Detailed deployment tutorial for Lobechat, an open-source UI framework based on large language models.
This article was last updated 180 days ago. The information in it may have developed or changed. If it is invalid, please leave a message in the comment section.
Article Summary
为解决ChatGPT本地化部署需求及跨设备同步问题,选择Lobechat服务端数据库版作为开源大语言模型UI框架方案。该方案基于PostgreSQL实现向量数据库存储、MinIO提供S3兼容对象存储,并通过Logto或GitHub实现身份认证,支持多模态对话及知识库交互。部署过程中需配置5个域名、设置反向代理及CORS策略,重点解决Logto认证回调异常等配置问题。最终实现本地化大模型对话系统,适用于需数据隐私保护及多用户协作的企业场景,同时提供Docker部署及GitHub替代方案降低配置复杂度。
Qwen3-14B · 2026-06-18

Preface

For ChatGPT, I have been using the app version on Mac because it has a free daily usage quota, which is more than enough for a light user like me and it is difficult to exceed it.

However, when researching the AI plugin "AI Engine" for WordPress, I found that it only supports API usage and only supports the following providers:

image.png

After researching these providers for a while, I found that Azure's OpenAI could be used for free (the first month of initial registration gives a usage quota worth US$200, and then it is charged on demand every month, which means there is no charge if you don't use it), so I signed up for one.

Later on, I thought, while the free version of chatgtp is sufficient for basic use, I could use it extensively in the future, and Azure's OpenAI could be my primary tool (after all, there's no monthly fee, you pay as you go, and it's a great fit for a nerd like me). However, Azure's OpenAI only provides an API, without a client to directly use it, which is very inconvenient. How could I solve this problem? So I had to look for an open source large language model UI framework.

There are many open-source large language model UI frameworks: Hugging Face Transformers, DeepSpeed, FastChat, LangChain, GPT-NeoX, Lobehub, etc. Among them, Lobehub is the most suitable for general personal deployment because it has the following advantages:

1. Focus on simplifying on-premises deployments

AdvantageLobeHub emphasizes simplifying the deployment and use of large local language models, providing an easy-to-use graphical user interface (GUI) for developers and non-technical users. This makes LobeHub particularly suitable for users who prefer to control their data and models locally without relying on cloud services.

contrast: Although frameworks like Hugging Face and DeepSpeed are powerful, most of them require developers to have a strong technical background. They are more focused on model fine-tuning and training processes and provide less support for local deployment.

2. User-friendly graphical interface (GUI)

AdvantageLobeHub provides an intuitive user interface that allows non-technical personnel to easily run and manage models. This makes it more widely applicable and lowers the barrier to entry for using large language models.

contrastWhile tools like Hugging Face Transformers and GPT-NeoX rely heavily on command lines and APIs, they are powerful but require some programming and configuration skills. LobeHub, on the other hand, is attractive to users who don't want to delve into code.

3. Plugin and modular design

AdvantageLobeHub supports plug-in and modular extensions, which means users can easily add or remove functionality based on their needs. Its flexible design allows for easier integration of custom models and tools.

contrastLangChain provides strong capabilities for integrating external tools and data, but it focuses more on complex workflows and multi-step reasoning. LobeHub is more suitable for simple model interaction and expansion.

4. Local operation, data privacy

AdvantageLobeHub allows users to deploy and run large language models locally, ensuring complete data control and privacy. It is an ideal choice for applications where sensitive data is not suitable for uploading to the cloud.

contrast: Frameworks such as Hugging Face and OpenAI usually rely on cloud services, while LobeHub is suitable for users who need to process data locally, especially in enterprise or privacy-critical scenarios.

5. Simplify model fine-tuning

AdvantageLobeHub allows users to fine-tune and customize existing large language models, making them more suitable for specific business scenarios. The fine-tuning process is relatively simple in LobeHub, making it suitable for users without a deep learning background.

contrastDeepSpeed and GPT-NeoX also support large-scale model training and fine-tuning, but these frameworks are primarily targeted at users with high computing resources and deep learning knowledge. LobeHub focuses on reducing the complexity of fine-tuning and attracting a wider user base.

6. Support multiple interaction modes

AdvantageLobeHub not only provides a web interface, but also supports a command-line interface (CLI) and API calls, flexibly adapting to different development scenarios and user needs. Both technical personnel and ordinary users can interact with the large language model in a way that suits them.

contrast: Although frameworks such as Hugging Face and LangChain support multiple integration methods, their interaction methods mainly rely on programming interfaces and have less GUI support.

