Reverse Proxy gRPC Port (support Cloudflare CDN)
Use Nginx or Caddy to reverse proxy gRPC
- Nginx configuration files
nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name data.example.com; # The domain name where the Agent connects to Dashboard
ssl_certificate /data/letsencrypt/fullchain.pem; # Your domain certificate path
ssl_certificate_key /data/letsencrypt/key.pem; # Your domain's private key path
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # This line may conflict with other configuration files. If a conflict occurs, please comment out this line
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
underscores_in_headers on;
keepalive_time 24h;
keepalive_requests 100000;
keepalive_timeout 120s;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
upstream grpcservers {
server localhost:5555;
keepalive 512;
}
- Caddy configuration files
data.example.com:443 { # The domain name where the Agent connects to Dashboard
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
Dashboard Configuration
- First login to the Dashboard and enter the admin panel, go to the settings page, fill in the
CDN Bypassed Domain/IP
with the domain name you configured in Nginx or Caddy, for exampledata.example.com
, and save it. - Then open the
/opt/nezha/dashboard/data/config.yaml
file in the panel server and changeproxygrpcport
to the port that Nginx or Caddy is listening on, such as443
as set in the previous step. Since we have SSL/TLS enabled in Nginx or Caddy, we need to settls
totrue
, restart the panel when you are done.
Agent Configuration
- Log in to the admin panel, copy the one-click install command, and run the one-click install command on the corresponding server to reinstall the agent.
Enable Cloudflare CDN (optional)
According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2. So if you need to enable CDN, you must use port 443 when configuring Nginx or Caddy reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).
- Log in to Cloudflare and select the domain you are using. Go to the
Network
page and turn on thegRPC
switch, then go to theDNS
page, find the resolution record of the domain with gRPC configuration, and turn on the orange cloud icon to enable CDN.
After enable gRPC
at cloudflare, it may not work immediately,so you may need to wait for a while, about 24hour or more. To be test if gRPC work, we can use curl
and nezha-agent -d
:
bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v
* processing: https://xxx.xxx.ovh
* Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
>
< HTTP/2 405
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s xxx.xxx.ovh:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # Edit GRPCHost and TLS at /opt/nezha/dashboard/data/config.yaml.
NEZHA@2023-12-20 05:14:01>> Error to close connection ...