seatable反向代理seatable Nginx,seatable apache反向代理等,开启https,ssl反向踩坑教程

教程和分享
1

屏幕截图 2022-05-22 023448
屏幕截图 2022-05-22 0234481097×374 110 KB

又是炎热的夏季,又是小白折腾Nginx的第N天,心疼自己像个傻瓜

之前是胡乱折腾,恰好弄成功了,但我在本地操作的时候,发现一个问题,登录账户密码会提示CSRF 验证失败,这下好了,得推倒重来,后面又进行查资料,发现一切解决方法都在这里
地址: https://forum.seatable.io/t/csrf-verification-failed-when-using-seatable-2-1-0-without-letsencrypt/600

问题:照搬他的Nginx配置,一样会出毛病,后面修修改改,得到下面结论。
proxy_set_header X-Forwarded-Proto $scheme;这个是不能加的 然后确定即可,其它不管
80端口的我就不送上了,那个最终还是要转到ssl,

server {
	server_name www.域名.com ;
	listen 127.0.0.1:443 ssl;
	
	# ---------------从这里开始到下面结束,你面板配置是什么就是什么,不要去改--------------
	ssl_certificate "/var/www/httpd-cert/www-root/www.域名.com_le2.crtca";
	ssl_certificate_key "/var/www/httpd-cert/www-root/www.域名.com_le2.key";
	ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	add_header Strict-Transport-Security "max-age=31536000;";
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	
	charset off;
	disable_symlinks if_not_owner from=$root_path;
	
	include /etc/nginx/vhosts-includes/*.conf;
	include /etc/nginx/vhosts-resources/www.域名.com/*.conf;
	
	access_log /var/www/httpd-logs/www.域名.com.access.log;
	error_log /var/www/httpd-logs/www.域名.com.error.log notice;
	
	ssi on;
	set $root_path /var/www/www-root/data/www/www.域名.com;
	root $root_path;
	# ----------------------这里结束到上面.你面板配置是什么就是什么,更改可能会出现乱七八糟错误--------------
	
	
	# 
	# -----------------------我是无脑加入了下面的,理论你也可以------------------------------
	location / {
    proxy_pass http://localhost:808; # docker映射的端口
    proxy_set_header        X-Real-IP         $remote_addr;
    proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Host  $server_name;
	# proxy_set_header        X-Forwarded-Proto $scheme; # 这里我的不加就不会出现CSRF验证失败,自己尝试
	}

	location /socket.io {
    proxy_pass http://127.0.0.1:808; # docker映射的端口
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
	}
}
2

我的docker-compose.yml 配置文档如下,SEATABLE_SERVER_HOSTNAME 这里要填域名,而不是本地ip地址,如果我填ip地址,100%网络错误,这个方法是用于有独立ip的状态下配置的,局域网或DDNS等我研究好再来发布

version: '2.0'
services:
  db:
    image: mariadb:10.5
    container_name: seatable-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=PASSWORD                  # Root password of MySQL -- must be changed
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /opt/seatable/mysql-data:/var/lib/mysql         # Volume of MySQL (directory for persistent storage) and mount point in container -- can be changed (not advised)
    networks:
      - seatable-net

  memcached:
    image: memcached:1.5.6
    container_name: seatable-memcached
    entrypoint: memcached -m 256
    networks:
      - seatable-net

  redis:
    image: redis:5.0.7
    container_name: seatable-redis
    networks:
      - seatable-net

  seatable:
    image: seatable/seatable-enterprise:latesND
    container_name: seatable
    ports:
      - "808:80"                                         # HTTP port on the Docker host and the port in the container -- must be changed if port 80 is already in use on Docker host
      - "4438:443"                                       # HTTPS port on the Docker host and the port in the container -- must be changed if port 443 is already in use on Docker host
    volumes:
      - /opt/seatable/seatable-data:/shared             # Volume of SeaTable (directory for persistent storage) and mount point in container -- can be changed (not advised)
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=PASSWORD                      # Root password of MySQL -- must be changed to the value set above
      - SEATABLE_SERVER_LETSENCRYPT=False               # Decision on whether or not to use Let's Encrypt for HTTPS, default is False -- must be changed to True if a Let's Encrypt SSL certificate is to be used
      - SEATABLE_SERVER_HOSTNAME=www.域名.com  # Host name -- must be changed
      - TIME_ZONE=Etc/UTC                               # Optional, default is UTC. Example: Europe/Berlin. Choices can be found here: http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
    depends_on:
      - db
      - memcached
      - redis
    networks:
      - seatable-net

networks:
  seatable-net: