闲来无事 给一个简单的po0上套了cf的探针方法

原理很简单就是通过服务器中转
因为封禁了443，安装包最简单的方法就是人工sftp上传

中转如下 已REALM为例

1. 中转服务器配置中转 中转端口为44443

[network]
no_tcp = false
use_udp = true
[[endpoints]]
listen = "[::]:44443"
remote = "套了cf探针域名(zk.123.com):443"

2.腾讯云上配置host
vi /etc/hosts
中转服务器IP 套了cf探针域名
例如
161.161.161.161 zk.123.com

3.腾讯云上修改探针agent的对接地址
我使用的是哪吒，nezhe默认配置在/opt/nezha/agent/config.yml

修改server配置
server: zk.123.com:44443

其他探针也一样.无非就是域名端口或者ip端口

4. 中转服务器封禁其他44443入站, 不搞也能用，但是建议实施
   nftable为例， 给小白看的
   vi /etc/nftables.conf

#!/usr/sbin/nft -f
flush ruleset
table inet filter {
        chain input {
                type filter hook input priority filter;
        ip saddr 腾讯云ip tcp dport 44443 accept
        ip saddr 如果是rfc的服务器用10.x的内网ip tcp dport 44443 accept
        tcp dport 44443 drop
        }
        chain forward {
                type filter hook forward priority filter;
        }
        chain output {
                type filter hook output priority filter;
        }
}

重新加载
nft -f /etc/nftables.conf

————————————
附带nezha agent安装

1.下载安装x86包
https://github.com/nezhahq/agent/releases/download/v1.14.1/nezha-agent_linux_amd64.zip

2.上传包到tmp目录

3. 编辑安装agent脚本

官方脚本改的
vi agent.sh

#!/bin/sh

NZ_BASE_PATH="/opt/nezha"
NZ_AGENT_PATH="${NZ_BASE_PATH}/agent"

red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'

err() {
    printf "${red}%s${plain}\n" "$*" >&2
}

success() {
    printf "${green}%s${plain}\n" "$*"
}

info() {
    printf "${yellow}%s${plain}\n" "$*"
}

sudo() {
    myEUID=$(id -ru)
    if [ "$myEUID" -ne 0 ]; then
        if command -v sudo > /dev/null 2>&1; then
            command sudo "$@"
        else
            err "ERROR: sudo is not installed on the system, the action cannot be proceeded."
            exit 1
        fi
    else
        "$@"
    fi
}

deps_check() {
    local deps="curl unzip grep"
    local _err=0
    local missing=""

    for dep in $deps; do
        if ! command -v "$dep" >/dev/null 2>&1; then
            _err=1
            missing="${missing} $dep"
        fi
    done

    if [ "$_err" -ne 0 ]; then
        err "Missing dependencies:$missing. Please install them and try again."
        exit 1
    fi
}

env_check() {
    mach=$(uname -m)
    case "$mach" in
        amd64|x86_64)
            os_arch="amd64"
            ;;
        i386|i686)
            os_arch="386"
            ;;
        aarch64|arm64)
            os_arch="arm64"
            ;;
        *arm*)
            os_arch="arm"
            ;;
        s390x)
            os_arch="s390x"
            ;;
        riscv64)
            os_arch="riscv64"
            ;;
        mips)
            os_arch="mips"
            ;;
        mipsel|mipsle)
            os_arch="mipsle"
            ;;
        *)
            err "Unknown architecture: $mach"
            exit 1
            ;;
    esac

    system=$(uname)
    case "$system" in
        *Linux*)
            os="linux"
            ;;
        *Darwin*)
            os="darwin"
            ;;
        *FreeBSD*)
            os="freebsd"
            ;;
        *)
            err "Unknown architecture: $system"
            exit 1
            ;;
    esac
}

init() {
    deps_check
    env_check

}

install() {
    echo "Installing..."

    if [ ! -f /tmp/nezha-agent_${os}_${os_arch}.zip ]; then
        err "Local package not found: /tmp/nezha-agent_${os}_${os_arch}.zip"
        err "Please upload nezha-agent zip to /tmp manually."
        exit 1
    fi

    sudo mkdir -p $NZ_AGENT_PATH

    sudo unzip -qo /tmp/nezha-agent_${os}_${os_arch}.zip -d $NZ_AGENT_PATH &&
        sudo rm -rf /tmp/nezha-agent_${os}_${os_arch}.zip

    path="$NZ_AGENT_PATH/config.yml"
    if [ -f "$path" ]; then
        random=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
        path=$(printf "%s" "$NZ_AGENT_PATH/config-$random.yml")
    fi

    if [ -z "$NZ_SERVER" ]; then
        err "NZ_SERVER should not be empty"
        exit 1
    fi

    if [ -z "$NZ_CLIENT_SECRET" ]; then
        err "NZ_CLIENT_SECRET should not be empty"
        exit 1
    fi

    env="NZ_UUID=$NZ_UUID NZ_SERVER=$NZ_SERVER NZ_CLIENT_SECRET=$NZ_CLIENT_SECRET NZ_TLS=$NZ_TLS NZ_DISABLE_AUTO_UPDATE=$NZ_DISABLE_AUTO_UPDATE NZ_DISABLE_FORCE_UPDATE=$DISABLE_FORCE_UPDATE NZ_DISABLE_COMMAND_EXECUTE=$NZ_DISABLE_COMMAND_EXECUTE NZ_SKIP_CONNECTION_COUNT=$NZ_SKIP_CONNECTION_COUNT"

    sudo "${NZ_AGENT_PATH}"/nezha-agent service -c "$path" uninstall >/dev/null 2>&1
    _cmd="sudo env $env $NZ_AGENT_PATH/nezha-agent service -c $path install"
    if ! eval "$_cmd"; then
        err "Install nezha-agent service failed"
        sudo "${NZ_AGENT_PATH}"/nezha-agent service -c "$path" uninstall >/dev/null 2>&1
        exit 1
    fi

    success "nezha-agent successfully installed"
}

uninstall() {
    find "$NZ_AGENT_PATH" -type f -name "*config*.yml" | while read -r file; do
        sudo "$NZ_AGENT_PATH/nezha-agent" service -c "$file" uninstall
        sudo rm "$file"
    done
    info "Uninstallation completed."
}

if [ "$1" = "uninstall" ]; then
    uninstall
    exit
fi

init
install

4. 安装

chmod +x agent.sh
env NZ_SERVER=**zk.123.com:44443** NZ_TLS=true NZ_CLIENT_SECRET=**xxx** ./agent.sh