diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml index 6aa7236..dfda61c 100644 --- a/.github/workflows/Build.yml +++ b/.github/workflows/Build.yml @@ -6,7 +6,7 @@ on: jobs: Building: runs-on: ubuntu-latest - name: "Build Argo-Nezha images" + name: "Build image" env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} @@ -34,10 +34,5 @@ jobs: uses: docker/build-push-action@v5.1.0 with: push: true - platforms: linux/amd64,linux/arm64,linux/arm/v7 - tags: ${{ env.DOCKERHUB_REPOSITORY }} - - - name: Upload to repository - uses: stefanzweifel/git-auto-commit-action@v5.0.0 - with: - commit_message: Push images ${{ env.VERSION }} by Github Actions, ${{ env.DATE }} \ No newline at end of file + platforms: linux/amd64, linux/arm64, linux/arm/v7 + tags: ${{ env.DOCKERHUB_REPOSITORY }} \ No newline at end of file diff --git a/README.md b/README.md index 04689cc..20de4e7 100644 --- a/README.md +++ b/README.md @@ -32,12 +32,11 @@ Documentation: [English version](https://github.com/fscarmen2/Argo-Nezha-Service * Argo 隧道突破需要公网入口的限制 --- 传统的哪吒需要有两个公网端口,一个用于面板的访问,另一个用于客户端上报数据,本项目借用 Cloudflare Argo 隧道,使用内网穿透的办法 * IPv4 / v6 具备更高的灵活性 --- 传统哪吒需要处理服务端和客户端的 IPv4/v6 兼容性问题,还需要通过 warp 等工具来解决不对应的情况。然而,本项目可以完全不需要考虑这些问题,可以任意对接,更加方便和简便 * 一条 Argo 隧道分流多个域名和协议 --- 建立一条内网穿透的 Argo 隧道,即可分流三个域名(hostname)和协议(protocal),分别用于面板的访问(http),客户端上报数据(tcp)和 ssh(可选) -* GrpcWebProxy 反向代理的 gRPC 数据端口 --- 配上证书做 tls 终结,然后 Argo 的隧道配置用 https 服务指向这个反向代理,启用http2回源,grpc(nezha)->GrpcWebProxy->h2(argo)->cf cdn edge->agent +* Grpc 反向代理的 gRPC 数据端口 --- 配上证书做 tls 终结,然后 Argo 的隧道配置用 https 服务指向这个反向代理,启用http2回源,grpc(nezha)->Grpc Proxy->h2(argo)->cf cdn edge->agent * 每天自动备份 --- 北京时间每天 4 时 0 分自动备份整个哪吒面板文件夹到指定的 github 私库,包括面板主题,面板设置,探针数据和隧道信息,备份保留近 5 天数据;鉴于内容十分重要,必须要放在私库 -* 每天自动更新面板 -- 北京时间每天 4 时 0 分自动检测最新的官方面板版本,有升级时自动更新 +* 每天自动更新面板和更新脚本 -- 北京时间每天 4 时 0 分自动检测最新的官方面板版本及备份还原脚本,有升级时自动更新 * 手/自一体还原备份 --- 每分钟检测一次在线还原文件的内容,遇到有更新立刻还原 * 默认内置本机探针 --- 能很方便的监控自身服务器信息 -* 数据更安全 --- Argo 隧道使用TLS加密通信,可以将应用程序流量安全地传输到 Cloudflare 网络,提高了应用程序的安全性和可靠性。此外,Argo Tunnel也可以防止IP泄露和DDoS攻击等网络威胁 image @@ -100,7 +99,7 @@ Argo 隧道认证方式有 json 和 token,使用两个方式其中之一。推 | GH_REPO | 否 | 在 github 上备份哪吒服务端数据库文件的 github 库 | | GH_EMAIL | 否 | github 的邮箱,用于备份的 git 推送到远程库 | | GH_PAT | 否 | github 的 PAT | - | REVERSE_PROXY_MODE | 否 | 默认使用 nginx 应用来反代,这时可以不填写该变量;如需 gRPCwebProxy 反代,请设置该值为 `grpcwebproxy` | + | REVERSE_PROXY_MODE | 否 | 默认使用 Caddy 应用来反代,这时可以不填写该变量;如需 Nginx 或 gRPCwebProxy 反代,请设置该值为 `nginx ` 或 `grpcwebproxy` | | ARGO_AUTH | 是 | Json: 从 https://fscarmen.cloudflare.now.cc 获取的 Argo Json
Token: 从 Cloudflare 官网获取 | | ARGO_DOMAIN | 是 | Argo 域名 | | NO_AUTO_RENEW | 否 | 默认不需要该变量,即每天定时同步在线最新的备份和还原脚本。如不需要该功能,设置此变量,并赋值为 `1` | @@ -137,7 +136,7 @@ docker run -dit \ -e ARGO_AUTH='<填获取的 Argo json 或者 token>' \ -e ARGO_DOMAIN=<填自定义的> \ -e GH_BACKUP_USER=<选填,选填,选填! 如与 GH_USER 一致,可以不要该环境变量> \ - -e REVERSE_PROXY_MODE=<选填,选填,选填! 如想用 gRPCwebProxy 替代 nginx 反代的话,请设置该变量并赋值为 `grpcwebproxy`> \ + -e REVERSE_PROXY_MODE=<选填,选填,选填! 如想用 Nginx 或 gRPCwebProxy 替代 Caddy 反代的话,请设置该变量并赋值为 `nginx` 或 `grpcwebproxy`> \ -e NO_AUTO_RENEW=<选填,选填,选填! 如果不需要自动在线同步最新的 backup.sh 和 restore.sh,请设置该变量并赋值为 `1`> fscarmen/argo-nezha ``` @@ -161,7 +160,7 @@ services: - ARGO_AUTH='<填获取的 Argo json 或者 token>' - ARGO_DOMAIN=<填自定义的> - GH_BACKUP_USER=<选填,选填,选填! 如与 GH_USER 一致,可以不要该环境变量> - - REVERSE_PROXY_MODE=<选填,选填,选填! 如想用 gRPCwebProxy 替代 nginx 反代的话,请设置该变量并赋值为 `grpcwebproxy`> + - REVERSE_PROXY_MODE=<选填,选填,选填! 如想用 Nginx 或 gRPCwebProxy 替代 Caddy 反代的话,请设置该变量并赋值为 `nginx` 或 `grpcwebproxy`> - NO_AUTO_RENEW=<选填,选填,选填! 如果不需要自动在线同步最新的 backup.sh 和 restore.sh,请设置该变量并赋值为 `1`> ``` @@ -249,6 +248,8 @@ tar czvf dashboard.tar.gz /dashboard |-- nezha.pem # SSL/TLS 证书文件 |-- cloudflared # Cloudflare Argo 隧道主程序 |-- grpcwebproxy # gRPC 反代主程序 +|-- caddy # Caddy 主程序 +|-- Caddyfile # Caddy 配置文件 `-- nezha-agent # 哪吒客户端,用于监控本地 localhost ``` diff --git a/README_EN.md b/README_EN.md index 9e73e3d..3bcdcf7 100644 --- a/README_EN.md +++ b/README_EN.md @@ -32,12 +32,11 @@ Documentation: English version | [中文版](https://github.com/fscarmen2/Argo-N * Argo tunnel breaks through the restriction of requiring a public network portal --- The traditional Nezha requires two public network ports, one for panel visiting and the other for client reporting, this project uses Cloudflare Argo tunnels and uses intranet tunneling. * IPv4 / v6 with higher flexibility --- The traditional Nezha needs to deal with IPv4/v6 compatibility between server and client, and also needs to resolve mismatches through tools such as warp. However, this project does not need to consider these issues at all, and can be docked arbitrarily, which is much more convenient and easy! * One Argo tunnel for multiple domains and protocols --- Create an intranet-penetrating Argo tunnel for three domains (hostname) and protocols, which can be used for panel access (http), client reporting (tcp) and ssh (optional). -* GrpcWebProxy reverse proxy gRPC data port --- with a certificate for tls termination, then Argo's tunnel configuration with https service pointing to this reverse proxy, enable http2 back to the source, grpc(nezha)->GrpcWebProxy->h2(argo)->cf cdn edge->agent +* Grpc Proxy reverse proxy gRPC data port --- with a certificate for tls termination, then Argo's tunnel configuration with https service pointing to this reverse proxy, enable http2 back to the source, grpc(nezha)->Grpc