KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/en_US/guide/q3.md
Crazy 1a3cc9de23
添加关于Cloudflare gRPC启用以后需要等待的说明和测试方式 (#50) 
* 添加开启gRPC后手动测试方法

* 添加关于cloudflare gRPC开启以后需要等待的中文说明

* 添加英文版本关于cloudflare gRPC等待的说明

* 修改grpc测试的命令

* 修改测试gRPC时的curl命令

* 修改测试gRPC时的curl命令
2023-12-20 17:50:04 +08:00

110 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#### Reverse Proxy gRPC Port (support Cloudflare CDN)
Use Nginx or Caddy to reverse proxy gRPC
- Nginx configuration files
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name data.example.com; # The domain name where the Agent connects to Dashboard
ssl_certificate /data/letsencrypt/fullchain.pem; # Your domain certificate path
ssl_certificate_key /data/letsencrypt/key.pem; # Your domain's private key path
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # This line may conflict with other configuration files. If a conflict occurs, please comment out this line
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
underscores_in_headers on;
keepalive_time 24h;
keepalive_requests 100000;
keepalive_timeout 120s;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
upstream grpcservers {
server localhost:5555;
keepalive 512;
}
```
- Caddy configuration files
```
data.example.com:443 { # The domain name where the Agent connects to Dashboard
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
```
Dashboard Configuration
- First login to the Dashboard and enter the admin panel, go to the settings page, fill in the `CDN Bypassed Domain/IP` with the domain name you configured in Nginx or Caddy, for example `data.example.com`, and save it.
- Then open the `/opt/nezha/dashboard/data/config.yaml` file in the panel server and change `proxygrpcport` to the port that Nginx or Caddy is listening on, such as `443` as set in the previous step. Since we have SSL/TLS enabled in Nginx or Caddy, we need to set `tls` to `true`, restart the panel when you are done.
Agent Configuration
- Log in to the admin panel, copy the one-click install command, and run the one-click install command on the corresponding server to reinstall the agent.
Enable Cloudflare CDN (optional)
According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2.
So if you need to enable CDN, you must use port 443 when configuring Nginx or Caddy reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).
- Log in to Cloudflare and select the domain you are using. Go to the `Network` page and turn on the `gRPC` switch, then go to the `DNS` page, find the resolution record of the domain with gRPC configuration, and turn on the orange cloud icon to enable CDN.
After enable `gRPC` at cloudflare, it may not work immediatelyso you may need to wait for a while, about 24hour or more. To be test if gRPC work, we can use `curl` and `nezha-agent -d`
```bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v
* processing: https://xxx.xxx.ovh
* Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
>
< HTTP/2 405
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s xxx.xxx.ovh:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # Edit GRPCHost and TLS at /opt/nezha/dashboard/data/config.yaml.
NEZHA@2023-12-20 05:14:01>> Error to close connection ...
```
Reference in New Issue View Git Blame Copy Permalink