KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/en_US/guide/q3.md

109 lines
4.4 KiB
Markdown
Raw Blame History

# Reverse Proxy gRPC Port (Supports Cloudflare CDN)
Using Nginx or Caddy to reverse proxy gRPC
- Nginx Configuration
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name data.example.com; # Your domain that the Agent uses to connect to the Dashboard
ssl_certificate /data/letsencrypt/fullchain.pem; # Path to your domain certificate
ssl_certificate_key /data/letsencrypt/key.pem; # Path to your domain private key
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # This might conflict with other configuration files; comment it out if there are conflicts
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
underscores_in_headers on;
keepalive_time 24h;
keepalive_requests 100000;
keepalive_timeout 120s;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
upstream grpcservers {
server localhost:5555;
keepalive 512;
}
```
- Caddy Configuration
```
data.example.com:443 { # Your domain that the Agent uses to connect to the Dashboard
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
```
Dashboard Configuration
- First, log in to the Dashboard and go to the settings page. In the `Non-CDN Dashboard server domain/IP` field, enter the domain configured in Nginx or Caddy in the previous step, for example, `data.example.com`, and save it.
- Then, on the Dashboard server, open the `/opt/nezha/dashboard/data/config.yaml` file. Modify `proxygrpcport` to the port that Nginx or Caddy is listening to, for example, `443`. Since we enabled SSL/TLS in Nginx or Caddy, set `tls` to `true`. After making these changes, restart the Dashboard.
Agent Configuration
- Log in to the Dashboard management backend, copy the one-click installation command, and execute it on the corresponding server to reinstall the agent.
Enabling Cloudflare CDN (Optional)
According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2.
So, to enable CDN, you must use port 443 when configuring Nginx or Caddy to reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).
- Log in to Cloudflare, select the domain you are using. Go to the `Network` tab and turn on the `gRPC` switch. Then, go to the `DNS` tab, find the DNS record for the domain configured in Nginx or Caddy to reverse proxy gRPC, and enable the CDN by clicking the orange cloud.
After enabling `gRPC`, it might not be available immediately, and you may need to wait for a while. You can use `curl` and `nezha-agent -d` to verify:
```bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v
* processing: https://xxx.xxx.ovh
* Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
>
< HTTP/2 405
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # You need to modify the GRPCHost and TLS options in the Dashboard /opt/nezha/dashboard/data/config.yaml
NEZHA@2023-12-20 05:14:01>> Error to close connection ...
```
Reference in New Issue View Git Blame Copy Permalink