原理很简单就是通过服务器中转
因为封禁了443,安装包最简单的方法就是人工sftp上传
中转如下 已REALM为例
- 中转服务器配置中转 中转端口为44443
[network]
no_tcp = false
use_udp = true
[[endpoints]]
listen = "[::]:44443"
remote = "套了cf探针域名(zk.123.com):443"
2.腾讯云上配置host
vi /etc/hosts
中转服务器IP 套了cf探针域名
例如
161.161.161.161 zk.123.com
3.腾讯云上修改探针agent的对接地址
我使用的是哪吒,nezhe默认配置在/opt/nezha/agent/config.yml
修改server配置
server: zk.123.com:44443
其他探针也一样.无非就是域名端口或者ip端口
- 中转服务器封禁其他44443入站, 不搞也能用,但是建议实施
nftable为例, 给小白看的
vi /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter;
ip saddr 腾讯云ip tcp dport 44443 accept
ip saddr 如果是rfc的服务器用10.x的内网ip tcp dport 44443 accept
tcp dport 44443 drop
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
重新加载
nft -f /etc/nftables.conf
————————————
附带nezha agent安装
1.下载安装x86包
https://github.com/nezhahq/agent/releases/download/v1.14.1/nezha-agent_linux_amd64.zip
2.上传包到tmp目录
- 编辑安装agent脚本
官方脚本改的
vi agent.sh
#!/bin/sh
NZ_BASE_PATH="/opt/nezha"
NZ_AGENT_PATH="${NZ_BASE_PATH}/agent"
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
err() {
printf "${red}%s${plain}\n" "$*" >&2
}
success() {
printf "${green}%s${plain}\n" "$*"
}
info() {
printf "${yellow}%s${plain}\n" "$*"
}
sudo() {
myEUID=$(id -ru)
if [ "$myEUID" -ne 0 ]; then
if command -v sudo > /dev/null 2>&1; then
command sudo "$@"
else
err "ERROR: sudo is not installed on the system, the action cannot be proceeded."
exit 1
fi
else
"$@"
fi
}
deps_check() {
local deps="curl unzip grep"
local _err=0
local missing=""
for dep in $deps; do if ! command -v "$dep" >/dev/null 2>&1; then _err=1 missing="${missing} $dep" fidoneif [ "$_err" -ne 0 ]; then err "Missing dependencies:$missing. Please install them and try again." exit 1fi}
env_check() {
mach=$(uname -m)
case "$mach" in
amd64|x86_64)
os_arch="amd64"
;;
i386|i686)
os_arch="386"
;;
aarch64|arm64)
os_arch="arm64"
;;
arm)
os_arch="arm"
;;
s390x)
os_arch="s390x"
;;
riscv64)
os_arch="riscv64"
;;
mips)
os_arch="mips"
;;
mipsel|mipsle)
os_arch="mipsle"
;;
*)
err "Unknown architecture: $mach"
exit 1
;;
esac
system=$(uname)case "$system" in *Linux*) os="linux" ;; *Darwin*) os="darwin" ;; *FreeBSD*) os="freebsd" ;; *) err "Unknown architecture: $system" exit 1 ;;esac}
init() {
deps_check
env_check
}
install() {
echo "Installing..."
if [ ! -f /tmp/nezha-agent_${os}_${os_arch}.zip ]; then err "Local package not found: /tmp/nezha-agent_${os}_${os_arch}.zip" err "Please upload nezha-agent zip to /tmp manually." exit 1fisudo mkdir -p $NZ_AGENT_PATHsudo unzip -qo /tmp/nezha-agent_${os}_${os_arch}.zip -d $NZ_AGENT_PATH && sudo rm -rf /tmp/nezha-agent_${os}_${os_arch}.zippath="$NZ_AGENT_PATH/config.yml"if [ -f "$path" ]; then random=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5) path=$(printf "%s" "$NZ_AGENT_PATH/config-$random.yml")fiif [ -z "$NZ_SERVER" ]; then err "NZ_SERVER should not be empty" exit 1fiif [ -z "$NZ_CLIENT_SECRET" ]; then err "NZ_CLIENT_SECRET should not be empty" exit 1fienv="NZ_UUID=$NZ_UUID NZ_SERVER=$NZ_SERVER NZ_CLIENT_SECRET=$NZ_CLIENT_SECRET NZ_TLS=$NZ_TLS NZ_DISABLE_AUTO_UPDATE=$NZ_DISABLE_AUTO_UPDATE NZ_DISABLE_FORCE_UPDATE=$DISABLE_FORCE_UPDATE NZ_DISABLE_COMMAND_EXECUTE=$NZ_DISABLE_COMMAND_EXECUTE NZ_SKIP_CONNECTION_COUNT=$NZ_SKIP_CONNECTION_COUNT"sudo "${NZ_AGENT_PATH}"/nezha-agent service -c "$path" uninstall >/dev/null 2>&1_cmd="sudo env $env $NZ_AGENT_PATH/nezha-agent service -c $path install"if ! eval "$_cmd"; then err "Install nezha-agent service failed" sudo "${NZ_AGENT_PATH}"/nezha-agent service -c "$path" uninstall >/dev/null 2>&1 exit 1fisuccess "nezha-agent successfully installed"}
uninstall() {
find "$NZ_AGENT_PATH" -type f -name "config.yml" | while read -r file; do
sudo "$NZ_AGENT_PATH/nezha-agent" service -c "$file" uninstall
sudo rm "$file"
done
info "Uninstallation completed."
