36 lines
17 KiB
JavaScript
36 lines
17 KiB
JavaScript
import{_ as a,o as e,c as t,R as s}from"./chunks/framework.1625126e.js";const m=JSON.parse('{"title":"Nezha server over Argo tunnel","description":"","frontmatter":{},"headers":[],"relativePath":"case/case5.md","filePath":"case/case5.md","lastUpdated":1687213975000}'),n={name:"case/case5.md"},l=s(`<h1 id="nezha-server-over-argo-tunnel" tabindex="-1">Nezha server over Argo tunnel <a class="header-anchor" href="#nezha-server-over-argo-tunnel" aria-label="Permalink to "Nezha server over Argo tunnel""></a></h1><p>使用 Argo 隧道的哪吒服务端 贡献者:</p><ul><li><a href="https://github.com/fscarmen2" target="_blank" rel="noreferrer">fscarmen</a></li></ul><p>项目地址:<a href="https://github.com/fscarmen2/Argo-Nezha-Service-Container" target="_blank" rel="noreferrer">Argo-Nezha-Service-Container</a></p><p>镜像备份(非实时更新):<a href="https://github.com/nezhahq/Argo-Nezha-Service-Container" target="_blank" rel="noreferrer">Argo-Nezha-Service-Container</a></p><hr><h1 id="目录" tabindex="-1">目录 <a class="header-anchor" href="#目录" aria-label="Permalink to "目录""></a></h1><ul><li><a href="./case5.html#项目特点">项目特点</a></li><li><a href="./case5.html#准备需要用的变量">准备需要用的变量</a></li><li><a href="./case5.html#PaaS-部署实例">PaaS 部署实例</a></li><li><a href="./case5.html#VPS-部署实例">VPS 部署实例</a></li><li><a href="./case5.html#客户端接入">客户端接入</a></li><li><a href="./case5.html#ssh-接入">SSH 接入</a></li><li><a href="./case5.html#鸣谢下列作者的文章和项目">鸣谢下列作者的文章和项目</a></li><li><a href="./case5.html#免责声明">免责声明</a></li></ul><hr><h2 id="项目特点" tabindex="-1">项目特点: <a class="header-anchor" href="#项目特点" aria-label="Permalink to "项目特点:""></a></h2><ul><li>适用范围更广 --- 只要能连通网络,就能安装哪吒服务端,如 Nas 虚拟机 , Container PaaS 等</li><li>Argo 隧道突破需要公网入口的限制 --- 传统的哪吒需要有两个,一个用于面板的访问,另一个用于客户端上报数据,本项目借用 Cloudflare Argo 隧道,使用内网穿透的办法</li><li>IPv4 / v6 具备更高的灵活性 --- 传统哪吒需要处理服务端和客户端的 IPv4/v6 兼容性问题,还需要通过 warp 等工具来解决不对应的情况。然而,本项目可以完全不需要考虑这些问题,可以任意对接,更加方便和简便</li><li>一条 Argo 隧道分流多个域名和协议 --- 建立一条内网穿透的 Argo 隧道,即可分流三个域名(hostname)和协议(protocal),分别用于面板的访问(http),客户端上报数据(tcp)和 ssh(可选)</li><li>Nginx 反向代理的 gRPC 数据端口 --- 配上证书做 tls 终结,然后 Argo 的隧道配置用 https 服务指向这个反向代理,启用http2回源,grpc(nezha)->h2(nginx)->argo->cf cdn edge->agent</li><li>每天自动备份 --- 每天 0 时 0 分自动备份整个哪吒面板文件夹到指定的 github 私库,包括面板主题,面板设置,探针数据和隧道信息,备份保留近 30 天数据;鉴于内容十分重要,必须要放在私库</li><li>数据更安全 --- Argo 隧道使用TLS加密通信,可以将应用程序流量安全地传输到 Cloudflare 网络,提高了应用程序的安全性和可靠性。此外,Argo Tunnel也可以防止IP泄露和DDoS攻击等网络威胁</li></ul><img width="1298" alt="image" src="https://user-images.githubusercontent.com/92626977/233363248-e2caa687-b513-448c-a92f-c870db0e4236.png"><h2 id="准备需要用的变量" tabindex="-1">准备需要用的变量 <a class="header-anchor" href="#准备需要用的变量" aria-label="Permalink to "准备需要用的变量""></a></h2><ul><li>通过 Cloudflare Json 生成网轻松获取 Argo 隧道信息: <a href="https://fscarmen.cloudflare.now.cc" target="_blank" rel="noreferrer">https://fscarmen.cloudflare.now.cc</a></li></ul><img width="1040" alt="image" src="https://user-images.githubusercontent.com/92626977/231084930-02e3c2de-c52b-420d-b39c-9f135d040b3b.png"><ul><li>到 Cloudflare 官方,在相应的域名 <code>DNS</code> 记录里加上客户端上报数据(tcp)和 ssh(可选)的域名,打开橙色云启用 CDN</li></ul><img width="1666" alt="image" src="https://user-images.githubusercontent.com/92626977/231087110-85ddab87-076b-45c9-97d1-c8b051dcb5b0.png"><img