nezha/docs/UserGuide_en.md

361 lines
14 KiB
Markdown
Raw Normal View History

2022-04-29 11:53:02 -04:00
# User Guide
2022-04-29 14:10:49 -04:00
## install script
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
**Recommended configuration** Preparation before installation _Two domains_one can **access CDN** as _Public Access_for example (status.nai.ba)Another one resolves to the panel server as Agent connect Dashboard use**can't access CDN** Direct exposure panel host IPfor exampleip-to-dashboard.nai.ba
2022-04-29 11:53:02 -04:00
```shell
curl -L https://raw.githubusercontent.com/naiba/nezha/master/script/install_en.sh -o nezha.sh && chmod +x nezha.sh
sudo ./nezha.sh
```
2022-04-29 14:10:49 -04:00
_\* use WatchTower Panels can be updated automaticallyWindows terminal can use nssm configure autostart_
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
**Windows -A key installation Agent please use Powershell admin rights**
2022-04-29 11:53:02 -04:00
```powershell
set-ExecutionPolicy RemoteSigned;Invoke-WebRequest https://raw.githubusercontent.com/naiba/nezha/master/script/install.ps1 -OutFile C:\install.ps1;powershell.exe C:\install.ps1 dashboard_host:grpc_port secret
```
2022-04-29 14:10:49 -04:00
_In case of confirmation「Implement policy changes」please choose Y_
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
### Agent customize
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
#### Custom monitoring of network cards and hard disk partitions
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
implement `/opt/nezha/agent/nezha-agent --edit-agent-config` to select custom NICs and partitionsthen reboot just agent
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
#### Operating parameters
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
by executing `./nezha-agent --help` View supported parametersIf you use one-click scriptingcan be edited `/etc/systemd/system/nezha-agent.service`exist `ExecStart=` At the end of this line add
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- `--report-delay` System information reporting intervalThe default is 1 Secondcan be set to 3 to further reduce agent End-system resource usageConfiguration interval 1-4
2022-04-30 03:41:06 -04:00
- `--skip-conn` Do not monitor the number of connectionsif vpn-gateway/connection-intensive machines High CPU usageRecommended settings
2022-04-29 14:10:49 -04:00
- `--skip-procs` Do not monitor the number of processescan also be reduced agent occupy
- `--disable-auto-update` prohibit **auto update** Agentsafety features
- `--disable-force-update` prohibit **Force update** Agentsafety features
- `--disable-command-execute` prohibited in Agent Execute scheduled tasks on the machine、Open online terminalsafety features
- `--tls` enable SSL/TLS encryptionuse nginx reverse proxy Agent of grpc connectand nginx turn on SSL/TLS TimeThis configuration needs to be enabled
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
## Function Description
2022-04-29 11:53:02 -04:00
<details>
2022-04-29 14:10:49 -04:00
<summary>Scheduled Tasksbackup script、service restartand other periodic operation and maintenance tasks。</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
Use this feature to periodically combine restic、rclone back up the serverOr periodically restart some service to reset the network connection。
2022-04-29 11:53:02 -04:00
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>Alarm notificationReal-time monitoring of load, CPU, memory, hard disk, bandwidth, traffic, monthly traffic, number of processes, and number of connections。</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
#### Flexible notification methods
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
`#NEZHA#` is the panel message placeholderThe panel will automatically replace the placeholder with the actual message when the notification is triggered
2022-04-29 11:53:02 -04:00
2022-04-30 03:41:06 -04:00
Body content is`JSON` formatted**when the request type is FORM Time**value is `key:value` form`value` Placeholders can be placed insideAutomatically replace when notified。**when the request type is JSON** It will only be submitted directly to the`URL`。
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
URL Placeholders can also be placed insideSimple string replacement is done when requested。
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
Refer to the example belowvery flexible。
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
1. Add notification method
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- telegram Example [@haitau](https://github.com/haitau) contribute
