[Bug] next_auth throwing error, if I set AUTH_CASDOOR_ISSUER to anything other then http://localhost:${CASDOOR_PORT}'

[rukh-debug]

📦 Environment

Docker

📌 Version

latest

💻 Operating System

Other Linux

🌐 Browser

Firefox

🐛 Bug Description

If I set custom domain or Ip as my casdoor url, next_auth have some sort of issue.

Error Log

lobe-chat      | [auth][error] TypeError: fetch failed
lobe-chat      |     at node:internal/deps/undici/undici:13484:13
lobe-chat      |     at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
lobe-chat      |     at async iY (/app/.next/server/chunks/18702.js:368:46924)
lobe-chat      |     at async iQ (/app/.next/server/chunks/18702.js:368:49798)
lobe-chat      |     at async i5 (/app/.next/server/chunks/18702.js:368:52440)
lobe-chat      |     at async i4 (/app/.next/server/chunks/18702.js:368:56596)
lobe-chat      |     at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17582)
lobe-chat      |     at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22212)
lobe-chat      |     at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/server/base-server.js:1452:42)
lobe-chat      |     at async responseGenerator (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-dom@19._gjluzxyayy7ntgi7rjyylzka3q/node_modules/next/dist/server/base-server.js:1822:28)
lobe-chat      | [NextAuth] Error: {
lobe-chat      |   cause: 'Configuration',
lobe-chat      |   message: 'Wrong configuration, make sure you have the correct environment variables set. Visit https://lobehub.com/docs/self-hosting/advanced/authentication for more details.',
lobe-chat      |   name: 'NextAuth Error'
lobe-chat      | }

docker-compose.yml

name: lobe-chat-database
services:
  network-service:
    image: alpine
    container_name: lobe-network
    ports:
      - '${MINIO_PORT}:${MINIO_PORT}' # MinIO API
      - '9001:9001' # MinIO Console
      - '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor
      - '${LOBE_PORT}:3210' # LobeChat
    command: tail -f /dev/null
    networks:
      - lobe-network
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gpt.rule=Host(`chat.${DOMAIN}`)"
      - "traefik.http.routers.gpt.entrypoints=web-secure"
      - "traefik.http.routers.gpt.tls.certresolver=selfresolver"
      - "traefik.http.routers.gpt.tls.domains[0].main=*.${DOMAIN}"
      - "traefik.http.routers.gpt.service=gptService"
      - "traefik.http.services.gptService.loadbalancer.server.port=${LOBE_PORT}"
      - "traefik.docker.network=reverse-proxy_default"

      - "traefik.http.routers.casdoor.rule=Host(`accounts.${DOMAIN}`)"
      - "traefik.http.routers.casdoor.entrypoints=web-secure"
      - "traefik.http.routers.casdoor.tls.certresolver=selfresolver"
      - "traefik.http.routers.casdoor.tls.domains[0].main=*.${DOMAIN}"
      - "traefik.http.routers.casdoor.service=casdoorService"
      - "traefik.http.services.casdoorService.loadbalancer.server.port=${CASDOOR_PORT}"


  postgresql:
    image: pgvector/pgvector:pg16
    container_name: lobe-postgres
    ports:
      - '5432:5432'
    volumes:
      - './data:/var/lib/postgresql/data'
    environment:
      - 'POSTGRES_DB=${LOBE_DB_NAME}'
      - 'POSTGRES_PASSWORD=${POSTGRES_PASSWORD}'
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U postgres']
      interval: 5s
      timeout: 5s
      retries: 5
    restart: always
    networks:
      - lobe-network

  minio:
    image: minio/minio
    container_name: lobe-minio
    network_mode: 'service:network-service'
    volumes:
      - './s3_data:/etc/minio/data'
    environment:
      - 'MINIO_ROOT_USER=${MINIO_ROOT_USER}'
      - 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}'
      - 'MINIO_API_CORS_ALLOW_ORIGIN=https://chat.${DOMAIN}'
    restart: always
    command: >
      server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001"


  casdoor:
    image: casbin/casdoor
    container_name: lobe-casdoor
    entrypoint: /bin/sh -c './server --createDatabase=true'
    network_mode: 'service:network-service'
    depends_on:
      postgresql:
        condition: service_healthy
    environment:
      RUNNING_IN_DOCKER: 'true'
      driverName: 'postgres'
      dataSourceName: 'user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor'
      origin: 'https://accounts.${DOMAIN}'
      # origin: 'http://localhost:${CASDOOR_PORT}'
      # origin: 'http://100.121.230.45:${CASDOOR_PORT}'
      runmode: 'prod'
    volumes:
      - ./init_data.json:/init_data.json

  lobe:
    image: lobehub/lobe-chat-database
    container_name: lobe-chat
    network_mode: 'service:network-service'
    depends_on:
      postgresql:
        condition: service_healthy
      network-service:
        condition: service_started
      minio:
        condition: service_started
      casdoor:
        condition: service_started

    environment:
      - 'APP_URL=https://chat.${DOMAIN}'
      - 'NEXT_AUTH_SSO_PROVIDERS=casdoor'
      - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
      - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
      - 'AUTH_URL=https://chat.${DOMAIN}/api/auth'
      - 'AUTH_CASDOOR_ISSUER=https://accounts.${DOMAIN}/'
      # - 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}'
      # - 'AUTH_CASDOOR_ISSUER=http://100.121.230.45:${CASDOOR_PORT}'
      - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
      - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
      - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
      - 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}'
      - 'S3_ENABLE_PATH_STYLE=1'
      - 'LLM_VISION_IMAGE_USE_BASE64=1'
    env_file:
      - .env
    restart: always

volumes:
  data:
    driver: local
  s3_data:
    driver: local

networks:
  proxy:
    external: true
    name: reverse-proxy_default
  lobe-network:
    driver: bridge