width="1627" alt="image" src="https://user-images.githubusercontent.com/92626977/231087714-e5a45eb9-bc47-4c38-8f5b-a4a9fb492d0d.png"><ul><li>到 Cloudflare 官方,选择使用的域名,打开 <code>网络</code> 选项将 <code>gRPC</code> 开关打开</li></ul><img width="1590" alt="image" src="https://user-images.githubusercontent.com/92626977/233138703-faab8596-a64a-40bb-afe6-52711489fbcf.png"><ul><li>获取 github 认证授权: <a href="https://github.com/settings/applications/new" target="_blank" rel="noreferrer">https://github.com/settings/applications/new</a></li></ul><p>面板域名加上 <code>https://</code> 开头,回调地址再加上 <code>/oauth2/callback</code> 结尾</p><img width="916" alt="image" src="https://user-images.githubusercontent.com/92626977/231099071-b6676f2f-6c7b-4e2f-8411-c134143cab24.png"><img width="1122" alt="image" src="https://user-images.githubusercontent.com/92626977/231086319-1b625dc6-713b-4a62-80b1-cc5b2b7ef3ca.png"><ul><li>获取 github 的 PAT (Personal Access Token): <a href="https://github.com/settings/tokens/new" target="_blank" rel="noreferrer">https://github.com/settings/tokens/new</a></li></ul><img width="1226" alt="image" src="https://user-images.githubusercontent.com/92626977/233346036-60819f98-c89a-4cef-b134-0d47c5cc333d.png"><img width="1148" alt="image" src="https://user-images.githubusercontent.com/92626977/233346508-273c422e-05c3-4c91-9fae-438202364787.png"><ul><li>创建 github 用于备份的私库: <a href="https://github.com/new" target="_blank" rel="noreferrer">https://github.com/new</a></li></ul><img width="814" alt="image" src="https://user-images.githubusercontent.com/92626977/233345537-c5b9dc27-35c4-407b-8809-b0ef68d9ad55.png"><h2 id="paas-部署实例" tabindex="-1">PaaS 部署实例 <a class="header-anchor" href="#paas-部署实例" aria-label="Permalink to "PaaS 部署实例""></a></h2><p>镜像 <code>fscarmen/argo-nezha:latest</code> , 支持 amd64 和 arm64 架构</p><p>用到的变量</p><table><thead><tr><th>变量名</th><th>是否必须</th><th>备注</th></tr></thead><tbody><tr><td>GH_USER</td><td>是</td><td>github 的用户名,用于面板管理授权</td></tr><tr><td>GH_CLIENTID</td><td>是</td><td>在 github 上申请</td></tr><tr><td>GH_CLIENTSECRET</td><td>是</td><td>在 github 上申请</td></tr><tr><td>GH_REPO</td><td>否</td><td>在 github 上备份哪吒服务端数据库文件的库</td></tr><tr><td>GH_EMAIL</td><td>否</td><td>github 的邮箱,用于备份的 git 推送到远程库</td></tr><tr><td>GH_PAT</td><td>否</td><td>github 的 PAT</td></tr><tr><td>ARGO_JSON</td><td>是</td><td>从 <a href="https://fscarmen.cloudflare.now.cc" target="_blank" rel="noreferrer">https://fscarmen.cloudflare.now.cc</a> 获取的 Argo Json</td></tr><tr><td>DATA_DOMAIN</td><td>是</td><td>客户端与服务端的通信 argo 域名</td></tr><tr><td>WEB_DOMAIN</td><td>是</td><td>面板 argo 域名</td></tr><tr><td>SSH_DOMAIN</td><td>否</td><td>ssh 用的 argo 域名</td></tr><tr><td>SSH_PASSWORD</td><td>否</td><td>ssh 的密码,只有在设置 SSH_JSON 后才生效,默认值 password</td></tr></tbody></table><p>1.Koyeb</p><img width="927" alt="image" src="https://user-images.githubusercontent.com/92626977/231088411-fbac3e6e-a8a6-4661-bcf8-7c777aa8ffeb.png"><img width="750" alt="image" src="https://user-images.githubusercontent.com/92626977/231088973-7134aefd-4c80-4559-8e40-17c3be11d27d.png"><img width="754" alt="image" src="https://user-images.githubusercontent.com/92626977/233336491-6bb801af-257d-467d-aaf0-6dcb68a531ac.png"><img width="1187" alt="image" src="https://user-images.githubusercontent.com/92626977/231092893-c8f017a2-ee0e-4e28-bee3-7343158f0fa7.png"><img