KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/en_US/guide/q3.md
卖女孩的小火柴 68f95380ca Update Nginx Configuration
2023-10-24 09:35:32 +00:00

66 lines
2.6 KiB
Markdown
Raw Blame History

#### Reverse Proxy gRPC Port (support Cloudflare CDN)
Use Nginx or Caddy to reverse proxy gRPC
- Nginx configuration files
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name data.example.com; # The domain name where the Agent connects to Dashboard
ssl_certificate /data/letsencrypt/fullchain.pem; # Your domain certificate path
ssl_certificate_key /data/letsencrypt/key.pem; # Your domain's private key path
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # This line may conflict with other configuration files. If a conflict occurs, please comment out this line
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
underscores_in_headers on;
keepalive_time 24h;
keepalive_requests 100000;
keepalive_timeout 120s;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
upstream grpcservers {
server localhost:5555;
keepalive 512;
}
```
- Caddy configuration files
```
data.example.com:443 { # The domain name where the Agent connects to Dashboard
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
```
Dashboard Configuration
- First login to the Dashboard and enter the admin panel, go to the settings page, fill in the `CDN Bypassed Domain/IP` with the domain name you configured in Nginx or Caddy, for example `data.example.com`, and save it.
- Then open the `/opt/nezha/dashboard/data/config.yaml` file in the panel server and change `proxygrpcport` to the port that Nginx or Caddy is listening on, such as `443` as set in the previous step. Since we have SSL/TLS enabled in Nginx or Caddy, we need to set `tls` to `true`, restart the panel when you are done.
Agent Configuration
- Log in to the admin panel, copy the one-click install command, and run the one-click install command on the corresponding server to reinstall the agent.
Enable Cloudflare CDN (optional)
According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2.
So if you need to enable CDN, you must use port 443 when configuring Nginx or Caddy reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).
- Log in to Cloudflare and select the domain you are using. Go to the `Network` page and turn on the `gRPC` switch, then go to the `DNS` page, find the resolution record of the domain with gRPC configuration, and turn on the orange cloud icon to enable CDN.
Reference in New Issue View Git Blame Copy Permalink