feat: proxy admin panel via nginx port 80 to avoid exposing 8444

Route the panel through a secret subpath on port 80, remove the separate
8444 listener, and document common troubleshooting in docs.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-06-16 09:45:26 +08:00
parent 30e43cc9ce
commit f0a3317e8b
9 changed files with 204 additions and 51 deletions
+7 -8
View File
@@ -9,7 +9,7 @@
|------|-----|
| VPS IP | `47.76.87.111` |
| 域名 | `66.hyf2.cc` |
| 管理面板 | `https://66.hyf2.cc:8444` |
| 管理面板 | `http://66.hyf2.cc/<PANEL_PATH>/`(安装时输出,见 `.env` |
> 完整部署步骤见 **[docs/DEPLOY.md](docs/DEPLOY.md)**
@@ -33,7 +33,7 @@ bash scripts/install.sh
## 架构
```
浏览器 ──► Nginx:8444 ──► Web 管理面板(登录、添加节点)
浏览器 ──► Nginx:80/<PANEL_PATH>/ ──► Web 管理面板(登录、添加节点)
sing-box 配置重载
@@ -42,7 +42,7 @@ bash scripts/install.sh
├─ TCP 443 ──► sing-box VLESS+Reality
└─ UDP 8443 ─► sing-box Hysteria2
Nginx 127.0.0.1:8080 ← 伪装静态页(fallback
Nginx 127.0.0.1:8080 ← 伪装静态页(Reality fallback 场景
```
---
@@ -71,18 +71,17 @@ Nginx 127.0.0.1:8080 ← 伪装静态页(fallback
| 端口 | 协议 | 用途 |
|------|------|------|
| 22 | TCP | SSH |
| 80 | TCP | HTTPLet's Encrypt 验证 |
| 80 | TCP | HTTPACME 验证 + **管理面板反向代理** |
| 443 | TCP | VLESS + Reality |
| 8443 | UDP | Hysteria2 |
| 8444 | TCP | **Web 管理面板(HTTPS** |
---
## 常用运维
```bash
# 面板 / 节点
https://66.hyf2.cc:8444
# 面板地址(安装时输出)
grep PANEL_PATH /opt/jiedian/.env
# 服务状态
systemctl status sing-box jiedian-panel
@@ -100,7 +99,7 @@ bash scripts/install.sh
1. 不要公开分享节点链接
2. Reality SNI 使用 `www.microsoft.com`,不要用 `66.hyf2.cc`
3. 客户端开启 uTLS / chrome 指纹
4. 面板密码请妥善保管,安装后可在 `.env` 查看 `PANEL_PASSWORD`
4. 面板路径与密码请妥善保管,安装后可在 `.env` 查看 `PANEL_PATH` / `PANEL_PASSWORD`
---