KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/assets/en_US_guide_q3.md.BL3-a-zA.js

75 lines
19 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import{_ as s,c as i,o as a,a4 as n}from"./chunks/framework.BmdFiWrL.js";const E=JSON.parse('{"title":"Reverse Proxy gRPC Port (Supports Cloudflare CDN)","description":"","frontmatter":{},"headers":[],"relativePath":"en_US/guide/q3.md","filePath":"en_US/guide/q3.md","lastUpdated":1720074734000}'),t={name:"en_US/guide/q3.md"},l=n(`<h1 id="reverse-proxy-grpc-port-supports-cloudflare-cdn" tabindex="-1">Reverse Proxy gRPC Port (Supports Cloudflare CDN) <a class="header-anchor" href="#reverse-proxy-grpc-port-supports-cloudflare-cdn" aria-label="Permalink to &quot;Reverse Proxy gRPC Port (Supports Cloudflare CDN)&quot;"></a></h1><p>Using Nginx or Caddy to reverse proxy gRPC</p><ul><li>Nginx Configuration</li></ul><div class="language-nginx vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">nginx</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">server</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> {</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> listen </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">443</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> ssl http2;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> listen </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">[::]:443 ssl http2;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> server_name </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">data.example.com; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># Your domain that the Agent uses to connect to the Dashboard</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_certificate </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> /data/letsencrypt/fullchain.pem; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># Path to your domain certificate</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_certificate_key </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> /data/letsencrypt/key.pem; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># Path to your domain private key</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_stapling </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">on</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_session_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">1d</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_session_cache </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">shared:SSL:10m; </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># This might conflict with other configuration files; comment it out if there are conflicts</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> ssl_protocols </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">TLSv1.1 TLSv1.2 TLSv1.3;</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> underscores_in_headers </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">on</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive_time </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">24h</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive_requests </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">100000</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">120s</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> location</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> / </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">{</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_read_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">300s</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_send_timeout </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">300s</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_socket_keepalive </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">on</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> grpc_pass </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">grpc://grpcservers;</span></span>
<span class="line"><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> }</span></span>
<span class="line"><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">}</span></span>
<span class="line"></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">upstream</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> grpcservers </span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">{</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> server</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> localhost:5555;</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> keepalive </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">512</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">;</span></span>
<span class="line"><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">}</span></span></code></pre></div><ul><li>Caddy Configuration</li></ul><div class="language- vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang"></span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span>data.example.com:443 { # Your domain that the Agent uses to connect to the Dashboard</span></span>
<span class="line"><span> reverse_proxy {</span></span>
<span class="line"><span> to localhost:5555</span></span>
<span class="line"><span> transport http {</span></span>
<span class="line"><span> versions h2c 2</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span></code></pre></div><p>Dashboard Configuration</p><ul><li>First, log in to the Dashboard and go to the settings page. In the <code>Non-CDN Dashboard server domain/IP</code> field, enter the domain configured in Nginx or Caddy in the previous step, for example, <code>data.example.com</code>, and save it.</li><li>Then, on the Dashboard server, open the <code>/opt/nezha/dashboard/data/config.yaml</code> file. Modify <code>proxygrpcport</code> to the port that Nginx or Caddy is listening to, for example, <code>443</code>. Since we enabled SSL/TLS in Nginx or Caddy, set <code>tls</code> to <code>true</code>. After making these changes, restart the Dashboard.</li></ul><p>Agent Configuration</p><ul><li>Log in to the Dashboard management backend, copy the one-click installation command, and execute it on the corresponding server to reinstall the agent.</li></ul><p>Enabling Cloudflare CDN (Optional)</p><p>According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2. So, to enable CDN, you must use port 443 when configuring Nginx or Caddy to reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).</p><ul><li>Log in to Cloudflare, select the domain you are using. Go to the <code>Network</code> tab and turn on the <code>gRPC</code> switch. Then, go to the <code>DNS</code> tab, find the DNS record for the domain configured in Nginx or Caddy to reverse proxy gRPC, and enable the CDN by clicking the orange cloud.</li></ul><p>After enabling <code>gRPC</code>, it might not be available immediately, and you may need to wait for a while. You can use <code>curl</code> and <code>nezha-agent -d</code> to verify:</p><div class="language-bash vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">bash</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">localhost:~/agent#</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> curl</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -H</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> &quot;content-type: application/grpc+proto&quot;</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -H</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> &quot;authorization: Bearer test&quot;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> https://xxx.xxx.ovh</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -v</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> </span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> processing: https://xxx.xxx.ovh</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Trying [2606:4700:3035::ac43:8bed]:443...</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Connected to xxx.xxx.ovh (</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">2606:4700:3035::ac43:8bed</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">) port 443</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># ... SSL info</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> using HTTP/2</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:method: GET]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:scheme: https]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:authority: xxx.xxx.ovh]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [:path: /]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [user-agent: curl/8.2.1]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> h2 [accept: </span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">]</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Using Stream ID: 1</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> GET / HTTP/2</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Host: xxx.xxx.ovh</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> User-Agent: curl/8.4.0</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> Accept: </span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">*</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> content-type: application/grpc+proto</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> authorization: Bearer test</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&gt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> </span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> HTTP/2 405 </span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> date: Wed, 20 Dec 2023 08:56:27 GMT</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> content-type: application/grpc+proto</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> cf-ray: 8386ac12dabd5ddc-HKG</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> cf-cache-status: DYNAMIC</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> grpc-message: Received a HEADERS frame with :method </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;GET&quot;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> which should be POST</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> grpc-status: 13</span></span>
<span class="line"><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">&lt;</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> report-to: {</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;endpoints&quot;</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">:</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">[{</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">url</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;}],&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">group</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">cf-nel</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;,&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">max_age</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:604800}</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; nel: {&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">success_fraction</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:0,&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">report_to</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">cf-nel</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;,&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">max_age</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;:604800}</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; vary: Accept-Encoding</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; server: cloudflare</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; alt-svc: h3=&quot;</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">:443</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&quot;; ma=86400</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">&lt; </span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">* Connection #0 to host xxx.xxx.ovh left intact</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">localhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -d</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">NEZHA@2023-12-20 05:14:00&gt;&gt; 检查更新: 0.15.14</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">NEZHA@2023-12-20 05:14:01&gt;&gt; 上报系统信息失败: rpc error: code = Unknown desc = EOF # You need to modify the GRPCHost and TLS options in the Dashboard /opt/nezha/dashboard/data/config.yaml</span></span>
<span class="line"><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">NEZHA@2023-12-20 05:14:01&gt;&gt; Error to close connection ...</span></span></code></pre></div>`,15),p=[l];function e(h,k,r,d,o,g){return a(),i("div",null,p)}const y=s(t,[["render",e]]);export{E as __pageData,y as default};
Reference in New Issue View Git Blame Copy Permalink