[Bug] 数据库版本无法认证，跳转 api/auth/error

[JoeChen2me]

📦 Environment

Docker

📌 Version

v1.45.8

💻 Operating System

Ubuntu

🌐 Browser

Edge

🐛 Bug Description

使用域名方式部署运行 数据库版本时，经过以下尝试，使用

1. casdoor
2. logto
3. github
   以上三种方式都会出现错误，点击登录/注册时，直接跳转到https://lobe.Mydomain.com/api/auth/error
   
   在配置过程中，均遵循官方教程文档进行配置 教程文档。下图以casdoor的配置为例子：
   
   
   
   均已按照教程进行了配置。
   但这三种方式都会出现上述登录/注册失败的情况。
   Nginx的 反代已经设置完毕，认证端和S3端和主页面都可以进行通过域名访问
   详细的配置文件在下方放出。
   请问这是什么原因呢？

• .env文件

CASDOOR_PORT=8000
# 必填，LobeChat 域名，用于 tRPC 调用
# 请保证此域名在你的 NextAuth 鉴权服务提供商、S3 服务商的 CORS 白名单中
APP_URL=https://lobe.mydomain.com/

# Postgres 相关，也即 DB 必需的环境变量
# 必填，用于加密敏感信息的密钥，可以使用 openssl rand -base64 32 生成
KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=
# 必填，Postgres 数据库连接字符串，用于连接到数据库
# 格式：postgresql://username:password@host:port/dbname，如果你的 pg 实例为 Docker 容器且位于同一 docker-compose 文件中，亦可使用容器名作为 host
DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe

# NEXT_AUTH 相关，也即鉴权服务必需的环境变量
# 可以使用 auth0、Azure AD、GitHub、Authentik、Zitadel、Logto 等，如有其他接入诉求欢迎提 PR
# 目前支持的鉴权服务提供商请参考：https://lobehub.com/zh/docs/self-hosting/advanced/auth#next-auth
# 如果你有 ACCESS_CODE，请务必清空，我们以 NEXT_AUTH 作为唯一鉴权来源
# 必填，用于 NextAuth 的密钥，可以使用 openssl rand -base64 32 生成
# NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
# # 必填，指定鉴权服务提供商，这里以 Logto 为例
# # NEXT_AUTH_SSO_PROVIDERS=logto # 不使用logto 
# NEXT_AUTH_SSO_PROVIDERS=github
# # 必填，NextAuth 的 URL，用于 NextAuth 的回调
# NEXTAUTH_URL=https://lobe.mydomain.com/api/auth

# # NextAuth 鉴权服务提供商部分，以 Logto 为例
# # 其他鉴权服务提供商所需的环境变量，请参考：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth
# # 注释下面三行以取消Logto鉴权
# # AUTH_LOGTO_ID=f6ef6cyuyf9pfv44
# # AUTH_LOGTO_SECRET=bYBTljG8SinvOWqlPC
# # AUTH_LOGTO_ISSUER=https://lobe-auth-api.mydomain.com/oidc

# AUTH_GITHUB_ID = modified
# AUTH_GITHUB_SECRET = modified

# 代理相关，如果你需要的话（比如你使用 GitHub 作为鉴权服务提供商）
# HTTP_PROXY=http://localhost:7890
# HTTPS_PROXY=http://localhost:7890


# casdoor config
NEXT_AUTH_SECRET = NX2kaPE923dt6BL2U8e9oSre5RfoT7hg
NEXT_AUTH_SSO_PROVIDERS = casdoor
AUTH_CASDOOR_ID = cb5673418e9cbbc3ef90
AUTH_CASDOOR_SECRET = 06d6a0d11a5175501b300eb3f49691a8a163075b
AUTH_CASDOOR_ISSUER = https://lobe-casdoor.mydomain.com/
NEXTAUTH_URL = https://lobe.mydomain.com/api/auth


# S3 相关，也即非结构化数据（文件、图片等）存储必需的环境变量
# 这里以 MinIO 为例
# 必填，S3 的 Access Key ID，对于 MinIO 来说，直到在 MinIO UI 中手动创建之前都是无效的
S3_ACCESS_KEY_ID=gcuKWmkHFFeYnWVvnxgU
# 必填，S3 的 Secret Access Key，对于 MinIO 来说，直到在 MinIO UI 中手动创建之前都是无效的
S3_SECRET_ACCESS_KEY=7TMA2T9dvV8aIi9UEr8n7pGTluZEPDvUy5HG17t7
# 必填，S3 的 Endpoint，用于服务端/客户端连接到 S3 API
S3_ENDPOINT=https://lobe-s3-api.mydomain.com
# 必填，S3 的 Bucket，直到在 MinIO UI 中手动创建之前都是无效的
S3_BUCKET=lobe
# 必填，S3 的 Public Domain，用于客户端通过公开连接访问非结构化数据
S3_PUBLIC_DOMAIN=https://lobe-s3-api.mydomain.com
# 选填，S3 的 Enable Path Style
# 对于主流 S3 Cloud 服务商，一般填 0 即可；对于自部署的 MinIO，请填 1
# 请参考：https://lobehub.com/zh/docs/self-hosting/advanced/s3#s-3-enable-path-style
S3_ENABLE_PATH_STYLE=1


