KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/assets/en_US_guide_q3.md.636a4fb5.js

75 lines
17 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import{_ as s,o as n,c as a,R as o}from"./chunks/framework.44fd0451.js";const A=JSON.parse('{"title":"Reverse Proxy gRPC Port (Supports Cloudflare CDN)","description":"","frontmatter":{},"headers":[],"relativePath":"en_US/guide/q3.md","filePath":"en_US/guide/q3.md","lastUpdated":1718495592000}'),l={name:"en_US/guide/q3.md"},p=o(`<h1 id="reverse-proxy-grpc-port-supports-cloudflare-cdn" tabindex="-1">Reverse Proxy gRPC Port (Supports Cloudflare CDN) <a class="header-anchor" href="#reverse-proxy-grpc-port-supports-cloudflare-cdn" aria-label="Permalink to &quot;Reverse Proxy gRPC Port (Supports Cloudflare CDN)&quot;"></a></h1><p>Using Nginx or Caddy to reverse proxy gRPC</p><ul><li>Nginx Configuration</li></ul><div class="language-nginx"><button title="Copy Code" class="copy"></button><span class="lang">nginx</span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#C792EA;">server</span><span style="color:#A6ACCD;"> {</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> listen </span><span style="color:#A6ACCD;">443 ssl http2</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> listen </span><span style="color:#A6ACCD;">[::]:443 ssl http2</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> server_name </span><span style="color:#A6ACCD;">data.example.com</span><span style="color:#89DDFF;">;</span><span style="color:#A6ACCD;"> </span><span style="color:#676E95;font-style:italic;"># Your domain that the Agent uses to connect to the Dashboard</span></span>
<span class="line"></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> ssl_certificate </span><span style="color:#A6ACCD;"> /data/letsencrypt/fullchain.pem</span><span style="color:#89DDFF;">;</span><span style="color:#A6ACCD;"> </span><span style="color:#676E95;font-style:italic;"># Path to your domain certificate</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> ssl_certificate_key </span><span style="color:#A6ACCD;"> /data/letsencrypt/key.pem</span><span style="color:#89DDFF;">;</span><span style="color:#A6ACCD;"> </span><span style="color:#676E95;font-style:italic;"># Path to your domain private key</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> ssl_stapling </span><span style="color:#A6ACCD;">on</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> ssl_session_timeout </span><span style="color:#A6ACCD;">1d</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> ssl_session_cache </span><span style="color:#A6ACCD;">shared:SSL:10m</span><span style="color:#89DDFF;">;</span><span style="color:#A6ACCD;"> </span><span style="color:#676E95;font-style:italic;"># This might conflict with other configuration files; comment it out if there are conflicts</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> ssl_protocols </span><span style="color:#A6ACCD;">TLSv1.1 TLSv1.2 TLSv1.3</span><span style="color:#89DDFF;">;</span></span>
<span class="line"></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> underscores_in_headers </span><span style="color:#A6ACCD;">on</span><span style="color:#89DDFF;">;</span></span>
<span class="line"></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> keepalive_time </span><span style="color:#A6ACCD;">24h</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> keepalive_requests </span><span style="color:#A6ACCD;">100000</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> keepalive_timeout </span><span style="color:#A6ACCD;">120s</span><span style="color:#89DDFF;">;</span></span>
<span class="line"></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#C792EA;">location</span><span style="color:#A6ACCD;"> </span><span style="color:#FFCB6B;">/ </span><span style="color:#A6ACCD;">{</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> grpc_read_timeout </span><span style="color:#A6ACCD;">300s</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> grpc_send_timeout </span><span style="color:#A6ACCD;">300s</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> grpc_socket_keepalive </span><span style="color:#A6ACCD;">on</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> grpc_pass </span><span style="color:#A6ACCD;">grpc://grpcservers</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;"> }</span></span>
<span class="line"><span style="color:#A6ACCD;">}</span></span>
<span class="line"></span>
<span class="line"><span style="color:#C792EA;">upstream</span><span style="color:#A6ACCD;"> </span><span style="color:#FFCB6B;">grpcservers </span><span style="color:#A6ACCD;">{</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;">server</span><span style="color:#A6ACCD;"> localhost:5555;</span></span>
<span class="line"><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;"> keepalive </span><span style="color:#A6ACCD;">512</span><span style="color:#89DDFF;">;</span></span>
