Nezha Monitoring

English

简体中文

English

简体中文

Appearance

On this page

Reverse Proxy gRPC Port (support Cloudflare CDN)

Use Nginx or Caddy to reverse proxy gRPC

  • Nginx configuration files
nginx
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name data.example.com; # The domain name where the Agent connects to Dashboard

    ssl_certificate          /data/letsencrypt/fullchain.pem; # Your domain certificate path
    ssl_certificate_key      /data/letsencrypt/key.pem;       # Your domain's private key path
    ssl_stapling on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m; # This line may conflict with other configuration files. If a conflict occurs, please comment out this line
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

    underscores_in_headers on;

    keepalive_time 24h;
    keepalive_requests 100000;
    keepalive_timeout 120s;

    location / {
        grpc_read_timeout 300s;
        grpc_send_timeout 300s;
        grpc_socket_keepalive on;
        grpc_pass grpc://grpcservers;
    }
}

upstream grpcservers {
    server localhost:5555;
    keepalive 512;
}
  • Caddy configuration files
data.example.com:443 { # The domain name where the Agent connects to Dashboard
    reverse_proxy {
        to localhost:5555
        transport http {
            versions h2c 2
        }
    }
}

Dashboard Configuration

  • First login to the Dashboard and enter the admin panel, go to the settings page, fill in the CDN Bypassed Domain/IP with the domain name you configured in Nginx or Caddy, for example data.example.com, and save it.
  • Then open the /opt/nezha/dashboard/data/config.yaml file in the panel server and change proxygrpcport to the port that Nginx or Caddy is listening on, such as 443 as set in the previous step. Since we have SSL/TLS enabled in Nginx or Caddy, we need to set tls to true, restart the panel when you are done.

Agent Configuration

  • Log in to the admin panel, copy the one-click install command, and run the one-click install command on the corresponding server to reinstall the agent.

Enable Cloudflare CDN (optional)

According to Cloudflare gRPC requirements: gRPC services must listen on port 443 and must support TLS and HTTP/2. So if you need to enable CDN, you must use port 443 when configuring Nginx or Caddy reverse proxy gRPC and configure the certificate (Caddy will automatically apply and configure the certificate).

  • Log in to Cloudflare and select the domain you are using. Go to the Network page and turn on the gRPC switch, then go to the DNS page, find the resolution record of the domain with gRPC configuration, and turn on the orange cloud icon to enable CDN.

After enable gRPC at cloudflare, it may not work immediately,so you may need to wait for a while, about 24hour or more. To be test if gRPC work, we can use curl and nezha-agent -d

bash
localhost:~/agent# curl -H "content-type: application/grpc+proto" -H "authorization: Bearer test" https://xxx.xxx.ovh -v 
* processing: https://xxx.xxx.ovh
*   Trying [2606:4700:3035::ac43:8bed]:443...
* Connected to xxx.xxx.ovh (2606:4700:3035::ac43:8bed) port 443
# ... SSL info
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: xxx.xxx.ovh]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: xxx.xxx.ovh
> User-Agent: curl/8.4.0
> Accept: */*
> content-type: application/grpc+proto
> authorization: Bearer test
> 
< HTTP/2 405 
< date: Wed, 20 Dec 2023 08:56:27 GMT
< content-type: application/grpc+proto
< cf-ray: 8386ac12dabd5ddc-HKG
< cf-cache-status: DYNAMIC
< grpc-message: Received a HEADERS frame with :method "GET" which should be POST
< grpc-status: 13
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTjgJvXWyRF11nUOYx9Lq7UDC1xOYBLtjvWrdjVJQIqu9YqnFJeZFran2KRs6zabQc%2BLV8AubNqYRYDb7hQAZe6bglmVz0wQjrb0tNovYf%2B59SAp%2BQfZnH%2BAFDydNT95ZCmTPnKgWetcwQiUfXU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< vary: Accept-Encoding
< server: cloudflare
< alt-svc: h3=":443"; ma=86400
< 
* Connection #0 to host xxx.xxx.ovh left intact
localhost:~/agent# /opt/nezha/agent/nezha-agent -s xxx.xxx.ovh:443 -p YOUR_KEY --tls -d
NEZHA@2023-12-20 05:14:00>> 检查更新: 0.15.14
NEZHA@2023-12-20 05:14:01>> 上报系统信息失败: rpc error: code = Unknown desc = EOF # Edit GRPCHost and TLS at /opt/nezha/dashboard/data/config.yaml.
NEZHA@2023-12-20 05:14:01>> Error to close connection ...