├── .gitattributes ├── .env ├── compose.yml ├── conf.d └── main.conf └── readme.md /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.env: -------------------------------------------------------------------------------- 1 | TUNNEL_TOKEN=eyJhIjoiMWFmODZjMzNiY 2 | TELEGRAM_BOT_TOKEN=7654321:ABCDEFG 3 | TELEGRAM_CHAT_ID=7654321 4 | GITHUB_USER=xxx 5 | GITHUB_TOKEN=xxxxx 6 | GIT_REMOTE_URL=https://github.com/xxx/xxx.git 7 | CRON_SCHEDULE=0 */4 * * * -------------------------------------------------------------------------------- /compose.yml: -------------------------------------------------------------------------------- 1 | x-logging: 2 | &default-logging 3 | driver: "json-file" 4 | options: 5 | max-size: "10m" 6 | max-file: "2" 7 | services: 8 | dashboard: 9 | image: ghcr.io/nezhahq/nezha 10 | restart: always 11 | volumes: 12 | - ./data:/dashboard/data 13 | logging: *default-logging 14 | 15 | nginx: 16 | image: nginx:stable-alpine 17 | restart: always 18 | volumes: 19 | - ./conf.d:/etc/nginx/conf.d 20 | depends_on: 21 | - dashboard 22 | logging: *default-logging 23 | 24 | tunnel: 25 | image: cloudflare/cloudflared 26 | restart: always 27 | command: tunnel run --protocol http2 28 | environment: 29 | - TUNNEL_TOKEN 30 | depends_on: 31 | - dashboard 32 | logging: *default-logging 33 | 34 | # watchtower: 35 | # image: containrrr/watchtower 36 | # restart: always 37 | # volumes: 38 | # - /var/run/docker.sock:/var/run/docker.sock 39 | # environment: 40 | # - WATCHTOWER_DEBUG=true 41 | # - WATCHTOWER_CLEANUP=true 42 | # - WATCHTOWER_NOTIFICATIONS=shoutrrr 43 | # - WATCHTOWER_NOTIFICATION_URL=telegram://${TELEGRAM_BOT_TOKEN}@telegram?chats=${TELEGRAM_CHAT_ID} 44 | # - WATCHTOWER_POLL_INTERVAL=600 45 | # logging: *default-logging 46 | 47 | # backup: 48 | # image: ghcr.io/yumusb/autobackup:latest 49 | # restart: always 50 | # volumes: 51 | # - ./:/app 52 | # environment: 53 | # - GITHUB_USER 54 | # - GITHUB_TOKEN 55 | # - GIT_REMOTE_URL 56 | # - CRON_SCHEDULE -------------------------------------------------------------------------------- /conf.d/main.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | http2 on; 4 | server_name _; 5 | 6 | underscores_in_headers on; 7 | set_real_ip_from 0.0.0.0/0; 8 | real_ip_header CF-Connecting-IP; 9 | 10 | keepalive_time 24h; 11 | keepalive_requests 100000; 12 | keepalive_timeout 120s; 13 | 14 | location ^~ /proto.NezhaService/ { 15 | grpc_set_header Host $host; 16 | grpc_set_header nz-realip $http_cf_connecting_ip; 17 | grpc_read_timeout 600s; 18 | grpc_send_timeout 600s; 19 | #grpc_socket_keepalive on; 20 | client_max_body_size 10m; 21 | grpc_buffer_size 4m; 22 | grpc_pass grpc://dashboard:8008; 23 | } 24 | location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ { 25 | proxy_set_header Host $host; 26 | proxy_set_header nz-realip $http_cf_connecting_ip; 27 | proxy_set_header Origin https://$host; 28 | proxy_set_header Upgrade $http_upgrade; 29 | proxy_set_header Connection "upgrade"; 30 | proxy_read_timeout 3600s; 31 | proxy_send_timeout 3600s; 32 | proxy_pass http://dashboard:8008; 33 | } 34 | 35 | location / { 36 | proxy_set_header Host $host; 37 | proxy_set_header nz-realip $http_cf_connecting_ip; 38 | proxy_read_timeout 3600s; 39 | proxy_send_timeout 3600s; 40 | proxy_buffer_size 128k; 41 | proxy_buffers 4 256k; 42 | proxy_busy_buffers_size 256k; 43 | proxy_max_temp_file_size 0; 44 | proxy_pass http://dashboard:8008; 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # 哪吒v1 Docker CloudFlare Tunnel版 2 | 无需公网IP,全程都在CF下,项目优势: 3 | 1. 不暴露公网ip 防止被攻击 4 | 2. 单栈转双栈 ipv4 ipv6 都能用 纯ipv6 也方便挂探针 5 | 3. 除境内网络外 走cf基本都优化 6 | 4. 开箱即用 迁移备份方便 7 | ## Dashboard安装 8 | 1. 安装好docker 9 | 1. 申请 CloudFlare Tunnel Token 10 | https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ 11 | 2. CloudFlare开启GRPC流量代理 12 | https://developers.cloudflare.com/network/grpc-connections/ 13 | 3. 启动服务 14 | ```shell 15 | git clone https://github.com/yumusb/nezha-new.git 16 | ``` 17 | 编辑 .env 文件中的 TUNNEL_TOKEN 为自己申请的 18 | ```shell 19 | docker compose up -d 20 | ``` 21 | 5. 服务端映射到CF 22 | CloudFlare Tunnel管理页 https://one.dash.cloudflare.com/ 加1个Public hostname 指向 `http://nginx:80` 23 | 6. (可选)探针IP加到CF拦截白名单 24 | 由于探针上报日志频繁,且VPS的IP质量参差不齐,可能会被CF误拦截导致无法正常工作。可以添加白名单。 25 | 操作路径:安全性-WAF-工具 26 | 或者参考文档 27 | https://developers.cloudflare.com/waf/tools/ip-access-rules/ 28 | 7. (可选)配置自动更新 29 | watchtower相关的注释都禁用掉,修改.env里面的 `TELEGRAM_BOT_TOKEN`、 `TELEGRAM_CHAT_ID` 以实现更新通知。 30 | 8. (可选)自动备份到Github 31 | backup相关的注释都禁用掉,修改.env里面的`GITHUB_USER`、 `GITHUB_TOKEN`、`GIT_REMOTE_URL`、`CRON_SCHEDULE` 以实现自动备份到Github。 32 | ## Dashboard配置 33 | /dashboard/settings 里面设置一下 34 | 1. Agent对接地址【域名/IP:端口】 35 | 上面的 Public hostname:443,`Agent 使用 TLS 连接`打勾 36 | 2. 真实IP请求头 37 | 可以写`nz-realip`或者`CF-Connecting-IP` 38 | 39 | ## Dashboard更新 40 | 进入你的项目目录下(compose.yml同级) 41 | ```shell 42 | docker compose pull 43 | docker compose up -d 44 | ``` 45 | ## AGENT 46 | dashboard右上角复制安装命令,注意手动修改参数中的8008端口为443(如果你没有修改Agent对接地址),TLS改为True(如果你没有将配置文件中的 TLS设置为True)。 47 | ## DOCKER 安装 AGENT(可选) 48 | ...晚点写 49 | ## 其他 50 | 后台地址 /dashboard 51 | 默认密码 admin/admin 52 | --------------------------------------------------------------------------------