diff --git a/.github/ISSUE_TEMPLATE/1_bug_report.yml b/.github/ISSUE_TEMPLATE/1_bug_report.yml index 78cb91e2ca..4bb6a2b745 100644 --- a/.github/ISSUE_TEMPLATE/1_bug_report.yml +++ b/.github/ISSUE_TEMPLATE/1_bug_report.yml @@ -47,17 +47,6 @@ body: validations: required: false - - type: dropdown - attributes: - label: '🔧 Deployment Mode' - multiple: true - options: - - 'client db (lobe-chat image)' - - 'client pgelite db (lobe-chat-pglite image)' - - 'server db (lobe-chat-database image)' - validations: - required: true - - type: input attributes: label: '📌 Version' diff --git a/README.md b/README.md index fb220b7b2a..527d0c4dbb 100644 --- a/README.md +++ b/README.md @@ -479,13 +479,9 @@ Regardless of which database you choose, LobeHub can provide you with an excelle ### [Support Multi-User Management][docs-feat-auth] -LobeHub supports multi-user management and provides two main user authentication and management solutions to meet different needs: +LobeHub supports multi-user management and provides flexible user authentication solutions: -- **next-auth**: LobeHub integrates `next-auth`, a flexible and powerful identity verification library that supports multiple authentication methods, including OAuth, email login, credential login, etc. With `next-auth`, you can easily implement user registration, login, session management, social login, and other functions to ensure the security and privacy of user data. - -- [**Clerk**](https://go.clerk.com/exgqLG0): For users who need more advanced user management features, LobeHub also supports `Clerk`, a modern user management platform. `Clerk` provides richer functions, such as multi-factor authentication (MFA), user profile management, login activity monitoring, etc. With `Clerk`, you can get higher security and flexibility, and easily cope with complex user management needs. - -Regardless of which user management solution you choose, LobeHub can provide you with an excellent user experience and powerful functional support. +- **Better Auth**: LobeHub integrates `Better Auth`, a modern and flexible authentication library that supports multiple authentication methods, including OAuth, email login, credential login, magic links, and more. With `Better Auth`, you can easily implement user registration, login, session management, social login, multi-factor authentication (MFA), and other functions to ensure the security and privacy of user data.
@@ -845,12 +841,12 @@ This project is [LobeHub Community License](./LICENSE) licensed. [discord-link]: https://discord.gg/AYFPHvv2jT [discord-shield]: https://img.shields.io/discord/1127171173982154893?color=5865F2&label=discord&labelColor=black&logo=discord&logoColor=white&style=flat-square [discord-shield-badge]: https://img.shields.io/discord/1127171173982154893?color=5865F2&label=discord&labelColor=black&logo=discord&logoColor=white&style=for-the-badge -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat?color=45cc11&labelColor=black&style=flat-square&sort=semver -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat-database?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat-database?color=369eff&labelColor=black&style=flat-square&sort=semver +[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobehub?color=45cc11&labelColor=black&style=flat-square&sort=semver +[docker-release-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobehub?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver +[docker-size-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobehub?color=369eff&labelColor=black&style=flat-square&sort=semver [docs]: https://lobehub.com/docs/usage/start [docs-dev-guide]: https://lobehub.com/docs/development/start [docs-docker]: https://lobehub.com/docs/self-hosting/server-database/docker-compose diff --git a/README.zh-CN.md b/README.zh-CN.md index 8e7076c62e..6c06273124 100644 --- a/README.zh-CN.md +++ b/README.zh-CN.md @@ -461,8 +461,6 @@ LobeHub 支持多用户管理,提供了灵活的用户认证方案: - **Better Auth**:LobeHub 集成了 `Better Auth`,一个现代化且灵活的身份验证库,支持多种身份验证方式,包括 OAuth、邮件登录、凭证登录、魔法链接等。通过 `Better Auth`,您可以轻松实现用户的注册、登录、会话管理、社交登录、多因素认证 (MFA) 等功能,确保用户数据的安全性和隐私性。 -- **next-auth**:LobeHub 还支持 `next-auth`,一个广泛使用的身份验证库,具有丰富的 OAuth 提供商支持和灵活的会话管理选项。 -
[![][back-to-top]](#readme-top) @@ -855,12 +853,12 @@ This project is [LobeHub Community License](./LICENSE) licensed. [discord-link]: https://discord.gg/AYFPHvv2jT [discord-shield]: https://img.shields.io/discord/1127171173982154893?color=5865F2&label=discord&labelColor=black&logo=discord&logoColor=white&style=flat-square [discord-shield-badge]: https://img.shields.io/discord/1127171173982154893?color=5865F2&label=discord&labelColor=black&logo=discord&logoColor=white&style=for-the-badge -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat?color=45cc11&labelColor=black&style=flat-square&sort=semver -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat-database?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat-database?color=369eff&labelColor=black&style=flat-square&sort=semver +[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobehub?color=45cc11&labelColor=black&style=flat-square&sort=semver +[docker-release-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobehub?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver +[docker-size-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobehub?color=369eff&labelColor=black&style=flat-square&sort=semver [docs]: https://lobehub.com/zh/docs/usage/start [docs-dev-guide]: https://lobehub.com/docs/development/start [docs-docker]: https://lobehub.com/zh/docs/self-hosting/server-database/docker-compose diff --git a/apps/desktop/Development.md b/apps/desktop/Development.md index da13d2cf35..c73d625a4c 100644 --- a/apps/desktop/Development.md +++ b/apps/desktop/Development.md @@ -181,7 +181,7 @@ export default class AuthCtr extends ControllerModule { 2. **桌面端特定认证**: - 在桌面应用中使用固定的用户 ID - - 支持与 Clerk 和 NextAuth 等认证系统集成 + - 支持与 Better Auth 认证系统集成 ### 存储模块 (Store) diff --git a/docker-compose/local/docker-compose.yml b/docker-compose/local/docker-compose.yml index d19c7ccdb7..89759ef9dc 100644 --- a/docker-compose/local/docker-compose.yml +++ b/docker-compose/local/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: network-service: image: alpine @@ -128,7 +128,7 @@ services: lobe: image: lobehub/lobehub - container_name: lobe-chat + container_name: lobehub network_mode: 'service:network-service' depends_on: postgresql: diff --git a/docker-compose/local/grafana/docker-compose.yml b/docker-compose/local/grafana/docker-compose.yml index 3e56fb1060..506bf8d21f 100644 --- a/docker-compose/local/grafana/docker-compose.yml +++ b/docker-compose/local/grafana/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: network-service: image: alpine @@ -159,8 +159,8 @@ services: - ENDPOINT=127.0.0.1:4317 lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat + image: lobehub/lobehub + container_name: lobehub network_mode: 'service:network-service' depends_on: postgresql: diff --git a/docker-compose/local/logto/docker-compose.yml b/docker-compose/local/logto/docker-compose.yml index a4e6596aa8..40296318c1 100644 --- a/docker-compose/local/logto/docker-compose.yml +++ b/docker-compose/local/logto/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: network-service: image: alpine @@ -79,8 +79,8 @@ services: entrypoint: ['sh', '-c', 'npm run cli db seed -- --swe && npm start'] lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat + image: lobehub/lobehub + container_name: lobehub network_mode: 'service:network-service' depends_on: postgresql: @@ -99,7 +99,6 @@ services: - 'AUTH_SSO_PROVIDERS=logto' - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' - - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth' - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc' - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' diff --git a/docker-compose/local/zitadel/.env.example b/docker-compose/local/zitadel/.env.example index b0aac95ad1..b34ff6efb9 100644 --- a/docker-compose/local/zitadel/.env.example +++ b/docker-compose/local/zitadel/.env.example @@ -1,5 +1,5 @@ # Required: LobeChat domain for tRPC calls -# Ensure this domain is whitelisted in your NextAuth providers and S3 service CORS settings +# Ensure this domain is whitelisted in your SSO providers and S3 service CORS settings APP_URL=http://localhost:3210 # Postgres related environment variables @@ -8,12 +8,11 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= # Required: Postgres database connection string DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobechat -# NEXT_AUTH related environment variables -NEXTAUTH_URL=http://localhost:3210/api/auth +# Authentication related environment variables AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg AUTH_SSO_PROVIDERS=zitadel # ZiTADEL provider configuration -# Please refer to:https://lobehub.com/zh/docs/self-hosting/advanced/auth/next-auth/zitadel +# Please refer to:https://lobehub.com/zh/docs/self-hosting/advanced/auth/providers/zitadel AUTH_ZITADEL_ID=285945938244075523 AUTH_ZITADEL_SECRET=hkbtzHLaCEIeHeFThym14UcydpmQiEB5JtAX08HSqSoJxhAlVVkyovTuNUZ5TNrT AUTH_ZITADEL_ISSUER=http://localhost:8080 diff --git a/docker-compose/local/zitadel/.env.zh-CN.example b/docker-compose/local/zitadel/.env.zh-CN.example index a989c1e9a6..5078bf968d 100644 --- a/docker-compose/local/zitadel/.env.zh-CN.example +++ b/docker-compose/local/zitadel/.env.zh-CN.example @@ -7,8 +7,7 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= # Postgres 数据库连接字符串 DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobechat -# NEXT_AUTH 相关 -NEXTAUTH_URL=http://localhost:3210/api/auth +# 鉴权相关 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg AUTH_SSO_PROVIDERS=zitadel # ZiTADEL 鉴权服务提供商部分 diff --git a/docker-compose/local/zitadel/docker-compose.yml b/docker-compose/local/zitadel/docker-compose.yml index f2f1563d25..388c4ffc7e 100644 --- a/docker-compose/local/zitadel/docker-compose.yml +++ b/docker-compose/local/zitadel/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: network-service: image: alpine @@ -60,8 +60,8 @@ services: condition: service_healthy lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat + image: lobehub/lobehub + container_name: lobehub network_mode: 'service:network-service' depends_on: postgresql: diff --git a/docker-compose/production/grafana/docker-compose.yml b/docker-compose/production/grafana/docker-compose.yml index ebbf874007..2457957945 100644 --- a/docker-compose/production/grafana/docker-compose.yml +++ b/docker-compose/production/grafana/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: network-service: image: alpine @@ -157,8 +157,8 @@ services: - ENDPOINT=127.0.0.1:4317 lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat + image: lobehub/lobehub + container_name: lobehub network_mode: 'service:network-service' depends_on: postgresql: diff --git a/docker-compose/production/logto/.env.example b/docker-compose/production/logto/.env.example index fb6bba3415..81d06cc06f 100644 --- a/docker-compose/production/logto/.env.example +++ b/docker-compose/production/logto/.env.example @@ -1,5 +1,5 @@ # Required: LobeChat domain for tRPC calls -# Ensure this domain is whitelisted in your NextAuth providers and S3 service CORS settings +# Ensure this domain is whitelisted in your SSO providers and S3 service CORS settings APP_URL=https://lobe.example.com/ # Postgres related environment variables @@ -10,18 +10,16 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= # If using Docker, you can use the container name as the host DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe -# NEXT_AUTH related environment variables -# Supports auth0, Azure AD, GitHub, Authentik, Zitadel, Logto, etc. -# For supported providers, see: https://lobehub.com/docs/self-hosting/advanced/auth#next-auth -# If you have ACCESS_CODE, please remove it. We use NEXT_AUTH as the sole authentication source -# Required: NextAuth secret key. Generate with: openssl rand -base64 32 +# Authentication related environment variables +# Supports Auth0, Azure AD, GitHub, Authentik, Zitadel, Logto, etc. +# For supported providers, see: https://lobehub.com/docs/self-hosting/advanced/auth +# If you have ACCESS_CODE, please remove it. We use Better Auth as the sole authentication source +# Required: Auth secret key. Generate with: openssl rand -base64 32 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg # Required: Specify the authentication provider (e.g., Logto) AUTH_SSO_PROVIDERS=logto -# Required: NextAuth URL for callbacks -NEXTAUTH_URL=https://lobe.example.com/api/auth -# NextAuth providers configuration (example using Logto) +# SSO providers configuration (example using Logto) # For other providers, see: https://lobehub.com/docs/self-hosting/environment-variables/auth AUTH_LOGTO_ID=YOUR_LOGTO_ID AUTH_LOGTO_SECRET=YOUR_LOGTO_SECRET diff --git a/docker-compose/production/logto/.env.zh-CN.example b/docker-compose/production/logto/.env.zh-CN.example index c8868ce424..e0a1bcf15a 100644 --- a/docker-compose/production/logto/.env.zh-CN.example +++ b/docker-compose/production/logto/.env.zh-CN.example @@ -1,5 +1,5 @@ # 必填,LobeChat 域名,用于 tRPC 调用 -# 请保证此域名在你的 NextAuth 鉴权服务提供商、S3 服务商的 CORS 白名单中 +# 请保证此域名在你的 SSO 鉴权服务提供商、S3 服务商的 CORS 白名单中 APP_URL=https://lobe.example.com/ # Postgres 相关,也即 DB 必需的环境变量 @@ -9,18 +9,16 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= # 格式:postgresql://username:password@host:port/dbname,如果你的 pg 实例为 Docker 容器且位于同一 docker-compose 文件中,亦可使用容器名作为 host DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe -# NEXT_AUTH 相关,也即鉴权服务必需的环境变量 -# 可以使用 auth0、Azure AD、GitHub、Authentik、Zitadel、Logto 等,如有其他接入诉求欢迎提 PR -# 目前支持的鉴权服务提供商请参考:https://lobehub.com/zh/docs/self-hosting/advanced/auth#next-auth -# 如果你有 ACCESS_CODE,请务必清空,我们以 NEXT_AUTH 作为唯一鉴权来源 -# 必填,用于 NextAuth 的密钥,可以使用 openssl rand -base64 32 生成 +# 鉴权服务必需的环境变量 +# 可以使用 Auth0、Azure AD、GitHub、Authentik、Zitadel、Logto 等,如有其他接入诉求欢迎提 PR +# 目前支持的鉴权服务提供商请参考:https://lobehub.com/zh/docs/self-hosting/advanced/auth +# 如果你有 ACCESS_CODE,请务必清空,我们以 Better Auth 作为唯一鉴权来源 +# 必填,用于鉴权的密钥,可以使用 openssl rand -base64 32 生成 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg # 必填,指定鉴权服务提供商,这里以 Logto 为例 AUTH_SSO_PROVIDERS=logto -# 必填,NextAuth 的 URL,用于 NextAuth 的回调 -NEXTAUTH_URL=https://lobe.example.com/api/auth -# NextAuth 鉴权服务提供商部分,以 Logto 为例 +# SSO 鉴权服务提供商部分,以 Logto 为例 # 其他鉴权服务提供商所需的环境变量,请参考:https://lobehub.com/zh/docs/self-hosting/environment-variables/auth AUTH_LOGTO_ID=YOUR_LOGTO_ID AUTH_LOGTO_SECRET=YOUR_LOGTO_SECRET diff --git a/docker-compose/production/logto/docker-compose.yml b/docker-compose/production/logto/docker-compose.yml index 900c2356d1..41f805dad4 100644 --- a/docker-compose/production/logto/docker-compose.yml +++ b/docker-compose/production/logto/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: postgresql: image: pgvector/pgvector:pg16 @@ -52,8 +52,8 @@ services: entrypoint: ['sh', '-c', 'npm run cli db seed -- --swe && npm start'] lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat + image: lobehub/lobehub + container_name: lobehub ports: - '3210:3210' depends_on: diff --git a/docker-compose/production/zitadel/.env.example b/docker-compose/production/zitadel/.env.example index 8a07b87163..2ea1f75392 100644 --- a/docker-compose/production/zitadel/.env.example +++ b/docker-compose/production/zitadel/.env.example @@ -1,5 +1,5 @@ # Required: LobeChat domain for tRPC calls -# Ensure this domain is whitelisted in your NextAuth providers and S3 service CORS settings +# Ensure this domain is whitelisted in your SSO providers and S3 service CORS settings APP_URL=https://lobe.example.com/ # Postgres related environment variables @@ -10,16 +10,14 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= # If using Docker, you can use the container name as the host DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe -# NEXT_AUTH related environment variables -# Required: NextAuth URL for callbacks -NEXTAUTH_URL=https://lobe.example.com/api/auth -# Required: NextAuth secret key. Generate with: openssl rand -base64 32 +# Authentication related environment variables +# Required: Auth secret key. Generate with: openssl rand -base64 32 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg # Required: Specify the authentication provider AUTH_SSO_PROVIDERS=zitadel # ZiTADEL provider configuration -# Please refer to:https://lobehub.com/zh/docs/self-hosting/advanced/auth/next-auth/zitadel +# Please refer to:https://lobehub.com/zh/docs/self-hosting/advanced/auth/providers/zitadel AUTH_ZITADEL_ID=285934220675723622 AUTH_ZITADEL_SECRET=pe7Nh3lopXkZkfqh5YEDYI2xsbIz08eZKqInOUZxssd3refRia518Apbv3DZ AUTH_ZITADEL_ISSUER=https://zitadel.example.com diff --git a/docker-compose/production/zitadel/.env.zh-CN.example b/docker-compose/production/zitadel/.env.zh-CN.example index 70172fdfca..c86def3c97 100644 --- a/docker-compose/production/zitadel/.env.zh-CN.example +++ b/docker-compose/production/zitadel/.env.zh-CN.example @@ -1,5 +1,5 @@ # 必填,LobeChat 域名,用于 tRPC 调用 -# 请保证此域名在你的 NextAuth 鉴权服务提供商、S3 服务商的 CORS 白名单中 +# 请保证此域名在你的 SSO 鉴权服务提供商、S3 服务商的 CORS 白名单中 APP_URL=https://lobe.example.com/ # Postgres 相关,也即 DB 必需的环境变量 @@ -9,10 +9,8 @@ KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= # 格式:postgresql://username:password@host:port/dbname,如果你的 pg 实例为 Docker 容器且位于同一 docker-compose 文件中,亦可使用容器名作为 host DATABASE_URL=postgresql://postgres:uWNZugjBqixf8dxC@postgresql:5432/lobe -# NEXT_AUTH 相关,也即鉴权服务必需的环境变量 -# 必填,NextAuth 的 URL,用于 NextAuth 的回调 -NEXTAUTH_URL=https://lobe.example.com/api/auth -# 必填,用于 NextAuth 的密钥,可以使用 openssl rand -base64 32 生成 +# 鉴权服务必需的环境变量 +# 必填,用于鉴权的密钥,可以使用 openssl rand -base64 32 生成 AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg # 必填,指定鉴权服务提供商 AUTH_SSO_PROVIDERS=zitadel diff --git a/docker-compose/production/zitadel/docker-compose.yml b/docker-compose/production/zitadel/docker-compose.yml index d87df8ffd0..935cd23e81 100644 --- a/docker-compose/production/zitadel/docker-compose.yml +++ b/docker-compose/production/zitadel/docker-compose.yml @@ -1,4 +1,4 @@ -name: lobe-chat-database +name: lobehub services: postgresql: image: pgvector/pgvector:pg16 @@ -50,8 +50,8 @@ services: condition: service_healthy lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat + image: lobehub/lobehub + container_name: lobehub ports: - '3210:3210' depends_on: diff --git a/docs/development/basic/folder-structure.mdx b/docs/development/basic/folder-structure.mdx index 3bcf13f54c..2ab570e552 100644 --- a/docs/development/basic/folder-structure.mdx +++ b/docs/development/basic/folder-structure.mdx @@ -59,8 +59,7 @@ app ├── [variants]/ # Platform and device variants │ ├── (auth)/ # Authentication pages │ │ ├── login/ -│ │ ├── signup/ -│ │ └── next-auth/ +│ │ └── signup/ │ ├── (main)/ # Main application routes │ │ ├── (mobile)/ # Mobile-specific routes │ │ │ └── me/ # Mobile profile pages diff --git a/docs/development/basic/folder-structure.zh-CN.mdx b/docs/development/basic/folder-structure.zh-CN.mdx index a1f1ad2f7a..bb2cb0e434 100644 --- a/docs/development/basic/folder-structure.zh-CN.mdx +++ b/docs/development/basic/folder-structure.zh-CN.mdx @@ -57,8 +57,7 @@ app ├── [variants]/ # 平台和设备变体 │ ├── (auth)/ # 身份验证页面 │ │ ├── login/ -│ │ ├── signup/ -│ │ └── next-auth/ +│ │ └── signup/ │ ├── (main)/ # 主应用路由 │ │ ├── (mobile)/ # 移动端专用路由 │ │ │ └── me/ # 移动端个人资料页面 diff --git a/docs/self-hosting/advanced/auth.mdx b/docs/self-hosting/advanced/auth.mdx index 82d5ba1e50..e75f7dafa5 100644 --- a/docs/self-hosting/advanced/auth.mdx +++ b/docs/self-hosting/advanced/auth.mdx @@ -152,7 +152,19 @@ Send emails via SMTP protocol, suitable for users with existing email services. ### Common Configuration -Before using NextAuth, please set the following variables in LobeHub's environment variables: +Before using Better Auth, please set the following variables in LobeHub's environment variables: + +## Email Verification + +Enable email verification to ensure users own the email addresses they register with (off by default): + +| Environment Variable | Type | Description | +| ------------------------- | -------- | ----------------------------------------------------------- | +| `AUTH_EMAIL_VERIFICATION` | Optional | Set to `1` to require email verification after registration | + + + Email verification requires a working email service (SMTP or Resend) configured above. When enabled, users must verify their email address before they can sign in. + ## Magic Link (Passwordless) Login @@ -193,6 +205,17 @@ Set the `AUTH_SSO_PROVIDERS` environment variable with a comma-separated list, e The current authentication system requires email. Please configure a valid email address for users in Casdoor. Using a real, valid email is strongly recommended, otherwise features like password reset and magic link login will not work. +### Can I use fake or random email addresses? + +**Strongly not recommended.** You should always use valid, real email addresses. Using fake emails will cause the following issues: + +- Password reset functionality will not work +- Magic link login will not work +- Email verification will fail +- You may lose access to your account if you forget your password + +This applies to all authentication methods, including SSO providers like Casdoor. Always ensure users have valid email addresses configured. + ### How do I restrict registration to specific emails or domains? Set the `AUTH_ALLOWED_EMAILS` environment variable with a comma-separated list of allowed emails or domains. For example: @@ -200,6 +223,10 @@ Set the `AUTH_ALLOWED_EMAILS` environment variable with a comma-separated list o - Allow only `example.com` domain: `AUTH_ALLOWED_EMAILS=example.com` - Allow multiple domains and specific emails: `AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com` + + Note: `AUTH_ALLOWED_EMAILS` only restricts which email addresses can register, but does not verify email ownership. If you need to ensure users actually own the email address they register with, set `AUTH_EMAIL_VERIFICATION=1` to require email verification. This requires configuring an email service (SMTP). + + ## Additional Features ### Webhook Support diff --git a/docs/self-hosting/advanced/auth.zh-CN.mdx b/docs/self-hosting/advanced/auth.zh-CN.mdx index 16830241aa..513559857b 100644 --- a/docs/self-hosting/advanced/auth.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth.zh-CN.mdx @@ -152,7 +152,19 @@ LobeHub 与 Clerk 做了深度集成,能够为用户提供一个更加安全 ### 通用配置 -在使用 NextAuth 之前,请先在 LobeHub 的环境变量中设置以下变量: +在使用 Better Auth 之前,请先在 LobeHub 的环境变量中设置以下变量: + +## 邮箱验证 + +启用邮箱验证以确保用户拥有其注册的邮箱地址(默认关闭): + +| 环境变量 | 类型 | 描述 | +| ------------------------- | -- | -------------------- | +| `AUTH_EMAIL_VERIFICATION` | 可选 | 设置为 `1` 以要求注册后进行邮箱验证 | + + + 邮箱验证需要上方已配置好的邮件服务(SMTP 或 Resend)。启用后,用户必须验证其邮箱地址才能登录。 + ## 魔法链接(免密)登录 @@ -194,6 +206,17 @@ Better Auth 支持内置提供商(Google、GitHub、Microsoft、Apple、AWS Co 当前身份验证方案强依赖 email。请在 Casdoor 中为用户配置有效的 email 地址。 强烈建议使用真实有效的邮箱,否则密码重置、魔法链接登录等功能将无法使用。 +### 邮箱可以随便乱填吗? + +**强烈不建议**。请务必填写真实有效的邮箱地址。使用虚假邮箱会导致以下问题: + +- 密码重置功能无法使用 +- 魔法链接登录无法使用 +- 邮箱验证无法通过 +- 忘记密码时可能无法找回账户 + +这适用于所有身份验证方式,包括 Casdoor 等 SSO 提供商。请确保用户配置了有效的邮箱地址。 + ### 如何限制只允许特定邮箱或域名注册? 设置 `AUTH_ALLOWED_EMAILS` 环境变量,支持完整邮箱地址或域名,以逗号分隔。例如: @@ -201,6 +224,10 @@ Better Auth 支持内置提供商(Google、GitHub、Microsoft、Apple、AWS Co - 只允许 `example.com` 域名:`AUTH_ALLOWED_EMAILS=example.com` - 允许多个域名和特定邮箱:`AUTH_ALLOWED_EMAILS=example.com,company.org,admin@other.com` + + 注意:`AUTH_ALLOWED_EMAILS` 仅限制哪些邮箱地址可以注册,但不会验证邮箱所有权。如果需要确保用户确实拥有其注册的邮箱地址,请设置 `AUTH_EMAIL_VERIFICATION=1` 以启用邮箱验证。这需要配置邮件服务(SMTP)。 + + ### Webhook 支持 允许 LobeHub 在身份提供商中用户信息更新时接收通知。支持的提供商包括 Casdoor 和 Logto。请参考具体提供商文档进行配置。 @@ -211,4 +238,4 @@ Better Auth 支持内置提供商(Google、GitHub、Microsoft、Apple、AWS Co ## 其他 SSO 提供商 -请参考 [NextAuth.js](https://next-auth.js.org/providers) 文档,欢迎提交 Pull Request。 +请参考 [Auth.js](https://authjs.dev/getting-started/authentication/oauth) 文档,欢迎提交 Pull Request。 diff --git a/docs/self-hosting/advanced/auth/legacy.mdx b/docs/self-hosting/advanced/auth/legacy.mdx index 0826c6943a..b039d720ba 100644 --- a/docs/self-hosting/advanced/auth/legacy.mdx +++ b/docs/self-hosting/advanced/auth/legacy.mdx @@ -44,7 +44,7 @@ Before using NextAuth, please set the following variables in LobeChat's environm | Environment Variable | Type | Description | | -------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `NEXT_PUBLIC_ENABLE_NEXT_AUTH` | Required | This is used to enable the NextAuth service. Set it to `1` to enable it; changing this setting requires recompiling the application. Users deploying with the `lobehub/lobe-chat-database` image have this configuration added by default. | +| `NEXT_PUBLIC_ENABLE_NEXT_AUTH` | Required | This is used to enable the NextAuth service. Set it to `1` to enable it; changing this setting requires recompiling the application. Users deploying with the `lobehub/lobehub` image have this configuration added by default. | | `AUTH_SECRET` | Required | The key used to encrypt Auth.js session tokens. You can use the following command: `openssl rand -base64 32`, or visit `https://generate-secret.vercel.app/32` to generate the key. | | `AUTH_URL` | Required | This URL specifies the callback address for Auth.js when performing OAuth verification. Set this only if the default generated redirect address is incorrect. `https://example.com/api/auth` | | `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,microsoft-entra-id,authentik`. | diff --git a/docs/self-hosting/advanced/auth/legacy.zh-CN.mdx b/docs/self-hosting/advanced/auth/legacy.zh-CN.mdx index c5e9332331..63d3c3bbe4 100644 --- a/docs/self-hosting/advanced/auth/legacy.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth/legacy.zh-CN.mdx @@ -42,7 +42,7 @@ LobeChat 与 Clerk 做了深度集成,能够为用户提供安全、便捷的 | 环境变量 | 类型 | 描述 | | -------------------------------- | -- | ------------------------------------------------------------------------------------------------------------ | -| `NEXT_PUBLIC_ENABLE_NEXT_AUTH` | 必选 | 用于启用 NextAuth 服务,设置为 `1` 以启用,更改此项需要重新编译应用。使用 `lobehub/lobe-chat-database` 镜像部署的用户已经默认添加了该项配置。 | +| `NEXT_PUBLIC_ENABLE_NEXT_AUTH` | 必选 | 用于启用 NextAuth 服务,设置为 `1` 以启用,更改此项需要重新编译应用。使用 `lobehub/lobehub` 镜像部署的用户已经默认添加了该项配置。 | | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令: `openssl rand -base64 32`,或者访问 `https://generate-secret.vercel.app/32` 生成秘钥。 | | `AUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` | | `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源,以逗号 `,` 分割,例如 `auth0,microsoft-entra-id,authentik`。 | diff --git a/docs/self-hosting/advanced/auth/nextauth-to-betterauth.mdx b/docs/self-hosting/advanced/auth/nextauth-to-betterauth.mdx index a3048311df..70e4edb726 100644 --- a/docs/self-hosting/advanced/auth/nextauth-to-betterauth.mdx +++ b/docs/self-hosting/advanced/auth/nextauth-to-betterauth.mdx @@ -351,6 +351,10 @@ When configuring SSO connections (e.g., GitHub in Auth0), make sure to enable ** For identity providers like Casdoor or Logto, users may not have an email configured. + + **Note for Casdoor Users**: Casdoor does not require users to have an email configured, but LobeChat strongly depends on email for authentication. If you find migration difficult due to many users without email addresses, we recommend staying on [v2.0.0-next.344](https://github.com/lobehub/lobe-chat/releases/tag/v2.0.0-next.344) for now. We plan to provide a self-service migration feature in the future, where users without email will be redirected to a bind-email page when they log in. + + Solution: 1. First configure the Webhook in LobeChat to sync user data from the identity provider: diff --git a/docs/self-hosting/advanced/auth/nextauth-to-betterauth.zh-CN.mdx b/docs/self-hosting/advanced/auth/nextauth-to-betterauth.zh-CN.mdx index d79cb6241f..3300a27a14 100644 --- a/docs/self-hosting/advanced/auth/nextauth-to-betterauth.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth/nextauth-to-betterauth.zh-CN.mdx @@ -345,6 +345,10 @@ npx tsx scripts/nextauth-to-betterauth/verify.ts 对于 Casdoor、Logto 等身份提供商,用户可能没有配置邮箱。 + + **Casdoor 用户注意**:Casdoor 不要求用户必须配置邮箱,但 LobeChat 强依赖邮箱进行身份认证。如果因为大量用户没有邮箱而感觉迁移困难,建议暂时停留在 [v2.0.0-next.344](https://github.com/lobehub/lobe-chat/releases/tag/v2.0.0-next.344) 版本。后续官方计划提供用户端自助迁移功能,届时没有邮箱的用户登录时会被重定向到绑定邮箱页面。 + + 解决方案: 1. 先在 LobeChat 中配置身份提供商的 Webhook 以同步用户数据: diff --git a/docs/self-hosting/advanced/auth/providers/casdoor.mdx b/docs/self-hosting/advanced/auth/providers/casdoor.mdx index 73955d699c..e8faa54548 100644 --- a/docs/self-hosting/advanced/auth/providers/casdoor.mdx +++ b/docs/self-hosting/advanced/auth/providers/casdoor.mdx @@ -58,6 +58,14 @@ tags: Configure Casdoor [Webhook](https://www.casdoor.org/docs/webhooks/overview#setting-up-a-webhook) to sync user data updates to LobeChat. + **Synced data fields**: + + - Avatar (`avatar`) + - Email (`email`) + - Display name (`displayName`) + + **Configuration steps**: + 1. Go to **Admin Tools** -> **Webhooks** and create a Webhook 2. Fill in the following fields: - URL: `https://your-domain.com/api/webhooks/casdoor` diff --git a/docs/self-hosting/advanced/auth/providers/casdoor.zh-CN.mdx b/docs/self-hosting/advanced/auth/providers/casdoor.zh-CN.mdx index 5946cce9f9..de218e5a3b 100644 --- a/docs/self-hosting/advanced/auth/providers/casdoor.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth/providers/casdoor.zh-CN.mdx @@ -56,6 +56,14 @@ tags: 配置 Casdoor 的 [Webhook](https://www.casdoor.org/docs/webhooks/overview#setting-up-a-webhook) 以便在用户信息更新时同步到 LobeChat。 + **同步的数据字段**: + + - 头像 (`avatar`) + - 邮箱 (`email`) + - 显示名称 (`displayName`) + + **配置步骤**: + 1. 前往 `管理工具` -> `Webhooks`,创建一个 Webhook 2. 填写以下字段: - 链接:`https://your-domain.com/api/webhooks/casdoor` diff --git a/docs/self-hosting/advanced/upstream-sync.mdx b/docs/self-hosting/advanced/upstream-sync.mdx index be688071fe..27ea94da40 100644 --- a/docs/self-hosting/advanced/upstream-sync.mdx +++ b/docs/self-hosting/advanced/upstream-sync.mdx @@ -106,7 +106,7 @@ If you wish to automate the above steps, you can follow the method below and use export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890 # Pull the latest image and store the output in a variable - output=$(docker pull lobehub/lobe-chat:latest 2>&1) + output=$(docker pull lobehub/lobehub:latest 2>&1) # Check if the pull command was executed successfully if [ $? -ne 0 ]; then @@ -114,7 +114,7 @@ If you wish to automate the above steps, you can follow the method below and use fi # Check if the output contains a specific string - echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest" + echo "$output" | grep -q "Image is up to date for lobehub/lobehub:latest" # If the image is already up to date, do nothing if [ $? -eq 0 ]; then @@ -127,14 +127,14 @@ If you wish to automate the above steps, you can follow the method below and use echo "Removed: $(docker rm -f lobe-chat)" # Run the new container(Please change the path to the env file) - echo "Started: $(docker run -d --network=host --env-file /path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobe-chat)" + echo "Started: $(docker run -d --network=host --env-file /path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobehub)" # Print the update time and version echo "Update time: $(date)" - echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" + echo "Version: $(docker inspect lobehub/lobehub:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" # Clean up unused images - docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 + docker images | grep 'lobehub/lobehub' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 echo "Removed old images." ``` diff --git a/docs/self-hosting/advanced/upstream-sync.zh-CN.mdx b/docs/self-hosting/advanced/upstream-sync.zh-CN.mdx index d2850e6777..29acad83a8 100644 --- a/docs/self-hosting/advanced/upstream-sync.zh-CN.mdx +++ b/docs/self-hosting/advanced/upstream-sync.zh-CN.mdx @@ -101,7 +101,7 @@ Docker 部署版本的升级非常简单,只需要重新部署 LobeHub 的最 # export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890 # 拉取最新的镜像并将输出存储在变量中 - output=$(docker pull lobehub/lobe-chat:latest 2>&1) + output=$(docker pull lobehub/lobehub:latest 2>&1) # 检查拉取命令是否成功执行 if [ $? -ne 0 ]; then @@ -109,7 +109,7 @@ Docker 部署版本的升级非常简单,只需要重新部署 LobeHub 的最 fi # 检查输出中是否包含特定的字符串 - echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest" + echo "$output" | grep -q "Image is up to date for lobehub/lobehub:latest" # 如果镜像已经是最新的,则不执行任何操作 if [ $? -eq 0 ]; then @@ -122,14 +122,14 @@ Docker 部署版本的升级非常简单,只需要重新部署 LobeHub 的最 echo "Removed: $(docker rm -f lobe-chat)" # 运行新的容器(请将env配置文件地址改为你的实际地址) - echo "Started: $(docker run -d --network=host --env-file path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobe-chat)" + echo "Started: $(docker run -d --network=host --env-file path/to/lobe.env --name=lobe-chat --restart=always lobehub/lobehub)" # 打印更新的时间和版本 echo "Update time: $(date)" - echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" + echo "Version: $(docker inspect lobehub/lobehub:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" # 清理不再使用的镜像 - docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 + docker images | grep 'lobehub/lobehub' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 echo "Removed old images." ``` diff --git a/docs/self-hosting/environment-variables.mdx b/docs/self-hosting/environment-variables.mdx index 1c34bb418b..fa63dc6665 100644 --- a/docs/self-hosting/environment-variables.mdx +++ b/docs/self-hosting/environment-variables.mdx @@ -44,7 +44,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository_owner }}/lobe-chat-database # Name of your image + IMAGE_NAME: ${{ github.repository_owner }}/lobehub # Name of your image jobs: build-and-push: diff --git a/docs/self-hosting/environment-variables/auth.mdx b/docs/self-hosting/environment-variables/auth.mdx index 385f81158f..c7a5d1107f 100644 --- a/docs/self-hosting/environment-variables/auth.mdx +++ b/docs/self-hosting/environment-variables/auth.mdx @@ -2,14 +2,12 @@ title: LobeHub Authentication Service Environment Variables description: >- Explore the essential environment variables for configuring authentication - services in LobeHub, including Better Auth, OAuth SSO, NextAuth settings, and + services in LobeHub, including Better Auth, OAuth SSO, and provider-specific details. tags: - Authentication Service - Better Auth - OAuth SSO - - Clerk - - NextAuth --- # Authentication Service @@ -23,7 +21,7 @@ LobeHub provides a complete authentication service capability when deployed. The #### `AUTH_SECRET` - Type: Required -- Description: Key used to encrypt session tokens. Shared between Better Auth and Next Auth. You can generate the key using the command: `openssl rand -base64 32`. +- Description: Key used to encrypt session tokens. You can generate the key using the command: `openssl rand -base64 32`. - Default: `-` - Example: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=` @@ -211,333 +209,3 @@ These settings are required for email verification and password reset features. - Description: App Secret of the WeChat application. - Default: `-` - Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx` - - - For other OIDC-based providers (Auth0, Authelia, Authentik, Casdoor, Cloudflare Zero Trust, Keycloak, Logto, Okta, ZITADEL, Generic OIDC), the environment variables follow the same pattern as Next Auth. See the [Next Auth section](#next-auth) below for details. - - -## Next Auth - -### General Settings - -#### `NEXT_PUBLIC_ENABLE_NEXT_AUTH` - -- Changes after v1.52.0. - -- For users who deploy with Vercel using Next Auth, it is necessary to add the environment variable NEXT\_PUBLIC\_ENABLE\_NEXT\_AUTH=1 to ensure that Next Auth is enabled. - -- For users who use Clerk in their self-built image, it is necessary to configure the environment variable NEXT\_PUBLIC\_ENABLE\_NEXT\_AUTH=0 to disable Next Auth.\n - -- Other standard deployment scenarios (using Clerk on Vercel and next-auth in Docker) are not affected - -#### `NEXT_AUTH_SECRET` - -- Type: Required -- Description: Key used to encrypt the session tokens in Auth.js. You can generate the key using the following command: `openssl rand -base64 32`. -- Default: `-` -- Example: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=` - -#### `NEXT_AUTH_SSO_PROVIDERS` - -- Type: Optional -- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,microsoft-entra-id,authentik`. -- Default: `auth0` -- Example: `auth0,microsoft-entra-id,authentik` - -#### `NEXTAUTH_URL` - -- Type: Optional -- Description: This URL is used to specify the callback address for Auth.js during OAuth authentication. It does not need to be set when deploying on Vercel. -- Default: `-` -- Example: `https://example.com/api/auth` - -### Auth0 - -#### `AUTH_AUTH0_ID` - -- Type: Required -- Description: Client ID of the Auth0 application. You can access it [here](https://manage.auth0.com/dashboard) and navigate to the application settings to view. -- Default: `-` -- Example: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P` - -#### `AUTH_AUTH0_SECRET` - -- Type: Required -- Description: Client Secret of the Auth0 application. -- Default: `-` -- Example: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm` - -#### `AUTH_AUTH0_ISSUER` - -- Type: Required -- Description: Issuer/domain of the Auth0 application. -- Default: `-` -- Example: `https://example.auth0.com` - -### Authelia - -#### `AUTH_AUTHELIA_ID` - -- Type: Required -- Description: Client ID of the Authelia provider application. -- Default: `-` -- Example: `lobe-chat` - -#### `AUTH_AUTHELIA_SECRET` - -- Type: Required -- Description: The plaintext of the Client Secret for the Authelia provider -- Default: `-` -- Example: `insecure_secret` - -#### `AUTH_AUTHELIA_ISSUER` - -- Type: Required -- Description: Issuer of the Authelia provider application. -- Default: `-` -- Example: `https://sso.example.com` - -### Authentik - -#### `AUTH_AUTHENTIK_ID` - -- Type: Required -- Description: Client ID of the Authentik provider application. -- Default: `-` -- Example: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P` - -#### `AUTH_AUTHENTIK_SECRET` - -- Type: Required -- Description: Client Secret of the Authentik provider application. -- Default: `-` -- Example: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm` - -#### `AUTH_AUTHENTIK_ISSUER` - -- Type: Required -- Description: Issuer/domain of the Authentik provider application. -- Default: `-` -- Example: `https://your-authentik-domain.com/application/o/slug/` - -### Casdoor - -#### `AUTH_CASDOOR_ID` - -- Type: Required -- Description: Client ID provided by Casdoor -- Default: `-` -- Example: `570bfa85a21800a25198` - -#### `AUTH_CASDOOR_SECRET` - -- Type: Required -- Description: Plaintext Client Secret provided by Casdoor -- Default: `-` -- Example: `233a623a15eac2db2e43bb8a323eda729552c405` - -#### `AUTH_CASDOOR_ISSUER` - -- Type: Required -- Description: OpenID Connect issuer provided by Casdoor -- Default: `-` -- Example: `https://lobe-auth-api.example.com/` - -### Cloudflare Zero Trust - -#### `AUTH_CLOUDFLARE_ZERO_TRUST_ID` - -- Type: Required -- Description: Client ID of the Cloudflare Zero Trust provider application. -- Default: `-` -- Example: `711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c` - -#### `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET` - -- Type: Required -- Description: The plaintext of the Client Secret for the Cloudflare Zero Trust provider -- Default: `-` -- Example: `8f26d4ef834a828045b401e032ae128dbb00471bca53f0d25332323f525dfa30` - -#### `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` - -- Type: Required -- Description: Issuer of the Cloudflare Zero Trust provider application. -- Default: `-` -- Example: `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c` - -### Github - -#### `AUTH_GITHUB_ID` - -- Type: Required -- Description: Client ID of the Github application. You can access it [here](https://github.com/settings/apps) and navigate to the application settings to view. -- Default: `-` -- Example: `abd94200333283550508` - -#### `AUTH_GITHUB_SECRET` - -- Type: Required -- Description: Client Secret of the Github application. -- Default: `-` -- Example: `dd262976ac0931d947e104891586a053f3d3750b` - -### Logto - -#### `AUTH_LOGTO_ID` - -- Type: Required -- Description: The Client ID of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode. -- Default value: `-` -- Example: `123456789012345678@your-project` - -#### `AUTH_LOGTO_SECRET` - -- Type: Required -- Description: The Client Secret of the Logto application. -- Default value: `-` -- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A` - -#### `AUTH_LOGTO_ISSUER` - -- Type: Required -- Description: The OpenID Connect issuer of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode. -- Default value: `-` -- Example: `https://lobe-auth-api.example.com/oidc` - -### Microsoft Entra ID - -#### `AUTH_MICROSOFT_ENTRA_ID_BASE_URL` - -- Type: Required -- Description: - Description: Base URL for Azure login. Use when authenticating against other Microsoft sovereignty clouds like Azure US Government. -- Default: `https://login.microsoftonline.com` -- Example: `https://login.microsoftonline.us` - -#### `AUTH_AZURE_AD_ID` - -- Type: Required -- Description: Client ID of the Microsoft Entra ID application. -- Default: `-` -- Example: `be8f6da1-58c3-4f16-ff1b-78f5148e10df` - -#### `AUTH_AZURE_AD_SECRET` - -- Type: Required -- Description: Client Secret of the Microsoft Entra ID application. -- Default: `-` -- Example: `~gI8Q.pTiN1vwB6Gl.E1yFT1ojcXABkdACfJXaNj` - -#### `AUTH_AZURE_AD_TENANT_ID` - -- Type: Required -- Description: Tenant ID of the Microsoft Entra ID application. -- Default: `-` -- Example: `c8ae2f36-edf6-4cda-96b9-d3e198a47cba` - -### ZITADEL - -#### `AUTH_ZITADEL_ID` - -- Type: Required -- Description: Client ID of the ZITADEL application. This can be found under your application in the ZITADEL console. -- Default: `-` -- Example: `123456789012345678@your-project` - -#### `AUTH_ZITADEL_SECRET` - -- Type: Required -- Description: Client Secret of the ZITADEL application. -- Default: `-` -- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A` - -#### `AUTH_ZITADEL_ISSUER` - -- Type: Required -- Description: Issuer of the ZITADEL application. This is usually the URL of the ZITADEL instance, and can be found in `URLs` tab of your application in the console. -- Default: `-` -- Example: `https://your-instance-abc123.zitadel.cloud` - -### Okta - -#### `AUTH_OKTA_ID` - -- Type: Required -- Description: Client ID of the Okta application. This can be found under your application settings in the Okta console. -- Default: `-` -- Example: `ac12c950f3ce48c8a45a` - -#### `AUTH_OKTA_SECRET` - -- Type: Required -- Description: Client Secret of the Okta application. This can be found under your application settings in the Okta console. -- Default: `-` -- Example: `ex1HqvSOOkC5INqo42grOSqNvHoD4p84em1yy5QU7v88IZlaWGywFjYkrkpkSopt` - -#### `AUTH_OKTA_ISSUER` - -- Type: Required -- Description: Issuer of the Okta application. This is the URL of the Okta instance -- If branding is set up, it can be your custom domain. -- Default: `-` -- Example: `https://your-instance.okta.com` - -### Feishu - -#### `AUTH_FEISHU_APP_ID` - -- Type: Required -- Description: App ID of the Feishu application. -- Default: `-` -- Example: `cli_9f7b1e1e1e1e1e1e` - -#### `AUTH_FEISHU_APP_SECRET` - -- Type: Required -- Description: App Secret of the Feishu application. -- Default: `-` -- Example: `AlHxxX1e1e1e1e1e1e1e1e1e1e1e1e1e` - -### Generic OIDC - -#### `AUTH_GENERIC_OIDC_ID` - -- Type: Required -- Description: Client ID of the Generic OIDC provider application. -- Default: `-` -- Example: `_client_id_for_lobe_chat_` - -#### `AUTH_GENERIC_OIDC_SECRET` - -- Type: Required -- Description: The plaintext of the Client Secret for the Generic OIDC provider -- Default: `-` -- Example: `_client_secret_for_lobe_chat_` - -#### `AUTH_GENERIC_OIDC_ISSUER` - -- Type: Required -- Description: Issuer of the Generic OIDC provider application. -- Default: `-` -- Example: `https://sso.example.com` - - - Currently, we only support providers above. If you need to use other identity verification service - providers, you can submit a [feature - request](https://github.com/lobehub/lobe-chat/issues/new/choose) or Pull Request. - - -## Clerk - -### `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` - -- Type: Required -- Description: Publishable key of the Clerk application. You can access it [here](https://dashboard.clerk.com) and navigate to the API Keys to view. -- Default: `-` -- Example: `pk_test_Zmxvd4luZy1wdW1hLTIyLmNsXXJrTmFjY291bnRzLmRldiQ` in dev / `pk_live_Y2xlcdsubG9iZWh1Yi1cbmMuY24k` in production - -### `CLERK_SECRET_KEY` - -- Type: Required -- Description: Secret key of the Clerk application. -- Default: `-` -- Example: `sk_test_513Ma0P7IAWM1XMv4waxZjRYRajWTaCfJLjpEO3SD2` in dev / `sk_live_eMMlHjwJvZFUfczFljSKqZdwQtLvmczmsJSNmdrpeZ` in production diff --git a/docs/self-hosting/environment-variables/auth.zh-CN.mdx b/docs/self-hosting/environment-variables/auth.zh-CN.mdx index fdd50f2823..a1760fbde0 100644 --- a/docs/self-hosting/environment-variables/auth.zh-CN.mdx +++ b/docs/self-hosting/environment-variables/auth.zh-CN.mdx @@ -1,13 +1,11 @@ --- title: LobeHub 身份验证服务设置 -description: 了解如何配置 LobeHub 的身份验证服务环境变量,包括 Better Auth、OAuth SSO、NextAuth 设置等。 +description: 了解如何配置 LobeHub 的身份验证服务环境变量,包括 Better Auth、OAuth SSO 等。 tags: - LobeHub - 身份验证服务 - Better Auth - 单点登录 - - Next Auth - - Clerk --- # 身份验证服务 @@ -21,7 +19,7 @@ LobeHub 在部署时提供了完善的身份验证服务能力,以下是相关 #### `AUTH_SECRET` - 类型:必选 -- 描述:用于加密会话令牌的密钥,Better Auth 和 Next Auth 共享。使用以下命令生成:`openssl rand -base64 32` +- 描述:用于加密会话令牌的密钥。使用以下命令生成:`openssl rand -base64 32` - 默认值:`-` - 示例:`Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=` @@ -209,306 +207,3 @@ LobeHub 在部署时提供了完善的身份验证服务能力,以下是相关 - 描述:微信应用的 App Secret。 - 默认值:`-` - 示例:`xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx` - - - 其他基于 OIDC 的提供商(Auth0、Authelia、Authentik、Casdoor、Cloudflare Zero Trust、Keycloak、Logto、Okta、ZITADEL、Generic OIDC)的环境变量配置与 Next Auth 相同。详情请参阅下方的 [Next Auth 章节](#next-auth)。 - - -## Next Auth - -### 通用设置 - -#### `NEXT_PUBLIC_ENABLE_NEXT_AUTH` - -- v1.52.0 之后有变更 -- 针对使用 Vercel 部署中使用 next-auth 的用户,需要额外添加 NEXT\_PUBLIC\_ENABLE\_NEXT\_AUTH=1 环境变量来确保开启 Next Auth -- 针对使用自构建镜像中使用 clerk 的用户,需要额外配置 NEXT\_PUBLIC\_ENABLE\_NEXT\_AUTH=0 环境变量来关闭 Next Auth -- 其他标准部署场景(Vercel 中使用 Clerk 与 Docker 中使用 next-auth )不受影响 - -#### `NEXT_AUTH_SECRET` - -- 类型:必选 -- 描述:用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32`. -- 默认值: `-` -- 示例: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=` - -#### `NEXT_AUTH_SSO_PROVIDERS` - -- 类型:可选 -- 描述:选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商,请用逗号分隔,例如 `auth0,microsoft-entra-id,authentik` -- 默认值: `auth0` -- 示例: `auth0,microsoft-entra-id,authentik` - -#### `NEXTAUTH_URL` - -- 类型:可选 -- 描述:该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,在 Vercel 上部署时无需设置。 -- 默认值:`-` -- 示例:`https://example.com/api/auth` - -### Auth0 - -#### `AUTH_AUTH0_ID` - -- 类型:必选 -- 描述: Auth0 应用程序的 Client ID,您可以访问[这里](https://manage.auth0.com/dashboard)并导航至应用程序设置来查看 -- 默认值: `-` -- 示例: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P` - -#### `AUTH_AUTH0_SECRET` - -- 类型:必选 -- 描述: Auth0 应用程序的 Client Secret -- 默认值: `-` -- 示例: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm` - -#### `AUTH_AUTH0_ISSUER` - -- 类型:必选 -- 描述: Auth0 应用程序的签发人 / 域 -- 默认值: `-` -- 示例: `https://example.auth0.com` - -### Authelia - -#### `AUTH_AUTHELIA_ID` - -- 类型:必选 -- 描述: Authelia 提供程序的 Client ID -- 默认值: `-` -- 示例: `lobe-chat` - -#### `AUTH_AUTHELIA_SECRET` - -- 类型:必选 -- 描述: Authelia 提供程序的 Client Secret 的明文 -- 默认值: `-` -- 示例: `insecure_secret` - -#### `AUTH_AUTHELIA_ISSUER` - -- 类型:必选 -- 描述: Authentik 提供程序的 OpenID Connect 颁发者 -- 默认值: `-` -- 示例: `https://sso.example.com` - -### Authentik - -#### `AUTH_AUTHENTIK_ID` - -- 类型:必选 -- 描述: Authentik 提供程序的 Client ID -- 默认值: `-` -- 示例: `YNtbIRlYF8Kj66mTLue59nsGLlb7HNyx1qjPH6VS` - -#### `AUTH_AUTHENTIK_SECRET` - -- 类型:必选 -- 描述: Authentik 提供程序的 Client Secret -- 默认值: `-` -- 示例: `h3lMI1vPUzqyqqeIDUbH5UNNOxyQLXk35h89yETeaAwHk7qVXBG3sJQWeqHBU5pyggwhP9u0eaZ1eq6DHUddVPLoS4gncqD37yuCr8jI8dY66WAt45MStDsDcQm0Ygze` - -#### `AUTH_AUTHENTIK_ISSUER` - -- 类型:必选 -- 描述: Authentik 提供程序的 OpenID Connect 颁发者 -- 默认值: `-` -- 示例: `https://your-authentik-domain.com/application/o/slug/` - -### Casdoor - -#### `AUTH_CASDOOR_ID` - -- 类型:必选 -- 描述: Casdoor 提供程序的 Client ID -- 默认值: `-` -- 示例: `570bfa85a21800a25198` - -#### `AUTH_CASDOOR_SECRET` - -- 类型:必选 -- 描述: Casdoor 提供程序的 Client Secret 的明文 -- 默认值: `-` -- 示例: `233a623a15eac2db2e43bb8a323eda729552c405` - -#### `AUTH_CASDOOR_ISSUER` - -- 类型:必选 -- 描述: Casdoor 提供程序的 OpenID Connect 颁发者 -- 默认值: `-` -- 示例: `https://lobe-auth-api.example.com/` - -### Cloudflare Zero Trust - -#### `AUTH_CLOUDFLARE_ZERO_TRUST_ID` - -- 类型:必选 -- 描述: Cloudflare Zero Trust 提供程序的 Client ID -- 默认值: `-` -- 示例: `711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c` - -#### `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET` - -- 类型:必选 -- 描述: Cloudflare Zero Trust 提供程序的 Client Secret 的明文 -- 默认值: `-` -- 示例: `8f26d4ef834a828045b401e032ae128dbb00471bca53f0d25332323f525dfa30` - -#### `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` - -- 类型:必选 -- 描述: Cloudflare Zero Trust 提供程序的 OpenID Connect 颁发者 -- 默认值: `-` -- 示例: `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c` - -### Github - -#### `AUTH_GITHUB_ID` - -- 类型:必选 -- 描述: Github 应用的客户端 ID。您可以在[这里](https://github.com/settings/apps)访问,并导航到应用程序设置以查看。 -- 默认值: `-` -- 示例: `abd94200333283550508` - -#### `AUTH_GITHUB_SECRET` - -- 类型:必选 -- 描述: Github 应用的客户端密钥。 -- 默认值: `-` -- 示例: `dd262976ac0931d947e104891586a053f3d3750b` - -### Logto - -#### `AUTH_LOGTO_ID` - -- 类型:必选 -- 描述:Logto 应用程序的 Client ID。您可以在根据部署模式,在私有部署的 Logto 控制台或 [Logto Cloud](http://cloud.logto.io/) 中找到。 -- 默认值:`-` -- 示例:`123456789012345678@your-project` - -#### `AUTH_LOGTO_SECRET` - -- 类型:必选 -- 描述:Logto 应用程序的 Client Secret。 -- 默认值:`-` -- 示例:`9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A` - -#### `AUTH_LOGTO_ISSUER` - -- 类型:必选 -- 描述:Logto 应用程序的 OpenID Connect 颁发者(issuer)。根据部署模式,您可以在私有部署的 Logto 控制台或 [Logto Cloud](http://cloud.logto.io/) 中找到。 -- 默认值:`-` -- 示例:`https://lobe-auth-api.example.com/oidc` - -### Microsoft Entra ID - -#### `AUTH_AZURE_AD_ID` - -- 类型:必选 -- 描述:Microsoft Entra ID 应用程序的客户端 ID。 -- 默认值:`-` -- 示例:`be8f6da1-58c3-4f16-ff1b-78f5148e10df` - -#### `AUTH_AZURE_AD_SECRET` - -- 类型:必选 -- 描述:Microsoft Entra ID 应用程序的客户端密钥。 -- 默认值:`-` -- 示例:`~gI8Q.pTiN1vwB6Gl.E1yFT1ojcXABkdACfJXaNj` - -#### `AUTH_AZURE_AD_TENANT_ID` - -- 类型:必选 -- 描述:Microsoft Entra ID 应用程序的租户 ID。 -- 默认值:`-` -- 示例:`c8ae2f36-edf6-4cda-96b9-d3e198a47cba` - -### ZITADEL - -#### `AUTH_ZITADEL_ID` - -- 类型:必选 -- 描述:ZITADEL 应用的 Client ID。您可以在 ZITADEL 控制台应用设置中找到 Client ID。 -- 默认值:`-` -- 示例:`123456789012345678@your-project` - -#### `AUTH_ZITADEL_SECRET` - -- 类型:必选 -- 描述:ZITADEL 应用的 Client Secret。 -- 默认值:`-` -- 示例:`9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A` - -#### `AUTH_ZITADEL_ISSUER` - -- 类型:必选 -- 描述:ZITADEL 应用的 OpenID Connect 颁发者(issuer),通常为 ZITADEL 实例的 URL。您可以在 ZITADEL 控制台应用设置中的 `URLs` 选项卡中找到 issuer。 -- 默认值:`-` -- 示例:`https://your-instance-abc123.zitadel.cloud` - -### Okta - -#### `AUTH_OKTA_ID` - -- 类型:必选 -- 描述:Okta 应用程序的 Client ID。您可以在 Okta 控制台的应用程序设置中找到。 -- 默认值:`-` -- 示例:`ac12c950f3ce48c8a45a` - -#### `AUTH_OKTA_SECRET` - -- 类型:必选 -- 描述:Okta 应用程序的 Client Secret。您可以在 Okta 控制台的应用程序设置中找到。 -- 默认值:`-` -- 示例:`ex1HqvSOOkC5INqo42grOSqNvHoD4p84em1yy5QU7v88IZlaWGywFjYkrkpkSopt` - -#### `AUTH_OKTA_ISSUER` - -- 类型:必选 -- 描述:Okta 应用程序的 OpenID Connect 颁发者(issuer)。这是 Okta 实例的 URL—— 如果设置了品牌化,也可以是您的自定义域名。 -- 默认值:`-` -- 示例:`https://your-instance.okta.com` - -### Generic OIDC - -#### `AUTH_GENERIC_OIDC_ID` - -- 类型:必选 -- 描述: Generic OIDC 提供程序的 Client ID -- 默认值: `-` -- 示例: `_client_id_for_lobe_chat_` - -#### `AUTH_GENERIC_OIDC_SECRET` - -- 类型:必选 -- 描述: Generic OIDC 提供程序的 Client Secret 的明文 -- 默认值: `-` -- 示例: `_client_secret_for_lobe_chat_` - -#### `AUTH_GENERIC_OIDC_ISSUER` - -- 类型:必选 -- 描述: Generic OIDC 提供程序的 OpenID Connect 颁发者 -- 默认值: `-` -- 示例: `https://sso.example.com` - - - 如果您需要使用其他身份验证服务提供商,可以提交 - [功能请求](https://github.com/lobehub/lobe-chat/issues/new/choose) 或 Pull Request。 - - -## Clerk - -### `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` - -- 类型:必选 -- 描述: Clerk 应用程序的 Publishable key。您可以在[这里](https://dashboard.clerk.com)访问,并导航到 API Keys 以查看。 -- 默认值:`-` -- 示例: `pk_test_Zmxvd4luZy1wdW1hLTIyLmNsXXJrTmFjY291bnRzLmRldiQ` (测试环境) / `pk_live_Y2xlcdsubG9iZWh1Yi1cbmMuY24k` (生产环境) - -### `CLERK_SECRET_KEY` - -- 类型:必选 -- 描述: Clerk 应用程序的 Secret key。您可以在[这里](https://dashboard.clerk.com)访问,并导航到 API Keys 以查看。 -- 默认值:`-` -- 示例: `sk_test_513Ma0P7IAWM1XMv4waxZjRYRajWTaCfJLjpEO3SD2` (测试环境) / `sk_live_eMMlHjwJvZFUfczFljSKqZdwQtLvmczmsJSNmdrpeZ`(生产环境) diff --git a/docs/self-hosting/environment-variables/basic.mdx b/docs/self-hosting/environment-variables/basic.mdx index 7b4a964b79..9bf24ede9e 100644 --- a/docs/self-hosting/environment-variables/basic.mdx +++ b/docs/self-hosting/environment-variables/basic.mdx @@ -193,7 +193,7 @@ SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50 ### `ENABLE_AUTH_PROTECTION` - Type: Optional -- Description: Controls whether to enable route protection. When set to `1`, all routes except public routes (like `/api/auth`, `/next-auth/*`, `/login`, `/signup`) will require authentication. When set to `0` or not set, only specific protected routes (like `/settings`, `/files`) will require authentication. +- Description: Controls whether to enable route protection. When set to `1`, all routes except public routes (like `/api/auth`, `/login`, `/signup`) will require authentication. When set to `0` or not set, only specific protected routes (like `/settings`, `/files`) will require authentication. - Default: `0` - Example: `1` or `0` diff --git a/docs/self-hosting/environment-variables/basic.zh-CN.mdx b/docs/self-hosting/environment-variables/basic.zh-CN.mdx index ee55bc3f79..3908dfef95 100644 --- a/docs/self-hosting/environment-variables/basic.zh-CN.mdx +++ b/docs/self-hosting/environment-variables/basic.zh-CN.mdx @@ -188,7 +188,7 @@ SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50 ### `ENABLE_AUTH_PROTECTION` - 类型:可选 -- 说明:控制是否启用路由保护。当设置为 `1` 时,除了公共路由(如 `/api/auth`、`/next-auth/*`、`/login`、`/signup`)外,所有路由都需要认证。当设置为 `0` 或未设置时,只有特定的受保护路由(如 `/settings`、`/files` 等)需要认证。 +- 说明:控制是否启用路由保护。当设置为 `1` 时,除了公共路由(如 `/api/auth`、`/login`、`/signup`)外,所有路由都需要认证。当设置为 `0` 或未设置时,只有特定的受保护路由(如 `/settings`、`/files` 等)需要认证。 - 默认值:`0` - 示例:`1` 或 `0` diff --git a/docs/self-hosting/platform/alibaba-cloud.mdx b/docs/self-hosting/platform/alibaba-cloud.mdx deleted file mode 100644 index b09bb62fd4..0000000000 --- a/docs/self-hosting/platform/alibaba-cloud.mdx +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Deploy LobeHub on Alibaba Cloud -description: >- - Learn how to deploy the LobeHub application on Alibaba Cloud, including - preparing the large model API Key, clicking the deploy button, and other - operations. -tags: - - Alibaba Cloud - - LobeHub - - Alibaba Cloud Compute Nest ---- - -# Deploy LobeHub with Alibaba Cloud - -If you want to deploy LobeHub on Alibaba Cloud, you can follow the steps below: - -## Alibaba Cloud Deployment Process - - - ### One-click to deploy - - [![][deploy-button-image]][deploy-link] - - ### Once deployed, you can start using it - - -[deploy-button-image]: https://service-info-public.oss-cn-hangzhou.aliyuncs.com/computenest-en.svg -[deploy-link]: https://computenest.console.aliyun.com/service/instance/create/default?type=user&ServiceName=LobeHub%E7%A4%BE%E5%8C%BA%E7%89%88 diff --git a/docs/self-hosting/platform/alibaba-cloud.zh-CN.mdx b/docs/self-hosting/platform/alibaba-cloud.zh-CN.mdx deleted file mode 100644 index 1a5a868757..0000000000 --- a/docs/self-hosting/platform/alibaba-cloud.zh-CN.mdx +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: 在 阿里云 上部署 LobeHub -description: 学习如何在阿里云上部署LobeHub应用,包括准备大模型 API Key、点击部署按钮等操作。 -tags: - - 阿里云 - - LobeHub - - 部署流程 ---- - -# 使用 阿里云计算巢 部署 - -如果想在 阿里云 上部署 LobeHub,可以按照以下步骤进行操作: - -## 阿里云 部署流程 - - - ### 点击下方按钮进行部署 - - [![][deploy-button-image]][deploy-link] - - ### 部署完毕后,即可开始使用 - - -[deploy-button-image]: https://service-info-public.oss-cn-hangzhou.aliyuncs.com/computenest-en.svg -[deploy-link]: https://computenest.console.aliyun.com/service/instance/create/default?type=user&ServiceName=LobeHub%E7%A4%BE%E5%8C%BA%E7%89%88 diff --git a/docs/self-hosting/platform/btpanel.mdx b/docs/self-hosting/platform/btpanel.mdx deleted file mode 100644 index 09048917ff..0000000000 --- a/docs/self-hosting/platform/btpanel.mdx +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Deploy LobeHub using aaPanel -description: >- - Learn how to deploy the LobeHub service using aaPanel-Docker, including - installing the Docker container environment and using the command to start the - service with one click. Detailed instructions on how to configure environment - variables and use proxy addresses. -tags: - - Docker - - LobeHub - - Deployment guidelines ---- - -## Prerequisite - -To install aaPanel, go to the [aaPanel](https://www.aapanel.com/new/download.html#install) official website and select the corresponding script to download and install. - -## Deployment - -1. Log in to aaPanel and click `Docker` in the menu bar ![install](/blog/assetscbda3a61a2d158eeb6046e1d1bf9972f.webp) - -2. The first time you will be prompted to install the `Docker` and `Docker Compose` services, click Install Now. If it is already installed, please ignore it. ![install2](/blog/assetse12925fba0dda232168e695e6a5e4384.webp) - -3. After the installation is complete, find `LobeHub` in `One-Click Install` and click `install`\ - ![install-LobeHub](/blog/assets5d3551635c580d8781e31256e1fb0f2e.webp) - -4. configure basic information such as the domain name, OpenAI API key, and port to complete the installation Note: The domain name is optional, if the domain name is filled, it can be managed through \[Website]--> \[Proxy Project], and you do not need to check \[Allow external access] after filling in the domain name, otherwise you need to check it before you can access it through the port ![addLobeHub](/blog/assets8d6bb40d21d74cfa0312bdec347a11d0.webp) - -5. After installation, enter the domain name or IP+ port set in the previous step in the browser to access. - -- Name: application name, default `LobeHub-random characters` -- Version selection: default `latest` -- Domain name: If you need to access directly through the domain name, please configure the domain name here and resolve the domain name to the server -- Allow external access: If you need direct access through `IP+Port`, please check. If you have set up a domain name, please do not check here. -- Port: Default `3210`, can be modified by yourself - -6. After submission, the panel will automatically initialize the application, which will take about `1-3` minutes. It can be accessed after the initialization is completed. - - - ⚠️ Do not enable any form of cache in the reverse proxy settings of the panel to avoid affecting - the normal operation of the service. Read more at - [https://github.com/lobehub/lobe-chat/discussions/5986](https://github.com/lobehub/lobe-chat/discussions/5986) - - -## Visit LobeHub - -- If you have set a domain name, please directly enter the domain name in the browser address bar, such as `http://demo.LobeHub`, to access the `LobeHub` console. -- If you choose to access through `IP+Port`, please enter the domain name in the browser address bar to access `http://:3210` to access the `HertzBeat` console. ![console](/blog/assets97ac48dab1a35e45e034fefe0a1a1006.webp) diff --git a/docs/self-hosting/platform/btpanel.zh-CN.mdx b/docs/self-hosting/platform/btpanel.zh-CN.mdx deleted file mode 100644 index 906bd7d196..0000000000 --- a/docs/self-hosting/platform/btpanel.zh-CN.mdx +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: 通过 宝塔面板Docker应用商店 部署 LobeHub -description: >- - 学习如何使用 宝塔面板Docker应用 部署 LobeHub 服务,包括安装 Docker - 容器环境和使用指令一键启动服务。详细说明如何配置环境变量和使用代理地址。 -tags: - - Docker - - LobeHub - - 部署指引 ---- - -# 宝塔面板部署 - -## 前提 - -- 仅适用于宝塔面板 9.2.0 及以上版本 -- 安装宝塔面板,前往[宝塔面板](https://www.bt.cn/new/download.html)官网,选择正式版的脚本下载安装 - -## 部署 - -1. 登录宝塔面板,在左侧菜单栏中点击 `Docker` ![Docker](/blog/assets653a83fe7d837e0d225c1de12e60cf92.webp) - -2. 首次会提示安装`Docker`和`Docker Compose`服务,点击立即安装,若已安装请忽略。 ![安装环境](/blog/assets15ecc1bbe365f3e02702631e28c7b764.webp) - -3. 安装完成后在`Docker-应用商店-AI/大模型`中找到 `LobeHub`,点击`安装` ![安装](/blog/assetsf601ee6fa15bed25e17d6b6879691f0f.webp) - -4. 设置域名等基本信息,点击`确定` ![设置](/blog/assetscd53b161a6d02424d03f8c5dcadc3dd5.webp) - -- 名称:应用名称,默认`LobeHub_随机字符` -- 版本选择:默认`latest` -- 域名:如您需要通过域名访问,请在此处填写您的域名 -- 允许外部访问:如您需通过`IP+Port`直接访问,请勾选,如您已经设置了域名,请不要勾选此处 -- 端口:默认`3210`,可自行修改 -- 访问密码:默认随机生成 -- OpenAI API 密钥:请输入您的 Open API 密钥 -- OpenAI 代理 URL:默认为官方地址 -- OpenAI 模型列表:输入使用的模型 -- CPU 核心数限制:0 为不限制,根据实际需要设置 -- 内存限制:0 为不限制,根据实际需要设置 - -5. 提交后面板会自动进行应用初始化,大概需要`1-3`分钟,初始化完成后即可访问。 - - - ⚠️ 请不要在面板的反向代理设置中开启任何形式的缓存,以免影响服务的正常运行。详情请见 - [https://github.com/lobehub/lobe-chat/discussions/5986](https://github.com/lobehub/lobe-chat/discussions/5986) - - -## 访问 LobeHub - -- 如果您填写域名,请在浏览器输入您的域名访问,如`http://demo.LobeHub`,即可访问 `LobeHub` 页面。 -- 请在浏览器地址栏中输入域名访问 `http://<宝塔面板IP>:3210`,即可访问 `LobeHub` 页面。 ![LobeHub](/blog/assets0f893c504377ba45a9f5cdbb5ccb1612.webp) diff --git a/docs/self-hosting/platform/docker-compose.mdx b/docs/self-hosting/platform/docker-compose.mdx index 5a8df490d7..741aeeaee7 100644 --- a/docs/self-hosting/platform/docker-compose.mdx +++ b/docs/self-hosting/platform/docker-compose.mdx @@ -1,18 +1,16 @@ --- -title: Deploy LobeHub with Docker Compose +title: Deploying LobeHub with Docker Compose description: >- - Learn how to deploy the LobeHub service using Docker Compose. Follow - step-by-step instructions to install Docker, run the deployment command, and - set up automatic updates. + Learn how to deploy the LobeHub service using Docker Compose, including + configuration tutorials for various services. tags: - Docker Compose - - LobeHub Service - - Docker Deployment - - Automatic Updates - - Crontab Script + - LobeHub + - Docker Container + - Deployment Guide --- -# Docker Compose Deployment Guide +# Deploying LobeHub Server Database Version with Docker Compose
[![][docker-release-shield]][docker-release-link] @@ -22,111 +20,860 @@ tags: [![][docker-pulls-shield]][docker-pulls-link]
-We provide a [Docker image][docker-release-link] for deploying the LobeHub service on your private device. +## Quick Start + + + **System Compatibility Notes** + + - One-click deployment is supported in Unix environments (Linux/macOS). + + - Windows users must run through [WSL 2](https://aka.ms/wsl). + + - The one-click startup script is only for initial deployment; for subsequent deployments, please refer to the [Custom Deployment](#custom-deployment) section. + + - Port occupation check: Ensure that ports `3210`, `8000`, `9000`, and `9001` are available. + + +Execute the following commands to set up the deployment environment; the directory `lobe-chat-db` will be used to store your configuration files and subsequent database files. + +```sh +mkdir lobe-chat-db && cd lobe-chat-db +``` + +Fetch and execute the deployment script: + +```sh +bash <(curl -fsSL https://lobe.li/setup.sh) -l en +``` + +The script supports the following deployment modes; please choose the appropriate mode based on your needs and read the rest of the documentation. + +- [Local Mode (default)](#local-mode): Accessible only locally, not supporting LAN/public access; suitable for initial experiences. +- [Port Mode](#port-mode): Supports LAN/public `http` access; suitable for no domain or private network use. +- [Domain Mode](#domain-mode): Supports LAN/public `http/https` access with reverse proxy; suitable for personal or team use. + + + In the script's options prompt `(Option1/Option2)[Option1]`: `(Option1 / Option2)` indicates + selectable options, while `[Option1]` indicates the default option; simply press enter to choose + the default. + + +### Local Mode - ### Install Docker Container Environment + ### Complete Remaining Configuration in Interactive Script - (Skip this step if already installed) + Continue pressing enter to use the default configuration. - - - ```fish - $ apt install docker.io - ``` - + ### Check Configuration Generation Report - - ```fish - $ yum install docker - ``` - - + After the script finishes running, you need to check the configuration generation report, which includes the accounts and initial login passwords for the Casdoor administrator and user. - ### Run Docker Compose Deployment Command + + Please log in to LobeHub using the user account; the administrator account is only for managing + Casdoor. + - When using `docker-compose`, the configuration file is as follows: - - ```yml - version: '3.8' - - services: - lobe-chat: - image: lobehub/lobe-chat - container_name: lobe-chat - restart: always - ports: - - '3210:3210' - environment: - OPENAI_API_KEY: sk-xxxx - OPENAI_PROXY_URL: https://api-proxy.com/v1 + ```log + The results of the secure key generation are as follows: + LobeHub: + - URL: http://localhost:3210 + - Username: user + - Password: c66f8c + Casdoor: + - URL: http://localhost:8000 + - Username: admin + - Password: c66f8c + Minio: + - URL: http://localhost:9000 + - Username: admin + - Password: 8c82ea41 ``` - Run the following command to start the Lobe Chat service: + ### Start Docker - ```bash - $ docker-compose up -d + ```sh + docker compose up -d ``` - ### Crontab Automatic Update Script (Optional) + ### Check Logs - Similarly, you can use the following script to automatically update Lobe Chat. When using `Docker Compose`, no additional configuration of environment variables is required. - - ```bash - #!/bin/bash - # auto-update-lobe-chat.sh - - # Set proxy (optional) - export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890 - - # Pull the latest image and store the output in a variable - output=$(docker pull lobehub/lobe-chat:latest 2>&1) - - # Check if the pull command was executed successfully - if [ $? -ne 0 ]; then - exit 1 - fi - - # Check if the output contains a specific string - echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest" - - # If the image is already up to date, do nothing - if [ $? -eq 0 ]; then - exit 0 - fi - - echo "Detected Lobe-Chat update" - - # Remove the old container - echo "Removed: $(docker rm -f Lobe-Chat)" - - # You may need to navigate to the directory where `docker-compose.yml` is located first - # cd /path/to/docker-compose-folder - - # Run the new container - echo "Started: $(docker-compose up)" - - # Print the update time and version - echo "Update time: $(date)" - echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" - - # Clean up unused images - docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 - echo "Removed old images." + ```sh + docker logs -f lobe-chat ``` - This script can also be used in Crontab, but ensure that your Crontab can find the correct Docker command. It is recommended to use absolute paths. + If you see the following logs in the container, it means the startup was successful: - Configure Crontab to execute the script every 5 minutes: + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: http://localhost:3210 + - Network: http://0.0.0.0:3210 - ```bash - */5 * * * * /path/to/auto-update-lobe-chat.sh >> /path/to/auto-update-lobe-chat.log 2>&1 + ✓ Starting... + ✓ Ready in 95ms ``` + + ### Access Application + + Visit your LobeHub service at [http://localhost:3210](http://localhost:3210). The account credentials for the application can be found in the report from step `2`. -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat?color=369eff&labelColor=black&style=flat-square&sort=semver +### Port Mode + + + ### Complete Remaining Configuration in Interactive Script + + In port mode, you need to complete the following based on the script prompts: + + - Server IP address settings: for LAN/public access. + - Regenerate secure keys: We highly recommend regenerating the secure keys; if you lack the key generation library required by the script, we suggest referring to the [Custom Deployment](#custom-deployment) section for key modifications. + + ### Check Configuration Generation Report + + After the script finishes running, please check the configuration generation report for the Casdoor administrator account, user account, and their initial login passwords. + + + Please log in to LobeHub using the user account; the administrator account is only for managing + Casdoor. + + + ```log + The results of the secure key generation are as follows: + LobeHub: + - URL: http://your_server_ip:3210 + - Username: user + - Password: 837e26 + Casdoor: + - URL: http://your_server_ip:8000 + - Username: admin + - Password: 837e26 + Minio: + - URL: http://your_server_ip:9000 + - Username: admin + - Password: dbac8440 + ``` + + ### Start Docker + + ```sh + docker compose up -d + ``` + + ### Check Logs + + ```sh + docker logs -f lobe-chat + ``` + + If you see the following logs in the container, it means the startup was successful: + + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: http://your_server_ip:3210 + - Network: http://0.0.0.0:3210 + ✓ Starting... + ✓ Ready in 95ms + ``` + + ### Access Application + + You can access your LobeHub service at `http://your_server_ip:3210`. The account credentials for the application can be found in the report from step `2`. + + + If your service can accessed via the public network, + we strongly recommend disabling the registration, + refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/providers/casdoor) + for more information. + + + +### Domain Mode + + + ### Complete Reverse Proxy Configuration + + In domain mode, you need to complete the reverse proxy configuration and ensure that the LAN/public can access the following services. Please use a reverse proxy to map the following service ports to the domain names: + + | Domain | Proxy Port | Required | + | ---------------------- | ---------- | -------- | + | `lobe.example.com` | `3210` | Yes | + | `auth.example.com` | `8000` | Yes | + | `minio.example.com` | `9000` | Yes | + | `minio-ui.example.com` | `9001` | | + + + If you are using panel software like [aaPanel](https://www.bt.cn/) for reverse proxy configuration, + ensure it does not intercept requests to the `.well-known` path to facilitate the proper functioning of Casdoor's OAuth2 configuration. + Below is a whitelist configuration for the Nginx server block concerning paths for Casdoor reverse proxy: + + ```nginx + location /.well-known/openid-configuration { + proxy_pass http://localhost:8000; # Forward to localhost:8000 + proxy_set_header Host $host; # Keep the original host header + proxy_set_header X-Real-IP $remote_addr; # Keep the client's real IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Keep the forwarded IP + proxy_set_header X-Forwarded-Proto $scheme; # Keep the request protocol + } + ``` + + ⚠️ If you are using such panel software, + please do not enable any form of caching in the reverse proxy settings of such panel software to avoid affecting the normal operation of the service. + Read more at [https://github.com/lobehub/lobe-chat/discussions/5986](https://github.com/lobehub/lobe-chat/discussions/5986) + + + ### Complete Remaining Configuration in Interactive Script + + In domain mode, you need to complete the following configurations based on script prompts: + + - Domain setup for the LobeHub service: `lobe.example.com` + - Domain setup for the Minio service: `minio.example.com` + - Domain setup for the Casdoor service: `auth.example.com` + - Choose the access protocol: `http` or `https` + - Regenerate secure keys: We highly recommend regenerating the secure keys; if you lack the key generation library required by the script, we suggest referring to the [Custom Deployment](#custom-deployment) section for key modifications. + + + The following issues may impede access to your service: + + - The domain configuration here must match the reverse proxy configuration in step `1`. + + - If you are using Cloudflare for domain resolution and have activated `full proxy`, please use the `https` protocol. + + - If you have used the HTTPS protocol, ensure that your domain certificate is correctly configured; one-click deployment does not support self-signed certificates by default. + + + ### Check Configuration Generation Report + + After the script finishes running, you need to check the configuration generation report, which includes the initial login password for the Casdoor administrator. + + + Please log in to LobeHub using the user account; the administrator account is only for managing + Casdoor. + + + ```log + The results of the secure key generation are as follows: + LobeHub: + - URL: https://lobe.example.com + - Username: user + - Password: 837e26 + Casdoor: + - URL: https://auth.example.com + - Username: admin + - Password: 837e26 + Minio: + - URL: https://minio.example.com + - Username: admin + - Password: dbac8440 + ``` + + ### Start Docker + + ```sh + docker compose up -d + ``` + + ### Check Logs + + ```sh + docker logs -f lobe-chat + ``` + + If you see the following logs in the container, it indicates a successful startup: + + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: https://localhost:3210 + - Network: http://0.0.0.0:3210 + ✓ Starting... + ✓ Ready in 95ms + ``` + + ### Access Application + + You can access your LobeHub service via `https://lobe.example.com`. The account credentials for the application can be found in the report from step `3`. + + + If your service can accessed via the public network, + we strongly recommend disabling the registration, + refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/providers/casdoor) + for more information. + + + +## Custom Deployment + +This section mainly introduces the configurations that need to be modified to customize the deployment of the LobeHub service in different network environments. Before starting, you can download the [Docker Compose configuration file](https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml) and the [environment variable configuration file](https://raw.githubusercontent.com/lobehub/lobe-chat/refs/heads/main/docker-compose/local/.env.example). + +```sh +curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml +curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.example +mv .env.example .env +``` + + + This section does not cover all complete variables; remaining variables can be referenced in + [Deploying with the Server Database](/en/docs/self-hosting/server-database). + + +### Prerequisites + +Generally, to fully run the LobeHub database version, you will need at least the following four services: + +- The LobeHub database version itself +- PostgreSQL database with PGVector plugin +- Object storage service that supports S3 protocol +- An SSO authentication service supported by LobeHub + +These services can be combined through self-hosting or online cloud services to meet various deployment needs. In this article, we provide a Docker Compose configuration entirely based on open-source self-hosted services, which can be used directly to start the LobeHub database version or modified to suit your requirements. + +We use [MinIO](https://github.com/minio/minio) as the local S3 object storage service and [Casdoor](https://github.com/casdoor/casdoor) as the local authentication service by default. + + + If your network topology is complex, please make sure these services can communicate properly + within your network environment. + + +### Necessary Configuration + +Now, we will introduce the necessary configurations for running these services: + +1. Casdoor + +- LobeHub requires communication with Casdoor, so you need to configure Casdoor's Issuer. + +```env +AUTH_CASDOOR_ISSUER=https://auth.example.com +``` + +This configuration will affect LobeHub's login authentication service, and you need to ensure that the URL of the Casdoor service is correct. You can find common manifestations and solutions for errors in this configuration in the [FAQ](#faq). + +- Additionally, you need to allow the callback URL in Casdoor to point to the LobeHub address: + +Please add a line in the `Authentication -> Application` -> `` -> `Redirect URI` in Casdoor's web panel: + +``` +https://auth.example.com/api/auth/callback/casdoor +``` + +- Casdoor needs to provide the Origin information for access in the environment variables: + +```env +origin=https://auth.example.com +``` + +2. MinIO + +- LobeHub needs to provide a public access URL for object files for the LLM service provider, hence you need to configure MinIO's Endpoint. + +```env +S3_PUBLIC_DOMAIN=https://minio.example.com +S3_ENDPOINT=https://minio.example.com +``` + +3. PostgreSQL + +This configuration is found in the `docker-compose.yml` file, and you will need to configure the database name and password: + +```yaml +services: + lobe: + environment: + - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' +``` + +## FAQ + +#### Unable to Log In Properly + +Check for the following errors based on the container logs: + +```sh +docker logs -f lobe-chat +``` + +- r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) + +```log +lobe-chat | [auth][error] r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) +``` + +Cause: This issue is typically caused by improper reverse proxy configuration; you need to ensure your reverse proxy configuration does not intercept the Casdoor OAuth2 configuration requests. + +Solutions: + +- Please refer to the reverse proxy configuration notes in the [Domain Mode](#domain-mode) section. + +- A direct troubleshooting method is to access `https://auth.example.com/.well-known/openid-configuration` directly; if: + + - Non-JSON format data is returned, it indicates your reverse proxy configuration is incorrect. + - If the returned JSON format data contains an `"issuer": "URL"` field that does not match your configured `https://auth.example.com`, it indicates your environment variable configuration is incorrect. + +- TypeError: fetch failed + +```log +lobe-chat | [auth][error] TypeError: fetch failed +``` + +Cause: LobeHub cannot access the authentication service. + +Solutions: + +- Check whether your authentication service is running properly and whether LobeHub's network can reach the authentication service. + +- A straightforward troubleshooting method is to use the `curl` command in the LobeHub container terminal to access your authentication service at `https://auth.example.com/.well-known/openid-configuration`. If JSON format data is returned, it indicates your authentication service is functioning correctly. + +#### OAuth Token Exchange Failures with Reverse Proxy + +If OAuth authentication fails during the token exchange phase when using Docker behind a reverse proxy, this is typically caused by the default `MIDDLEWARE_REWRITE_THROUGH_LOCAL=1` setting which rewrites URLs to `127.0.0.1:3210`. + +**Solution**: Set `MIDDLEWARE_REWRITE_THROUGH_LOCAL=0` in your `.env` file and restart Docker containers: + +```bash +docker compose down +docker compose up -d +``` + +````markdown +## Extended Configuration + +To enhance your LobeHub service, you can perform the following extended configurations according to your needs. + +### Use MinIO to Store Casdoor Avatars + +Allow users to change their avatars in Casdoor. + +1. First, create a bucket named `casdoor` in `buckets`, select a custom policy, and copy and paste the content below (if you modify the bucket name, please find and replace accordingly). + + ```json + { + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": ["*"] + }, + "Action": ["s3:GetBucketLocation"], + "Resource": ["arn:aws:s3:::casdoor"] + }, + { + "Effect": "Allow", + "Principal": { + "AWS": ["*"] + }, + "Action": ["s3:ListBucket"], + "Resource": ["arn:aws:s3:::casdoor"], + "Condition": { + "StringEquals": { + "s3:prefix": ["files/*"] + } + } + }, + { + "Effect": "Allow", + "Principal": { + "AWS": ["*"] + }, + "Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"], + "Resource": ["arn:aws:s3:::casdoor/**"] + } + ], + "Version": "2012-10-17" + } + ``` +```` + +2. Create a new access key and store the generated `Access Key` and `Secret Key`. + +3. In Casdoor's `Authentication -> Providers`, associate the MinIO S3 service. Below is an example configuration: + + ![casdoor](/blog/assets18bb134dbc5792d6a624199cca8bf7d3.webp) + + Here, the client ID and client secret correspond to the `Access Key` and `Secret Key` from the previous step; replace `192.168.31.251` with `your_server_ip`. + +4. In Casdoor's `Authentication -> Apps`, add a provider to the `app-built-in` application, select `minio`, and save and exit. + +5. You can attempt to upload a file in Casdoor's `Authentication -> Resources` to test if the configuration is correct. + +### Migrating from `logto` to `Casdoor` in Production Deployment + +This is applicable for users who have been using `logto` as their login and authentication service in a production environment. + + + Due to significant instability when using [Logto](https://logto.io/) as a login and authentication + service, the following tutorial is based on deploying with an IP mode, implementing a domain + release solution using Casdoor as the authentication service provider. The remainder of this + article will illustrate using this as an example. If you are using other login authentication + services like Logto, the process should be similar, but be aware that port configurations may + differ among different services. + + +In the following, it is assumed that in addition to the above services, you are also running an **Nginx** layer for reverse proxy and SSL configuration. + +The domain and corresponding service port descriptions are as follows: + +- `lobe.example.com`: This is your LobeHub service domain, which needs to reverse proxy to the LobeHub service port, default is `3210`. +- `auth.example.com`: This is your Logto UI domain, which needs to reverse proxy to the Logto WebUI service port, default is `8000`. +- `minio.example.com`: This is your MinIO API domain, which needs to reverse proxy to the MinIO API service port, default is `9000`. +- `minio-ui.example.com`: Optional, this is your MinIO UI domain, which needs to reverse proxy to the MinIO WebUI service port, default is `9001`. + +#### Configuration File + +```sh +bash <(curl -fsSL https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/setup.sh) -f -l zh_CN +docker compose up -d +``` + +Make sure to save the newly generated password at this time! + +After running, you will get three files: + +- init\_data.json +- docker-compose.yml +- .env + +Next, modify the configuration files to achieve domain release. + +1. Modify the `docker-compose.yml` file. + + 1. Change the `MINIO_API_CORS_ALLOW_ORIGIN` field of `minio`. + + ```yaml + 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' + ``` + + 2. Modify the `origin` field of `casdoor`. + + ```yaml + origin: 'https://auth.example.com' + ``` + + 3. Modify the `environment` field of `lobe`. + + ```yaml + # - 'APP_URL=http://localhost:3210' + - 'APP_URL=https://lobe.example.com' + + - 'AUTH_SSO_PROVIDERS=casdoor' + - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' + - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' + # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' + - 'AUTH_URL=https://lobe.example.com/api/auth' + + # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' + - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' + + - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' + # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' + - 'S3_ENDPOINT=https://minio.example.com' + + - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' + # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' + - 'S3_PUBLIC_DOMAIN=https://minio.example.com' + + - 'S3_ENABLE_PATH_STYLE=1' + - 'LLM_VISION_IMAGE_USE_BASE64=1' + ``` + +2. Modify the `.env` file. + +For security reasons, modify the ROOT USER field in the `.env` file. + +```sh +# MinIO S3 configuration +MINIO_ROOT_USER=XXXX +MINIO_ROOT_PASSWORD=XXXX +``` + +#### Postgres Database Configuration + +You can check the logs with the following command: + +```sh +docker logs -f lobe-chat +``` + + + In our official Docker images, automatic migration of the database schema is performed before + starting the images. Our official images guarantee the stability of "empty database -> complete + tables" for automatic table creation. Therefore, we recommend your database instance use an empty + table instance to avoid the trouble of manually maintaining table structure or migrations. + + +If you encounter issues during table creation, you can try the following command to forcibly remove the database container and restart: + +```sh +docker compose down # Stop the service +sudo rm -rf ./data # Remove mounted database data +docker compose up -d # Restart +``` + +#### Login Authentication Service Configuration + +You first need to access the WebUI for configuration: + +- If you have set up the reverse proxy as mentioned before, open `https://auth.example.com` +- Otherwise, after port mapping, open `http://localhost:8000` + +Log in to the admin account: + +- The default username is admin. +- The default password is the random password generated when downloading the config file. If forgotten, you can find it in the `init_data.json` file. + +After logging in, perform the following actions: + +1. In `User Management -> Organizations`, add a new organization with the name and display name `Lobe Users`. Keep the rest as default. +2. In `Authentication -> Apps`, add a new application. + +- Name and display name should be `LobeHub`. +- Organization should be `Lobe Users`. +- Add a line in Redirect URLs as `https://lobe.example.com/api/auth/callback/casdoor`. +- Disable all login methods except password. +- Fill in the client ID and client secret in the `.env` file under `AUTH_CASDOOR_ID` and `AUTH_CASDOOR_SECRET`. +- (Optional) Design the appearance of the login and registration pages by mimicking the `built-in` application configuration. +- Save and exit. + + + Following the steps above ensures that not all users are administrators by default, leading to an + unsafe situation. + + +#### S3 Object Storage Service Configuration + +This article uses MinIO as an example to explain the configuration process. If you are using another S3 service provider, please refer to their documentation for configuration. + + + Please remember to configure the corresponding S3 service provider's CORS settings to ensure that LobeHub can access the S3 service correctly. + + In this document, you need to allow cross-origin requests from `https://lobe.example.com`. This can either be configured in MinIO WebUI under `Configuration - API - Cors Allow Origin`, or in the Docker Compose configuration under `minio - environment - MINIO_API_CORS_ALLOW_ORIGIN`. + + If you use the second method (which is also the default), you will no longer be able to configure it in the MinIO WebUI. + + +You first need to access the WebUI for configuration: + +- If you have set up the reverse proxy as mentioned before, open `https://minio-ui.example.com` +- Otherwise, after port mapping, open `http://localhost:9001` + +1. Enter the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` you set in the login interface, then click login. + +2. In the left panel under User / Access Keys, click `Create New Access Key`, no additional modifications needed, and fill the generated `Access Key` and `Secret Key` into your `.env` file under `S3_ACCESS_KEY_ID` and `S3_SECRET_ACCESS_KEY`. + +Create MinIO Access Key + +3. Restart the LobeHub service: + + ```sh + docker compose up -d + ``` + +At this point, you have successfully deployed the LobeHub database version, and you can access your LobeHub service at `https://lobe.example.com`. + +#### Configuring Internal Server Communication with `INTERNAL_APP_URL` + + + If you are deploying LobeHub behind a CDN (like Cloudflare) or reverse proxy, you may want to configure internal server-to-server communication to bypass the CDN/proxy layer for better performance. + + +You can configure the `INTERNAL_APP_URL` environment variable: + +```yaml +environment: + - 'APP_URL=https://lobe.example.com' # Public URL for browser access + - 'INTERNAL_APP_URL=http://localhost:3210' # Internal URL for server-to-server calls +``` + +**How it works:** + +- `APP_URL`: Used for browser/client access, OAuth callbacks, webhooks, etc. (goes through CDN/proxy) +- `INTERNAL_APP_URL`: Used for internal server-to-server communication (bypasses CDN/proxy) + +If `INTERNAL_APP_URL` is not set, it defaults to `APP_URL`. + +**Configuration options:** + +- `http://localhost:3210` - If using Docker with host network mode +- `http://lobe:3210` - If using Docker network with service name +- `http://127.0.0.1:3210` - Alternative localhost address + + + For Docker Compose deployments with `network_mode: 'service:network-service'`, use `http://localhost:3210` as the `INTERNAL_APP_URL`. + + +#### Configuration Files + +For convenience, here is a summary of example configuration files required for the production deployment using the Casdoor authentication scheme: + +- `.env` + +```sh +# Proxy, if you need it +# HTTP_PROXY=http://localhost:7890 +# HTTPS_PROXY=http://localhost:7890 + +# Other environment variables, as needed. You can refer to the environment variables configuration for the client version. +# OPENAI_API_KEY=sk-xxxx +# OPENAI_PROXY_URL=https://api.openai.com/v1 +# OPENAI_MODEL_LIST=... + +# =========================== +# ====== Preset config ====== +# =========================== +# if no special requirements, no need to change +LOBE_PORT=3210 +CASDOOR_PORT=8000 +MINIO_PORT=9000 + +# Postgres related, which are the necessary environment variables for DB +LOBE_DB_NAME=LobeHub +POSTGRES_PASSWORD=uWNZugjBqixf8dxC + +# Casdoor secret +AUTH_CASDOOR_ID=943e627d79d5dd8a22a1 +AUTH_CASDOOR_SECRET=6ec24ac304e92e160ef0d0656ecd86de8cb563f1 + +# MinIO S3 configuration +MINIO_ROOT_USER=Joe +MINIO_ROOT_PASSWORD=Crj1570768 + +# Configure the bucket information of MinIO +MINIO_LOBE_BUCKET=lobe +S3_ACCESS_KEY_ID=dB6Uq9CYZPdWSZouPyEd +S3_SECRET_ACCESS_KEY=aPBW8CVULkh8bw1GatlT0GjLihcXHLNwRml4pieS +``` + +- `docker-compose.yml` + +```yaml +name: lobehub +services: + network-service: + image: alpine + container_name: lobe-network + ports: + - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API + - '9001:9001' # MinIO Console + - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor + - '${LOBE_PORT}:3210' # LobeHub + command: tail -f /dev/null + networks: + - lobe-network + + postgresql: + image: pgvector/pgvector:pg17 + container_name: lobe-postgres + ports: + - '5432:5432' + volumes: + - './data:/var/lib/postgresql/data' + environment: + - 'POSTGRES_DB=${LOBE_DB_NAME}' + - 'POSTGRES_PASSWORD=${POSTGRES_PASSWORD}' + healthcheck: + test: ['CMD-SHELL', 'pg_isready -U postgres'] + interval: 5s + timeout: 5s + retries: 5 + restart: always + networks: + - lobe-network + + minio: + image: minio/minio:RELEASE.2025-04-22T22-12-26Z + container_name: lobe-minio + network_mode: 'service:network-service' + volumes: + - './s3_data:/etc/minio/data' + environment: + - 'MINIO_ROOT_USER=${MINIO_ROOT_USER}' + - 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}' + # - 'MINIO_API_CORS_ALLOW_ORIGIN=http://localhost:${LOBE_PORT}' + - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' + restart: always + command: > + server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001" + + casdoor: + image: casbin/casdoor + container_name: lobe-casdoor + entrypoint: /bin/sh -c './server --createDatabase=true' + network_mode: 'service:network-service' + depends_on: + postgresql: + condition: service_healthy + environment: + RUNNING_IN_DOCKER: 'true' + driverName: 'postgres' + dataSourceName: 'user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor' + # origin: 'http://localhost:${CASDOOR_PORT}' + origin: 'https://auth.example.com' + runmode: 'dev' + volumes: + - ./init_data.json:/init_data.json + + lobe: + image: lobehub/lobehub + container_name: lobehub + network_mode: 'service:network-service' + depends_on: + postgresql: + condition: service_healthy + network-service: + condition: service_started + minio: + condition: service_started + casdoor: + condition: service_started + + environment: + # - 'APP_URL=http://localhost:3210' + - 'APP_URL=https://lobe.example.com' + + - 'AUTH_SSO_PROVIDERS=casdoor' + - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' + - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' + # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' + - 'AUTH_URL=https://lobe.example.com/api/auth' + + # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' + - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' + + - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' + # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' + - 'S3_ENDPOINT=https://minio.example.com' + + - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' + # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' + - 'S3_PUBLIC_DOMAIN=https://minio.example.com' + + - 'S3_ENABLE_PATH_STYLE=1' + - 'LLM_VISION_IMAGE_USE_BASE64=1' + env_file: + - .env + restart: always + +volumes: + data: + driver: local + s3_data: + driver: local + +networks: + lobe-network: + driver: bridge +``` + +[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobehub?color=45cc11&labelColor=black&style=flat-square +[docker-release-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobehub?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver +[docker-size-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobehub?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/platform/docker-compose.zh-CN.mdx b/docs/self-hosting/platform/docker-compose.zh-CN.mdx index 4eda35cdcd..825cd2a3a7 100644 --- a/docs/self-hosting/platform/docker-compose.zh-CN.mdx +++ b/docs/self-hosting/platform/docker-compose.zh-CN.mdx @@ -1,15 +1,14 @@ --- title: 通过 Docker Compose 部署 LobeHub -description: 学习如何使用 Docker Compose 部署 LobeHub 服务,包括安装 Docker 容器环境和自动更新脚本设置。 +description: 学习如何使用 Docker Compose 部署 LobeHub 服务,包括各种服务的配置教程。 tags: - Docker Compose - LobeHub - Docker 容器 - - 自动更新脚本 - 部署指引 --- -# Docker Compose 部署指引 +# 使用 Docker Compose 部署 LobeHub 服务端数据库版本
[![][docker-release-shield]][docker-release-link] @@ -19,111 +18,837 @@ tags: [![][docker-pulls-shield]][docker-pulls-link]
-我们提供了 [Docker 镜像](https://hub.docker.com/r/lobehub/lobe-chat) ,供你在自己的私有设备上部署 LobeHub 服务。 +## 快速启动 + + + **系统兼容性说明** + + - 支持 Unix 环境(Linux/macOS)的一键部署 + + - Windows 用户需通过 [WSL 2](https://aka.ms/wsl) 运行 + + - 一键启动脚本为首次部署专用,非首次部署请参考 [自定义部署](#自定义部署) 章节 + + - 端口占用检查:确保 `3210`、`8000`、`9000`、`9001` 端口可用 + + +执行以下命令初始化部署环境,目录 `lobe-chat-db` 将用于存放你的配置文件和后续的数据库文件。 + +```sh +mkdir lobe-chat-db && cd lobe-chat-db +``` + +获取并执行部署脚本: + +```sh +bash <(curl -fsSL https://lobe.li/setup.sh) -l zh_CN +``` + +脚本支持以下部署模式,请根据你的需求选择相应的模式,并继续阅读文档的剩余部分。 + +- [本地模式(默认)](#本地模式):仅能在本地访问,不支持局域网 / 公网访问,适用于初次体验; +- [端口模式](#端口模式):支持局域网 / 公网的 `http` 访问,适用于无域名或内部办公场景使用; +- [域名模式](#域名模式):支持局域网 / 公网在使用反向代理下的 `http/https` 访问,适用于个人或团队日常使用; + + + 在脚本的选项提示 `(选项1/选项2)[选项1]` 中:`(选项1 / 选项2)` + 代表可以选择的选项,`[选项1]`代表默认选项,直接回车即可选择默认选项。 + + +### 本地模式 - ### 安装 Docker 容器环境 + ### 在交互式脚本中完成剩余配置 - (如果已安装,请跳过此步) + 持续回车采用默认配置。 - - - ```fish - $ apt install docker.io - ``` - + ### 查看配置生成报告 - - ```fish - $ yum install docker - ``` - - + 你需要在脚本运行结束后查看配置生成报告,包括 Casdoor 管理员的帐号、用户账号和它们的初始登录密码。 - ### 运行 Docker Compose 部署指令 + 请使用用户账号登录 LobeHub,管理员账号仅用于管理 Casdoor。 - 使用 `docker-compose` 时配置文件如下: - - ```yml - version: '3.8' - - services: - lobe-chat: - image: lobehub/lobe-chat - container_name: lobe-chat - restart: always - ports: - - '3210:3210' - environment: - OPENAI_API_KEY: sk-xxxx - OPENAI_PROXY_URL: https://api-proxy.com/v1 + ```log + 安全密钥生成结果如下: + LobeHub: + - URL: http://localhost:3210 + - Username: user + - Password: c66f8c + Casdoor: + - URL: http://localhost:8000 + - Username: admin + - Password: c66f8c + Minio: + - URL: http://localhost:9000 + - Username: admin + - Password: 8c82ea41 ``` - 运行以下命令启动 Lobe Chat 服务: + ### 启动 Docker - ```bash - $ docker-compose up -d + ```sh + docker compose up -d ``` - ### Crontab 自动更新脚本(可选) + ### 检查日志 - 类似地,你可以使用以下脚本来自动更新 Lobe Chat,使用 `Docker Compose` 时,环境变量无需额外配置。 - - ```bash - #!/bin/bash - # auto-update-lobe-chat.sh - - # Set proxy (optional) - export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890 - - # Pull the latest image and store the output in a variable - output=$(docker pull lobehub/lobe-chat:latest 2>&1) - - # Check if the pull command was executed successfully - if [ $? -ne 0 ]; then - exit 1 - fi - - # Check if the output contains a specific string - echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest" - - # If the image is already up to date, do nothing - if [ $? -eq 0 ]; then - exit 0 - fi - - echo "Detected Lobe-Chat update" - - # Remove the old container - echo "Removed: $(docker rm -f Lobe-Chat)" - - # You may need to navigate to the directory where `docker-compose.yml` is located first - # cd /path/to/docker-compose-folder - - # Run the new container - echo "Started: $(docker-compose up)" - - # Print the update time and version - echo "Update time: $(date)" - echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" - - # Clean up unused images - docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 - echo "Removed old images." + ```sh + docker logs -f lobe-chat ``` - This script can also be used in Crontab, but ensure that your Crontab can find the correct Docker command. It is recommended to use absolute paths. + 如果你在容器中看到了以下日志,则说明已经启动成功: - Configure Crontab to execute the script every 5 minutes: + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: http://localhost:3210 + - Network: http://0.0.0.0:3210 - ```bash - */5 * * * * /path/to/auto-update-lobe-chat.sh >> /path/to/auto-update-lobe-chat.log 2>&1 + ✓ Starting... + ✓ Ready in 95ms ``` + + ### 访问应用 + + 通过 [http://localhost:3210](http://localhost:3210) 访问你的 LobeHub 服务。应用的账号密码在步骤`2`的报告中。 -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat?color=369eff&labelColor=black&style=flat-square&sort=semver +### 端口模式 + + + ### 在交互式脚本中完成剩余配置 + + 在端口模式中,你需要根据脚本提示完成: + + - 服务器 IP 地址设置:以便局域网 / 公网访问。 + - 安全密钥重新生成:我们强烈建议你重新生成安全密钥,如果你缺少脚本所需的密钥生成库,我们建议你参考 [自定义部署](#自定义部署) 章节对密钥进行修改。 + + ### 查看配置生成报告 + + 你需要在脚本运行结束后查看配置生成报告,包括 Casdoor 管理员的帐号、用户账号和它们的初始登录密码。 + + 请使用用户账号登录 LobeHub,管理员账号仅用于管理 Casdoor。 + + ```log + 安全密钥生成结果如下: + LobeHub: + - URL: http://your_server_ip:3210 + - Username: user + - Password: 837e26 + Casdoor: + - URL: http://your_server_ip:8000 + - Username: admin + - Password: 837e26 + Minio: + - URL: http://your_server_ip:9000 + - Username: admin + - Password: dbac8440 + ``` + + ### 启动 Docker + + ```sh + docker compose up -d + ``` + + ### 检查日志 + + ```sh + docker logs -f lobe-chat + ``` + + 如果你在容器中看到了以下日志,则说明已经启动成功: + + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: http://your_server_ip:3210 + - Network: http://0.0.0.0:3210 + ✓ Starting... + ✓ Ready in 95ms + ``` + + ### 访问应用 + + 你可以通过 `http://your_server_ip:3210` 访问你的 LobeHub 服务。应用的账号密码在步骤`2`的报告中。 + + + 请注意,如果你的服务能够被公网访问,我们强烈建议你参考 [文档](https://lobehub.com/zh/docs/self-hosting/advanced/auth/providers/casdoor) 关闭注册功能。 + + + +### 域名模式 + + + ### 完成反向代理配置 + + 在域名模式中,你需要完成反向代理配置,并确保局域网 / 公网能访问到以下服务。请使用反向代理将以下服务端口映射到域名: + + | 域名 | 反代端口 | 是否必选 | + | ---------------------- | ------ | ---- | + | `lobe.example.com` | `3210` | 必选 | + | `auth.example.com` | `8000` | 必选 | + | `minio.example.com` | `9000` | 必选 | + | `minio-ui.example.com` | `9001` | | + + + 如果你使用如 [宝塔面板](https://www.bt.cn/) 等面板软件进行反向代理配置, + 你需要确保其对 `.well-known` 路径的请求不进行拦截,以确保 Casdoor 的 OAuth2 配置能够正常工作。 + 这里提供一份针对 Casdoor 服务的 Nginx server 块的路径白名单配置: + + ```nginx + location /.well-known/openid-configuration { + proxy_pass http://localhost:8000; # 转发到 localhost:8000 + proxy_set_header Host $host; # 保留原始主机头 + proxy_set_header X-Real-IP $remote_addr; # 保留客户端真实IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 保留转发的IP + proxy_set_header X-Forwarded-Proto $scheme; # 保留请求协议 + } + ``` + + ⚠️ 请不要在此类面板软件的反向代理设置中开启任何形式的缓存,以免影响服务的正常运行。 + 详情请见 [https://github.com/lobehub/lobe-chat/discussions/5986](https://github.com/lobehub/lobe-chat/discussions/5986) + + + ### 在交互式脚本中完成剩余配置 + + 在域名模式中,你需要根据脚本提示完成: + + - LobeHub 服务的域名设置:`lobe.example.com` + - Minio 服务的域名设置:`minio.example.com` + - Casdoor 服务的域名设置:`auth.example.com` + - 选择访问协议:`http` 或 `https` + - 安全密钥重新生成:我们强烈建议你重新生成安全密钥,如果你缺少脚本所需的密钥生成库,我们建议你参考 [自定义部署](#自定义部署) 章节对密钥进行修改。 + + + 以下问题可能导致你的服务无法正常访问: + + - 此处的域名配置需要与步骤`1`中的反向代理配置保持一致。 + + - 如果你使用 Cloudflare 的域名解析服务并开启了 `全程代理`,请使用 `https` 协议。 + + - 如果你使用了 HTTPS 协议,请确保你的域名证书已经正确配置,一键部署默认不支持自签发证书。 + + + ### 查看配置生成报告 + + 你需要在脚本运行结束后查看配置生成报告,包括 Casdoor 管理员的初始登录密码。 + + 请使用用户账号登录 LobeHub,管理员账号仅用于管理 Casdoor。 + + ```log + 安全密钥生成结果如下: + LobeHub: + - URL: https://lobe.example.com + - Username: user + - Password: 837e26 + Casdoor: + - URL: https://auth.example.com + - Username: admin + - Password: 837e26 + Minio: + - URL: https://minio.example.com + - Username: admin + - Password: dbac8440 + ``` + + ### 启动 Docker + + ```sh + docker compose up -d + ``` + + ### 检查日志 + + ```sh + docker logs -f lobe-chat + ``` + + 如果你在容器中看到了以下日志,则说明已经启动成功: + + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: https://localhost:3210 + - Network: http://0.0.0.0:3210 + ✓ Starting... + ✓ Ready in 95ms + ``` + + ### 访问应用 + + 你可以通过 `https://lobe.example.com` 访问你的 LobeHub 服务。应用的账号密码在步骤`3`的报告中。 + + + 请注意,如果你的服务能够被公网访问,我们强烈建议你参考 [文档](https://lobehub.com/zh/docs/self-hosting/advanced/auth/providers/casdoor) 关闭注册功能。 + + + +## 自定义部署 + +该章节主要为你介绍在不同的网络环境下自定义部署 LobeHub 服务必须要修改的配置。在开始前,你可以先下载 [Docker Compose 配置文件](https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml) 以及 [环境变量配置文件](https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.zh-CN.example)。 + +```sh +curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml +curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.zh-CN.example +mv .env.zh-CN.example .env +``` + + + 本章节并不包含所有完整变量,剩余的变量可以查阅 + [使用服务端数据库部署](/zh/docs/self-hosting/server-database) 。 + + +### 预备知识 + +一般来讲,想要完整的运行 LobeHub 数据库版本,你需要至少拥有如下四个服务 + +- LobeHub 数据库版本自身 +- 带有 PGVector 插件的 PostgreSQL 数据库 +- 支持 S3 协议的对象存储服务 +- 受 LobeHub 支持的 SSO 登录鉴权服务 + +这些服务可以通过自建或者在线云服务组合搭配,以满足不同层次的部署需求。本文中,我们提供了完全基于开源自建服务的 Docker Compose 配置,你可以直接使用这份配置文件来启动 LobeHub 数据库版本,也可以对之进行修改以适应你的需求。 + +我们默认使用 [MinIO](https://github.com/minio/minio) 作为本地 S3 对象存储服务,使用 [Casdoor](https://github.com/casdoor/casdoor) 作为本地鉴权服务。 + + + 如果你的网络拓扑较为复杂,请先确保在你的网络环境中这些服务能够正常通讯。 + + +### 必要配置 + +以下我们将介绍运行这些服务的必要配置: + +1. Casdoor + +- LobeHub 需要与 Casdoor 通讯,因此你需要配置 Casdoor 的 Issuer 。 + +```env +AUTH_CASDOOR_ISSUER=https://auth.example.com +``` + +该配置会影响 LobeHub 的登录鉴权服务,你需要确保 Casdoor 服务的地址正确。你可以在 [常见问题](#常见问题) 中找到该配置错误的常见现象及解决方案。 + +- 同时,你也需要在 Casdoor 中允许回调地址为 LobeHub 的地址: + +请在 Casdoor 的 Web 面板的 `身份认证 -> 应用` -> `<应用ID,默认为 app-built-in>` -> `重定向URL` 中添加一行: + +``` +https://auth.example.com/api/auth/callback/casdoor +``` + +- Casdoor 需要在环境变量中提供访问的 Origin 信息: + +```env +origin=https://auth.example.com +``` + +2. MinIO + +- LobeHub 需要为 LLM 服务提供商提供文件对象的公网访问地址,因此你需要配置 MinIO 的 Endpoint 。 + +```env +S3_PUBLIC_DOMAIN=https://minio.example.com +S3_ENDPOINT=https://minio.example.com +``` + +3. PostgreSQL + +该配置位于 `docker-compose.yml` 文件中,你需要配置数据库的名称和密码: + +```yaml +services: + lobe: + environment: + - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' +``` + +## 常见问题 + +#### 无法正常登陆 + +请根据容器日志检查是否存在以下错误 + +```sh +docker logs -f lobe-chat +``` + +- r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) + +```log +lobe-chat | [auth][error] r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) +``` + +成因:该问题一般是由于你的反向代理配置不正确导致的,你需要确保你的反向代理配置不会拦截 Casdoor 的 OAuth2 配置请求。 + +解决方案: + +- 请参考 [域名模式](#域名模式) 章节中的反向代理配置注意事项。 + +- 一个直接的排查方式,你可以直接访问 `https://auth.example.com/.well-known/openid-configuration`,如果 + + - 返回了非 JSON 格式的数据,则说明你的反向代理配置错误。 + - 如果返回的 JSON 格式数据中的 `"issuer": "URL"` 字段不是你配置的 `https://auth.example.com`,则说明你的环境变量配置错误。 + +- TypeError: fetch failed + +```log +lobe-chat | [auth][error] TypeError: fetch failed +``` + +成因:LobeHub 无法访问鉴权服务。 + +解决方案: + +- 请检查你的鉴权服务是否正常运行,以及 LobeHub 所在的网络是否能够访问到鉴权服务。 + +- 一个直接的排查方式,你可以在 LobeHub 容器的终端中,使用 `curl` 命令访问你的鉴权服务 `https://auth.example.com/.well-known/openid-configuration`,如果返回了 JSON 格式的数据,则说明你的鉴权服务正常运行。 + +#### 反向代理下 OAuth 令牌交换失败 + +如果在反向代理后使用 Docker 时 OAuth 认证在令牌交换阶段失败,这通常是由默认的 `MIDDLEWARE_REWRITE_THROUGH_LOCAL=1` 设置引起的,该设置会将 URL 重写为 `127.0.0.1:3210`。 + +**解决方案**: 在 `.env` 文件中设置 `MIDDLEWARE_REWRITE_THROUGH_LOCAL=0` 并重启 Docker 容器: + +```bash +docker compose down +docker compose up -d +``` + +## 拓展配置 + +为了完善你的 LobeHub 服务,你可以根据你的需求进行以下拓展配置。 + +### 使用 MinIO 存储 Casdoor 头像 + +允许用户在 Casdoor 中更换头像 + +1. 你需要首先在 `buckets` 中创建一个名为 `casdoor` 的桶,选择自定义策略,复制并粘贴如下内容(如果你修改了桶名,请自行查找替换) + + ```json + { + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": ["*"] + }, + "Action": ["s3:GetBucketLocation"], + "Resource": ["arn:aws:s3:::casdoor"] + }, + { + "Effect": "Allow", + "Principal": { + "AWS": ["*"] + }, + "Action": ["s3:ListBucket"], + "Resource": ["arn:aws:s3:::casdoor"], + "Condition": { + "StringEquals": { + "s3:prefix": ["files/*"] + } + } + }, + { + "Effect": "Allow", + "Principal": { + "AWS": ["*"] + }, + "Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"], + "Resource": ["arn:aws:s3:::casdoor/**"] + } + ], + "Version": "2012-10-17" + } + ``` + +2. 创建一个新的访问密钥,将生成的 `Access Key` 和 `Secret Key` 存储之 + +3. 在 Casdoor 的 `身份认证 -> 提供商` 中关联 MinIO S3 服务,以下是一个示例配置: + + ![casdoor](/blog/assets18bb134dbc5792d6a624199cca8bf7d3.webp) + + 其中,客户端 ID、客户端密钥为上一步创建的访问密钥中的 `Access Key` 和 `Secret Key`,`192.168.31.251` 应当被替换为 `your_server_ip`。 + +4. 在 Casdoor 的 `身份认证 -> 应用` 中,对 `app-built-in` 应用添加提供商,选择 `minio`,保存并退出 + +5. 你可以在 Casdoor 的 `身份认证 -> 资源` 中,尝试上传文件以测试配置是否正确 + +### 生产部署下从 `logto` 迁移至 `Casdoor` + +适用于已经在生产环境下使用 `logto` 作为登录鉴权服务的用户 + + + 由于使用[Logto](https://logto.io/) 作为登录鉴权服务存在比较大的不稳定性。 因此,下文基于发布到 IP + 模式的教程,实现了使用 Casdoor 作为鉴权服务提供商的域名发布方案。 + 本文剩余部分也将以其为例进行说明。如果你使用其他诸如 Logto + 等其他登录鉴权服务,流程应当相近,但请注意不同的登录鉴权服务的端口配置可能有所差异。 + + +在下文中,我们假设在上述服务之外,你还运行了一层 **Nginx** 来进行反向代理、配置 SSL。 + +域名和配套服务端口说明如下: + +- `lobe.example.com`:为你的 LobeHub 服务端域名,需要反向代理到 LobeHub 服务端口,默认为 `3210` +- `auth.example.com`:为你的 Logto UI 域名,需要反向代理到 Logto WebUI 服务端口,默认为 `8000` +- `minio.example.com`:为你的 MinIO API 域名,需要反向代理到 MinIO API 服务端口,默认为 `9000` +- `minio-ui.example.com`:可选,为你的 MinIO UI 域名,需要反向代理到 MinIO WebUI 服务端口,默认为 `9001` + +#### 配置文件 + +```sh +bash <(curl -fsSL https://lobe.li/setup.sh) -l zh_CN +docker compose up -d +``` + +注意保存此时生成的新密码! + +运行后会获得三个文件 + +- init\_data.json +- docker-compose.yml +- .env + +接下来,修改配置文件以实现域名发布 + +1. 修改 `docker-compose.yml` 文件 + + 1. 修改 `minio`的`MINIO_API_CORS_ALLOW_ORIGIN`字段。 + + ```yaml + 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' + ``` + + 2. 修改`casdoor`的`origin`字段。 + + ```yaml + origin: 'https://auth.example.com' + ``` + + 3. 修改`lobe`的`environment`字段。 + + ```yaml + # - 'APP_URL=http://localhost:3210' + - 'APP_URL=https://lobe.example.com' + + - 'AUTH_SSO_PROVIDERS=casdoor' + - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' + - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' + # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' + - 'AUTH_URL=https://lobe.example.com/api/auth' + + # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' + - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' + + - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' + # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' + - 'S3_ENDPOINT=https://minio.example.com' + + - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' + # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' + - 'S3_PUBLIC_DOMAIN=https://minio.example.com' + + - 'S3_ENABLE_PATH_STYLE=1' + - 'LLM_VISION_IMAGE_USE_BASE64=1' + ``` + +2. 修改 `.env` 文件 + +为了安全起见,修改 `.env` 文件中的 ROOT USER 的字段 + +```sh +# MinIO S3 configuration +MINIO_ROOT_USER=XXXX +MINIO_ROOT_PASSWORD=XXXX +``` + +#### Postgres 数据库配置 + +你可以使用下述指令检查日志: + +```sh +docker logs -f lobe-chat +``` + + + 在我们官方的 Docker 镜像中,会在启动镜像前自动执行数据库 schema 的 migration + ,我们的官方镜像承诺「空数据库 -> + 完整表」这一段自动建表的稳定性。因此我们建议你的数据库实例使用一个空表实例,进而省去手动维护表结构或者 + migration 的麻烦。 + + +如果你在建表的时候出现了问题,你可以尝试使用如下命令强制移除数据库容器并重新启动: + +```sh +docker compose down # 停止服务 +sudo rm -rf ./data # 移除挂载的数据库数据 +docker compose up -d # 重新启动 +``` + +#### 登录鉴权服务配置 + +你需要首先访问 WebUI 来进行配置: + +- 如果你按照前文配置了反向代理,打开 `https://auth.example.com` +- 否则,请在进行端口映射后,打开 `http://localhost:8000` + +登录管理员账户 + +- 默认用户名为 admin +- 默认密码为 下载配置文件时生成的随机密码。如忘记可到 `init_data.json` 文件中找回 + +登入后执行如下操作 + +1. 在 `用户管理 -> 组织` 中,添加一个新的组织。名称与显示名称为 `Lobe Users`。其余保持默认即可。 +2. 在 `身份认证 -> 应用` 中,添加一个新的应用。 + +- 名称与显示名称为 `LobeHub`。 +- 组织为 `Lobe Users`。 +- 重定向 URLS 中添加一行 为 `https://lobe.example.com/api/auth/callback/casdoor`。 +- 关闭除密码外的登录方式 。 +- 将客户端 ID 和客户端密钥分别填入 `.env`中的 `AUTH_CASDOOR_ID` 和 `AUTH_CASDOOR_SECRET` 中。 +- (可选) 仿照`built-in`应用的配置,来设计登录和注册的页面外观。 +- 保存并退出。 + + + 通过上述步骤,可以避免默认情况下所有用户均为管理员导致的不安全的情况。 + + +#### S3 对象存储服务配置 + +本文以 MinIO 为例,解释配置过程,如果你使用的是其他 S3 服务商,请参照其文档进行配置。 + + + 请记得注意配置对应 S3 服务商的 CORS 跨域配置,以确保 LobeHub 能够正常访问 S3 服务。 + + 在本文中,你需要允许 `https://lobe.example.com` 的跨域请求。这既可以在 MinIO WebUI 的 `Configuration - API - Cors Allow Origin` 中配置,也可以在 Docker Compose 中的 `minio - environment - MINIO_API_CORS_ALLOW_ORIGIN` 中配置。 + + 如果你使用第二种方法(这也是默认的方法)进行配置,你将无法再在 MinIO WebUI 中配置。 + + +你需要首先访问 WebUI 来进行配置: + +- 如果你按照前文配置了反向代理,打开 `https://minio-ui.example.com` +- 否则,请在进行端口映射后,打开 `http://localhost:9001` + +1. 在登录界面输入你设置的 `MINIO_ROOT_USER` 和 `MINIO_ROOT_PASSWORD`,然后点击登录 + +2. 在左侧面板 User / Access Keys 处,点击 `Create New Access Key`,无需额外修改,将生成的 `Access Key` 和 `Secret Key` 填入你的 `.env` 文件中的 `S3_ACCESS_KEY_ID` 和 `S3_SECRET_ACCESS_KEY` 中 + +创建 MinIO 访问密钥 + +3. 重启 LobeHub 服务: + + ```sh + docker compose up -d + ``` + +至此,你已经成功部署了 LobeHub 数据库版本,你可以通过 `https://lobe.example.com` 访问你的 LobeHub 服务。 + +#### 使用 `INTERNAL_APP_URL` 配置内部服务器通信 + + + 如果你在 CDN(如 Cloudflare)或反向代理后部署 LobeHub,你可以配置内部服务器到服务器通信以绕过 CDN / 代理层,以获得更好的性能。 + + +你可以配置 `INTERNAL_APP_URL` 环境变量: + +```yaml +environment: + - 'APP_URL=https://lobe.example.com' # 浏览器访问的公开 URL + - 'INTERNAL_APP_URL=http://localhost:3210' # 服务器到服务器调用的内部 URL +``` + +**工作原理:** + +- `APP_URL`:用于浏览器 / 客户端访问、OAuth 回调、webhook 等(通过 CDN / 代理) +- `INTERNAL_APP_URL`:用于内部服务器到服务器通信(绕过 CDN / 代理) + +如果未设置 `INTERNAL_APP_URL`,它将默认为 `APP_URL`。 + +**配置选项:** + +- `http://localhost:3210` - 如果使用 Docker 主机网络模式 +- `http://lobe:3210` - 如果使用 Docker 网络与服务名称 +- `http://127.0.0.1:3210` - 备用本地主机地址 + + + 对于使用 `network_mode: 'service:network-service'` 的 Docker Compose 部署,请使用 `http://localhost:3210` 作为 `INTERNAL_APP_URL`。 + + +#### 配置文件 + +为方便一键复制,在此汇总基于 casdoor 鉴权方案的域名方式下生产部署配置服务端数据库所需要的示例配置文件。 + +- `.env` + +```sh +# Proxy, if you need it +# HTTP_PROXY=http://localhost:7890 +# HTTPS_PROXY=http://localhost:7890 + +# Other environment variables, as needed. You can refer to the environment variables configuration for the client version. +# OPENAI_API_KEY=sk-xxxx +# OPENAI_PROXY_URL=https://api.openai.com/v1 +# OPENAI_MODEL_LIST=... + +# =========================== +# ====== Preset config ====== +# =========================== +# if no special requirements, no need to change +LOBE_PORT=3210 +CASDOOR_PORT=8000 +MINIO_PORT=9000 + +# Postgres related, which are the necessary environment variables for DB +LOBE_DB_NAME=LobeHub +POSTGRES_PASSWORD=uWNZugjBqixf8dxC + +# Casdoor secret +AUTH_CASDOOR_ID=943e627d79d5dd8a22a1 +AUTH_CASDOOR_SECRET=6ec24ac304e92e160ef0d0656ecd86de8cb563f1 + +# MinIO S3 configuration +MINIO_ROOT_USER=Joe +MINIO_ROOT_PASSWORD=Crj1570768 + +# Configure the bucket information of MinIO +MINIO_LOBE_BUCKET=lobe +S3_ACCESS_KEY_ID=dB6Uq9CYZPdWSZouPyEd +S3_SECRET_ACCESS_KEY=aPBW8CVULkh8bw1GatlT0GjLihcXHLNwRml4pieS +``` + +- `docker-compose.yml` + +```yaml +name: lobehub +services: + network-service: + image: alpine + container_name: lobe-network + ports: + - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API + - '9001:9001' # MinIO Console + - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor + - '${LOBE_PORT}:3210' # LobeHub + command: tail -f /dev/null + networks: + - lobe-network + + postgresql: + image: pgvector/pgvector:pg17 + container_name: lobe-postgres + ports: + - '5432:5432' + volumes: + - './data:/var/lib/postgresql/data' + environment: + - 'POSTGRES_DB=${LOBE_DB_NAME}' + - 'POSTGRES_PASSWORD=${POSTGRES_PASSWORD}' + healthcheck: + test: ['CMD-SHELL', 'pg_isready -U postgres'] + interval: 5s + timeout: 5s + retries: 5 + restart: always + networks: + - lobe-network + + minio: + image: minio/minio + container_name: lobe-minio + network_mode: 'service:network-service' + volumes: + - './s3_data:/etc/minio/data' + environment: + - 'MINIO_ROOT_USER=${MINIO_ROOT_USER}' + - 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}' + # - 'MINIO_API_CORS_ALLOW_ORIGIN=http://localhost:${LOBE_PORT}' + - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' + restart: always + command: > + server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001" + + casdoor: + image: casbin/casdoor + container_name: lobe-casdoor + entrypoint: /bin/sh -c './server --createDatabase=true' + network_mode: 'service:network-service' + depends_on: + postgresql: + condition: service_healthy + environment: + RUNNING_IN_DOCKER: 'true' + driverName: 'postgres' + dataSourceName: 'user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor' + # origin: 'http://localhost:${CASDOOR_PORT}' + origin: 'https://auth.example.com' + runmode: 'dev' + volumes: + - ./init_data.json:/init_data.json + + lobe: + image: lobehub/lobehub + container_name: lobehub + network_mode: 'service:network-service' + depends_on: + postgresql: + condition: service_healthy + network-service: + condition: service_started + minio: + condition: service_started + casdoor: + condition: service_started + + environment: + # - 'APP_URL=http://localhost:3210' + - 'APP_URL=https://lobe.example.com' + + - 'AUTH_SSO_PROVIDERS=casdoor' + - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' + - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' + # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' + - 'AUTH_URL=https://lobe.example.com/api/auth' + + # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' + - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' + + - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' + # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' + - 'S3_ENDPOINT=https://minio.example.com' + + - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' + # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' + - 'S3_PUBLIC_DOMAIN=https://minio.example.com' + + - 'S3_ENABLE_PATH_STYLE=1' + - 'LLM_VISION_IMAGE_USE_BASE64=1' + env_file: + - .env + restart: always + +volumes: + data: + driver: local + s3_data: + driver: local + +networks: + lobe-network: + driver: bridge +``` + +[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobehub?color=45cc11&labelColor=black&style=flat-square +[docker-release-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobehub?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver +[docker-size-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobehub?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/platform/docker.mdx b/docs/self-hosting/platform/docker.mdx index de6956bfe4..b9d5d6b59c 100644 --- a/docs/self-hosting/platform/docker.mdx +++ b/docs/self-hosting/platform/docker.mdx @@ -1,17 +1,16 @@ --- -title: Deploy LobeHub with Docker +title: Deploying LobeHub Database with Docker description: >- - Learn how to deploy the LobeHub service using Docker, including installation - steps, command deployment, proxy configuration, and automatic update scripts. + Learn how to deploy the LobeHub server database version using Docker on Linux + and local machines. tags: - - Docker Deployment - - LobeHub Service - - Docker Command - - Proxy Configuration - - Automatic Update Script + - LobeHub + - Docker + - Database Deployment + - Postgres --- -# Docker Deployment Guide +# Deploying Server Database Version Using Docker
[![][docker-release-shield]][docker-release-link] @@ -21,135 +20,135 @@ tags: [![][docker-pulls-shield]][docker-pulls-link]
-We provide a [Docker image][docker-release-link] for you to deploy the LobeHub service on your private device. + + This article assumes that you are familiar with the basic principles and processes of deploying + the LobeHub server database version, so it only includes content related to core environment + variable configuration. If you are not familiar with the deployment principles of the LobeHub + server database version, please refer to [Deploying Server + Database](/docs/self-hosting/server-database) first. + + +## Deploying on a Linux Server + +Here is the process for deploying the LobeHub server database version on a Linux server: - ### Install Docker Container Environment + ### Create a Postgres Database Instance - (If already installed, skip this step) + Please create a Postgres database instance with the PGVector plugin according to your needs, for example: - - - ```fish - $ apt install docker.io - ``` - + ```sh + docker network create pg - - ```fish - $ yum install docker - ``` - - - - ### Docker Command Deployment - - Use the following command to start the LobeHub service with one click: - - ```fish - $ docker run -d -p 3210:3210 \ - -e OPENAI_API_KEY=sk-xxxx \ - --name lobe-chat \ - lobehub/lobe-chat + docker run --name my-postgres --network pg -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d pgvector/pgvector:pg17 ``` - Command explanation: + The above command will create a PG instance named `my-postgres` on the network `pg`, where `pgvector/pgvector:pg17` is a Postgres 17 image with the pgvector plugin installed by default. - - The default port mapping is `3210`, please ensure it is not occupied or manually change the port mapping. - - - Replace `sk-xxxx` in the above command with your OpenAI API Key. - - - For the complete list of environment variables supported by LobeHub, please refer to the [Environment Variables](/docs/self-hosting/environment-variables) section. - - - Since the official Docker image build takes about half an hour, if you see the "update available" - prompt after deployment, you can wait for the image to finish building before deploying again. + + The pgvector plugin provides vector search capabilities for Postgres, which is an important + component for LobeHub to implement RAG. - - Note that when the **deployment architecture is inconsistent with the image**, you need to - cross-compile **Sharp**, see [Sharp - Cross-Compilation](https://sharp.pixelplumbing.com/install#cross-platform) for details. + + The above command does not specify a persistent storage location for the pg instance, so it is + only for testing/demonstration purposes. Please configure persistent storage for production + environments. - #### Using a Proxy Address + ### Create a file named `lobe-chat.env` to store environment variables: - If you need to use the OpenAI service through a proxy, you can configure the proxy address using the `OPENAI_PROXY_URL` environment variable: + ```shell + # Website domain + APP_URL=https://your-prod-domain.com + + # DB required environment variables + KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= + # Postgres database connection string + # Format: postgres://username:password@host:port/dbname; if your pg instance is a Docker container, use the container name + DATABASE_URL=postgres://postgres:mysecretpassword@my-postgres:5432/postgres + + # Authentication (Better Auth) + # Session encryption key (generate with: openssl rand -base64 32) + AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= + # JWKS key for signing and verifying JWTs (generate at: https://lobehub.com/docs/self-hosting/environment-variables/auth#jwks_key) + JWKS_KEY='{"keys":[...]}' + + # S3 related + S3_ACCESS_KEY_ID=xxxxxxxxxx + S3_SECRET_ACCESS_KEY=xxxxxxxxxx + S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com + S3_BUCKET=LobeHub + S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com - ```fish - $ docker run -d -p 3210:3210 \ - -e OPENAI_API_KEY=sk-xxxx \ - -e OPENAI_PROXY_URL=https://api-proxy.com/v1 \ - --name lobe-chat \ - lobehub/lobe-chat ``` - ### Crontab Automatic Update Script (Optional) + ### Start the lobehub Docker image - If you want to automatically obtain the latest image, you can follow these steps. - - First, create a `lobe.env` configuration file with various environment variables, for example: - - ```env - OPENAI_API_KEY=sk-xxxx - OPENAI_PROXY_URL=https://api-proxy.com/v1 - OPENAI_MODEL_LIST=-gpt-4,-gpt-4-32k,-gpt-3.5-turbo-16k,gpt-3.5-turbo-1106=gpt-3.5-turbo-16k,gpt-4-0125-preview=gpt-4-turbo,gpt-4-vision-preview=gpt-4-vision + ```sh + docker run -it -d -p 3210:3210 --network pg --env-file lobe-chat.env --name lobehub lobehub/lobehub ``` - Then, you can use the following script to automate the update: + You can use the following command to check the logs: - ```bash - #!/bin/bash - # auto-update-lobe-chat.sh - - # Set up proxy (optional) - export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890 - - # Pull the latest image and store the output in a variable - output=$(docker pull lobehub/lobe-chat:latest 2>&1) - - # Check if the pull command was executed successfully - if [ $? -ne 0 ]; then - exit 1 - fi - - # Check if the output contains a specific string - echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest" - - # If the image is already up to date, do nothing - if [ $? -eq 0 ]; then - exit 0 - fi - - echo "Detected Lobe-Chat update" - - # Remove the old container - echo "Removed: $(docker rm -f Lobe-Chat)" - - # Run the new container - echo "Started: $(docker run -d --network=host --env-file /path/to/lobe.env --name=Lobe-Chat --restart=always lobehub/lobe-chat)" - - # Print the update time and version - echo "Update time: $(date)" - echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" - - # Clean up unused images - docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 - echo "Removed old images." + ```sh + docker logs -f lobehub ``` - This script can be used in Crontab, but please ensure that your Crontab can find the correct Docker command. It is recommended to use absolute paths. + If you see the following logs in the container, it means it has started successfully: - Configure Crontab to execute the script every 5 minutes: + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: http://localhost:3210 + - Network: http://0.0.0.0:3210 - ```bash - */5 * * * * /path/to/auto-update-lobe-chat.sh >> /path/to/auto-update-lobe-chat.log 2>&1 + ✓ Starting... + ✓ Ready in 95ms ``` -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat?color=369eff&labelColor=black&style=flat-square&sort=semver + + In our official Docker image, the database schema migration is automatically executed before + starting the image. We ensure stability from an empty database to all tables being formally + available. Therefore, we recommend using an empty table instance for your database to avoid the + cost of manually maintaining table structure migration. + + +## Using Locally (Mac / Windows) + +The data version of LobeHub also supports direct use on a local Mac/Windows machine. + +Here, we assume that you have a pg instance available on port 5432 locally on your Mac/Windows, with the account `postgres` and password `mysecretpassword`, accessible at `localhost:5432`. + +The script command you need to execute is: + +```shell +$ docker run -it -d --name lobehub -p 3210:3210 \ + -e DATABASE_URL=postgres://postgres:mysecretpassword@host.docker.internal:5432/postgres \ + -e KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ + -e AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ + -e JWKS_KEY='{"keys":[...]}' \ + -e APP_URL=http://localhost:3210 \ + -e S3_ACCESS_KEY_ID=xxxxxxxxxx \ + -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \ + -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \ + -e S3_BUCKET=LobeHub \ + -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \ + lobehub/lobehub +``` + + + `Docker` uses a virtual machine solution on `Windows` and `macOS`. If you use `localhost` / + `127.0.0.1`, it will refer to the container's `localhost`. In this case, try using + `host.docker.internal` instead of `localhost`. + + +[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobehub?color=45cc11&labelColor=black&style=flat-square +[docker-release-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobehub?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver +[docker-size-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobehub?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/platform/docker.zh-CN.mdx b/docs/self-hosting/platform/docker.zh-CN.mdx index 5b2b0d7af6..e93815fc98 100644 --- a/docs/self-hosting/platform/docker.zh-CN.mdx +++ b/docs/self-hosting/platform/docker.zh-CN.mdx @@ -1,16 +1,14 @@ --- -title: 通过 Docker 部署 LobeHub -description: 学习如何使用 Docker 部署 LobeHub 服务,包括安装 Docker 容器环境和使用指令一键启动服务。详细说明如何配置环境变量和使用代理地址。 +title: 使用 Docker 部署 LobeHub 数据库 +description: 详细步骤教你如何在 Docker 中部署 LobeHub 服务端数据库。 tags: - Docker - LobeHub - - 部署指引 - - 环境变量 - - 代理地址 - - 自动更新脚本 + - 数据库部署 + - Postgres --- -# Docker 部署指引 +# 使用 Docker 部署服务端数据库版
[![][docker-release-shield]][docker-release-link] @@ -20,182 +18,136 @@ tags: [![][docker-pulls-shield]][docker-pulls-link]
-我们提供了 [Docker 镜像][docker-release-link],供你在自己的私有设备上部署 LobeHub 服务。 + + 本文已经假定你了解了 LobeHub 服务端数据库版本(下简称 DB + 版)的部署基本原理和流程,因此只包含核心环境变量配置的内容。如果你还不了解 LobeHub DB + 版的部署原理,请先查阅 [使用服务端数据库部署](/zh/docs/self-hosting/server-database) 。 + 此外,针对国内的腾讯云储存桶用户,可查询[配置腾讯云 COS + 存储服务](/zh/docs/self-hosting/advanced/s3/tencent-cloud)。 + -## 部署指南 +## 在 Linux 服务器上部署 + +以下是在 Linux 服务器上部署 LobeHub DB 版的流程: - ### 安装 Docker 容器环境 + ### 创建 Postgres 数据库实例 - (如果已安装,请跳过此步) + 请按照你自己的诉求创建一个带有 PGVector 插件的 Postgres 数据库实例,例如: - - - ```fish - $ apt install docker.io - ``` - + ```sh + docker network create pg - - ```fish - $ yum install docker - ``` - - - - ### Docker 指令部署 - - 使用以下命令即可使用一键启动 LobeHub 服务: - - ```fish - $ docker run -d -p 3210:3210 \ - -e OPENAI_API_KEY=sk-xxxx \ - --name lobe-chat \ - lobehub/lobe-chat + docker run --name my-postgres --network pg -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d pgvector/pgvector:pg17 ``` - 指令说明: + 上述指令会创建一个名为 `my-postgres`,并且网络为 `pg` 的 PG 实例,其中 `pgvector/pgvector:pg17` 是一个 Postgres 17 的镜像,且默认安装了 pgvector 插件。 - - 默认映射端口为 `3210`, 请确保未被占用或手动更改端口映射 - - 使用你的 OpenAI API Key 替换上述命令中的 `sk-xxxx` ,获取 API Key 的方式详见最后一节。 - - - LobeHub 支持的完整环境变量列表请参考 [📘 环境变量](/zh/docs/self-hosting/environment-variables) - 部分 + + pgvector 插件为 Postgres 提供了向量搜索的能力,是 LobeHub 实现 RAG 的重要构件之一。 - - 由于官方的 Docker - 镜像构建大约需要半小时左右,如果在更新部署后会出现「存在更新」的提示,可以等待镜像构建完成后再次部署。 + + 以上指令得到的 pg 实例并没有指定持久化存储位置,因此仅用于测试 / + 演示,生产环境请自行配置持久化存储。 - - 注意,当**部署架构与镜像的不一致时**,需要对 **Sharp** 进行交叉编译,详见 [Sharp - 交叉编译](https://sharp.pixelplumbing.com/install#cross-platform) - + ### 创建名为 `lobe-chat.env` 文件用于存放环境变量: - #### 使用代理地址 + ```shell + # 网站域名 + APP_URL=https://your-prod-domain.com - 如果你需要通过代理使用 OpenAI 服务,你可以使用 `OPENAI_PROXY_URL` 环境变量来配置代理地址: + # DB 必须的环境变量 + # 用于加密敏感信息的密钥,可以使用 openssl rand -base64 32 生成 + KEY_VAULTS_SECRET='jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk=' + # Postgres 数据库连接字符串 + # 格式:postgres://username:password@host:port/dbname,如果你的 pg 实例为 Docker 容器,请使用容器名 + DATABASE_URL=postgres://postgres:mysecretpassword@my-postgres:5432/postgres + + # 身份验证(Better Auth) + # 会话加密密钥(使用以下命令生成:openssl rand -base64 32) + AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= + # JWKS 密钥,用于签名和验证 JWT(在此生成:https://lobehub.com/zh/docs/self-hosting/environment-variables/auth#jwks_key) + JWKS_KEY='{"keys":[...]}' + + # S3 相关 + S3_ACCESS_KEY_ID=xxxxxxxxxx + S3_SECRET_ACCESS_KEY=xxxxxxxxxx + # 用于 S3 API 访问的域名 + S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com + S3_BUCKET=LobeHub + # 用于外网访问 S3 的公共域名,需配置 CORS + S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com + # S3_REGION=ap-chengdu # 如果需要指定地域 - ```fish - $ docker run -d -p 3210:3210 \ - -e OPENAI_API_KEY=sk-xxxx \ - -e OPENAI_PROXY_URL=https://api-proxy.com/v1 \ - --name lobe-chat \ - lobehub/lobe-chat ``` - ### Crontab 自动更新脚本(可选) + ### 启动 lobehub docker 镜像 - 如果你想自动获得最新的镜像,你可以如下操作。 - - 首先,新建一个 `lobe.env` 配置文件,内容为各种环境变量,例如: - - ```env - OPENAI_API_KEY=sk-xxxx - OPENAI_PROXY_URL=https://api-proxy.com/v1 - OPENAI_MODEL_LIST=-gpt-4,-gpt-4-32k,-gpt-3.5-turbo-16k,gpt-3.5-turbo-1106=gpt-3.5-turbo-16k,gpt-4-0125-preview=gpt-4-turbo,gpt-4-vision-preview=gpt-4-vision + ```sh + docker run -it -d -p 3210:3210 --network pg --env-file lobe-chat.env --name lobehub lobehub/lobehub ``` - 然后,你可以使用以下脚本来自动更新: + 你可以使用下述指令检查日志: - ```bash - #!/bin/bash - # auto-update-lobe-chat.sh - - # 设置代理(可选) - export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890 - - # 拉取最新的镜像并将输出存储在变量中 - output=$(docker pull lobehub/lobe-chat:latest 2>&1) - - # 检查拉取命令是否成功执行 - if [ $? -ne 0 ]; then - exit 1 - fi - - # 检查输出中是否包含特定的字符串 - echo "$output" | grep -q "Image is up to date for lobehub/lobe-chat:latest" - - # 如果镜像已经是最新的,则不执行任何操作 - if [ $? -eq 0 ]; then - exit 0 - fi - - echo "Detected Lobe-Chat update" - - # 删除旧的容器 - echo "Removed: $(docker rm -f Lobe-Chat)" - - # 运行新的容器 - echo "Started: $(docker run -d --network=host --env-file /path/to/lobe.env --name=Lobe-Chat --restart=always lobehub/lobe-chat)" - - # 打印更新的时间和版本 - echo "Update time: $(date)" - echo "Version: $(docker inspect lobehub/lobe-chat:latest | grep 'org.opencontainers.image.version' | awk -F'"' '{print $4}')" - - # 清理不再使用的镜像 - docker images | grep 'lobehub/lobe-chat' | grep -v 'lobehub/lobe-chat-database' | grep -v 'latest' | awk '{print $3}' | xargs -r docker rmi > /dev/null 2>&1 - echo "Removed old images." + ```sh + docker logs -f lobehub ``` - 此脚本可以在 Crontab 中使用,但请确认你的 Crontab 可以找到正确的 Docker 命令。建议使用绝对路径。 + 如果你在容器中看到了以下日志,则说明已经启动成功: - 配置 Crontab,每 5 分钟执行一次脚本: + ```log + [Database] Start to migration... + ✅ database migration pass. + ------------------------------------- + ▲ Next.js 14.x.x + - Local: http://localhost:3210 + - Network: http://0.0.0.0:3210 - ```bash - */5 * * * * /path/to/auto-update-lobe-chat.sh >> /path/to/auto-update-lobe-chat.log 2>&1 + ✓ Starting... + ✓ Ready in 95ms ``` -## 获取 OpenAI API Key - -API Key 是使用 LobeHub 进行大语言模型会话的必要信息,本节以 OpenAI 模型服务商为例,简要介绍获取 API Key 的方式。 - -### `A` 通过 OpenAI 官方渠道 - -- 注册一个 [OpenAI 账户](https://platform.openai.com/signup),你需要使用国际手机号、非大陆邮箱进行注册; -- 注册完毕后,前往 [API Keys](https://platform.openai.com/api-keys) 页面,点击 `Create new secret key` 创建新的 API Key: - - - #### 步骤 1:打开创建窗口 - - {'打开创建窗口'} - - #### 步骤 2:创建 API Key - - {'创建 - - #### 步骤 3:获取 API Key - - {'获取 - - -将此 API Key 填写到 LobeHub 的 API Key 配置中,即可开始使用。 - - - 账户注册后,一般有 5 美元的免费额度,但有效期只有三个月。如果你希望长期使用你的 API - Key,你需要完成支付的信用卡绑定。由于 OpenAI - 只支持外币信用卡,因此你需要找到合适的支付渠道,此处不再详细展开。 + + 在我们官方的 Docker 镜像中,会在启动镜像前自动执行数据库 schema 的 migration + ,我们的官方镜像承诺「空数据库 -> + 完整表」这一段自动建表的稳定性。因此我们建议你的数据库实例使用一个空表实例,进而省去手动维护表结构或者 + migration 的麻烦。 -### `B` 通过 OpenAI 第三方代理商 +## 在本地(Mac / Windows) 上使用 -如果你发现注册 OpenAI 账户或者绑定外币信用卡比较麻烦,可以考虑借助一些知名的 OpenAI 第三方代理商来获取 API Key,这可以有效降低获取 OpenAI API Key 的门槛。但与此同时,一旦使用三方服务,你可能也需要承担潜在的风险,请根据你自己的实际情况自行决策。以下是常见的第三方模型代理商列表,供你参考: +LobeHub 的 DB 版也支持直接在本地的 Mac/Windows 本地使用。 -| Logo | 服务商 | 特性说明 | Proxy 代理地址 | 链接 | -| ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------- | ------------------------- | ----------------------------- | -| | **AiHubMix** | 使用 OpenAI 企业接口,全站模型价格为官方 **86 折**(含 GPT-4 、Cluade 3.5 等) | `https://aihubmix.com/v1` | [获取](https://lobe.li/CnsM6fH) | +在此我们已假设你的本地有一个 5432 端口可用,账号为 `postgres` ,密码是 `mysecretpassword` 的 pg 实例,它在 `localhost:5432` 可用。 - - **免责申明**: 在此推荐的 OpenAI API Key 由第三方代理商提供,所以我们不对 API Key 的 **有效性** 和 - **安全性** 负责,请你自行承担购买和使用 API Key 的风险。 +那么你需要执行的脚本指令为: + +```shell +$ docker run -it -d --name lobehub -p 3210:3210 \ + -e DATABASE_URL=postgres://postgres:mysecretpassword@host.docker.internal:5432/postgres \ + -e KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ + -e AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ + -e JWKS_KEY='{"keys":[...]}' \ + -e APP_URL=http://localhost:3210 \ + -e S3_ACCESS_KEY_ID=xxxxxxxxxx \ + -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \ + -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \ + -e S3_BUCKET=LobeHub \ + -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \ + lobehub/lobehub +``` + + + `Docker` 在 `Windows` 和 `macOS` 上走的是虚拟机方案,如果使用 `localhost` / `127.0.0.1` + ,将会走到自身容器的 `localhost`,此时请尝试用 `host.docker.internal` 替代 `localhost` -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat?color=369eff&labelColor=black&style=flat-square&sort=semver +[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobehub?color=45cc11&labelColor=black&style=flat-square +[docker-release-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobehub?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver +[docker-size-link]: https://hub.docker.com/r/lobehub/lobehub +[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobehub?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/server-database/dokploy.mdx b/docs/self-hosting/platform/dokploy.mdx similarity index 94% rename from docs/self-hosting/server-database/dokploy.mdx rename to docs/self-hosting/platform/dokploy.mdx index 9cb8dd5441..1699fa7071 100644 --- a/docs/self-hosting/server-database/dokploy.mdx +++ b/docs/self-hosting/platform/dokploy.mdx @@ -32,7 +32,7 @@ curl -sSL https://dokploy.com/install.sh | sh ### Configure S3 Storage Service -In the server-side database, we need to configure the S3 storage service to store files. For detailed configuration instructions, please refer to the section [Configure S3 Storage Service](https://lobehub.com/docs/self-hosting/server-database/vercel#3-configure-s-3-storage-service) in the Vercel deployment guide。After the configuration is complete, you will obtain the following environment variables: +In the server-side database, we need to configure the S3 storage service to store files. For detailed configuration instructions, please refer to the section [Configure S3 Storage Service](https://lobehub.com/docs/self-hosting/platform/vercel#3-configure-s-3-storage-service) in the Vercel deployment guide。After the configuration is complete, you will obtain the following environment variables: ```shell S3_ACCESS_KEY_ID= @@ -43,7 +43,7 @@ S3_PUBLIC_DOMAIN= S3_ENABLE_PATH_STYLE= ``` -### Configure KEY_VAULTS_SECRET Environment Variable +### Configure KEY\_VAULTS\_SECRET Environment Variable `KEY_VAULTS_SECRET` is used to encrypt sensitive information such as API keys stored by users. Click the button below to generate: diff --git a/docs/self-hosting/server-database/dokploy.zh-CN.mdx b/docs/self-hosting/platform/dokploy.zh-CN.mdx similarity index 95% rename from docs/self-hosting/server-database/dokploy.zh-CN.mdx rename to docs/self-hosting/platform/dokploy.zh-CN.mdx index 3c33ec2067..3a81423d30 100644 --- a/docs/self-hosting/server-database/dokploy.zh-CN.mdx +++ b/docs/self-hosting/platform/dokploy.zh-CN.mdx @@ -33,7 +33,7 @@ curl -sSL https://dokploy.com/install.sh | sh ### 配置 S3 存储服务 -在服务端数据库中我们需要配置 S3 存储服务来存储文件,详细配置教程请参考 使用 Vercel 部署中 [配置 S3 储存服务](https://lobehub.com/zh/docs/self-hosting/server-database/vercel#%E4%B8%89%E3%80%81-%E9%85%8D%E7%BD%AE-s-3-%E5%AD%98%E5%82%A8%E6%9C%8D%E5%8A%A1)。配置完成后你将获得以下环境变量: +在服务端数据库中我们需要配置 S3 存储服务来存储文件,详细配置教程请参考 使用 Vercel 部署中 [配置 S3 储存服务](https://lobehub.com/zh/docs/self-hosting/platform/vercel#%E4%B8%89%E3%80%81-%E9%85%8D%E7%BD%AE-s-3-%E5%AD%98%E5%82%A8%E6%9C%8D%E5%8A%A1)。配置完成后你将获得以下环境变量: ```shell S3_ACCESS_KEY_ID= @@ -44,7 +44,7 @@ S3_PUBLIC_DOMAIN= S3_ENABLE_PATH_STYLE= ``` -### 配置 KEY_VAULTS_SECRET 环境变量 +### 配置 KEY\_VAULTS\_SECRET 环境变量 `KEY_VAULTS_SECRET` 用于加密用户存储的 API Key 等敏感信息。点击下方按钮一键生成: diff --git a/docs/self-hosting/platform/netlify.mdx b/docs/self-hosting/platform/netlify.mdx deleted file mode 100644 index 4ec97ca97e..0000000000 --- a/docs/self-hosting/platform/netlify.mdx +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Deploy LobeHub with Netlify - Step-by-Step Guide -description: >- - Learn how to deploy LobeHub on Netlify with detailed instructions on forking - the repository, preparing your OpenAI API Key, importing to Netlify workspace, - configuring site name and environment variables, and monitoring deployment - progress. -tags: - - Deploy LobeHub - - Netlify Deployment - - Environment Variables - - Custom Domain Setup ---- - -# Deploy LobeHub with Netlify - -If you want to deploy LobeHub on Netlify, you can follow these steps: - -## Deploy LobeHub with Netlify - - - ### Fork the LobeHub Repository - - Click the Fork button to fork the LobeHub repository to your GitHub account. - - ### Import to Netlify Workspace - - - After testing, it is currently not supported to have a one-click deployment button similar to - Vercel/Zeabur. The reason is unknown. Therefore, manual import is required. - - - Click "Import from git" - - {'Click - - Then click "Deploy with Github" and authorize Netlify to access your GitHub account. - - {'Authorize - - Next, select the LobeHub project: - - {'Select - - ### Configure Site Name and Environment Variables - - In this step, you need to configure your site, including the site name, build command, and publish directory. Fill in your site name in the "Site Name" field. If there are no special requirements, you do not need to modify the remaining configurations as we have already set the default configurations. - - {'Configure - - Click the "Add environment variables" button to add site environment variables if needed: - - {'Add - - - For a complete list of environment variables supported by LobeHub, please refer to the [📘 - Environment Variables](/docs/self-hosting/environment-variables) - - - Finally click "Deploy lobe-chat" to enter the deployment phase - - {'Environment - - ### Wait for Deployment to Complete - - After clicking deploy, you will enter the site details page, where you can click the "Deploying your site" in blue or the "Building" in yellow to view the deployment progress. - - {'Netlify - - Upon entering the deployment details, you will see the following interface, indicating that your LobeHub is currently being deployed. Simply wait for the deployment to complete. - - {'LobeHub - - During the deployment and build process: - - {'Deployment - - ### Deployment Successful, Start Using - - If your Deploy Log in the interface looks like the following, it means your LobeHub has been successfully deployed. - - {'Deployment - - At this point, you can click on "Open production deploy" to access your LobeHub site. - - {'Access - - -## Set up Custom Domain (Optional) - -You can use the subdomain provided by Netlify, or choose to bind a custom domain. Currently, the domain provided by Netlify has not been contaminated, and can be accessed directly in most regions. diff --git a/docs/self-hosting/platform/netlify.zh-CN.mdx b/docs/self-hosting/platform/netlify.zh-CN.mdx deleted file mode 100644 index 2d66efe927..0000000000 --- a/docs/self-hosting/platform/netlify.zh-CN.mdx +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: 在 Netlify 上部署 LobeHub -description: >- - 学习如何在 Netlify 上部署 LobeHub,包括 Fork 仓库、准备 OpenAI API Key、导入到 Netlify - 工作台、配置站点名称与环境变量等步骤。 -tags: - - Netlify - - LobeHub - - 部署教程 - - 环境配置 ---- - -# 使用 Netlify 部署 - -如果想在 Netlify 上部署 LobeHub,可以按照以下步骤进行操作: - -## Netlify 部署 LobeHub - - - ### Fork LobeHub 仓库 - - 点击 Fork 按钮,将 LobeHub 仓库 Fork 到你的 GitHub 账号下。 - - ### 在 Netlify 工作台导入 - - 经过测试,暂不支持类似 Vercel/Zeabur 的一键部署按钮,原因未知。因此需要手动导入 - - 点击 「Import from git」 - - {'在 - - 然后点击 「Deploy with Github」,并授权 Netlify 访问你的 GitHub 账号 - - {'授权 - - 然后选择 LobeHub 项目: - - {'选择 - - ### 配置站点名称与环境变量 - - 在这一步,你需要配置你的站点,包括站点名称、构建命令、发布目录等。在「Site Name」字段填写上你的站点名称。其余配置如果没有特殊要求,无需修改,我们已经设定好了默认配置。 - - {'配置 - - 如需要,点击 「Add environment variables」按钮添加站点环境变量: - - {'添加 - - - LobeHub 支持的完整环境变量列表请参考 [📘 环境变量](/zh/docs/self-hosting/environment-variables) - 部分 - - - 最后点击「Deploy lobe-chat」进入部署阶段。 - - {'环境变量添加完成'} - - ### 等待部署完成 - - 点击部署后,会进入站点详情页面,你可以点击青色字样的「Deploying your site」或者 「Building」 黄色标签查看部署进度。 - - {'Netlify - - 进入部署详情,你会看到下述界面,这意味着你的 LobeHub 正在部署中,只需等待部署完成即可。 - - {'LobeHub - - 部署构建过程中: - - {'部署构建中'} - - ### 部署成功,开始使用 - - 如果你的界面中的 Deploy Log 如下所示,意味着你的 LobeHub 部署成功了。 - - {'部署成功'} - - 此时,你可以点击「Open production deploy」,即可访问你的 LobeHub 站点 - - {'访问你的 - - -## 绑定自定义域名(可选) - -你可以使用 Netlify 提供的子域名,也可以选择绑定自定义域名。目前 Netlify 提供的域名还未被污染,大多数地区都可以直连。 diff --git a/docs/self-hosting/platform/railway.mdx b/docs/self-hosting/platform/railway.mdx deleted file mode 100644 index 73acff77d6..0000000000 --- a/docs/self-hosting/platform/railway.mdx +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Deploy LobeHub with Railway -description: >- - Learn how to deploy LobeHub on Railway and follow the step-by-step process. - Get your OpenAI API Key, deploy with a click, and start using it. Optionally, - bind a custom domain for your deployment. -tags: - - Deploy LobeHub - - Railway Deployment - - Custom Domain Binding ---- - -# Deploy LobeHub with Railway - -If you want to deploy LobeHub on Railway, you can follow the steps below: - -## Railway Deployment Process - - - ### Click the button below to deploy - - [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/FB6HrV?referralCode=9bD9mT) - - ### Once deployed, you can start using it - - ### Bind a custom domain (optional) - - You can use the subdomain provided by Railway, or choose to bind a custom domain. Currently, the domains provided by Railway have not been contaminated, and most regions can connect directly. - diff --git a/docs/self-hosting/platform/railway.zh-CN.mdx b/docs/self-hosting/platform/railway.zh-CN.mdx deleted file mode 100644 index 0bfdc1eb09..0000000000 --- a/docs/self-hosting/platform/railway.zh-CN.mdx +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: 在 Railway 上部署 LobeHub -description: 学习如何在 Railway 上部署 LobeHub 应用,包括准备 OpenAI API Key、点击按钮进行部署、绑定自定义域名等步骤。 -tags: - - Railway - - 部署 - - LobeHub - - OpenAI - - API Key - - 自定义域名 ---- - -# 使用 Railway 部署 - -如果想在 Railway 上部署 LobeHub,可以按照以下步骤进行操作: - -## Railway 部署流程 - - - ### 点击下方按钮进行部署 - - [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/FB6HrV?referralCode=9bD9mT) - - ### 部署完毕后,即可开始使用 - - ### 绑定自定义域名(可选) - - 你可以使用 Railway 提供的子域名,也可以选择绑定自定义域名。目前 Railway 提供的域名还未被污染,大多数地区都可以直连。 - diff --git a/docs/self-hosting/platform/repocloud.mdx b/docs/self-hosting/platform/repocloud.mdx index 1d321d96d3..7d7b745b53 100644 --- a/docs/self-hosting/platform/repocloud.mdx +++ b/docs/self-hosting/platform/repocloud.mdx @@ -1,25 +1,29 @@ --- -title: Deploy LobeHub on RepoCloud +title: Deploy LobeHub with Database on RepoCloud description: >- - Learn how to deploy LobeHub on RepoCloud with ease. Follow these steps to - prepare your OpenAI API Key, deploy the application, and start using it. - Optional: Bind a custom domain for a personalized touch. + Learn how to deploy LobeHub on RepoCloud with ease, including database, + authentication and S3 storage service. tags: - Deploy LobeHub - RepoCloud Deployment + - OpenAI API Key - Custom Domain Binding --- -# Deploy LobeHub with RepoCloud +# Deploying LobeHub Database Edition with RepoCloud -If you want to deploy LobeHub on RepoCloud, you can follow the steps below: +If you want to deploy LobeHub Database Edition on RepoCloud, you can follow the steps below: ## RepoCloud Deployment Process + ### Prepare your OpenAI API Key + + Go to [OpenAI API Key](https://platform.openai.com/account/api-keys) to get your OpenAI API Key. + ### One-click to deploy - [![][deploy-button-image]][deploy-link] + [![Deploy to RepoCloud](https://d16t0pc4846x52.cloudfront.net/deploy.svg)](https://repocloud.io/details/?app_id=248) ### Once deployed, you can start using it @@ -27,6 +31,3 @@ If you want to deploy LobeHub on RepoCloud, you can follow the steps below: You can use the subdomain provided by RepoCloud, or choose to bind a custom domain. Currently, the domains provided by RepoCloud have not been contaminated, and most regions can connect directly. - -[deploy-button-image]: https://d16t0pc4846x52.cloudfront.net/deploy.svg -[deploy-link]: https://repocloud.io/details/?app_id=248 diff --git a/docs/self-hosting/platform/repocloud.zh-CN.mdx b/docs/self-hosting/platform/repocloud.zh-CN.mdx index 2129eb894b..e2a23c5efc 100644 --- a/docs/self-hosting/platform/repocloud.zh-CN.mdx +++ b/docs/self-hosting/platform/repocloud.zh-CN.mdx @@ -1,30 +1,32 @@ --- -title: 在 RepoCloud 上部署 LobeHub -description: 学习如何在RepoCloud上部署LobeHub应用,包括准备OpenAI API Key、点击部署按钮、绑定自定义域名等操作。 +title: 在 RepoCloud 上部署 LobeHub 数据库版 +description: 学习如何在 RepoCloud 上部署 LobeHub 应用,包括准备 OpenAI API Key、点击部署按钮、绑定自定义域名等操作。 tags: - RepoCloud - LobeHub - 部署流程 + - OpenAI API Key - 自定义域名 --- -# 使用 RepoCloud 部署 +# 在 RepoCloud 上部署 LobeHub 数据库版 -如果想在 RepoCloud 上部署 LobeHub,可以按照以下步骤进行操作: +如果您想在 RepoCloud 上部署 LobeHub 数据库版,可以按照以下步骤进行操作: ## RepoCloud 部署流程 - ### 点击下方按钮进行部署 + ### 准备您的 OpenAI API 密钥 - [![][deploy-button-image]][deploy-link] + 请访问 [OpenAI API 密钥](https://platform.openai.com/account/api-keys) 获取您的 OpenAI API 密钥。 - ### 部署完毕后,即可开始使用 + ### 一键部署 + + [![部署到 RepoCloud](https://d16t0pc4846x52.cloudfront.net/deploy.svg)](https://repocloud.io/details/?app_id=248) + + ### 部署完成后,您可以开始使用 ### 绑定自定义域名(可选) - 你可以使用 RepoCloud 提供的子域名,也可以选择绑定自定义域名。目前 RepoCloud 提供的域名还未被污染,大多数地区都可以直连。 + 您可以使用 RepoCloud 提供的子域名,或选择绑定自定义域名。目前,RepoCloud 提供的域名尚未被污染,大多数地区可以直接连接。 - -[deploy-button-image]: https://d16t0pc4846x52.cloudfront.net/deploy.svg -[deploy-link]: https://repocloud.io/details/?app_id=248 diff --git a/docs/self-hosting/platform/sealos.mdx b/docs/self-hosting/platform/sealos.mdx index f79af5a234..5bf6e8a9ce 100644 --- a/docs/self-hosting/platform/sealos.mdx +++ b/docs/self-hosting/platform/sealos.mdx @@ -1,31 +1,97 @@ --- -title: Deploy LobeHub on Sealos +title: Deploy Lobe Chat Database Version on Sealos description: >- Learn how to deploy LobeHub on Sealos with ease. Follow the provided steps to set up LobeHub and start using it efficiently. tags: - Deploy LobeHub - Sealos Deployment + - OpenAI API Key - Custom Domain Binding --- -# Deploy LobeHub with Sealos +# Deploying Lobe Chat Database Version on Sealos -If you want to deploy LobeHub on Sealos, you can follow the steps below: + + This article assumes that you are familiar with the basic principles and processes of deploying + the LobeHub server database version, so it only includes content related to core environment + variable configuration. If you are not familiar with the deployment principles of the LobeHub + server database version, please refer to [Deploying Server + Database](/docs/self-hosting/server-database) first. + -## Sealos Deployment Process +The application on Sealos includes 4 services: - - ### Click the button below to deploy +- Logto for authrization(need to deploy separately). +- PostgreSQL with Vector plugin for data storage and indexing. +- One object storage Bucket. +- Lobe Chat database version. - [![][deploy-button-image]][deploy-link] +Here is the process for deploying the Lobe Chat server database version on Sealos: - ### After deployment, you can start using it +## Pre-Deployment Setup - ### Bind a custom domain (optional) +**Step 1**:Click the button below to deploy a Logto service: - You can use the subdomain provided by Sealos, or choose to bind a custom domain. Currently, the domains provided by Sealos have not been contaminated, and can be directly accessed in most regions. - +[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.usw.sealos.io/deploy?templateName=logto) -[deploy-button-image]: https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg -[deploy-link]: https://template.usw.sealos.io/deploy?templateName=lobe-chat +> Logto is an open-source identity and access management (IAM) platform, an open-source alternative to Auth0, designed to help developers quickly build secure and scalable login and registration systems and user identity systems. + +**Step 2**:After the deployment is complete, wait for all the components of the application to be in the "Running" state, click the application's "Details" button to enter the application details page. + +![Logto application deployment status on Sealos](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-deployment-status-sealos-en.png) + +Click the public address corresponding to port 3002, you can use the public address to access the Logto service. + +![Logto service public address](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-public-address-en.png) + +**Step 3**:Register a management account, then click the `Applications` menu on the left, enter the application list page. Click the `Create application` button in the upper right corner to create an application. + +![Logto application list page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-application-list.png) + +Select `Next.js (App Router)` as the framework, then click the `Start building` button. + +![Logto create application page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application.png) + +**Step 4**:In the pop-up window, fill in the application name as `Lobe Chat`, then click the `Create application` button. Next, do not fill in anything, just click the bottom `Finish and done` button to create it. + +![Logto create application done page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application-done.png) + +**Step 5**:In the `Lobe Chat` application, find the following three parameters, which will be used later when deploying the Lobe Chat database version. + +![Logto application detail page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-detail.png) + +## Deploy Lobe Chat Database Version + +**Step 1**:Click the button below to visit the Lobe Chat database version application deployment page: + +[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.usw.sealos.io/deploy?templateName=lobe-chat-db) + +Fill in the following three required parameters: + +- `AUTH_LOGTO_ID`:The App ID of the Logto application +- `AUTH_LOGTO_SECRET`:The App Secret of the Logto application +- `AUTH_LOGTO_ISSUER`:The Issuer endpoint of the Logto application + +**Step 2**:Click the `Deploy App` button, after the deployment is complete, wait for all the components of the application to be in the "Running" state, click the application's "Details" button to enter the application details page. + +![Lobe Chat database version deployment done page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-deployment-done-en.png) + +**Step 3**:Find the public address, copy it, and use it later. + +## Post-Deployment Configuration + +**Step 1**:Enter the `Applications` page of Logto, find the `Lobe Chat` application, click to enter the application details page. + +**Step 2**:In the `Settings` page, find the `Redirect URI` and `Post sign-out redirect URI` parameters, fill in the following values: + +- Redirect URI: `https:///api/auth/callback/logto` +- Post sign-out redirect URI: `https://` + +**Step 3**:Click the `Save changes` button to save the configuration. + +**Step 4**:Now, access the Lobe Chat database version through `https://`, click the avatar in the upper left corner, and then click the \[Log in / Sign up] button. + +**Step 5**:Next, you will be redirected to the Logto login page, click the \[Create account] button to register an account. + +**Step 6**:After registration, you can use Logto to login to the Lobe Chat database version. diff --git a/docs/self-hosting/platform/sealos.zh-CN.mdx b/docs/self-hosting/platform/sealos.zh-CN.mdx index ee02eafa1d..95901922dc 100644 --- a/docs/self-hosting/platform/sealos.zh-CN.mdx +++ b/docs/self-hosting/platform/sealos.zh-CN.mdx @@ -1,5 +1,5 @@ --- -title: 在 Sealos 上部署 LobeHub +title: 在 Sealos 上部署 LobeHub 数据库版 description: 学习如何在 Sealos 上部署 LobeHub,包括准备 OpenAI API Key、点击部署按钮、绑定自定义域名等操作。 tags: - Sealos @@ -9,23 +9,104 @@ tags: - 自定义域名 --- -# 使用 Sealos 部署 +# 使用 Sealos 部署 LobeHub 数据库版 -如果想在 Sealos 上部署 LobeHub,可以按照以下步骤进行操作: + + 本文假设你已经熟悉 Lobe Chat + 服务器数据库版的部署基本原理和流程,因此只包含与核心环境变量配置相关的内容。如果你对 Lobe Chat + 服务器数据库版的部署原理不熟悉,请先参考[部署服务器数据库](/zh/docs/self-hosting/server-database)。 + -## Sealos 部署流程 +在 Sealos 的 Lobe Chat 数据库版应用中总共包含有以下四个服务: + +- Logto 提供身份校验(需额外部署) +- 带有 Vector 插件的 PostgreSQL 来做数据存储和向量化 +- 一个对象存储 Bucket +- LobeHub Database 的实例 + +这里是在 Sealos 上部署 Lobe Chat 服务器数据库版的流程: + +## 预部署配置 + +在开始部署之前,您需要完成以下配置: - ### 点击下方按钮进行部署 + ### 部署 Logto 服务 - [![][deploy-button-image]][deploy-link] + 点击下方按钮部署一个 Logto 服务: - ### 部署完毕后,即可开始使用 + [![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.hzh.sealos.run/deploy?templateName=logto) - ### 绑定自定义域名(可选) + > Logto 是一个开源的身份与访问管理(IAM)平台,是 Auth0 的开源替代方案,旨在帮助开发者快速构建安全、可扩展的登录注册系统和用户身份体系。 - 你可以使用 Sealos 提供的子域名,也可以选择绑定自定义域名。目前 Sealos 提供的域名还未被污染,大多数地区都可以直连。 + 部署完成后,等待应用的所有组件状态都变成 “运行中”,点击应用的【详情】按钮,进入应用详情页面。 + + ![Logto 应用详情页面部署完成状态](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-deployment-status-sealos.png) + + 点击 3002 端口对应的公网地址,即可使用公网域名访问 Logto 服务。 + + ![Logto 服务公网地址](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-public-address.png) + + ### 创建 Application + + 注册一个管理员账号,然后点击左侧的 `Applications` 菜单,进入应用列表页面。再点击右上角的 `Create application` 按钮创建应用。 + + ![Logto 应用列表页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-application-list.png) + + 选择 `Next.js (App Router)` 作为框架,然后点击 `Start building` 按钮。 + + ![Logto 创建应用页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application.png) + + 在弹窗中填写应用的名称为 `Lobe Chat`,然后点击 `Create application` 按钮。接下来啥也不用填,直接点击底部的 `Finish and done` 按钮就创建完成了。 + + ![Logto 创建应用完成页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application-done.png) + + 在 `Lobe Chat` 应用中找到以下三个参数,后面部署 Lobe Chat 数据库版时需要用到。 + + ![Logto 应用详情页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-detail.png) -[deploy-button-image]: https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg -[deploy-link]: https://cloud.sealos.io/?openapp=system-template%3FtemplateName%3Dlobe-chat +## 部署 Lobe Chat 数据库版 + +点击下方按钮访问 Lobe Chat 数据库版应用部署页面: + +[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.hzh.sealos.run/deploy?templateName=lobe-chat-db) + +填入三个必填参数: + +- `AUTH_LOGTO_ID`:Logto 应用的 App ID +- `AUTH_LOGTO_SECRET`:Logto 应用的 App Secret +- `AUTH_LOGTO_ISSUER`:Logto 应用的 Issuer endpoint + +点击【部署】按钮,部署完成后,等待应用的所有组件状态都变成 “运行中”,点击应用的【详情】按钮,进入应用详情页面。 + +![Lobe Chat 数据库版部署完成页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-deployment-done.png) + +找到公网地址,复制下来,后面需要用到。 + +![Lobe Chat 数据库版公网地址](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-public-address.png) + +## 部署后配置 + +进入 Logto 的 `Applications` 页面,找到 `Lobe Chat` 应用,点击进入应用详情页面。 + +在 `Settings` 页面中找到 “Redirect URI” 和 “Post sign-out redirect URI” 这两个参数,填入以下值: + +- Redirect URI:`https:///api/auth/callback/logto` +- Post sign-out redirect URI:`https://` + +其中 `https://` 为 Lobe Chat 数据库版的公网地址。 + +填完之后点击 `Save changes` 按钮保存配置。 + +现在通过 `https://` 访问 Lobe Chat 数据库版,点击左上角的头像,然后点击【登录 / 注册】按钮: + +![Lobe Chat 数据库版登录页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-login.png) + +接下来会跳转到 Logto 的登录页面,点击【注册】注册一个账号。 + +![Lobe Chat 数据库版注册页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-register.png) + +注册完成后,即可使用 Logto 登录 Lobe Chat 数据库版。 + +![Lobe Chat 数据库版登录成功页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-login-success.png) diff --git a/docs/self-hosting/platform/tencentcloud-lighthouse.mdx b/docs/self-hosting/platform/tencentcloud-lighthouse.mdx deleted file mode 100644 index caf9a1505b..0000000000 --- a/docs/self-hosting/platform/tencentcloud-lighthouse.mdx +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Deploy LobeHub on TencentCloud Lighthouse -description: >- - Learn how to deploy the LobeHub application on TencentCloud Lighthouse, - including preparing the large model API Key, clicking the deploy button, and - other operations. -tags: - - TencentCloud Lighthouse - - TencentCloud - - LobeHub - - API Key ---- - -# Deploy LobeHub with TencentCloud Lighthouse - -If you want to deploy LobeHub on TencentCloud Lighthouse, you can follow the steps below: - -## Tencent Cloud Deployment Process - - - ### One-click to deploy - - [![][deploy-button-image]][deploy-link] - - ### Once deployed, you can start using it - - -[deploy-button-image]: https://cloudcache.tencent-cloud.com/qcloud/ui/static/static_source_business/d65fb782-4fb0-4348-ad85-f2943d6bee8f.svg -[deploy-link]: https://buy.tencentcloud.com/lighthouse?blueprintType=APP_OS&blueprintOfficialId=lhbp-6u0ti132®ionId=9&zone=ap-singapore-3&bundleId=bundle_starter_nmc_lin_med2_01&loginSet=AUTO&rule=true&from=LobeHub diff --git a/docs/self-hosting/platform/tencentcloud-lighthouse.zh-CN.mdx b/docs/self-hosting/platform/tencentcloud-lighthouse.zh-CN.mdx deleted file mode 100644 index f0a2aec9fc..0000000000 --- a/docs/self-hosting/platform/tencentcloud-lighthouse.zh-CN.mdx +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: 在 腾讯轻量云 上部署 LobeHub -description: 学习如何快速在腾讯轻量云上部署LobeHub应用,包括准备大模型 API Key、点击部署按钮等操作。 -tags: - - 腾讯云 - - 腾讯轻量云 - - LobeHub - - 部署流程 ---- - -# 使用 腾讯轻量云 部署 - -如果想在 腾讯云 上部署 LobeHub,可以按照以下步骤进行操作: - -## 腾讯轻量云 部署流程 - - - ### 点击下方按钮进行部署 - - [![][deploy-button-image]][deploy-link] - - ### 部署完毕后,即可开始使用 - - -[deploy-button-image]: https://cloudcache.tencent-cloud.com/qcloud/ui/static/static_source_business/d65fb782-4fb0-4348-ad85-f2943d6bee8f.svg -[deploy-link]: https://buy.cloud.tencent.com/lighthouse?blueprintType=APP_OS&blueprintOfficialId=lhbp-6u0ti132®ionId=8&zone=ap-beijing-3&bundleId=bundle_starter_mc_med2_01&loginSet=AUTO&rule=true&from=LobeHub diff --git a/docs/self-hosting/platform/vercel.mdx b/docs/self-hosting/platform/vercel.mdx index 8210352496..ac6f6d30db 100644 --- a/docs/self-hosting/platform/vercel.mdx +++ b/docs/self-hosting/platform/vercel.mdx @@ -1,40 +1,344 @@ --- -title: Deploy LobeHub with Vercel +title: Deploy LobeHub with database on Vercel description: >- - Learn how to deploy LobeHub on Vercel with ease. Follow the provided steps to - prepare your OpenAI API Key, deploy the project, and start using it - efficiently. + Learn how to deploy LobeHub with database on Vercel with ease, including: + database, authentication and S3 storage service. tags: - Deploy LobeHub - Vercel Deployment - - Custom Domain Binding + - Better Auth + - S3 Storage --- -# Deploy LobeHub with Vercel +# Deploying Server Database Version on Vercel -If you want to deploy LobeHub on Vercel, you can follow the steps below: +This article will detail how to deploy the server database version of LobeHub on Vercel, including: 1) database configuration; 2) identity authentication service configuration; 3) steps for setting up the S3 storage service. -## Vercel Deployment Process + + Before proceeding, please make sure of the following: + + - Export all data, as after deploying the server-side database, existing user data cannot be automatically migrated and can only be manually imported after backup! + - When configuring the environment variables required for the server-side database, make sure to fill in all of them before deployment, otherwise you may encounter database migration issues! + + +## 1. Configure the Database - ### Click the button below to deploy + ### Prepare the Server Database Instance and Obtain the Connection URL - [![](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Flobehub%2Flobe-chat\&project-name=lobe-chat\&repository-name=lobe-chat) + Before deployment, make sure you have prepared a Postgres database instance. You can choose one of the following methods: - Simply log in with your GitHub account to complete the deployment. + - `A.` Use Serverless Postgres instances like Vercel / Neon; + - `B.` Use self-deployed Postgres instances like Docker. - ### After deployment, you can start using it + The configuration for both methods is slightly different, and will be distinguished in the next step. - ### Bind a custom domain (optional) + ### Add Environment Variables in Vercel - Vercel's assigned domain DNS may be polluted in some regions, so binding a custom domain can establish a direct connection. + In Vercel's deployment environment variables, add `DATABASE_URL` and other environment variables, and fill in the Postgres database connection URL prepared in the previous step. The typical format for the database connection URL is `postgres://username:password@host:port/database`. + + + + + Please confirm the `Postgres` type provided by your vendor. If it is `Node Postgres`, switch to + the `Node Postgres` Tab. + + + Variables to be filled for Serverless Postgres are as follows: + + ```shell + # Serverless Postgres DB Url + DATABASE_URL= + ``` + + An example of filling in Vercel is as follows: + + {'Add + + + + Variables to be filled for Node Postgres are as follows: + + ```shell + # Node Postgres DB Url + DATABASE_URL= + + # Specify Postgres database driver as node + DATABASE_DRIVER=node + ``` + + An example of filling in Vercel is as follows: + + {'Add + + + + + If you wish to enable SSL when connecting to the database, please refer to the + [link](https://stackoverflow.com/questions/14021998/using-psql-to-connect-to-postgresql-in-ssl-mode) + for setup instructions. + + + ### Add the `KEY_VAULTS_SECRET` Environment Variable + + After adding the `DATABASE_URL` environment variable for the database, you need to add a `KEY_VAULTS_SECRET` environment variable. This variable is used to encrypt sensitive information such as apikeys stored by users. Click the button below to generate: + + + + Make sure to add this to the Vercel environment variables as well. + + ### Add the `APP_URL` Environment Variable + + Finally, you need to add the `APP_URL` environment variable, which specifies the URL address of the LobeHub application. -## Automatic Synchronization of Updates +## 2. Configure Authentication Service -If you have deployed your project using the one-click deployment steps mentioned above, you may find that you are always prompted with "updates available." This is because Vercel creates a new project for you by default instead of forking this project, which causes the inability to accurately detect updates. +The server-side database needs to be paired with a user authentication service to function properly. Therefore, the corresponding authentication service needs to be configured. - - We recommend following the [Self-Hosting Upstream Sync](/docs/self-hosting/advanced/upstream-sync) - steps to Redeploy. + + ### Add Authentication Environment Variables + + In Vercel's deployment environment variables, add the following environment variables to enable authentication (powered by [Better Auth](https://www.better-auth.com)): + + Click the button below to generate `AUTH_SECRET` (session encryption key): + + + + You also need to configure the `JWKS_KEY` environment variable for signing and verifying JWTs. Click the button below to generate: + + + + With these variables, users can register and login with email and password. + + + For advanced features like SSO providers, magic link login, and email verification, see [Authentication Service](/docs/self-hosting/advanced/auth). + + + ### Add Public and Private Key Environment Variables in Vercel + + In Vercel's deployment environment variables, add the `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` and `CLERK_SECRET_KEY` environment variables. You can click on "API Keys" in the menu, then copy the corresponding values and paste them into Vercel's environment variables. + + {'Find + + The environment variables required for this step are as follows: + + ```shell + NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx + CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx + ``` + + Add the above variables to Vercel: + + {'Add + + ### Create and Configure Webhook in Clerk + + Since we let Clerk fully handle user authentication and management, we need Clerk to notify our application and store data in the database when there are changes in the user's lifecycle (create, update, delete). We achieve this requirement through the Webhook provided by Clerk. + + We need to add an endpoint in Clerk's Webhooks to inform Clerk to send notifications to this endpoint when a user's information changes. + + {'Add + + Fill in the endpoint with the URL of your Vercel project, such as `https://your-project.vercel.app/api/webhooks/clerk`. Then, subscribe to events by checking the three user events (`user.created`, `user.deleted`, `user.updated`), and click create. + + + The `https://` in the URL is essential to maintain the integrity of the URL. + + + {'Configure + + ### Add Webhook Secret to Vercel Environment Variables + + After creation, you can find the secret of this Webhook in the bottom right corner: + + {'View + + The environment variable corresponding to this secret is `CLERK_WEBHOOK_SECRET`: + + ```shell + CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx + ``` + + Add it to Vercel's environment variables: + + {'Add + + +By completing these steps, you have successfully configured the authentication service. Next, we will configure the S3 storage service. + +## 3. Configure S3 Storage Service + +In the server-side database, we need to configure the S3 storage service to store files. + + + In this article, S3 refers to a compatible S3 storage solution, which supports object storage + systems that comply with the Amazon S3 API. Common examples include Cloudflare R2, Alibaba Cloud + OSS, etc., all of which support S3-compatible APIs. + + + ### Configure and Obtain S3 Bucket + + You need to go to your S3 service provider (such as AWS S3, Cloudflare R2, etc.) and create a new storage bucket. The following steps will use Cloudflare R2 as an example to explain the creation process. + + The interface of Cloudflare R2 is shown below: + + {'Cloudflare + + When creating a storage bucket, specify its name and then click create. + + {'Create + + ### Obtain Environment Variables for the Bucket + + In the settings of the R2 storage bucket, you can view the bucket configuration information: + + {'View + + The corresponding environment variables are: + + ```shell + # Storage bucket name + S3_BUCKET=LobeHub + # Storage bucket request endpoint (note that the path in this link includes the bucket name, which must be removed, or use the link provided on the S3 API token application page) + S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com + # Public access domain for the storage bucket + S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com + ``` + + + `S3_ENDPOINT` must have its path removed, otherwise uploaded files will not be accessible + + + ### Obtain S3 Key Environment Variables + + You need to obtain the access key for S3 so that the LobeHub server has permission to access the S3 storage service. In R2, you can configure the access key in the account details: + + {'View + + Click the button in the upper right corner to create an API token and enter the create API Token page. + + {'Create + + Since our server-side database needs to read and write to the S3 storage service, the permission needs to be set to `Object Read and Write`, then click create. + + {'Configure + + After creation, you can see the corresponding S3 API token. + + {'Copy + + The corresponding environment variables are: + + ```shell + S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 + S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 + ``` + + ### Adding Corresponding Environment Variables in Vercel + + The steps to obtain the required environment variables may vary for different S3 service providers, but the obtained environment variables should be consistent: + + + The `https://` in the URL is essential and must be maintained for the completeness of the URL. + + + ```shell + # S3 Keys + S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 + S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 + + # Bucket name + S3_BUCKET=LobeHub + # Bucket request endpoint + S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com + # Public domain for bucket access + S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com + + # Bucket region, such as us-west-1, generally not required, but some providers may need to configure + # S3_REGION=us-west-1 + ``` + + Then, insert the above environment variables into Vercel's environment variables: + + {'Adding + + ### Configuring Cross-Origin Resource Sharing (CORS) + + Since S3 storage services are often on a separate domain, cross-origin access needs to be configured. + + In R2, you can find the CORS configuration in the bucket settings: + + {'Cloudflare + + Add a CORS rule to allow requests from your domain (in this case, `https://your-project.vercel.app`): + + {'Configuring + + Example configuration: + + ```json + [ + { + "AllowedOrigins": ["https://your-project.vercel.app"], + "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"], + "AllowedHeaders": ["*"] + } + ] + ``` + + After configuring, click save. + + +## Four, Deployment and Verification + +After completing the steps above, the configuration of the server-side database should be done. Next, we can deploy LobeHub to Vercel and then visit your Vercel link to verify if the server-side database is working correctly. + + + ### Redeploy the latest commit + + After configuring the environment variables, you need to redeploy the latest commit and wait for the deployment to complete. + + {'Redeploy + + ### Check if the features are working properly + + If you click on the login button in the top left corner and the login popup appears normally, then you have successfully configured it. Enjoy using it\~ + + {'User + + {'Login + + +## Appendix + +### Overview of Server-side Database Environment Variables + +For easy copying, here is a summary of the environment variables required to configure the server-side database: + +```shell +APP_URL=https://your-project.com + +# Postgres database URL +DATABASE_URL= +KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= + +# Authentication +AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= +JWKS_KEY='{"keys":[...]}' + +# S3 related configurations +# S3 keys +S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 +S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 + +# Bucket name +S3_BUCKET=LobeHub +# Bucket request endpoint +S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com +# Public access domain for the bucket +S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com +# Bucket region, such as us-west-1, generally not needed to add, but some service providers may require configuration +# S3_REGION=us-west-1 +``` diff --git a/docs/self-hosting/platform/vercel.zh-CN.mdx b/docs/self-hosting/platform/vercel.zh-CN.mdx index 6842d70cd9..455172fdaf 100644 --- a/docs/self-hosting/platform/vercel.zh-CN.mdx +++ b/docs/self-hosting/platform/vercel.zh-CN.mdx @@ -1,43 +1,337 @@ --- -title: 在 Vercel 上部署 LobeHub -description: 学习如何在 Vercel 上一键部署 LobeHub,准备 OpenAI API Key,点击按钮进行部署,绑定自定义域名,自动同步更新等。 +title: 在 Vercel 上部署 LobeHub 的服务端数据库版本 +description: 本文详细介绍如何在 Vercel 中部署服务端数据库版 LobeHub,包括数据库配置、身份验证服务配置和 S3 存储服务的设置步骤。 tags: - - Vercel - - 部署指引 - - LobeHub - - OpenAI API Key - - 自定义域名 - - 自动同步更新 + - 服务端数据库 + - Postgres + - Better Auth + - S3存储服务 + - Vercel部署 + - 数据库配置 + - 身份验证服务 + - 环境变量配置 --- -# Vercel 部署指引 +# 在 Vercel 上部署服务端数据库版 -如果想在 Vercel 上部署 LobeHub,可以按照以下步骤进行操作: +本文将详细介绍如何在 Vercel 中部署服务端数据库版 LobeHub,包括: 1)数据库配置;2)身份验证服务配置;3) S3 存储服务的设置步骤。 -## Vercel 部署流程 + + 进行后续操作前,请务必确认以下事项: - - ### 点击下方按钮进行部署 - - [![][deploy-button-image]][deploy-link] - - 直接使用 GitHub 账号登录即可完成部署。 - - ### 部署完毕后,即可开始使用 - - ### 绑定自定义域名(可选) - - Vercel 分配的域名 DNS 在某些区域被污染了,绑定自定义域名即可直连。 - - -## 自动同步更新 - -如果你根据上述中的一键部署步骤部署了自己的项目,你可能会发现总是被提示 “有可用更新”。这是因为 Vercel 默认为你创建新项目而非 fork 本项目,这将导致无法准确检测更新。 - - - 我们建议按照 [📘 LobeHub 自部署保持更新](/zh/docs/self-hosting/advanced/upstream-sync) - 步骤重新部署。 + - 导出所有数据,部署服务端数据库后,原有用户数据无法自动迁移,只能提前备份后进行手动导入! + - 配置服务端数据库所需要的环境变量时,需全部填入后再进行部署,否则可能遭遇数据库迁移问题! -[deploy-button-image]: https://vercel.com/button -[deploy-link]: https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Flobehub%2Flobe-chat&project-name=lobe-chat&repository-name=lobe-chat +## 一、 配置数据库 + + + ### 准备服务端数据库实例,获取连接 URL + + 在部署之前,请确保你已经准备好 Postgres 数据库实例,你可以选择以下任一方式: + + - `A.` 使用 Vercel / Neon 等 Serverless Postgres 实例; + - `B.` 使用 Docker 等自部署 Postgres 实例。 + + 两者的配置方式略有不同,在下一步会有所区分。 + + ### 在 Vercel 中添加环境变量 + + 在 Vercel 的部署环境变量中,添加 `DATABASE_URL` 等环境变量,将上一步准备好的 Postgres 数据库连接 URL 填入其中。数据库连接 URL 的通常格式为 `postgres://username:password@host:port/database`。 + + + + + 请确认您的供应商所提供的 `Postgres` 类型,若为 `Node Postgres`,请切换到 `Node Postgres` Tab 。 + + + Serverless Postgres 需要填写的变量如下: + + ```shell + # Serverless Postgres DB Url + DATABASE_URL= + ``` + + 在 Vercel 中填写的示例如下: + + {'添加 + + + + Node Postgres 需要填写的变量如下: + + ```shell + # Node Postgres DB Url + DATABASE_URL= + + # 指定 Postgres database driver 为 node + DATABASE_DRIVER=node + ``` + + 在 Vercel 中填写的示例如下: + + {'添加 + + + + + 如果希望连接数据库时启用 SSL + ,请自行参考[链接](https://stackoverflow.com/questions/14021998/using-psql-to-connect-to-postgresql-in-ssl-mode)进行设置 + + + ### 添加 `KEY_VAULTS_SECRET` 环境变量 + + 在完成数据库 `DATABASE_URL` 环境变量添加后,需要添加一个 `KEY_VAULTS_SECRET` 环境变量。该变量用于加密用户存储的 apikey 等敏感信息。点击下方按钮一键生成: + + + + 同样需要将其添加到 Vercel 环境变量中。 + + ### 添加 `APP_URL` 环境变量 + + 该部分最后需要添加 `APP_URL` 环境变量,用于指定 LobeHub 应用的 URL 地址。 + + +## 二、 配置身份验证服务 + +服务端数据库需要搭配用户身份验证服务才可以正常使用。因此需要配置对应的身份验证服务。 + + + ### 添加身份验证环境变量 + + 在 Vercel 的部署环境变量中,添加以下环境变量以启用身份验证(基于 [Better Auth](https://www.better-auth.com)): + + 点击下方按钮一键生成 `AUTH_SECRET`(会话加密密钥): + + + + 同时需要配置 `JWKS_KEY` 环境变量,用于签名和验证 JWT。点击下方按钮一键生成: + + + + 配置这些变量后,用户即可使用邮箱和密码注册登录。 + + + 如需 SSO 登录、魔法链接登录、邮箱验证等高级功能,请参阅 [身份验证服务](/zh/docs/self-hosting/advanced/auth)。 + + + ### 在 Vercel 中添加公、私钥环境变量 + + 在 Vercel 的部署环境变量中,添加 `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` 和 `CLERK_SECRET_KEY` 环境变量。你可以在菜单中点击「API Keys」,然后复制对应的值填入 Vercel 的环境变量中。 + + {'在 + + 此步骤所需的环境变量如下: + + ```shell + NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx + CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx + ``` + + 添加上述变量到 Vercel 中: + + {'在 + + ### 在 Clerk 中创建并配置 Webhook + + 由于我们让 Clerk 完全接管用户鉴权与管理,因此我们需要在 Clerk 用户生命周期变更时(创建、更新、删除)中通知我们的应用并存储落库。我们通过 Clerk 提供的 Webhook 来实现这一诉求。 + + 我们需要在 Clerk 的 Webhooks 中添加一个端点(Endpoint),告诉 Clerk 当用户发生变更时,向这个端点发送通知。 + + {'Clerk + + 在 endpoint 中填写你的 Vercel 项目的 URL,如 `https://your-project.vercel.app/api/webhooks/clerk`。然后在订阅事件(Subscribe to events)中,勾选 user 的三个事件(`user.created` 、`user.deleted`、`user.updated`),然后点击创建。 + + URL 的`https://`不可缺失,须保持 URL 的完整性 + + {'添加 + + ### 将 Webhook 秘钥添加到 Vercel 环境变量 + + 创建完毕后,可以在右下角找到该 Webhook 的秘钥: + + {'查看 + + 这个秘钥所对应的环境变量名为 `CLERK_WEBHOOK_SECRET`: + + ```shell + CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx + ``` + + 将其添加到 Vercel 的环境变量中: + + {'在 + + +这样,你已经成功配置了身份验证服务。接下来我们将配置 S3 存储服务。 + +## 三、 配置 S3 存储服务 + +在服务端数据库中我们需要配置 S3 存储服务来存储文件。 + + + 在本文,S3 所指代的是指兼容 S3 存储方案,即支持 Amazon S3 API 的对象存储系统,常见例如 Cloudflare + R2 、阿里云 OSS 等均支持 S3 兼容 API。 + + + + ### 配置并获取 S3 存储桶 + + 你需要前往你的 S3 服务提供商(如 AWS S3、Cloudflare R2 等)并创建一个新的存储桶(Bucket)。接下来以 Cloudflare R2 为例,介绍创建流程。 + + 下图是 Cloudflare R2 的界面: + + {'Cloudflare + + 创建存储桶时将指定其名称,然后点击创建。 + + {'R2 + + ### 获取存储桶相关环境变量 + + 在 R2 存储桶的设置中,可以看到桶配置的信息: + + {'查看存储桶的相关信息'} + + 其对应的环境变量为: + + ```shell + # 存储桶的名称 + S3_BUCKET=LobeHub + # 存储桶的请求端点(注意此处链接的路径带存储桶名称,必须删除该路径,或使用申请 S3 API token 页面所提供的链接) + S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com + # 存储桶对外的访问域名 + S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com + ``` + + `S3_ENDPOINT`必须删除其路径,否则会无法访问所上传文件 + + ### 获取 S3 密钥环境变量 + + 你需要获取 S3 的访问密钥,以便 LobeHub 的服务端有权限访问 S3 存储服务。在 R2 中,你可以在账户详情中配置访问密钥: + + {'查看存储桶的访问秘钥'} + + 点击右上角按钮创建 API token,进入创建 API Token 页面 + + {'创建对应 + + 鉴于我们的服务端数据库需要读写 S3 存储服务,因此权限需要选择`对象读与写`,然后点击创建。 + + {'配置 + + 创建完成后,就可以看到对应的 S3 API token + + {'复制 + + 其对应的环境变量为: + + ```shell + S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 + S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 + ``` + + ### 在 Vercel 中添加对应的环境变量 + + 不同 S3 服务商获取所需环境变量的步骤可能有所不同,但最终获得到的环境变量应该都是一致的: + + URL 的`https://`不可缺失,须保持 URL 的完整性 + + ```shell + # S3 秘钥 + S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 + S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 + + # 存储桶的名称 + S3_BUCKET=LobeHub + # 存储桶的请求端点 + S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com + # 存储桶对外的访问域名 + S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com + + # 桶的区域,如 us-west-1,一般来说不需要添加,但某些服务商则需要配置 + # S3_REGION=us-west-1 + ``` + + 然后将上述环境变量填入 Vercel 的环境变量中: + + {'在 + + ### 配置跨域 + + 由于 S3 存储服务往往是一个独立的网址,因此需要配置跨域访问。 + + 在 R2 中,你可以在存储桶的设置中找到跨域配置: + + {'Cloudflare + + 添加跨域规则,允许你的域名(在上文是 `https://your-project.vercel.app`)来源的请求: + + {'配置允许你的站点域名'} + + 示例配置如下: + + ```json + [ + { + "AllowedOrigins": ["https://your-project.vercel.app"], + "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"], + "AllowedHeaders": ["*"] + } + ] + ``` + + 配置后点击保存即可。 + + +## 四、部署并验证 + +通过上述步骤之后,我们应该就完成了服务端数据库的配置。接下来我们可以将 LobeHub 部署到 Vercel 上,然后访问你的 Vercel 链接,验证服务端数据库是否正常工作。 + + + ### 重新部署最新的 commit + + 配置好环境变量后,你需要重新部署最新的 commit,并等待部署完成。 + + {'重新部署最新的 + + ### 检查功能是否正常 + + 如果你点击左上角登录,可以正常显示登录弹窗,那么说明你已经配置成功了,尽情享用吧~ + + {'用户登录弹窗'} + + {'登录成功状态'} + + +## 附录 + +### 服务端数据库环境变量一览 + +为方便一键复制,在此汇总配置服务端数据库所需要的环境变量: + +```shell +APP_URL=https://your-project.com + +# Postgres 数据库 URL +DATABASE_URL= +KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= + +# 身份验证 +AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= +JWKS_KEY='{"keys":[...]}' + +# S3 相关配置 +# S3 秘钥 +S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 +S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 + +# 存储桶的名称 +S3_BUCKET=LobeHub +# 存储桶的请求端点 +S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com +# 存储桶对外的访问域名 +S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com +# 桶的区域,如 us-west-1,一般来说不需要添加,但某些服务商则需要配置 +# S3_REGION=us-west-1 +``` diff --git a/docs/self-hosting/platform/zeabur.mdx b/docs/self-hosting/platform/zeabur.mdx index 6d1bce4ceb..db02e0411e 100644 --- a/docs/self-hosting/platform/zeabur.mdx +++ b/docs/self-hosting/platform/zeabur.mdx @@ -1,72 +1,76 @@ --- -title: Deploy LobeHub on Zeabur +title: Deploying LobeHub Database on Zeabur description: >- Learn how to deploy LobeHub on Zeabur with ease. Follow the provided steps to set up your chat application seamlessly. tags: - Deploy LobeHub - Zeabur Deployment + - OpenAI API Key - Custom Domain Binding --- -# Deploy LobeHub with Zeabur +# Deploying LobeHub Database on Zeabur -If you want to deploy LobeHub on Zeabur, you can follow the steps below: + + This article assumes that you are familiar with the basic principles and processes of deploying + the LobeHub server database version, so it only includes content related to core environment + variable configuration. If you are not familiar with the deployment principles of the LobeHub + server database version, please refer to [Deploying Server + Database](/docs/self-hosting/server-database) first. + -## Zeabur Deployment Process +The template on Zeabur includes 4 services: + +- Logto for authrization. +- PostgreSQL with Vector plugin for data storage and indexing. +- MinIO for image storage. +- LobeHub database version. + +## Deploying on Zeabur + +Here is the process for deploying the LobeHub server database version on Zeabur: - ### Click the button below to deploy + ### Go to the template page on Zeabur - [![][deploy-button-image]][deploy-link] + Go to the [LobeHub Database template page](https://zeabur.com/templates/RRSPSD) on Zeabur and click on the "Deploy" button. - ### Once deployed, you can start using it + ### Fill in the required environment variables - ### Bind a custom domain (optional) + After you click on the "Deploy" button, you will see a modal pop-up where you can fill in the required environment variables. - You can use the subdomain provided by Zeabur, or choose to bind a custom domain. Currently, the domains provided by Zeabur have not been contaminated, and most regions can connect directly. + Here are the environment variables you need to fill in: + + - OpenAI API key: Your OpenAI API key to get responses from OpenAI. + + - LobeHub Domain: A free subdomain with `.zeabur.app` suffix. + + - MinIO Public Domain: A free subdomain with `.zeabur.app` suffix for yout MinIO web port to enable public access for the uploaded files. + + - Logto Console Domain: A free subdomain with `.zeabur.app` suffix for your Logto console. + + - Logto API Domain: A free subdomain with `.zeabur.app` suffix for your Logto api. + + ### Select a region and deploy + + After you fill all the required environment variables, select a region where you want to deploy your LobeHub Database and click on the "Deploy" button. + + You will see another modal pop-up where you can see the deployment progress. + + ### Configure Logto + + After the deployment is done, you need to configure your Logto service to enable authrization. + + Access your Logto console with the console domain you just binded, and then create a `Next.js 14(App router)` application to get the client ID and client secret, and fill in the cors and callback URLs. You can check [this document](../advanced/auth.mdx) for a more detailed guide. + + Fill in those variables into your LobeHub service on Zeabur, here is a more detailed guide for [editing environment variables on Zeabur](https://zeabur.com/docs/deploy/variables). + + For detailed configuration of Logto, refer to [this document](/docs/self-hosting/advanced/auth/providers/logto). + + ### Access your LobeHub Instance + + Press on the `LobeHub-Database` and you can see the public domain you just created, click on it to access your LobeHub Database. + + You can also bind a custom domain for your services if you want, here is a guide on how to [bind a custom domain on Zeabur](https://zeabur.com/docs/deploy/domain-binding). - -# Deploy LobeHub with Zeabur as serverless function - -> Note: There are still issues with [middlewares and rewrites of next.js on Zeabur](https://github.com/lobehub/lobe-chat/pull/2775?notification_referrer_id=NT_kwDOAdi2DrQxMDkyODQ4MDc2NTozMDk3OTU5OA#issuecomment-2146713899), use at your own risk! - -Since Zeabur does NOT officially support FREE users deploy containerized service, you may wish to deploy LobeHub as a serverless function service. To deploy LobeHub as a serverless function service on Zeabur, you can follow the steps below: - -## Zeabur Deployment Process - - - ### Fork LobeHub - - ### Add Zeabur pack config file - - Add a `zbpack.json` configuration file with the following content to the root dir of your fork: - - ```json - { - "ignore_dockerfile": true, - "serverless": true - } - ``` - - ### Login to your [Zeabur dashboard](https://dash.zeabur.com) - - If you do not already have an account, you will need to register one. - - ### Create a project and service - - Create a project, then create a service under this project. - - ### Link your fork of LobeHub to the just created Zeabur service. - - When adding service, choose github. This may triger a oAuth depend on varies factors like how you login to Zeabur and if you have already authorized Zeabur to access all your repos - - ### Bind a custom domain (optional) - - You can create a subdomain provided by Zeabur, or choose to bind a custom domain. Currently, the domains provided by Zeabur have not been contaminated, and most regions can connect directly. - - ### Zeabur shall start auto build and you should be able to access it by the domain of your choice after a while. - - -[deploy-button-image]: https://zeabur.com/button.svg -[deploy-link]: https://zeabur.com/templates/VZGGTI diff --git a/docs/self-hosting/platform/zeabur.zh-CN.mdx b/docs/self-hosting/platform/zeabur.zh-CN.mdx index f70b5ad6c8..e1ca98b255 100644 --- a/docs/self-hosting/platform/zeabur.zh-CN.mdx +++ b/docs/self-hosting/platform/zeabur.zh-CN.mdx @@ -9,64 +9,59 @@ tags: - 自定义域名 --- -# 使用 Zeabur 部署 +# 使用 Zeabur 部署 LobeHub 数据库版 -如果想在 Zeabur 上部署 LobeHub,可以按照以下步骤进行操作: + + 本文假设你已经熟悉 LobeHub + 服务器数据库版的部署基本原理和流程,因此只包含与核心环境变量配置相关的内容。