请教一个问题docker生产部署 生成图片的时候不显示出来 #4351
-
Beta Was this translation helpful? Give feedback.
Replies: 34 comments
-
Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible. |
Beta Was this translation helpful? Give feedback.
-
@baihuyan 你好!我是Dosu,一个能帮你解决bug、回答问题并成为贡献者的机器人。我会在等待人类维护者的时候帮助你。期待和你一起解决问题!🤖 I found a similar unsolved discussion and two closed issues that might be relevant to your problem:
The issue you're experiencing with images not displaying in your Docker production deployment is likely due to a DNS lookup failure. This can be resolved by fixing the #### What's fixed
- **misc**: Fix `/etc/resolv.conf` edit permission in docker image, closes [#3880](https://github.com/lobehub/lobe-chat/issues/3880) ([fdaa190](https://github.com/lobehub/lobe-chat/commit/fdaa190)) Additionally, ensure that your Docker Compose configuration includes the necessary network settings to handle DNS resolution properly. Here is an example configuration: services:
network-service:
image: alpine
container_name: lobe-network
ports:
- '${MINIO_PORT}:${MINIO_PORT}' # MinIO API
- '9001:9001' # MinIO Console
- '${CASDOOR_PORT}:${CASDOOR_PORT}' # Casdoor
- '${LOBE_PORT}:3210' # LobeChat
command: tail -f /dev/null
networks:
- lobe-network
postgresql:
image: pgvector/pgvector:pg16
container_name: lobe-postgres
ports:
- "5432:5432"
volumes:
- './data:/var/lib/postgresql/data'
environment:
- 'POSTGRES_DB=${LOBE_DB_NAME}'
- 'POSTGRES_PASSWORD=${POSTGRES_PASSWORD}'
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U postgres']
interval: 5s
timeout: 5s
retries: 5
restart: always
networks:
- lobe-network
minio:
image: minio/minio
container_name: lobe-minio
network_mode: 'service:network-service'
volumes:
- './s3_data:/etc/minio/data'
environment:
- 'MINIO_ROOT_USER=${MINIO_ROOT_USER}'
- 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}'
- 'MINIO_API_CORS_ALLOW_ORIGIN=http://localhost:${LOBE_PORT}'
restart: always
command: >
server /etc/minio/data --address ":${MINIO_PORT}" --console-address ":9001"
casdoor:
image: casbin/casdoor
container_name: lobe-casdoor
entrypoint: /bin/sh -c './server --createDatabase=true'
network_mode: 'service:network-service'
depends_on:
postgresql:
condition: service_healthy
environment:
RUNNING_IN_DOCKER: "true"
driverName: "postgres"
dataSourceName: "user=postgres password=${POSTGRES_PASSWORD} host=postgresql port=5432 sslmode=disable dbname=casdoor"
origin: "http://localhost:${CASDOOR_PORT}"
runmode: "dev"
volumes:
- ./init_data.json:/init_data.json
lobe:
image: lobehub/lobe-chat-database
container_name: lobe-database
network_mode: 'service:network-service'
depends_on:
postgresql:
condition: service_healthy
network-service:
condition: service_started
minio:
condition: service_started
casdoor:
condition: service_started
environment:
- 'APP_URL=http://localhost:3210'
- 'NEXT_AUTH_SSO_PROVIDERS=casdoor'
- 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
- 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
- 'AUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
- 'AUTH_CASDOOR_ISSUER=http://localhost:${CASDOOR_PORT}'
- 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
- 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
- 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
- 'S3_PUBLIC_DOMAIN=http://localhost:${MINIO_PORT}'
- 'S3_ENABLE_PATH_STYLE=1'
- 'LLM_VISION_IMAGE_USE_BASE64=1'
env_file:
- .env
restart: always
volumes:
data:
driver: local
s3_data:
driver: local
networks:
lobe-network:
driver: bridge Ensure that your Docker Compose file includes these configurations to resolve the DNS lookup failure and allow the image to display correctly [4][5][6]. |
Beta Was this translation helpful? Give feedback.
-
你好我的域名不是.top是 .com的,然后lobechat的版本是v1.19.32,还是不能显示图片呀 |
Beta Was this translation helpful? Give feedback.
-
Hello, my domain name is not .top but .com, and the version of lobechat is v1.19.32, but it still cannot display pictures. |
Beta Was this translation helpful? Give feedback.
-
你要在回答中@它,它才会回复你 |
Beta Was this translation helpful? Give feedback.
-
You have to @ it in the answer and it will reply to you |
Beta Was this translation helpful? Give feedback.
-
@lobehubbot @dosubot @dosu
@lobehubbot @dosubot @dosu 我的域名不是 .top 而是 .com,lobechat 的版本是 v1.19.32,但还是无法显示图片,报错显示是dns问题reason: DNS lookup 224.0.0.5(family:4, host:oaidalleapiprodscus.blob.core.windows.net) is not allowed. Because, It is private IP address.,图片生成了链接但是无法在lobechat上面显示,也没有上传到minio里面,检查了docker配置变量没有跟你不一样。 |
Beta Was this translation helpful? Give feedback.