# casdoor config



# 其他基础环境变量，视需求而定。注意不要有 ACCESS_CODE
# 请参考：https://lobehub.com/zh/docs/self-hosting/environment-variables/basic
# 请注意，对于服务端版本，其 API 必须支持嵌入（即 OpenAI text-embedding-3-small）模型，否则无法对上传文件进行处理，但你无需在 OPENAI_MODEL_LIST 中指定此模型
# OPENAI_API_KEY=sk-xxxx
# OPENAI_PROXY_URL=https://api.openai.com/v1
# OPENAI_MODEL_LIST=...

# SET ollama
ENABLED_OLLAMA = 0

# set openai 
ENABLED_OPENAI = 0
OPENAI_MODEL_LIST=-all,+gpt-4o-mini


# set google proxy
ENABLED_GOOGLE = 1
GOOGLE_PROXY_URL = https://api-proxy.me/gemini


# set Deepseek
ENABLED_DEEPSEEK = 1

# set groq
ENABLED_GROQ = 1
GROQ_PROXY_URL =https://api-proxy.me/groq

• .docker compose .yml文件

name: lobe-chat-database
services:
  postgresql:
    image: pgvector/pgvector:pg16
    container_name: lobe-postgres
    ports:
      - '5432:5432'
    volumes:
      - './data:/var/lib/postgresql/data'
    environment:
      - 'POSTGRES_DB=lobe'
      - 'POSTGRES_PASSWORD=uWNZugjBqixf8dxC'
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U postgres']
      interval: 5s
      timeout: 5s
      retries: 5
    restart: always

  minio:
    image: minio/minio
    container_name: lobe-minio
    ports:
      - '9000:9000'
      - '9001:9001'
    volumes:
      - './s3_data:/etc/minio/data'
    environment:
      - 'MINIO_ROOT_USER=JoeChen'
      - 'MINIO_ROOT_PASSWORD=Crj1570768'
      - 'MINIO_DOMAIN=lobe-s3-api.mydomain.com'
      - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.mydomain.com' # Your LobeChat's domain name.
    restart: always
    command: >
      server /etc/minio/data --address ":9000" --console-address ":9001"

  casdoor:
    image: casbin/casdoor
    container_name: lobe-casdoor
    entrypoint: /bin/sh -c './server --createDatabase=true'
    depends_on:
      postgresql:
        condition: service_healthy
    ports:
      - '8000:8000'
    environment:
      RUNNING_IN_DOCKER: 'true'
      driverName: 'postgres'
      dataSourceName: 'user=postgres password=uWNZugjBqixf8dxC host=postgresql port=5432 sslmode=disable dbname=casdoor'
      # origin: 'http://localhost:${CASDOOR_PORT}'
      origin: 'https://lobe-casdoor.mydomain.com'
      runmode: 'dev'
    volumes:
      - ./init_data.json:/init_data.json

  # logto:
  #   image: svhd/logto
  #   container_name: lobe-logto
  #   ports:
  #     - '3001:3001'
  #     - '3002:3002'
  #   depends_on:
  #     postgresql:
  #       condition: service_healthy
  #   environment:
  #     - 'TRUST_PROXY_HEADER=1'
  #     - 'DB_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/logto'
  #     - 'ENDPOINT=https://lobe-auth-api.mydomain.com'
  #     - 'ADMIN_ENDPOINT=https://lobe-auth-ui.mydomain.com'
  #   entrypoint: ['sh', '-c', 'npm run cli db seed -- --swe && npm start']

  lobe:
    image: lobehub/lobe-chat-database:latest
    container_name: lobe-chat
    ports:
      - '3210:3210'
    depends_on:
      # - postgresql
      # - minio
      # # - logto
      postgresql:
        condition: service_healthy
      minio:
        condition: service_started
      casdoor:
        condition: service_started
    env_file:
      - .env
    restart: always

volumes:
  data:
    driver: local
  s3_data:
    driver: local

📷 Recurrence Steps

配置Next-AUTH的相关环境变量
进入页面，点击 登录/注册
会跳转到 /api/auth/error
以上情况对三种验证服务均有效

1. casdoor
2. logto
3. github

🚦 Expected Behavior

点击登录/注册，会跳转到对应的认证接口

📝 Additional Information

No response

[lobehubbot]

👀 @JoeChen2me

Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事，并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

[dosubot]

I found some similar discussions that might be relevant to your issue:

1. docker部署服务器版的问题 - This discussion is open and might provide insights into deployment issues with Docker.
2. [Bug] 在使用docker在服务器上进阶部署服务时，点击database，跳出弹窗，请进行登录。 - This is another open discussion related to Docker deployment and authentication issues.
3. [Bug] unauthorized_client: Callback URL mismatch. http://0.0.0.0:3210/api/auth/callback/auth0 is not in the list of allowed callback URLs - This open discussion addresses callback URL mismatches, which might be similar to your issue with authentication errors.