7. Performance Optimization

Advantage: LobeHub has been performance-optimized for local operating environments, supports GPU acceleration, and can intelligently adjust the model's operation mode based on system resources to ensure efficient inference, making it suitable for scenarios with limited resources.

contrastFrameworks like DeepSpeed excel at distributed computing and large-scale model training, but they rely on high-performance hardware resources. LobeHub is more suitable for individual users or small teams, enabling relatively efficient model inference on local devices.

8. Community-driven and open source extensions

AdvantageLobeHub is an open source project, supported by the open source community. Developers can share plugins, extensions, and solutions, and perform custom development. The active community provides strong technical support and resources.

contrastHugging Face also has an active community and a large model library, but focuses more on the cloud ecosystem. LobeHub focuses on local solutions and provides convenient plug-in expansion.

The biggest advantages of LobeHub are its ease of use, data privacy, local deployment, and graphical interface.andLobeHub is particularly suitable for users who want to run and manage large language models locally but do not want to spend a lot of effort on model configuration and maintenance. Compared with more specialized and technology-oriented frameworks such as Hugging Face, DeepSpeed, and LangChain, LobeHub is more suitable for individual users and small and medium-sized enterprises that do not have deep learning knowledge but want to quickly use large models.

Therefore, I chose LobeHub as my open source large language model UI framework, and the protagonist of this article, "Lobechat", is a specific application developed using the LobeHub framework: focusing on implementing a dialogue system based on a large language model (official website introduction:https://lobehub.com/zh/docs/usage/startThrough LobeChat, users can interact directly with language model providers supported by Lobechat through the API, which is similar to how the chatgpt local client is used (except that chatgpt has been bundled with OpenAI's API).

Prerequisite knowledge

Lobechat server database version and local deployment version

LobeChat is available in two versions: a server-side database version and a local deployment version. The server-side database version is a database-based chatbot server that centrally stores and manages conversation history, user data, and configuration files. The local deployment version is essentially a simple Docker container that doesn't require a database; all data is stored locally on the client.

Compared with the local deployment version, the server-side database version has more powerful functions and is particularly suitable for large-scale application scenarios. The main differences between the two are as follows:

LobeChat Server Database Edition:

  1. Data storage and management:

• Rely on a database (such as PostgreSQL, MySQL, etc.) to store conversation records, user information, logs, and configurations.
• Supports multi-user and multi-tenant management, suitable for enterprises or developer teams.
• Provides persistent data storage and advanced query capabilities, suitable for analysis and statistics.

  1. Object storage support:

• An S3-compatible object storage (such as MinIO or AWS S3) is required to manage uploaded files, model configurations, and static resources.
• Suitable for scenarios that require a large amount of storage space, such as file sharing, model storage, etc.

  1. Scalability and maintainability:

• The database version can be deployed in a hybrid manner with cloud services and local servers to support larger-scale application scenarios.
• Easy to back up, restore, and migrate data, suitable for systems that require long-term operation and maintenance.

  1. Applicable scenarios:

• Medium and large enterprises, SaaS application development.
• Projects that require complex authentication, permission management, and persistent data storage.

LobeChat On-Premises:

  1. Lightweight:

• No reliance on external databases or object stores; data is typically stored in the local file system.
• Suitable for small projects or personal use, not involving multi-tenancy or complex user management.

  1. Simple deployment:

• More lightweight, easier to install, and does not require complex database configuration or object storage.
• Faster deployment, suitable for short-term projects or experimental applications.

  1. Weak scalability:

• Due to the lack of database support, it is difficult to manage a large number of users, complex data, or perform data backup and analysis.
• Suitable for smaller applications with less data volume.

Simply put, if there is no need for cross-device access (such as mobile access and computer content synchronization), the local deployment version of Lobechat is theoretically sufficient. However, if you want to use it across devices and want to retain the chat context, or use it with multiple users, you can only choose the server-side database version.

In line with the spirit of "if there are difficulties, we must move on; if there are no difficulties, we must create difficulties and move on", of course I chose the server-side database version.

Introduction to server-side database components

PostgreSQL database

PostgreSQL is a powerful open-source relational database management system with high scalability and standard SQL support. It offers rich data types, concurrency, data integrity, security, and programmability, making it suitable for complex applications and large-scale data management.

