轻量化监控nezha部署手册

记录部署nezha监控 的过程

部署服务

一站式轻监控轻运维系统nezha（上篇）

一站式轻监控轻运维系统nezha（下篇）

准备工作 | 哪吒监控

不同于上面文章中使用的Oauth2认证方式, 如Github/Gitee等, 我这是计划采用Gitea+Nezha的方式, 实现完全私有化部署

域名准备

使用群晖的DNS服务器提供域名解析服务, 设置一个域名用于解析OAuth2认证的回调请求

域名	局域网地址	备注
https://nezha.chowrex.com	http://10.0.0.254:30018	nezha 面板的访问地址

获取Gitea的OAuth2应用

按照如下图所示, 创建OAuth2应用

创建OAuth2应用

记录如下图返回的客户端ID(①)和客户端密钥(②)

记录客户端ID和客户端密钥

获取哪吒面板的Docker镜像

根据@杨浦老苏博主的文章, Docker镜像地址来源为: Package nezha-dashboard, 不过我翻遍了哪吒的官方文档, 没有任何一处提到了这个Github地址, 但是确实是哪吒项目的, 只是没有公开, 官方的手册也仅仅是提供了一键式脚本安装, 并未提供容器安装方案.

docker pull ghcr.io/naiba/nezha-dashboard:latest

准备配置文件

nezha/config.yaml at master · naiba/nezha

官方提供了配置文件模板

debug: false
httpport: 80
language: nz_language
grpcport: nz_grpc_port
oauth2:
  type: "nz_oauth2_type" #Oauth2 登录接入类型，github/gitlab/jihulab/gitee/gitea
  admin: "nz_admin_logins" #管理员列表，半角逗号隔开
  clientid: "nz_github_oauth_client_id" # 在 https://github.com/settings/developers 创建，无需审核 Callback 填 http(s)://域名或IP/oauth2/callback
  clientsecret: "nz_github_oauth_client_secret"
  endpoint: "" # 如gitea自建需要设置
site:
  brand: "nz_site_title"
  cookiename: "nezha-dashboard" #浏览器 Cookie 字段名，可不改
  theme: "default"

按照实际情况修改一下, 保存名为config.yaml

debug: false
httpport: 80
language: zh-CN
grpcport: 5555  # Agent通讯端口
oauth2:
  type: "gitea" #Oauth2 登录接入类型，github/gitlab/jihulab/gitee/gitea
  admin: "chowrex,zhouruixi" #管理员列表，半角逗号隔开
  clientid: "8*************f" # 在 https://github.com/settings/developers 创建，无需审核 Callback 填 http(s)://域名或IP/oauth2/callback
  clientsecret: "g********************taa"
  endpoint: "https://gitea.chowrex.com" # 如gitea自建需要设置
site:
  brand: "Rex Chow's 监控站"
  cookiename: "nezha-dashboard" #浏览器 Cookie 字段名，可不改
  theme: "default"

准备docker-compose文件

nezha/docker-compose.yaml at master · naiba/nezha

官方提供了模板

version: "3.3"

services:
  dashboard:
    image: nz_image_url
    restart: always
    volumes:
      - ./data:/dashboard/data
      - ./theme-custom/template:/dashboard/resource/template/theme-custom:ro
      - ./theme-custom/static:/dashboard/resource/static/theme-custom:ro
      - ./dashboard-custom/template:/dashboard/resource/template/dashboard-custom:ro
      - ./dashboard-custom/static:/dashboard/resource/static/dashboard-custom:ro
    ports:
      - nz_site_port:80
      - nz_grpc_port:nz_grpc_port

同样, 修改一下, 保存名为docker-compose.yaml

version: "3.3"

services:
  dashboard:
    container_name: nezha
    image: ghcr.io/naiba/nezha-dashboard:latest
    restart: always
    volumes:
      - ./data:/dashboard/data
      # 需要自定义主题等情况下可取消注释以下内容
      # - ./theme-custom/template:/dashboard/resource/template/theme-custom:ro
      # - ./theme-custom/static:/dashboard/resource/static/theme-custom:ro
      # - ./dashboard-custom/template:/dashboard/resource/template/dashboard-custom:ro
      # - ./dashboard-custom/static:/dashboard/resource/static/dashboard-custom:ro
    ports:
      - 30018:80
      - 30019:5555

启动服务

# 创建数据目录
mkdir -p data
# 移动配置文件
mv config.yaml data/
# 启动服务
docker-compose up -d

配置服务

配置介绍

整体一览

主题

默认支持四种主题JackieSung DayNight/Default/Hotaru/Neko Mdui, 哪个好看见仁见智吧

JackieSung DayNight

Default

Hotaru

Neko Mdui

安装客户端

DSM 7

一键安装 Agent | 哪吒监控

哪吒探针——群晖客户端（被控端）安装教程 - 小叶总技术网

Releases · naiba/nezha

群晖的DSM7使用了systemd作为服务托管工具, 位于/usr/lib/systemd/system.