For your specific problem, ensure that the NEXTAUTH_URL and the callback URLs are correctly configured in your authentication provider settings (Casdoor, Logto, GitHub). The URLs should match exactly with what is set in your .env file and the provider's dashboard. Additionally, verify that the CORS settings include your domain to allow requests from your application.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other}

[JoeChen2me]

I found some similar discussions that might be relevant to your issue:我发现了一些可能与您的问题相关的类似讨论：

1. docker部署服务器版的问题 - This discussion is open and might provide insights into deployment issues with Docker.docker 配置服务器版本的问题- 此讨论是开放的，可能会提供有关 Docker 部署问题的见解。
2. [Bug] 在使用docker在服务器上进阶部署服务时，点击database，跳出弹窗，请进行登录。 - This is another open discussion related to Docker deployment and authentication issues.
3. [Bug] unauthorized_client: Callback URL mismatch. http://0.0.0.0:3210/api/auth/callback/auth0 is not in the list of allowed callback URLs - This open discussion addresses callback URL mismatches, which might be similar to your issue with authentication errors.[Bug]unauthorized_client：回调 URL 不匹配。 http://0.0.0.0:3210/api/auth/callback/auth0 不在允许的回调 URL 列表中- 此公开讨论解决回调 URL 不匹配问题，这可能类似于您的身份验证错误问题。

For your specific problem, ensure that the NEXTAUTH_URL and the callback URLs are correctly configured in your authentication provider settings (Casdoor, Logto, GitHub). The URLs should match exactly with what is set in your .env file and the provider's dashboard. Additionally, verify that the CORS settings include your domain to allow requests from your application.对于您的具体问题，请确保在身份验证提供程序设置（Casdoor、Logto、GitHub）中正确配置NEXTAUTH_URL和回调 URL。 URL 应与.env文件和提供商仪表板中设置的内容完全匹配。此外，请验证 CORS 设置是否包含您的域，以允许来自您的应用程序的请求。

To continue talking to Dosu, mention @dosu.继续跟Dosu说话，提一下。

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other帮助Dosu学习！给予反馈：反应很好|不相关的答案|错误来源|太冗长|幻觉|其他

@dosu 我要如何在域名发布模式下，配置casdoor的跨域访问呢？

[dosubot]

要在域名发布模式下配置 Casdoor 的跨域访问，您需要确保 CORS 设置允许来自您的 Lobe Chat 应用程序的请求。以下是配置步骤：

1. Casdoor 配置：

   • 确保在 Casdoor 的配置中，origin 设置为您的 Casdoor 域名，例如：https://lobe-casdoor.mydomain.com。
   • 确保 Casdoor 的 CORS 设置允许来自您的 Lobe Chat 域名的请求。

2. Lobe Chat 配置：

   • 在 .env 文件中，确保 APP_URL 设置为您的 Lobe Chat 域名，例如：https://lobe.mydomain.com/。
   • 确保 NEXTAUTH_URL 和 Casdoor 的回调 URL 正确配置为：https://lobe.mydomain.com/api/auth/callback/casdoor。

3. CORS 规则：

   • 在存储桶的设置中添加 CORS 规则，允许来自特定域的请求。示例配置如下：

     [
       {
         "AllowedOrigins": ["https://lobe.mydomain.com"],
         "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"],
         "AllowedHeaders": ["*"]
       }
     ]

确保所有相关的域名和 URL 在 Casdoor 和 Lobe Chat 的配置中一致，并且 CORS 设置正确应用。这样可以避免跨域请求被阻止的问题^[1].

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other}

[cy948]

提供一下控制台报错

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Provide console error report

[JoeChen2me]

提供一下控制台报错

问题一 模型无法选择 会自动变为默认

现在还发现一个问题就是：
我选择助手的模型，选择之后，会失效。就是会变成默认的gpt-4o-mini模型，而不是我选择的其他模型。
另外提供一下数据库的日志

root@C20250112111214:~/lobe-chat-db# docker logs -f lobe-postgres

PostgreSQL Database directory appears to contain a database; Skipping initialization

