背景
对比一下 nezha dashboard
准备
- OS:ubuntu24
- cloudflare 两个域名
- dash.yourdomain.com 走cdn -- 用于面板访问
- data.yourdomain.com 不走cdn -- 用于websocket 上报vps 讯息
- yourdomain.com 在机器上泛域名证书,可以用 letsencrypt + cloudflare + api token方法获取, 可以参考 nezha 使用
hub docker install
全部根据官网配置操作即可,感觉很多时候比直接问AI 靠谱些,可以看文档,然后拿文档问题咨询ai
sh
sudo mkdir -p /opt/beszel
sudo vim ./docker-compose.yml
# 添加hub 配置
services:
beszel:
image: henrygd/beszel:latest
container_name: beszel
restart: unless-stopped
environment:
APP_URL: http://localhost:8090
HUB_URL: https://data.yourdomain.com # 替换自己的上报域名
ports:
- 8090:8090
volumes:
- ./beszel_data:/beszel_data
- ./beszel_socket:/beszel_socket
# healthcheck:
# test: ['CMD', '/beszel', 'health', '--url', 'http://localhost:8090']
# interval: 120s
# start_period: 10s
# timeout: 5s
sudo docker compose up -d内网创建账户
实例创建成功后,直接内网访问 http://amd:8090
我是tailscale 组件了内网,所以访问很方便
没有内网的话,直接上公网也可以
用邮箱 + 密码创建一个账户后,就不能在创建账户了,只能登录,公网开放的话,建议密码复杂些,然后套cf cdn
nginx 反代
sh
sudo vim /etc/nginx/conf.d/baszel.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
# listen [::]:443 ssl http2;
http2 on;
client_max_body_size 10M;
server_name dash.example.com; # 替换为你的域名
access_log /var/log/nginx/dash.yourdomain.com.access.log; # 替换为你的域名
# 统一使用刚刚申请出来的 Let's Encrypt 通配符证书路径
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # 如果与其他配置冲突,请注释此项
ssl_protocols TLSv1.2 TLSv1.3;
underscores_in_headers on;
include /etc/nginx/conf.d/cloudflare/ips.conf; # 替换为你的 CDN 回源 IP 地 址段
real_ip_header CF-Connecting-IP; # 替换为你的 CDN 提供的私有 header,此处为 CloudFlare 默认
# 如果你使用nginx作为最外层,把上面两行注释掉
location / {
proxy_read_timeout 360s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8090;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# listen [::]:443 ssl http2;
http2 on; # Nginx > 1.25.1,请注释上面两行,启用此行
client_max_body_size 10M;
server_name data.example.com; # 替换为你的域名
access_log /var/log/nginx/data.yourdomain.com.access.log;
# 1. 拦截所有根路径以及静态文件访问(直接返回 403 拒绝访问 Web 界面)
location / {
return 403;
}
# 2. 精确放行 Agent 上报和 PocketBase API 必须的路径
location ~* ^/(api|static|/_)/ {
proxy_read_timeout 360s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8090;
}
}
sudo nginx -t
sudo nginx -s reload这样应该就可以公网访问了
agent docker install
本地的agent 配置不太一样,参考官网配置
直接copy docker 配置即可
bash
sudo mkdir -p /opt/beszel
sudo vim ./docker-compose.yml
# 添加 agent 配置
beszel-agent:
image: henrygd/beszel-agent
container_name: beszel-agent
restart: unless-stopped
network_mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./beszel_agent_data:/var/lib/beszel-agent
# monitor other disks / partitions by mounting a folder in /extra-filesystems
# - /mnt/disk/.beszel:/extra-filesystems/sda1:ro
environment:
LISTEN: /beszel_socket/beszel.sock
KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaet2Ay9L6uOWSBECVlg2Aub3fA5MsOLu3EAgTz2xrz'
TOKEN: 367f1-0b572c4e6-a524-eab5d08f08
HUB_URL: http://localhost:8090其他vps 监控agent 安装
注意在 hub 控制台copy 的 docker 配置 HUB_URL 不知道为啥是本地的,我也配置了HUB_URL环境变量在 HUB 端,估计页面缓存吧
services:
beszel-agent:
image: henrygd/beszel-agent
container_name: beszel-agent
restart: unless-stopped
network_mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./beszel_agent_data:/var/lib/beszel-agent
# monitor other disks / partitions by mounting a folder in /extra-filesystems
# - /mnt/disk/.beszel:/extra-filesystems/sda1:ro
environment:
LISTEN: 45876
KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaet2Ay9L6uOWSBECVlg2Aub3fA5MsOLu3EAgTz2xrz'
TOKEN: 13ab07-488c3165-5f7460-0b1e469c
HUB_URL: http://localhost:8090 # 注意替换 https://data.example.com