In this article's deployment of the LobeChat server database version, since it supports file and knowledge base conversations, it's necessary to install the PGVector plug-in for the PostgreSQL database. (This plug-in provides vector search capabilities for Postgres and is a key component of LobeChat's RAG implementation.) In addition to LobeChat itself, this database is also used for user authentication related logto.

MinIo COS (Object Storage)

MinIO is a high-performance object storage system that is fully open source and compatible with the Amazon S3 API. It is designed to simplify large-scale data storage and management in private cloud, hybrid cloud and edge environments. Most importantly, it supports local deployment.

Since the Lobechat server database version requires S3 storage to support multimodal AI conversations (users may upload files, images, documents, etc. during chats), an available S3-compatible storage is required. The most convenient way is to use Minio to build one yourself (I use Cloudflare R2 as an image storage server and don't want to take up the precious 10GB free space~). Of course, other S3-compatible object storage can also be used. You can use whichever you like.

logto

Logto is an open-source identity and access management (IAM) platform designed to help developers easily integrate and manage user authentication, authorization, and single sign-on (SSO). It supports multiple authentication methods, including standard protocols like OAuth 2.0 and OIDC (OpenID Connect), simplifying the process of adding user authentication to applications.

lobeChat recommends using nextauth: a flexible and powerful authentication library that supports multiple authentication methods, including OAuth, email login, credential login, etc. It can support multiple IdPs (identity providers, such as Google, GitHub, Email, etc., and can also include custom solutions such as logto). This article will use the local deployment method of logot (in fact, logot also has a SaaS-type online service, but I saw that there was a lot of information to fill in, so I didn’t bother with it. It seems that there is also a free version suitable for individuals. If you are interested, you can try it).

Note: You can also use authentication methods such as auth0, Azure AD, Authentik, and zitadel.

Deploy lobechat

Preparation

Prepare 5 domain names:

  • lobe.tangwudi.com is used to access lobechat
  • lobe-s3-ui.tangwudi.com and lobe-s3-api.tangwudi.com are used to access the webUI and API calls of self-built minio object storage respectively.
  • lobe-auth-ui.tangwudi.com and lobe-auth-api.tangwudi.com are used to access the logto webUI and API calls respectively

Note: Please determine the domain name based on your actual situation.

Create and enter the working directory

mkdir -p /docker/lebohub cd /docker/lebohub

Note: Please modify the path according to your actual environment.

Configuration file comments

The official docker-compose.yml file has many configuration options and a dedicated ".env" environment variable file. To make it easier for those who are not familiar with it to understand, I have integrated the parameters of the ".env" file into docker-compose.yml and added comments. The annotated version can be used directly (just replace the relevant parameters according to the actual environment).
docker-compose.yml:

