搬瓦工（BandwagonHost）的 CN2 GIA 線路堪稱 VPS 界的網絡天花板。其三網頂級直連架構不僅帶來了令人驚嘆的極致超低延遲，更是在晚高峰也能保持全天候 0 丟包 的神話。這種絲滑、純粹的網絡體驗，如果不配上一個優秀的現代監控探針將其徹底可視化，簡直是暴殄天物！ BandwagonHost's CN2 GIA routing is arguably the network ceiling of the VPS world. Its top-tier direct connection across all three major networks brings not only amazingly stable and low latency but also maintains a mythical 0 packet loss even during peak hours. Such a silky-smooth and pure network experience would be an absolute waste if not thoroughly visualized with an excellent modern monitoring dashboard!

為了不辜負瓦工如此頂級的線路，我們需要一款同樣極致的探針。今天的主角 Komari 正是為此而生。 To live up to such top-tier routing from BandwagonHost, we need an equally ultimate probe. Today's protagonist, Komari, was born for this exact purpose.

為什麼選擇 Komari？ / Why Choose Komari?

市面上的服務器監控面板琳琅滿目，但 Komari 憑藉其獨特的架構脫穎而出： The market is full of server monitoring panels, but Komari stands out with its unique architecture:

• 基於 Go 語言構建 / Built with Go：Komari 的主控端和 Agent 均採用 Golang 編寫。天生的高並發優勢和出色的內存管理，使得它能以極低的系統資源占用，輕鬆處理並發連接。
  Komari's controller and agent are both written in Golang. Its inherent high-concurrency advantages and excellent memory management allow it to easily handle concurrent connections with extremely low system resource consumption.
• 優雅的 Controller + Agent 架構 / Elegant Controller + Agent Architecture：主控面板（Controller）負責節點管理與數據展示，輕量 Agent 負責採集系統指標，並通過 WebSocket 持久連接上報數據。這種設計避免了傳統輪詢式監控產生的大量請求開銷，在低帶寬 VPS 環境下依然能夠保持高實時性與極低資源占用。
  The controller dashboard is responsible for node management and data presentation, while the lightweight Agent collects system metrics and reports data via persistent WebSocket connections. This design avoids the massive request overhead generated by traditional polling-based monitoring, maintaining high real-time performance and extremely low resource usage even in low-bandwidth VPS environments.
• 極致輕量與極簡主義 / Extreme Lightweight & Minimalism：監控工具本身不應成為服務器的負擔。Komari 沒有臃腫的依賴庫，對於極其珍貴的瓦工服務器資源來說，運行它幾乎是「零感知」的。
  Monitoring tools themselves shouldn't be a burden on the server. Komari has no bloated dependency libraries; for the extremely precious BandwagonHost server resources, running it is almost "zero-perception".

本文將通過嚴謹的邏輯，一步一步完成 Komari 的基礎部署、高級安全反代，以及多節點 Agent 的接入。 This article will walk through the basic deployment of Komari, advanced secure reverse proxy configuration, and multi-node Agent integration, step-by-step with rigorous logic.

第一步：基礎安裝 - 部署 Komari 主控 / Step 1: Basic Installation - Deploying Komari Controller

無論你是在白天使用 Windows 辦公，還是使用 macOS 的終端，請先通過 SSH 接入你的搬瓦工服務器。為了保證環境的隔離性和未來排錯的便利性，我們採用 Docker Compose 進行部署。 Whether you are working on Windows during the day or using the macOS terminal, please SSH into your BandwagonHost server first. To ensure environmental isolation and ease of future troubleshooting, we will deploy using Docker Compose.

1. 創建項目目錄結構 / Create Project Directory Structure

mkdir -p /opt/komari && cd /opt/komari

2. 編寫 Docker Compose 配置文件 / Write the Docker Compose Configuration

創建並編輯 Docker Compose 配置文件： Create and edit the Docker Compose configuration file:

nano docker-compose.yml

寫入以下內容（注意端口映射的安全加固與版本控制）： Write the following content (note the security hardening of port mapping and version control):

version: '3.8'
services:
  komari:
    # 生产环境建议将 latest 替换为具体的 release 版本号以保证系统稳定性
    # For production, it's recommended to replace 'latest' with a specific release version to ensure system stability
    image: ghcr.io/komari-monitor/komari:latest
    container_name: komari
    restart: unless-stopped
    ports:
      - "127.0.0.1:25774:25774"
    volumes:
      - ./data:/app/data

🔍 Debug 與安全分析邏輯 / Debugging & Security Analysis Logic

為什麼映射 `/app/data`？ / Why map `/app/data`? 探針的面板設置、節點信息都物理存儲在這個目錄。如果不做映射，一旦容器重啟或銷毀，所有配置數據將全部丟失。 (The panel settings and node information are physically stored in this directory. If not mapped, all configuration data will be completely lost once the container restarts or is destroyed.)

