又是炎热的夏季,又是小白折腾Nginx的第N天,心疼自己像个傻瓜
之前是胡乱折腾,恰好弄成功了,但我又重装系统继续操作的时候,发现一个问题,登录账户密码会提示CSRF 验证失败,这下好了,得推倒重来,后面又进行查资料,发现一切解决方法都在这里
地址: https://forum.seatable.io/t/csrf-verification-failed-when-using-seatable-2-1-0-without-letsencrypt/600
问题:照搬他的Nginx配置,一样会出毛病,后面修修改改,得到下面结论。
proxy_set_header X-Forwarded-Proto $scheme;这个是不能加的 然后确定即可,其它不管
80端口的我就不送上了,那个最终还是要转到ssl,
server {
server_name www.域名.com ;
listen 127.0.0.1:443 ssl;
# ---------------从这里开始到下面结束,你面板配置是什么就是什么,不要去改--------------
ssl_certificate "/var/www/httpd-cert/www-root/www.域名.com_le2.crtca";
ssl_certificate_key "/var/www/httpd-cert/www-root/www.域名.com_le2.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=31536000;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset off;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/www.域名.com/*.conf;
access_log /var/www/httpd-logs/www.域名.com.access.log;
error_log /var/www/httpd-logs/www.域名.com.error.log notice;
ssi on;
set $root_path /var/www/www-root/data/www/www.域名.com;
root $root_path;
# ----------------------这里结束到上面.你面板配置是什么就是什么,更改可能会出现乱七八糟错误--------------
#
# -----------------------我是无脑加入了下面的,理论你也可以------------------------------
location / {
proxy_pass http://localhost:808; # docker映射的端口
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# proxy_set_header X-Forwarded-Proto $scheme; # 这里我的不加就不会出现CSRF验证失败,自己尝试
}
location /socket.io {
proxy_pass http://127.0.0.1:808; # docker映射的端口
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
我的docker-compose.yml 配置文档如下,SEATABLE_SERVER_HOSTNAME 这里要填域名,而不是本地ip地址,如果我填ip地址,100%网络错误,这个方法是用于有独立ip的状态下配置的,局域网或DDNS等我研究好再来发布
version: '2.0'
services:
db:
image: mariadb:10.5
container_name: seatable-mysql
environment:
- MYSQL_ROOT_PASSWORD=PASSWORD # Root password of MySQL -- must be changed
- MYSQL_LOG_CONSOLE=true
volumes:
- /opt/seatable/mysql-data:/var/lib/mysql # Volume of MySQL (directory for persistent storage) and mount point in container -- can be changed (not advised)
networks:
- seatable-net
memcached:
image: memcached:1.5.6
container_name: seatable-memcached
entrypoint: memcached -m 256
networks:
- seatable-net
redis:
image: redis:5.0.7
container_name: seatable-redis
networks:
- seatable-net
seatable:
image: seatable/seatable-enterprise:latesND
container_name: seatable
ports:
- "808:80" # HTTP port on the Docker host and the port in the container -- must be changed if port 80 is already in use on Docker host
- "4438:443" # HTTPS port on the Docker host and the port in the container -- must be changed if port 443 is already in use on Docker host
volumes:
- /opt/seatable/seatable-data:/shared # Volume of SeaTable (directory for persistent storage) and mount point in container -- can be changed (not advised)
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=PASSWORD # Root password of MySQL -- must be changed to the value set above
- SEATABLE_SERVER_LETSENCRYPT=False # Decision on whether or not to use Let's Encrypt for HTTPS, default is False -- must be changed to True if a Let's Encrypt SSL certificate is to be used
- SEATABLE_SERVER_HOSTNAME=www.域名.com # Host name -- must be changed
- TIME_ZONE=Etc/UTC # Optional, default is UTC. Example: Europe/Berlin. Choices can be found here: http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
depends_on:
- db
- memcached
- redis
networks:
- seatable-net
networks:
seatable-net:
