优点:cool,适合强迫症患者
原理:哪吒探针的rpc请求都具有相同的一段path,因此可通过path进行分流,nginx,caddy,cf tunnel都支持。可以通过cf waf规则拦截请求来找到具体的path。
我们采用/proto.NezhaService/这一段path来分流,通过配置使路径带/proto.NezhaService/的请求发送到哪吒监控端的rpc端口,其它请求则发送到面板端口
nginx配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
upstream grpcservers {
server localhost:5555;
keepalive 1024;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name demo.com;
ssl_certificate /opt/nezha/nezha.pem;
ssl_certificate_key /opt/nezha/nezha.key;
underscores_in_headers on;
location / {
proxy_pass http://localhost:80;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
}
location ~ ^/(ws|terminal/. )$ {
proxy_pass http://localhost:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
}
location ^~ /proto.NezhaService/ {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_socket_keepalive on;
grpc_pass grpc://grpcservers;
}
}
}
如果使用cf tunnel,由于cf tunnel是从上往下匹配的,注意将/proto.NezhaService/转发放在上面,否则会得到404报错
太厉害了,必须支持
支持