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- nametelegram Robot message notification
2022-04-29 11:53:02 -04:00
- URL<https://api.telegram.org/botXXXXXX/sendMessage?chat_id=YYYYYY&text=#NEZHA>#
2022-04-29 14:10:49 -04:00
- request method: GET
- request type: default
- Body: null
2022-04-30 03:41:06 -04:00
- URL Parameter acquisition instructionsbotXXXXXX Neutral XXXXXX is in telegram Follow the official @Botfather enter/newbot Create new botbotTimewill provide tokenin prompt Use this token to access the HTTP API:next linehere 'bot' Three letters are indispensable. After bot created, You need to chat with the BOT to have a conversationJust send a messagethen available API Send a message. YYYYYY is telegram user's number ID。with the robot @userinfobot Dialogue is available。
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
2. Add an offline alarm
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- nameOffline notifications
- rule`[{"Type":"offline","Duration":10}]`
- enable
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
3. add a monitor CPU continued 10s Exceed 50% **and** memory persistent 20s Occupied less than 20% the alarm
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- nameCPU+RAM
- rule`[{"Type":"cpu","Min":0,"Max":50,"Duration":10},{"Type":"memory","Min":20,"Max":0,"Duration":20}]`
- enable
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
#### Description of alarm rules
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
##### basic rules
2022-04-29 11:53:02 -04:00
- type
- `cpu`、`memory`、`swap`、`disk`
2022-04-29 14:10:49 -04:00
- `net_in_speed` Inbound speed、`net_out_speed` Outbound speed、`net_all_speed` two-way speed、`transfer_in` Inbound traffic、`transfer_out` Outbound traffic、`transfer_all` bidirectional traffic
- `offline` Offline monitoring
- `load1`、`load5`、`load15` load
- `process_count` number of processes _Currently fetching threads takes up too many resourcesTemporarily not supported_
- `tcp_conn_count`、`udp_conn_count` number of connections
- durationduration in secondsSampling records in seconds 30% The above trigger threshold will only alarmAnti-Data Pin
2022-04-29 11:53:02 -04:00
- min/max
2022-04-29 14:10:49 -04:00
- flow、Network speed class value as bytes1KB=1024B1MB = 1024\*1024B
2022-04-30 03:41:06 -04:00
- memory、hard disk、CPU occupancy percentage
2022-04-29 14:10:49 -04:00
- Offline monitoring without setup
2022-04-29 11:53:02 -04:00
- cover `[{"type":"offline","duration":10, "cover":0, "ignore":{"5": true}}]`
2022-04-29 14:10:49 -04:00
- `0` monitor allpass `ignore` ignore specific server
- `1` ignore allpass `ignore` Monitor specific servers
- ignore: `{"1": true, "2":false}` specific servermatch `cover` use
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
##### specialArbitrary cycle flow alarm
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
Can be used as monthly flow alarm
2022-04-29 11:53:02 -04:00
- type
2022-04-29 14:10:49 -04:00
- transfer_in_cycle Inbound traffic during the period
- transfer_out_cycle Outbound traffic during the period
- transfer_all_cycle Bidirectional flow in cycles and
- cycle_start Fiscal Period Start DateCan be the start date of your machine billing cycleRFC3339 Time formatFor example, Beijing time is`2022-01-11T08:00:00.00+08:00`
- cycle_interval How many cycle units every (for example, if the cycle unit is days, the value is 7, which means that the statistics will be counted every 7 days
- cycle_unit Statistical period unit, default `hour`, optional(`hour`, `day`, `week`, `month`, `year`)
- min/max、cover、ignore Refer to Basic Rules Configuration
- Example: ID for 3 the machineignore inside the definitionof monthly 15 outbound monthly traffic billed 1T Call the police `[{"type":"transfer_out_cycle","max":1000000000000,"cycle_start":"2022-01-11T08:00:00.00+08:00","cycle_interval":1,"cycle_unit":"month","cover":1,"ignore":{"3":true}}]`
2022-04-29 11:53:02 -04:00
![7QKaUx.md.png](https://s4.ax1x.com/2022/01/13/7QKaUx.md.png)
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>service monitoringHTTP、SSL certificate、ping、TCP port etc。</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
Enter `/monitor` Click to create a new monitor on the pageInstructions are below the form。
2022-04-29 11:53:02 -04:00
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>custom codeChange the logo、change color、Add statistical code, etc.。</summary>
2022-04-29 11:53:02 -04:00
**Effective only on the visitor's home page.**
2022-04-29 14:10:49 -04:00
- Default theme changing progress bar color example
2022-04-29 11:53:02 -04:00
