Use Nginx or Caddy to reverse proxy gRPC
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name data.example.com; # The domain name where the Agent connects to Dashboard
ssl_certificate /data/letsencrypt/fullchain.pem; # Your domain certificate path
ssl_certificate_key /data/letsencrypt/key.pem; # Your domain's private key path
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # This line may conflict with other configuration files. If a conflict occurs, please comment out this line
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
underscores_in_headers on;
keepalive_time 24h;
keepalive_requests 100000;
keepalive_timeout 120s;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
upstream grpcservers {
server localhost:5555;
keepalive 512;
}data.example.com:443 { # The domain name where the Agent connects to Dashboard
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}Dashboard Configuration
CDN Bypassed Domain/IP with the domain name you configured in Nginx or Caddy, for example data.example.com, and save it./opt/nezha/dashboard/data/config.yaml file in the panel server and change proxygrpcport to the port that Nginx or Caddy is listening on, such as 443 as set in the previous step. Since we have SSL/TLS enabled in Nginx or Caddy, we need to set tls to true, restart the panel when you are done.Agent Configuration
Enable Cloudflare CDN (optional)
According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2. So if you need to enable CDN, you must use port 443 when configuring Nginx or Caddy reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).
Network page and turn on the gRPC switch, then go to the DNS page, find the resolution record of the domain with gRPC configuration, and turn on the orange cloud icon to enable CDN.After enable gRPC at cloudflare, it may not work immediately,so you may need to wait for a while, about 24hour or more. To be test if gRPC work, we can use curl and nezha-agent -d:
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v
* processing: https://xxx.xxx.ovh
* Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
>
< HTTP/2 405
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s xxx.xxx.ovh:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # Edit GRPCHost and TLS at /opt/nezha/dashboard/data/config.yaml.
NEZHA@2023-12-20 05:14:01>> Error to close connection ...