Proxy->h2(argo)->cf cdn edge->agent * Daily automatic backup --- every day at 04:00 BST, the entire Nezha panel folder is automatically backed up to a designated private github repository, including panel themes, panel settings, probe data and tunnel information, the backup retains nearly 5 days of data; the content is so important that it must be placed in the private repository. -* Automatic daily panel update -- the latest official panel version is automatically detected every day at 4:00 BST, and updated when there is an upgrade. +* Automatically update the control panel and scripts daily - Check for the latest official control panel version and backup/restore script at 04:00 every day. If an upgrade is available, perform an automatic update. * Manual/automatic restore backup --- check the content of online restore file once a minute, and restore immediately when there is any update. * Default built-in local probes --- can easily monitor their own server information -* More secure data --- Argo Tunnel uses TLS encrypted communication to securely transmit application traffic to the Cloudflare network, improving application security and reliability. In addition, Argo Tunnel protects against network threats such as IP leaks and DDoS attacks. image @@ -100,7 +99,7 @@ Variables used | GH_REPO | No | The github repository for backing up Nezha's server-side database files on github | | GH_EMAIL | No | github's mailbox for git push backups to remote repositories | | GH_PAT | No | github's PAT | - | REVERSE_PROXY_MODE | No | If you want to use gRPCwebProxy instead of nginx for reverse proxying, set this value to `grpcwebproxy` | + | REVERSE_PROXY_MODE | No | If you want to use Nginx or gRPCwebProxy instead of Caddy for reverse proxying, set this value to `nginx` or `grpcwebproxy` | | ARGO_AUTH | Yes | Argo Json from https://fscarmen.cloudflare.now.cc
Argo token from Cloudflare official website | | ARGO_DOMAIN | Yes | Argo domain | | NO_AUTO_RENEW | No | The latest backup and restore scripts are synchronized online regularly every day. If you don't need this feature, set this variable and assign it a value of `1` | @@ -137,7 +136,7 @@ docker run -dit \ -e ARGO_AUTH='' \ -e ARGO_DOMAIN= \ -e GH_BACKUP_USER= \ - -e REVERSE_PROXY_MODE= \ + -e REVERSE_PROXY_MODE= \ -e NO_AUTO_RENEW= fscarmen/argo-nezha ``` @@ -161,7 +160,7 @@ services. - ARGO_AUTH='' - ARGO_DOMAIN= - GH_BACKUP_USER= - - REVERSE_PROXY_MODE= + - REVERSE_PROXY_MODE= - NO_AUTO_RENEW= ``` @@ -251,6 +250,8 @@ tar czvf dashboard.tar.gz /dashboard |-- nezha.pem # SSL/TLS certificate file. |-- cloudflared # Cloudflare Argo tunnel main program. |-- grpcwebproxy # gRPC reverse