如果你对 LobeHub + 服务器数据库版的部署原理不熟悉,请先参考[部署服务器数据库](/zh/docs/self-hosting/server-database)。 + -## Zeabur 部署流程 +在 Zeabur 的模板中总共包含有以下四个服务: + +- Logto 提供身份校验 +- 带有 Vector 插件的 PostgreSQL 来做数据存储和向量化 +- MinIO 作为对象存储 +- LobeHub Database 的实例 + +## 在 Zeabur 上部署 + +这里是在 Zeabur 上部署 LobeHub 服务器数据库版的流程: - ### 点击下方按钮进行部署 + ### 前往 Zeabur 上的模板页面 - [![][deploy-button-image]][deploy-link] + 前往 [Zeabur 上的 LobeHub 数据库模板页面](https://zeabur.com/templates/RRSPSD) 并点击 "Deploy" 按钮。 - ### 部署完毕后,即可开始使用 + ### 填写必要的环境变量 - ### 绑定自定义域名(可选) + 在你点击 “部署 “按钮后,你会看到一个模态弹窗,你可以在这里填写必要的环境变量。 - 你可以使用 Zeabur 提供的子域名,也可以选择绑定自定义域名。目前 Zeabur 提供的域名还未被污染,大多数地区都可以直连。 + 以下是你需要填写的环境变量: + + - OpenAI API key: 你的 OpenAI API key 用于获取模型的访问权限。 + - LobeHub Domain: 一个免费的 `.zeabur.app` 后缀的域名。 + - MinIO Public Domain: 一个免费的 `.zeabur.app` 后缀的域名为了暴露 MinIO 服务以公开访问资源。 + - Logto Console Domain: 一个免费的 `.zeabur.app` 后缀的域名来访问 Logto 的控制台。 + - Logto API Domain: 一个免费的 `.zeabur.app` 后缀的域名来访问 Logto 的 API。 + + ### 选择一个区域并部署 + + 在你填写完所有必要的环境变量后,选择一个你想要部署 LobeHub 数据库的区域并点击 “部署” 按钮。 + + 你会看到另一个模态弹窗,你可以在这里看到部署的进度。 + + ### 配置 Logto + + 当部署完成后,你会被自动导航到你在 Zeabur 控制台上刚刚创建的项目。你需要再进一步配置你的 Logto 服务。 + + 使用你刚绑定的域名来访问你的 Logto 控制台,创建一个新项目以获得对应的客户端 ID 与密钥,将它们填入你的 LobeHub 服务的变量中。关于如何填入变量,可以参照 [Zeabur 的官方文档](https://zeabur.com/docs/deploy/variables)。 + + Logto 的详细配置可以参考[这篇文档](/zh/docs/self-hosting/advanced/auth/providers/logto)。 + + ### 访问你的 LobeHub + + 按下 `LobeHub-Database` 你会看到你刚刚创建的公共域名,点击它以访问你的 LobeHub 数据库。 + + 你可以选择绑定一个自定义域名,这里有一个关于如何在 Zeabur 上[绑定自定义域名](https://zeabur.com/docs/deploy/domain-binding)的指南。 - -# 使用 Zeabur 将 LobeHub 部署为无服务器函数 - -> **注意:** 仍然存在关于 [Zeabur 上 next.js 的中间件和重写问题](https://github.com/lobehub/lobe-chat/pull/2775?notification_referrer_id=NT_kwDOAdi2DrQxMDkyODQ4MDc2NTozMDk3OTU5OA#issuecomment-2146713899),请自担风险! - -由于 Zeabur 并未官方支持免费用户部署容器化服务,您可能希望将 LobeHub 部署为无服务器函数服务。要在 Zeabur 上将 LobeHub 部署为无服务器函数服务,您可以按照以下步骤操作: - -## Zeabur 部署流程 - - - ### Fork LobeHub - - ### 添加 Zeabur 打包配置文件 - - 在您的分支的根目录下添加一个 `zbpack.json` 配置文件,内容如下: - - ```json - { - "ignore_dockerfile": true, - "serverless": true - } - ``` - - ### 登录到您的 [Zeabur 仪表板](https://dash.zeabur.com) - - 如果您尚未拥有一个账号,您需要注册一个。 - - ### 创建项目与服务。 - - 创建一个项目,并再这个项目下新建一个服务。 - - ### 将您的 LobeHub 分支链接到刚创建的 Zeabur 服务。 - - 在添加服务时,选择 github。这可能会触发一个 oAuth,取决于诸如您如何登录到 Zeabur 以及您是否已经授权 Zeabur 访问所有您的存储库等各种因素。 - - ### 绑定自定义域名(可选) - - 您可以创建 Zeabur 提供的子域名,或选择绑定自定义域名。目前,Zeabur 提供的域名尚未受到污染,大多数地区可以直接连接。 - - ### Zeabur 将开始自动构建,您应该可以在一段时间后通过您选择的域名访问它。 - - -[deploy-button-image]: https://zeabur.com/button.svg -[deploy-link]: https://zeabur.com/templates/VZGGTI diff --git a/docs/self-hosting/server-database.mdx b/docs/self-hosting/server-database.mdx index 9503dd61c3..f91d3a6c32 100644 --- a/docs/self-hosting/server-database.mdx +++ b/docs/self-hosting/server-database.mdx @@ -23,7 +23,7 @@ This guide will introduce the process and principles of deploying the server-sid If you are already familiar with the complete principles, you can quickly get started by checking the deployment guides for each platform: - + --- @@ -54,7 +54,7 @@ Since we support file-based conversations/knowledge base conversations, we need For server-side database deployment scenarios, you need to set `NEXT_PUBLIC_SERVICE_MODE` to `server`. - In the official `lobe-chat-database` Docker image, this environment variable is already set to + In the official `lobehub` Docker image, this environment variable is already set to `server` by default. Therefore, if you deploy using the Docker image, you do not need to configure this environment variable again. @@ -82,7 +82,7 @@ Since we support file-based conversations/knowledge base conversations, we need To streamline deployment, we have set default values based on the characteristics of different platforms: - On the Vercel platform, `DATABASE_DRIVER` defaults to `neon`; - - In our provided Docker image `lobe-chat-database`, `DATABASE_DRIVER` defaults to `node`. + - In our provided Docker image `lobehub`, `DATABASE_DRIVER` defaults to `node`. Therefore, if you follow the standard deployment methods below, you do not need to manually configure the `DATABASE_DRIVER` environment variable: @@ -95,7 +95,7 @@ Since we support file-based conversations/knowledge base conversations, we need You can generate a random 32-character string as the value of `KEY_VAULTS_SECRET` using `openssl - rand -base64 32`. + rand -base64 32`. @@ -132,7 +132,7 @@ NextAuth is an open-source authentication library that supports multiple identit For information on configuring NextAuth, you can refer to the [Authentication](/docs/self-hosting/advanced/authentication) documentation. - In the official Docker image `lobe-chat-database`, we recommend using NextAuth as the + In the official Docker image `lobehub`, we recommend using NextAuth as the authentication service. @@ -154,4 +154,4 @@ For detailed configuration guidelines on S3, please refer to [S3 Object Storage] The above is a detailed explanation of configuring LobeHub with a server-side database. You can configure it according to your actual situation and then choose a deployment platform that suits you to start deployment: - + diff --git a/docs/self-hosting/server-database.zh-CN.mdx b/docs/self-hosting/server-database.zh-CN.mdx index 8e7c0c5712..19a1112a98 100644 --- a/docs/self-hosting/server-database.zh-CN.mdx +++ b/docs/self-hosting/server-database.zh-CN.mdx @@ -23,7 +23,7 @@ LobeHub 默认使用客户端数据库(IndexedDB),同时也支持使用服 如你已经熟悉完整原理,可以查看各个平台的部署指南快速开始: - + --- @@ -52,7 +52,7 @@ LobeHub 默认使用客户端数据库(IndexedDB),同时也支持使用服 针对服务端数据库部署场景,你需要将 `NEXT_PUBLIC_SERVICE_MODE` 设置为 `server`。 - 在官方的 `lobe-chat-database` Docker 镜像中,已经默认将该环境变量设为 `server`,因此如果你使用 + 在官方的 `lobehub` Docker 镜像中,已经默认将该环境变量设为 `server`,因此如果你使用 Docker 镜像部署,则无需再配置该环境变量。 @@ -78,7 +78,7 @@ LobeHub 默认使用客户端数据库(IndexedDB),同时也支持使用服 为提升部署便捷性,我们根据不同的平台特点设置了默认值: - 在 Vercel 平台下,`DATABASE_DRIVER` 默认为 `neon`; - - 在我们提供的 Docker 镜像 `lobe-chat-database` 中,`DATABASE_DRIVER` 默认为 `node`。 + - 在我们提供的 Docker 镜像 `lobehub` 中,`DATABASE_DRIVER` 默认为 `node`。 因此如果你采用了以下标准的部署方式,你无需手动配置 `DATABASE_DRIVER` 环境变量: @@ -123,7 +123,7 @@ NextAuth 是一个开源的身份验证库,支持多种身份验证提供商 关于 NextAuth 的配置,你可以参考 [身份验证](/zh/docs/self-hosting/advanced/authentication) 的文档获取更多信息。 - 在官方的 Docker 镜像 `lobe-chat-database` 中,我们推荐使用 NextAuth 作为身份验证服务。 + 在官方的 Docker 镜像 `lobehub` 中,我们推荐使用 NextAuth 作为身份验证服务。 ## 配置 S3 存储服务 @@ -143,4 +143,4 @@ LobeHub 在 [很早以前](https://x.com/lobehub/status/1724289575672291782) 就 以上就是关于服务端数据库版 LobeHub 的配置详解,你可以根据自己的实际情况进行配置,然后选择适合自己的部署平台开始部署: - + diff --git a/docs/self-hosting/server-database/docker-compose.mdx b/docs/self-hosting/server-database/docker-compose.mdx deleted file mode 100644 index cf24debd5e..0000000000 --- a/docs/self-hosting/server-database/docker-compose.mdx +++ /dev/null @@ -1,879 +0,0 @@ ---- -title: Deploying LobeHub with Docker Compose -description: >- - Learn how to deploy the LobeHub service using Docker Compose, including - configuration tutorials for various services. -tags: - - Docker Compose - - LobeHub - - Docker Container - - Deployment Guide ---- - -# Deploying LobeHub Server Database Version with Docker Compose - -
- [![][docker-release-shield]][docker-release-link] - - [![][docker-size-shield]][docker-size-link] - - [![][docker-pulls-shield]][docker-pulls-link] -
- -## Quick Start - - - **System Compatibility Notes** - - - One-click deployment is supported in Unix environments (Linux/macOS). - - - Windows users must run through [WSL 2](https://aka.ms/wsl). - - - The one-click startup script is only for initial deployment; for subsequent deployments, please refer to the [Custom Deployment](#custom-deployment) section. - - - Port occupation check: Ensure that ports `3210`, `8000`, `9000`, and `9001` are available. - - -Execute the following commands to set up the deployment environment; the directory `lobe-chat-db` will be used to store your configuration files and subsequent database files. - -```sh -mkdir lobe-chat-db && cd lobe-chat-db -``` - -Fetch and execute the deployment script: - -```sh -bash <(curl -fsSL https://lobe.li/setup.sh) -l en -``` - -The script supports the following deployment modes; please choose the appropriate mode based on your needs and read the rest of the documentation. - -- [Local Mode (default)](#local-mode): Accessible only locally, not supporting LAN/public access; suitable for initial experiences. -- [Port Mode](#port-mode): Supports LAN/public `http` access; suitable for no domain or private network use. -- [Domain Mode](#domain-mode): Supports LAN/public `http/https` access with reverse proxy; suitable for personal or team use. - - - In the script's options prompt `(Option1/Option2)[Option1]`: `(Option1 / Option2)` indicates - selectable options, while `[Option1]` indicates the default option; simply press enter to choose - the default. - - -### Local Mode - - - ### Complete Remaining Configuration in Interactive Script - - Continue pressing enter to use the default configuration. - - ### Check Configuration Generation Report - - After the script finishes running, you need to check the configuration generation report, which includes the accounts and initial login passwords for the Casdoor administrator and user. - - - Please log in to LobeHub using the user account; the administrator account is only for managing - Casdoor. - - - ```log - The results of the secure key generation are as follows: - LobeHub: - - URL: http://localhost:3210 - - Username: user - - Password: c66f8c - Casdoor: - - URL: http://localhost:8000 - - Username: admin - - Password: c66f8c - Minio: - - URL: http://localhost:9000 - - Username: admin - - Password: 8c82ea41 - ``` - - ### Start Docker - - ```sh - docker compose up -d - ``` - - ### Check Logs - - ```sh - docker logs -f lobe-chat - ``` - - If you see the following logs in the container, it means the startup was successful: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: http://localhost:3210 - - Network: http://0.0.0.0:3210 - - ✓ Starting... - ✓ Ready in 95ms - ``` - - ### Access Application - - Visit your LobeHub service at [http://localhost:3210](http://localhost:3210). The account credentials for the application can be found in the report from step `2`. - - -### Port Mode - - - ### Complete Remaining Configuration in Interactive Script - - In port mode, you need to complete the following based on the script prompts: - - - Server IP address settings: for LAN/public access. - - Regenerate secure keys: We highly recommend regenerating the secure keys; if you lack the key generation library required by the script, we suggest referring to the [Custom Deployment](#custom-deployment) section for key modifications. - - ### Check Configuration Generation Report - - After the script finishes running, please check the configuration generation report for the Casdoor administrator account, user account, and their initial login passwords. - - - Please log in to LobeHub using the user account; the administrator account is only for managing - Casdoor. - - - ```log - The results of the secure key generation are as follows: - LobeHub: - - URL: http://your_server_ip:3210 - - Username: user - - Password: 837e26 - Casdoor: - - URL: http://your_server_ip:8000 - - Username: admin - - Password: 837e26 - Minio: - - URL: http://your_server_ip:9000 - - Username: admin - - Password: dbac8440 - ``` - - ### Start Docker - - ```sh - docker compose up -d - ``` - - ### Check Logs - - ```sh - docker logs -f lobe-chat - ``` - - If you see the following logs in the container, it means the startup was successful: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: http://your_server_ip:3210 - - Network: http://0.0.0.0:3210 - ✓ Starting... - ✓ Ready in 95ms - ``` - - ### Access Application - - You can access your LobeHub service at `http://your_server_ip:3210`. The account credentials for the application can be found in the report from step `2`. - - - If your service can accessed via the public network, - we strongly recommend disabling the registration, - refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor) - for more information. - - - -### Domain Mode - - - ### Complete Reverse Proxy Configuration - - In domain mode, you need to complete the reverse proxy configuration and ensure that the LAN/public can access the following services. Please use a reverse proxy to map the following service ports to the domain names: - - | Domain | Proxy Port | Required | - | ---------------------- | ---------- | -------- | - | `lobe.example.com` | `3210` | Yes | - | `auth.example.com` | `8000` | Yes | - | `minio.example.com` | `9000` | Yes | - | `minio-ui.example.com` | `9001` | | - - - If you are using panel software like [aaPanel](https://www.bt.cn/) for reverse proxy configuration, - ensure it does not intercept requests to the `.well-known` path to facilitate the proper functioning of Casdoor's OAuth2 configuration. - Below is a whitelist configuration for the Nginx server block concerning paths for Casdoor reverse proxy: - - ```nginx - location /.well-known/openid-configuration { - proxy_pass http://localhost:8000; # Forward to localhost:8000 - proxy_set_header Host $host; # Keep the original host header - proxy_set_header X-Real-IP $remote_addr; # Keep the client's real IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Keep the forwarded IP - proxy_set_header X-Forwarded-Proto $scheme; # Keep the request protocol - } - ``` - - ⚠️ If you are using such panel software, - please do not enable any form of caching in the reverse proxy settings of such panel software to avoid affecting the normal operation of the service. - Read more at [https://github.com/lobehub/lobe-chat/discussions/5986](https://github.com/lobehub/lobe-chat/discussions/5986) - - - ### Complete Remaining Configuration in Interactive Script - - In domain mode, you need to complete the following configurations based on script prompts: - - - Domain setup for the LobeHub service: `lobe.example.com` - - Domain setup for the Minio service: `minio.example.com` - - Domain setup for the Casdoor service: `auth.example.com` - - Choose the access protocol: `http` or `https` - - Regenerate secure keys: We highly recommend regenerating the secure keys; if you lack the key generation library required by the script, we suggest referring to the [Custom Deployment](#custom-deployment) section for key modifications. - - - The following issues may impede access to your service: - - - The domain configuration here must match the reverse proxy configuration in step `1`. - - - If you are using Cloudflare for domain resolution and have activated `full proxy`, please use the `https` protocol. - - - If you have used the HTTPS protocol, ensure that your domain certificate is correctly configured; one-click deployment does not support self-signed certificates by default. - - - ### Check Configuration Generation Report - - After the script finishes running, you need to check the configuration generation report, which includes the initial login password for the Casdoor administrator. - - - Please log in to LobeHub using the user account; the administrator account is only for managing - Casdoor. - - - ```log - The results of the secure key generation are as follows: - LobeHub: - - URL: https://lobe.example.com - - Username: user - - Password: 837e26 - Casdoor: - - URL: https://auth.example.com - - Username: admin - - Password: 837e26 - Minio: - - URL: https://minio.example.com - - Username: admin - - Password: dbac8440 - ``` - - ### Start Docker - - ```sh - docker compose up -d - ``` - - ### Check Logs - - ```sh - docker logs -f lobe-chat - ``` - - If you see the following logs in the container, it indicates a successful startup: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: https://localhost:3210 - - Network: http://0.0.0.0:3210 - ✓ Starting... - ✓ Ready in 95ms - ``` - - ### Access Application - - You can access your LobeHub service via `https://lobe.example.com`. The account credentials for the application can be found in the report from step `3`. - - - If your service can accessed via the public network, - we strongly recommend disabling the registration, - refer to the [documentation](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor) - for more information. - - - -## Custom Deployment - -This section mainly introduces the configurations that need to be modified to customize the deployment of the LobeHub service in different network environments. Before starting, you can download the [Docker Compose configuration file](https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml) and the [environment variable configuration file](https://raw.githubusercontent.com/lobehub/lobe-chat/refs/heads/main/docker-compose/local/.env.example). - -```sh -curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml -curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.example -mv .env.example .env -``` - - - This section does not cover all complete variables; remaining variables can be referenced in - [Deploying with the Server Database](/en/docs/self-hosting/server-database). - - -### Prerequisites - -Generally, to fully run the LobeHub database version, you will need at least the following four services: - -- The LobeHub database version itself -- PostgreSQL database with PGVector plugin -- Object storage service that supports S3 protocol -- An SSO authentication service supported by LobeHub - -These services can be combined through self-hosting or online cloud services to meet various deployment needs. In this article, we provide a Docker Compose configuration entirely based on open-source self-hosted services, which can be used directly to start the LobeHub database version or modified to suit your requirements. - -We use [MinIO](https://github.com/minio/minio) as the local S3 object storage service and [Casdoor](https://github.com/casdoor/casdoor) as the local authentication service by default. - - - If your network topology is complex, please make sure these services can communicate properly - within your network environment. - - -### Necessary Configuration - -Now, we will introduce the necessary configurations for running these services: - -1. Casdoor - -- LobeHub requires communication with Casdoor, so you need to configure Casdoor's Issuer. - -```env -AUTH_CASDOOR_ISSUER=https://auth.example.com -``` - -This configuration will affect LobeHub's login authentication service, and you need to ensure that the URL of the Casdoor service is correct. You can find common manifestations and solutions for errors in this configuration in the [FAQ](#faq). - -- Additionally, you need to allow the callback URL in Casdoor to point to the LobeHub address: - -Please add a line in the `Authentication -> Application` -> `` -> `Redirect URI` in Casdoor's web panel: - -``` -https://auth.example.com/api/auth/callback/casdoor -``` - -- Casdoor needs to provide the Origin information for access in the environment variables: - -```env -origin=https://auth.example.com -``` - -2. MinIO - -- LobeHub needs to provide a public access URL for object files for the LLM service provider, hence you need to configure MinIO's Endpoint. - -```env -S3_PUBLIC_DOMAIN=https://minio.example.com -S3_ENDPOINT=https://minio.example.com -``` - -3. PostgreSQL - -This configuration is found in the `docker-compose.yml` file, and you will need to configure the database name and password: - -```yaml -services: - lobe: - environment: - - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' -``` - -## FAQ - -#### Unable to Log In Properly - -Check for the following errors based on the container logs: - -```sh -docker logs -f lobe-chat -``` - -- r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) - -```log -lobe-chat | [auth][error] r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) -``` - -Cause: This issue is typically caused by improper reverse proxy configuration; you need to ensure your reverse proxy configuration does not intercept the Casdoor OAuth2 configuration requests. - -Solutions: - -- Please refer to the reverse proxy configuration notes in the [Domain Mode](#domain-mode) section. - -- A direct troubleshooting method is to access `https://auth.example.com/.well-known/openid-configuration` directly; if: - - - Non-JSON format data is returned, it indicates your reverse proxy configuration is incorrect. - - If the returned JSON format data contains an `"issuer": "URL"` field that does not match your configured `https://auth.example.com`, it indicates your environment variable configuration is incorrect. - -- TypeError: fetch failed - -```log -lobe-chat | [auth][error] TypeError: fetch failed -``` - -Cause: LobeHub cannot access the authentication service. - -Solutions: - -- Check whether your authentication service is running properly and whether LobeHub's network can reach the authentication service. - -- A straightforward troubleshooting method is to use the `curl` command in the LobeHub container terminal to access your authentication service at `https://auth.example.com/.well-known/openid-configuration`. If JSON format data is returned, it indicates your authentication service is functioning correctly. - -#### OAuth Token Exchange Failures with Reverse Proxy - -If OAuth authentication fails during the token exchange phase when using Docker behind a reverse proxy, this is typically caused by the default `MIDDLEWARE_REWRITE_THROUGH_LOCAL=1` setting which rewrites URLs to `127.0.0.1:3210`. - -**Solution**: Set `MIDDLEWARE_REWRITE_THROUGH_LOCAL=0` in your `.env` file and restart Docker containers: - -```bash -docker compose down -docker compose up -d -``` - -````markdown -## Extended Configuration - -To enhance your LobeHub service, you can perform the following extended configurations according to your needs. - -### Use MinIO to Store Casdoor Avatars - -Allow users to change their avatars in Casdoor. - -1. First, create a bucket named `casdoor` in `buckets`, select a custom policy, and copy and paste the content below (if you modify the bucket name, please find and replace accordingly). - - ```json - { - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": ["*"] - }, - "Action": ["s3:GetBucketLocation"], - "Resource": ["arn:aws:s3:::casdoor"] - }, - { - "Effect": "Allow", - "Principal": { - "AWS": ["*"] - }, - "Action": ["s3:ListBucket"], - "Resource": ["arn:aws:s3:::casdoor"], - "Condition": { - "StringEquals": { - "s3:prefix": ["files/*"] - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": ["*"] - }, - "Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"], - "Resource": ["arn:aws:s3:::casdoor/**"] - } - ], - "Version": "2012-10-17" - } - ``` -```` - -2. Create a new access key and store the generated `Access Key` and `Secret Key`. - -3. In Casdoor's `Authentication -> Providers`, associate the MinIO S3 service. Below is an example configuration: - - ![casdoor](/blog/assets18bb134dbc5792d6a624199cca8bf7d3.webp) - - Here, the client ID and client secret correspond to the `Access Key` and `Secret Key` from the previous step; replace `192.168.31.251` with `your_server_ip`. - -4. In Casdoor's `Authentication -> Apps`, add a provider to the `app-built-in` application, select `minio`, and save and exit. - -5. You can attempt to upload a file in Casdoor's `Authentication -> Resources` to test if the configuration is correct. - -### Migrating from `logto` to `Casdoor` in Production Deployment - -This is applicable for users who have been using `logto` as their login and authentication service in a production environment. - - - Due to significant instability when using [Logto](https://logto.io/) as a login and authentication - service, the following tutorial is based on deploying with an IP mode, implementing a domain - release solution using Casdoor as the authentication service provider. The remainder of this - article will illustrate using this as an example. If you are using other login authentication - services like Logto, the process should be similar, but be aware that port configurations may - differ among different services. - - -In the following, it is assumed that in addition to the above services, you are also running an **Nginx** layer for reverse proxy and SSL configuration. - -The domain and corresponding service port descriptions are as follows: - -- `lobe.example.com`: This is your LobeHub service domain, which needs to reverse proxy to the LobeHub service port, default is `3210`. -- `auth.example.com`: This is your Logto UI domain, which needs to reverse proxy to the Logto WebUI service port, default is `8000`. -- `minio.example.com`: This is your MinIO API domain, which needs to reverse proxy to the MinIO API service port, default is `9000`. -- `minio-ui.example.com`: Optional, this is your MinIO UI domain, which needs to reverse proxy to the MinIO WebUI service port, default is `9001`. - -#### Configuration File - -```sh -bash <(curl -fsSL https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/setup.sh) -f -l zh_CN -docker compose up -d -``` - -Make sure to save the newly generated password at this time! - -After running, you will get three files: - -- init\_data.json -- docker-compose.yml -- .env - -Next, modify the configuration files to achieve domain release. - -1. Modify the `docker-compose.yml` file. - - 1. Change the `MINIO_API_CORS_ALLOW_ORIGIN` field of `minio`. - - ```yaml - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' - ``` - - 2. Modify the `origin` field of `casdoor`. - - ```yaml - origin: 'https://auth.example.com' - ``` - - 3. Modify the `environment` field of `lobe`. - - ```yaml - # - 'APP_URL=http://localhost:3210' - - 'APP_URL=https://lobe.example.com' - - - 'AUTH_SSO_PROVIDERS=casdoor' - - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' - - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' - # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' - - 'AUTH_URL=https://lobe.example.com/api/auth' - - # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' - - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' - - - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' - # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' - - 'S3_ENDPOINT=https://minio.example.com' - - - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' - # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' - - 'S3_PUBLIC_DOMAIN=https://minio.example.com' - - - 'S3_ENABLE_PATH_STYLE=1' - - 'LLM_VISION_IMAGE_USE_BASE64=1' - ``` - -2. Modify the `.env` file. - -For security reasons, modify the ROOT USER field in the `.env` file. - -```sh -# MinIO S3 configuration -MINIO_ROOT_USER=XXXX -MINIO_ROOT_PASSWORD=XXXX -``` - -#### Postgres Database Configuration - -You can check the logs with the following command: - -```sh -docker logs -f lobe-chat -``` - - - In our official Docker images, automatic migration of the database schema is performed before - starting the images. Our official images guarantee the stability of "empty database -> complete - tables" for automatic table creation. Therefore, we recommend your database instance use an empty - table instance to avoid the trouble of manually maintaining table structure or migrations. - - -If you encounter issues during table creation, you can try the following command to forcibly remove the database container and restart: - -```sh -docker compose down # Stop the service -sudo rm -rf ./data # Remove mounted database data -docker compose up -d # Restart -``` - -#### Login Authentication Service Configuration - -You first need to access the WebUI for configuration: - -- If you have set up the reverse proxy as mentioned before, open `https://auth.example.com` -- Otherwise, after port mapping, open `http://localhost:8000` - -Log in to the admin account: - -- The default username is admin. -- The default password is the random password generated when downloading the config file. If forgotten, you can find it in the `init_data.json` file. - -After logging in, perform the following actions: - -1. In `User Management -> Organizations`, add a new organization with the name and display name `Lobe Users`. Keep the rest as default. -2. In `Authentication -> Apps`, add a new application. - -- Name and display name should be `LobeHub`. -- Organization should be `Lobe Users`. -- Add a line in Redirect URLs as `https://lobe.example.com/api/auth/callback/casdoor`. -- Disable all login methods except password. -- Fill in the client ID and client secret in the `.env` file under `AUTH_CASDOOR_ID` and `AUTH_CASDOOR_SECRET`. -- (Optional) Design the appearance of the login and registration pages by mimicking the `built-in` application configuration. -- Save and exit. - - - Following the steps above ensures that not all users are administrators by default, leading to an - unsafe situation. - - -#### S3 Object Storage Service Configuration - -This article uses MinIO as an example to explain the configuration process. If you are using another S3 service provider, please refer to their documentation for configuration. - - - Please remember to configure the corresponding S3 service provider's CORS settings to ensure that LobeHub can access the S3 service correctly. - - In this document, you need to allow cross-origin requests from `https://lobe.example.com`. This can either be configured in MinIO WebUI under `Configuration - API - Cors Allow Origin`, or in the Docker Compose configuration under `minio - environment - MINIO_API_CORS_ALLOW_ORIGIN`. - - If you use the second method (which is also the default), you will no longer be able to configure it in the MinIO WebUI. - - -You first need to access the WebUI for configuration: - -- If you have set up the reverse proxy as mentioned before, open `https://minio-ui.example.com` -- Otherwise, after port mapping, open `http://localhost:9001` - -1. Enter the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` you set in the login interface, then click login. - -2. In the left panel under User / Access Keys, click `Create New Access Key`, no additional modifications needed, and fill the generated `Access Key` and `Secret Key` into your `.env` file under `S3_ACCESS_KEY_ID` and `S3_SECRET_ACCESS_KEY`. - -Create MinIO Access Key - -3. Restart the LobeHub service: - - ```sh - docker compose up -d - ``` - -At this point, you have successfully deployed the LobeHub database version, and you can access your LobeHub service at `https://lobe.example.com`. - -#### Configuring Internal Server Communication with `INTERNAL_APP_URL` - - - If you are deploying LobeHub behind a CDN (like Cloudflare) or reverse proxy, you may want to configure internal server-to-server communication to bypass the CDN/proxy layer for better performance. - - -You can configure the `INTERNAL_APP_URL` environment variable: - -```yaml -environment: - - 'APP_URL=https://lobe.example.com' # Public URL for browser access - - 'INTERNAL_APP_URL=http://localhost:3210' # Internal URL for server-to-server calls -``` - -**How it works:** - -- `APP_URL`: Used for browser/client access, OAuth callbacks, webhooks, etc. (goes through CDN/proxy) -- `INTERNAL_APP_URL`: Used for internal server-to-server communication (bypasses CDN/proxy) - -If `INTERNAL_APP_URL` is not set, it defaults to `APP_URL`. - -**Configuration options:** - -- `http://localhost:3210` - If using Docker with host network mode -- `http://lobe:3210` - If using Docker network with service name -- `http://127.0.0.1:3210` - Alternative localhost address - - - For Docker Compose deployments with `network_mode: 'service:network-service'`, use `http://localhost:3210` as the `INTERNAL_APP_URL`. - - -#### Configuration Files - -For convenience, here is a summary of example configuration files required for the production deployment using the Casdoor authentication scheme: - -- `.env` - -```sh -# Proxy, if you need it -# HTTP_PROXY=http://localhost:7890 -# HTTPS_PROXY=http://localhost:7890 - -# Other environment variables, as needed. You can refer to the environment variables configuration for the client version. -# OPENAI_API_KEY=sk-xxxx -# OPENAI_PROXY_URL=https://api.openai.com/v1 -# OPENAI_MODEL_LIST=... - -# =========================== -# ====== Preset config ====== -# =========================== -# if no special requirements, no need to change -LOBE_PORT=3210 -CASDOOR_PORT=8000 -MINIO_PORT=9000 - -# Postgres related, which are the necessary environment variables for DB -LOBE_DB_NAME=LobeHub -POSTGRES_PASSWORD=uWNZugjBqixf8dxC - -# Casdoor secret -AUTH_CASDOOR_ID=943e627d79d5dd8a22a1 -AUTH_CASDOOR_SECRET=6ec24ac304e92e160ef0d0656ecd86de8cb563f1 - -# MinIO S3 configuration -MINIO_ROOT_USER=Joe -MINIO_ROOT_PASSWORD=Crj1570768 - -# Configure the bucket information of MinIO -MINIO_LOBE_BUCKET=lobe -S3_ACCESS_KEY_ID=dB6Uq9CYZPdWSZouPyEd -S3_SECRET_ACCESS_KEY=aPBW8CVULkh8bw1GatlT0GjLihcXHLNwRml4pieS -``` - -- `docker-compose.yml` - -```yaml -name: lobe-chat-database -services: - network-service: - image: alpine - container_name: lobe-network - ports: - - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API - - '9001:9001' # MinIO Console - - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor - - '${LOBE_PORT}:3210' # LobeHub - command: tail -f /dev/null - networks: - - lobe-network - - postgresql: - image: pgvector/pgvector:pg17 - container_name: lobe-postgres - ports: - - '5432:5432' - volumes: - - './data:/var/lib/postgresql/data' - environment: - - 'POSTGRES_DB=${LOBE_DB_NAME}' - - 'POSTGRES_PASSWORD=${POSTGRES_PASSWORD}' - healthcheck: - test: ['CMD-SHELL', 'pg_isready -U postgres'] - interval: 5s - timeout: 5s - retries: 5 - restart: always - networks: - - lobe-network - - minio: - image: minio/minio:RELEASE.2025-04-22T22-12-26Z - container_name: lobe-minio - network_mode: 'service:network-service' - volumes: - - './s3_data:/etc/minio/data' - environment: - - 'MINIO_ROOT_USER=${MINIO_ROOT_USER}' - - 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}' - # - 'MINIO_API_CORS_ALLOW_ORIGIN=http://localhost:${LOBE_PORT}' - - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' - restart: always - command: > - server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001" - - casdoor: - image: casbin/casdoor - container_name: lobe-casdoor - entrypoint: /bin/sh -c './server --createDatabase=true' - network_mode: 'service:network-service' - depends_on: - postgresql: - condition: service_healthy - environment: - RUNNING_IN_DOCKER: 'true' - driverName: 'postgres' - dataSourceName: 'user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor' - # origin: 'http://localhost:${CASDOOR_PORT}' - origin: 'https://auth.example.com' - runmode: 'dev' - volumes: - - ./init_data.json:/init_data.json - - lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat-database - network_mode: 'service:network-service' - depends_on: - postgresql: - condition: service_healthy - network-service: - condition: service_started - minio: - condition: service_started - casdoor: - condition: service_started - - environment: - # - 'APP_URL=http://localhost:3210' - - 'APP_URL=https://lobe.example.com' - - - 'AUTH_SSO_PROVIDERS=casdoor' - - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' - - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' - # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' - - 'AUTH_URL=https://lobe.example.com/api/auth' - - # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' - - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' - - - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' - # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' - - 'S3_ENDPOINT=https://minio.example.com' - - - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' - # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' - - 'S3_PUBLIC_DOMAIN=https://minio.example.com' - - - 'S3_ENABLE_PATH_STYLE=1' - - 'LLM_VISION_IMAGE_USE_BASE64=1' - env_file: - - .env - restart: always - -volumes: - data: - driver: local - s3_data: - driver: local - -networks: - lobe-network: - driver: bridge -``` - -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat-database?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat-database?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat-database?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/server-database/docker-compose.zh-CN.mdx b/docs/self-hosting/server-database/docker-compose.zh-CN.mdx deleted file mode 100644 index 96a99195ea..0000000000 --- a/docs/self-hosting/server-database/docker-compose.zh-CN.mdx +++ /dev/null @@ -1,854 +0,0 @@ ---- -title: 通过 Docker Compose 部署 LobeHub -description: 学习如何使用 Docker Compose 部署 LobeHub 服务,包括各种服务的配置教程。 -tags: - - Docker Compose - - LobeHub - - Docker 容器 - - 部署指引 ---- - -# 使用 Docker Compose 部署 LobeHub 服务端数据库版本 - -