2025-01-14 13:13:09.098 UTC [1] LOG:  starting PostgreSQL 16.4 (Debian 16.4-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2025-01-14 13:13:09.099 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2025-01-14 13:13:09.099 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2025-01-14 13:13:09.102 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2025-01-14 13:13:09.112 UTC [29] LOG:  database system was shut down at 2025-01-14 13:13:07 UTC
2025-01-14 13:13:09.128 UTC [1] LOG:  database system is ready to accept connections
2025-01-14 13:18:09.206 UTC [27] LOG:  checkpoint starting: time
2025-01-14 13:18:09.215 UTC [27] LOG:  checkpoint complete: wrote 2 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.003 s, sync=0.001 s, total=0.009 s; sync files=3, longest=0.001 s, average=0.001 s; distance=0 kB, estimate=0 kB; lsn=0/2849B50, redo lsn=0/2849B18
2025-01-14 13:28:09.414 UTC [27] LOG:  checkpoint starting: time
2025-01-14 13:28:14.274 UTC [27] LOG:  checkpoint complete: wrote 49 buffers (0.3%); 0 WAL file(s) added, 0 removed, 0 recycled; write=4.842 s, sync=0.009 s, total=4.860 s; sync files=43, longest=0.005 s, average=0.001 s; distance=122 kB, estimate=122 kB; lsn=0/2868500, redo lsn=0/28684C8
2025-01-14 13:33:09.325 UTC [27] LOG:  checkpoint starting: time
2025-01-14 13:33:16.281 UTC [27] LOG:  checkpoint complete: wrote 72 buffers (0.4%); 0 WAL file(s) added, 0 removed, 0 recycled; write=6.936 s, sync=0.005 s, total=6.956 s; sync files=53, longest=0.002 s, average=0.001 s; distance=191 kB, estimate=191 kB; lsn=0/28984F8, redo lsn=0/28984C0
2025-01-14 13:38:09.378 UTC [27] LOG:  checkpoint starting: time
2025-01-14 13:38:09.492 UTC [27] LOG:  checkpoint complete: wrote 2 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.103 s, sync=0.003 s, total=0.115 s; sync files=2, longest=0.002 s, average=0.002 s; distance=5 kB, estimate=173 kB; lsn=0/2899978, redo lsn=0/2899940
2025-01-14 13:53:09.702 UTC [27] LOG:  checkpoint starting: time
2025-01-14 13:53:10.020 UTC [27] LOG:  checkpoint complete: wrote 4 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.304 s, sync=0.004 s, total=0.319 s; sync files=4, longest=0.002 s, average=0.001 s; distance=2 kB, estimate=156 kB; lsn=0/289A350, redo lsn=0/289A318
2025-01-14 13:58:09.118 UTC [27] LOG:  checkpoint starting: time
2025-01-14 13:58:09.432 UTC [27] LOG:  checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.303 s, sync=0.003 s, total=0.315 s; sync files=3, longest=0.002 s, average=0.001 s; distance=7 kB, estimate=141 kB; lsn=0/289C028, redo lsn=0/289BFD8
2025-01-14 14:03:09.515 UTC [27] LOG:  checkpoint starting: time
2025-01-14 14:03:09.929 UTC [27] LOG:  checkpoint complete: wrote 5 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.405 s, sync=0.003 s, total=0.414 s; sync files=4, longest=0.002 s, average=0.001 s; distance=4 kB, estimate=127 kB; lsn=0/289D340, redo lsn=0/289D308
2025-01-14 14:08:10.026 UTC [27] LOG:  checkpoint starting: time
2025-01-14 14:08:11.754 UTC [27] LOG:  checkpoint complete: wrote 18 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=1.717 s, sync=0.003 s, total=1.729 s; sync files=17, longest=0.002 s, average=0.001 s; distance=16 kB, estimate=116 kB; lsn=0/28A1670, redo lsn=0/28A1638
^Ccontext canceled

问题二 给出lobe-chat的日志

lobe-chat的输出日志如下

root@C20250112111214:~/lobe-chat-db# docker logs -f lobe-chat
?? DNS Server: [ '127.0.0.11' ]
-------------------------------------
[Database] Start to migration...
? database migration pass.
-------------------------------------
   ▲ Next.js 15.1.4
   - Local:        http://localhost:3210
   - Network:      http://0.0.0.0:3210

 ? Starting...
 ? Ready in 234ms
{
  allowDangerousEmailAccountLinking: true,
  clientId: undefined,
  clientSecret: undefined,
  platformType: 'WebsiteApp',
  profile: [Function: profile]
}
(node:28) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143)
 ? unhandledRejection:  ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143)
{
  allowDangerousEmailAccountLinking: true,
  clientId: undefined,
  clientSecret: undefined,
  platformType: 'WebsiteApp',
  profile: [Function: profile]
}
 ? ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143) {
  digest: '1785904733'
}
[auth][error] MissingCSRF: CSRF token was missing during an action signin. Read more at https://errors.authjs.dev#missingcsrf
    at tH (/app/.next/server/chunks/18300.js:1:42255)
    at i5 (/app/.next/server/chunks/18300.js:368:52432)
    at async i3 (/app/.next/server/chunks/18300.js:368:56596)
    at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17558)
    at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22188)
    at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1452:42)
    at async responseGenerator (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1822:28)
    at async NextNodeServer.renderToResponseWithComponentsImpl (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1832:28)
    at async NextNodeServer.renderPageComponent (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:2259:24)
    at async NextNodeServer.renderToResponseImpl (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:2297:32)
 ? ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143) {
  digest: '1785904733'
}
 ? ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143) {
  digest: '1785904733'
}
[auth][error] MissingCSRF: CSRF token was missing during an action signin. Read more at https://errors.authjs.dev#missingcsrf
    at tH (/app/.next/server/chunks/18300.js:1:42255)
    at i5 (/app/.next/server/chunks/18300.js:368:52432)
    at async i3 (/app/.next/server/chunks/18300.js:368:56596)
    at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17558)
    at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22188)
    at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1452:42)
    at async responseGenerator (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1822:28)
    at async NextNodeServer.renderToResponseWithComponentsImpl (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1832:28)
    at async NextNodeServer.renderPageComponent (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:2259:24)
    at async NextNodeServer.renderToResponseImpl (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:2297:32)
 ? ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143) {
  digest: '1785904733'
}
 ? ReferenceError: Cannot access 'm' before initialization
    at Object.y (.next/server/chunks/73066.js:257:19183)
    at <unknown> (.next/server/chunks/73066.js:257:23459)
    at <unknown> (.next/server/chunks/2279.js:159:1345)
    at o (.next/server/chunks/2279.js:159:1740)
    at s (.next/server/chunks/2279.js:159:1766)
    at d (.next/server/chunks/2279.js:159:1943)
    at <unknown> (.next/server/chunks/73066.js:257:23405)
    at t.a (.next/server/webpack-runtime.js:1:989)
    at 955225 (.next/server/chunks/73066.js:257:23158)
    at t (.next/server/webpack-runtime.js:1:143) {
  digest: '1785904733'
}
Route: [openai] InvalidProviderAPIKey: { error: undefined, errorType: 'InvalidProviderAPIKey' }
Route: [openai] InvalidProviderAPIKey: { error: undefined, errorType: 'InvalidProviderAPIKey' }
^Ccontext canceled

