访问也没法登录

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

It doesn't seem to have anything to do with reverse proxy, it doesn't use nginx, and you can't log in if you access it directly with IP.

[cy948]

环境变量的里的 origin 值会决定 casdoor 的 origin 验证及提供的 OIDC configuration 里的 origin ，需要设为 casdoor 服务的公网域名。

[cy948]

看了下你的配置，大概是想要在同一个域名下部署三个服务，这个模式是不支持的。 支持的部署模式列表： https://lobehub.com/zh/docs/self-hosting/server-database/docker-compose#%E5%BF%AB%E9%80%9F%E5%90%AF%E5%8A%A8

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

After looking at your configuration, I probably want to deploy three services under the same domain name, and this model is not supported. List of supported deployment modes: https://lobehub.com/zh/docs/self-hosting/server-database/docker-compose#%E5%BF%AB%E9%80%9F%E5%90%AF%E5%8A%A8