services: # Deploy the postgres database postgresql: image: pgvector/pgvector:pg16 # Image address container_name: lobe-postgres # Container name (both logto and lobechat need to use the container name to call the database) ports: - '5432:5432' # Map the host port (left) to the same port inside the container. The host port can be modified as needed. In addition to "ports", if you are deploying on a VPS and using a public network address for back-to-origin, you can use "expose" instead. volumes: - './data:/var/lib/postgresql/data' # Define the mount directory of the host (: left) environment: - 'POSTGRES_DB=lobe' - 'POSTGRES_PASSWORD=password' # Can be modified as needed, these two items need to be referenced in the lobe below healthcheck: test: ['CMD-SHELL', 'pg_isready -U postgres'] # Database health check interval: 5s timeout: 5s retries: 5 restart: always # The container remains open # Deploy minio, this part is not necessary. If other S3-compatible object storage is used or there is an existing minio, you only need to set it in the parameters when deploying lobechat at the end minio: image: minio/minio # Mirror address container_name: lobe-minio # Container name ports: - '9000:9000' - '9001:9001' # Map the host port (left) to the same port inside the container. The host port can be modified as needed volumes: - './s3_data:/etc/minio/data' # Define the host's mount directory (:left) environment: - 'MINIO_ROOT_USER=root' # Minio's root user name, which can be modified as needed - 'MINIO_ROOT_PASSWORD=password' # Minio's root user password, which can be modified as needed - 'MINIO_DOMAIN=lobe-s3-api.tangwudi.com' # Define minio's API call address - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.tangwudi.com' # Configure CORS access rights for lobechat's address restart: always # The container remains open command: > server /etc/minio/data --address ":9000" --console-address ":9001" # Deploy logto. This part is not necessary. If other authentication methods are used, you only need to set it in the parameters when deploying lobechat at the end logto: image: svhd/logto # Mirror address container_name: lobe-logto # Container name ports: - '3001:3001' # logto api - '3002:3002' # logto ui depends_on: # Specify the dependencies for starting the logto container. Here, it means that service postgresql needs to be started first postgresql: condition: service_healthy # The prerequisite for starting the logto container is that the postgresql container passes the health check, which is equivalent to adding a condition environment: - in addition to starting postgresql first. 'TRUST_PROXY_HEADER=1' - 'DB_URL=postgresql://postgres:password@lobe-postgres:5432/logto' # Set the database address URL. Note that 5432 here is the internal port of the container. - 'ENDPOINT=https://lobe-auth-api.tangwudi.com' # Set the address of the logto api - 'ADMIN_ENDPOINT=https://lobe-auth-ui.tangwudi.com' # Set the address of the logto ui entrypoint: ['sh', '-c', 'npm run cli db seed -- --swe && npm start'] # Initialize the database for logto # Deploy lobechat lobe: image: lobehub/lobe-chat-database # Mirror address container_name: lobe-database # Container name ports: - '3210:3210' # Map the host port (left) to the same port inside the container. The host port can be modified as needed in the environment: # The specific address of the lobechat link database - 'DATABASE_URL=postgresql://postgres:password@lobe-postgres:5432/lobe' - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' # Database key - 'APP_URL=https://lobe.tangwudi.com/' # Required LobeChat domain name, used for tRPC calls, please ensure that this domain name is in the CORS whitelist of your NextAuth authentication service provider and S3 service provider - 'NEXT_AUTH_SSO_PROVIDERS=logto' # Required. Specifies the authentication service provider. Logto is used as an example. - 'NEXT_AUTH_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' # Required. The key used for NextAuth can be generated using openssl rand -base64 32. - 'NEXTAUTH_URL=https://lobe.tangwudi.com/api/auth' # Required. The URL of NextAuth, used for NextAuth callback. - 'LOGTO_ISSUER=https://lobe-auth-api.tangwudi.com/oidc' # Specifies the "authorization server address" of the Logto Identity Provider (IdP). - 'LOGTO_CLIENT_ID=xxxxxxxxx' # You need to log in to Logto and create an application to obtain this. - 'LOGTO_CLIENT_SECRET=1IuPFNm08E5pdEk1Fd7OQWbmw05GM53n' # Same as above - 'S3_ENDPOINT=https://lobe-s3-api.tangwudi.com' # Required, S3 Endpoint, used by the server/client to connect to the S3 API - 'S3_BUCKET=lobe' # Required, S3 Bucket, invalid until manually created in the MinIO UI - 'S3_PUBLIC_DOMAIN=https://lobe-s3-api.tangwudi.com' # Required, S3 Public Domain, used by clients to access unstructured data through public connections - 'S3_ACCESS_KEY_ID=xxxxxxxxxx' # Need to be manually created after logging in to minio - 'S3_SECRET_ACCESS_KEY=xxxxxxxxxxxx' # Same as above - 'S3_ENABLE_PATH_STYLE=1' # For mainstream S3 Cloud service providers, generally fill in 0; for self-deployed MinIO, please fill in 1 depends_on: # Specify the dependency relationship of lobe startup, which needs to be started after the other three services are started - postgresql - minio - logto restart: always # The container remains open volumes: data: driver: local s3_data: driver: local

Note 1: Some parameters in the logto or S3 part of the file, if self-built (logto and minio), need to be set in the corresponding UI after the application is pulled up. Therefore, the database version of the Lobechat server cannot be set up by pulling up all applications with "docker-compose up -d" at one time. After pulling up all applications for the first time, you need to set up some applications to obtain these parameters and complete them. Then, use the "docker-compose down && docker-compose up -d" command again to officially deploy. Therefore, you need to run the "docker-compose up -d" command at least twice.

