KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support Argo token. (#39)

Browse Source
This commit is contained in:
fscarmen2 2023-09-07 21:57:58 +08:00 committed by GitHub
parent 5517fa42ad
commit 8a1bf2e873
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 64 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
docs/case/case5.md
View File

@ -11,6 +11,7 @@
# 目录
- [项目特点](case5.md#项目特点)
- [Argo 认证的获取方式: json 或 token](case5.md#argo-认证的获取方式-json-或-token)
- [准备需要用的变量](case5.md#准备需要用的变量)
- [PaaS 部署实例](case5.md#PaaS-部署实例)
- [VPS 部署实例](case5.md#VPS-部署实例)
@ -32,41 +33,53 @@
* 一条 Argo 隧道分流多个域名和协议 --- 建立一条内网穿透的 Argo 隧道,即可分流三个域名(hostname)和协议(protocal),分别用于面板的访问(http),客户端上报数据(tcp)和 ssh可选
* Nginx 反向代理的 gRPC 数据端口 --- 配上证书做 tls 终结,然后 Argo 的隧道配置用 https 服务指向这个反向代理启用http2回源grpc(nezha)->h2(nginx)->argo->cf cdn edge->agent
* 每天自动备份 --- 北京时间每天 4 时 0 分自动备份整个哪吒面板文件夹到指定的 github 私库,包括面板主题,面板设置,探针数据和隧道信息,备份保留近 5 天数据;鉴于内容十分重要,必须要放在私库
* 每天自动更新面板 -- 北京时间每天 4 时 0 分自动检测最新的官方面板版本,有升级时自动更新
* 手/自一体还原备份 --- 每分钟检测一次在线还原文件的内容,遇到有更新立刻还原
* 默认内置本机探针 --- 能很方便的监控自身服务器信息
* 数据更安全 --- Argo 隧道使用TLS加密通信可以将应用程序流量安全地传输到 Cloudflare 网络提高了应用程序的安全性和可靠性。此外Argo Tunnel也可以防止IP泄露和DDoS攻击等网络威胁
<img width="1298" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/6535a060-2138-4c72-9ffa-1175dc6f5c25.png">
## Argo 认证的获取方式: json 或 token
Argo 隧道认证方式有 json 和 token使用两个方式其中之一
## 准备需要用的变量
* 通过 Cloudflare Json 生成网轻松获取 Argo 隧道信息: https://fscarmen.cloudflare.now.cc
### (方式 1 - Josn):
#### 通过 Cloudflare Json 生成网轻松获取 Argo 隧道 json 信息: https://fscarmen.cloudflare.now.cc
<img width="1040" alt="image" src="https://user-images.githubusercontent.com/92626977/231084930-02e3c2de-c52b-420d-b39c-9f135d040b3b.png">
<img width="893" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/5b734a9d-b4fd-40ca-b7e6-5a1732a53175">
* 到 Cloudflare 官网,在相应的域名 `DNS` 记录里加上客户端上报数据(tcp)和 ssh可选的域名打开橙色云启用 CDN
#### 到 Cloudflare 官网,在相应的域名 `DNS` 记录里加上客户端上报数据(tcp)和 ssh可选的域名打开橙色云启用 CDN
<img width="1651" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/d5efb33d-b2a3-484c-b058-346c3e229088">
<img width="1618" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/c44b638f-9984-47a7-a342-166549f6092e">
### (方式 2 - Token): 通过 Cloudflare 官网,手动生成 Argo 隧道 token 信息
#### 到 cf 官网https://dash.cloudflare.com/ ,进入 zero trust 里生成 token 隧道和信息。
<img width="1672" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/0c467d8b-5fbc-4bde-ac8a-db70ed8798f0">
<img width="1659" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/5aa4df19-f277-4582-8a4d-eef34a00085c">
<img width="1470" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/ec06ec20-a68d-405c-b6de-cd4c52cbd8c0">
<img width="1652" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/d0fba15c-f41b-4ee4-bea3-f0506d9b2d23">
<img width="1670" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/2a28eab8-e434-4d06-85db-f2017b50f8de">
<img width="1671" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/c6bcc511-e2f9-4616-bcca-47e1a8a25313">
