以下是将哪吒面板最新版本(v1.x)部署在 Debian 12 VPS 上,并通过 Nginx 进行反代以支持域名 nz.example.com 的详细步骤:
1. 安装基础环境
更新系统并安装必要组件
sudo apt update && sudo apt upgrade -y
sudo apt install -y curl wget git unzip tar nginx
2. 安装 Docker 和 Docker Compose
哪吒面板推荐使用 Docker 部署。
安装 Docker
curl -fsSL https://get.docker.com | bash
sudo systemctl start docker
sudo systemctl enable docker
安装 Docker Compose
sudo apt install -y docker-compose-plugin
3. 部署哪吒面板
获取最新的 Docker 镜像
docker pull nezhahq/nezha-dashboard:latest
创建数据目录
mkdir -p /opt/nezha
cd /opt/nezha
启动哪吒面板
创建并编辑 Docker Compose 配置文件:
nano docker-compose.yml
添加以下内容:
version: '3'
services:
dashboard:
image: nezhahq/nezha-dashboard:latest
container_name: nezha-dashboard
restart: always
ports:
- "8008:8008" # 哪吒默认端口
environment:
- TZ=Asia/Shanghai # 时区
volumes:
- ./data:/data # 持久化存储
保存后启动服务:
docker compose up -d
访问 http://<VPS_IP>:8008 确认哪吒面板是否运行正常。
4. 配置 Cloudflare
- 在 Cloudflare 中,确认
nz.example.com的 A 记录已正确指向 VPS 的 IP。 - 开启 Cloudflare 的 代理模式(小云朵变为橙色),确保流量经过 Cloudflare。
5. 配置 Nginx 反向代理
创建 Nginx 配置文件
sudo nano /etc/nginx/sites-available/nz.example.com
添加以下内容:
server {
listen 80;
listen [::]:80;
server_name nz.example.com;
# 面板 Web 页面
location / {
proxy_pass http://127.0.0.1:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# WebSocket 相关
location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ {
proxy_set_header Host $host;
proxy_set_header nz-realip $remote_addr;
proxy_set_header Origin http://$host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_pass http://127.0.0.1:8008;
}
# gRPC 相关(如果面板启用)
location ^~ /proto.NezhaService/ {
grpc_set_header Host $host;
grpc_set_header nz-realip $remote_addr;
grpc_read_timeout 600s;
grpc_send_timeout 600s;
grpc_socket_keepalive on;
client_max_body_size 10m;
grpc_buffer_size 4m;
grpc_pass grpc://127.0.0.1:8008;
}
}
upstream dashboard {
server 127.0.0.1:8008;
keepalive 512;
}
保存并创建软链接:
sudo ln -s /etc/nginx/sites-available/nz.example.com /etc/nginx/sites-enabled/
测试并重启 Nginx
sudo nginx -t
sudo systemctl reload nginx
6. 配置 HTTPS(通过 Certbot 和 Let’s Encrypt)
安装 Certbot:
sudo apt install -y certbot python3-certbot-nginx
申请 SSL 证书并配置自动续期:
sudo certbot --nginx -d nz.example.com
确认 SSL 配置完成后,访问 https:// 检查面板是否正常运行。nz.example.com
7. 后续操作
自定义哪吒面板配置
在 /opt/nezha/data 目录下,编辑面板的配置文件(如 config.yml),根据需要自定义。
检查 Docker 容器状态
docker ps
查看哪吒日志
docker logs nezha-dashboard
至此,哪吒面板已经部署完成,并通过 Cloudflare 和 Nginx 实现了域名反代和 HTTPS 支持!
8. 特别优化
优化版 Nginx 配置
包含:HTTPS 完整安全配置、HTTP → HTTPS 重定向、WebSocket/gRPC 完整支持、安全头部 + gzip等
# /etc/nginx/sites-available/nz.example.com
# ====== HTTP server,自动重定向到 HTTPS ======
server {
listen 80;
listen [::]:80;
server_name nz.example.com;
return 301 https://$host$request_uri;
}
# ====== HTTPS server ======
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nz.sssvip.de;
# SSL 配置
ssl_certificate /etc/letsencrypt/live/nz.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nz.example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 8.8.8.8 valid=300s;
resolver_timeout 5s;
underscores_in_headers on;
# HTTP 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self';" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# gRPC 相关
location ^~ /proto.NezhaService/ {
grpc_set_header Host $host;
grpc_set_header nz-realip $remote_addr;
grpc_read_timeout 600s;
grpc_send_timeout 600s;
grpc_socket_keepalive on;
client_max_body_size 10m;
grpc_buffer_size 4m;
grpc_pass grpc://127.0.0.1:8008;
}
# WebSocket 相关
location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header nz-realip $remote_addr;
proxy_set_header Origin https://$host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_pass http://127.0.0.1:8008;
}
# 面板 Web
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header nz-realip $remote_addr;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:8008;
# 开启 gzip 压缩
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_min_length 256;
}
}
# ====== upstream 保留 ======
upstream dashboard {
server 127.0.0.1:8008;
keepalive 512;
}