proxy main program. +|-- caddy # Caddy main program. +|-- Caddyfile # Caddy config file. `-- nezha-agent # Nezha client, used to monitor the localhost. ``` diff --git a/dashboard.sh b/dashboard.sh index 49802ee..5242fa6 100644 --- a/dashboard.sh +++ b/dashboard.sh @@ -5,7 +5,7 @@ GH_PROXY=https://mirror.ghproxy.com/ WORK_DIR='/opt/nezha/dashboard' TEMP_DIR='/tmp/nezha' START_PORT='5000' -NEED_PORTS=3 # web , gRPC , gRPC proxy +NEED_PORTS=4 # web , gRPC , gRPC proxy, caddy http trap "rm -rf $TEMP_DIR; echo -e '\n' ;exit" INT QUIT TERM EXIT @@ -87,8 +87,8 @@ E[36]="Downloading the \${FAILED[*]} failed. Installation aborted. Feedback: [ht C[36]="下载 \${FAILED[*]} 失败,安装中止,问题反馈:[https://github.com/fscarmen2/Argo-Nezha-Service-Container/issues]" E[37]="Install Nezha's official VPS or docker version (https://github.com/naiba/nezha)" C[37]="安装哪吒官方 VPS 或 Docker 版本 (https://github.com/naiba/nezha)" -E[38]="Please choose gRPC proxy mode:\n 1. Nginx (default) \n 2. gRPCwebProxy" -C[38]="请选择 gRPC 代理模式:\n 1. Nginx (默认) \n 2. gRPCwebProxy" +E[38]="Please choose gRPC proxy mode:\n 1. Caddy (default)\n 2. Nginx\n 3. gRPCwebProxy" +C[38]="请选择 gRPC 代理模式:\n 1. Caddy (默认)\n 2. Nginx\n 3. gRPCwebProxy" E[39]="To uninstall Nginx press [y], it is not uninstalled by default:" C[39]="如要卸载 Nginx 请按 [y],默认不卸载:" E[40]="Default: enable automatic online synchronization of the latest backup.sh and restore.sh scripts. If you do not want this feature, enter [n]:" @@ -128,7 +128,7 @@ check_arch() { esac } -# 检查可用 port 函数,要求三个 +# 检查可用 port 函数,要求4个 check_port() { until [ "$START_PORT" -gt 65530 ]; do if [ "$SYSTEM" = 'Alpine' ]; then @@ -144,6 +144,7 @@ check_port() { GRPC_PROXY_PORT=${FREE_PORT[0]} WEB_PORT=${FREE_PORT[1]} GRPC_PORT=${FREE_PORT[2]} + CADDY_HTTP_PORT=${FREE_PORT[3]} else error "\n $(text 33) \n" fi @@ -156,9 +157,9 @@ check_install() { if [ "$STATUS" = "$(text 26)" ]; then { wget -qO $TEMP_DIR/cloudflared ${GH_PROXY}https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-$ARCH >/dev/null 2>&1 && chmod +x $TEMP_DIR/cloudflared >/dev/null 2>&1; }& { DASHBOARD_LATEST=$(wget -qO- "https://api.github.com/repos/naiba/nezha/releases/latest" | awk -F '"' '/"tag_name"/{print $4}' || echo 'v0.15.17') - wget -qO $TEMP_DIR/dashboard.zip ${GH_PROXY}https://github.com/naiba/nezha/releases/download/$DASHBOARD_LATEST/dashboard-linux-$ARCH.zip + wget -qO $TEMP_DIR/dashboard.zip ${GH_PROXY}https://github.com/naiba/nezha/releases/download/$DASHBOARD_LATEST/dashboard-linux-$ARCH.zip >/dev/null 2>&1 unzip -q $TEMP_DIR/dashboard.zip -d $TEMP_DIR 2>&1 - mv -f $TEMP_DIR/dist/dashboard-linux-$ARCH $TEMP_DIR/app; }& + mv -f $TEMP_DIR/dist/dashboard-linux-$ARCH $TEMP_DIR/app >/dev/null 2>&1; }& fi } @@ -285,9 +286,13 @@ dashboard_variables() { ARGO_DOMAIN=$(sed 's/[ ]*//g; s/:[ ]*//' <<< "$ARGO_DOMAIN") { certificate; }& - # 用户选择使用 Nginx 还是 grpcwebproxy 作 gRPC 反代,默认为 Nginx + # # 用户选择使用 gRPC 反代方式: Nginx / Caddy / grpcwebproxy,默认为 Caddy [ -z "$REVERSE_PROXY_MODE" ] && info "\n (6/11) $(text 38) \n" && reading " $(text 24) " REVERSE_PROXY_CHOOSE - [ "$REVERSE_PROXY_CHOOSE" = 2 ] && REVERSE_PROXY_MODE=grpcwebproxy || REVERSE_PROXY_MODE=nginx + case "$REVERSE_PROXY_CHOOSE" in + 2 ) REVERSE_PROXY_MODE=nginx ;; + 3 ) REVERSE_PROXY_MODE=grpcwebproxy ;; + * ) REVERSE_PROXY_MODE=caddy ;; + esac [[ -z "$GH_USER" || -z "$GH_CLIENTID" || -z "$GH_CLIENTSECRET" || -z "$ARGO_AUTH" || -z "$ARGO_DOMAIN" ]] && error "\n $(text 18) " @@ -311,8 +316,28 @@ install() { hint "\n $(text 25) " - # 根据 grpcwebproxy 或 nginx 作处理 - if [ "$REVERSE_PROXY_MODE" = 'nginx' ]; then + # 根据 caddy,grpcwebproxy 或 nginx 作处理 + if [ "$REVERSE_PROXY_MODE" = 'caddy' ]; then + local CADDY_LATEST=$(wget -qO- "https://api.github.com/repos/caddyserver/caddy/releases/latest" | awk -F [v\"] '/"tag_name"/{print $5}' || echo '2.7.6') + wget -c ${GH_PROXY}https://github.com/caddyserver/caddy/releases/download/v${CADDY_LATEST}/caddy_${CADDY_LATEST}_linux_${ARCH}.tar.gz -qO- | tar xz -C $TEMP_DIR caddy >/dev/null 2>&1 + GRPC_PROXY_RUN="$WORK_DIR/caddy run --config $WORK_DIR/Caddyfile --watch" + cat > $TEMP_DIR/Caddyfile << EOF +{ + http_port $CADDY_HTTP_PORT +} + +:$GRPC_PROXY_PORT { + reverse_proxy { + to localhost:$GRPC_PORT + transport http { + versions h2c 2 + } + } + tls $WORK_DIR/nezha.pem $WORK_DIR/nezha.key +} +EOF + + elif [ "$REVERSE_PROXY_MODE" = 'nginx' ]; then [ ! $(type -p nginx) ] && ${PACKAGE_INSTALL[int]} nginx GRPC_PROXY_RUN="nginx -c $WORK_DIR/nginx.conf" cat > $TEMP_DIR/nginx.conf << EOF @@ -358,13 +383,20 @@ EOF for f in ${TEMP_DIR}/{cloudflared,app,nezha.key,nezha.csr,nezha.pem}; do [ ! -s "$f" ] && FAILED+=("${f//${TEMP_DIR}\//}") done - [ "$REVERSE_PROXY_MODE" = 'grpcwebproxy' ] && [ ! -s $TEMP_DIR/grpcwebproxy ] && FAILED+=("grpcwebproxy") + case "$REVERSE_PROXY_MODE" in + caddy ) [ ! -s $TEMP_DIR/caddy ] && FAILED+=("caddy") ;; + grpcwebproxy ) [ ! -s $TEMP_DIR/grpcwebproxy ] && FAILED+=("grpcwebproxy") ;; + esac [ "${#FAILED[@]}" -gt 0 ] && error "\n $(text 36) " # 从临时文件夹复制已下载的所有到工作文件夹 [ ! -d ${WORK_DIR}/data ] && mkdir -p ${WORK_DIR}/data cp -r $TEMP_DIR/{app,cloudflared,nezha.*} $WORK_DIR - [ "$REVERSE_PROXY_MODE" = 'nginx' ] && cp -f $TEMP_DIR/nginx.conf $WORK_DIR || cp -f $TEMP_DIR/grpcwebproxy $WORK_DIR + case "$REVERSE_PROXY_MODE" in + caddy ) cp -f $TEMP_DIR/caddy $TEMP_DIR/Caddyfile $WORK_DIR ;; + nginx ) cp -f $TEMP_DIR/nginx.conf $WORK_DIR ;; + grpcwebproxy ) cp -f $TEMP_DIR/grpcwebproxy $WORK_DIR ;; + esac rm -rf $TEMP_DIR # 根据参数生成哪吒服务端配置文件 @@ -436,23 +468,18 @@ EOF cat > ${WORK_DIR}/run.sh << EOF #!