<img width="1670" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/7fbe3ef7-fb43-4925-9478-89ee08e44941">
## 准备需要用的变量
* 到 Cloudflare 官网,选择使用的域名,打开 `网络` 选项将 `gRPC` 开关打开
<img width="1590" alt="image" src="https://user-images.githubusercontent.com/92626977/233138703-faab8596-a64a-40bb-afe6-52711489fbcf.png">
* 获取 github 认证授权: https://github.com/settings/applications/new
面板域名加上 `https://` 开头,回调地址再加上 `/oauth2/callback` 结尾
<img width="916" alt="image" src="https://user-images.githubusercontent.com/92626977/231099071-b6676f2f-6c7b-4e2f-8411-c134143cab24.png">
<img width="1122" alt="image" src="https://user-images.githubusercontent.com/92626977/231086319-1b625dc6-713b-4a62-80b1-cc5b2b7ef3ca.png">
* 获取 github 的 PAT (Personal Access Token): https://github.com/settings/tokens/new
<img width="1226" alt="image" src="https://user-images.githubusercontent.com/92626977/233346036-60819f98-c89a-4cef-b134-0d47c5cc333d.png">
<img width="1148" alt="image" src="https://user-images.githubusercontent.com/92626977/233346508-273c422e-05c3-4c91-9fae-438202364787.png">
* 创建 github 用于备份的私库: https://github.com/new
@ -87,7 +100,7 @@
| GH_REPO | 否 | 在 github 上备份哪吒服务端数据库文件的 github 库 |
| GH_EMAIL | 否 | github 的邮箱,用于备份的 git 推送到远程库 |
| GH_PAT | 否 | github 的 PAT |
| ARGO_JSON | 是 | 从 https://fscarmen.cloudflare.now.cc 获取的 Argo Json |
| ARGO_AUTH | 是 | Json: 从 https://fscarmen.cloudflare.now.cc 获取的 Argo Json<br> Token: 从 Cloudflare 官网获取 |
| DATA_DOMAIN | 是 | 客户端与服务端的通信 argo 域名 |
| WEB_DOMAIN | 是 | 面板 argo 域名 |
| SSH_DOMAIN | 否 | ssh 用的 argo 域名 |
@ -95,10 +108,11 @@
Koyeb
[![Deploy to Koyeb](https://www.koyeb.com/static/images/deploy/button.svg)](https://app.koyeb.com/deploy?type=docker&name=nezha&ports=80;http;/&env[GH_USER]=&env[GH_CLIENTID]=&env[GH_CLIENTSECRET]=&env[GH_REPO]=&env[GH_EMAIL]=&env[GH_PAT]=&env[ARGO_JSON]=&env[DATA_DOMAIN]=&env[WEB_DOMAIN]=&env[SSH_DOMAIN]=&env[SSH_PASSWORD]=&image=docker.io/fscarmen/argo-nezha)
[![Deploy to Koyeb](https://www.koyeb.com/static/images/deploy/button.svg)](https://app.koyeb.com/deploy?type=docker&name=nezha&ports=80;http;/&env[GH_USER]=&env[GH_CLIENTID]=&env[GH_CLIENTSECRET]=&env[GH_REPO]=&env[GH_EMAIL]=&env[GH_PAT]=&env[ARGO_AUTH]=&env[DATA_DOMAIN]=&env[WEB_DOMAIN]=&env[SSH_DOMAIN]=&env[SSH_PASSWORD]=&image=docker.io/fscarmen/argo-nezha)
<img width="927" alt="image" src="https://user-images.githubusercontent.com/92626977/231088411-fbac3e6e-a8a6-4661-bcf8-7c777aa8ffeb.png">
<img width="750" alt="image" src="https://user-images.githubusercontent.com/92626977/231088973-7134aefd-4c80-4559-8e40-17c3be11d27d.png">
<img width="755" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/27a26b1b-6934-41a8-aca4-8a094c905850">
<img width="754" alt="image" src="https://user-images.githubusercontent.com/92626977/233336491-6bb801af-257d-467d-aaf0-6dcb68a531ac.png">
<img width="1187" alt="image" src="https://user-images.githubusercontent.com/92626977/231092893-c8f017a2-ee0e-4e28-bee3-7343158f0fa7.png">
<img width="500" alt="image" src="https://user-images.githubusercontent.com/92626977/231094144-df6715bc-c611-47ce-a529-03c43f38102e.png">
@ -121,7 +135,7 @@ docker run -dit \
-e GH_REPO=<填自定义的> \
-e GH_CLIENTID=<填获取的> \
-e GH_CLIENTSECRET=<填获取的> \
-e ARGO_JSON='<填获取的>' \
-e ARGO_AUTH='<填获取的 Argo json 或者 token>' \
-e WEB_DOMAIN=<填自定义的> \
-e DATA_DOMAIN=<填自定义的> \
-e SSH_DOMAIN=<填自定义的> \
@ -144,7 +158,7 @@ services:
- GH_REPO=<填自定义的>
- GH_CLIENTID=<填获取的>
- GH_CLIENTSECRET=<填获取的>
- ARGO_JSON='<填获取的>'
- ARGO_AUTH='<填获取的 Argo json 或者 token>'
- WEB_DOMAIN=<填自定义的>
- DATA_DOMAIN=<填自定义的>
- SSH_DOMAIN=<填自定义的>
@ -213,7 +227,8 @@ tar czvf dashboard.tar.gz /dashboard
| |-- nezha.key # SSL/TLS 证书的私钥信息
| |-- nezha.pem # SSL/TLS 隐私增强邮件
| `-- restore.sh # 还原备份脚本
`-- dbfile # 记录最新的还原或备份文件名
|-- dbfile # 记录最新的还原或备份文件名
`-- version # 记录当前的面板 app 版本
```
@ -224,6 +239,8 @@ tar czvf dashboard.tar.gz /dashboard
* Akkia's Blog: https://blog.akkia.moe/
* HiFeng's Blog: https://www.hicairo.com/
* 用 Cloudflare Tunnel 进行内网穿透: https://blog.outv.im/2021/cloudflared-tunnel/
* 如何给 GitHub Actions 添加自己的 Runner 主机: https://cloud.tencent.com/developer/article/1756690
* github self-hosted runner 添加与启动: https://blog.csdn.net/sinat_32188225/article/details/125978331
## 免责声明:

43
docs/en_US/case/case5.md
View File

@ -11,6 +11,7 @@ Mirror backup (not live update): [Argo-Nezha-Service-Container](https://github.c
# Catalog
- [Project Features](case5.md#project-features)
- [How to get Argo authentication: json or token](case5.md#How-to-get-Argo-authentication-json-or-token)
- [Variables to be used](case5.md#prepare-variables-to-be-used)
- [PaaS Deployment Example](case5.md#paas-deployment-example)
- [VPS Deployment Example](case5.md#vps-deployment-example)
@ -32,6 +33,7 @@ Mirror backup (not live update): [Argo-Nezha-Service-Container](https://github.c
* One Argo tunnel for multiple domains and protocols --- Create an intranet-penetrating Argo tunnel for three domains (hostname) and protocols, which can be used for panel access (http), client reporting (tcp) and ssh (optional).
* Nginx reverse proxy gRPC data port --- with a certificate for tls termination, then Argo's tunnel configuration with https service pointing to this reverse proxy, enable http2 back to the source, grpc(nezha)->h2(nginx)->argo->cf cdn edge->agent
* Daily automatic backup --- every day at 04:00 BST, the entire Nezha panel folder is automatically backed up to a designated private github repository, including panel themes, panel settings, probe data and tunnel information, the backup retains nearly 5 days of data; the content is so important that it must be placed in the private repository.
* Automatic daily panel update -- the latest official panel version is automatically detected every day at 4:00 BST, and updated when there is an upgrade.
* Manual/automatic restore backup --- check the content of online restore file once a minute, and restore immediately when there is any update.