}
if [ "$1" = "uninstall" ]; then
uninstall
exit
fi
init
install
- 安装
chmod +x agent.sh
原理很简单就是通过服务器中转
因为封禁了443,安装包最简单的方法就是人工sftp上传
中转如下 已REALM为例
- 中转服务器配置中转 中转端口为44443
[network]
no_tcp = false
use_udp = true
[[endpoints]]
listen = "[::]:44443"
remote = "套了cf探针域名(zk.123.com):443"
2.腾讯云上配置host
vi /etc/hosts
中转服务器IP 套了cf探针域名
例如
161.161.161.161 zk.123.com
3.腾讯云上修改探针agent的对接地址
我使用的是哪吒,nezhe默认配置在/opt/nezha/agent/config.yml
修改server配置
server: zk.123.com:44443
其他探针也一样.无非就是域名端口或者ip端口
- 中转服务器封禁其他44443入站, 不搞也能用,但是建议实施
nftable为例, 给小白看的
vi /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter;
ip saddr 腾讯云ip tcp dport 44443 accept
ip saddr 如果是rfc的服务器用10.x的内网ip tcp dport 44443 accept
tcp dport 44443 drop
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
重新加载
nft -f /etc/nftables.conf
————————————
附带nezha agent安装
1.下载安装x86包
https://github.com/nezhahq/agent/releases/download/v1.14.1/nezha-agent_linux_amd64.zip
2.上传包到tmp目录
- 编辑安装agent脚本
官方脚本改的
vi agent.sh
#!/bin/sh
NZ_BASE_PATH="/opt/nezha"
NZ_AGENT_PATH="${NZ_BASE_PATH}/agent"
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
err() {
printf "${red}%s${plain}\n" "$*" >&2
}
success() {
printf "${green}%s${plain}\n" "$*"
}
info() {
printf "${yellow}%s${plain}\n" "$*"
}
sudo() {
myEUID=$(id -ru)
if [ "$myEUID" -ne 0 ]; then
if command -v sudo > /dev/null 2>&1; then
command sudo "$@"
else
err "ERROR: sudo is not installed on the system, the action cannot be proceeded."
exit 1
fi
else
"$@"
fi
}
deps_check() {
local deps="curl unzip grep"
local _err=0
local missing=""
for dep in $deps; do if ! command -v "$dep" >/dev/null 2>&1; then _err=1 missing="${missing} $dep" fidoneif [ "$_err" -ne 0 ]; then err "Missing dependencies:$missing. Please install them and try again." exit 1fi}
env_check() {
mach=$(uname -m)
case "$mach" in
amd64|x86_64)
os_arch="amd64"
;;
i386|i686)
os_arch="386"
;;
aarch64|arm64)
os_arch="arm64"
;;
arm)
os_arch="arm"
;;
s390x)
os_arch="s390x"
;;
riscv64)
os_arch="riscv64"
;;
mips)
os_arch="mips"
;;
mipsel|mipsle)
os_arch="mipsle"
;;
*)
err "Unknown architecture: $mach"
exit 1
;;
esac
system=$(uname)case "$system" in *Linux*) os="linux" ;; *Darwin*) os="darwin" ;; *FreeBSD*) os="freebsd" ;; *) err "Unknown architecture: $system" exit 1 ;;esac}
init() {
deps_check
env_check
}
install() {
echo "Installing..."
if [ ! -f /tmp/nezha-agent_${os}_${os_arch}.zip ]; then err "Local package not found: /tmp/nezha-agent_${os}_${os_arch}.zip" err "Please upload nezha-agent zip to /tmp manually." exit 1fisudo mkdir -p $NZ_AGENT_PATHsudo unzip -qo /tmp/nezha-agent_${os}_${os_arch}.zip -d $NZ_AGENT_PATH && sudo rm -rf /tmp/nezha-agent_${os}_${os_arch}.zippath="$NZ_AGENT_PATH/config.yml"if [ -f "$path" ]; then random=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5) path=$(printf "%s" "$NZ_AGENT_PATH/config-$random.yml")fiif [ -z "$NZ_SERVER" ]; then err "NZ_SERVER should not be empty" exit 1fiif [ -z "$NZ_CLIENT_SECRET" ]; then err "NZ_CLIENT_SECRET should not be empty" exit 1fienv="NZ_UUID=$NZ_UUID NZ_SERVER=$NZ_SERVER NZ_CLIENT_SECRET=$NZ_CLIENT_SECRET NZ_TLS=$NZ_TLS NZ_DISABLE_AUTO_UPDATE=$NZ_DISABLE_AUTO_UPDATE NZ_DISABLE_FORCE_UPDATE=$DISABLE_FORCE_UPDATE NZ_DISABLE_COMMAND_EXECUTE=$NZ_DISABLE_COMMAND_EXECUTE NZ_SKIP_CONNECTION_COUNT=$NZ_SKIP_CONNECTION_COUNT"sudo "${NZ_AGENT_PATH}"/nezha-agent service -c "$path" uninstall >/dev/null 2>&1_cmd="sudo env $env $NZ_AGENT_PATH/nezha-agent service -c $path install"if ! eval "$_cmd"; then err "Install nezha-agent service failed" sudo "${NZ_AGENT_PATH}"/nezha-agent service -c "$path" uninstall >/dev/null 2>&1 exit 1fisuccess "nezha-agent successfully installed"}
uninstall() {
find "$NZ_AGENT_PATH" -type f -name "config.yml" | while read -r file; do
sudo "$NZ_AGENT_PATH/nezha-agent" service -c "$file" uninstall
sudo rm "$file"
done
info "Uninstallation completed."
}
if [ "$1" = "uninstall" ]; then
uninstall
exit
fi
init
install
- 安装
chmod +x agent.sh
env NZ_SERVER=zk.123.com:44443 NZ_TLS=true NZ_CLIENT_SECRET=xxx ./agent.sh
评论 (0)