import{_ as s,c as i,o as a,a4 as n}from"./chunks/framework.BmdFiWrL.js";const o=JSON.parse('{"title":"反向代理 gRPC 端口(支持 Cloudflare CDN)","description":"","frontmatter":{},"headers":[],"relativePath":"guide/q3.md","filePath":"guide/q3.md","lastUpdated":1720901424000}'),l={name:"guide/q3.md"},p=n(`

反向代理 gRPC 端口(支持 Cloudflare CDN)

使用 Nginx 或者 Caddy 反向代理 gRPC

nginx
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name data.example.com; # 你的 Agent 连接 Dashboard 的域名

    ssl_certificate          /data/letsencrypt/fullchain.pem; # 你的域名证书路径
    ssl_certificate_key      /data/letsencrypt/key.pem;       # 你的域名私钥路径
    ssl_stapling on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m; # 此项可能会和其他配置文件冲突,如冲突请注释此项
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

    underscores_in_headers on;

    keepalive_time 24h;
    keepalive_requests 100000;
    keepalive_timeout 120s;

    location / {
        grpc_read_timeout 300s;
        grpc_send_timeout 300s;
        grpc_socket_keepalive on;
        grpc_pass grpc://grpcservers;
    }
}

upstream grpcservers {
    server localhost:5555;
    keepalive 512;
}
data.example.com:443 { # 你的 Agent 连接 Dashboard 的域名
    reverse_proxy {
        to localhost:5555
        transport http {
            versions h2c 2
        }
    }
}

Dashboard 面板端配置

Agent 端配置

开启 Cloudflare CDN(可选)

根据 Cloudflare gRPC 的要求:gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。 所以如果需要开启 CDN,必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口,并配置证书(Caddy 会自动申请并配置证书)。

开启gRPC后,可能不能立即可用,需要等待一段时间。具体可通过curl和使用nezha-agent -d来验证:

bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v 
* processing: https://xxx.xxx.ovh
*   Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
> 
< HTTP/2 405 
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
< 
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # 需要修改主控端 /opt/nezha/dashboard/data/config.yaml的 GRPCHost 和 TLS 选项
NEZHA@2023-12-20 05:14:01>> Error to close connection ...
`,15),t=[p];function h(k,e,d,r,g,E){return a(),i("div",null,t)}const y=s(l,[["render",h]]);export{o as __pageData,y as default};