Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

疑问:数据上报服务器的反代问题 #87

Open
DullJZ opened this issue Mar 12, 2024 · 6 comments
Open

疑问:数据上报服务器的反代问题 #87

DullJZ opened this issue Mar 12, 2024 · 6 comments

Comments

@DullJZ
Copy link

DullJZ commented Mar 12, 2024

由于哪吒面板部署在国外,部分国内服务器连不上面板,因此想在连得上面板的国内机上,使用nginx反代上报的服务器

nginx配置如下:

server {
    listen 80 http2;
    server_name nezha-relay.example.com; 
    location / {
        proxy_pass https://nezha-data.example.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_session_reuse off;
        proxy_ssl_server_name on;
        proxy_ssl_name $proxy_host;
        proxy_ssl_protocols TLSv1.2;
    }
}

运行后能收到agent的上报请求,但错误码521,怀疑是gRPC协议的问题:

web_1  | 223.x.x.x - - [12/Mar/2024:14:45:27 +0000] "POST /proto.NezhaService/ReportSystemInfo HTTP/2.0" 521 15 "-" "grpc-go/1.62.0" "-"
web_1  | 223.x.x.x - - [12/Mar/2024:14:45:42 +0000] "POST /proto.NezhaService/ReportSystemInfo HTTP/2.0" 499 0 "-" "grpc-go/1.62.0" "-"

因为没有怎么了解过gRPC和HTTP/2,还希望大佬指点
@fscarmen2
Copy link
Owner

如果用argo,国内被监控机器上传数据到隧道,应该通的啊

@DullJZ
Copy link
Author

DullJZ commented Mar 12, 2024

如果用argo,国内被监控机器上传数据到隧道,应该通的啊

可能有的地区会对cf有污染吧,家里的nas访问面板大概一个小时只能通几分钟,tg通知全是离线/恢复,所以才想要自行反代

@3377
Copy link

3377 commented Mar 30, 2024

哥们,你反代最终成功了吗

@DullJZ
Copy link
Author

DullJZ commented Mar 30, 2024

哥们,你反代最终成功了吗

没有啊,搞不懂gRPC

@fscarmen2
Copy link
Owner

如果不用argo,那就是国内nas直连国外的面板,这个哪吒官方社区wiki有

https://nezha.wiki/guide/q3.html

@fscarmen2
Copy link
Owner

同一域名,既反代gRPC,又做面板https服务的nginx用例

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name data.example.com;

  ssl_certificate /opt/nezha/nezha.pem;
  ssl_certificate_key /opt/nezha/nezha.key;
  ssl_stapling on;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1.2 TLSv1.3;
  
  underscores_in_headers on;

  keepalive_time 24h;
  keepalive_requests 100000;
  keepalive_timeout 120s;
  
  location / {
    proxy_pass http://localhost:8008;
    proxy_set_header Host $http_host;
    proxy_set_header Upgrade $http_upgrade;
  }

  location ~ ^/(ws|terminal/.+)$ {
    proxy_pass http://localhost:8008;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
  }

  location ^~ /proto.NezhaService/ {
    grpc_read_timeout 300s;
    grpc_send_timeout 300s;
    grpc_socket_keepalive on;
    grpc_pass grpc://grpcservers;
  }
}

upstream grpcservers {
    server localhost:5555;
    keepalive 512;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@3377 @DullJZ @fscarmen2