目前部署没有报错,就卡在logto身份验证,遇到跨域问题(一级域名是一样的)。
官方原配置
curl -fsSL https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml > docker-compose.yml
curl -fsSL https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.zh-CN.example > .env
只改了:
- ‘ENDPOINT=https://logto-api.example.xyz’
- ‘ADMIN_ENDPOINT=https://logto-webui.example.xyz’
Nginx 相关配置
server {
listen 443 ssl;
server_name logto-api.example.xyz;
ssl_certificate /root/.acme.sh/example.xyz_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/example.xyz_ecc/example.xyz.key;
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://logto-webui.example.xyz';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
add_header 'Access-Control-Max-Age' 1728000; # 缓存预检请求结果的时间(20天)
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
add_header 'Access-Control-Allow-Origin' 'https://logto-webui.example.xyz';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
}
}
server {
listen 443 ssl;
server_name logto-webui.example.xyz;
ssl_certificate /root/.acme.sh/example.xyz_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/example.xyz_ecc/example.xyz.key;
location / {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}