<span class="line"><span style="color:#A6ACCD;">}</span></span></code></pre></div><ul><li>Caddy Configuration</li></ul><div class="language-"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#A6ACCD;">data.example.com:443 { # Your domain that the Agent uses to connect to the Dashboard</span></span>
<span class="line"><span style="color:#A6ACCD;"> reverse_proxy {</span></span>
<span class="line"><span style="color:#A6ACCD;"> to localhost:5555</span></span>
<span class="line"><span style="color:#A6ACCD;"> transport http {</span></span>
<span class="line"><span style="color:#A6ACCD;"> versions h2c 2</span></span>
<span class="line"><span style="color:#A6ACCD;"> }</span></span>
<span class="line"><span style="color:#A6ACCD;"> }</span></span>
<span class="line"><span style="color:#A6ACCD;">}</span></span></code></pre></div><p>Dashboard Configuration</p><ul><li>First, log in to the Dashboard and go to the settings page. In the <code>Non-CDN Dashboard server domain/IP</code> field, enter the domain configured in Nginx or Caddy in the previous step, for example, <code>data.example.com</code>, and save it.</li><li>Then, on the Dashboard server, open the <code>/opt/nezha/dashboard/data/config.yaml</code> file. Modify <code>proxygrpcport</code> to the port that Nginx or Caddy is listening to, for example, <code>443</code>. Since we enabled SSL/TLS in Nginx or Caddy, set <code>tls</code> to <code>true</code>. After making these changes, restart the Dashboard.</li></ul><p>Agent Configuration</p><ul><li>Log in to the Dashboard management backend, copy the one-click installation command, and execute it on the corresponding server to reinstall the agent.</li></ul><p>Enabling Cloudflare CDN (Optional)</p><p>According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2. So, to enable CDN, you must use port 443 when configuring Nginx or Caddy to reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).</p><ul><li>Log in to Cloudflare, select the domain you are using. Go to the <code>Network</code> tab and turn on the <code>gRPC</code> switch. Then, go to the <code>DNS</code> tab, find the DNS record for the domain configured in Nginx or Caddy to reverse proxy gRPC, and enable the CDN by clicking the orange cloud.</li></ul><p>After enabling <code>gRPC</code>, it might not be available immediately, and you may need to wait for a while. You can use <code>curl</code> and <code>nezha-agent -d</code> to verify:</p><div class="language-bash"><button title="Copy Code" class="copy"></button><span class="lang">bash</span><pre class="shiki material-theme-palenight"><code><span class="line"><span style="color:#FFCB6B;">localhost:~/agent#</span><span style="color:#A6ACCD;"> </span><span style="color:#C3E88D;">curl</span><span style="color:#A6ACCD;"> </span><span style="color:#C3E88D;">-H</span><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;">&quot;</span><span style="color:#C3E88D;">content-type: application/grpc+proto</span><span style="color:#89DDFF;">&quot;</span><span style="color:#A6ACCD;"> </span><span style="color:#C3E88D;">-H</span><span style="color:#A6ACCD;"> </span><span style="color:#89DDFF;">&quot;</span><span style="color:#C3E88D;">authorization: Bearer test</span><span style="color:#89DDFF;">&quot;</span><span style="color:#A6ACCD;"> </span><span style="color:#C3E88D;">https://xxx.xxx.ovh</span><span style="color:#A6ACCD;"> </span><span style="color:#C3E88D;">-v</span><span style="color:#A6ACCD;"> </span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> processing: https://xxx.xxx.ovh</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> Trying </span><span style="color:#89DDFF;">[</span><span style="color:#F78C6C;">2606</span><span style="color:#A6ACCD;">:4700:3035::ac43:8bed</span><span style="color:#89DDFF;">]</span><span style="color:#A6ACCD;">:443...</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> Connected to xxx.xxx.ovh </span><span style="color:#89DDFF;">(</span><span style="color:#FFCB6B;">2606:4700:3035::ac43:8bed</span><span style="color:#89DDFF;">)</span><span style="color:#A6ACCD;"> port 443</span></span>
<span class="line"><span style="color:#676E95;font-style:italic;"># ... SSL info</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> using HTTP/2</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> h2 </span><span style="color:#89DDFF;">[</span><span style="color:#A6ACCD;">:method: GET</span><span style="color:#89DDFF;">]</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> h2 </span><span style="color:#89DDFF;">[</span><span style="color:#A6ACCD;">:scheme: https</span><span style="color:#89DDFF;">]</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> h2 </span><span style="color:#89DDFF;">[</span><span style="color:#A6ACCD;">:authority: xxx.xxx.ovh</span><span style="color:#89DDFF;">]</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> h2 </span><span style="color:#89DDFF;">[</span><span style="color:#A6ACCD;">:path: /</span><span style="color:#89DDFF;">]</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> h2 </span><span style="color:#89DDFF;">[</span><span style="color:#A6ACCD;">user-agent: curl/8.2.1</span><span style="color:#89DDFF;">]</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> h2 </span><span style="color:#89DDFF;">[</span><span style="color:#A6ACCD;">accept: </span><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;">/</span><span style="color:#89DDFF;">*]</span></span>