-
你的 LobeChat v1.19.32 Docker 部署在使用 .com 域名时无法显示图片,并且显示 DNS 查找错误(224.0.0.5)且无法将图片上传到 MinIO,可能是由于 MinIO 的 CORS 配置不正确导致的。 请确保 MinIO 的 CORS 跨域设置正确配置,以允许来自你的 LobeChat 域名(例如 以下是相关文档中的说明: <Callout type="warning">
请记住为 S3 服务提供商配置相应的 CORS 跨域设置,以确保 LobeChat 能够正常访问 S3 服务。
在本文中,你需要允许来自 `https://lobe.example.com` 的跨域请求。这可以在 MinIO WebUI 中的 `Configuration - API - Cors Allow Origin` 下配置,或者在 Docker Compose 中通过 `minio - environment - MINIO_API_CORS_ALLOW_ORIGIN` 配置。
如果你使用第二种方法(也是默认方法)进行配置,则无法在 MinIO WebUI 中进行配置。
</Callout> 此外,请确保 MinIO 存储桶策略正确设置,以允许必要的操作。以下是存储桶策略配置示例: {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["*"]
},
"Action": ["s3:GetBucketLocation"],
"Resource": ["arn:aws:s3:::lobe"]
},
{
"Effect": "Allow",
"Principal": {
"AWS": ["*"]
},
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::lobe"],
"Condition": {
"StringEquals": {
"s3:prefix": ["files/*"]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": ["*"]
},
"Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"],
"Resource": ["arn:aws:s3:::lobe/files/**"]
}
],
"Version": "2012-10-17"
} 要解决此问题,请执行以下步骤:
在 services:
minio:
image: minio/minio
environment:
MINIO_API_CORS_ALLOW_ORIGIN: "https://lobe.example.com"
ports:
- "9000:9000"
- "9001:9001"
volumes:
- ./data:/data
command: server /data 完成这些更改后,重启 LobeChat 服务: docker compose up -d |
Beta Was this translation helpful? Give feedback.
-
Your LobeChat v1.19.32 Docker deployment is unable to display images when using a .com domain name and displays a DNS lookup error (224.0.0.5) and fails to upload images to MinIO, possibly due to incorrect CORS configuration for MinIO. Please make sure MinIO's CORS cross-domain settings are configured correctly to allow requests from your LobeChat domain name (e.g. Here are the instructions from the relevant documentation: <Callout type="warning">
Please remember to configure the appropriate CORS cross-domain settings for your S3 service provider to ensure that LobeChat can properly access the S3 service.
In this article, you need to allow cross-origin requests from `https://lobe.example.com`. This can be configured in the MinIO WebUI under `Configuration - API - Cors Allow Origin`, or in Docker Compose via `minio - environment - MINIO_API_CORS_ALLOW_ORIGIN`.
If you configure using the second (and default) method, you cannot configure it in the MinIO WebUI.
</Callout> Also, make sure the MinIO bucket policy is set correctly to allow the necessary operations. The following is an example bucket policy configuration: {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["*"]
},
"Action": ["s3:GetBucketLocation"],
"Resource": ["arn:aws:s3:::lobe"]
},
{
"Effect": "Allow",
"Principal": {
"AWS": ["*"]
},
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::lobe"],
"Condition": {
"StringEquals": {
"s3:prefix": ["files/*"]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": ["*"]
},
"Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"],
"Resource": ["arn:aws:s3:::lobe/files/**"]
}
],
"Version": "2012-10-17"
} To resolve this issue, follow these steps:
Example configuration in services:
minio:
image: minio/minio
environment:
MINIO_API_CORS_ALLOW_ORIGIN: "https://lobe.example.com"
ports:
- "9000:9000"
- "9001:9001"
volumes:
- ./data:/data
command: server /data After completing these changes, restart the LobeChat service: docker compose up -d This should resolve the DNS lookup error and allow images to display and upload correctly [[1]](https://github.com/lobehub/lobe-chat/blob/main/docs/self-hosting/server- database/docker-compose.mdx)[[2]](https://github.com/lobehub/lobe-chat/blob/main/docs/self-hosting/server-database/docker -compose.zh-CN.mdx). |
Beta Was this translation helpful? Give feedback.
-
@lobehubbot@dosubot@dosu 您好,设置了MINIO_API_CORS_ALLOW_ORIGIN变量,现在是我用了nginx反代minio9000端口服务好像访问不了,但是9001控制台是没有问题创建桶跟上传文件都没问题,就是在生成的图片无法显示上传 |
Beta Was this translation helpful? Give feedback.
-
@lobehubbot@dosubot@dosu Hello, I have set the MINIO_API_CORS_ALLOW_ORIGIN variable. Now I use nginx to reverse the minio9000 port service and it seems that it cannot be accessed. However, there is no problem in the 9001 console to create the bucket and upload the file. It is the generated image. Unable to display upload |
Beta Was this translation helpful? Give feedback.
-
@baihuyan 9000端口是提供api的,没有web页面。
这句没听懂 |
Beta Was this translation helpful? Give feedback.
-
@baihuyan Port 9000 provides API and does not have a web page.
