LobeChat Lucky反代域名+端口模式解决方案#

Lobe目前支持的模式有三种

本地模式（默认）：仅能在本地访问，不支持局域网 / 公网访问，适用于初次体验；
端口模式：支持局域网 / 公网的 http 访问，适用于无域名或内部办公场景使用；
域名模式：支持局域网 / 公网在使用反向代理下的 http/https 访问，适用于个人或团队日常使用

那么有的伙伴想要部署lobehub在自己的NAS，然后通过Lucky（或其他反代工具）绑定域名，并监听一个固定的端口实现，会遇到各种问题类似的问题有： # [Request] 提供域名模式部署、外网带端口https访问教程 # [Bug] 使用docker-compose部署端口模式，nginx反向代理后无法登录

日志报错：

1
-------------------------------------
2

3
[Database] Start to migration...
4

5
✅ database migration pass.
6

7
-------------------------------------
8

9
   ▲ Next.js 15.1.5
10

11
   - Local:        http://localhost:3210
12

13
   - Network:      http://0.0.0.0:3210
14

15

16

17
 ✓ Starting...
18

19
 ✓ Ready in 70ms
20

21
{
22

23
  allowDangerousEmailAccountLinking: true,
24

25
  clientId: undefined,
26

27
  clientSecret: undefined,
28

29
  platformType: 'WebsiteApp',
30

31
  profile: [Function: profile]
32

33
}
34

35
(node:28) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
36

37
(Use `node --trace-deprecation ...` to show where the warning was created)
38

39
{
40

41
  allowDangerousEmailAccountLinking: true,
42

43
  clientId: undefined,
44

45
  clientSecret: undefined,
46

47
  platformType: 'WebsiteApp',
48

49
  profile: [Function: profile]
50

51
}
52

53
Error getting changelog lists: TypeError: fetch failed
54

55
    at async m.getChangelogIndex (.next/server/app/@modal/(.)changelog/modal/page.js:74:15441)
56

57
    at async m.getLatestChangelogId (.next/server/app/@modal/(.)changelog/modal/page.js:74:15300)
58

59
    at async g (.next/server/app/(main)/chat/(workspace)/page.js:1208:16149) {
60

61
  [cause]: [AggregateError: ] { code: 'ECONNREFUSED' }
62

63
}
64

65
Error: fetch failed
66

67
    at context.fetch (/app/node_modules/.pnpm/next@15.1.5_@babel+core@7.26.0_@opentelemetry+api@1.9.0_@playwright+test@1.49.1_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/server/web/sandbox/context.js:303:38)
68

69
    at /app/.next/server/edge-chunks/24.js:1:115797
70

71
    at W (/app/.next/server/edge-chunks/24.js:1:120818)
72

73
    at /app/.next/server/edge-chunks/24.js:1:123586
74

75
    at /app/.next/server/edge-chunks/24.js:1:130198
76

77
    at e.with (/app/.next/server/edge-chunks/24.js:1:10880)
78

79
    at e.with (/app/.next/server/edge-chunks/24.js:1:11948)
80

81
    at e.startActiveSpan (/app/.next/server/edge-chunks/24.js:1:14064)
82

83
    at e.startActiveSpan (/app/.next/server/edge-chunks/24.js:1:14362)
84

85
    at /app/.next/server/edge-chunks/24.js:1:129720 {
86

87

88

89
}
90

91
[auth][error] TypeError: fetch failed
92

93
    at node:internal/deps/undici/undici:13484:13
94

95
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
96

97
    at async iY (/app/.next/server/chunks/18702.js:368:46924)
98

99
    at async iQ (/app/.next/server/chunks/18702.js:368:49798)
100

101
    at async i5 (/app/.next/server/chunks/18702.js:368:52440)
102

103
    at async i4 (/app/.next/server/chunks/18702.js:368:56596)
104

105
    at async tr.do (/app/node_modules/.pnpm/next@15.1.5_@babel+core@7.26.0_@opentelemetry+api@1.9.0_@playwright+test@1.49.1_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17582)
106

107
    at async tr.handle (/app/node_modules/.pnpm/next@15.1.5_@babel+core@7.26.0_@opentelemetry+api@1.9.0_@playwright+test@1.49.1_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22212)
108

109
    at async doRender (/app/node_modules/.pnpm/next@15.1.5_@babel+core@7.26.0_@opentelemetry+api@1.9.0_@playwright+test@1.49.1_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/server/base-server.js:1452:42)
110

111
    at async responseGenerator (/app/node_modules/.pnpm/next@15.1.5_@babel+core@7.26.0_@opentelemetry+api@1.9.0_@playwright+test@1.49.1_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/server/base-server.js:1822:28)
112

113
[NextAuth] Error: {
114

115
  cause: 'Configuration',
116

117
  message: 'Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details.',
118

119
  name: 'NextAuth Error'
120

121
}

原因是：lobehub在交互时会用到各种回调，如果你全部都填写了域名+端口的模式，回调时你docker本身向域名（外网）发出请求，但会被路由器解析成发往内网的，从而失败。

issue中有人提到了：

解决方案#

解决方案也很简单，分两步骤

docker-compose中将发往外网的请求直接发给内网（回流）
针对于反代端口写死的情况，docker-compose中要部署一个子反代来映射到不同服务的端口

回流#

docker-compose中添加一个extra-hosts

1
name: lobe-chat-database
2
services:
3
  network-service:
4
    image: alpine
5
    container_name: lobe-network
6
    restart: always
7
    ports:
8
      - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API
9
      - '9004:9001' # MinIO Console
10
      - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor
11
      - '${LOBE_PORT}:3210' # LobeChat
12
      - '3000:3000' # Grafana
13
      - '4318:4318' # otel-collector HTTP
14
      - '4317:4317' # otel-collector gRPC
15
    command: tail -f /dev/null
16
    networks:
17
      - lobe-network
18
    extra_hosts:
19
      - "lobe-casdoor.example.com:127.0.0.1"
20
      - "lobe-minio.example.com.cn:127.0.0.1"
21
      - "lobe.example.com.cn:127.0.0.1"

子反代#

docker-compose中添加一个nginx服务

1
internal-proxy:
2
    image: nginx:alpine
3
    container_name: lobe-internal-proxy
4
    network_mode: 'service:network-service'
5
    restart: always
6
    volumes:
7
      - ./internal_nginx.conf:/etc/nginx/conf.d/default.conf:ro
8
      - ./example.crt:/etc/nginx/ssl/example.crt:ro
9
      - ./example.key:/etc/nginx/ssl/example.key:ro

internal_nginx.conf文件（换成你自己的前缀和端口）

1
server {
2
    listen 16666 ssl;
3
    server_name lobe-casdoor.example.com;
4

5
    ssl_certificate /etc/nginx/ssl/example.crt;
6
    ssl_certificate_key /etc/nginx/ssl/example.key;
7

8
    location / {
9
        proxy_pass http://127.0.0.1:8007;
10
        proxy_set_header Host $host;
11
        proxy_set_header X-Real-IP $remote_addr;
12
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
13
        proxy_set_header X-Forwarded-Proto https; # 告诉后端这是加密请求
14
    }
15
}
16

17
server {
18
    listen 16666 ssl;
19
    server_name lobe-minio.example.com;
20

21
    ssl_certificate /etc/nginx/ssl/example.crt;
22
    ssl_certificate_key /etc/nginx/ssl/example.key;
23

24
    location / {
25
        proxy_pass http://127.0.0.1:9005;
26
        # 这一行非常关键：强制将 Host 设置为你在 Casdoor 里填写的域名
27
        proxy_set_header Host lobe-minio.example.com:16666;
28

29
        proxy_set_header X-Real-IP $remote_addr;
30
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31
        proxy_set_header X-Forwarded-Proto https;
32

33
        # 解决签名匹配中可能存在的双重斜杠问题
34
        proxy_redirect off;
35
        client_max_body_size 0;
36
    }
37
}
38

39
server {
40
    listen 16666 ssl;
41
    server_name lobe.example.com;
42

43
    ssl_certificate /etc/nginx/ssl/example.crt;
44
    ssl_certificate_key /etc/nginx/ssl/example.key;
45

46
    location / {
47
        proxy_pass http://127.0.0.1:3210;
48
        proxy_set_header Host $host;
49
        proxy_set_header X-Real-IP $remote_addr;
50
    }
51
}

这里要注意，证书你可以用自签命令生成，但是不推荐，后面minio的时候会有证书问题，这个有时间再开一个教程讲。我这里用的是lucky的Lets_Encrypt证书下载下来使用的。

最后一点#

lobe最好加上环境变量：

1
      - 'NODE_TLS_REJECT_UNAUTHORIZED=0'

本文已向github仓库提交

LobeChat Lucky反代 域名+端口模式解决方案#

解决方案#

回流#

子反代#

最后一点#

LobeChat Lucky反代域名+端口模式解决方案#