.env

# Proxy, if you need it
# HTTP_PROXY=http://localhost:7890
# HTTPS_PROXY=http://localhost:7890

DOMAIN=my.domain

# Other environment variables, as needed. You can refer to the environment variables configuration for the client version, making sure not to have ACCESS_CODE.
# OPENAI_API_KEY=sk-xxxx
# OPENAI_PROXY_URL=https://api.openai.com/v1
# OPENAI_MODEL_LIST=...


# ===========================
# ====== Preset config ====== 
# ===========================
# if no special requirements, no need to change
LOBE_PORT=3210
CASDOOR_PORT=8000
MINIO_PORT=9000

# Postgres related, which are the necessary environment variables for DB
LOBE_DB_NAME=lobechat
POSTGRES_PASSWORD=XXXXXXXXXXX

# Casdoor secret
AUTH_CASDOOR_ID=a387a4892ee19b1a2249
AUTH_CASDOOR_SECRET=e6a3c52a9316f71d05505fa35fe78f34

# MinIO S3 configuration
MINIO_ROOT_USER=YOUR_MINIO_USER
MINIO_ROOT_PASSWORD=YOUR_MINIO_PASSWORD

# Configure the bucket information of MinIO
MINIO_LOBE_BUCKET=lobe
S3_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
S3_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXX

casdoor application config

---

What option do not work

- 'AUTH_CASDOOR_ISSUER=https://accounts.${DOMAIN}/' && - 'AUTH_CASDOOR_ISSUER=http://100.121.230.45:${CASDOOR_PORT}'

What works

'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}'

📷 Recurrence Steps

setting AUTH_CASDOOR_ISSUER with anything other then http://localhost:${CASDOOR_PORT}'`

🚦 Expected Behavior

I am expecting so see a login form like this.

proof of its woking as expected (going to login screen) while using localhost

📝 Additional Information

• Same issue occures when i use IP:PORT
• casdoor can be accesed without an issue through domain or IP

[lobehubbot]

👀 @rukh-debug

Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事，并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

[dosubot]

Hey there, @rukh-debug! I'm here to help you with any bugs, questions, or contributions. Let's dive in and tackle this issue together!

The issue you're experiencing with setting AUTH_CASDOOR_ISSUER to anything other than http://localhost:${CASDOOR_PORT} is likely due to the way the Docker network is configured. In a Docker environment, services often communicate using internal network addresses, and localhost refers to the container's own network namespace. When you set AUTH_CASDOOR_ISSUER to http://localhost:${CASDOOR_PORT}, it works because the Casdoor service is accessible at that address within the Docker network.

To resolve this issue when using a custom domain or IP, ensure that:

1. Network Configuration: The custom domain or IP is correctly routed to the Casdoor service within your Docker network. This might involve setting up appropriate DNS records or using a reverse proxy like Traefik, which you seem to be using.

2. Traefik Configuration: Verify that Traefik is correctly configured to route requests to the Casdoor service. Ensure that the traefik.http.routers.casdoor.rule and related settings are correctly pointing to your desired domain.

3. Environment Variables: Double-check that all related environment variables and configurations in your .env file and docker-compose.yml are consistent and correctly set up for the domain/IP you are using.

4. CORS and Security Settings: Ensure that CORS settings and any security configurations in Casdoor allow requests from your custom domain/IP.

If these configurations are correct and the issue persists, it might be helpful to check the logs for any network-related errors or misconfigurations.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other}

[rukh-debug]

Hey there, @rukh-debug! I'm here to help you with any bugs, questions, or contributions. Let's dive in and tackle this issue together!

The issue you're experiencing with setting AUTH_CASDOOR_ISSUER to anything other than http://localhost:${CASDOOR_PORT} is likely due to the way the Docker network is configured. In a Docker environment, services often communicate using internal network addresses, and localhost refers to the container's own network namespace. When you set AUTH_CASDOOR_ISSUER to http://localhost:${CASDOOR_PORT}, it works because the Casdoor service is accessible at that address within the Docker network.

To resolve this issue when using a custom domain or IP, ensure that:

1. **Network Configuration**: The custom domain or IP is correctly routed to the Casdoor service within your Docker network. This might involve setting up appropriate DNS records or using a reverse proxy like Traefik, which you seem to be using.

2. **Traefik Configuration**: Verify that Traefik is correctly configured to route requests to the Casdoor service. Ensure that the `traefik.http.routers.casdoor.rule` and related settings are correctly pointing to your desired domain.

3. **Environment Variables**: Double-check that all related environment variables and configurations in your `.env` file and `docker-compose.yml` are consistent and correctly set up for the domain/IP you are using.

4. **CORS and Security Settings**: Ensure that CORS settings and any security configurations in Casdoor allow requests from your custom domain/IP.

If these configurations are correct and the issue persists, it might be helpful to check the logs for any network-related errors or misconfigurations.

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

YEP

[lobehubbot]

✅ @rukh-debug

This issue is closed, If you have any questions, you can comment and reply.
此问题已经关闭。如果您有任何问题，可以留言并回复。