<span class="line"><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;"> Using Stream ID: 1</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> GET / HTTP/2</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> Host: xxx.xxx.ovh</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> User-Agent: curl/8.4.0</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> Accept: </span><span style="color:#89DDFF;">*</span><span style="color:#A6ACCD;">/</span><span style="color:#89DDFF;">*</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> content-type: application/grpc+proto</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> authorization: Bearer test</span></span>
<span class="line"><span style="color:#89DDFF;">&gt;</span><span style="color:#A6ACCD;"> </span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> HTTP/2 405 </span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> date: Wed, 20 Dec 2023 08:56:27 GMT</span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> content-type: application/grpc+proto</span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> cf-ray: 8386ac12dabd5ddc-HKG</span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> cf-cache-status: DYNAMIC</span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> grpc-message: Received a HEADERS frame with :method </span><span style="color:#89DDFF;">&quot;</span><span style="color:#C3E88D;">GET</span><span style="color:#89DDFF;">&quot;</span><span style="color:#A6ACCD;"> which should be POST</span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> grpc-status: 13</span></span>
<span class="line"><span style="color:#89DDFF;">&lt;</span><span style="color:#A6ACCD;"> report-to: </span><span style="color:#89DDFF;">{</span><span style="color:#FFCB6B;">&quot;endpoints&quot;</span><span style="color:#82AAFF;">:</span><span style="color:#A6ACCD;">[{&quot;</span><span style="color:#FFCB6B;">url</span><span style="color:#FFCB6B;">&quot;:&quot;</span><span style="color:#FFCB6B;">https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s</span><span style="color:#A6ACCD;">=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D</span><span style="color:#FFCB6B;">&quot;}],&quot;</span><span style="color:#FFCB6B;">group</span><span style="color:#FFCB6B;">&quot;:&quot;</span><span style="color:#FFCB6B;">cf-nel</span><span style="color:#FFCB6B;">&quot;,&quot;</span><span style="color:#FFCB6B;">max_age</span><span style="color:#FFCB6B;">&quot;:604800}</span></span>
<span class="line"><span style="color:#FFCB6B;">&lt; nel: {&quot;</span><span style="color:#FFCB6B;">success_fraction</span><span style="color:#FFCB6B;">&quot;:0,&quot;</span><span style="color:#FFCB6B;">report_to</span><span style="color:#FFCB6B;">&quot;:&quot;</span><span style="color:#FFCB6B;">cf-nel</span><span style="color:#FFCB6B;">&quot;,&quot;</span><span style="color:#FFCB6B;">max_age</span><span style="color:#FFCB6B;">&quot;:604800}</span></span>
<span class="line"><span style="color:#FFCB6B;">&lt; vary: Accept-Encoding</span></span>
<span class="line"><span style="color:#FFCB6B;">&lt; server: cloudflare</span></span>
<span class="line"><span style="color:#FFCB6B;">&lt; alt-svc: h3=&quot;</span><span style="color:#FFCB6B;">:443</span><span style="color:#FFCB6B;">&quot;; ma=86400</span></span>
<span class="line"><span style="color:#FFCB6B;">&lt; </span></span>
<span class="line"><span style="color:#FFCB6B;">* Connection #0 to host xxx.xxx.ovh left intact</span></span>
<span class="line"><span style="color:#FFCB6B;">localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d</span></span>
<span class="line"><span style="color:#FFCB6B;">NEZHA@2023-12-20 05:14:00&gt;&gt; 检查更新: 0.15.14</span></span>
<span class="line"><span style="color:#FFCB6B;">NEZHA@2023-12-20 05:14:01&gt;&gt; 上报系统信息失败: rpc error: code = Unknown desc = EOF # You need to modify the GRPCHost and TLS options in the Dashboard /opt/nezha/dashboard/data/config.yaml</span></span>
<span class="line"><span style="color:#FFCB6B;">NEZHA@2023-12-20 05:14:01&gt;&gt; Error to close connection ...</span></span></code></pre></div>`,15),e=[p];function t(c,r,D,C,y,i){return n(),a("div",null,e)}const d=s(l,[["render",t]]);export{A as __pageData,d as default};
Reference in New Issue View Git Blame Copy Permalink