KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/guide/q3.md
Crazy 1a3cc9de23
添加关于Cloudflare gRPC启用以后需要等待的说明和测试方式 (#50) 
* 添加开启gRPC后手动测试方法

* 添加关于cloudflare gRPC开启以后需要等待的中文说明

* 添加英文版本关于cloudflare gRPC等待的说明

* 修改grpc测试的命令

* 修改测试gRPC时的curl命令

* 修改测试gRPC时的curl命令
2023-12-20 17:50:04 +08:00

110 lines
4.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#### 反向代理 gRPC 端口(支持 Cloudflare CDN
使用 Nginx 或者 Caddy 反向代理 gRPC
- Nginx 配置
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name data.example.com; # 你的 Agent 连接 Dashboard 的域名
ssl_certificate /data/letsencrypt/fullchain.pem; # 你的域名证书路径
ssl_certificate_key /data/letsencrypt/key.pem; # 你的域名私钥路径
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # 此项可能会和其他配置文件冲突,如冲突请注释此项
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
underscores_in_headers on;
keepalive_time 24h;
keepalive_requests 100000;
keepalive_timeout 120s;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
upstream grpcservers {
server localhost:5555;
keepalive 512;
}
```
- Caddy 配置
```
data.example.com:443 { # 你的 Agent 连接 Dashboard 的域名
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
```
Dashboard 面板端配置
- 首先登录面板进入管理后台 打开设置页面,在 `未接入CDN的面板服务器域名/IP` 中填入上一步在 Nginx 或 Caddy 中配置的域名 比如 `data.example.com` ,并保存。
- 然后在面板服务器中,打开 /opt/nezha/dashboard/data/config.yaml 文件,将 `proxygrpcport` 修改为 Nginx 或 Caddy 监听的端口,比如上一步设置的 `443` ;因为我们在 Nginx 或 Caddy 中开启了 SSL/TLS所以需要将 `tls` 设置为 `true` ;修改完成后重启面板。
Agent 端配置
- 登录面板管理后台,复制一键安装命令,在对应的服务器上面执行一键安装命令重新安装 agent 端即可。
开启 Cloudflare CDN可选
根据 Cloudflare gRPC 的要求gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。
所以如果需要开启 CDN必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口并配置证书Caddy 会自动申请并配置证书)。
- 登录 Cloudflare选择使用的域名。打开 `网络` 选项将 `gRPC` 开关打开,打开 `DNS` 选项,找到 Nginx 或 Caddy 反代 gRPC 配置的域名的解析记录,打开橙色云启用 CDN。
开启`gRPC`后,可能不能立即可用,需要等待一段时间。具体可通过`curl`和使用`nezha-agent -d`来验证:
```bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v
* processing: https://xxx.xxx.ovh
* Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
>
< HTTP/2 405
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # 需要修改主控端 /opt/nezha/dashboard/data/config.yaml的 GRPCHost 和 TLS 选项
NEZHA@2023-12-20 05:14:01>> Error to close connection ...
```
Reference in New Issue View Git Blame Copy Permalink