哪吒v1独立安装+Nginx反代+Cloudflare CDN
有一个特别便宜的,1C0.5G的服务器,但是储存空间只有5G,系统+面板就要给塞满了,docker感觉有点大,用面板也有点臃肿,装完环境就要满了
按照本文的环境配置,磁盘只会占用1.5G,内存占用150M(目前连接了9个VPS)
准备
一个v4/v6服务器,一个域名,Cloudflare账号
1.安装哪吒v1
脚本安装
curl -L https://raw.githubusercontent.com/nezhahq/scripts/refs/heads/main/install.sh -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh国内服务器用下面这个
curl -L https://gitee.com/naibahq/scripts/raw/main/install.sh -o nezha.sh && chmod +x nezha.sh && sudo CN=true ./nezha.sh选择独立安装->安装面板->端口用默认8008->agent访问地址可以直接用[服务器ip]:8008->TLS随意
注意,agent访问地址和tls在面板上都能够直接设置
2.安装nginx
以Debian系为例,nginx安装直接用包管理器就可以直接安装
# 安装nginx
apt update
apt install nginx -y
systemctl start nginx
# 开放防火墙80和443端口
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'直接访问http://ip提示Welcome to Nginx!则安装成功
3.申请ssl证书
以Debian系为例
# 安装certbot
sudo apt update
sudo apt install certbot -y临时关闭nginx
sudo systemctl stop nginx申请证书,其中user@lhl.one改成你的邮箱,xxx.com改成你的域名
sudo certbot certonly --standalone \
--email user@lhl.one \
--agree-tos \
--no-eff-email \
-d xxx.com申请后的证书保存在
/etc/letsencrypt/live/xxx.com/
├── fullchain.pem # 这是 ssl_certificate
└── privkey.pem # 这是 ssl_certificate_key4.配置Nginx反代
将/etc/nginx/sites-available/default删除
cd /etc/nginx/sites-available
rm -rf default新建default并写入配置
touch default# /etc/nginx/sites-available/default
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xxx.com; # 替换为你的域名
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem; # 替换为你的域名
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem; # 替换为你的域名
ssl_stapling on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:!aNULL:!MD5:!DSS;
underscores_in_headers on;
# Cloudflare ip
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
# IPv6
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;
# gRPC
location ^~ /proto.NezhaService/ {
grpc_set_header Host $host;
grpc_set_header nz-realip $http_cf_connecting_ip;
grpc_read_timeout 600s;
grpc_send_timeout 600s;
grpc_socket_keepalive on;
client_max_body_size 10m;
grpc_buffer_size 4m;
grpc_pass grpc://dashboard;
}
# WebSocket
location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ {
proxy_set_header Host $host;
proxy_set_header nz-realip $http_cf_connecting_ip;
proxy_set_header Origin https://$host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_pass http://127.0.0.1:8008;
}
# Web
location / {
proxy_set_header Host $host;
proxy_set_header nz-realip $http_cf_connecting_ip;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:8008;
}
}
upstream dashboard {
server 127.0.0.1:8008;
keepalive 512;
}测试nginx配置并启用nginx
nginx -t
systemctl reload nginx5.设置前端真实IP请求头
第一种办法,在哪吒面板web->管理界面->点击头像进入系统设置->设置前端真实IP请求头
填写nz-realip,这个是我们在nginx配置文件中写好的,如果没有按照上面的方法配置nginx的话不适用
第二种方法,直接修改配置文件然后重启哪吒面板,配置文件在/opt/nezha/data/config.yaml,将web_real_ip_header的值设置为nz-realip
当前页面是本站的「Google AMP」版。查看和发表评论请点击:完整版 »