width="500" alt="image" src="https://user-images.githubusercontent.com/92626977/231094144-df6715bc-c611-47ce-a529-03c43f38102e.png"><h2 id="vps-部署实例" tabindex="-1">VPS 部署实例 <a class="header-anchor" href="#vps-部署实例" aria-label="Permalink to "VPS 部署实例""></a></h2><ul><li>注意: ARGO_JSON= 后面需要有单引号,不能去掉</li><li>如果 VPS 是 IPv6 only 的,请先安装 WARP IPv4 或者双栈: <a href="https://github.com/fscarmen/warp" target="_blank" rel="noreferrer">https://github.com/fscarmen/warp</a></li></ul><h3 id="docker-部署" tabindex="-1">docker 部署 <a class="header-anchor" href="#docker-部署" aria-label="Permalink to "docker 部署""></a></h3><div class="language-"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#A6ACCD;">docker run -dit \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> --name nezha_dashboard \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> --restart always \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -v ./dashboard:/dashboard \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e GH_USER=<填 github 用户名> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e GH_EMAIL=<填 github 邮箱> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e GH_PAT=<填获取的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e GH_REPO=<填自定义的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e GH_CLIENTID=<填获取的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e GH_CLIENTSECRET=<填获取的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e ARGO_JSON='<填获取的>' \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e WEB_DOMAIN=<填自定义的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e DATA_DOMAIN=<填自定义的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e SSH_DOMAIN=<填自定义的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> -e SSH_PASSWORD=<填自定义的> \\</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> fscarmen/argo-nezha</span></span></code></pre></div><h3 id="docker-compose-部署" tabindex="-1">docker-compose 部署 <a class="header-anchor" href="#docker-compose-部署" aria-label="Permalink to "docker-compose 部署""></a></h3><div class="language-"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#A6ACCD;">version: '3.8'</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;">services:</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> argo-nezha:</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> image: fscarmen/argo-nezha</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> container_name: nezha_dashboard</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> restart: always</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> volumes:</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - ./dashboard:/dashboard</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> environment:</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - GH_USER=<填 github 用户名></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - GH_EMAIL=<<填 github 邮箱></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - GH_PAT=<填获取的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - GH_REPO=<填自定义的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - GH_CLIENTID=<填获取的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - GH_CLIENTSECRET=<填获取的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - ARGO_JSON='<填获取的>'</span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - WEB_DOMAIN=<填自定义的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - DATA_DOMAIN=<填自定义的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - SSH_DOMAIN=<填自定义的></span></span>