```html
<style>
.ui.fine.progress> .bar {
background-color: pink !important;
}
</style>
```
2022-04-29 14:10:49 -04:00
- DayNight Example of theme changing progress bar color, modifying footerfrom [@hyt-allen-xu](https://github.com/hyt-allen-xu)
2022-04-29 11:53:02 -04:00
```html
<style>
.ui.fine.progress> .progress-bar {
background-color: #00a7d0 !important;
}
</style>
<script>
window.onload = function(){
var footer=document.querySelector("div.footer-container")
2022-04-29 14:10:49 -04:00
footer.innerHTML="©2021 "your name" & Powered by "your name"
2022-04-29 11:53:02 -04:00
footer.style.visibility="visible"
}
</script>
```
2022-04-29 14:10:49 -04:00
- Default theme modification LOGO、Modify footer examplefrom [@iLay1678](https://github.com/iLay1678)
2022-04-29 11:53:02 -04:00
```html
<style>
.right.menu>a{
visibility: hidden;
}
.footer .is-size-7{
visibility: hidden;
}
.item img{
visibility: hidden;
}
</style>
<script>
window.onload = function(){
var avatar=document.querySelector(".item img")
var footer=document.querySelector("div.is-size-7")
2022-04-29 14:10:49 -04:00
footer.innerHTML="Powered by your name"
2022-04-29 11:53:02 -04:00
footer.style.visibility="visible"
2022-04-29 14:10:49 -04:00
avatar.src="your square logo address"
2022-04-29 11:53:02 -04:00
avatar.style.visibility="visible"
}
</script>
```
2022-04-29 14:10:49 -04:00
- hotaru Theme change background image example
2022-04-29 11:53:02 -04:00
```html
<style>
.hotaru-cover {
background: url(https://s3.ax1x.com/2020/12/08/DzHv6A.jpg) center;
}
</style>
```
</details>
2022-04-29 14:10:49 -04:00
## common problem
2022-04-29 11:53:02 -04:00
<details>
2022-04-29 14:10:49 -04:00
<summary>How to perform data migration、Backup and restore</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
1. First use one-click script `stop panel`
2. Pack `/opt/nezha` folder, to the same location in the new environment
3. Use one-click script `Launchpad`
2022-04-29 11:53:02 -04:00
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>Agent Start/Go Online Problem Self-Check Process</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
1. direct execution `/opt/nezha/agent/nezha-agent -s Panel IP or non-CDN domain name:Panel RPC port -p Agent key -d` Check if the log is DNS、Poor network causes timeouttimeout question。
2. `nc -v domain name/IP Panel RPC port` or `telnet domain name/IP Panel RPC port` Check if it is a network problemCheck local and panel server inbound and outbound firewallsIf the single machine cannot judge, you can use the <https://port.ping.pe/> Provided port inspection tool for detection。
3. If the above steps detect normalAgent normal onlinetry to close SELinux[how to close SELinux](https://www.google.com/search?q=%E5%85%B3%E9%97%ADSELINUX)
2022-04-29 11:53:02 -04:00
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>how to make Legacy OpenWRT/LEDE self-start</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
refer to this project: <https://github.com/Erope/openwrt_nezha>
2022-04-29 11:53:02 -04:00
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>how to make New version of OpenWRT self-startvia @esdes</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
first in release Download the corresponding binary decompression zip After the package is placed in `/root`Then `chmod +x /root/nezha-agent` give execute permissionthen create `/etc/init.d/nezha-service`
2022-04-29 11:53:02 -04:00
```shell
#!/bin/sh /etc/rc.common
START=99
USE_PROCD=1
start_service() {
procd_open_instance
2022-04-29 14:10:49 -04:00
procd_set_param command /root/nezha-agent -s Panel URL:receive port -p unique key -d
2022-04-29 11:53:02 -04:00
procd_set_param respawn
procd_close_instance
}
stop_service() {
killall nezha-agent
}
restart() {
stop
sleep 2
start
}
```
2022-04-29 14:10:49 -04:00
give execute permission `chmod +x /etc/init.d/nezha-service` then start the service `/etc/init.d/nezha-service enable && /etc/init.d/nezha-service start`
2022-04-29 11:53:02 -04:00
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>Live channel disconnected/Online terminal connection failed</summary>
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
When using a reverse proxy, you need to target `/ws`,`/terminal` path WebSocket Specially configured to support real-time server status updates and **WebSSH**
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- Nginx(Aapanel/Pagoda)At your nginx Add the following code to the configuration file
2022-04-29 11:53:02 -04:00
```nginx
server{
2022-04-29 14:10:49 -04:00
#some original configuration
2022-04-29 11:53:02 -04:00
#server_name blablabla...