- [![][docker-release-shield]][docker-release-link] - - [![][docker-size-shield]][docker-size-link] - - [![][docker-pulls-shield]][docker-pulls-link] -
- -## 快速启动 - - - **系统兼容性说明** - - - 支持 Unix 环境(Linux/macOS)的一键部署 - - - Windows 用户需通过 [WSL 2](https://aka.ms/wsl) 运行 - - - 一键启动脚本为首次部署专用,非首次部署请参考 [自定义部署](#自定义部署) 章节 - - - 端口占用检查:确保 `3210`、`8000`、`9000`、`9001` 端口可用 - - -执行以下命令初始化部署环境,目录 `lobe-chat-db` 将用于存放你的配置文件和后续的数据库文件。 - -```sh -mkdir lobe-chat-db && cd lobe-chat-db -``` - -获取并执行部署脚本: - -```sh -bash <(curl -fsSL https://lobe.li/setup.sh) -l zh_CN -``` - -脚本支持以下部署模式,请根据你的需求选择相应的模式,并继续阅读文档的剩余部分。 - -- [本地模式(默认)](#本地模式):仅能在本地访问,不支持局域网 / 公网访问,适用于初次体验; -- [端口模式](#端口模式):支持局域网 / 公网的 `http` 访问,适用于无域名或内部办公场景使用; -- [域名模式](#域名模式):支持局域网 / 公网在使用反向代理下的 `http/https` 访问,适用于个人或团队日常使用; - - - 在脚本的选项提示 `(选项1/选项2)[选项1]` 中:`(选项1 / 选项2)` - 代表可以选择的选项,`[选项1]`代表默认选项,直接回车即可选择默认选项。 - - -### 本地模式 - - - ### 在交互式脚本中完成剩余配置 - - 持续回车采用默认配置。 - - ### 查看配置生成报告 - - 你需要在脚本运行结束后查看配置生成报告,包括 Casdoor 管理员的帐号、用户账号和它们的初始登录密码。 - - 请使用用户账号登录 LobeHub,管理员账号仅用于管理 Casdoor。 - - ```log - 安全密钥生成结果如下: - LobeHub: - - URL: http://localhost:3210 - - Username: user - - Password: c66f8c - Casdoor: - - URL: http://localhost:8000 - - Username: admin - - Password: c66f8c - Minio: - - URL: http://localhost:9000 - - Username: admin - - Password: 8c82ea41 - ``` - - ### 启动 Docker - - ```sh - docker compose up -d - ``` - - ### 检查日志 - - ```sh - docker logs -f lobe-chat - ``` - - 如果你在容器中看到了以下日志,则说明已经启动成功: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: http://localhost:3210 - - Network: http://0.0.0.0:3210 - - ✓ Starting... - ✓ Ready in 95ms - ``` - - ### 访问应用 - - 通过 [http://localhost:3210](http://localhost:3210) 访问你的 LobeHub 服务。应用的账号密码在步骤`2`的报告中。 - - -### 端口模式 - - - ### 在交互式脚本中完成剩余配置 - - 在端口模式中,你需要根据脚本提示完成: - - - 服务器 IP 地址设置:以便局域网 / 公网访问。 - - 安全密钥重新生成:我们强烈建议你重新生成安全密钥,如果你缺少脚本所需的密钥生成库,我们建议你参考 [自定义部署](#自定义部署) 章节对密钥进行修改。 - - ### 查看配置生成报告 - - 你需要在脚本运行结束后查看配置生成报告,包括 Casdoor 管理员的帐号、用户账号和它们的初始登录密码。 - - 请使用用户账号登录 LobeHub,管理员账号仅用于管理 Casdoor。 - - ```log - 安全密钥生成结果如下: - LobeHub: - - URL: http://your_server_ip:3210 - - Username: user - - Password: 837e26 - Casdoor: - - URL: http://your_server_ip:8000 - - Username: admin - - Password: 837e26 - Minio: - - URL: http://your_server_ip:9000 - - Username: admin - - Password: dbac8440 - ``` - - ### 启动 Docker - - ```sh - docker compose up -d - ``` - - ### 检查日志 - - ```sh - docker logs -f lobe-chat - ``` - - 如果你在容器中看到了以下日志,则说明已经启动成功: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: http://your_server_ip:3210 - - Network: http://0.0.0.0:3210 - ✓ Starting... - ✓ Ready in 95ms - ``` - - ### 访问应用 - - 你可以通过 `http://your_server_ip:3210` 访问你的 LobeHub 服务。应用的账号密码在步骤`2`的报告中。 - - - 请注意,如果你的服务能够被公网访问,我们强烈建议你参考 [文档](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor) 关闭注册功能。 - - - -### 域名模式 - - - ### 完成反向代理配置 - - 在域名模式中,你需要完成反向代理配置,并确保局域网 / 公网能访问到以下服务。请使用反向代理将以下服务端口映射到域名: - - | 域名 | 反代端口 | 是否必选 | - | ---------------------- | ------ | ---- | - | `lobe.example.com` | `3210` | 必选 | - | `auth.example.com` | `8000` | 必选 | - | `minio.example.com` | `9000` | 必选 | - | `minio-ui.example.com` | `9001` | | - - - 如果你使用如 [宝塔面板](https://www.bt.cn/) 等面板软件进行反向代理配置, - 你需要确保其对 `.well-known` 路径的请求不进行拦截,以确保 Casdoor 的 OAuth2 配置能够正常工作。 - 这里提供一份针对 Casdoor 服务的 Nginx server 块的路径白名单配置: - - ```nginx - location /.well-known/openid-configuration { - proxy_pass http://localhost:8000; # 转发到 localhost:8000 - proxy_set_header Host $host; # 保留原始主机头 - proxy_set_header X-Real-IP $remote_addr; # 保留客户端真实IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 保留转发的IP - proxy_set_header X-Forwarded-Proto $scheme; # 保留请求协议 - } - ``` - - ⚠️ 请不要在此类面板软件的反向代理设置中开启任何形式的缓存,以免影响服务的正常运行。 - 详情请见 [https://github.com/lobehub/lobe-chat/discussions/5986](https://github.com/lobehub/lobe-chat/discussions/5986) - - - ### 在交互式脚本中完成剩余配置 - - 在域名模式中,你需要根据脚本提示完成: - - - LobeHub 服务的域名设置:`lobe.example.com` - - Minio 服务的域名设置:`minio.example.com` - - Casdoor 服务的域名设置:`auth.example.com` - - 选择访问协议:`http` 或 `https` - - 安全密钥重新生成:我们强烈建议你重新生成安全密钥,如果你缺少脚本所需的密钥生成库,我们建议你参考 [自定义部署](#自定义部署) 章节对密钥进行修改。 - - - 以下问题可能导致你的服务无法正常访问: - - - 此处的域名配置需要与步骤`1`中的反向代理配置保持一致。 - - - 如果你使用 Cloudflare 的域名解析服务并开启了 `全程代理`,请使用 `https` 协议。 - - - 如果你使用了 HTTPS 协议,请确保你的域名证书已经正确配置,一键部署默认不支持自签发证书。 - - - ### 查看配置生成报告 - - 你需要在脚本运行结束后查看配置生成报告,包括 Casdoor 管理员的初始登录密码。 - - 请使用用户账号登录 LobeHub,管理员账号仅用于管理 Casdoor。 - - ```log - 安全密钥生成结果如下: - LobeHub: - - URL: https://lobe.example.com - - Username: user - - Password: 837e26 - Casdoor: - - URL: https://auth.example.com - - Username: admin - - Password: 837e26 - Minio: - - URL: https://minio.example.com - - Username: admin - - Password: dbac8440 - ``` - - ### 启动 Docker - - ```sh - docker compose up -d - ``` - - ### 检查日志 - - ```sh - docker logs -f lobe-chat - ``` - - 如果你在容器中看到了以下日志,则说明已经启动成功: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: https://localhost:3210 - - Network: http://0.0.0.0:3210 - ✓ Starting... - ✓ Ready in 95ms - ``` - - ### 访问应用 - - 你可以通过 `https://lobe.example.com` 访问你的 LobeHub 服务。应用的账号密码在步骤`3`的报告中。 - - - 请注意,如果你的服务能够被公网访问,我们强烈建议你参考 [文档](https://lobehub.com/docs/self-hosting/advanced/auth/next-auth/casdoor) 关闭注册功能。 - - - -## 自定义部署 - -该章节主要为你介绍在不同的网络环境下自定义部署 LobeHub 服务必须要修改的配置。在开始前,你可以先下载 [Docker Compose 配置文件](https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml) 以及 [环境变量配置文件](https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.zh-CN.example)。 - -```sh -curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/docker-compose.yml -curl -O https://raw.githubusercontent.com/lobehub/lobe-chat/HEAD/docker-compose/local/.env.zh-CN.example -mv .env.zh-CN.example .env -``` - - - 本章节并不包含所有完整变量,剩余的变量可以查阅 - [使用服务端数据库部署](/zh/docs/self-hosting/server-database) 。 - - -### 预备知识 - -一般来讲,想要完整的运行 LobeHub 数据库版本,你需要至少拥有如下四个服务 - -- LobeHub 数据库版本自身 -- 带有 PGVector 插件的 PostgreSQL 数据库 -- 支持 S3 协议的对象存储服务 -- 受 LobeHub 支持的 SSO 登录鉴权服务 - -这些服务可以通过自建或者在线云服务组合搭配,以满足不同层次的部署需求。本文中,我们提供了完全基于开源自建服务的 Docker Compose 配置,你可以直接使用这份配置文件来启动 LobeHub 数据库版本,也可以对之进行修改以适应你的需求。 - -我们默认使用 [MinIO](https://github.com/minio/minio) 作为本地 S3 对象存储服务,使用 [Casdoor](https://github.com/casdoor/casdoor) 作为本地鉴权服务。 - - - 如果你的网络拓扑较为复杂,请先确保在你的网络环境中这些服务能够正常通讯。 - - -### 必要配置 - -以下我们将介绍运行这些服务的必要配置: - -1. Casdoor - -- LobeHub 需要与 Casdoor 通讯,因此你需要配置 Casdoor 的 Issuer 。 - -```env -AUTH_CASDOOR_ISSUER=https://auth.example.com -``` - -该配置会影响 LobeHub 的登录鉴权服务,你需要确保 Casdoor 服务的地址正确。你可以在 [常见问题](#常见问题) 中找到该配置错误的常见现象及解决方案。 - -- 同时,你也需要在 Casdoor 中允许回调地址为 LobeHub 的地址: - -请在 Casdoor 的 Web 面板的 `身份认证 -> 应用` -> `<应用ID,默认为 app-built-in>` -> `重定向URL` 中添加一行: - -``` -https://auth.example.com/api/auth/callback/casdoor -``` - -- Casdoor 需要在环境变量中提供访问的 Origin 信息: - -```env -origin=https://auth.example.com -``` - -2. MinIO - -- LobeHub 需要为 LLM 服务提供商提供文件对象的公网访问地址,因此你需要配置 MinIO 的 Endpoint 。 - -```env -S3_PUBLIC_DOMAIN=https://minio.example.com -S3_ENDPOINT=https://minio.example.com -``` - -3. PostgreSQL - -该配置位于 `docker-compose.yml` 文件中,你需要配置数据库的名称和密码: - -```yaml -services: - lobe: - environment: - - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' -``` - -## 常见问题 - -#### 无法正常登陆 - -请根据容器日志检查是否存在以下错误 - -```sh -docker logs -f lobe-chat -``` - -- r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) - -```log -lobe-chat | [auth][error] r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) -``` - -成因:该问题一般是由于你的反向代理配置不正确导致的,你需要确保你的反向代理配置不会拦截 Casdoor 的 OAuth2 配置请求。 - -解决方案: - -- 请参考 [域名模式](#域名模式) 章节中的反向代理配置注意事项。 - -- 一个直接的排查方式,你可以直接访问 `https://auth.example.com/.well-known/openid-configuration`,如果 - - - 返回了非 JSON 格式的数据,则说明你的反向代理配置错误。 - - 如果返回的 JSON 格式数据中的 `"issuer": "URL"` 字段不是你配置的 `https://auth.example.com`,则说明你的环境变量配置错误。 - -- TypeError: fetch failed - -```log -lobe-chat | [auth][error] TypeError: fetch failed -``` - -成因:LobeHub 无法访问鉴权服务。 - -解决方案: - -- 请检查你的鉴权服务是否正常运行,以及 LobeHub 所在的网络是否能够访问到鉴权服务。 - -- 一个直接的排查方式,你可以在 LobeHub 容器的终端中,使用 `curl` 命令访问你的鉴权服务 `https://auth.example.com/.well-known/openid-configuration`,如果返回了 JSON 格式的数据,则说明你的鉴权服务正常运行。 - -#### 反向代理下 OAuth 令牌交换失败 - -如果在反向代理后使用 Docker 时 OAuth 认证在令牌交换阶段失败,这通常是由默认的 `MIDDLEWARE_REWRITE_THROUGH_LOCAL=1` 设置引起的,该设置会将 URL 重写为 `127.0.0.1:3210`。 - -**解决方案**: 在 `.env` 文件中设置 `MIDDLEWARE_REWRITE_THROUGH_LOCAL=0` 并重启 Docker 容器: - -```bash -docker compose down -docker compose up -d -``` - -## 拓展配置 - -为了完善你的 LobeHub 服务,你可以根据你的需求进行以下拓展配置。 - -### 使用 MinIO 存储 Casdoor 头像 - -允许用户在 Casdoor 中更换头像 - -1. 你需要首先在 `buckets` 中创建一个名为 `casdoor` 的桶,选择自定义策略,复制并粘贴如下内容(如果你修改了桶名,请自行查找替换) - - ```json - { - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": ["*"] - }, - "Action": ["s3:GetBucketLocation"], - "Resource": ["arn:aws:s3:::casdoor"] - }, - { - "Effect": "Allow", - "Principal": { - "AWS": ["*"] - }, - "Action": ["s3:ListBucket"], - "Resource": ["arn:aws:s3:::casdoor"], - "Condition": { - "StringEquals": { - "s3:prefix": ["files/*"] - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": ["*"] - }, - "Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"], - "Resource": ["arn:aws:s3:::casdoor/**"] - } - ], - "Version": "2012-10-17" - } - ``` - -2. 创建一个新的访问密钥,将生成的 `Access Key` 和 `Secret Key` 存储之 - -3. 在 Casdoor 的 `身份认证 -> 提供商` 中关联 MinIO S3 服务,以下是一个示例配置: - - ![casdoor](/blog/assets18bb134dbc5792d6a624199cca8bf7d3.webp) - - 其中,客户端 ID、客户端密钥为上一步创建的访问密钥中的 `Access Key` 和 `Secret Key`,`192.168.31.251` 应当被替换为 `your_server_ip`。 - -4. 在 Casdoor 的 `身份认证 -> 应用` 中,对 `app-built-in` 应用添加提供商,选择 `minio`,保存并退出 - -5. 你可以在 Casdoor 的 `身份认证 -> 资源` 中,尝试上传文件以测试配置是否正确 - -### 生产部署下从 `logto` 迁移至 `Casdoor` - -适用于已经在生产环境下使用 `logto` 作为登录鉴权服务的用户 - - - 由于使用[Logto](https://logto.io/) 作为登录鉴权服务存在比较大的不稳定性。 因此,下文基于发布到 IP - 模式的教程,实现了使用 Casdoor 作为鉴权服务提供商的域名发布方案。 - 本文剩余部分也将以其为例进行说明。如果你使用其他诸如 Logto - 等其他登录鉴权服务,流程应当相近,但请注意不同的登录鉴权服务的端口配置可能有所差异。 - - -在下文中,我们假设在上述服务之外,你还运行了一层 **Nginx** 来进行反向代理、配置 SSL。 - -域名和配套服务端口说明如下: - -- `lobe.example.com`:为你的 LobeHub 服务端域名,需要反向代理到 LobeHub 服务端口,默认为 `3210` -- `auth.example.com`:为你的 Logto UI 域名,需要反向代理到 Logto WebUI 服务端口,默认为 `8000` -- `minio.example.com`:为你的 MinIO API 域名,需要反向代理到 MinIO API 服务端口,默认为 `9000` -- `minio-ui.example.com`:可选,为你的 MinIO UI 域名,需要反向代理到 MinIO WebUI 服务端口,默认为 `9001` - -#### 配置文件 - -```sh -bash <(curl -fsSL https://lobe.li/setup.sh) -l zh_CN -docker compose up -d -``` - -注意保存此时生成的新密码! - -运行后会获得三个文件 - -- init\_data.json -- docker-compose.yml -- .env - -接下来,修改配置文件以实现域名发布 - -1. 修改 `docker-compose.yml` 文件 - - 1. 修改 `minio`的`MINIO_API_CORS_ALLOW_ORIGIN`字段。 - - ```yaml - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' - ``` - - 2. 修改`casdoor`的`origin`字段。 - - ```yaml - origin: 'https://auth.example.com' - ``` - - 3. 修改`lobe`的`environment`字段。 - - ```yaml - # - 'APP_URL=http://localhost:3210' - - 'APP_URL=https://lobe.example.com' - - - 'AUTH_SSO_PROVIDERS=casdoor' - - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' - - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' - # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' - - 'AUTH_URL=https://lobe.example.com/api/auth' - - # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' - - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' - - - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' - # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' - - 'S3_ENDPOINT=https://minio.example.com' - - - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' - # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' - - 'S3_PUBLIC_DOMAIN=https://minio.example.com' - - - 'S3_ENABLE_PATH_STYLE=1' - - 'LLM_VISION_IMAGE_USE_BASE64=1' - ``` - -2. 修改 `.env` 文件 - -为了安全起见,修改 `.env` 文件中的 ROOT USER 的字段 - -```sh -# MinIO S3 configuration -MINIO_ROOT_USER=XXXX -MINIO_ROOT_PASSWORD=XXXX -``` - -#### Postgres 数据库配置 - -你可以使用下述指令检查日志: - -```sh -docker logs -f lobe-chat -``` - - - 在我们官方的 Docker 镜像中,会在启动镜像前自动执行数据库 schema 的 migration - ,我们的官方镜像承诺「空数据库 -> - 完整表」这一段自动建表的稳定性。因此我们建议你的数据库实例使用一个空表实例,进而省去手动维护表结构或者 - migration 的麻烦。 - - -如果你在建表的时候出现了问题,你可以尝试使用如下命令强制移除数据库容器并重新启动: - -```sh -docker compose down # 停止服务 -sudo rm -rf ./data # 移除挂载的数据库数据 -docker compose up -d # 重新启动 -``` - -#### 登录鉴权服务配置 - -你需要首先访问 WebUI 来进行配置: - -- 如果你按照前文配置了反向代理,打开 `https://auth.example.com` -- 否则,请在进行端口映射后,打开 `http://localhost:8000` - -登录管理员账户 - -- 默认用户名为 admin -- 默认密码为 下载配置文件时生成的随机密码。如忘记可到 `init_data.json` 文件中找回 - -登入后执行如下操作 - -1. 在 `用户管理 -> 组织` 中,添加一个新的组织。名称与显示名称为 `Lobe Users`。其余保持默认即可。 -2. 在 `身份认证 -> 应用` 中,添加一个新的应用。 - -- 名称与显示名称为 `LobeHub`。 -- 组织为 `Lobe Users`。 -- 重定向 URLS 中添加一行 为 `https://lobe.example.com/api/auth/callback/casdoor`。 -- 关闭除密码外的登录方式 。 -- 将客户端 ID 和客户端密钥分别填入 `.env`中的 `AUTH_CASDOOR_ID` 和 `AUTH_CASDOOR_SECRET` 中。 -- (可选) 仿照`built-in`应用的配置,来设计登录和注册的页面外观。 -- 保存并退出。 - - - 通过上述步骤,可以避免默认情况下所有用户均为管理员导致的不安全的情况。 - - -#### S3 对象存储服务配置 - -本文以 MinIO 为例,解释配置过程,如果你使用的是其他 S3 服务商,请参照其文档进行配置。 - - - 请记得注意配置对应 S3 服务商的 CORS 跨域配置,以确保 LobeHub 能够正常访问 S3 服务。 - - 在本文中,你需要允许 `https://lobe.example.com` 的跨域请求。这既可以在 MinIO WebUI 的 `Configuration - API - Cors Allow Origin` 中配置,也可以在 Docker Compose 中的 `minio - environment - MINIO_API_CORS_ALLOW_ORIGIN` 中配置。 - - 如果你使用第二种方法(这也是默认的方法)进行配置,你将无法再在 MinIO WebUI 中配置。 - - -你需要首先访问 WebUI 来进行配置: - -- 如果你按照前文配置了反向代理,打开 `https://minio-ui.example.com` -- 否则,请在进行端口映射后,打开 `http://localhost:9001` - -1. 在登录界面输入你设置的 `MINIO_ROOT_USER` 和 `MINIO_ROOT_PASSWORD`,然后点击登录 - -2. 在左侧面板 User / Access Keys 处,点击 `Create New Access Key`,无需额外修改,将生成的 `Access Key` 和 `Secret Key` 填入你的 `.env` 文件中的 `S3_ACCESS_KEY_ID` 和 `S3_SECRET_ACCESS_KEY` 中 - -创建 MinIO 访问密钥 - -3. 重启 LobeHub 服务: - - ```sh - docker compose up -d - ``` - -至此,你已经成功部署了 LobeHub 数据库版本,你可以通过 `https://lobe.example.com` 访问你的 LobeHub 服务。 - -#### 使用 `INTERNAL_APP_URL` 配置内部服务器通信 - - - 如果你在 CDN(如 Cloudflare)或反向代理后部署 LobeHub,你可以配置内部服务器到服务器通信以绕过 CDN / 代理层,以获得更好的性能。 - - -你可以配置 `INTERNAL_APP_URL` 环境变量: - -```yaml -environment: - - 'APP_URL=https://lobe.example.com' # 浏览器访问的公开 URL - - 'INTERNAL_APP_URL=http://localhost:3210' # 服务器到服务器调用的内部 URL -``` - -**工作原理:** - -- `APP_URL`:用于浏览器 / 客户端访问、OAuth 回调、webhook 等(通过 CDN / 代理) -- `INTERNAL_APP_URL`:用于内部服务器到服务器通信(绕过 CDN / 代理) - -如果未设置 `INTERNAL_APP_URL`,它将默认为 `APP_URL`。 - -**配置选项:** - -- `http://localhost:3210` - 如果使用 Docker 主机网络模式 -- `http://lobe:3210` - 如果使用 Docker 网络与服务名称 -- `http://127.0.0.1:3210` - 备用本地主机地址 - - - 对于使用 `network_mode: 'service:network-service'` 的 Docker Compose 部署,请使用 `http://localhost:3210` 作为 `INTERNAL_APP_URL`。 - - -#### 配置文件 - -为方便一键复制,在此汇总基于 casdoor 鉴权方案的域名方式下生产部署配置服务端数据库所需要的示例配置文件。 - -- `.env` - -```sh -# Proxy, if you need it -# HTTP_PROXY=http://localhost:7890 -# HTTPS_PROXY=http://localhost:7890 - -# Other environment variables, as needed. You can refer to the environment variables configuration for the client version. -# OPENAI_API_KEY=sk-xxxx -# OPENAI_PROXY_URL=https://api.openai.com/v1 -# OPENAI_MODEL_LIST=... - -# =========================== -# ====== Preset config ====== -# =========================== -# if no special requirements, no need to change -LOBE_PORT=3210 -CASDOOR_PORT=8000 -MINIO_PORT=9000 - -# Postgres related, which are the necessary environment variables for DB -LOBE_DB_NAME=LobeHub -POSTGRES_PASSWORD=uWNZugjBqixf8dxC - -# Casdoor secret -AUTH_CASDOOR_ID=943e627d79d5dd8a22a1 -AUTH_CASDOOR_SECRET=6ec24ac304e92e160ef0d0656ecd86de8cb563f1 - -# MinIO S3 configuration -MINIO_ROOT_USER=Joe -MINIO_ROOT_PASSWORD=Crj1570768 - -# Configure the bucket information of MinIO -MINIO_LOBE_BUCKET=lobe -S3_ACCESS_KEY_ID=dB6Uq9CYZPdWSZouPyEd -S3_SECRET_ACCESS_KEY=aPBW8CVULkh8bw1GatlT0GjLihcXHLNwRml4pieS -``` - -- `docker-compose.yml` - -```yaml -name: lobe-chat-database -services: - network-service: - image: alpine - container_name: lobe-network - ports: - - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API - - '9001:9001' # MinIO Console - - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor - - '${LOBE_PORT}:3210' # LobeHub - command: tail -f /dev/null - networks: - - lobe-network - - postgresql: - image: pgvector/pgvector:pg17 - container_name: lobe-postgres - ports: - - '5432:5432' - volumes: - - './data:/var/lib/postgresql/data' - environment: - - 'POSTGRES_DB=${LOBE_DB_NAME}' - - 'POSTGRES_PASSWORD=${POSTGRES_PASSWORD}' - healthcheck: - test: ['CMD-SHELL', 'pg_isready -U postgres'] - interval: 5s - timeout: 5s - retries: 5 - restart: always - networks: - - lobe-network - - minio: - image: minio/minio - container_name: lobe-minio - network_mode: 'service:network-service' - volumes: - - './s3_data:/etc/minio/data' - environment: - - 'MINIO_ROOT_USER=${MINIO_ROOT_USER}' - - 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}' - # - 'MINIO_API_CORS_ALLOW_ORIGIN=http://localhost:${LOBE_PORT}' - - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.example.com' - restart: always - command: > - server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001" - - casdoor: - image: casbin/casdoor - container_name: lobe-casdoor - entrypoint: /bin/sh -c './server --createDatabase=true' - network_mode: 'service:network-service' - depends_on: - postgresql: - condition: service_healthy - environment: - RUNNING_IN_DOCKER: 'true' - driverName: 'postgres' - dataSourceName: 'user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor' - # origin: 'http://localhost:${CASDOOR_PORT}' - origin: 'https://auth.example.com' - runmode: 'dev' - volumes: - - ./init_data.json:/init_data.json - - lobe: - image: lobehub/lobe-chat-database - container_name: lobe-chat-database - network_mode: 'service:network-service' - depends_on: - postgresql: - condition: service_healthy - network-service: - condition: service_started - minio: - condition: service_started - casdoor: - condition: service_started - - environment: - # - 'APP_URL=http://localhost:3210' - - 'APP_URL=https://lobe.example.com' - - - 'AUTH_SSO_PROVIDERS=casdoor' - - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' - - 'AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg' - # - 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth' - - 'AUTH_URL=https://lobe.example.com/api/auth' - - # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}' - - 'AUTH_CASDOOR_ISSUER=https://auth.example.com' - - - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}' - # - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}' - - 'S3_ENDPOINT=https://minio.example.com' - - - 'S3_BUCKET=${MINIO_LOBE_BUCKET}' - # - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}' - - 'S3_PUBLIC_DOMAIN=https://minio.example.com' - - - 'S3_ENABLE_PATH_STYLE=1' - - 'LLM_VISION_IMAGE_USE_BASE64=1' - env_file: - - .env - restart: always - -volumes: - data: - driver: local - s3_data: - driver: local - -networks: - lobe-network: - driver: bridge -``` - -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat-database?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat-database?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat-database?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/server-database/docker.mdx b/docs/self-hosting/server-database/docker.mdx deleted file mode 100644 index aa4358d2c5..0000000000 --- a/docs/self-hosting/server-database/docker.mdx +++ /dev/null @@ -1,154 +0,0 @@ ---- -title: Deploying LobeHub Database with Docker -description: >- - Learn how to deploy the LobeHub server database version using Docker on Linux - and local machines. -tags: - - LobeHub - - Docker - - Database Deployment - - Postgres ---- - -# Deploying Server Database Version Using Docker - -
- [![][docker-release-shield]][docker-release-link] - - [![][docker-size-shield]][docker-size-link] - - [![][docker-pulls-shield]][docker-pulls-link] -
- - - This article assumes that you are familiar with the basic principles and processes of deploying - the LobeHub server database version, so it only includes content related to core environment - variable configuration. If you are not familiar with the deployment principles of the LobeHub - server database version, please refer to [Deploying Server - Database](/docs/self-hosting/server-database) first. - - -## Deploying on a Linux Server - -Here is the process for deploying the LobeHub server database version on a Linux server: - - - ### Create a Postgres Database Instance - - Please create a Postgres database instance with the PGVector plugin according to your needs, for example: - - ```sh - docker network create pg - - docker run --name my-postgres --network pg -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d pgvector/pgvector:pg17 - ``` - - The above command will create a PG instance named `my-postgres` on the network `pg`, where `pgvector/pgvector:pg17` is a Postgres 17 image with the pgvector plugin installed by default. - - - The pgvector plugin provides vector search capabilities for Postgres, which is an important - component for LobeHub to implement RAG. - - - - The above command does not specify a persistent storage location for the pg instance, so it is - only for testing/demonstration purposes. Please configure persistent storage for production - environments. - - - ### Create a file named `lobe-chat.env` to store environment variables: - - ```shell - # Website domain - APP_URL=https://your-prod-domain.com - - # DB required environment variables - KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= - # Postgres database connection string - # Format: postgres://username:password@host:port/dbname; if your pg instance is a Docker container, use the container name - DATABASE_URL=postgres://postgres:mysecretpassword@my-postgres:5432/postgres - - # Authentication (Better Auth) - # Session encryption key (generate with: openssl rand -base64 32) - AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= - # JWKS key for signing and verifying JWTs (generate at: https://lobehub.com/docs/self-hosting/environment-variables/auth#jwks_key) - JWKS_KEY='{"keys":[...]}' - - # S3 related - S3_ACCESS_KEY_ID=xxxxxxxxxx - S3_SECRET_ACCESS_KEY=xxxxxxxxxx - S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com - S3_BUCKET=LobeHub - S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com - - ``` - - ### Start the lobe-chat-database Docker image - - ```sh - docker run -it -d -p 3210:3210 --network pg --env-file lobe-chat.env --name lobe-chat-database lobehub/lobe-chat-database - ``` - - You can use the following command to check the logs: - - ```sh - docker logs -f lobe-chat-database - ``` - - If you see the following logs in the container, it means it has started successfully: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: http://localhost:3210 - - Network: http://0.0.0.0:3210 - - ✓ Starting... - ✓ Ready in 95ms - ``` - - - - In our official Docker image, the database schema migration is automatically executed before - starting the image. We ensure stability from an empty database to all tables being formally - available. Therefore, we recommend using an empty table instance for your database to avoid the - cost of manually maintaining table structure migration. - - -## Using Locally (Mac / Windows) - -The data version of LobeHub also supports direct use on a local Mac/Windows machine. - -Here, we assume that you have a pg instance available on port 5432 locally on your Mac/Windows, with the account `postgres` and password `mysecretpassword`, accessible at `localhost:5432`. - -The script command you need to execute is: - -```shell -$ docker run -it -d --name lobe-chat-database -p 3210:3210 \ - -e DATABASE_URL=postgres://postgres:mysecretpassword@host.docker.internal:5432/postgres \ - -e KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ - -e AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ - -e JWKS_KEY='{"keys":[...]}' \ - -e APP_URL=http://localhost:3210 \ - -e S3_ACCESS_KEY_ID=xxxxxxxxxx \ - -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \ - -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \ - -e S3_BUCKET=LobeHub \ - -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \ - lobehub/lobe-chat-database -``` - - - `Docker` uses a virtual machine solution on `Windows` and `macOS`. If you use `localhost` / - `127.0.0.1`, it will refer to the container's `localhost`. In this case, try using - `host.docker.internal` instead of `localhost`. - - -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat-database?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat-database?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat-database?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/server-database/docker.zh-CN.mdx b/docs/self-hosting/server-database/docker.zh-CN.mdx deleted file mode 100644 index 8e99c4d740..0000000000 --- a/docs/self-hosting/server-database/docker.zh-CN.mdx +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: 使用 Docker 部署 LobeHub 数据库 -description: 详细步骤教你如何在 Docker 中部署 LobeHub 服务端数据库。 -tags: - - Docker - - LobeHub - - 数据库部署 - - Postgres ---- - -# 使用 Docker 部署服务端数据库版 - -
- [![][docker-release-shield]][docker-release-link] - - [![][docker-size-shield]][docker-size-link] - - [![][docker-pulls-shield]][docker-pulls-link] -
- - - 本文已经假定你了解了 LobeHub 服务端数据库版本(下简称 DB - 版)的部署基本原理和流程,因此只包含核心环境变量配置的内容。如果你还不了解 LobeHub DB - 版的部署原理,请先查阅 [使用服务端数据库部署](/zh/docs/self-hosting/server-database) 。 - 此外,针对国内的腾讯云储存桶用户,可查询[配置腾讯云 COS - 存储服务](/zh/docs/self-hosting/advanced/s3/tencent-cloud)。 - - -## 在 Linux 服务器上部署 - -以下是在 Linux 服务器上部署 LobeHub DB 版的流程: - - - ### 创建 Postgres 数据库实例 - - 请按照你自己的诉求创建一个带有 PGVector 插件的 Postgres 数据库实例,例如: - - ```sh - docker network create pg - - docker run --name my-postgres --network pg -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d pgvector/pgvector:pg17 - ``` - - 上述指令会创建一个名为 `my-postgres`,并且网络为 `pg` 的 PG 实例,其中 `pgvector/pgvector:pg17` 是一个 Postgres 17 的镜像,且默认安装了 pgvector 插件。 - - - pgvector 插件为 Postgres 提供了向量搜索的能力,是 LobeHub 实现 RAG 的重要构件之一。 - - - - 以上指令得到的 pg 实例并没有指定持久化存储位置,因此仅用于测试 / - 演示,生产环境请自行配置持久化存储。 - - - ### 创建名为 `lobe-chat.env` 文件用于存放环境变量: - - ```shell - # 网站域名 - APP_URL=https://your-prod-domain.com - - # DB 必须的环境变量 - # 用于加密敏感信息的密钥,可以使用 openssl rand -base64 32 生成 - KEY_VAULTS_SECRET='jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk=' - # Postgres 数据库连接字符串 - # 格式:postgres://username:password@host:port/dbname,如果你的 pg 实例为 Docker 容器,请使用容器名 - DATABASE_URL=postgres://postgres:mysecretpassword@my-postgres:5432/postgres - - # 身份验证(Better Auth) - # 会话加密密钥(使用以下命令生成:openssl rand -base64 32) - AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= - # JWKS 密钥,用于签名和验证 JWT(在此生成:https://lobehub.com/zh/docs/self-hosting/environment-variables/auth#jwks_key) - JWKS_KEY='{"keys":[...]}' - - # S3 相关 - S3_ACCESS_KEY_ID=xxxxxxxxxx - S3_SECRET_ACCESS_KEY=xxxxxxxxxx - # 用于 S3 API 访问的域名 - S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com - S3_BUCKET=LobeHub - # 用于外网访问 S3 的公共域名,需配置 CORS - S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com - # S3_REGION=ap-chengdu # 如果需要指定地域 - - ``` - - ### 启动 lobe-chat-database docker 镜像 - - ```sh - docker run -it -d -p 3210:3210 --network pg --env-file lobe-chat.env --name lobe-chat-database lobehub/lobe-chat-database - ``` - - 你可以使用下述指令检查日志: - - ```sh - docker logs -f lobe-chat-database - ``` - - 如果你在容器中看到了以下日志,则说明已经启动成功: - - ```log - [Database] Start to migration... - ✅ database migration pass. - ------------------------------------- - ▲ Next.js 14.x.x - - Local: http://localhost:3210 - - Network: http://0.0.0.0:3210 - - ✓ Starting... - ✓ Ready in 95ms - ``` - - - - 在我们官方的 Docker 镜像中,会在启动镜像前自动执行数据库 schema 的 migration - ,我们的官方镜像承诺「空数据库 -> - 完整表」这一段自动建表的稳定性。因此我们建议你的数据库实例使用一个空表实例,进而省去手动维护表结构或者 - migration 的麻烦。 - - -## 在本地(Mac / Windows) 上使用 - -LobeHub 的 DB 版也支持直接在本地的 Mac/Windows 本地使用。 - -在此我们已假设你的本地有一个 5432 端口可用,账号为 `postgres` ,密码是 `mysecretpassword` 的 pg 实例,它在 `localhost:5432` 可用。 - -那么你需要执行的脚本指令为: - -```shell -$ docker run -it -d --name lobe-chat-database -p 3210:3210 \ - -e DATABASE_URL=postgres://postgres:mysecretpassword@host.docker.internal:5432/postgres \ - -e KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ - -e AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= \ - -e JWKS_KEY='{"keys":[...]}' \ - -e APP_URL=http://localhost:3210 \ - -e S3_ACCESS_KEY_ID=xxxxxxxxxx \ - -e S3_SECRET_ACCESS_KEY=xxxxxxxxxx \ - -e S3_ENDPOINT=https://xxxxxxxxxx.r2.cloudflarestorage.com \ - -e S3_BUCKET=LobeHub \ - -e S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com \ - lobehub/lobe-chat-database -``` - - - `Docker` 在 `Windows` 和 `macOS` 上走的是虚拟机方案,如果使用 `localhost` / `127.0.0.1` - ,将会走到自身容器的 `localhost`,此时请尝试用 `host.docker.internal` 替代 `localhost` - - -[docker-pulls-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-pulls-shield]: https://img.shields.io/docker/pulls/lobehub/lobe-chat-database?color=45cc11&labelColor=black&style=flat-square -[docker-release-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-release-shield]: https://img.shields.io/docker/v/lobehub/lobe-chat-database?color=369eff&label=docker&labelColor=black&logo=docker&logoColor=white&style=flat-square&sort=semver -[docker-size-link]: https://hub.docker.com/r/lobehub/lobe-chat-database -[docker-size-shield]: https://img.shields.io/docker/image-size/lobehub/lobe-chat-database?color=369eff&labelColor=black&style=flat-square&sort=semver diff --git a/docs/self-hosting/server-database/netlify.mdx b/docs/self-hosting/server-database/netlify.mdx deleted file mode 100644 index 0213750662..0000000000 --- a/docs/self-hosting/server-database/netlify.mdx +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Deploy LobeHub with Database on Netlify -description: >- - Learn how to deploy LobeHub on Netlify with ease, including: database, - authentication and S3 storage service. -tags: - - Deploy LobeHub - - Netlify Deployment ---- - -# Deploy LobeHub with Database on Netlify - -TODO diff --git a/docs/self-hosting/server-database/netlify.zh-CN.mdx b/docs/self-hosting/server-database/netlify.zh-CN.mdx deleted file mode 100644 index 61dc3b92ce..0000000000 --- a/docs/self-hosting/server-database/netlify.zh-CN.mdx +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: 在 Netlify 上部署 LobeHub 服务端数据库版 -description: >- - 学习如何在 Netlify 上部署 LobeHub,包括 Fork 仓库、准备 OpenAI API Key、导入到 Netlify - 工作台、配置站点名称与环境变量等步骤。 -tags: - - Netlify - - LobeHub - - 部署教程 - - OpenAI API Key - - 环境配置 ---- - -# 使用 Netlify 部署 LobeHub 数据库版 - -TODO diff --git a/docs/self-hosting/server-database/railway.mdx b/docs/self-hosting/server-database/railway.mdx deleted file mode 100644 index cd6c5bb95a..0000000000 --- a/docs/self-hosting/server-database/railway.mdx +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Deploy LobeHub with Database on Railway -description: >- - Learn how to deploy LobeHub on Railway with ease, including: database, - authentication and S3 storage service. -tags: - - Deploy LobeHub - - Railway Deployment ---- - -# Deploy LobeHub with Database on Railway - -TODO diff --git a/docs/self-hosting/server-database/railway.zh-CN.mdx b/docs/self-hosting/server-database/railway.zh-CN.mdx deleted file mode 100644 index 6347cf6e64..0000000000 --- a/docs/self-hosting/server-database/railway.zh-CN.mdx +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: 在 Railway 上部署 LobeHub 数据库版 -description: 学习如何在 Railway 上部署 LobeHub 应用,包括准备 OpenAI API Key、点击按钮进行部署、绑定自定义域名等步骤。 -tags: - - Railway - - 部署 - - LobeHub - - OpenAI - - API Key - - 自定义域名 ---- - -# 使用 Railway 部署 LobeHub 数据库版 - -TODO diff --git a/docs/self-hosting/server-database/repocloud.mdx b/docs/self-hosting/server-database/repocloud.mdx deleted file mode 100644 index 7d7b745b53..0000000000 --- a/docs/self-hosting/server-database/repocloud.mdx +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Deploy LobeHub with Database on RepoCloud -description: >- - Learn how to deploy LobeHub on RepoCloud with ease, including database, - authentication and S3 storage service. -tags: - - Deploy LobeHub - - RepoCloud Deployment - - OpenAI API Key - - Custom Domain Binding ---- - -# Deploying LobeHub Database Edition with RepoCloud - -If you want to deploy LobeHub Database Edition on RepoCloud, you can follow the steps below: - -## RepoCloud Deployment Process - - - ### Prepare your OpenAI API Key - - Go to [OpenAI API Key](https://platform.openai.com/account/api-keys) to get your OpenAI API Key. - - ### One-click to deploy - - [![Deploy to RepoCloud](https://d16t0pc4846x52.cloudfront.net/deploy.svg)](https://repocloud.io/details/?app_id=248) - - ### Once deployed, you can start using it - - ### Bind a custom domain (optional) - - You can use the subdomain provided by RepoCloud, or choose to bind a custom domain. Currently, the domains provided by RepoCloud have not been contaminated, and most regions can connect directly. - diff --git a/docs/self-hosting/server-database/repocloud.zh-CN.mdx b/docs/self-hosting/server-database/repocloud.zh-CN.mdx deleted file mode 100644 index e2a23c5efc..0000000000 --- a/docs/self-hosting/server-database/repocloud.zh-CN.mdx +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: 在 RepoCloud 上部署 LobeHub 数据库版 -description: 学习如何在 RepoCloud 上部署 LobeHub 应用,包括准备 OpenAI API Key、点击部署按钮、绑定自定义域名等操作。 -tags: - - RepoCloud - - LobeHub - - 部署流程 - - OpenAI API Key - - 自定义域名 ---- - -# 在 RepoCloud 上部署 LobeHub 数据库版 - -如果您想在 RepoCloud 上部署 LobeHub 数据库版,可以按照以下步骤进行操作: - -## RepoCloud 部署流程 - - - ### 准备您的 OpenAI API 密钥 - - 请访问 [OpenAI API 密钥](https://platform.openai.com/account/api-keys) 获取您的 OpenAI API 密钥。 - - ### 一键部署 - - [![部署到 RepoCloud](https://d16t0pc4846x52.cloudfront.net/deploy.svg)](https://repocloud.io/details/?app_id=248) - - ### 部署完成后,您可以开始使用 - - ### 绑定自定义域名(可选) - - 您可以使用 RepoCloud 提供的子域名,或选择绑定自定义域名。目前,RepoCloud 提供的域名尚未被污染,大多数地区可以直接连接。 - diff --git a/docs/self-hosting/server-database/sealos.mdx b/docs/self-hosting/server-database/sealos.mdx deleted file mode 100644 index 5bf6e8a9ce..0000000000 --- a/docs/self-hosting/server-database/sealos.mdx +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Deploy Lobe Chat Database Version on Sealos -description: >- - Learn how to deploy LobeHub on Sealos with ease. Follow the provided steps to - set up LobeHub and start using it efficiently. -tags: - - Deploy LobeHub - - Sealos Deployment - - OpenAI API Key - - Custom Domain Binding ---- - -# Deploying Lobe Chat Database Version on Sealos - - - This article assumes that you are familiar with the basic principles and processes of deploying - the LobeHub server database version, so it only includes content related to core environment - variable configuration. If you are not familiar with the deployment principles of the LobeHub - server database version, please refer to [Deploying Server - Database](/docs/self-hosting/server-database) first. - - -The application on Sealos includes 4 services: - -- Logto for authrization(need to deploy separately). -- PostgreSQL with Vector plugin for data storage and indexing. -- One object storage Bucket. -- Lobe Chat database version. - -Here is the process for deploying the Lobe Chat server database version on Sealos: - -## Pre-Deployment Setup - -**Step 1**:Click the button below to deploy a Logto service: - -[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.usw.sealos.io/deploy?templateName=logto) - -> Logto is an open-source identity and access management (IAM) platform, an open-source alternative to Auth0, designed to help developers quickly build secure and scalable login and registration systems and user identity systems. - -**Step 2**:After the deployment is complete, wait for all the components of the application to be in the "Running" state, click the application's "Details" button to enter the application details page. - -![Logto application deployment status on Sealos](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-deployment-status-sealos-en.png) - -Click the public address corresponding to port 3002, you can use the public address to access the Logto service. - -![Logto service public address](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-public-address-en.png) - -**Step 3**:Register a management account, then click the `Applications` menu on the left, enter the application list page. Click the `Create application` button in the upper right corner to create an application. - -![Logto application list page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-application-list.png) - -Select `Next.js (App Router)` as the framework, then click the `Start building` button. - -![Logto create application page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application.png) - -**Step 4**:In the pop-up window, fill in the application name as `Lobe Chat`, then click the `Create application` button. Next, do not fill in anything, just click the bottom `Finish and done` button to create it. - -![Logto create application done page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application-done.png) - -**Step 5**:In the `Lobe Chat` application, find the following three parameters, which will be used later when deploying the Lobe Chat database version. - -![Logto application detail page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-detail.png) - -## Deploy Lobe Chat Database Version - -**Step 1**:Click the button below to visit the Lobe Chat database version application deployment page: - -[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.usw.sealos.io/deploy?templateName=lobe-chat-db) - -Fill in the following three required parameters: - -- `AUTH_LOGTO_ID`:The App ID of the Logto application -- `AUTH_LOGTO_SECRET`:The App Secret of the Logto application -- `AUTH_LOGTO_ISSUER`:The Issuer endpoint of the Logto application - -**Step 2**:Click the `Deploy App` button, after the deployment is complete, wait for all the components of the application to be in the "Running" state, click the application's "Details" button to enter the application details page. - -![Lobe Chat database version deployment done page](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-deployment-done-en.png) - -**Step 3**:Find the public address, copy it, and use it later. - -## Post-Deployment Configuration - -**Step 1**:Enter the `Applications` page of Logto, find the `Lobe Chat` application, click to enter the application details page. - -**Step 2**:In the `Settings` page, find the `Redirect URI` and `Post sign-out redirect URI` parameters, fill in the following values: - -- Redirect URI: `https:///api/auth/callback/logto` -- Post sign-out redirect URI: `https://` - -**Step 3**:Click the `Save changes` button to save the configuration. - -**Step 4**:Now, access the Lobe Chat database version through `https://`, click the avatar in the upper left corner, and then click the \[Log in / Sign up] button. - -**Step 5**:Next, you will be redirected to the Logto login page, click the \[Create account] button to register an account. - -**Step 6**:After registration, you can use Logto to login to the Lobe Chat database version. diff --git a/docs/self-hosting/server-database/sealos.zh-CN.mdx b/docs/self-hosting/server-database/sealos.zh-CN.mdx deleted file mode 100644 index 95901922dc..0000000000 --- a/docs/self-hosting/server-database/sealos.zh-CN.mdx +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: 在 Sealos 上部署 LobeHub 数据库版 -description: 学习如何在 Sealos 上部署 LobeHub,包括准备 OpenAI API Key、点击部署按钮、绑定自定义域名等操作。 -tags: - - Sealos - - LobeHub - - OpenAI API Key - - 部署流程 - - 自定义域名 ---- - -# 使用 Sealos 部署 LobeHub 数据库版 - - - 本文假设你已经熟悉 Lobe Chat - 服务器数据库版的部署基本原理和流程,因此只包含与核心环境变量配置相关的内容。如果你对 Lobe Chat - 服务器数据库版的部署原理不熟悉,请先参考[部署服务器数据库](/zh/docs/self-hosting/server-database)。 - - -在 Sealos 的 Lobe Chat 数据库版应用中总共包含有以下四个服务: - -- Logto 提供身份校验(需额外部署) -- 带有 Vector 插件的 PostgreSQL 来做数据存储和向量化 -- 一个对象存储 Bucket -- LobeHub Database 的实例 - -这里是在 Sealos 上部署 Lobe Chat 服务器数据库版的流程: - -## 预部署配置 - -在开始部署之前,您需要完成以下配置: - - - ### 部署 Logto 服务 - - 点击下方按钮部署一个 Logto 服务: - - [![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.hzh.sealos.run/deploy?templateName=logto) - - > Logto 是一个开源的身份与访问管理(IAM)平台,是 Auth0 的开源替代方案,旨在帮助开发者快速构建安全、可扩展的登录注册系统和用户身份体系。 - - 部署完成后,等待应用的所有组件状态都变成 “运行中”,点击应用的【详情】按钮,进入应用详情页面。 - - ![Logto 应用详情页面部署完成状态](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-deployment-status-sealos.png) - - 点击 3002 端口对应的公网地址,即可使用公网域名访问 Logto 服务。 - - ![Logto 服务公网地址](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-public-address.png) - - ### 创建 Application - - 注册一个管理员账号,然后点击左侧的 `Applications` 菜单,进入应用列表页面。再点击右上角的 `Create application` 按钮创建应用。 - - ![Logto 应用列表页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-application-list.png) - - 选择 `Next.js (App Router)` 作为框架,然后点击 `Start building` 按钮。 - - ![Logto 创建应用页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application.png) - - 在弹窗中填写应用的名称为 `Lobe Chat`,然后点击 `Create application` 按钮。接下来啥也不用填,直接点击底部的 `Finish and done` 按钮就创建完成了。 - - ![Logto 创建应用完成页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-create-application-done.png) - - 在 `Lobe Chat` 应用中找到以下三个参数,后面部署 Lobe Chat 数据库版时需要用到。 - - ![Logto 应用详情页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/logto-app-detail.png) - - -## 部署 Lobe Chat 数据库版 - -点击下方按钮访问 Lobe Chat 数据库版应用部署页面: - -[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://template.hzh.sealos.run/deploy?templateName=lobe-chat-db) - -填入三个必填参数: - -- `AUTH_LOGTO_ID`:Logto 应用的 App ID -- `AUTH_LOGTO_SECRET`:Logto 应用的 App Secret -- `AUTH_LOGTO_ISSUER`:Logto 应用的 Issuer endpoint - -点击【部署】按钮,部署完成后,等待应用的所有组件状态都变成 “运行中”,点击应用的【详情】按钮,进入应用详情页面。 - -![Lobe Chat 数据库版部署完成页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-deployment-done.png) - -找到公网地址,复制下来,后面需要用到。 - -![Lobe Chat 数据库版公网地址](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-public-address.png) - -## 部署后配置 - -进入 Logto 的 `Applications` 页面,找到 `Lobe Chat` 应用,点击进入应用详情页面。 - -在 `Settings` 页面中找到 “Redirect URI” 和 “Post sign-out redirect URI” 这两个参数,填入以下值: - -- Redirect URI:`https:///api/auth/callback/logto` -- Post sign-out redirect URI:`https://` - -其中 `https://` 为 Lobe Chat 数据库版的公网地址。 - -填完之后点击 `Save changes` 按钮保存配置。 - -现在通过 `https://` 访问 Lobe Chat 数据库版,点击左上角的头像,然后点击【登录 / 注册】按钮: - -![Lobe Chat 数据库版登录页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-login.png) - -接下来会跳转到 Logto 的登录页面,点击【注册】注册一个账号。 - -![Lobe Chat 数据库版注册页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-register.png) - -注册完成后,即可使用 Logto 登录 Lobe Chat 数据库版。 - -![Lobe Chat 数据库版登录成功页面](https://raw.githubusercontent.com/labring-actions/templates/main/template/lobe-chat-db/images/lobe-chat-db-login-success.png) diff --git a/docs/self-hosting/server-database/vercel.mdx b/docs/self-hosting/server-database/vercel.mdx deleted file mode 100644 index ac6f6d30db..0000000000 --- a/docs/self-hosting/server-database/vercel.mdx +++ /dev/null @@ -1,344 +0,0 @@ ---- -title: Deploy LobeHub with database on Vercel -description: >- - Learn how to deploy LobeHub with database on Vercel with ease, including: - database, authentication and S3 storage service. -tags: - - Deploy LobeHub - - Vercel Deployment - - Better Auth - - S3 Storage ---- - -# Deploying Server Database Version on Vercel - -This article will detail how to deploy the server database version of LobeHub on Vercel, including: 1) database configuration; 2) identity authentication service configuration; 3) steps for setting up the S3 storage service. - - - Before proceeding, please make sure of the following: - - - Export all data, as after deploying the server-side database, existing user data cannot be automatically migrated and can only be manually imported after backup! - - When configuring the environment variables required for the server-side database, make sure to fill in all of them before deployment, otherwise you may encounter database migration issues! - - -## 1. Configure the Database - - - ### Prepare the Server Database Instance and Obtain the Connection URL - - Before deployment, make sure you have prepared a Postgres database instance. You can choose one of the following methods: - - - `A.` Use Serverless Postgres instances like Vercel / Neon; - - `B.` Use self-deployed Postgres instances like Docker. - - The configuration for both methods is slightly different, and will be distinguished in the next step. - - ### Add Environment Variables in Vercel - - In Vercel's deployment environment variables, add `DATABASE_URL` and other environment variables, and fill in the Postgres database connection URL prepared in the previous step. The typical format for the database connection URL is `postgres://username:password@host:port/database`. - - - - - Please confirm the `Postgres` type provided by your vendor. If it is `Node Postgres`, switch to - the `Node Postgres` Tab. - - - Variables to be filled for Serverless Postgres are as follows: - - ```shell - # Serverless Postgres DB Url - DATABASE_URL= - ``` - - An example of filling in Vercel is as follows: - - {'Add - - - - Variables to be filled for Node Postgres are as follows: - - ```shell - # Node Postgres DB Url - DATABASE_URL= - - # Specify Postgres database driver as node - DATABASE_DRIVER=node - ``` - - An example of filling in Vercel is as follows: - - {'Add - - - - - If you wish to enable SSL when connecting to the database, please refer to the - [link](https://stackoverflow.com/questions/14021998/using-psql-to-connect-to-postgresql-in-ssl-mode) - for setup instructions. - - - ### Add the `KEY_VAULTS_SECRET` Environment Variable - - After adding the `DATABASE_URL` environment variable for the database, you need to add a `KEY_VAULTS_SECRET` environment variable. This variable is used to encrypt sensitive information such as apikeys stored by users. Click the button below to generate: - - - - Make sure to add this to the Vercel environment variables as well. - - ### Add the `APP_URL` Environment Variable - - Finally, you need to add the `APP_URL` environment variable, which specifies the URL address of the LobeHub application. - - -## 2. Configure Authentication Service - -The server-side database needs to be paired with a user authentication service to function properly. Therefore, the corresponding authentication service needs to be configured. - - - ### Add Authentication Environment Variables - - In Vercel's deployment environment variables, add the following environment variables to enable authentication (powered by [Better Auth](https://www.better-auth.com)): - - Click the button below to generate `AUTH_SECRET` (session encryption key): - - - - You also need to configure the `JWKS_KEY` environment variable for signing and verifying JWTs. Click the button below to generate: - - - - With these variables, users can register and login with email and password. - - - For advanced features like SSO providers, magic link login, and email verification, see [Authentication Service](/docs/self-hosting/advanced/auth). - - - ### Add Public and Private Key Environment Variables in Vercel - - In Vercel's deployment environment variables, add the `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` and `CLERK_SECRET_KEY` environment variables. You can click on "API Keys" in the menu, then copy the corresponding values and paste them into Vercel's environment variables. - - {'Find - - The environment variables required for this step are as follows: - - ```shell - NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx - CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx - ``` - - Add the above variables to Vercel: - - {'Add - - ### Create and Configure Webhook in Clerk - - Since we let Clerk fully handle user authentication and management, we need Clerk to notify our application and store data in the database when there are changes in the user's lifecycle (create, update, delete). We achieve this requirement through the Webhook provided by Clerk. - - We need to add an endpoint in Clerk's Webhooks to inform Clerk to send notifications to this endpoint when a user's information changes. - - {'Add - - Fill in the endpoint with the URL of your Vercel project, such as `https://your-project.vercel.app/api/webhooks/clerk`. Then, subscribe to events by checking the three user events (`user.created`, `user.deleted`, `user.updated`), and click create. - - - The `https://` in the URL is essential to maintain the integrity of the URL. - - - {'Configure - - ### Add Webhook Secret to Vercel Environment Variables - - After creation, you can find the secret of this Webhook in the bottom right corner: - - {'View - - The environment variable corresponding to this secret is `CLERK_WEBHOOK_SECRET`: - - ```shell - CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx - ``` - - Add it to Vercel's environment variables: - - {'Add - - -By completing these steps, you have successfully configured the authentication service. Next, we will configure the S3 storage service. - -## 3. Configure S3 Storage Service - -In the server-side database, we need to configure the S3 storage service to store files. - - - In this article, S3 refers to a compatible S3 storage solution, which supports object storage - systems that comply with the Amazon S3 API. Common examples include Cloudflare R2, Alibaba Cloud - OSS, etc., all of which support S3-compatible APIs. - - - - ### Configure and Obtain S3 Bucket - - You need to go to your S3 service provider (such as AWS S3, Cloudflare R2, etc.) and create a new storage bucket. The following steps will use Cloudflare R2 as an example to explain the creation process. - - The interface of Cloudflare R2 is shown below: - - {'Cloudflare - - When creating a storage bucket, specify its name and then click create. - - {'Create - - ### Obtain Environment Variables for the Bucket - - In the settings of the R2 storage bucket, you can view the bucket configuration information: - - {'View - - The corresponding environment variables are: - - ```shell - # Storage bucket name - S3_BUCKET=LobeHub - # Storage bucket request endpoint (note that the path in this link includes the bucket name, which must be removed, or use the link provided on the S3 API token application page) - S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com - # Public access domain for the storage bucket - S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com - ``` - - - `S3_ENDPOINT` must have its path removed, otherwise uploaded files will not be accessible - - - ### Obtain S3 Key Environment Variables - - You need to obtain the access key for S3 so that the LobeHub server has permission to access the S3 storage service. In R2, you can configure the access key in the account details: - - {'View - - Click the button in the upper right corner to create an API token and enter the create API Token page. - - {'Create - - Since our server-side database needs to read and write to the S3 storage service, the permission needs to be set to `Object Read and Write`, then click create. - - {'Configure - - After creation, you can see the corresponding S3 API token. - - {'Copy - - The corresponding environment variables are: - - ```shell - S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 - S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 - ``` - - ### Adding Corresponding Environment Variables in Vercel - - The steps to obtain the required environment variables may vary for different S3 service providers, but the obtained environment variables should be consistent: - - - The `https://` in the URL is essential and must be maintained for the completeness of the URL. - - - ```shell - # S3 Keys - S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 - S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 - - # Bucket name - S3_BUCKET=LobeHub - # Bucket request endpoint - S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com - # Public domain for bucket access - S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com - - # Bucket region, such as us-west-1, generally not required, but some providers may need to configure - # S3_REGION=us-west-1 - ``` - - Then, insert the above environment variables into Vercel's environment variables: - - {'Adding - - ### Configuring Cross-Origin Resource Sharing (CORS) - - Since S3 storage services are often on a separate domain, cross-origin access needs to be configured. - - In R2, you can find the CORS configuration in the bucket settings: - - {'Cloudflare - - Add a CORS rule to allow requests from your domain (in this case, `https://your-project.vercel.app`): - - {'Configuring - - Example configuration: - - ```json - [ - { - "AllowedOrigins": ["https://your-project.vercel.app"], - "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"], - "AllowedHeaders": ["*"] - } - ] - ``` - - After configuring, click save. - - -## Four, Deployment and Verification - -After completing the steps above, the configuration of the server-side database should be done. Next, we can deploy LobeHub to Vercel and then visit your Vercel link to verify if the server-side database is working correctly. - - - ### Redeploy the latest commit - - After configuring the environment variables, you need to redeploy the latest commit and wait for the deployment to complete. - - {'Redeploy - - ### Check if the features are working properly - - If you click on the login button in the top left corner and the login popup appears normally, then you have successfully configured it. Enjoy using it\~ - - {'User - - {'Login - - -## Appendix - -### Overview of Server-side Database Environment Variables - -For easy copying, here is a summary of the environment variables required to configure the server-side database: - -```shell -APP_URL=https://your-project.com - -# Postgres database URL -DATABASE_URL= -KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= - -# Authentication -AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= -JWKS_KEY='{"keys":[...]}' - -# S3 related configurations -# S3 keys -S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 -S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 - -# Bucket name -S3_BUCKET=LobeHub -# Bucket request endpoint -S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com -# Public access domain for the bucket -S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com -# Bucket region, such as us-west-1, generally not needed to add, but some service providers may require configuration -# S3_REGION=us-west-1 -``` diff --git a/docs/self-hosting/server-database/vercel.zh-CN.mdx b/docs/self-hosting/server-database/vercel.zh-CN.mdx deleted file mode 100644 index 455172fdaf..0000000000 --- a/docs/self-hosting/server-database/vercel.zh-CN.mdx +++ /dev/null @@ -1,337 +0,0 @@ ---- -title: 在 Vercel 上部署 LobeHub 的服务端数据库版本 -description: 本文详细介绍如何在 Vercel 中部署服务端数据库版 LobeHub,包括数据库配置、身份验证服务配置和 S3 存储服务的设置步骤。 -tags: - - 服务端数据库 - - Postgres - - Better Auth - - S3存储服务 - - Vercel部署 - - 数据库配置 - - 身份验证服务 - - 环境变量配置 ---- - -# 在 Vercel 上部署服务端数据库版 - -本文将详细介绍如何在 Vercel 中部署服务端数据库版 LobeHub,包括: 1)数据库配置;2)身份验证服务配置;3) S3 存储服务的设置步骤。 - - - 进行后续操作前,请务必确认以下事项: - - - 导出所有数据,部署服务端数据库后,原有用户数据无法自动迁移,只能提前备份后进行手动导入! - - 配置服务端数据库所需要的环境变量时,需全部填入后再进行部署,否则可能遭遇数据库迁移问题! - - -## 一、 配置数据库 - - - ### 准备服务端数据库实例,获取连接 URL - - 在部署之前,请确保你已经准备好 Postgres 数据库实例,你可以选择以下任一方式: - - - `A.` 使用 Vercel / Neon 等 Serverless Postgres 实例; - - `B.` 使用 Docker 等自部署 Postgres 实例。 - - 两者的配置方式略有不同,在下一步会有所区分。 - - ### 在 Vercel 中添加环境变量 - - 在 Vercel 的部署环境变量中,添加 `DATABASE_URL` 等环境变量,将上一步准备好的 Postgres 数据库连接 URL 填入其中。数据库连接 URL 的通常格式为 `postgres://username:password@host:port/database`。 - - - - - 请确认您的供应商所提供的 `Postgres` 类型,若为 `Node Postgres`,请切换到 `Node Postgres` Tab 。 - - - Serverless Postgres 需要填写的变量如下: - - ```shell - # Serverless Postgres DB Url - DATABASE_URL= - ``` - - 在 Vercel 中填写的示例如下: - - {'添加 - - - - Node Postgres 需要填写的变量如下: - - ```shell - # Node Postgres DB Url - DATABASE_URL= - - # 指定 Postgres database driver 为 node - DATABASE_DRIVER=node - ``` - - 在 Vercel 中填写的示例如下: - - {'添加 - - - - - 如果希望连接数据库时启用 SSL - ,请自行参考[链接](https://stackoverflow.com/questions/14021998/using-psql-to-connect-to-postgresql-in-ssl-mode)进行设置 - - - ### 添加 `KEY_VAULTS_SECRET` 环境变量 - - 在完成数据库 `DATABASE_URL` 环境变量添加后,需要添加一个 `KEY_VAULTS_SECRET` 环境变量。该变量用于加密用户存储的 apikey 等敏感信息。点击下方按钮一键生成: - - - - 同样需要将其添加到 Vercel 环境变量中。 - - ### 添加 `APP_URL` 环境变量 - - 该部分最后需要添加 `APP_URL` 环境变量,用于指定 LobeHub 应用的 URL 地址。 - - -## 二、 配置身份验证服务 - -服务端数据库需要搭配用户身份验证服务才可以正常使用。因此需要配置对应的身份验证服务。 - - - ### 添加身份验证环境变量 - - 在 Vercel 的部署环境变量中,添加以下环境变量以启用身份验证(基于 [Better Auth](https://www.better-auth.com)): - - 点击下方按钮一键生成 `AUTH_SECRET`(会话加密密钥): - - - - 同时需要配置 `JWKS_KEY` 环境变量,用于签名和验证 JWT。点击下方按钮一键生成: - - - - 配置这些变量后,用户即可使用邮箱和密码注册登录。 - - - 如需 SSO 登录、魔法链接登录、邮箱验证等高级功能,请参阅 [身份验证服务](/zh/docs/self-hosting/advanced/auth)。 - - - ### 在 Vercel 中添加公、私钥环境变量 - - 在 Vercel 的部署环境变量中,添加 `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY` 和 `CLERK_SECRET_KEY` 环境变量。你可以在菜单中点击「API Keys」,然后复制对应的值填入 Vercel 的环境变量中。 - - {'在 - - 此步骤所需的环境变量如下: - - ```shell - NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx - CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx - ``` - - 添加上述变量到 Vercel 中: - - {'在 - - ### 在 Clerk 中创建并配置 Webhook - - 由于我们让 Clerk 完全接管用户鉴权与管理,因此我们需要在 Clerk 用户生命周期变更时(创建、更新、删除)中通知我们的应用并存储落库。我们通过 Clerk 提供的 Webhook 来实现这一诉求。 - - 我们需要在 Clerk 的 Webhooks 中添加一个端点(Endpoint),告诉 Clerk 当用户发生变更时,向这个端点发送通知。 - - {'Clerk - - 在 endpoint 中填写你的 Vercel 项目的 URL,如 `https://your-project.vercel.app/api/webhooks/clerk`。然后在订阅事件(Subscribe to events)中,勾选 user 的三个事件(`user.created` 、`user.deleted`、`user.updated`),然后点击创建。 - - URL 的`https://`不可缺失,须保持 URL 的完整性 - - {'添加 - - ### 将 Webhook 秘钥添加到 Vercel 环境变量 - - 创建完毕后,可以在右下角找到该 Webhook 的秘钥: - - {'查看 - - 这个秘钥所对应的环境变量名为 `CLERK_WEBHOOK_SECRET`: - - ```shell - CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx - ``` - - 将其添加到 Vercel 的环境变量中: - - {'在 - - -这样,你已经成功配置了身份验证服务。接下来我们将配置 S3 存储服务。 - -## 三、 配置 S3 存储服务 - -在服务端数据库中我们需要配置 S3 存储服务来存储文件。 - - - 在本文,S3 所指代的是指兼容 S3 存储方案,即支持 Amazon S3 API 的对象存储系统,常见例如 Cloudflare - R2 、阿里云 OSS 等均支持 S3 兼容 API。 - - - - ### 配置并获取 S3 存储桶 - - 你需要前往你的 S3 服务提供商(如 AWS S3、Cloudflare R2 等)并创建一个新的存储桶(Bucket)。接下来以 Cloudflare R2 为例,介绍创建流程。 - - 下图是 Cloudflare R2 的界面: - - {'Cloudflare - - 创建存储桶时将指定其名称,然后点击创建。 - - {'R2 - - ### 获取存储桶相关环境变量 - - 在 R2 存储桶的设置中,可以看到桶配置的信息: - - {'查看存储桶的相关信息'} - - 其对应的环境变量为: - - ```shell - # 存储桶的名称 - S3_BUCKET=LobeHub - # 存储桶的请求端点(注意此处链接的路径带存储桶名称,必须删除该路径,或使用申请 S3 API token 页面所提供的链接) - S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com - # 存储桶对外的访问域名 - S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com - ``` - - `S3_ENDPOINT`必须删除其路径,否则会无法访问所上传文件 - - ### 获取 S3 密钥环境变量 - - 你需要获取 S3 的访问密钥,以便 LobeHub 的服务端有权限访问 S3 存储服务。在 R2 中,你可以在账户详情中配置访问密钥: - - {'查看存储桶的访问秘钥'} - - 点击右上角按钮创建 API token,进入创建 API Token 页面 - - {'创建对应 - - 鉴于我们的服务端数据库需要读写 S3 存储服务,因此权限需要选择`对象读与写`,然后点击创建。 - - {'配置 - - 创建完成后,就可以看到对应的 S3 API token - - {'复制 - - 其对应的环境变量为: - - ```shell - S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 - S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 - ``` - - ### 在 Vercel 中添加对应的环境变量 - - 不同 S3 服务商获取所需环境变量的步骤可能有所不同,但最终获得到的环境变量应该都是一致的: - - URL 的`https://`不可缺失,须保持 URL 的完整性 - - ```shell - # S3 秘钥 - S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 - S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 - - # 存储桶的名称 - S3_BUCKET=LobeHub - # 存储桶的请求端点 - S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com - # 存储桶对外的访问域名 - S3_PUBLIC_DOMAIN=https://s3-dev.your-domain.com - - # 桶的区域,如 us-west-1,一般来说不需要添加,但某些服务商则需要配置 - # S3_REGION=us-west-1 - ``` - - 然后将上述环境变量填入 Vercel 的环境变量中: - - {'在 - - ### 配置跨域 - - 由于 S3 存储服务往往是一个独立的网址,因此需要配置跨域访问。 - - 在 R2 中,你可以在存储桶的设置中找到跨域配置: - - {'Cloudflare - - 添加跨域规则,允许你的域名(在上文是 `https://your-project.vercel.app`)来源的请求: - - {'配置允许你的站点域名'} - - 示例配置如下: - - ```json - [ - { - "AllowedOrigins": ["https://your-project.vercel.app"], - "AllowedMethods": ["GET", "PUT", "HEAD", "POST", "DELETE"], - "AllowedHeaders": ["*"] - } - ] - ``` - - 配置后点击保存即可。 - - -## 四、部署并验证 - -通过上述步骤之后,我们应该就完成了服务端数据库的配置。接下来我们可以将 LobeHub 部署到 Vercel 上,然后访问你的 Vercel 链接,验证服务端数据库是否正常工作。 - - - ### 重新部署最新的 commit - - 配置好环境变量后,你需要重新部署最新的 commit,并等待部署完成。 - - {'重新部署最新的 - - ### 检查功能是否正常 - - 如果你点击左上角登录,可以正常显示登录弹窗,那么说明你已经配置成功了,尽情享用吧~ - - {'用户登录弹窗'} - - {'登录成功状态'} - - -## 附录 - -### 服务端数据库环境变量一览 - -为方便一键复制,在此汇总配置服务端数据库所需要的环境变量: - -```shell -APP_URL=https://your-project.com - -# Postgres 数据库 URL -DATABASE_URL= -KEY_VAULTS_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= - -# 身份验证 -AUTH_SECRET=jgwsK28dspyVQoIf8/M3IIHl1h6LYYceSYNXeLpy6uk= -JWKS_KEY='{"keys":[...]}' - -# S3 相关配置 -# S3 秘钥 -S3_ACCESS_KEY_ID=9998d6757e276cf9f1edbd325b7083a6 -S3_SECRET_ACCESS_KEY=55af75d8eb6b99f189f6a35f855336ea62cd9c4751a5cf4337c53c1d3f497ac2 - -# 存储桶的名称 -S3_BUCKET=LobeHub -# 存储桶的请求端点 -S3_ENDPOINT=https://0b33a03b5c993fd2f453379dc36558e5.r2.cloudflarestorage.com -# 存储桶对外的访问域名 -S3_PUBLIC_DOMAIN=https://s3-for-LobeHub.your-domain.com -# 桶的区域,如 us-west-1,一般来说不需要添加,但某些服务商则需要配置 -# S3_REGION=us-west-1 -``` diff --git a/docs/self-hosting/server-database/zeabur.mdx b/docs/self-hosting/server-database/zeabur.mdx deleted file mode 100644 index 99e52fb37f..0000000000 --- a/docs/self-hosting/server-database/zeabur.mdx +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Deploying LobeHub Database on Zeabur -description: >- - Learn how to deploy LobeHub on Zeabur with ease. Follow the provided steps to - set up your chat application seamlessly. -tags: - - Deploy LobeHub - - Zeabur Deployment - - OpenAI API Key - - Custom Domain Binding ---- - -# Deploying LobeHub Database on Zeabur - - - This article assumes that you are familiar with the basic principles and processes of deploying - the LobeHub server database version, so it only includes content related to core environment - variable configuration. If you are not familiar with the deployment principles of the LobeHub - server database version, please refer to [Deploying Server - Database](/docs/self-hosting/server-database) first. - - -The template on Zeabur includes 4 services: - -- Logto for authrization. -- PostgreSQL with Vector plugin for data storage and indexing. -- MinIO for image storage. -- LobeHub database version. - -## Deploying on Zeabur - -Here is the process for deploying the LobeHub server database version on Zeabur: - - - ### Go to the template page on Zeabur - - Go to the [LobeHub Database template page](https://zeabur.com/templates/RRSPSD) on Zeabur and click on the "Deploy" button. - - ### Fill in the required environment variables - - After you click on the "Deploy" button, you will see a modal pop-up where you can fill in the required environment variables. - - Here are the environment variables you need to fill in: - - - OpenAI API key: Your OpenAI API key to get responses from OpenAI. - - - LobeHub Domain: A free subdomain with `.zeabur.app` suffix. - - - MinIO Public Domain: A free subdomain with `.zeabur.app` suffix for yout MinIO web port to enable public access for the uploaded files. - - - Logto Console Domain: A free subdomain with `.zeabur.app` suffix for your Logto console. - - - Logto API Domain: A free subdomain with `.zeabur.app` suffix for your Logto api. - - ### Select a region and deploy - - After you fill all the required environment variables, select a region where you want to deploy your LobeHub Database and click on the "Deploy" button. - - You will see another modal pop-up where you can see the deployment progress. - - ### Configure Logto - - After the deployment is done, you need to configure your Logto service to enable authrization. - - Access your Logto console with the console domain you just binded, and then create a `Next.js 14(App router)` application to get the client ID and client secret, and fill in the cors and callback URLs. You can check [this document](../advanced/auth.mdx) for a more detailed guide. - - Fill in those variables into your LobeHub service on Zeabur, here is a more detailed guide for [editing environment variables on Zeabur](https://zeabur.com/docs/deploy/variables). - - For detailed configuration of Logto, refer to [this document](/docs/self-hosting/advanced/auth/next-auth/logto). - - ### Access your LobeHub Instance - - Press on the `LobeHub-Database` and you can see the public domain you just created, click on it to access your LobeHub Database. - - You can also bind a custom domain for your services if you want, here is a guide on how to [bind a custom domain on Zeabur](https://zeabur.com/docs/deploy/domain-binding). - diff --git a/docs/self-hosting/server-database/zeabur.zh-CN.mdx b/docs/self-hosting/server-database/zeabur.zh-CN.mdx deleted file mode 100644 index 16561609de..0000000000 --- a/docs/self-hosting/server-database/zeabur.zh-CN.mdx +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: 在 Zeabur 上部署 LobeHub -description: 按照指南准备 OpenAI API Key 并点击按钮进行部署。在部署完成后,即可开始使用 LobeHub 并选择是否绑定自定义域名。 -tags: - - Zeabur - - LobeHub - - OpenAI API Key - - 部署流程 - - 自定义域名 ---- - -# 使用 Zeabur 部署 LobeHub 数据库版 - - - 本文假设你已经熟悉 LobeHub - 服务器数据库版的部署基本原理和流程,因此只包含与核心环境变量配置相关的内容。如果你对 LobeHub - 服务器数据库版的部署原理不熟悉,请先参考[部署服务器数据库](/zh/docs/self-hosting/server-database)。 - - -在 Zeabur 的模板中总共包含有以下四个服务: - -- Logto 提供身份校验 -- 带有 Vector 插件的 PostgreSQL 来做数据存储和向量化 -- MinIO 作为对象存储 -- LobeHub Database 的实例 - -## 在 Zeabur 上部署 - -这里是在 Zeabur 上部署 LobeHub 服务器数据库版的流程: - - - ### 前往 Zeabur 上的模板页面 - - 前往 [Zeabur 上的 LobeHub 数据库模板页面](https://zeabur.com/templates/RRSPSD) 并点击 "Deploy" 按钮。 - - ### 填写必要的环境变量 - - 在你点击 “部署 “按钮后,你会看到一个模态弹窗,你可以在这里填写必要的环境变量。 - - 以下是你需要填写的环境变量: - - - OpenAI API key: 你的 OpenAI API key 用于获取模型的访问权限。 - - LobeHub Domain: 一个免费的 `.zeabur.app` 后缀的域名。 - - MinIO Public Domain: 一个免费的 `.zeabur.app` 后缀的域名为了暴露 MinIO 服务以公开访问资源。 - - Logto Console Domain: 一个免费的 `.zeabur.app` 后缀的域名来访问 Logto 的控制台。 - - Logto API Domain: 一个免费的 `.zeabur.app` 后缀的域名来访问 Logto 的 API。 - - ### 选择一个区域并部署 - - 在你填写完所有必要的环境变量后,选择一个你想要部署 LobeHub 数据库的区域并点击 “部署” 按钮。 - - 你会看到另一个模态弹窗,你可以在这里看到部署的进度。 - - ### 配置 Logto - - 当部署完成后,你会被自动导航到你在 Zeabur 控制台上刚刚创建的项目。你需要再进一步配置你的 Logto 服务。 - - 使用你刚绑定的域名来访问你的 Logto 控制台,创建一个新项目以获得对应的客户端 ID 与密钥,将它们填入你的 LobeHub 服务的变量中。关于如何填入变量,可以参照 [Zeabur 的官方文档](https://zeabur.com/docs/deploy/variables)。 - - Logto 的详细配置可以参考[这篇文档](/zh/docs/self-hosting/advanced/auth/next-auth/logto)。 - - ### 访问你的 LobeHub - - 按下 `LobeHub-Database` 你会看到你刚刚创建的公共域名,点击它以访问你的 LobeHub 数据库。 - - 你可以选择绑定一个自定义域名,这里有一个关于如何在 Zeabur 上[绑定自定义域名](https://zeabur.com/docs/deploy/domain-binding)的指南。 - diff --git a/packages/types/src/user/preference.ts b/packages/types/src/user/preference.ts index 8da0710cf9..7cb865ebf7 100644 --- a/packages/types/src/user/preference.ts +++ b/packages/types/src/user/preference.ts @@ -100,7 +100,7 @@ export interface UserInitializationState { username?: string; } -export const NextAuthAccountSchame = z.object({ +export const OAuthAccountSchema = z.object({ provider: z.string(), providerAccountId: z.string(), }); @@ -110,7 +110,7 @@ export const NextAuthAccountSchame = z.object({ */ export interface SSOProvider { email?: string; - /** Expiration time - Date for better-auth, number (Unix timestamp) for next-auth */ + /** Expiration time - Date for better-auth */ expiresAt?: Date | number | null; provider: string; providerAccountId: string; diff --git a/scripts/_shared/checkDeprecatedAuth.js b/scripts/_shared/checkDeprecatedAuth.js index bcb0d73b9e..67e31ec6bb 100644 --- a/scripts/_shared/checkDeprecatedAuth.js +++ b/scripts/_shared/checkDeprecatedAuth.js @@ -185,6 +185,22 @@ const DEPRECATED_CHECKS = [ 'Microsoft Entra ID provider has been renamed to Microsoft. Please update your environment variables.', name: 'Microsoft Entra ID', }, + { + docUrl: MIGRATION_DOC_BASE, + getVars: () => { + const hasEmailService = + process.env['SMTP_HOST'] || process.env['EMAIL_SERVICE_PROVIDER'] === 'resend'; + const hasEmailVerification = process.env['AUTH_EMAIL_VERIFICATION'] === '1'; + if (hasEmailService && !hasEmailVerification) { + return ['AUTH_EMAIL_VERIFICATION']; + } + return []; + }, + message: + 'Email service is configured but email verification is disabled. Consider setting AUTH_EMAIL_VERIFICATION=1 to verify user email ownership during registration.', + name: 'Email Verification', + severity: 'warning', + }, ]; /** diff --git a/src/libs/next/proxy/createRouteMatcher.test.ts b/src/libs/next/proxy/createRouteMatcher.test.ts index 27a5300b7f..4690294937 100644 --- a/src/libs/next/proxy/createRouteMatcher.test.ts +++ b/src/libs/next/proxy/createRouteMatcher.test.ts @@ -58,14 +58,6 @@ describe('createRouteMatcher', () => { expect(matcher(createMockRequest('/trpc/chat.create'))).toBe(true); }); - it('should match /next-auth/(.*) pattern', () => { - const matcher = createRouteMatcher(['/next-auth/(.*)']); - - expect(matcher(createMockRequest('/next-auth/'))).toBe(true); - expect(matcher(createMockRequest('/next-auth/signin'))).toBe(true); - expect(matcher(createMockRequest('/next-auth/callback/github'))).toBe(true); - expect(matcher(createMockRequest('/next-auth'))).toBe(false); // no trailing slash or path - }); }); describe('multiple patterns', () => { diff --git a/src/libs/trpc/middleware/userAuth.test.ts b/src/libs/trpc/middleware/userAuth.test.ts index 67c9fdd34e..c4ff4dc557 100644 --- a/src/libs/trpc/middleware/userAuth.test.ts +++ b/src/libs/trpc/middleware/userAuth.test.ts @@ -17,12 +17,6 @@ const createCaller = createCallerFactory(appRouter); let ctx: AuthContext; let router: ReturnType; -vi.mock('@/libs/next-auth/edge', () => { - return { - auth: vi.fn().mockResolvedValue(undefined), - }; -}); - beforeEach(async () => { vi.resetAllMocks(); }); diff --git a/src/proxy.ts b/src/proxy.ts index 4a43f30195..4ba1dd11cf 100644 --- a/src/proxy.ts +++ b/src/proxy.ts @@ -36,7 +36,6 @@ export const config = { '/verify-email(.*)', '/reset-password(.*)', '/auth-error(.*)', - '/next-auth/(.*)', '/oauth(.*)', '/oidc(.*)', '/market-auth-callback(.*)', diff --git a/src/server/routers/async/__tests__/caller.test.ts b/src/server/routers/async/__tests__/caller.test.ts index 2db3862404..d9e913e1f0 100644 --- a/src/server/routers/async/__tests__/caller.test.ts +++ b/src/server/routers/async/__tests__/caller.test.ts @@ -305,14 +305,14 @@ describe('createAsyncServerClient - INTERNAL_APP_URL Tests', () => { it('should handle Docker Compose deployment with service names', async () => { mockAppEnv.APP_URL = 'https://public.example.com'; - mockAppEnv.INTERNAL_APP_URL = 'http://lobe-chat-database:3210'; + mockAppEnv.INTERNAL_APP_URL = 'http://lobehub:3210'; await createAsyncServerClient('docker-user'); const config = vi.mocked(createTRPCClient).mock.calls[0][0]; const httpLinkOptions = config.links[0] as any; - expect(httpLinkOptions.url).toBe('http://lobe-chat-database:3210/trpc/async'); + expect(httpLinkOptions.url).toBe('http://lobehub:3210/trpc/async'); }); it('should handle deployment without CDN (INTERNAL_APP_URL not set)', async () => { diff --git a/src/server/routers/lambda/config/index.test.ts b/src/server/routers/lambda/config/index.test.ts index 4db7dda0c4..69fa90a168 100644 --- a/src/server/routers/lambda/config/index.test.ts +++ b/src/server/routers/lambda/config/index.test.ts @@ -13,12 +13,6 @@ const createCaller = createCallerFactory(configRouter); let ctx: AuthContext; let router: ReturnType; -vi.mock('@/libs/next-auth/edge', () => { - return { - auth: vi.fn().mockResolvedValue(undefined), - }; -}); - beforeEach(async () => { vi.resetAllMocks(); ctx = await createContextInner();