# Reverse Proxy gRPC Port (Supports Cloudflare CDN)
Using Nginx or Caddy to reverse proxy gRPC

- Nginx Configuration

```nginx
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name data.example.com; # Your domain that the Agent uses to connect to the Dashboard

    ssl_certificate          /data/letsencrypt/fullchain.pem; # Path to your domain certificate
    ssl_certificate_key      /data/letsencrypt/key.pem;       # Path to your domain private key
    ssl_stapling on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m; # This might conflict with other configuration files; comment it out if there are conflicts
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

    underscores_in_headers on;

    keepalive_time 24h;
    keepalive_requests 100000;
    keepalive_timeout 120s;

    location / {
        grpc_read_timeout 300s;
        grpc_send_timeout 300s;
        grpc_socket_keepalive on;
        grpc_pass grpc://grpcservers;
    }
}

upstream grpcservers {
    server localhost:5555;
    keepalive 512;
}
```

- Caddy Configuration

```
data.example.com:443 { # Your domain that the Agent uses to connect to the Dashboard
    reverse_proxy {
        to localhost:5555
        transport http {
            versions h2c 2
        }
    }
}
```

Dashboard Configuration

- First, log in to the Dashboard and go to the settings page. In the `Non-CDN Dashboard server domain/IP` field, enter the domain configured in Nginx or Caddy in the previous step, for example, `data.example.com`, and save it.
- Then, on the Dashboard server, open the `/opt/nezha/dashboard/data/config.yaml` file. Modify `proxygrpcport` to the port that Nginx or Caddy is listening to, for example, `443`. Since we enabled SSL/TLS in Nginx or Caddy, set `tls` to `true`. After making these changes, restart the Dashboard.

Agent Configuration

- Log in to the Dashboard management backend, copy the one-click installation command, and execute it on the corresponding server to reinstall the agent.

Enabling Cloudflare CDN (Optional)

According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2. 
So, to enable CDN, you must use port 443 when configuring Nginx or Caddy to reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).

- Log in to Cloudflare, select the domain you are using. Go to the `Network` tab and turn on the `gRPC` switch. Then, go to the `DNS` tab, find the DNS record for the domain configured in Nginx or Caddy to reverse proxy gRPC, and enable the CDN by clicking the orange cloud.

After enabling `gRPC`, it might not be available immediately, and you may need to wait for a while. You can use `curl` and `nezha-agent -d` to verify:

```bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v 
* processing: https://xxx.xxx.ovh
*   Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
> 
< HTTP/2 405 
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
< 
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新： 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败： rpc error: code = Unknown desc = EOF # You need to modify the GRPCHost and TLS options in the Dashboard /opt/nezha/dashboard/data/config.yaml
NEZHA@2023-12-20 05:14:01>> Error to close connection ...
```