From 00c712116e924bdc4c135d717b37d343bb43be2a Mon Sep 17 00:00:00 2001 From: Lemoe Date: Thu, 11 Nov 2021 12:49:54 +0800 Subject: [PATCH] =?UTF-8?q?:sparkles:=20=E5=8F=8D=E5=90=91=E4=BB=A3?= =?UTF-8?q?=E7=90=86=20gRPC=20=E7=AB=AF=E5=8F=A3=EF=BC=88=E6=94=AF?= =?UTF-8?q?=E6=8C=81=20Cloudflare=20CDN=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 40 ++++++++++++++++++++----- cmd/agent/main.go | 2 ++ cmd/dashboard/main.go | 1 + cmd/dashboard/rpc/rpc.go | 14 +++++++++ model/config.go | 2 ++ model/monitor.go | 1 + resource/template/component/server.html | 3 +- resource/template/dashboard/server.html | 2 +- script/install.sh | 19 +++++++----- 9 files changed, 68 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 09c17bd..01dc78d 100644 --- a/README.md +++ b/README.md @@ -322,10 +322,10 @@ restart() {
- Agent 连接 Dashboard 域名开启 Cloudflare CDN -根据 Cloudflare gRPC 的要求:gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。我们可以使用 nginx 反向代理 gRPC 并配置 SSL/TLS 证书。 + 反向代理 gRPC 端口(支持 Cloudflare CDN) +使用 Nginx 或者 Caddy 反向代理 gRPC -- nginx 配置,比如 Agent 连接 Dashboard 的域名为 ip-to-dashboard.nai.ba,为 nginx 添加如下配置,然后重新启动 nginx 或者重新加载配置文件。 +- Nginx 配置 ```nginx server { @@ -339,18 +339,44 @@ server { underscores_in_headers on; location / { + grpc_read_timeout 300s; + grpc_send_timeout 300s; grpc_pass grpc://localhost:5555; } } ``` -- Agent 端配置,编辑 `/etc/systemd/system/nezha-agent.service`,在 `ExecStart=` 这一行的末尾加上 `--tls`,然后重启 nezha-agent.service。例如: +- Caddy 配置 -```bash -ExecStart=/opt/nezha/agent/nezha-agent -s ip-to-dashboard.nai.ba:443 -p xxxxxx --tls +```Caddyfile +ip-to-dashboard.nai.ba:443 { + reverse_proxy { + to localhost:5555 + transport http { + versions h2c 2 + } + } +} ``` -- 在 Cloudflare 中将对应的域名解析设置橙色云开启CDN,并在网络选项中启用gRPC。 + +Dashboard 面板端配置 + +- 首先登录面板进入管理后台 打开设置页面,在 `未接入CDN的面板服务器域名/IP` 中填入上一步在 Nginx 或 Caddy 中配置的域名 比如 `ip-to-dashboard.nai.ba` ,并保存。 +- 然后在面板服务器中,打开 /opt/nezha/dashboard/data/config.yaml 文件,将 `proxygrpcport` 修改为 Nginx 或 Caddy 监听的端口,比如上一步设置的 `443` ;因为我们在 Nginx 或 Caddy 中开启了 SSL/TLS,所以需要将 `tls` 设置为 `true` ;修改完成后重启面板。 + + +Agent 端配置 + +- 登录面板管理后台,复制一键安装命令,在对应的服务器上面执行一键安装命令重新安装 agent 端即可。 + + +开启 Cloudflare CDN(可选) + +根据 Cloudflare gRPC 的要求:gRPC 服务必须侦听 443 端口 且必须支持 TLS 和 HTTP/2。 +所以如果需要开启CDN,必须在配置 Nginx 或者 Caddy 反向代理 gRPC 时使用 443 端口,并配置证书(Caddy 会自动申请并配置证书)。 + +- 登录 Cloudflare,选择使用的域名。打开 `网络` 选项将 `gRPC` 开关打开,打开 `DNS` 选项,找到 Nginx 或 Caddy 反代 gRPC 配置的域名的解析记录,打开橙色云启用CDN。
diff --git a/cmd/agent/main.go b/cmd/agent/main.go index 06a6979..7ddd9f7 100644 --- a/cmd/agent/main.go +++ b/cmd/agent/main.go @@ -218,6 +218,8 @@ func doTask(task *pb.Task) { handleCommandTask(task, &result) case model.TaskTypeUpgrade: handleUpgradeTask(task, &result) + case model.TaskTypeKeepalive: + return default: println("不支持的任务:", task) } diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go index bbb83b9..9645944 100644 --- a/cmd/dashboard/main.go +++ b/cmd/dashboard/main.go @@ -193,6 +193,7 @@ func main() { go rpc.ServeRPC(dao.Conf.GRPCPort) serviceSentinelDispatchBus := make(chan model.Monitor) go rpc.DispatchTask(serviceSentinelDispatchBus) + go rpc.DispatchKeepalive() go dao.AlertSentinelStart() dao.NewServiceSentinel(serviceSentinelDispatchBus) srv := controller.ServeWeb(dao.Conf.HTTPPort) diff --git a/cmd/dashboard/rpc/rpc.go b/cmd/dashboard/rpc/rpc.go