因此不同于上面的方法, 可以通过自行编写服务的方式实现开机自启, 有关于systemd, 可以参考下面文章:

可能是史上最全面易懂的 Systemd 服务管理教程！( 强烈建议收藏 ) - 腾讯云开发者社区-腾讯云

参考群晖upnpd服务配置/usr/lib/systemd/system/upnpd.service

[Unit]
Description=Universal Plug and Play Daemon (UPnPd)
After=network.target

[Service]
Type=forking
PIDFile=/var/run/upnpd.pid
ExecStart=/usr/bin/upnpd
Restart=always

[Install]
WantedBy=multi-user.target

[X-Synology]
NanoUpdateDisplay=yes

实际nezha服务并不需要很复杂的配置, 仅按以下编写即可

[Unit]
Description=Nezha Agent Service
After=network.target

[Service]
Type=forking
ExecStart=/PATH/TO/nezha-agent -s 面板IP或非CDN域名:面板RPC端口 -p Agent密钥 -d
ExecStop=ps -fe |grep nezha-agent|awk '{print $2}'|xargs kill
User=SPECIFY_USER
Restart=on-abort

[Install]
WantedBy=multi-user.target

添加被控服务器

在主机页面点击添加服务器

添加主机

获取主机密钥

按照上面图示添加主机并复制密钥信息, 填充到以下脚本工具中

# 客户端路径
EXEC="/PATH/TO/nezha-agent"
# 日志路径地址
LOG="${EXEC}.log"
# 额外执行参数, 可留空
ARGS="--disable-command-execute"
# 哪吒服务端GRPC地址
SERVER="HOST_OR_IP:GRPC_PORT"
# 上一步获取的主机密钥
SECRET="APP_SECRET"
# 服务运行用户名, *强烈建议使用非root用户执行*
RUN_USER="nezha"

# 写入到systemd服务文件
cat << EOF > /usr/lib/systemd/system/nezha.service
[Unit]
Description=Nezha Agent Service
After=network.target

[Service]
Type=simple
ExecStart=/bin/nohup ${EXEC} ${ARGS} -s ${SERVER} -p ${SECRET} &>> ${LOG} &
ExecStop=ps -fe |grep nezha-agent|awk '{print \$2}'|xargs kill
User=${RUN_USER}
Restart=on-abort

[Install]
WantedBy=multi-user.target
EOF

# 重载服务
systemctl daemon-reload
# 启动服务
systemctl start nezha
# 服务自启动
systemctl enable nezha

使用root执行即可实现服务开机自启动

🎉该信息已更新至项目内容中, 详见: #27以及#28

信息展示

Windows

官方提供了一键安装脚本

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12;set-ExecutionPolicy RemoteSigned;Invoke-WebRequest https://raw.githubusercontent.com/naiba/nezha/master/script/install.ps1 -OutFile C:\install.ps1;powershell.exe C:\install.ps1 nezha.chowrex.com:5555 ************

拆解一下, 因为我不太懂Powershell, 所以可能存在错误😅

ServicePointManager 类 (System.Net) | Microsoft Learn

Set-ExecutionPolicy (Microsoft.PowerShell.Security) - PowerShell | Microsoft Learn

# 设置安全协议类型
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

# 设置执行策略
set-ExecutionPolicy RemoteSigned

# 从Github下载脚本
Invoke-WebRequest https://raw.githubusercontent.com/naiba/nezha/master/script/install.ps1 -OutFile C:\install.ps1

# 执行安装脚本
powershell.exe C:\install.ps1 nezha.chowrex.com:5555 *****
# 安装格式满足: GRPC地址 主机密钥

上面主要依赖的还是https://raw.githubusercontent.com/naiba/nezha/master/script/install.ps1这个文件, 下载看一下内容