Note 2: Before officially starting the deployment, you need to complete the following preparations related to the five domain names:

  • 1. Complete the resolution of 5 domain names
  • 2. According to the corresponding ports of each component on the host machine in the docker-compose.yml configuration file, configure the reverse proxy to ensure that the following URLs are available:
https://lobe.tangwudi.com --> http://lobe-database:3210 https://lobe-s3-ui.tangwudi.com/ --> http://lobe-minio:9001 https://lobe-s3-api.tangwudi.com --> http://lobe-minio:9000 https://lobe-auth-ui.tangwudi.com/.tangwudi.com --> http://lobe-logto:3002 https://lobe-auth-api.tangwudi.com --> http://lobe-logto:3001

Note 3: The reverse proxy settings need to be configured according to the reverse proxy software you are used to. If you use NPM or Baota panel to configure the reverse proxy, you can refer to my previous article:Docker series uses Docker to build its own reverse proxy based on NPMas well asLinux panel series configure reverse proxy and use non-443 port for publishing.

Note 4: If you use CloudFlare Tunnel to build a website, it will be much more convenient. You can directly configure it in the "Public hostnames" section of the corresponding tunnel. For detailed configuration steps, please refer to the article:The home data center series uses tunnel technology to allow home broadband without public IP to use cloudflare for free to quickly build a website (recommended)However, using the Cloudflare tunnel method also has its risks. It is impossible to configure the behavior of Cloudflare when returning to the source (unlike nginx's reverse proxy, which can be configured with many options), which may cause logto to work abnormally (in this case, perhaps adding nginx as a reverse proxy? Forget it, too much trouble).

Official deployment

Pull up all apps

cd /docker/lobehub vim docker-compose.yml # Paste the configuration file contents in the previous section and save it docker-compose up -d # to start all applications

Note: Please delete the comments after "#" in the above content.

Normally, all containers should be in normal status:

image.png

Setting up logto and minio

logto

Use Linkshttps://lobe-auth-ui.tangwudi.comLog in to logto. You need to create an administrator account for the first login:

image.png

image.png

You can set the language in the upper right corner:
image.png

image.png

Create a Next.js application:
image.png

Note the content in the red box below:
image.png

The code for the redirect URIs section is as follows. Please replace the domain name with your actual lobechat domain name:

https://lobe.tangwudi.com/api/auth/callback/logto

In the following figure, record the contents of "Application ID" and "App secrets" and fill them in the docker-compose.yml file later:

image.png

minio

usehttps://lobe-s3-ui.tangwudi.com/Log in to minio:

image.png

The configuration is as shown in the following picture:
image.png

image.png

image.png

image.png

image.png

The access policy in the preceding figure is as follows (assuming the bucket name is "lobe"; if it is another name, please replace it with your own):

{ "Statement": [ { "Effect": "Allow", "Principal": { "AWS": ["*"] }, "Action": ["s3:GetBucketLocation"], "Resource": ["arn:aws:s3:::lobe"] }, { "Effect": "Allow", "Principal": { "AWS": ["*"] }, "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::lobe"], "Condition": { "StringEquals": { "s3:prefix": ["files/*"] } } }, { "Effect": "Allow", "Principal": { "AWS": ["*"] }, "Action": ["s3:PutObject", "s3:DeleteObject", "s3:GetObject"], "Resource": ["arn:aws:s3:::lobe/files/**"] } ], "Version": "2012-10-17" }

Next, create the minio API key:

image.png

Just click "Create" to create:
image.png

Record the Access Key and Secret Key contents in the figure below during actual operation:
image.png

Redeploy

Delete the previous Stacks, fill in the lobechat-database part in docker-compose.yml with the S3 and logto related content obtained earlier, and use the complete docker-compose.yml file to re-pull all applications:

docker-compose down docker-compose up -d

Use the following command to check the lobechat status:

docker logs -f lobe-database

The following display indicates normal startup:

image.png


For more deployment scenarios, please refer to the official documentation:https://lobehub.com/zh/docs/self-hosting/startAlthough there are many pitfalls, it is still quite detailed and can be used as a reference.


Additional content 1: Using github instead of logto

Logto has quite a few configuration options, and deployment requires the use of a reverse proxy. Improper configuration can lead to access issues (for example, failing to add the "proxy_set_header X-Forwarded-Proto https;" setting to the Nginx reverse proxy). For those who use Logto for their own use, spending too much time and effort configuring Logto isn't cost-effective, so we've also added the requirement to use GitHub for authentication (assuming you have a GitHub account, of course).

