[Bug] Need help for nginx proxy, about Minio page load error

[crackself]

Describe the bug
run AppFlowy-Cloud in docker (without nginx container), run nginx in host. export minio,appflowy_cloud, gotrue, and admin_frontend ports，configrated nginx web server. everything work ,but Minio Web load error (both PgAdmin and Portainer web load and login fine)

App Client work fine
Windows and Android App can login and sync

To Reproduce
Steps to reproduce the behavior:

1. modify docker-compose.yml, .env, host's /etc/nginx/nginx.conf, /etc/nginx/nginx.conf/sites-enabled/not.conf
   .env changed: API_EXTERNAL_URL=https://mydomain/gotrue
   docker-compose.yml changed: add bind diffrent host ports to minio,appflowy_cloud, gotrue, and admin_frontend, and change them in nginx server proxy_pass
   nginx changed: use host applicantion, add configration files:

/etc/nginx/nginx.conf:

user http;
worker_processes auto;
worker_cpu_affinity auto;
events {
   multi_accept on;
   worker_connections 1024;
}
http {
   charset utf-8;
   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   server_tokens off;
   log_not_found off;
   types_hash_max_size 4096;
   client_max_body_size 16M;
   # MIME
   include mime.types;
   default_type application/octet-stream;
   # logging
   #access_log /var/log/nginx/access.log;
   #error_log /var/log/nginx/error.log warn;
   error_log /dev/null   crit;
   # load configs
   #include /etc/nginx/conf.d/*.conf;

   # appflowy-cloud
   map $http_upgrade $connection_upgrade {
          default upgrade;
          ''      close;
       }
    map $http_origin $cors_origin {
        # AppFlowy Web origin
        "~^http://localhost:3000$" $http_origin;
        default "null";
    }
    # appflowy-cloud

   # sites
   include /etc/nginx/sites-enabled/note.conf;
}

/etc/nginx/sites-enabled/note.conf:

server {
	listen       443 ssl;
	# listen       [::]:443 ssl;
	http2        on;
	# listen       80;
	server_name  note.blfs.top;

        ssl_certificate "/etc/nginx/ssl/blfs.top/cert.pem";
        ssl_certificate_key "/etc/nginx/ssl/blfs.top/key.pem";

        ssl_prefer_server_ciphers on;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        keepalive_timeout   70;
        ssl_session_timeout 10m;
        ssl_session_tickets on;
        ssl_stapling        on;
        ssl_stapling_verify on;
        ssl_protocols TLSv1.2 TLSv1.3;

        underscores_in_headers on;
        # set $appflowy_web_origin "http://localhost:3000";
        # set $appflowy_cloud_backend "http://appflowy_cloud:8000";
        # set $gotrue_backend "http://gotrue:9999";
        # set $admin_frontend_backend "http://admin_frontend:3000";
        # set $appflowy_ai_backend "http://ai:5001";
        # set $minio_backend "http://minio:9001";
        # set $portainer_backend "http://portainer:9000";
        # set $pgadmin_backend "http://pgadmin:80";
        
        set $appflowy_web_origin "http://localhost:3000";
        set $appflowy_cloud_backend "http://localhost:8000";
        set $gotrue_backend "http://localhost:9999";
        set $admin_frontend_backend "http://localhost:3000";
        set $appflowy_ai_backend "http://localhost:5001";
        set $minio_backend "http://localhost:9001";
        set $portainer_backend "http://localhost:9000";
        set $pgadmin_backend "http://localhost:8081";

        # GoTrue
        location /gotrue/ {
            proxy_pass http://localhost:9999;

            rewrite ^/gotrue(/.*)$ $1 break;

            # Allow headers like redirect_to to be handed over to the gotrue
            # for correct redirecting
            proxy_set_header Host $http_host;
            proxy_pass_request_headers on;
        }

        # WebSocket
        location /ws {
            proxy_pass http://localhost:8000;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_read_timeout 86400;
        }

        # AppFlowy-Cloud
        location /api/chat {
            proxy_pass http://localhost:8000;

            proxy_http_version 1.1;
            proxy_set_header Connection "";
            chunked_transfer_encoding on;
            proxy_buffering off;
            proxy_cache off;

            proxy_read_timeout 600s;
            proxy_connect_timeout 600s;
            proxy_send_timeout 600s;
        }

        location /api/import {
            proxy_pass http://localhost:8000;

            # Set headers
            proxy_set_header X-Request-Id $request_id;
            proxy_set_header Host $http_host;

            # Handle CORS
            add_header 'Access-Control-Allow-Origin' $cors_origin always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept' always;
            add_header 'Access-Control-Max-Age' 3600 always;

            # Timeouts
            proxy_read_timeout 600s;
            proxy_connect_timeout 600s;
            proxy_send_timeout 600s;

            # Disable buffering for large file uploads
            proxy_request_buffering off;
            proxy_buffering off;
            proxy_cache off;
            client_max_body_size 2G;
        }

        location /api {
            proxy_pass http://localhost:8000;

            proxy_set_header X-Request-Id $request_id;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # Set CORS headers for other requests

            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' $cors_origin always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version' always;
                add_header 'Access-Control-Max-Age' 3600 always;
                return 204;
            }

            add_header 'Access-Control-Allow-Origin' $cors_origin always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version' always;
            add_header 'Access-Control-Max-Age' 3600 always;

            location ~* ^/api/workspace/([a-zA-Z0-9_-]+)/publish$ {
                proxy_pass $appflowy_cloud_backend;
                proxy_request_buffering off;
                client_max_body_size 256M;
            }
        }

