KJZH001/nezha-2023
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

反向代理 gRPC 端口(支持 Cloudflare CDN)

Browse Source
This commit is contained in:
Lemoe 2021-11-11 12:49:54 +08:00
parent 57e556eea1
commit 00c712116e
No known key found for this signature in database
GPG Key ID: 2570C7D85A4A74CA
9 changed files with 68 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@ -322,10 +322,10 @@ restart() {
</details> </details>
<details> <details>
<summary>Agent 连接 Dashboard 域名开启 Cloudflare CDN</summary> <summary>反向代理 gRPC 端口(支持 Cloudflare CDN</summary>
根据 Cloudflare gRPC 的要求gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。我们可以使用 nginx 反向代理 gRPC 并配置 SSL/TLS 证书。 使用 Nginx 或者 Caddy 反向代理 gRPC
- nginx 配置,比如 Agent 连接 Dashboard 的域名为 ip-to-dashboard.nai.ba为 nginx 添加如下配置,然后重新启动 nginx 或者重新加载配置文件。 - Nginx 配置
```nginx ```nginx
server { server {
@ -339,18 +339,44 @@ server {
underscores_in_headers on; underscores_in_headers on;
location / { location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_pass grpc://localhost:5555; grpc_pass grpc://localhost:5555;
} }
} }
``` ```
- Agent 端配置,编辑 `/etc/systemd/system/nezha-agent.service`,在 `ExecStart=` 这一行的末尾加上 `--tls`,然后重启 nezha-agent.service。例如 - Caddy 配置
```bash ```Caddyfile
ExecStart=/opt/nezha/agent/nezha-agent -s ip-to-dashboard.nai.ba:443 -p xxxxxx --tls ip-to-dashboard.nai.ba:443 {
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
``` ```
- 在 Cloudflare 中将对应的域名解析设置橙色云开启CDN并在网络选项中启用gRPC。
Dashboard 面板端配置
- 首先登录面板进入管理后台 打开设置页面,在 `未接入CDN的面板服务器域名/IP` 中填入上一步在 Nginx 或 Caddy 中配置的域名 比如 `ip-to-dashboard.nai.ba` ,并保存。
- 然后在面板服务器中,打开 /opt/nezha/dashboard/data/config.yaml 文件,将 `proxygrpcport` 修改为 Nginx 或 Caddy 监听的端口,比如上一步设置的 `443` ;因为我们在 Nginx 或 Caddy 中开启了 SSL/TLS所以需要将 `tls` 设置为 `true` ;修改完成后重启面板。
Agent 端配置
- 登录面板管理后台,复制一键安装命令,在对应的服务器上面执行一键安装命令重新安装 agent 端即可。
开启 Cloudflare CDN可选
根据 Cloudflare gRPC 的要求gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。
所以如果需要开启CDN必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口并配置证书Caddy 会自动申请并配置证书)。
- 登录 Cloudflare选择使用的域名。打开 `网络` 选项将 `gRPC` 开关打开,打开 `DNS` 选项,找到 Nginx 或 Caddy 反代 gRPC 配置的域名的解析记录打开橙色云启用CDN。
</details> </details>

2
cmd/agent/main.go
View File

@ -218,6 +218,8 @@ func doTask(task *pb.Task) {
handleCommandTask(task, &result) handleCommandTask(task, &result)
case model.TaskTypeUpgrade: case model.TaskTypeUpgrade:
handleUpgradeTask(task, &result) handleUpgradeTask(task, &result)
case model.TaskTypeKeepalive:
return
default: default:
println("不支持的任务:", task) println("不支持的任务:", task)
} }

1
cmd/dashboard/main.go
View File

@ -193,6 +193,7 @@ func main() {
go rpc.ServeRPC(dao.Conf.GRPCPort) go rpc.ServeRPC(dao.Conf.GRPCPort)
serviceSentinelDispatchBus := make(chan model.Monitor) serviceSentinelDispatchBus := make(chan model.Monitor)
go rpc.DispatchTask(serviceSentinelDispatchBus) go rpc.DispatchTask(serviceSentinelDispatchBus)
go rpc.DispatchKeepalive()
go dao.AlertSentinelStart() go dao.AlertSentinelStart()
dao.NewServiceSentinel(serviceSentinelDispatchBus) dao.NewServiceSentinel(serviceSentinelDispatchBus)
srv := controller.ServeWeb(dao.Conf.HTTPPort) srv := controller.ServeWeb(dao.Conf.HTTPPort)

14
cmd/dashboard/rpc/rpc.go
View File

@ -57,3 +57,17 @@ func DispatchTask(serviceSentinelDispatchBus <-chan model.Monitor) {
dao.SortedServerLock.RUnlock() dao.SortedServerLock.RUnlock()
} }
} }
func DispatchKeepalive() {
dao.Cron.AddFunc("@every 60s", func() {
dao.SortedServerLock.RLock()
defer dao.SortedServerLock.RUnlock()
for i := 0; i < len(dao.SortedServerList); i++ {
if dao.SortedServerList[i] == nil || dao.SortedServerList[i].TaskStream == nil || dao.SortedServerList[i].TaskStream.Context().Err() != nil {
continue
}
dao.SortedServerList[i].TaskStream.Send(&pb.Task{Type: model.TaskTypeKeepalive})
}
})
}