[JoeChen2me]

提供一下控制台报错

在我进行登录时，捕获到错误输出为。
报错信息在最后一行：[NextAuth] Error: { cause: null, message: 'Unknown error type.', name: 'NextAuth Error' }

root@C202501111214:~/lobe-chat-db# docker logs -f lobe-chat
?? DNS Server: [ '127.0.0.11' ]
-------------------------------------
[Database] Start to migration...
? database migration pass.
-------------------------------------
   ▲ Next.js 15.1.4
   - Local:        http://localhost:3210
   - Network:      http://0.0.0.0:3210

 ? Starting...
 ? Ready in 261ms
{
  allowDangerousEmailAccountLinking: true,
  clientId: undefined,
  clientSecret: undefined,
  platformType: 'WebsiteApp',
  profile: [Function: profile]
}
(node:29) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
{
  allowDangerousEmailAccountLinking: true,
  clientId: undefined,
  clientSecret: undefined,
  platformType: 'WebsiteApp',
  profile: [Function: profile]
}
[NextAuth] Error: { cause: null, message: 'Unknown error type.', name: 'NextAuth Error' }

---

我尝试过很多次删除文件并重新下载配置文件进行配置，但还是无法解决

[cy948]

先尝试更新到版本 >= 1.45.9

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Try updating to version >= 1.45.9 first

[JoeChen2me]

先尝试更新到版本 >= 1.45.9

已经更新到1.45.10了
现在主要的错误日志如下

错误日志

[NextAuth] Error: { cause: null, message: 'Unknown error type.', name: 'NextAuth Error' }
[auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror
[auth][cause]: r3: response parameter "iss" (issuer) missing
    at r6 (/app/.next/server/chunks/80382.js:368:4893)
    at /app/.next/server/chunks/80382.js:368:32166
    at ij (/app/.next/server/chunks/80382.js:368:32956)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async iV (/app/.next/server/chunks/80382.js:368:40333)
    at async i5 (/app/.next/server/chunks/80382.js:368:51902)
    at async i3 (/app/.next/server/chunks/80382.js:368:56596)
    at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17558)
    at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22072)
    at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/server/base-server.js:1452:42)
[auth][details]: {
  "parameters": {},
  "provider": "logto"
}
[NextAuth] Error: {
  cause: 'Configuration',
  message: 'Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details.',
  name: 'NextAuth Error'
}
[auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror
[auth][cause]: r3: response parameter "iss" (issuer) missing
    at r6 (/app/.next/server/chunks/80382.js:368:4893)
    at /app/.next/server/chunks/80382.js:368:32166
    at ij (/app/.next/server/chunks/80382.js:368:32956)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async iV (/app/.next/server/chunks/80382.js:368:40333)
    at async i5 (/app/.next/server/chunks/80382.js:368:51902)
    at async i3 (/app/.next/server/chunks/80382.js:368:56596)
    at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17558)
    at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22072)
    at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/server/base-server.js:1452:42)
[auth][details]: {
  "parameters": {},
  "provider": "logto"
}
[NextAuth] Error: {
  cause: 'Configuration',
  message: 'Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details.',
  name: 'NextAuth Error'
}

手动访问重定向URL

似乎提供给Logto的参数是空的

[NextAuth] Error: { cause: null, message: 'Unknown error type.', name: 'NextAuth Error' }
[auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror
[auth][cause]: r3: response parameter "iss" (issuer) missing
    at r6 (/app/.next/server/chunks/80382.js:368:4893)
    at /app/.next/server/chunks/80382.js:368:32166
    at ij (/app/.next/server/chunks/80382.js:368:32956)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async iV (/app/.next/server/chunks/80382.js:368:40333)
    at async i5 (/app/.next/server/chunks/80382.js:368:51902)
    at async i3 (/app/.next/server/chunks/80382.js:368:56596)
    at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17558)
    at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22072)
    at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_ddaf53d3b53e2eb9f52b27236a461995/node_modules/next/dist/server/base-server.js:1452:42)
[auth][details]: {
  "parameters": {},
  "provider": "logto"
}
[NextAuth] Error: {
  cause: 'Configuration',
  message: 'Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details.',
  name: 'NextAuth Error'
}