/usr/bin/env bash SYSTEM=$SYSTEM -REVERSE_PROXY_MODE=$REVERSE_PROXY_MODE if [ "\$1" = 'start' ]; then cd ${WORK_DIR} - $GRPC_PROXY_RUN + $GRPC_PROXY_RUN >/dev/null 2>&1 & - nohup ${WORK_DIR}/app >/dev/null 2>&1 & + ${WORK_DIR}/app >/dev/null 2>&1 & $ARGO_RUN elif [ "\$1" = 'stop' ]; then - if [ "\$REVERSE_PROXY_MODE" = 'nginx' ]; then - [ "\$SYSTEM" = 'Alpine' ] && ps -ef | awk '/\/opt\/nezha\/dashboard\/(cloudflared|grpcwebproxy|app)/{print \$1}' | xargs kill -9 || ps -ef | awk '/\/opt\/nezha\/dashboard\/(cloudflared|grpcwebproxy|app)/{print \$2}' | xargs kill -9 - elif [ "\$REVERSE_PROXY_MODE" = 'grpcwebproxy' ]; then - [ "\$SYSTEM" = 'Alpine' ] && ps -ef | awk '/\/opt\/nezha\/dashboard\/(cloudflared|app)/{print \$1}' | xargs kill -9 || ps -ef | awk '/\/opt\/nezha\/dashboard\/(cloudflared|app)/{print \$2}' | xargs kill -9 - fi + [ "\$SYSTEM" = 'Alpine' ] && ps -ef | awk '/\/opt\/nezha\/dashboard\/(cloudflared|grpcwebproxy|caddy|app)/{print \$1}' | xargs kill -9 || ps -ef | awk '/\/opt\/nezha\/dashboard\/(cloudflared|grpcwebproxy|caddy|app)/{print \$2}' | xargs kill -9 fi EOF diff --git a/init.sh b/init.sh index d745073..71e47d3 100644 --- a/init.sh +++ b/init.sh @@ -3,12 +3,16 @@ # 首次运行时执行以下流程,再次运行时存在 /etc/supervisor/conf.d/damon.conf 文件,直接到最后一步 if [ ! -s /etc/supervisor/conf.d/damon.conf ]; then - # 设置 Github CDN + # 设置 Github CDN 及若干变量 GH_PROXY=https://mirror.ghproxy.com/ + GRPC_PROXY_PORT=443 + GRPC_PORT=5555 + WEB_PORT=80 + CADDY_HTTP_PORT=2052 + WORK_DIR=/dashboard # 如不分离备份的 github 账户,默认与哪吒登陆的 github 账户一致 GH_BACKUP_USER=${GH_BACKUP_USER:-$GH_USER} - WORK_DIR=/dashboard error() { echo -e "\033[31m\033[01m$*\033[0m" && exit 1; } # 红色 info() { echo -e "\033[32m\033[01m$*\033[0m"; } # 绿色 @@ -35,12 +39,12 @@ if [ ! -s /etc/supervisor/conf.d/damon.conf ]; then * ) error " $(text 2) " esac - # 用户选择使用 Nginx 还是 grpcwebproxy 作 gRPC 反代,默认为 nginx;如需使用 grpcwebproxy,把 REVERSE_PROXY_MODE 的值设为 grpcwebproxy + # 用户选择使用 gRPC 反代方式: Nginx / Caddy / grpcwebproxy,默认为 Caddy;如需使用 grpcwebproxy,把 REVERSE_PROXY_MODE 的值设为 nginx 或 grpcwebproxy if [ "$REVERSE_PROXY_MODE" = 'grpcwebproxy' ]; then wget -c ${GH_PROXY}https://github.com/fscarmen2/Argo-Nezha-Service-Container/releases/download/grpcwebproxy/grpcwebproxy_linux_$ARCH.tar.gz -qO- | tar xz -C $WORK_DIR chmod +x $WORK_DIR/grpcwebproxy - GRPC_PROXY_RUN="$WORK_DIR/grpcwebproxy --server_tls_cert_file=$WORK_DIR/nezha.pem --server_tls_key_file=$WORK_DIR/nezha.key --server_http_tls_port=443 --backend_addr=localhost:5555 --backend_tls_noverify --server_http_max_read_timeout=300s --server_http_max_write_timeout=300s" - else + GRPC_PROXY_RUN="$WORK_DIR/grpcwebproxy --server_tls_cert_file=$WORK_DIR/nezha.pem --server_tls_key_file=$WORK_DIR/nezha.key --server_http_tls_port=$GRPC_PROXY_PORT --backend_addr=localhost:$GRPC_PORT --backend_tls_noverify --server_http_max_read_timeout=300s --server_http_max_write_timeout=300s" + elif [ "$REVERSE_PROXY_MODE" = 'nginx' ]; then GRPC_PROXY_RUN='nginx -g "daemon off;"' cat > /etc/nginx/nginx.conf << EOF user www-data; @@ -53,11 +57,11 @@ events { } http { upstream grpcservers { - server localhost:5555; + server localhost:$GRPC_PORT; keepalive 1024; } server { - listen 127.0.0.1:443 ssl http2; + listen 127.0.0.1:$GRPC_PROXY_PORT ssl http2; server_name $ARGO_DOMAIN; ssl_certificate $WORK_DIR/nezha.pem; ssl_certificate_key $WORK_DIR/nezha.key; @@ -72,6 +76,25 @@ http { error_log /dev/null; } } +EOF + else + CADDY_LATEST=$(wget -qO- "https://api.github.com/repos/caddyserver/caddy/releases/latest" | awk -F [v\"] '/"tag_name"/{print $5}' || echo '2.7.6') + wget -c ${GH_PROXY}https://github.com/caddyserver/caddy/releases/download/v${CADDY_LATEST}/caddy_${CADDY_LATEST}_linux_${ARCH}.tar.gz -qO- | tar xz -C $WORK_DIR caddy + GRPC_PROXY_RUN="$WORK_DIR/caddy run --config $WORK_DIR/Caddyfile --watch" + cat > $WORK_DIR/Caddyfile << EOF +{ + http_port $CADDY_HTTP_PORT +} + +:$GRPC_PROXY_PORT { + reverse_proxy { + to localhost:$GRPC_PORT + transport http { + versions h2c 2 + } + } + tls $WORK_DIR/nezha.pem $WORK_DIR/nezha.key +} EOF fi @@ -89,11 +112,11 @@ EOF [ ! -d data ] && mkdir data cat > ${WORK_DIR}/data/config.yaml << EOF Debug: false -HTTPPort: 80 +HTTPPort: $WEB_PORT Language: zh-CN -GRPCPort: 5555 +GRPCPort: $GRPC_PORT GRPCHost: $ARGO_DOMAIN -ProxyGRPCPort: 443 +ProxyGRPCPort: $GRPC_PROXY_PORT TLS: true Oauth2: Type: "github" #Oauth2 登录接入类型,github/gitlab/jihulab/gitee/gitea ## Argo-容器版本只支持 github @@ -126,7 +149,7 @@ protocol: http2 ingress: - hostname: $ARGO_DOMAIN - service: https://localhost:443 + service: https://localhost:$GRPC_PROXY_PORT path: /proto.NezhaService/* originRequest: http2Origin: true @@ -135,7 +158,7 @@ ingress: service: ssh://localhost:22 path: /$GH_CLIENTID/* - hostname: $ARGO_DOMAIN - service: http://localhost:80 + service: http://localhost:$WEB_PORT - service: http_status:404 EOF @@ -236,7 +259,7 @@ stderr_logfile=/dev/null stdout_logfile=/dev/null [program:agent] -command=$WORK_DIR/nezha-agent -s localhost:5555 -p abcdefghijklmnopqr +command=$WORK_DIR/nezha-agent -s localhost:$GRPC_PORT -p abcdefghijklmnopqr autostart=true autorestart=true stderr_logfile=/dev/null