For detailed steps on setting up GitHub, see the graphic tutorial below.

First click on the link to start adding the GitHub app:https://github.com/settings/apps/new

image.png

image.png

image.png

image.png

Create a client secret:
image.png

image.png

Remember the Client ID and Client ID contents in the red box in the figure below. You need to add the two parameters "GITHUB_CLIENT_ID" and "GITHUB_CLIENT_SECRET" to the lobechat-database section in docker-compose.yml:
image.png

Then, as before, configure minio first, obtain the values of "S3_ACCESS_KEY_ID" and "S3_SECRET_ACCESS_KEY", and also complete the corresponding parameters of lobechat-database in the docker-compose.yml file.

The final complete docker-compose.yml content is as follows:

services: # Deploy the PostgreSQL database postgresql: image: pgvector/pgvector:pg16 # Image address container_name: lobe-postgres # Container name. Both logto and lobechat need to use the container name to call the database. expose: - '5432' # Map the host port (left) to the same port inside the container. The host port can be modified as needed. In addition to "ports", if you are deploying on a VPS and using a public network address for back-to-origin, you can use "expose" instead. volumes: - './data:/var/lib/postgresql/data' # Define the mount directory of the host (: left) environment: - 'POSTGRES_DB=lobe' - 'POSTGRES_PASSWORD=password' # Can be modified as needed, these two items need to be referenced in the lobe below healthcheck: test: ['CMD-SHELL', 'pg_isready -U postgres'] # Database health check interval: 5s timeout: 5s retries: 5 restart: always # The container remains open # Deploy minio, this part is not necessary. If you use other S3-compatible object storage or have an existing minio, you only need to set it in the ".env" file minio: image: minio/minio # Mirror address container_name: lobe-minio # Container name ports: - '9000:9000' - '9001:9001' # Map the host port (left) to the same port inside the container. The host port can be modified as needed volumes: - './s3_data:/etc/minio/data' # Define the host's mount directory (:left) environment: - 'MINIO_ROOT_USER=root' # minio's root username, can be modified as needed - 'MINIO_ROOT_PASSWORD=password' # minio's root user password, can be modified as needed - 'MINIO_DOMAIN=lobe-s3-api.tangwudi.com' - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.tangwudi.com' # Configure CORS access rights for lobechat's address restart: always # The container remains open command: > server /etc/minio/data --address ":9000" --console-address ":9001" # Deploy lobechat server database version lobe: image: lobehub/lobe-chat-database # Mirror address container_name: lobe-database # Container name ports: - '3210:3210' # Map the host port (left) to the same port inside the container. The host port can be modified as neededenvironment: - 'DATABASE_URL=postgresql://postgres:password@lobe-postgres:5432/lobe' - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' - 'APP_URL=https://lobe.tangwudi.com/' # Required LobeChat Domain name, used for tRPC calls. Please ensure that this domain name is in the CORS whitelist of your NextAuth authentication service provider and S3 service provider. - 'NEXT_AUTH_SSO_PROVIDERS=github' # Required. Specify the authentication service provider. Here, change it to github. - 'NEXT_AUTH_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ=' # Required. The key used for NextAuth can be generated using openssl rand -base64 32. - 'NEXTAUTH_URL=https://lobe.tangwudi.com/api/auth' # Required. NextAuth URL, used for NextAuth callback. - 'GITHUB_CLIENT_ID=xxxx' # The content of the GITHUB_CLIENT_ID obtained earlier. - 'GITHUB_CLIENT_SECRET=xxxxx' # The content of GITHUB_CLIENT_SECRET obtained above - 'S3_ENDPOINT=https://lobe-s3-api.tangwudi.com' # Required, S3 Endpoint, used by the server/client to connect to the S3 API - 'S3_BUCKET=lobe' # Required, S3 Bucket, which is invalid until it is manually created in the MinIO UI - 'S3_PUBLIC_DOMAIN=https://lobe-s3-api.tangwudi.com' # Required, S3 Public Domain, used by clients to access unstructured data through public connections - 'S3_ACCESS_KEY_ID=xxxxxxxxxx' - 'S3_SECRET_ACCESS_KEY=xxxxxxxxxxxx' - 'S3_ENABLE_PATH_STYLE=1' # For mainstream S3 Cloud service providers, generally fill in 0; for self-deployed MinIO, please fill in 1 depends_on: # Specifies the dependency of lobe startup, which needs to be started after the other 3 services are started - postgresql - minio restart: always # The container remains open volumes: data: driver: local s3_data: driver: local

Note: You still need to run "docker-compose up -d" twice. However, if you are using a third-party object storage provider, such as CloudFlare R2, and you are using third-party authentication via GitHub, you only need to fill in the relevant parameters and run the "docker-compose up -d" command once.

