-
Notifications
You must be signed in to change notification settings - Fork 103
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
72 additions
and
104 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,110 +1,78 @@ | ||
| # 反向代理 gRPC 端口(支持 Cloudflare CDN) | ||
| *V0版本,不适用于V1版本* | ||
| 使用 Nginx 或者 Caddy 反向代理 gRPC | ||
|
|
||
| - Nginx 配置 | ||
|
|
||
| ```nginx | ||
| server { | ||
| listen 443 ssl http2; | ||
| listen [::]:443 ssl http2; | ||
| server_name data.example.com; # 你的 Agent 连接 Dashboard 的域名 | ||
| ssl_certificate /data/letsencrypt/fullchain.pem; # 你的域名证书路径 | ||
| ssl_certificate_key /data/letsencrypt/key.pem; # 你的域名私钥路径 | ||
| ssl_stapling on; | ||
| ssl_session_timeout 1d; | ||
| ssl_session_cache shared:SSL:10m; # 此项可能会和其他配置文件冲突,如冲突请注释此项 | ||
| ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; | ||
| underscores_in_headers on; | ||
| keepalive_time 24h; | ||
| keepalive_requests 100000; | ||
| keepalive_timeout 120s; | ||
| location / { | ||
| grpc_read_timeout 300s; | ||
| grpc_send_timeout 300s; | ||
| grpc_socket_keepalive on; | ||
| grpc_pass grpc://grpcservers; | ||
| # 反向代理 面板 | ||
|
|
||
| 新版本不再区分Dashboard、gRPC端口,只有默认的8008端口。 | ||
|
|
||
| - Nginx 配置 示例 | ||
| ```nginx | ||
| server { | ||
| listen 443 ssl http2; | ||
| listen [::]:443 ssl http2; | ||
| #http2 on; # Nginx > 1.25.1 就把上面的 http2去掉 保留这行 | ||
| server_name dashboard.nezha.example; | ||
| ssl_certificate /data/letsencrypt/fullchain.pem; # 你的域名证书路径 | ||
| ssl_certificate_key /data/letsencrypt/key.pem; # 你的域名私钥路径 | ||
| ssl_stapling on; | ||
| ssl_session_timeout 1d; | ||
| ssl_session_cache shared:SSL:10m; # 此项可能会和其他配置文件冲突,如冲突请注释此项 | ||
| ssl_protocols TLSv1.2 TLSv1.3; | ||
| underscores_in_headers on; | ||
| set_real_ip_from 0.0.0.0/0; # 修改为你的CDN回源IP地址段 | ||
| real_ip_header CF-Connecting-IP; # 修改为你的CDN提供的私有header,此处为CloudFlare默认的 | ||
| location ^~ /proto.NezhaService/ { | ||
| grpc_set_header Host $host; | ||
| grpc_set_header nz-realip $http_CF_Connecting_IP; # 修改为你的CDN提供的私有header,此处为CloudFlare默认的 | ||
| grpc_read_timeout 300s; | ||
| grpc_send_timeout 300s; | ||
| grpc_socket_keepalive on; | ||
| grpc_pass grpc://dashboard; | ||
| } | ||
| location / { | ||
| proxy_set_header Host $host; | ||
| proxy_set_header Origin https://$host; | ||
| proxy_set_header nz-realip $http_CF_Connecting_IP; # 修改为你的CDN提供的私有header,此处为CloudFlare默认的 | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection 'upgrade'; | ||
| proxy_read_timeout 3600s; | ||
| proxy_send_timeout 3600s; | ||
| proxy_pass http://dashboard; | ||
| } | ||
| } | ||
| } | ||
| upstream dashboard { | ||
| server localhost:8008; | ||
| keepalive 512; | ||
| } | ||
| ``` | ||
| upstream grpcservers { | ||
| server localhost:5555; | ||
| keepalive 512; | ||
| } | ||
| ``` | ||
| - Caddy 配置 示例 | ||
| - Caddy 配置 | ||
| ``` | ||
| dashboard.nezha.example { | ||
| @grpcProto { | ||
| path /proto.NezhaService/* | ||
| } | ||
| reverse_proxy @grpcProto { | ||
| header_up Host {host} | ||
| header_up nz-realip {http.CF-Connecting-IP} # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认的 | ||
| transport http { | ||
