Docker环境下Nginx反向代理FileBrowser至子路径时登录失败及资源请求异常问题求助
2026-4-22
Docker环境下Nginx反向代理FileBrowser至子路径时登录失败及资源请求异常问题求助
我正在搭建一个服务器托管特定Web应用,已经完成域名(example.org)注册、DigitalOcean VPS创建,并且把域名DNS指向了VPS——运行简单Web服务器时,通过浏览器访问example.org可以正常打开。
我想要用这个服务器托管FileBrowser,直接用默认Docker命令运行是正常的,但我有两个核心需求:
- 让FileBrowser(以及后续其他Web服务)走HTTPS协议
- 让FileBrowser通过
example.org/files路径访问,这样域名还能预留出来用于其他服务
我的部署方案是用三个Docker容器配合:
- Nginx容器:暴露80和443端口,作为对外的统一入口
- Certbot容器:负责获取和维护SSL证书
- FileBrowser容器:提供文件管理服务
预期逻辑是只有Nginx对外可访问,由它负责路由到内部其他服务,内部服务之间用HTTP通信即可,只需要给Nginx配置SSL证书。
当前配置文件
docker-compose.yaml
version: '3' services: webserver: image: nginx:latest ports: - 80:80 - 443:443 volumes: - ./nginx/conf/:/etc/nginx/conf.d/:ro - ./nginx/www/:/srv/www/:ro - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl:ro certbot: image: certbot/certbot:latest volumes: - ./certbot/www/:/var/www/certbot/:rw - ./certbot/conf/:/etc/letsencrypt/:rw filebrowser: image: filebrowser/filebrowser:latest volumes: - ./filebrowser/files:/srv - ./filebrowser/filebrowser.db:/filebrowser.db - ./filebrowser/filebrowser.json:/.filebrowser.json
Nginx配置文件
server { listen 80; listen [::]:80; server_name example.org www.example.org; server_tokens off; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://example.org$request_uri; } } server { listen 443 default_server ssl; listen [::]:443 ssl; http2 on; server_name example.org; ssl_certificate /etc/nginx/ssl/live/example.org/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/example.org/privkey.pem; location / { root /srv/www/; } location /files { return 302 /files/; } location /files/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; add_header Pragma "no-cache"; add_header Cache-Control "no-cache"; proxy_pass http://filebrowser:8080/; sub_filter 'action="/' 'action="/files/'; sub_filter 'href="/' 'href="/files/'; sub_filter 'src="/' 'src="/files/'; sub_filter_once off; } }
FileBrowser配置文件(filebrowser.json)
{ "port": 8080, "baseURL": "", "address": "", "log": "stdout", "database": "/filebrowser.db", "root": "/srv" }
问题现象
运行docker compose up后:
- 访问example.org可以正常看到Nginx托管的静态index.html文件
- 访问example.org/files会自动跳转到/example.org/files/,并显示FileBrowser的登录页面
- 输入正确的用户名和密码后,页面提示"Wrong credentials",同时Nginx日志出现资源找不到的错误
完整运行日志
[+] Running 4/4 ✔ Network webservices_default Created 0.1s ✔ Container webservices-certbot-1 Created 0.1s ✔ Container webservices-filebrowser-1 Created 0.1s ✔ Container webservices-webserver-1 Created 0.1s Attaching to webservices-certbot-1, webservices-filebrowser-1, webservices-webserver-1 webservices-filebrowser-1 | 2023/07/26 12:49:57 Using config file: /.filebrowser.json webservices-filebrowser-1 | 2023/07/26 12:49:57 Listening on [::]:8080 webservices-webserver-1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration webservices-webserver-1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ webservices-webserver-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh webservices-webserver-1 | 10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?) webservices-webserver-1 | /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh webservices-webserver-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh webservices-webserver-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh webservices-webserver-1 | /docker-entrypoint.sh: Configuration complete; ready for start up webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: using the "epoll" event method webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: nginx/1.25.1 webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14) webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: OS: Linux 5.15.0-78-generic webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: start worker processes webservices-webserver-1 | 2023/07/26 12:49:57 [notice] 1#1: start worker process 21 webservices-certbot-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log webservices-certbot-1 | Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. webservices-certbot-1 exited with code 1 webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:17 +0000] "GET /files HTTP/2.0" 302 145 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:17 +0000] "GET /files/ HTTP/2.0" 200 4439 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 2023/07/26 12:50:17 [warn] 21#21: *1 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading upstream, client: 89.8.210.16, server: example.org, request: "GET /files/static/js/chunk-vendors.0f8eac7b.js HTTP/2.0", upstream: "http://172.20.0.4:8080/static/js/chunk-vendors.0f8eac7b.js", host: "example.org", referrer: "https://example.org/files/" webservices-webserver-1 | 2023/07/26 12:50:17 [warn] 21#21: *1 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 89.8.210.16, server: example.org, request: "GET /files/static/css/app.2991abc4.css HTTP/2.0", upstream: "http://172.20.0.4:8080/static/css/app.2991abc4.css", host: "example.org", referrer: "https://example.org/files/" webservices-webserver-1 | 2023/07/26 12:50:17 [warn] 21#21: *1 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/3/00/0000000003 while reading upstream, client: 89.8.210.16, server: example.org, request: "GET /files/static/js/app.8ca2bdf9.js HTTP/2.0", upstream: "http://172.20.0.4:8080/static/js/app.8ca2bdf9.js", host: "example.org", referrer: "https://example.org/files/" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:17 +0000] "GET /files/static/css/app.2991abc4.css HTTP/2.0" 200 50042 "https://example.org/files/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:17 +0000] "GET /files/static/css/chunk-vendors.e9e545fd.css HTTP/2.0" 200 7539 "https://example.org/files/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:17 +0000] "GET /files/static/js/chunk-vendors.0f8eac7b.js HTTP/2.0" 200 251297 "https://example.org/files/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:17 +0000] "GET /files/static/js/app.8ca2bdf9.js HTTP/2.0" 200 102234 "https://example.org/files/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:18 +0000] "GET /static/img/logo.svg HTTP/2.0" 404 153 "https://example.org/login?redirect=%2Ffiles%2Ffiles%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" webservices-webserver-1 | 2023/07/26 12:50:18 [error] 21#21: *1 open() "/srv/www/static/img/logo.svg" failed (2: No such file or directory), client: 89.8.210.16, server: example.org, request: "GET /static/img/logo.svg HTTP/2.0", host: "example.org", referrer: "https://example.org/login?redirect=%2Ffiles%2Ffiles%2F" webservices-webserver-1 | 2023/07/26 12:50:53 [error] 21#21: *1 open() "/srv/www/api/login" failed (2: No such file or directory), client: 89.8.210.16, server: example.org, request: "POST /api/login HTTP/2.0", host: "example.org", referrer: "https://example.org/login?redirect=%2Ffiles%2Ffiles%2F" webservices-webserver-1 | 89.8.210.16 - - [26/Jul/2023:12:50:53 +0000] "POST /api/login HTTP/2.0" 404 153 "https://example.org/login?redirect=%2Ffiles%2Ffiles%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" "-"
从日志能看出,登录后部分核心资源(比如/static/img/logo.svg、/api/login)没有被代理到FileBrowser服务,而是去请求Nginx的/srv/www静态文件目录了。我之前没加location /files/里的sub_filter等配置时连登录页都看不到,现在虽然能看到登录页,但登录请求根本没传到FileBrowser。
我试过调整FileBrowser配置里的baseURL和address字段,但没找到相关官方文档,也没解决问题;也尝试过用Nginx Proxy Manager,结果和手动配置的情况差不多。我刚接触Nginx和Web服务相关的内容,希望能得到大家的帮助,谢谢!
备注:内容来源于stack exchange,提问作者RobotusRex
