搭建哪吒监控 V1 配置CDN，并启用 Agent TLS 连接

前期准备

1. Cloudflare 用来配置 CDN 和 SSL 证书

2. 一个域名（如 qq.com）

3. 两台服务器，A服务器安装 Dashboard 面板 与 Nginx，B服务器安装 Agent 探针。如果需要，也可以选择将两者安装在同一台服务器上。

1. Cloudflare 配置

1.1 添加 A 记录，指定到 A服务器IP

1.2 开启 gRPC 与 WebSockets

1.3 创建 SSL 证书，并复制到 A服务器 /etc/ssl/private/ 目录

证书（.cer） 复制到 /etc/ssl/private/fullchain.cer
私钥（.key） 复制到 /etc/ssl/private/private.key

2. 安装 Dashboard 哪吒监控面板

哪吒面板（Dashboard）用于管理和展示探针数据。 官方手册

2.1 执行脚本

# 海外服务器（GitHub）：
curl -L https://raw.githubusercontent.com/nezhahq/scripts/refs/heads/main/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh

# 中国大陆服务器（Gitee）：
curl -L https://gitee.com/naibahq/scripts/raw/main/install.sh -o nezha.sh && chmod +x nezha.sh && sudo CN=true ./nezha.sh

3. 安装 Nginx 并配置反向代理

3.1 安装 Nginx

# 更新系统并安装 Nginx：
apt update
apt install -y curl wget sudo unzip
apt install -y nginx

# 生成 Diffie-Hellman 密钥
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

3.2. 配置 Nginx 反向代理、gRPC

# 打开 Nginx 配置文件：
/etc/nginx/nginx.conf

#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name qq.com; # 替换为你的域名
        ssl_certificate          /etc/ssl/private/fullchain.cer; #  替换为你的域名证书路径
        ssl_certificate_key      /etc/ssl/private/private.key;    #  替换为你的域名私钥路径
        ssl_stapling on;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:10m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem; 

        # 配置真实 IP 来源 (Cloudflare 的 IP 范围)
        set_real_ip_from 103.21.244.0/22;
        set_real_ip_from 103.22.200.0/22;
        set_real_ip_from 103.31.4.0/22;
        set_real_ip_from 104.16.0.0/13;
        set_real_ip_from 104.24.0.0/14;
        set_real_ip_from 108.162.192.0/18;
        set_real_ip_from 131.0.72.0/22;
        set_real_ip_from 141.101.64.0/18;
        set_real_ip_from 162.158.0.0/15;
        set_real_ip_from 172.64.0.0/13;
        set_real_ip_from 173.245.48.0/20;
        set_real_ip_from 188.114.96.0/20;
        set_real_ip_from 190.93.240.0/20;
        set_real_ip_from 197.234.240.0/22;
        set_real_ip_from 198.41.128.0/17;
        
        # 允许处理下划线的请求头（特别是 CF-Connecting-IP）
        underscores_in_headers on;
        
        real_ip_header CF-Connecting-IP;
        real_ip_recursive on; 

        # 设置 proxy_temp_file_write_size
        proxy_temp_file_write_size 512k;
        
        # gRPC 设置   
        location ^~ /proto.NezhaService/ {
            grpc_set_header Host $host;
            grpc_set_header nz-realip $http_CF-Connecting-IP;
            grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            grpc_read_timeout 600s;
            grpc_send_timeout 600s;
            grpc_socket_keepalive on;
            client_max_body_size 10m;
            grpc_buffer_size 4m;
            grpc_pass grpc://dashboard;
        }

        # websocket 反向代理
        location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ {
            proxy_set_header Host $host;
            proxy_set_header nz-realip $http_CF-Connecting-IP;
            proxy_set_header Origin https://$host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_pass http://127.0.0.1:8008;
        }

        # Web 反向代理
        location / {
            proxy_set_header Host $host;
            proxy_set_header nz-realip $http_CF-Connecting-IP;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_buffer_size 128k;
            proxy_buffers 4 256k;
            proxy_busy_buffers_size 256k;
            proxy_max_temp_file_size 0;
            proxy_pass http://127.0.0.1:8008;
        }
    }

    upstream dashboard {
        server 127.0.0.1:8008;
        keepalive 512;
    }
}

3.3. 重启Nginx

# 检查配置文件的语法和正确性
nginx -t

### 结果解释
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok      # 语法正确
nginx: configuration file /etc/nginx/nginx.conf test is successful      # 正常启动


# 重启 Nginx 并检查其运行状态：
systemctl restart nginx && systemctl status nginx

4. 安装 Agent 探针

登录 （Dashboard） 面板，首次登录的默认用户名和密码均为 admin，并复制 Agent 安装命令，并在 B服务器 安装。

# 安装 必要组件
apt update
apt install -y curl wget sudo unzip

### 安装 Agent 演示
root@s38455:~# curl -L https://raw.githubusercontent.com/nezhahq/scripts/main/agent/install.sh -o agent.sh && chmod +x agent.sh && env NZ_SERVER=qq.com:443 NZ_TLS=true NZ_CLIENT_SECRET=DFF4dDF44ffsfdfdfFFF ./agent.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4947  100  4947    0     0  15564      0 --:--:-- --:--:-- --:--:-- 15605
Installing...
2025/03/07 01:04:15 Successfully executed action install!
nezha-agent successfully installed  # 说明成功

5. 美化面板 Dashboard 与 监控节点

# NezhaDash官方文档：
https://nezhadash-docs.buycoffee.top/custom-code

# 服务器公开备注生成器:
https://nezhainfojson.pages.dev/

# 哪吒探针最简单美化教程
https://1keji.net/t/topic/31


https://dnsdaquan.com/
https://ipw.cn/doc/else/dns.html
# ICMP Ping 节点
https://www.nodeseek.com/post-82748-1

# TCP-Ping 节点
https://www.nodeseek.com/post-68572-1

# TCP-Ping 节点
https://hunter.qianxin.com
语法搜索：ip.city="广州" AND ip.isp="电信" AND (ip.port=80 OR ip.port=443) AND ip.asn="4134"

转载：https://junkai.cc/571.html