Additional content 2: docker run deployment

Originally, for this kind of project with multiple related containers, it is most convenient to deploy it using docker-compose. However, separate deployment also has its advantages. This makes it easier to maintain a container separately when needed, and it is also convenient for troubleshooting when there are problems with the deployment. So I will post the docker run format command for each container for your convenience when needed.

Create a working directory:

mkdir -p /docker/lobehub cd /docker/lobehub mkdir -p postgres/data mkdir s3_data

Create a docker network:

docker network create public-net

postgres:

docker run --name lobe-postgres -d --restart=always --net=public-net \ -e POSTGRES_DB=lobe \ -e POSTGRES_PASSWORD=password \ -p 5432:5432 \ -v /docker/lobehub/postgres/data:/var/lib/postgresql/data \ pgvector/pgvector:pg16

logto:

docker run --name lobe-logto -d --restart=always --net=public-net \ -e POSTGRES_PASSWORD=password \ -p 3001:3001 \ -p 3002:3002 \ -e TRUST_PROXY_HEADER=1 \ -e DB_URL=postgresql://postgres:password@lobe-postgres:5432/logto \ -e ENDPOINT=https://lobe-auth-api.tangwudi.com \ -e ADMIN_ENDPOINT=https://lobe-auth-ui.tangwudi.com \ --entrypoint sh \ svhd/logto -c 'npm run cli db seed -- --swe && npm start'

minio:

docker run --name lobe-minio -d --restart=always --net=public-net \ -p 9000:9000 \ -p 9001:9001 \ -v /docker/lobehub/s3_data:/etc/minio/data \ -e MINIO_ROOT_USER=root \ -e MINIO_ROOT_PASSWORD=password \ -e MINIO_DOMAIN=lobe-s3-api.tangwudi.com \ -e MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.tangwudi.com \ --restart always \ minio/minio server /etc/minio/data --address ":9000" --console-address ":9001"

lobechat-database:

docker run --name lobe-database -d --restart=always --net=public-net \ -p 3210:3210 \ -e DATABASE_URL=postgresql://postgres:password@lobe-postgres:5432/lobe \ -e KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= \ -e APP_URL=https://lobe.tangwudi.com/ \ -e NEXT_AUTH_SSO_PROVIDERS=logto \ -e NEXT_AUTH_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ= \ -e NEXTAUTH_URL=https://lobe.tangwudi.com/api/auth \ -e logging --env-file .env\lobehub/lobe-chat-database

By the way, I will also post the command of the local deployment version of lobechat. This is basically enough for friends who don’t want to bother and only use it locally:

docker run --name lobe-chat -d --restart=always \ -p 3210:3210 \ -e ACCESS_CODE=xxx \ lobehub/lobe-chat

Other configurations can be set directly in the local deployment version of lobechat.

lobechat basic settings

Log in using the lobechat domain name

Use addresshttps://lobe.tangwudi.comLog in to lobechat:

image.png

image.png

Then follow the normal process to register and log in:
image.png

If you are using GitHub for authentication, you need to manually confirm:
image.png

Note 1: If WAF is used and anti-hotlink policies are deployed, you need to setgithub.com"Add to access whitelist.

Note 2: If using logto and minio, pay attention to the CORS-related settings of these two.

Change the display language

Follow the steps below to modify:

image.png

image.png

image.png

Configuring the language model

Lobechat supports multiple language models:

image.png

image.png

image.png

Take Azure OpenAI as an example:
image.png

image.png

Other common content at a glance

System Assistant:

image.png

Session:
image.png

document:
image.png

Discover:
image.png

The above is just an introduction to the most basic interface of Lobechat. In fact, there are many more details in it. I have just installed it and have not officially used it yet, so I am not clear about the details. After I use it for a while, I will see whether I should write an article specifically about the use of Lobechat.