* Default built-in local probes --- can easily monitor their own server information
* More secure data --- Argo Tunnel uses TLS encrypted communication to securely transmit application traffic to the Cloudflare network, improving application security and reliability. In addition, Argo Tunnel protects against network threats such as IP leaks and DDoS attacks.
@ -39,17 +41,31 @@ Mirror backup (not live update): [Argo-Nezha-Service-Container](https://github.c
<img width="1298" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/6535a060-2138-4c72-9ffa-1175dc6f5c25.png">
## Prepare variables to be used
* Easily get Argo tunnel information through Cloudflare Json generation network: https://fscarmen.cloudflare.now.cc
## How to get Argo authentication: json or token
The Argo Tunnel authentication methods are json and token, use one of the two methods.
<img width="772" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/98f2c80c-8d45-4c70-b46e-70f552e0b572">
### (Methods 1 - Josn):
#### Easily get Argo tunnel json information through Cloudflare Json Generation Network: https://fscarmen.cloudflare.now.cc
* Visit Cloudflare website, add the domain name of the client reporting data (tcp) and ssh (optional) in the `DNS` record of the corresponding domain, and turn on Orange Cloud to enable CDN.
<img width="862" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/7bf8fefd-328f-43a1-ada6-4472904e8adb">
#### Visit Cloudflare website, add the domain name of the client reporting data (tcp) and ssh (optional) in the `DNS` record of the corresponding domain, and turn on Orange Cloud to enable CDN.
<img width="1629" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/39ecc388-e66b-44a2-a339-c80e9d7ed8e2">
<img width="1632" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/1ad2042e-46e6-41c3-9c16-14dc8699ee72">
### (Methods 2 - Token): Manually generate Argo tunnel token information via Cloudflare website.
#### Go to the cf website: https://dash.cloudflare.com/ and go to zero trust to generate token tunnels and messages.
<img width="1672" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/c2952ef2-7a3d-4242-84bc-3cbada1d337c">
<img width="1652" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/89b2b758-e550-413d-aa3e-216d226da7f4">
<img width="1463" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/9f77e26b-a25d-4ff0-8425-1085708e19c3">
<img width="1652" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/d0fba15c-f41b-4ee4-bea3-f0506d9b2d23">
<img width="1670" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/2a28eab8-e434-4d06-85db-f2017b50f8de">
<img width="1671" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/c6bcc511-e2f9-4616-bcca-47e1a8a25313">
<img width="1670" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/7fbe3ef7-fb43-4925-9478-89ee08e44941">
## Prepare variables to be used
* Visit the Cloudflare website, select the domain name you want to use, and turn on the `network` option to turn the `gRPC` switch on.
<img width="1605" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/533133dc-ab46-43ff-8eec-0b57d776e4a9">
@ -59,13 +75,11 @@ Mirror backup (not live update): [Argo-Nezha-Service-Container](https://github.c
Add `https://` to the beginning of the panel's domain name and `/oauth2/callback` to the end of the callback address.
<img width="1031" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/b3218cca-171d-4869-8ff9-7a569d01234a">
<img width="1023" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/c8e6370d-4307-4b88-b490-ce960b694541">
* Get a PAT (Personal Access Token) for github: https://github.com/settings/tokens/new
<img width="1368" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/96b09a43-910c-41c8-b407-1090d81ce728">
<img width="1542" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/b2bf7d3e-2370-4e12-b01d-7cfb9f2d3115">
* Create a private github repository for backups: https://github.com/new
@ -86,7 +100,7 @@ Variables used
| GH_REPO | No | The github repository for backing up Nezha's server-side database files on github |
| GH_EMAIL | No | github's mailbox for git push backups to remote repositories |
| GH_PAT | No | github's PAT |
| ARGO_JSON | Yes | Argo Json from https://fscarmen.cloudflare.now.cc |
| ARGO_AUTH | Yes | Argo Json from https://fscarmen.cloudflare.now.cc<br>Argo token from Cloudflare official website |
| DATA_DOMAIN | Yes | Client-server communication argo domain name |
| WEB_DOMAIN | Yes | Panel argo domain |
| SSH_DOMAIN | No | ssh for argo domain |
@ -94,11 +108,11 @@ Variables used
Koyeb
[![Deploy to Koyeb](https://www.koyeb.com/static/images/deploy/button.svg)](https://app.koyeb.com/deploy?type=docker&name=nezha&ports=80;http;/&env[GH_USER]=&env[GH_CLIENTID]=&env[GH_CLIENTSECRET]=&env[GH_REPO]=&env[GH_EMAIL]=&env[GH_PAT]=&env[ARGO_JSON]=&env[DATA_DOMAIN]=&env[WEB_DOMAIN]=&env[SSH_DOMAIN]=&env[SSH_PASSWORD]=&image=docker.io/fscarmen/argo-nezha)
[![Deploy to Koyeb](https://www.koyeb.com/static/images/deploy/button.svg)](https://app.koyeb.com/deploy?type=docker&name=nezha&ports=80;http;/&env[GH_USER]=&env[GH_CLIENTID]=&env[GH_CLIENTSECRET]=&env[GH_REPO]=&env[GH_EMAIL]=&env[GH_PAT]=&env[ARGO_AUTH]=&env[DATA_DOMAIN]=&env[WEB_DOMAIN]=&env[SSH_DOMAIN]=&env[SSH_PASSWORD]=&image=docker.io/fscarmen/argo-nezha)
<img width="927" alt="image" src="https://user-images.githubusercontent.com/92626977/231088411-fbac3e6e-a8a6-4661-bcf8-7c777aa8ffeb.png">
<img width="1011" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/61fad972-1be9-4e8d-829a-8faea0c8ed64">
<img width="763" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/ca294962-f10e-4f4c-b69c-9e95d3d25cac">
<img width="778" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/c070b085-dd7a-4182-9439-857f3116814e">
<img width="1214" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/ddabdf3a-ca63-4523-b839-62c4d4c0caf2">
<img width="881" alt="image" src="https://github.com/fscarmen2/Argo-Nezha-Service-Container/assets/92626977/e623f92d-878f-4eb8-9dfe-55b59770ba2f">
@ -120,7 +134,7 @@ docker run -dit \
-e GH_REPO=<fill in customized> \
-e GH_CLIENTID=<fill in acquired> \
-e GH_CLIENTSECRET=<fill in acquired> \
-e ARGO_JSON='<fill in acquired>' \
-e ARGO_AUTH='<Fill in the fetched Argo json or token>' \
-e WEB_DOMAIN=<fill in customized> \
-e DATA_DOMAIN=<fill in customized> \
-e SSH_DOMAIN=<fill in customized> \
@ -143,7 +157,7 @@ services.
- GH_REPO=<fill in customized>
- GH_CLIENTID=<fill in obtained>
- GH_CLIENTSECRET=<fill in fetched>
- ARGO_JSON='<fill in acquired>'
- ARGO_AUTH='<Fill in the fetched Argo json or token>'
- WEB_DOMAIN=<fill customized>
- DATA_DOMAIN=<fill in customized>
- SSH_DOMAIN=<insert customized>
@ -213,7 +227,8 @@ tar czvf dashboard.tar.gz /dashboard
| |-- nezha.key # Private key information for SSL/TLS certificate.
| |-- nezha.pem # SSL/TLS Privacy Enhancement Email
| `-- restore.sh # Restore backup scripts
`-- dbfile # Record the name of the latest restore or backup file
|-- dbfile # Record the name of the latest restore or backup file
`-- version # Record the current panel app version
```
@ -224,6 +239,8 @@ tar czvf dashboard.tar.gz /dashboard
* Akkia's Blog: https://blog.akkia.moe/
* HiFeng's Blog: https://www.hicairo.com/
* Intranet Penetration with Cloudflare Tunnel: https://blog.outv.im/2021/cloudflared-tunnel/
* How to add your own Runner host to GitHub Actions: https://cloud.tencent.com/developer/article/1756690
* github self-hosted runner addition and startup: https://blog.csdn.net/sinat_32188225/article/details/125978331
## Disclaimer