Reisber/Personal
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
Personal/remna.md
Reisber 1e5d9d2777 Обновить remna.md 
Signed-off-by: Reisber <admin@reisber.space>
2026-04-01 23:41:31 +00:00

239 lines
5.7 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 🖥 Установка Remna на основную ноду и настройка агентов
---
## 🟢 Установка панели на сервер
### 1⃣ Установка Docker
```bash
sudo curl -fsSL https://get.docker.com | sh
```
---
### 2⃣ Установка обязательных файлов
Создаем директорию проекта:
```bash
mkdir /opt/remnawave && cd /opt/remnawave
```
Скачиваем необходимые файлы:
```bash
curl -o docker-compose.yml https://raw.githubusercontent.com/remnawave/backend/refs/heads/main/docker-compose-prod.yml
```
---
### 3⃣ Настройка `.env` файла
Создаем секретные ключи и пароли:
```bash
sed -i "s/^JWT_AUTH_SECRET=.*/JWT_AUTH_SECRET=$(openssl rand -hex 64)/" .env \
&& sed -i "s/^JWT_API_TOKENS_SECRET=.*/JWT_API_TOKENS_SECRET=$(openssl rand -hex 64)/" .env
sed -i "s/^METRICS_PASS=.*/METRICS_PASS=$(openssl rand -hex 64)/" .env \
&& sed -i "s/^WEBHOOK_SECRET_HEADER=.*/WEBHOOK_SECRET_HEADER=$(openssl rand -hex 64)/" .env
```
Рекомендуется изменить пароль PostgreSQL:
```bash
pw=$(openssl rand -hex 24) \
&& sed -i "s/^POSTGRES_PASSWORD=.*/POSTGRES_PASSWORD=$pw/" .env \
&& sed -i "s|^\(DATABASE_URL=\"postgresql://postgres:\)[^\@]*\(@.*\)|\1$pw\2|" .env
```
Открой `.env` и отредактируй:
```text
FRONT_END_DOMAIN
SUB_PUBLIC_DOMAIN
```
- **FRONT_END_DOMAIN** — домен панели, например: `panel.yourdomain.com`
- **SUB_PUBLIC_DOMAIN** — обычно тот же домен + `/api/sub`, например: `panel.yourdomain.com/api/sub`
Файл находится здесь:
```bash
cd /opt/remnawave && nano .env
```
---
### 4⃣ Запуск контейнеров
```bash
docker compose up -d && docker compose logs -f -t
```
---
## 🔄 Настройка Reverse Proxy
### 1⃣ Установка зависимостей
```bash
apt-get install cron socat
```
Установка acme.sh:
```bash
curl https://get.acme.sh | sh -s email=EMAIL && source ~/.bashrc
```
> Используй валидный email.
---
### 2⃣ Создание папки для сертификатов
```bash
mkdir -p /opt/remnawave/nginx && cd /opt/remnawave/nginx
```
Выпуск сертификата (не используйте `.ru`, `.su`, `.рф`):
```bash
acme.sh --issue --standalone -d 'DOMAIN' \
--key-file /opt/remnawave/nginx/privkey.key \
--fullchain-file /opt/remnawave/nginx/fullchain.pem \
--alpn --tlsport 8443
```
> Можно использовать Nginx Proxy Manager для других сервисов.
---
### 3⃣ Конфигурация Nginx
Открываем файл:
```bash
cd /opt/remnawave/nginx && nano nginx.conf
```
Вставляем следующий конфиг:
```nginx
upstream remnawave {
server remnawave:3000;
}
server {
server_name REPLACE_WITH_YOUR_DOMAIN;
listen 443 ssl reuseport;
listen [::]:443 ssl reuseport;
http2 on;
location / {
proxy_http_version 1.1;
proxy_pass http://remnawave;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SSL Configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_certificate "/etc/nginx/ssl/fullchain.pem";
ssl_certificate_key "/etc/nginx/ssl/privkey.key";
ssl_trusted_certificate "/etc/nginx/ssl/fullchain.pem";
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
# Gzip Compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_reject_handshake on;
}
```
---
### 4⃣ Создание Docker Compose для Nginx
```bash
cd /opt/remnawave/nginx && nano docker-compose.yml
```
Вставляем:
```yaml
services:
remnawave-nginx:
image: nginx:1.28
container_name: remnawave-nginx
hostname: remnawave-nginx
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro
- ./privkey.key:/etc/nginx/ssl/privkey.key:ro
restart: always
ports:
- '0.0.0.0:443:443'
networks:
- remnawave-network
networks:
remnawave-network:
name: remnawave-network
driver: bridge
external: true
```
---
### 5⃣ Запуск Nginx контейнера
```bash
docker compose up -d && docker compose logs -f -t
```
Reference in New Issue View Git Blame Copy Permalink