---

配置文件

  logto:
    image: svhd/logto:1.18
    container_name: lobe-logto
    ports:
      - '3001:3001'
      - '3002:3002'
    depends_on:
      postgresql:
        condition: service_healthy
    environment:
      - 'TRUST_PROXY_HEADER=1'
      - 'DB_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/logto'
      - 'ENDPOINT=https://lobe-auth-api.joe.top'
      - 'ADMIN_ENDPOINT=https://lobe-auth-ui.joe.top'
    entrypoint: ['sh', '-c', 'npm run cli db seed -- --swe && npm start']

[Jacob-zh]

尝试修改一下Nginx的反代配置；
lobe

  location / {
    proxy_pass http://xxxxxxx:xxxx;
    proxy_redirect      off;
    proxy_set_header    Host            $http_host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Accept-Encoding gzip;
    proxy_connect_timeout 300s;
    proxy_send_timeout 300s;
    proxy_read_timeout 300s;
    proxy_cache off;  # 关闭缓存
    proxy_buffering off;  # 关闭代理缓冲
    chunked_transfer_encoding on;  # 开启分块传输编码
    tcp_nopush on;  # 开启TCP NOPUSH选项,禁止Nagle算法
    tcp_nodelay on;  # 开启TCP NODELAY选项,禁止延迟ACK算法
    keepalive_timeout 300;  # 设定keep-alive超时时间为300秒
  }

casdoor

  location / {
    proxy_pass http://xxxxxxx:xxxx;
    proxy_redirect      off;
    proxy_set_header    Host            $http_host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }

logto相关 可以去看看它的文档，它的反代还有点其他要求。

[cy948]

如果你通过宝塔之类的面板申请ssl，请记得加上以下的nginx反代配置

location /.well-known/openid-configuration {
  proxy_pass http://localhost:8000;  # 转发到 localhost:8000
  proxy_set_header Host $host;  # 保留原始主机头
  proxy_set_header X-Real-IP $remote_addr;  # 保留客户端真实IP
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # 保留转发的IP
  proxy_set_header X-Forwarded-Proto $scheme;  # 保留请求协议
}

[oliverwu-cn]

通过本地部署ip模式，也遇到了同样的登录api configuration 报错，和楼主的类似，请问有没有大佬知道该怎么办，设置了nextauthurl 也不行

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Through local deployment IP mode, I also encountered the same login api configuration error, which is similar to the original poster. Does anyone know what to do? Even setting nextauthurl will not work.

[JoeChen2me]

如果你通过宝塔之类的面板申请ssl，请记得加上以下的nginx反代配置

location /.well-known/openid-configuration {
  proxy_pass http://localhost:8000;  # 转发到 localhost:8000
  proxy_set_header Host $host;  # 保留原始主机头
  proxy_set_header X-Real-IP $remote_addr;  # 保留客户端真实IP
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # 保留转发的IP
  proxy_set_header X-Forwarded-Proto $scheme;  # 保留请求协议
}

是的，我是用宝塔面板申请的SSL。
请问你说的这个配置添加在哪里呢？
请问是如图在宝塔面板的自定义配置文件中加入吗？

[JoeChen2me]

尝试修改一下Nginx的反代配置； lobe

  location / {
    proxy_pass http://xxxxxxx:xxxx;
    proxy_redirect      off;
    proxy_set_header    Host            $http_host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Accept-Encoding gzip;
    proxy_connect_timeout 300s;
    proxy_send_timeout 300s;
    proxy_read_timeout 300s;
    proxy_cache off;  # 关闭缓存
    proxy_buffering off;  # 关闭代理缓冲
    chunked_transfer_encoding on;  # 开启分块传输编码
    tcp_nopush on;  # 开启TCP NOPUSH选项,禁止Nagle算法
    tcp_nodelay on;  # 开启TCP NODELAY选项,禁止延迟ACK算法
    keepalive_timeout 300;  # 设定keep-alive超时时间为300秒
  }

casdoor

  location / {
    proxy_pass http://xxxxxxx:xxxx;
    proxy_redirect      off;
    proxy_set_header    Host            $http_host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }

logto相关 可以去看看它的文档，它的反代还有点其他要求。

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

[Jacob-zh]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

[JoeChen2me]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

好的，谢谢！我这就来测试一下

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations for reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

OK, thanks! I'm going to test it right now

[JoeChen2me]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。
而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。
必须设置为 完全（严格），才能访问

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations for reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working.
And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing Redirected too many times.
Must be set to full (strict) to access

[SpeedupMaster]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

设置端口重写

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations for reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing Redirected too many times. Must be set to full (strict) to access

Set port rewrite

[JoeChen2me]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

设置端口重写

还是不起效，这是一个很复杂的问题。我尝试将csadoor和logto进行了版本回退，但是问题依旧

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations for reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing Redirected too many times. Must be set to full (strict) to access

 Set port rewrite

Still doesn't work, this is a very complicated problem. I tried rolling back versions of csadoor and logto, but the problem remains.