|
||
<span class="line"><span style="color:#A6ACCD;"> - SSH_PASSWORD=<填自定义的></span></span></code></pre></div><h2 id="客户端接入" tabindex="-1">客户端接入 <a class="header-anchor" href="#客户端接入" aria-label="Permalink to "客户端接入""></a></h2><p>通过gRPC传输,无需额外配置。使用面板给到的安装方式,举例</p><div class="language-"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#A6ACCD;">curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh install_agent data.seales.nom.za 443 eAxO9IF519fKFODlW0 --tls</span></span></code></pre></div><h2 id="ssh-接入" tabindex="-1">SSH 接入 <a class="header-anchor" href="#ssh-接入" aria-label="Permalink to "SSH 接入""></a></h2><ul><li>以 macOS + WindTerm 为例,其他根据使用的 SSH 工具,结合官方官方说明文档: <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/use_cases/ssh/#2-connect-as-a-user" target="_blank" rel="noreferrer">https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/use_cases/ssh/#2-connect-as-a-user</a></li><li>官方 cloudflared 下载: <a href="https://github.com/cloudflare/cloudflared/releases" target="_blank" rel="noreferrer">https://github.com/cloudflare/cloudflared/releases</a></li><li>以下输入命令举例</li></ul><div class="language-"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#A6ACCD;"><file path>/cloudflared access ssh --hostname ssh.seales.nom.za</span></span></code></pre></div><img width="834" alt="image" src="https://user-images.githubusercontent.com/92626977/233349393-cec79e11-346e-4a57-8357-8d153d75ee40.png"><img width="830" alt="image" src="https://user-images.githubusercontent.com/92626977/233350601-73de67f9-19ca-451f-b395-8721abbb3342.png"><img width="955" alt="image" src="https://user-images.githubusercontent.com/92626977/233350802-754624e0-8456-4353-8577-1f5385fb8723.png"><h2 id="" tabindex="-1"><a class="header-anchor" href="#" aria-label="Permalink to """></a></h2><h2 id="鸣谢下列作者的文章和项目" tabindex="-1">鸣谢下列作者的文章和项目: <a class="header-anchor" href="#鸣谢下列作者的文章和项目" aria-label="Permalink to "鸣谢下列作者的文章和项目:""></a></h2><ul><li>热心的朝阳群众 Robin,讨论哪吒服务端与客户端的关系,从而诞生了此项目</li><li>哪吒官网: <a href="https://nezha.wiki/" target="_blank" rel="noreferrer">https://nezha.wiki/</a> , TG 群: <a href="https://t.me/nezhamonitoring" target="_blank" rel="noreferrer">https://t.me/nezhamonitoring</a></li><li>共穷国际老中医: <a href="http://solitud.es/" target="_blank" rel="noreferrer">http://solitud.es/</a></li><li>Akkia's Blog: <a href="https://blog.akkia.moe/" target="_blank" rel="noreferrer">https://blog.akkia.moe/</a></li><li>用 Cloudflare Tunnel 进行内网穿透: <a href="https://blog.outv.im/2021/cloudflared-tunnel/" target="_blank" rel="noreferrer">https://blog.outv.im/2021/cloudflared-tunnel/</a></li></ul><h2 id="免责声明" tabindex="-1">免责声明: <a class="header-anchor" href="#免责声明" aria-label="Permalink to "免责声明:""></a></h2><ul><li>本程序仅供学习了解, 非盈利目的,请于下载后 24 小时内删除, 不得用作任何商业用途, 文字、数据及图片均有所属版权, 如转载须注明来源。</li><li>使用本程序必循遵守部署免责声明。使用本程序必循遵守部署服务器所在地、所在国家和用户所在国家的法律法规, 程序作者不对使用者任何不当行为负责。</li></ul>`,59),r=[l];function o(c,i,p,h,d,g){return e(),t("div",null,r)}const b=a(n,[["render",o]]);export{m as __pageData,b as default};
|