index 2e52a5d..9dcb9f0 100644 --- a/cmd/dashboard/rpc/rpc.go +++ b/cmd/dashboard/rpc/rpc.go @@ -57,3 +57,17 @@ func DispatchTask(serviceSentinelDispatchBus <-chan model.Monitor) { dao.SortedServerLock.RUnlock() } } + +func DispatchKeepalive() { + dao.Cron.AddFunc("@every 60s", func() { + dao.SortedServerLock.RLock() + defer dao.SortedServerLock.RUnlock() + for i := 0; i < len(dao.SortedServerList); i++ { + if dao.SortedServerList[i] == nil || dao.SortedServerList[i].TaskStream == nil || dao.SortedServerList[i].TaskStream.Context().Err() != nil { + continue + } + + dao.SortedServerList[i].TaskStream.Send(&pb.Task{Type: model.TaskTypeKeepalive}) + } + }) +} diff --git a/model/config.go b/model/config.go index 7224b89..3634636 100644 --- a/model/config.go +++ b/model/config.go @@ -39,6 +39,8 @@ type Config struct { GRPCPort uint GRPCHost string EnableIPChangeNotification bool + ProxyGRPCPort uint + TLS bool // IP变更提醒 Cover uint8 // 覆盖范围 diff --git a/model/monitor.go b/model/monitor.go index daf26c3..39b2a7c 100644 --- a/model/monitor.go +++ b/model/monitor.go @@ -17,6 +17,7 @@ const ( TaskTypeCommand TaskTypeTerminal TaskTypeUpgrade + TaskTypeKeepalive ) type TerminalTask struct { diff --git a/resource/template/component/server.html b/resource/template/component/server.html index db5ef5e..ab88344 100644 --- a/resource/template/component/server.html +++ b/resource/template/component/server.html @@ -31,7 +31,8 @@ {{if .Conf.GRPCHost}} curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh install_agent {{.Conf.GRPCHost}} {{.Conf.GRPCPort}} + class="command">{{if .Conf.ProxyGRPCPort}}{{.Conf.ProxyGRPCPort}}{{else}}{{.Conf.GRPCPort}}{{end}} {{if .Conf.TLS}}--tls{{end}} {{else}} 请先在设置页面配置 未接入CDN的面板服务器域名/IP {{end}} diff --git a/resource/template/dashboard/server.html b/resource/template/dashboard/server.html index 3b27046..3a00318 100644 --- a/resource/template/dashboard/server.html +++ b/resource/template/dashboard/server.html @@ -40,7 +40,7 @@ {{$server.Secret}} diff --git a/script/install.sh b/script/install.sh index c07afa0..121c584 100755 --- a/script/install.sh +++ b/script/install.sh @@ -203,8 +203,8 @@ install_agent() { mv nezha-agent $NZ_AGENT_PATH && rm -rf nezha-agent_linux_${os_arch}.tar.gz README.md - if [[ $# == 3 ]]; then - modify_agent_config $1 $2 $3 + if [ $# -ge 3 ]; then + modify_agent_config "$@" else modify_agent_config 0 fi @@ -223,7 +223,7 @@ modify_agent_config() { return 0 fi - if [[ $# != 3 ]]; then + if [ $# -lt 3 ]; then echo "请先在管理面板上添加Agent,记录下密钥" && read -ep "请输入一个解析到面板所在IP的域名(不可套CDN): " nz_grpc_host && read -ep "请输入面板RPC端口: (5555)" nz_grpc_port && @@ -242,12 +242,16 @@ modify_agent_config() { nz_client_secret=$3 fi - - sed -i "s/nz_grpc_host/${nz_grpc_host}/" ${NZ_AGENT_SERVICE} sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE} sed -i "s/nz_client_secret/${nz_client_secret}/" ${NZ_AGENT_SERVICE} + shift 3 + if [ $# -gt 0 ]; then + args=" $*" + sed -i "/ExecStart/ s/$/${args}/" ${NZ_AGENT_SERVICE} + fi + echo -e "Agent配置 ${green}修改成功,请稍等重启生效${plain}" systemctl daemon-reload @@ -558,8 +562,9 @@ if [[ $# > 0 ]]; then uninstall_dashboard 0 ;; "install_agent") - if [[ $# == 4 ]]; then - install_agent $2 $3 $4 + shift + if [ $# -ge 3 ]; then + install_agent "$@" else install_agent 0 fi