安全加固 `127.0.0.1`： / Security Hardening `127.0.0.1`: 綁定本地環回地址 `127.0.0.1`，杜絕被批量掃描及 0day 漏洞攻擊的潛在威脅。 (Binding to the local loopback address `127.0.0.1` eliminates the potential threat of being bulk-scanned and attacked by 0-day vulnerabilities.)

3. 啟動服務 / Start the Service

docker compose up -d

啟動後，執行 `docker logs komari` 查看系統自動生成的初始管理員賬號和密碼。 After starting, execute `docker logs komari` to view the initial admin account and password automatically generated by the system.

第二步：進階配置 - Caddy 詳盡反代與 HTTPS / Step 2: Advanced Configuration - Detailed Caddy Reverse Proxy & HTTPS

在前端，我們將使用 Caddy 申請免費證書並進行反向代理，將安全的 HTTPS 流量轉發給內網的 Komari。 On the frontend, we will use Caddy to request a free certificate and set up a reverse proxy to forward secure HTTPS traffic to the internal Komari service.

1. 編輯 Caddyfile / Edit the Caddyfile

打開你的 Caddy 配置文件（通常位於 `/etc/caddy/Caddyfile`）： Open your Caddy config file (usually located at `/etc/caddy/Caddyfile`):

nano /etc/caddy/Caddyfile

寫入以下配置（請將 `status.yourdomain.com` 替換為你的真實域名）： Write the following configuration (please replace `status.yourdomain.com` with your real domain name):

status.yourdomain.com {
    # 启用现代 TLS 协议 / Enable modern TLS protocols
    tls {
        protocols tls1.2 tls1.3
    }
    
    # 反向代理至本地环回地址的 Komari 端口 / Reverse proxy to the Komari port on the local loopback address
    reverse_proxy localhost:25774 {
        # 传递真实访客 IP 和协议 / Pass real visitor IP and protocol
        header_up Host {host}
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}
    }

    # 启用压缩机制以加快探针面板加载速度 / Enable compression to speed up dashboard loading
    encode gzip zstd

    # 现代且严谨的安全响应头设置 / Modern and rigorous security response headers setup
    header {
        # 注意：此处未加 preload，只有在你准备将域名提交到浏览器 HSTS preload list 时才建议加入 preload 参数
        # Note: 'preload' is omitted here; it is only recommended if you plan to submit the domain to the browser HSTS preload list
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "SAMEORIGIN"
        Referrer-Policy "strict-origin-when-cross-origin"
    }
    
    # 详尽的访问日志记录，为未来排错提供明确的数据分析支持 / Detailed access logging to provide clear data support for future debugging
    log {
        output file /var/log/caddy/komari_access.log {
            roll_size 100mb
            roll_keep 5
        }
        format json
    }
}

🔍 Debug 與排錯邏輯 / Debugging & Troubleshooting Logic

WebSocket 斷連與 Cloudflare 避坑： / WebSocket Disconnection & Cloudflare Pitfalls: Komari 極其依賴 WebSocket 進行實時數據推送（Caddy v2 默認原生支持 WebSocket 轉發）。如果你發現面板卡死不刷新，請首先檢查鏈路。如果你在前端套用了 Cloudflare，請務必檢查：1. 網絡設置中的 "WebSockets" 選項是否開啟；2. SSL/TLS 加密模式必須設置為 "Full" 或 "Full (Strict)"，否則會導致循環重定向或握手失敗。 (Komari heavily relies on WebSocket for real-time data push. If the panel freezes, check the link first. If using Cloudflare, ensure: 1. "WebSockets" is enabled in Network settings; 2. SSL/TLS mode is set to "Full" or "Full (Strict)" to prevent redirect loops or handshake failures.)

日誌分析排錯： / Log Analysis Troubleshooting: 這裡專門配置了 `/var/log/caddy/komari_access.log`。如果配置完出現 502 錯誤，切忌盲目瞎猜，直接使用 `tail -f /var/log/caddy/komari_access.log` 追蹤日誌，通過分析 HTTP 狀態碼和 Upstream 報錯來精準定位問題。 (We specifically configured `/var/log/caddy/komari_access.log`. If a 502 error occurs, do not guess blindly; directly use `tail -f` to track the log and pinpoint the issue by analyzing HTTP status codes and Upstream errors.)