        # AppFlowy AI
        location /ai {
            proxy_pass http://localhost:5001;
            proxy_set_header Host $host;
            proxy_pass_request_headers on;
        }

        # Minio Web UI
        # Derive from: https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html
        # Optional Module, comment this section if you are did not deploy minio in docker-compose.yml
        location /minio/ {
            proxy_pass http://localhost:9001;

            rewrite ^/minio/(.*) /$1 break;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-NginX-Proxy true;

            ## This is necessary to pass the correct IP to be hashed
            real_ip_header X-Real-IP;

            proxy_connect_timeout 300;

            ## To support websockets in MinIO versions released after January 2023
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
            # Uncomment the following line to set the Origin request to an empty string
            # proxy_set_header Origin '';

            chunked_transfer_encoding off;
        }

        # PgAdmin
        # Optional Module, comment this section if you are did not deploy pgadmin in docker-compose.yml
        location /pgadmin/ {
            set $pgadmin pgadmin;
            proxy_pass http://localhost:8081;

            proxy_set_header X-Script-Name /pgadmin;
            proxy_set_header X-Scheme $scheme;
            proxy_set_header Host $host;
            proxy_redirect off;
        }

        # Portainer
        # Optional Module, comment this section if you are did not deploy portainer in docker-compose.yml
        location /portainer/ {
            proxy_pass http://localhost:9000;
            rewrite ^/portainer/(.*) /$1 break;
        }

        # Admin Frontend
        # Optional Module, comment this section if you are did not deploy admin_frontend in docker-compose.yml
        location / {
            proxy_pass http://localhost:3000;

            proxy_set_header X-Scheme $scheme;
            proxy_set_header Host $host;
        }
}

2. docker compose up -d , systemctl restart nginx to run
3. login https://mydomain, go to https://mydomain/web/admin/home and test PgAdmin Minio Portainer web work statem, only Minio page(https://note.blfs.top/minio/) show blank, F12 get debug info
4. See error
   Chrome web F12 :

       Failed to load resource: the server responded with a status of 404 ()
Refused to apply style from 'https://mydomain/gotrue/minio/static/css/main.e60e4760.css' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

       Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
minio/:1 Refused to apply style from 'https://mydomain/gotrue/minio/styles/root-styles.css' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.Understand this errorAI
main.954ee255.js:1 
        
       Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
minio/:1 Refused to execute script from 'https://mydomain/gotrue/minio/static/js/main.954ee255.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.Understand this errorAI
Loader.svg:1 

       Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
manifest.json:1 
        
       Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
manifest.json:1 Manifest: Line: 1, column: 5, Unexpected data after root element.Understand this errorAI
minio/:1 Refused to apply style from 'https://mydomain/gotrue/minio/styles/root-styles.css' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.Understand this errorAI
minio/:1 Refused to apply style from 'https://mydomain/gotrue/minio/static/css/main.e60e4760.css' because its MIME type ('text/plain') is not a supported stylesheet MIME type, and strict MIME checking is enabled.Understand this errorAI
manifest.json:1 

       Failed to load resource: the server responded with a status of 404 ()

Docker logs about gotrue and mino:

{"component":"api","duration":97822,"level":"info","method":"GET","msg":"request completed","path":"/minio/static/css/main.e60e4760.css","referer":"appflowy-flutter://","remote_addr":"192.168.1.1","request_id":"e4fd8ee4-3d20-4750-9386-f7fdfa364797","status":404,"time":"2025-01-11T05:59:04Z"}
{"component":"api","duration":181181,"level":"info","method":"GET","msg":"request completed","path":"/minio/images/background.svg","referer":"appflowy-flutter://","remote_addr":"192.168.1.1","request_id":"a4f53271-a0bf-48fa-9558-88af81988401","status":404,"time":"2025-01-11T05:59:04Z"}
{"component":"api","duration":94020,"level":"info","method":"GET","msg":"request completed","path":"/minio/images/background-wave-orig2.svg","referer":"appflowy-flutter://","remote_addr":"192.168.1.1","request_id":"6137bc12-f3f4-49cf-a99a-93000d0fedff","status":404,"time":"2025-01-11T05:59:04Z"}
{"component":"api","duration":89965,"level":"info","method":"GET","msg":"request completed","path":"/minio/Loader.svg","referer":"appflowy-flutter://","remote_addr":"192.168.1.1","request_id":"142847fc-a956-4643-b011-88e5ec874bd8","status":404,"time":"2025-01-11T05:59:04Z"}

MinIO Object Storage Server
Copyright: 2015-2025 MinIO, Inc.
License: GNU AGPLv3 - https://www.gnu.org/licenses/agpl-3.0.html
Version: RELEASE.2024-12-18T13-15-44Z (go1.23.4 linux/amd64)

API: http://192.168.1.3:9000  http://127.0.0.1:9000
WebUI: http://192.168.100.3/gotrue/minio

Docs: https://docs.min.io
WARN: Detected default credentials 'minioadmin:minioadmin', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables

Screenshots

Expected behavior
Minio page show up login

Desktop (please complete the following information):

• OS: Server on ArchLinux X64
• Browser [chrome]
• Version [131.0.6778.140]

Additional context
debug-docker-compose.zip

[khorshuheng]

I believe I might have misconfigured this part:

AppFlowy-Cloud/docker-compose.yml

Line 20 in 527d91d

- MINIO_BROWSER_REDIRECT_URL=${API_EXTERNAL_URL}/minio

Can you replace API_EXTERNAL_URL with your domain?

[khorshuheng]

Will be fixed in #1154 .