宝塔面板（9.0.0）在域名部署下开启反代缓存会出现登陆会话管理问题

[cy948]

测试环境

宝塔 免费版 9.0.0
nginx 1.24.0
域名部署
cloudflare proxied / not

问题产生过程

• 宝塔开启缓存的默认配置

🚫 以下为经测试会引发风险的缓存配置留档，请勿使用。 | 🚫 The following is a documentation of caching configurations that have been tested to pose risks. Please do not use them.

    #GLOBAL-CACHE START  
    proxy_cache lobe_rd2_top_cache;
    proxy_cache_key $host$uri$is_args$args;
    proxy_ignore_headers Set-Cookie Cache-Control expires X-Accel-Expires;
    proxy_cache_valid 200 304 301 302 5m;
    proxy_cache_valid 404 1m;
    location ~ .*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$
    {
        expires 5m;
        error_log /dev/null;
        access_log /dev/null;
    }
    #GLOBAL-CACHE END

• 问题定位为 proxy_ignore_headers Set-Cookie Cache-Control expires X-Accel-Expires; 会造成 Cache 控制失效

• 在去除该行后，则会引发登陆后无法keep session的问题

    #GLOBAL-CACHE START  
    proxy_cache lobe_rd2_top_cache;
    proxy_cache_key $host$uri$is_args$args;
-    proxy_ignore_headers Set-Cookie Cache-Control expires X-Accel-Expires;
    proxy_cache_valid 200 304 301 302 5m;
    proxy_cache_valid 404 1m;
    location ~ .*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$
    {
        expires 5m;
        error_log /dev/null;
        access_log /dev/null;
    }
    #GLOBAL-CACHE END

• 因此为了不必要的风险，提醒所有此类面板都不要设置 Cache

Testing Environment

Baota Free Version 9.0.0
nginx 1.24.0
Domain Deployment
cloudflare proxied or not

Issue Generation Process

• Aa panel's default caching configuration is enabled.

🚫 The following is a documentation of caching configurations that have been tested to pose risks. Please do not use them. | 🚫 以下为经测试会引发风险的缓存配置留档，请勿使用。

    #GLOBAL-CACHE START  
    proxy_cache lobe_rd2_top_cache;
    proxy_cache_key $host$uri$is_args$args;
    proxy_ignore_headers Set-Cookie Cache-Control expires X-Accel-Expires;
    proxy_cache_valid 200 304 301 302 5m;
    proxy_cache_valid 404 1m;
    location ~ .*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$
    {
        expires 5m;
        error_log /dev/null;
        access_log /dev/null;
    }
    #GLOBAL-CACHE END

• The issue is identified as proxy_ignore_headers Set-Cookie Cache-Control expires X-Accel-Expires;, which causes cache control to fail.

• Removing this line leads to issues with session persistence after login.

    #GLOBAL-CACHE START  
    proxy_cache lobe_rd2_top_cache;
    proxy_cache_key $host$uri$is_args$args;
-    proxy_ignore_headers Set-Cookie Cache-Control expires X-Accel-Expires;
    proxy_cache_valid 200 304 301 302 5m;
    proxy_cache_valid 404 1m;
    location ~ .*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$
    {
        expires 5m;
        error_log /dev/null;
        access_log /dev/null;
    }
    #GLOBAL-CACHE END

• Therefore, to avoid unnecessary risks, all users of such panels are reminded not to set cache.

[Sun-drenched]

提示一下，服务器上使用各类面板部署/配置LobeChat，并出现缓存相关问题的都要自行检查一下反代缓存文件夹有没有文件以确定是否开启了缓存。
我在数月前使用1panel配置了LobeChat网站反代（并没有启用缓存），但在v1.51.4版本后出现了服务端缓存相关问题；后来尝试性清除OpenResty反代缓存后问题得以解决。后来发现是1penel的实现问题，网站中任意多添加一个反向代理时，OpenResty的配置中会自动添加 缓存相关配置（我也是过于相信面板了，之前检查到一个已关闭的23年底的issue报告了这个问题，就以为早就解决了；后来才查到1个24年初的issue也报告了这个问题，直到上个月才发布版本修复）