2. 重載 Caddy 生效 / Reload Caddy to Apply

caddy reload --config /etc/caddy/Caddyfile

第三步：多節點 Agent 接入實戰 / Step 3: Multi-Node Agent Integration Practice

主控端穩如泰山後，現在我們可以把其他 VPS 統一接入面板進行管理了。 With the controller stable as a mountain, we can now integrate your other VPS nodes into the dashboard for unified management.

1. 主控端獲取連接參數 / Get Connection Parameters from Controller

登錄你的 Komari 面板後台，點擊「添加節點」。系統會為你生成一串專屬的 Agent 連接命令，其中包含了你的 API 地址 和對應節點的 Secret Key。 Log into your Komari dashboard backend and click "Add Node". The system will generate a dedicated Agent connection command containing your API Address and the corresponding node's Secret Key.

2. 在被控節點安裝 Agent / Install Agent on the Managed Node

通過 SSH 登錄到你需要監控的服務器，為了保持系統整潔，我們依然推薦使用 Docker 運行 Agent： Log into the server you want to monitor via SSH. To keep the system clean, we still recommend running the Agent using Docker:

docker run -d \
  --name komari-agent \
  --restart unless-stopped \
  --net=host \
  -v /proc:/host/proc:ro \
  -v /sys:/host/sys:ro \
  -v /:/rootfs:ro \
  ghcr.io/komari-monitor/komari-agent:latest \
  -api "wss://status.yourdomain.com/api/v1/ws" \
  -secret "你的节点专属SecretKey"

🔍 Debug 與分析邏輯 / Debugging & Analysis Logic

參數解析 `net=host` 與目錄映射： / Parameter Parsing `net=host` and Directory Mapping: Agent 需要真實獲取宿主機的網卡流量、CPU 和內存信息，因此必須使用 `--net=host` 共享網絡命名空間，並將宿主機的 `/proc` 和 `/sys` 以只讀 (`ro`) 模式映射進容器。 (The Agent needs to fetch real host network traffic, CPU, and memory info, so it must use `--net=host` to share the network namespace and map the host's `/proc` and `/sys` into the container in read-only (`ro`) mode.)

協議檢查： / Protocol Check: 確保 `-api` 參數使用的是 `wss://`（WebSocket Secure），因為我們的主控端已經配置了嚴格的 HTTPS。如果填成 `ws://` 將會被 Caddy 拒絕連接。 (Ensure the `-api` parameter uses `wss://` (WebSocket Secure) since our controller is configured with strict HTTPS. If filled as `ws://`, the connection will be rejected by Caddy.)

大功告成！現在，你可以坐在屏幕前，看着所有服務器的綠色心跳線，享受數據掌控在自己手中的極致快感了。 Mission accomplished! Now, you can sit in front of the screen, watch the green heartbeat lines of all your servers, and enjoy the ultimate thrill of having your data under your own control.

進階探索與安全延展 / Advanced Exploration & Security Extension

Komari 其實還有更多強大的進階玩法等待你發掘。例如，你可以配置 Telegram Bot 接收服務器到期續費、流量預警、系統高負載以及延遲異常的實時推送（測速節點 IP 推薦在 zstaticcdn.com 獲取）。此外，面板還支持高度定製化的美化主題。關於這些高級配置，篇幅所限不再展開，強烈建議訪問 GitHub 搜索 `komari` 或直達官方文檔 (https://komari-document.pages.dev/) 自行探索學習。
Komari actually has many more powerful advanced features waiting for you to discover. For instance, you can configure a Telegram Bot to receive real-time push notifications for server expiration renewals, traffic warnings, high system load, and abnormal latency (we recommend getting speed test node IPs from zstaticcdn.com). Additionally, the dashboard supports highly customizable aesthetic themes. Due to space constraints, we won't expand on these advanced configurations here. It is highly recommended to search for `komari` on GitHub or visit the official documentation (https://komari-document.pages.dev/) to explore and learn on your own.

最後，雖然瓦工的線路極佳，但公網環境險惡。為了預防潛在的 DDoS 攻擊或端口嗅探，你可以進一步研究如何為面板或網站套上「賽博菩薩」 Cloudflare 的 Proxy (CDN) 甚至配置更為安全的 Cloudflare Tunnel。這些都是 VPS 玩家進階的必修課，期待你查閱相關資料，繼續點亮你的網絡安全技能樹！
Finally, although BandwagonHost's routing is excellent, the public internet environment is perilous. To prevent potential DDoS attacks or port sniffing, you can further research how to put your dashboard or website behind the "Cyber Bodhisattva" Cloudflare's Proxy (CDN) or even configure the much safer Cloudflare Tunnel. These are required courses for advanced VPS players. We look forward to you looking up relevant materials and continuing to light up your network security skill tree!

Created by AlexLynn for md5.pw Community.