KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/assets/guide_q3.md.rIOArITT.js

75 lines
19 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import{_ as s,c as i,o as a,a4 as n}from"./chunks/framework.BmdFiWrL.js";const o=JSON.parse('{"title":"反向代理 gRPC 端口(支持 Cloudflare CDN","description":"","frontmatter":{},"headers":[],"relativePath":"guide/q3.md","filePath":"guide/q3.md","lastUpdated":1720181150000}'),l={name:"guide/q3.md"},p=n(`<h1 id="反向代理-grpc-端口-支持-cloudflare-cdn" tabindex="-1">反向代理 gRPC 端口(支持 Cloudflare CDN <a class="header-anchor" href="#反向代理-grpc-端口-支持-cloudflare-cdn" aria-label="Permalink to &quot;反向代理 gRPC 端口(支持 Cloudflare CDN&quot;"></a></h1><p>使用 Nginx 或者 Caddy 反向代理 gRPC</p><ul><li>Nginx 配置</li></ul><div class="language-nginx vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">nginx</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">server</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> {</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> listen </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">443</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> ssl http2;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> listen </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">[::]:443 ssl http2;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> server_name </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">data.example.com; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 你的 Agent 连接 Dashboard 的域名</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_certificate </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> /data/letsencrypt/fullchain.pem; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 你的域名证书路径</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_certificate_key </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> /data/letsencrypt/key.pem; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 你的域名私钥路径</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_stapling </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">on</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_session_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">1d</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_session_cache </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">shared:SSL:10m; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 此项可能会和其他配置文件冲突,如冲突请注释此项</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_protocols </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">TLSv1.1 TLSv1.2 TLSv1.3;</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> underscores_in_headers </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">on</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive_time </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">24h</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive_requests </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">100000</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">120s</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> location</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> / </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">{</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_read_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">300s</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_send_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">300s</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_socket_keepalive </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">on</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_pass </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">grpc://grpcservers;</span></span>
<span class="line"><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> }</span></span>
<span class="line"><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">}</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">upstream</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> grpcservers </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">{</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> server</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> localhost:5555;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">512</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">}</span></span></code></pre></div><ul><li>Caddy 配置</li></ul><div class="language- vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span>data.example.com:443 { # 你的 Agent 连接 Dashboard 的域名</span></span>
<span class="line"><span> reverse_proxy {</span></span>
<span class="line"><span> to localhost:5555</span></span>
<span class="line"><span> transport http {</span></span>
<span class="line"><span> versions h2c 2</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span></code></pre></div><p>Dashboard 面板端配置</p><ul><li>首先登录面板进入管理后台 打开设置页面,在 <code>未接入CDN的面板服务器域名/IP</code> 中填入上一步在 Nginx 或 Caddy 中配置的域名 比如 <code>data.example.com</code> ,并保存。</li><li>然后在面板服务器中,打开 /opt/nezha/dashboard/data/config.yaml 文件,将 <code>proxygrpcport</code> 修改为 Nginx 或 Caddy 监听的端口,比如上一步设置的 <code>443</code> ;因为我们在 Nginx 或 Caddy 中开启了 SSL/TLS所以需要将 <code>tls</code> 设置为 <code>true</code> ;修改完成后重启面板。</li></ul><p>Agent 端配置</p><ul><li>登录面板管理后台,复制一键安装命令,在对应的服务器上面执行一键安装命令重新安装 agent 端即可。</li></ul><p>开启 Cloudflare CDN可选</p><p>根据 Cloudflare gRPC 的要求gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。 所以如果需要开启 CDN必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口并配置证书Caddy 会自动申请并配置证书)。</p><ul><li>登录 Cloudflare选择使用的域名。打开 <code>网络</code> 选项将 <code>gRPC</code> 开关打开,打开 <code>DNS</code> 选项,找到 Nginx 或 Caddy 反代 gRPC 配置的域名的解析记录,打开橙色云启用 CDN。</li></ul><p>开启<code>gRPC</code>后,可能不能立即可用,需要等待一段时间。具体可通过<code>curl</code>和使用<code>nezha-agent -d</code>来验证:</p><div class="language-bash vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">bash</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">localhost:~/agent#</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> curl</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -H</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> &quot;content-type: application/grpc+proto&quot;</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -H</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> &quot;authorization: Bearer test&quot;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> https://xxx.xxx.ovh</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -v</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> </span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> processing: https://xxx.xxx.ovh</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Trying [2606:4700:3035::ac43:8bed]:443...</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Connected to xxx.xxx.ovh (</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">2606:4700:3035::ac43:8bed</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">) port 443</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># ... SSL info</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> using HTTP/2</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:method: GET]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:scheme: https]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:authority: xxx.xxx.ovh]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:path: /]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [user-agent: curl/8.2.1]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [accept: </span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Using Stream ID: 1</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> GET / HTTP/2</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Host: xxx.xxx.ovh</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> User-Agent: curl/8.4.0</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Accept: </span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> content-type: application/grpc+proto</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> authorization: Bearer test</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> </span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> HTTP/2 405 </span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> date: Wed, 20 Dec 2023 08:56:27 GMT</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> content-type: application/grpc+proto</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> cf-ray: 8386ac12dabd5ddc-HKG</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> cf-cache-status: DYNAMIC</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> grpc-message: Received a HEADERS frame with :method </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;GET&quot;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> which should be POST</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> grpc-status: 13</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> report-to: {</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;endpoints&quot;</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">:</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">[{</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">url</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;}],&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">group</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">cf-nel</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;,&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">max_age</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:604800}</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; nel: {&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">success_fraction</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:0,&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">report_to</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">cf-nel</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;,&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">max_age</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:604800}</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; vary: Accept-Encoding</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; server: cloudflare</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; alt-svc: h3=&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">:443</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;; ma=86400</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; </span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">* Connection #0 to host xxx.xxx.ovh left intact</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">NEZHA@2023-12-20 05:14:00&gt;&gt; 检查更新: 0.15.14</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">NEZHA@2023-12-20 05:14:01&gt;&gt; 上报系统信息失败: rpc error: code = Unknown desc = EOF # 需要修改主控端 /opt/nezha/dashboard/data/config.yaml的 GRPCHost 和 TLS 选项</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">NEZHA@2023-12-20 05:14:01&gt;&gt; Error to close connection ...</span></span></code></pre></div>`,15),t=[p];function h(k,e,d,r,g,E){return a(),i("div",null,t)}const y=s(l,[["render",h]]);export{o as __pageData,y as default};
Reference in New Issue View Git Blame Copy Permalink