[Jacob-zh]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

我想大概率还是反代配置问题，casdoor等认证服务没有拿到数据，nextauth获取内容错误。我测试将casdoor的nginx反代配置删除那些传递内容，验证得到了跟你相似的错误，如下图。
我没用宝塔 不清楚它的nginx配置有什么魔改的地方。你可以挨个服务部署验证，先确保casdoor能正常域名进入操作，然后在测试域名进入lobe。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations for reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing Redirected too many times. Must be set to full (strict) to access

I think there is a high probability that it is an anti-generation configuration problem. Authentication services such as casdoor did not get the data, and nextauth got the wrong content. I tested casdoor's nginx anti-generation configuration to delete the passed content, and verified that I got an error similar to yours, as shown below.
I haven't used Pagoda and I don't know if there are any magic changes in its nginx configuration. You can deploy and verify services one by one. First ensure that casdoor can enter the normal domain name operation, and then enter the lobe on the test domain name.

[SpeedupMaster]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

设置端口重写

还是不起效，这是一个很复杂的问题。我尝试将csadoor和logto进行了版本回退，但是问题依旧

我之前设置端口重写就不会出现 重定向太多次 的问题，不过我没用宝塔面板

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations for reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing Redirected too many times. Must be set to full (strict) to access

 Set port rewrite

Still doesn't work, this is a very complicated problem. I tried rolling back versions of csadoor and logto, but the problem remains.

I set up port rewriting before so that the problem of too many redirects wouldn't occur, but I didn't use the Pagoda panel.

[JoeChen2me]

@Jacob-zh

这样子看的话，似乎是宝塔面板的Nginx配置的问题，我用的一键操作的方式，直接在面板中增加反代设置，导致了这么多问题。
目前来看，应该是Nginx反代的设置过程中，没有把lobe站点发送过去的认证参数传递给auth的页面，导致鉴权服务拿不到对应的参数，从而导致出错。

---

我是可以通过访问casdoor的域名进入casdoor并且进行配置的。但是从Lobe发起鉴权认证跳转到casdor的时候，就会出现错误。不知是哪一步出现的问题。
也许我需要抛开宝塔面板的Nginx配置，自己写conf文件,将您给的配置文件填入，再通过include的方式进行配置。而不使用宝塔生成的配置文件。

另外，我在L站的相关回答中发现，似乎将域名托管到Cloudflare后，就无法通过cerboot申请证书，仅能使用cloudflare签发的源证书。
这也许也是一种可能的原因。
我将进一步尝试。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@Jacob-zh
Looking at it this way, it seems to be a problem with the Nginx configuration of the Pagoda panel. I used one-click operation to add anti-generation settings directly to the panel, which caused so many problems.
From the current point of view, it seems that during the setting process of Nginx reverse generation, the authentication parameters sent by the lobe site were not passed to the auth page, causing the authentication service to not get the corresponding parameters, resulting in an error.

I can enter casdoor and configure it by accessing casdoor's domain name. But when the authentication is initiated from Lobe and jumps to Casdor, an error occurs. I don't know which step caused the problem.
Maybe I need to put aside the Nginx configuration of the Pagoda panel, write a conf file myself and configure it through include.

[cy948]

@JoeChen2me 是这里。你可以先使用宝塔申请ssl证书，cloudflare 解析时不使用 proxy 。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@JoeChen2me is here. You can first use Pagoda to apply for an SSL certificate. Cloudflare does not use proxy when parsing.

[cy948]

@JoeChen2me 我提供的配置是给casdoor的，你可以将该配置放到负责反向代理casdoor的nginx配置中。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@JoeChen2me The configuration I provided is for casdoor. You can put this configuration into the nginx configuration responsible for the reverse proxy casdoor.

[JoeChen2me]

@JoeChen2me 是这里。你可以先使用宝塔申请ssl证书，cloudflare 解析时不使用 proxy 。

好的。我试试
关闭cloudflare的小黄云代理，让其只解析DNS。
然后使用宝塔面板来设置反代和申请SSL证书。
再将上述配置写入nginx的casdoor的自定义配置文件中

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

@JoeChen2me is here. You can first use Pagoda to apply for an SSL certificate. Cloudflare does not use proxy when parsing.

OK I'll try
Turn off cloudflare's Xiaohuangyun proxy and let it only resolve DNS.
Then use the Pagoda panel to set up reverse proxy and apply for an SSL certificate.
Then write the above configuration into the custom configuration file of nginx's casdoor

[JoeChen2me]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

设置端口重写

还是不起效，这是一个很复杂的问题。我尝试将csadoor和logto进行了版本回退，但是问题依旧

我之前设置端口重写就不会出现 重定向太多次 的问题，不过我没用宝塔面板

我现在改用1panel来做面板管理
能够通过网页登入Logto的Admin界面，但是在发起登录/认证时仍存在问题。
查阅OpneResty的后台日志，分析发现

GET /api/applications/tfks0t6t036usrkx0v4ny/sign-in-experience

其返回码是404。
也许是这个的问题。这个GET中的ID方法确实对应着我的Logto的APP ID。
但是不知为何，返回的404.