| versions h2c | ||
| read_buffer 4096 | ||
| } | ||
| to localhost:8008 | ||
| } | ||
| ``` | ||
| data.example.com:443 { # 你的 Agent 连接 Dashboard 的域名 | ||
| reverse_proxy { | ||
| to localhost:5555 | ||
| transport http { | ||
| versions h2c 2 | ||
| reverse_proxy { | ||
| header_up Host {host} | ||
| header_up Origin https://{host} | ||
| header_up nz-realip {http.CF-Connecting-IP} # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认的 | ||
| header_up Upgrade {http.upgrade} | ||
| header_up Connection "upgrade" | ||
| transport http { | ||
| read_buffer 16384 | ||
| } | ||
| to localhost:8008 | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| Dashboard 面板端配置 | ||
|
|
||
| - 首先登录面板进入管理后台 打开设置页面,在 `未接入CDN的面板服务器域名/IP` 中填入上一步在 Nginx 或 Caddy 中配置的域名 比如 `data.example.com` ,并保存。 | ||
| - 然后在面板服务器中,打开 /opt/nezha/dashboard/data/config.yaml 文件,将 `proxygrpcport` 修改为 Nginx 或 Caddy 监听的端口,比如上一步设置的 `443` ;因为我们在 Nginx 或 Caddy 中开启了 SSL/TLS,所以需要将 `tls` 设置为 `true` ;修改完成后重启面板。 | ||
|
|
||
| Agent 端配置 | ||
|
|
||
| - 登录面板管理后台,复制一键安装命令,在对应的服务器上面执行一键安装命令重新安装 agent 端即可。 | ||
|
|
||
| 开启 Cloudflare CDN(可选) | ||
|
|
||
| 根据 Cloudflare gRPC 的要求:gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。 | ||
| 所以如果需要开启 CDN,必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口,并配置证书(Caddy 会自动申请并配置证书)。 | ||
|
|
||
| - 登录 Cloudflare,选择使用的域名。打开 `网络` 选项将 `gRPC` 开关打开,打开 `DNS` 选项,找到 Nginx 或 Caddy 反代 gRPC 配置的域名的解析记录,打开橙色云启用 CDN。 | ||
|
|
||
| 开启`gRPC`后,可能不能立即可用,需要等待一段时间。具体可通过`curl`和使用`nezha-agent -d`来验证: | ||
| ```bash | ||
| localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v | ||
| * processing: https://xxx.xxx.ovh | ||
| * Trying [2606:4700:3035::ac43:8bed]:443... | ||
| * Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443 | ||
| # ... SSL info | ||
| * using HTTP/2 | ||
| * h2 [:method: GET] | ||
| * h2 [:scheme: https] | ||
| * h2 [:authority: xxx.xxx.ovh] | ||
| * h2 [:path: /] | ||
| * h2 [user-agent: curl/8.2.1] | ||
| * h2 [accept: */*] | ||
| * Using Stream ID: 1 | ||
| > GET / HTTP/2 | ||
| > Host: xxx.xxx.ovh | ||
| > User-Agent: curl/8.4.0 | ||
| > Accept: */* | ||
| > content-type: application/grpc+proto | ||
| > authorization: Bearer test | ||
| > | ||
| < HTTP/2 405 | ||
| < date: Wed, 20 Dec 2023 08:56:27 GMT | ||
| < content-type: application/grpc+proto | ||
| < cf-ray: 8386ac12dabd5ddc-HKG | ||
| < cf-cache-status: DYNAMIC | ||
| < grpc-message: Received a HEADERS frame with :method "GET" which should be POST | ||
| < grpc-status: 13 | ||
| < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800} | ||
| < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | ||
| < vary: Accept-Encoding | ||
| < server: cloudflare | ||
| < alt-svc: h3=":443"; ma=86400 | ||
| < | ||
| * Connection #0 to host xxx.xxx.ovh left intact | ||
| localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d | ||
| NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14 | ||
| NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # 需要修改主控端 /opt/nezha/dashboard/data/config.yaml的 GRPCHost 和 TLS 选项 | ||
| NEZHA@2023-12-20 05:14:01>> Error to close connection ... | ||
| ``` | ||
| ``` |