[UPDATED] How to Install Nezha Monitoring on Nat VPS

Natvps.id – If you have many servers, you might want to monitor uptime and use source from these servers. Enough to be troublesome if you have to check one by one through shell. Fortunately, you can use tools like Nezha which provides monitor panels to monitor the whole source From the existing server, only in one website.

This article explains how to install Nezha on NAT VPS. This article uses Ubuntu 22.04 as a reference. For other OS, please adjust the steps listed.

This article is an update from the old article. Many Nezha installation process has changed since the old article was written, including Github Oauth which is no longer needed.

Port forwarding configuration

Considering we use grout, we need to add 1 Port Forwarding Configuration In the virtualizor panel (or other VPS panels according to the provider). This port will be used to access the Nezha panel through the NAT VPS public IP.

For example, in this article will use a port 32505. You are free to change this port according to your choice. Record this port, because we will use it again in the configuration process.

Install Nezha

We will use an official installation script to install Nezha automatically.

First, install curl:

apt install curl -y

Then, download and run manuscript In the following sequence:

curl -L  -o nezha.sh && chmod +x nezha.sh && sudo ./nezha.sh

On Select your installation method:choose Docker To facilitate the installation.

Enter 1 to start the installation.

• Please enter the site title: Your panel name. Free, for example: “Tutorial Panel”
• Please enter the open port: (default 8008): The port that you have specified before, for example: 32505
• Please determine the host of the NEZHA agent preset in the Instal Command: (for example Example.com:443): Enter with the format: Ip.publik.nat.vps: Portnezha. Example: 141.11.190.114:32505
• Do you prefer to connect agents via TLS? [y/N]: Enter N because we haven’t configured https

Wait until the installation is complete.

Access panels

Nezha Panel can be accessed through the address: Public NAT VPS>: Example: http://141.11.190.114:32505.

To log in, the default credentials are Admin As a username and password. Please change after the first login to secure the panel.

Nginx Configuration (Reverse Proxy)

We can also install Reverse-Proxy Like nginx in order to access Nezha through a domain, such as nezha-tutorial.mdinata.my.id. The goal is to be easier to access and be able to install SSL (HTTPS) to support a safer connection between server.

Before that, you need to add 2 domain forwarding with a protocol Http And Https So that the domain can access your NAT VPS. Add the domain prosecution as follows:

Don’t forget to add DNS Records to go to your NAT VPS public IP, like this:

If so, it’s time to install nginx and add configuration Virtual host.

First, install Nginx through the command:

# Hapus Apache2 dan pendukungnya (biasanya terpasang secara bawaan di VPS OpenVZ)
apt purge apache2* -y

# Install NGINX
apt install nginx -y

Create a new host configuration specifically for status:

nano /etc/nginx/sites-available/nezha

Then stick the following configuration:

# Konfigurasi NGINX untuk deploy Nezha di NAT VPS
# 

server {
    listen 80;
    listen [::]:80;

    server_name nezha-tutorial.mdinata.my.id; # Replace with your domain

    underscores_in_headers on;
    # set_real_ip_from 0.0.0.0/0; # Replace with your CDN's IP ranges
    # real_ip_header CF-Connecting-IP; # Replace with your CDN's private header, default for Cloudflare
    # Comment the above two lines if Nginx is the outermost layer.

    # gRPC Configuration
    location ^~ /proto.NezhaService/ {
        grpc_set_header Host $host;
        grpc_set_header nz-realip $http_CF_Connecting_IP; # Replace with your CDN's private header
        # Uncomment the next line and comment the above if Nginx is the outermost layer
        # grpc_set_header nz-realip $remote_addr;
        grpc_read_timeout 600s;
        grpc_send_timeout 600s;
        grpc_socket_keepalive on;
        client_max_body_size 10m;
        grpc_buffer_size 4m;
        grpc_pass grpc://dashboard;
    }

    # WebSocket Configuration
    location ~* ^/api/v1/ws/(server|terminal|file)(.*)$ {
        proxy_set_header Host $host;
        proxy_set_header nz-realip $http_cf_connecting_ip; # Replace with your CDN's private header
        # Uncomment the next line and comment the above if Nginx is the outermost layer
        # proxy_set_header nz-realip $remote_addr;
        proxy_set_header Origin 
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        proxy_pass 
    }

    # Web Traffic Configuration
    location / {
        proxy_set_header Host $host;
        proxy_set_header nz-realip $http_cf_connecting_ip; # Replace with your CDN's private header
        # Uncomment the next line and comment the above if Nginx is the outermost layer
        # proxy_set_header nz-realip $remote_addr;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_max_temp_file_size 0;
        # If you use nginx as the outermost layer, enable this line to avoid protocols that cannot be accessed correctly
        # proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass 
    }
}

upstream dashboard {
    server 127.0.0.1:8008;
    keepalive 512;
}

Adjust nezha-tutorial.mdinata.my.id with your domain, and port 8008 on proxy_pass With your Nezha port.

Activate the configuration with:

ln -sf /etc/nginx/sites-available/nezha/etc/nginx/sites-enabled/nezha

# Restart NGINX
systemctl restart nginx

So that our domain can be accessed through HTTPS, we need to make a SSL certificate. We can use a free SSL certificate from Let’s Encrypt through Certbot.

Install Certbot and Nginx plugin use the command:

apt install python3-certbot python3-certbot-nginx

So, produce Certificate through Certbot with the command

certbot --nginx -d nezha-tutorial.mdinata.my.id

Change nezha-tutorial.mdinata.my.id with your domain.

Finally, we need to change the address of Nezha’s host in the configuration. Open the file /opt/nezha/dashboard/data/config.yaml:

nano /opt/nezha/dashboard/data/config.yaml

On install_hostchange to:Domainanda>: 443. Example:

install_host: nezha-tutorial.mdinata.my.id

Save the file, then restart Nezha with the command:

~/nezha.sh restart_and_update

Happy! Nezha can currently be accessed through your domain and with a safe connection https.

Cover

Thus this article is about the steps of Nezha’s deploy in NAT VPS. If you are confused or doubtful, don’t hesitate to ask questions in the telegram group @ipv6indonesia. Thank You!