I didn't understand this sentence |
Beta Was this translation helpful? Give feedback.
-
@baihuyan 意思是dalle生成的图片既无法显示,也无法保存到minio里吗?这我就不清楚了。 |
Beta Was this translation helpful? Give feedback.
-
@baihuyan Does it mean that the pictures generated by dalle can neither be displayed nor saved to minio? I don't know this. |
Beta Was this translation helpful? Give feedback.
-
@BiFangKNT 你好 非常谢谢,这是我的dockercomposer 和env 还有nginx反代
|
Beta Was this translation helpful? Give feedback.
-
@BiFangKNT 你好 非常谢谢,这是我的dockercomposer 和env 还有nginx反代
|
Beta Was this translation helpful? Give feedback.
-
桶策略设置了吗?
还有你的.env里 |
Beta Was this translation helpful? Give feedback.
-
@SpeedupMaster 你好~这些在我的env都有的 ,但是刚刚没贴上去,现在上传图片,向量化都没问题,就是DALL3生成的图片无法显示,也没上传到桶里面,报错是 |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
报错显示私有IP地址,上传的图片,你复制链接,浏览器里能打开吗? |
Beta Was this translation helpful? Give feedback.
-
dns解析出问题了。错误日志表明,你的请求无法访问
以下是gpt给出的建议,由于我需要更多信息进行判断,暂时不做推测,你先试试排查一下吧: 问题的焦点可能集中在以下几个方面: 1. MinIO 反向代理与 Docker Compose 的端口配置不一致
解决方案:去掉 minio:
image: minio/minio
container_name: lobe-minio
ports:
- '9000:9000' # MinIO API
- '9001:9001' # MinIO Console
volumes:
- './s3_data:/etc/minio/data'
environment:
- 'MINIO_ROOT_USER=${MINIO_ROOT_USER}'
- 'MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}'
- 'MINIO_DOMAIN=s3api.xxxx.com'
- 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.xxxx.com'
restart: always
command: >
server /etc/minio/data --address ":9000" --console-address ":9001"
networks:
- lobe-network 在此配置中,你明确暴露了 MinIO 的 API 端口 2. 反向代理配置检查根据你的 Nginx 配置,确保 假设你在 Docker Compose 网络中,MinIO 可能使用的是内部容器名称作为主机名,例如 proxy_pass http://lobe-minio:9000; 这样,Nginx 会通过 Docker DNS 自动解析 3. 确保服务间网络连通性所有服务都应加入同一个网络 解决方案:确保每个服务都连接到同一个 Docker 网络,去掉 networks:
lobe-network:
driver: bridge 对于每个服务: networks:
- lobe-network 4. 环境变量和端口冲突
确保这些端口在宿主机上没有被其他进程占用,否则会导致端口冲突问题。 5. MinIO API 和 CORS 设置在 MinIO 的环境变量中,你配置了 MINIO_API_CORS_ALLOW_ORIGIN=* 6. 健康检查和依赖管理你已经使用了 优化:考虑在 总结主要问题可能是:
你可以从这些方面入手来修复配置中的问题。 |
Beta Was this translation helpful? Give feedback.
-
@baihuyan 关于第二项,我是不建议在反代里配置容器名的,因为你现在明显是dns解析有问题,相关的ip需要排查一下,用容器名是顾小而失大。当然,你可以都试试。 |
Beta Was this translation helpful? Give feedback.
-
@baihuyan Regarding the second item, I don’t recommend configuring the container name in reverse generation, because you obviously have a problem with DNS resolution, and the related IP needs to be checked. Using a container name is a small thing but not a big deal. Of course, you can try them all. |
Beta Was this translation helpful? Give feedback.
-
可能原因分析:
解决方案建议:
总结:这个报错极有可能是由于容器的 DNS 解析配置问题,或者网络模式( |
Beta Was this translation helpful? Give feedback.
-
Possible cause analysis:
Solution suggestions:
Summarize:This error is most likely due to a DNS resolution configuration problem in the container, or the network mode ( |
Beta Was this translation helpful? Give feedback.
-
@baihuyan Regarding the dns issue, you can refer to the bottom of this discussion #4058 |
Beta Was this translation helpful? Give feedback.
-
@baihuyan 目前我们的 Dall·e 实现里,会有一步去下载生成的图片(因为 Dall·e 生成的图片默认的过期时间就 1~2 小时),我们会走 你遇到的问题应该是属于 dns 解析把微软那个地址当成内网 ip 了,看看有没有啥配置可以处理的 |
Beta Was this translation helpful? Give feedback.
@baihuyan 目前我们的 Dall·e 实现里,会有一步去下载生成的图片(因为 Dall·e 生成的图片默认的过期时间就 1~2 小时),我们会走
/webapi/proxy
接口拿到图片 base64,由于安全原因( GHSA-mxhq-xw3g-rphc 、 GHSA-3fc8-2r3f-8wrg ),在过 proxy 的时候会检查 dns 是否是内网 ip ,避免出现 SSRF 攻击。你遇到的问题应该是属于 dns 解析把微软那个地址当成内网 ip 了,看看有没有啥配置可以处理的