#Get server and key
param($server, $key, $tls)
# Download latest release from github
if($PSVersionTable.PSVersion.Major -lt 5){
    Write-Host "Require PS >= 5,your PSVersion:"$PSVersionTable.PSVersion.Major -BackgroundColor DarkGreen -ForegroundColor White
    Write-Host "Refer to the community article and install manually! https://nyko.me/2020/12/13/nezha-windows-client.html" -BackgroundColor DarkRed -ForegroundColor Green
    exit
}
$agentrepo = "naiba/nezha"
$nssmrepo = "nezhahq/nssm-backup"
#  x86 or x64
if ([System.Environment]::Is64BitOperatingSystem) {
    $file = "nezha-agent_windows_amd64.zip"
}
else {
    $file = "nezha-agent_windows_386.zip"
}
$agentreleases = "https://api.github.com/repos/$agentrepo/releases"
$nssmreleases = "https://api.github.com/repos/$nssmrepo/releases"
#重复运行自动更新
if (Test-Path "C:\nezha") {
    Write-Host "Nezha monitoring already exists, delete and reinstall" -BackgroundColor DarkGreen -ForegroundColor White
    C:/nezha/nssm.exe stop nezha
    C:/nezha/nssm.exe remove nezha
    Remove-Item "C:\nezha" -Recurse
}
#TLS/SSL
Write-Host "Determining latest nezha release" -BackgroundColor DarkGreen -ForegroundColor White
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$agenttag = (Invoke-WebRequest -Uri $agentreleases -UseBasicParsing | ConvertFrom-Json)[0].tag_name
$nssmtag = (Invoke-WebRequest -Uri $nssmreleases -UseBasicParsing | ConvertFrom-Json)[0].tag_name
#Region判断
$ipapi= Invoke-RestMethod  -Uri "https://api.myip.com/" -UserAgent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1"
$region=$ipapi.cc
echo $ipapi
if($region -ne "CN"){
$download = "https://github.com/$agentrepo/releases/download/$agenttag/$file"
$nssmdownload="https://github.com/$nssmrepo/releases/download/$nssmtag/nssm.zip"
Write-Host "Location:$region,connect directly!" -BackgroundColor DarkRed -ForegroundColor Green
}else{
$download = "https://dn-dao-github-mirror.daocloud.io/$agentrepo/releases/download/$agenttag/$file"
$nssmdownload="https://dn-dao-github-mirror.daocloud.io/$nssmrepo/releases/download/$nssmtag/nssm.zip"
Write-Host "Location:CN,use mirror address" -BackgroundColor DarkRed -ForegroundColor Green
}
echo $download
echo $nssmdownload
Invoke-WebRequest $download -OutFile "C:\nezha.zip"
#使用nssm安装服务
Invoke-WebRequest $nssmdownload -OutFile "C:\nssm.zip"
#解压
Expand-Archive "C:\nezha.zip" -DestinationPath "C:\temp" -Force
Expand-Archive "C:\nssm.zip" -DestinationPath "C:\temp" -Force
if (!(Test-Path "C:\nezha")) { New-Item -Path "C:\nezha" -type directory }
#整理文件
Move-Item -Path "C:\temp\nezha-agent.exe" -Destination "C:\nezha\nezha-agent.exe"
if ($file = "nezha-agent_windows_amd64.zip") {
    Move-Item -Path "C:\temp\nssm-2.24\win64\nssm.exe" -Destination "C:\nezha\nssm.exe"
}
else {
    Move-Item -Path "C:\temp\nssm-2.24\win32\nssm.exe" -Destination "C:\nezha\nssm.exe"
}
#清理垃圾
Remove-Item "C:\nezha.zip"
Remove-Item "C:\nssm.zip"
Remove-Item "C:\temp" -Recurse
#安装部分
C:\nezha\nssm.exe install nezha C:\nezha\nezha-agent.exe -s $server -p $key $tls -d 
C:\nezha\nssm.exe start nezha
#enjoy
Write-Host "Enjoy It!" -BackgroundColor DarkGreen -ForegroundColor Red

大致流程有如下几步:

1. 判断架构后从github/daocloud下载最新的agent程序
2. 使用nssm安装服务
3. 启动服务

因为这个增加了国区支持, 因此直接保存使用即可

powershell.exe C:\install.ps1 GRPC_ADDR SECRET

填坑

解决报错: unexpected redirect URI

oauth2认证失败

准备工作 | 哪吒监控

根据官方手册, 如果服务架设在反向代理之后, 需要配置WebSocket转发

#PROXY-START/
location / {
    proxy_pass http://127.0.0.1:8008;
    proxy_set_header Host $http_host;
    proxy_set_header      Upgrade $http_upgrade;
}
location ~ ^/(ws|terminal/.+)$  {
    proxy_pass http://127.0.0.1:8008;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
}
#PROXY-END/

群晖设置反向代理

添加WebSocket代理设置

解决错误: 该用户不是本站点管理员，无法登录

如下图所示

无权登录

当前Gitea认证用户并未在配置文件中指定为管理员用户, 因此无权访问页面, 添加后重启服务或切换有权限用户即可