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations of reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing redirected too many times. Must be set to full (strict) to access

 Set port rewrite

Still doesn't work, this is a very complicated problem. I tried rolling back versions of csadoor and logto, but the problem remains.

I set up port rewriting before so that the problem of too many redirects would not occur, but I didn’t use the Pagoda panel.

I now switch to 1panel for panel management
I can log in to Logto's Admin interface through the web page, but there is still a problem when initiating login/authentication.
Check the background log of OpneResty and analyze it and find that

GET /api/applications/tfks0t6t036usrkx0v4ny/sign-in-experience

Its return code is 404.
Maybe it's the problem with this. The ID method in this GET does correspond to my Logto APP ID.
But for some reason, 404 was returned.

[SpeedupMaster]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

设置端口重写

还是不起效，这是一个很复杂的问题。我尝试将csadoor和logto进行了版本回退，但是问题依旧

我之前设置端口重写就不会出现 重定向太多次 的问题，不过我没用宝塔面板

我现在改用1panel来做面板管理 能够通过网页登入Logto的Admin界面，但是在发起登录/认证时仍存在问题。 查阅OpneResty的后台日志，分析发现

GET /api/applications/tfks0t6t036usrkx0v4ny/sign-in-experience

其返回码是404。 也许是这个的问题。这个GET中的ID方法确实对应着我的Logto的APP ID。 但是不知为何，返回的404.

试试用dokploy？不过我之前没用这些，用的NPM面板设置的反代

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations of reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still not working. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing redirected too many times. Must be set to full (strict) to access

 Set port rewrite

Still doesn't work, this is a very complicated problem. I tried rolling back versions of csadoor and logto, but the problem remains.

I set up port rewriting before so that the problem of too many redirects would not occur, but I did not use the Pagoda panel.

I now use 1panel for panel management. I can log in to the Admin interface of Logto through the web page, but there are still problems when initiating login/authentication. Check the background log of OpneResty and analyze it and find that

GET /api/applications/tfks0t6t036usrkx0v4ny/sign-in-experience

Its return code is 404. Maybe it's the problem with this. The ID method in this GET does correspond to my Logto APP ID. But for some reason, 404 was returned.

Try using dokploy? But I haven't used these before, I used the reverse version of the NPM panel settings.

[JoeChen2me]

请问这上述的两个是分别写入lobe.mydomain.com和lobe-casdoor.domain.com的吗？也就是分别是反向代理到我的Lobe的3210端口和Casdoor所在的8000端口的配置吗

是的。

还是不行呢。 而且存在一个问题就是我一旦将cloudflare中的SSL模式改为‘灵活’，就会出现无法访问的情况。显示 重定向太多次。 必须设置为 完全（严格），才能访问

设置端口重写

还是不起效，这是一个很复杂的问题。我尝试将csadoor和logto进行了版本回退，但是问题依旧

我之前设置端口重写就不会出现 重定向太多次 的问题，不过我没用宝塔面板

我现在改用1panel来做面板管理 能够通过网页登入Logto的Admin界面，但是在发起登录/认证时仍存在问题。 查阅OpneResty的后台日志，分析发现

GET /api/applications/tfks0t6t036usrkx0v4ny/sign-in-experience

其返回码是404。 也许是这个的问题。这个GET中的ID方法确实对应着我的Logto的APP ID。 但是不知为何，返回的404.

试试用dokploy？不过我之前没用这些，用的NPM面板设置的反代

放弃了。我等文档更新再重新部署一遍看看。

[lobehubbot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Are the above two written in lobe.mydomain.com and lobe-casdoor.domain.com respectively? In other words, are the configurations of reverse proxying to port 3210 of my Lobe and port 8000 of Casdoor?

Yes.

Still doesn't work. And there is a problem that once I change the SSL mode in cloudflare to 'flexible', I will be unable to access it. Showing redirected too many times. Must be set to full (strict) to access

 Set port rewrite

Still doesn't work, this is a very complicated problem. I tried rolling back versions of csadoor and logto, but the problem remains.

I set up port rewriting before so that the problem of too many redirects would not occur, but I did not use the Pagoda panel.

I now use 1panel for panel management. I can log in to the Admin interface of Logto through the web page, but there are still problems when initiating login/authentication. Check the background log of OpneResty and analyze it and find that

GET /api/applications/tfks0t6t036usrkx0v4ny/sign-in-experience

Its return code is 404. Maybe it's the problem with this. The ID method in this GET does correspond to my Logto APP ID. But for some reason, 404 was returned.

Try using dokploy? But I haven't used these before, I used the reverse version of the NPM panel settings.

gave up. I'll wait for the documentation to be updated and then redeploy it to take a look.