search

fscarmen2 / Argo-Nezha-Service-Container

Nezha server over Argo tunnel 使用 Argo 隧道的哪吒服务端
671 stars 407 forks source link

疑问:数据上报服务器的反代问题 #87

Closed DullJZ closed 5 months ago

DullJZ commented 8 months ago

由于哪吒面板部署在国外,部分国内服务器连不上面板,因此想在连得上面板的国内机上,使用nginx反代上报的服务器

nginx配置如下:

server {
    listen 80 http2;
    server_name nezha-relay.example.com; 
    location / {
        proxy_pass https://nezha-data.example.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_session_reuse off;
        proxy_ssl_server_name on;
        proxy_ssl_name $proxy_host;
        proxy_ssl_protocols TLSv1.2;
    }
}

运行后能收到agent的上报请求,但错误码521,怀疑是gRPC协议的问题:

web_1  | 223.x.x.x - - [12/Mar/2024:14:45:27 +0000] "POST /proto.NezhaService/ReportSystemInfo HTTP/2.0" 521 15 "-" "grpc-go/1.62.0" "-"
web_1  | 223.x.x.x - - [12/Mar/2024:14:45:42 +0000] "POST /proto.NezhaService/ReportSystemInfo HTTP/2.0" 499 0 "-" "grpc-go/1.62.0" "-"

因为没有怎么了解过gRPC和HTTP/2,还希望大佬指点

fscarmen2 commented 8 months ago

如果用argo,国内被监控机器上传数据到隧道,应该通的啊

DullJZ commented 8 months ago

如果用argo,国内被监控机器上传数据到隧道,应该通的啊

可能有的地区会对cf有污染吧,家里的nas访问面板大概一个小时只能通几分钟,tg通知全是离线/恢复,所以才想要自行反代

3377 commented 8 months ago

哥们,你反代最终成功了吗

DullJZ commented 8 months ago

哥们,你反代最终成功了吗

没有啊,搞不懂gRPC

fscarmen2 commented 8 months ago

如果不用argo,那就是国内nas直连国外的面板,这个哪吒官方社区wiki有

https://nezha.wiki/guide/q3.html

fscarmen2 commented 8 months ago

同一域名,既反代gRPC,又做面板https服务的nginx用例

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name data.example.com;

  ssl_certificate /opt/nezha/nezha.pem;
  ssl_certificate_key /opt/nezha/nezha.key;
  ssl_stapling on;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1.2 TLSv1.3;

  underscores_in_headers on;

  keepalive_time 24h;
  keepalive_requests 100000;
  keepalive_timeout 120s;

  location / {
    proxy_pass http://localhost:8008;
    proxy_set_header Host $http_host;
    proxy_set_header Upgrade $http_upgrade;
  }

  location ~ ^/(ws|terminal/.+)$ {
    proxy_pass http://localhost:8008;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
  }

  location ^~ /proto.NezhaService/ {
    grpc_read_timeout 300s;
    grpc_send_timeout 300s;
    grpc_socket_keepalive on;
    grpc_pass grpc://grpcservers;
  }
}

upstream grpcservers {
    server localhost:5555;
    keepalive 512;
}