2
model/config.go
View File

@ -39,6 +39,8 @@ type Config struct {
GRPCPort uint GRPCPort uint
GRPCHost string GRPCHost string
EnableIPChangeNotification bool EnableIPChangeNotification bool
ProxyGRPCPort uint
TLS bool
// IP变更提醒 // IP变更提醒
Cover uint8 // 覆盖范围 Cover uint8 // 覆盖范围

1
model/monitor.go
View File

@ -17,6 +17,7 @@ const (
TaskTypeCommand TaskTypeCommand
TaskTypeTerminal TaskTypeTerminal
TaskTypeUpgrade TaskTypeUpgrade
TaskTypeKeepalive
) )
type TerminalTask struct { type TerminalTask struct {

3
resource/template/component/server.html vendored
View File

@ -31,7 +31,8 @@
{{if .Conf.GRPCHost}} {{if .Conf.GRPCHost}}
curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install.sh -o nezha.sh && chmod curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install.sh -o nezha.sh && chmod
+x nezha.sh && sudo ./nezha.sh install_agent <code class="command">{{.Conf.GRPCHost}}</code> <code +x nezha.sh && sudo ./nezha.sh install_agent <code class="command">{{.Conf.GRPCHost}}</code> <code
class="command">{{.Conf.GRPCPort}}</code> <code class="command hostSecret"></code> class="command">{{if .Conf.ProxyGRPCPort}}{{.Conf.ProxyGRPCPort}}{{else}}{{.Conf.GRPCPort}}{{end}}</code> <code
class="command hostSecret"></code> <code class="command">{{if .Conf.TLS}}--tls{{end}}</code>
{{else}} {{else}}
请先在设置页面配置 未接入CDN的面板服务器域名/IP 请先在设置页面配置 未接入CDN的面板服务器域名/IP
{{end}} {{end}}

2
resource/template/dashboard/server.html
View File

@ -40,7 +40,7 @@
<td>{{$server.Secret}}</td> <td>{{$server.Secret}}</td>
<td> <td>
<button class="ui icon green mini button" <button class="ui icon green mini button"
data-clipboard-text="{{if $.Conf.GRPCHost}}curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh install_agent {{$.Conf.GRPCHost}} {{$.Conf.GRPCPort}} {{$server.Secret}}{{else}}请先在设置页面配置 未接入CDN的面板服务器域名/IP{{end}}" data-clipboard-text="{{if $.Conf.GRPCHost}}curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh install_agent {{$.Conf.GRPCHost}} {{if $.Conf.ProxyGRPCPort}}{{$.Conf.ProxyGRPCPort}}{{else}}{{$.Conf.GRPCPort}}{{end}} {{$server.Secret}}{{if $.Conf.TLS}} --tls{{end}}{{else}}请先在设置页面配置 未接入CDN的面板服务器域名/IP{{end}}"
data-tooltip="点击复制安装命令"> data-tooltip="点击复制安装命令">
<i class="linux icon"></i> <i class="linux icon"></i>
</button> </button>

19
script/install.sh
View File

@ -203,8 +203,8 @@ install_agent() {
mv nezha-agent $NZ_AGENT_PATH && mv nezha-agent $NZ_AGENT_PATH &&
rm -rf nezha-agent_linux_${os_arch}.tar.gz README.md rm -rf nezha-agent_linux_${os_arch}.tar.gz README.md
if [[ $# == 3 ]]; then if [ $# -ge 3 ]; then
modify_agent_config $1 $2 $3 modify_agent_config "$@"
else else
modify_agent_config 0 modify_agent_config 0
fi fi
@ -223,7 +223,7 @@ modify_agent_config() {
return 0 return 0
fi fi
if [[ $# != 3 ]]; then if [ $# -lt 3 ]; then
echo "请先在管理面板上添加Agent记录下密钥" && echo "请先在管理面板上添加Agent记录下密钥" &&
read -ep "请输入一个解析到面板所在IP的域名不可套CDN: " nz_grpc_host && read -ep "请输入一个解析到面板所在IP的域名不可套CDN: " nz_grpc_host &&
read -ep "请输入面板RPC端口: (5555)" nz_grpc_port && read -ep "请输入面板RPC端口: (5555)" nz_grpc_port &&
@ -242,12 +242,16 @@ modify_agent_config() {
nz_client_secret=$3 nz_client_secret=$3
fi fi
sed -i "s/nz_grpc_host/${nz_grpc_host}/" ${NZ_AGENT_SERVICE} sed -i "s/nz_grpc_host/${nz_grpc_host}/" ${NZ_AGENT_SERVICE}
sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE} sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE}
sed -i "s/nz_client_secret/${nz_client_secret}/" ${NZ_AGENT_SERVICE} sed -i "s/nz_client_secret/${nz_client_secret}/" ${NZ_AGENT_SERVICE}
shift 3
if [ $# -gt 0 ]; then
args=" $*"
sed -i "/ExecStart/ s/$/${args}/" ${NZ_AGENT_SERVICE}
fi
echo -e "Agent配置 ${green}修改成功,请稍等重启生效${plain}" echo -e "Agent配置 ${green}修改成功,请稍等重启生效${plain}"
systemctl daemon-reload systemctl daemon-reload
@ -558,8 +562,9 @@ if [[ $# > 0 ]]; then
uninstall_dashboard 0 uninstall_dashboard 0
;; ;;
"install_agent") "install_agent")
if [[ $# == 4 ]]; then shift
install_agent $2 $3 $4 if [ $# -ge 3 ]; then
install_agent "$@"
else else
install_agent 0 install_agent 0
fi fi