Summarize

There were many pitfalls in this deployment, especially logto. If you're unlucky, you'll encounter a bunch of inexplicable problems (such as internal errors when logging in, unable to create a Next.js application when it goes in circles, etc., anyway, all kinds of bug reports on GitHub~). It feels like most of my time was spent on this (because the relevant links must be https, the reverse proxy configuration is involved). I also encountered a strange problem that logto would report an error and exit as soon as the lobechat-database container was started. After all the trouble, I don't know how I fixed it.

Essentially, Lobechat's server-side database authentication sends the login request to a third-party authentication service for verification. After verification, the third-party authentication service sends the access request back to Lobechat. If improperly configured, the request will either fail (due to improperly configured CORS policies) or fail to return (due to interception by anti-hotlink policies). These are the two most common scenarios. Keep this in mind when troubleshooting.


For example, I failed to authenticate using GitHub. Later, I found that the anti-hotlink policy I set on Cloudflare WAF directly caused GitHub to be blocked by WAF during callback:

image.png

Then, in the anti-hotlink settings, add the request whose referer contains the "github.com" field to the anti-hotlink whitelist.


Finally, I suggest simplifying the components that need to be deployed as much as possible. For example, use a third-party S3 object storage (such as Cloudflare R2, Amazon's S3), and use your own most suitable third-party IdP (such as GitHub) for authentication. In this way, the only components that need to be deployed locally are the Postgres database and Lobechat, and the chance of problems will be greatly reduced.

In the comments section, a friend posted a flowchart of an article drawn with AI. It’s very interesting. I stole the picture and posted it here:

image.png

📌 Content Structure Hints:
This content belongs to "AI Learning MapThis is part of the document; you can view the full content path here: AI Learning Map .
View related categories · 3 matches
📎 Related Articles
Share this article
All blog content is original; please indicate the source when reprinting! The blog's RSS address is:https://blog.tangwudi.com/feed, welcome to subscribe; if necessary, you can joinTelegram GroupDiscuss the problem together.

Comments

  1. jm
    Macintosh Edge 133.0.0.0
    Edited
    1 year ago
    2025-2-25 16:36:11

    If you first command to deploy minio and then yml, the adjustment will be much clearer, and you don’t need to deploy yml twice

    • Owner
      jm
      iPhone Chrome 133.0.6943.120
      1 year ago
      2025-2-25 17:11:06

      Isn't there a copy button in the upper right corner of the code?

  2. aling
    iPhone Chrome 124.0.6367.111
    2 years ago
    2024-11-03 17:28:31

    The blogger's website design is very popular with me. May I ask what technology or templates are used?

  3. aling
    iPhone Chrome 124.0.6367.111
    2 years ago
    2024-11-03 17:27:26

    An enlightening article after 48 hours of isolation due to problems with my self-built lobehube

    • Owner
      aling
      Macintosh Chrome 130.0.0.0
      2 years ago
      2024-11-03 20:24:51

      The deployment of the Lobechat server database version is actually not complicated, but there are too many options. If you choose the most suitable option right away, it is actually very simple. The official deployment tutorial involves too many scenarios and it is easy to confuse people.

  4. Ergou
    Windows Edge 129.0.0.0
    2 years ago
    2024-9-23 17:55:05



    Show Image



    Change the picture

    • Owner
      Ergou
      Macintosh Chrome 128.0.0.0
      2 years ago
      2024-9-23 19:58:45

      Sure, sure. This is also on the list of practical technologies I plan to study later.

  5. Ergou
    Windows Edge 129.0.0.0
    2 years ago
    2024-9-23 17:51:59



    Show Image



    I drew your article with ai, the effect is OK

    • Owner
      Ergou
      Macintosh Chrome 128.0.0.0
      2 years ago
      2024-9-23 19:57:32

      This feature is good.

    • Owner
      Ergou
      Macintosh Chrome 128.0.0.0
      2 years ago
      2024-9-23 20:19:16

      I'll steal your picture and put it in the article.

Send Comment Edit Comment


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠(ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ°Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
Emoticons
Emoji
Little Dinosaur
flower!
Previous
Next
       

👋 Welcome to "Invincible Personal Blog"“

This section will focus on long-term exploration in the following areas:

🧱 Building Personal Digital Infrastructure and Blog Systems
☁️ Cloudflare and Network Architecture Practices
🧠 Exploring AI and Knowledge Systems
🛡️ Network security and access optimization
🎵 Music and Sound Cognition
👁️ Cognitive Perspective and Worldview