location ~ ^/(ws|terminal/.+)$ {
2022-04-29 14:10:49 -04:00
proxy_pass http://ip:site access port;
2022-04-29 11:53:02 -04:00
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
2022-04-29 14:10:49 -04:00
#others location blablabla...
2022-04-29 11:53:02 -04:00
}
```
2022-04-30 03:41:06 -04:00
If not a Aapanel/Pagoda, still in `server{}` add this paragraph
2022-04-29 11:53:02 -04:00
```nginx
location / {
2022-04-29 14:10:49 -04:00
proxy_pass http://ip:site access port;
2022-04-29 11:53:02 -04:00
proxy_set_header Host $host;
}
```
2022-04-29 14:10:49 -04:00
- CaddyServer v1v2 No special configuration required
2022-04-29 11:53:02 -04:00
```Caddyfile
proxy /ws http://ip:8008 {
websocket
}
proxy /terminal/* http://ip:8008 {
websocket
}
```
</details>
<details>
2022-04-29 14:10:49 -04:00
<summary>reverse proxy gRPC portsupport Cloudflare CDN</summary>
use Nginx or Caddy reverse proxy gRPC
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- Nginx configure
2022-04-29 11:53:02 -04:00
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
2022-04-29 14:10:49 -04:00
server_name ip-to-dashboard.nai.ba; # yours Agent connect Dashboard's domain name
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
ssl_certificate /data/letsencrypt/fullchain.pem; # your domain certificate path
ssl_certificate_key /data/letsencrypt/key.pem; # Your domain name private key path
2022-04-29 11:53:02 -04:00
underscores_in_headers on;
location / {
grpc_read_timeout 300s;
grpc_send_timeout 300s;
grpc_pass grpc://localhost:5555;
}
}
```
2022-04-29 14:10:49 -04:00
- Caddy configure
2022-04-29 11:53:02 -04:00
```Caddyfile
2022-04-29 14:10:49 -04:00
ip-to-dashboard.nai.ba:443 { # yours Agent connect Dashboard's domain name
2022-04-29 11:53:02 -04:00
reverse_proxy {
to localhost:5555
transport http {
versions h2c 2
}
}
}
```
2022-04-29 14:10:49 -04:00
Dashboard Panel side configuration
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- First log in to the panel to enter the management background Open the settings pageexist `Panel server domain name that is not connected to CDN/IP` Fill in the previous step in Nginx or Caddy domain name configured in for example `ip-to-dashboard.nai.ba` and save。
- then in the panel serverOpen /opt/nezha/dashboard/data/config.yaml 文件,将 `proxygrpcport` change into Nginx or Caddy listening portor as set in the previous step `443` because we are Nginx or Caddy turned on SSL/TLSSo it is necessary to `tls` Set as `true` Restart the panel after modification is complete。
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
Agent end configuration
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- Login panel management backgroundCopy the one-click install commandExecute the one-click installation command on the corresponding server to reinstall agent end。
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
turn on Cloudflare CDNoptional
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
according to Cloudflare gRPC requirementsgRPC Service must listen 443 port and must support TLS and HTTP/2。
So if you need to turn it on CDNmust be configured Nginx or Caddy reverse proxy gRPC use when 443 portand configure the certificateCaddy Will automatically apply and configure the certificate
2022-04-29 11:53:02 -04:00
2022-04-29 14:10:49 -04:00
- Log in CloudflareChoose a domain name to use。Open `The internet` option will `gRPC` switch onOpen `DNS` optionsturn up Nginx or Caddy Anti-generation gRPC The resolution record of the configured domain nameOpen Orange Cloud Enable CDN。
2022-04-29 11:53:02 -04:00
</details>