使用 Nginx 或者 Caddy 反向代理 gRPC
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name data.example.com; # 你的 Agent 连接 Dashboard 的域名 ssl_certificate /data/letsencrypt/fullchain.pem; # 你的域名证书路径 ssl_certificate_key /data/letsencrypt/key.pem; # 你的域名私钥路径 ssl_stapling on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; # 此项可能会和其他配置文件冲突,如冲突请注释此项 ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; underscores_in_headers on; keepalive_time 24h; keepalive_requests 100000; keepalive_timeout 120s; location / { grpc_read_timeout 300s; grpc_send_timeout 300s; grpc_socket_keepalive on; grpc_pass grpc://grpcservers; }}upstream grpcservers { server localhost:5555; keepalive 512;}data.example.com:443 { # 你的 Agent 连接 Dashboard 的域名 reverse_proxy { to localhost:5555 transport http { versions h2c 2 } }}Dashboard 面板端配置
未接入CDN的面板服务器域名/IP 中填入上一步在 Nginx 或 Caddy 中配置的域名 比如 data.example.com ,并保存。proxygrpcport 修改为 Nginx 或 Caddy 监听的端口,比如上一步设置的 443 ;因为我们在 Nginx 或 Caddy 中开启了 SSL/TLS,所以需要将 tls 设置为 true ;修改完成后重启面板。Agent 端配置
开启 Cloudflare CDN(可选)
根据 Cloudflare gRPC 的要求:gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。 所以如果需要开启 CDN,必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口,并配置证书(Caddy 会自动申请并配置证书)。
网络 选项将 gRPC 开关打开,打开 DNS 选项,找到 Nginx 或 Caddy 反代 gRPC 配置的域名的解析记录,打开橙色云启用 CDN。开启gRPC后,可能不能立即可用,需要等待一段时间。具体可通过curl和使用nezha-agent -d来验证:
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v * processing: https://xxx.xxx.ovh* Trying [2606:4700:3035::ac43:8bed]:443...* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443# ... SSL info* using HTTP/2* h2 [:method: GET]* h2 [:scheme: https]* h2 [:authority: xxx.xxx.ovh]* h2 [:path: /]* h2 [user-agent: curl/8.2.1]* h2 [accept: */*]* Using Stream ID: 1> GET / HTTP/2> Host: xxx.xxx.ovh> User-Agent: curl/8.4.0> Accept: */*> content-type: application/grpc+proto> authorization: Bearer test> < HTTP/2 405 < date: Wed, 20 Dec 2023 08:56:27 GMT< content-type: application/grpc+proto< cf-ray: 8386ac12dabd5ddc-HKG< cf-cache-status: DYNAMIC< grpc-message: Received a HEADERS frame with :method "GET" which should be POST< grpc-status: 13< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}< vary: Accept-Encoding< server: cloudflare< alt-svc: h3=":443"; ma=86400< * Connection #0 to host xxx.xxx.ovh left intactlocalhost:~/agent# /opt/nezha/agent/nezha-agent -s nezha.xxx.xxx:443 -p YOUR_KEY --tls -dNEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # 需要修改主控端 /opt/nezha/dashboard/data/config.yaml的 GRPCHost 和 TLS 选项NEZHA@2023-12-20 05:14:01>> Error to close connection ...