哪吒监控安装使用

作者: /

官方说明文档:
https://nezha.wiki/guide/dashboard.html

#准备一个域名,打开小云朵

#cloudflare后台启用ws和grpc

#给面板端安装必要组件

apt install -y curl sudo wget unzip nginx

#安装wget,sudo等

apt install -y curl wget sudo unzip nginx

#官方安装脚本

curl -L https://raw.githubusercontent.com/nezhahq/scripts/refs/heads/main/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh

#证书和私钥的路径(nginx配置文件里面可以找到)
/etc/ssl/private

#证书文件名
fullchain.cer

#私钥文件名
private.key

#重启nginx

systemctl restart nginx && systemctl status nginx

#给被控端安装必要组件

apt install -y curl sudo wget unzip

#面板后台域名
你的域名/dashboard

#全国ICMP Ping监控节点地址
https://www.nodeseek.com/post-82748-1

#全国TCP Ping监控节点地址
https://www.nodeseek.com/post-254404-1
或者
直接用奇安信的:https://hunter.qianxin.com/
搜索语句:ip.city=”城市名” && ip.isp=”电信” && ip.port=”80″

#多次安装不会覆盖,会安装多个service

#备注JSON生成器
https://nezhainfojson.pages.dev/

#agent上禁用webssh
打开
/opt/nezha/agent/config.yml
把 disable_command_execute: 改成 true


重启agent
参考哪吒文档 https://nezha.wiki/guide/q7.html

#自制一键命令

sed -i 's/disable_command_execute: false/disable_command_execute: true/' /opt/nezha/agent/config.yml

运行之后要重启agent

systemctl restart nezha-agent && systemctl status nezha-agent

#github登录
打开/opt/nezha/dashboard/data/config.yaml;oauth2:{}删掉,然后贴上:

oauth2:
  GitHub:
    clientid: "a-unique-id"
    clientsecret: "a-unique-secret"
    endpoint:
      authurl: "https://github.com/login/oauth/authorize"
      tokenurl: "https://github.com/login/oauth/access_token"
    userinfourl: "https://api.github.com/user"
    useridpath: "id"

其中,改两个地方”a-unique-id”和”a-unique-secret”,“”要留下的

#个性化代码
https://nezhadash-docs.vercel.app/custom-code

#Cloudflare回源IP地址段
https://www.cloudflare.com/zh-cn/ips/

#移除Nezhav0

systemctl stop nezha-agent
systemctl disable nezha-agent
rm /etc/systemd/system/nezha-agent.service
rm /opt/nezha/agent -r

Nginx配置

#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    # http2 on; # Nginx > 1.25.1,请注释上面两行,启用此行
    server_name nezha.xx.com; # 替换为你的域名
    ssl_certificate          /etc/ssl/private/fullchain.cer; # 域名证书路径
    ssl_certificate_key      /etc/ssl/private/private.key;       # 域名私钥路径
    ssl_stapling on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m; # 如果与其他配置冲突,请注释此项
    ssl_protocols TLSv1.2 TLSv1.3;
    underscores_in_headers on;
    set_real_ip_from 103.21.244.0/22; # 替换为你的 CDN 回源 IP 地址段
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    real_ip_header CF-Connecting-IP; # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认
    # 如果你使用nginx作为最外层,把上面两行注释掉
    # grpc 相关    
    location ^~ /proto.NezhaService/ {
        grpc_set_header Host $host;
        grpc_set_header nz-realip $http_CF_Connecting_IP; # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认
        # grpc_set_header nz-realip $remote_addr; # 如果你使用nginx作为最外层,就把上面一行注释掉,启用此行
        grpc_read_timeout 600s;
        grpc_send_timeout 600s;
        grpc_socket_keepalive on;
        client_max_body_size 10m;
        grpc_buffer_size 4m;
        grpc_pass grpc://dashboard;
    }
    # websocket 相关
    location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ {
        proxy_set_header Host $host;
        proxy_set_header nz-realip $http_cf_connecting_ip; # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认
        # proxy_set_header nz-realip $remote_addr; # 如果你使用nginx作为最外层,就把上面一行注释掉,启用此行
        proxy_set_header Origin https://$host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        proxy_pass http://127.0.0.1:8008;
    }
    # web
    location / {
        proxy_set_header Host $host;
        proxy_set_header nz-realip $http_cf_connecting_ip; # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认
        # proxy_set_header nz-realip $remote_addr; # 如果你使用nginx作为最外层,就把上面一行注释掉,启用此行
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_max_temp_file_size 0;
        proxy_pass http://127.0.0.1:8008;
    }
}
upstream dashboard {
    server 127.0.0.1:8008;
    keepalive 512;
}
}

发表评论

您的邮箱地址不会被公开。 必填项已用 * 标注

💬
滚动至顶部