Skip to content

Instantly share code, notes, and snippets.

@LeonDevLifeLog

LeonDevLifeLog/README.md

Forked from savely-krasovsky/README.md
Created September 16, 2017 15:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save LeonDevLifeLog/58134871406ff0f0a7edc0cd92db8888 to your computer and use it in GitHub Desktop.
Save LeonDevLifeLog/58134871406ff0f0a7edc0cd92db8888 to your computer and use it in GitHub Desktop.
Download ZIP
Telegram webhooks with nginx reverse proxy
Raw
README.md

Make config file:

sudo nano /etc/nginx/sites-available/bot.conf

Then copy and paste bot.conf content and edit YOUR.DOMAIN strings. Now install Let's Encrypt on your server. For example in Debian you need to add jessie-backports and easily install it with apt-get:

sudo apt-get install -t jessie-backports letsencrypt

Then get cert for you domain:

sudo letsencrypt certonly --standalone --email MAIL@YOUR.DOMAIN -d YOUR.DOMAIN --rsa-key-size 4096

Don't forget, you DNS A and AAAA record should point on server there you setup it, e. g. on your VPS.

Now get Diffie-Hellman key:

sudo openssl dhparam -dsaparam -out /etc/letsencrypt/live/YOUR.DOMAIN/dhparam.pem 4096

Make symlink on your new nginx config and restart nginx:

sudo ln -s /etc/nginx/sites-available/bot.conf /etc/nginx/sites-enable/bot.conf
sudo systemctl restart nginx

Ensure that you replace this:

const tg = new Telegram.Telegram('YOUR_TOKEN');

on this:

const tg = new Telegram.Telegram('YOUR_TOKEN', {
    webhook: {
        url: 'https://YOUR.DOMAIN',
        port: 3000,
        host: 'localhost'
    }
})
Raw
bot.conf
server {
listen 80;
listen [::]:80;
server_name YOUR.DOMAIN;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR.DOMAIN;
error_log /var/log/nginx/bot.error.log error;
### START OF SSL CONFIGURATION ###
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_chiphers 'EECDH+AESGCM:EECDH+AES256';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem;
ssl_dhparam /etc/letsencrypt/live/YOUR.DOMAIN/dhparam.pem;
### END OF SSL CONFIGURATION ###
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment