Skip to content

Instantly share code, notes, and snippets.

@savely-krasovsky

savely-krasovsky/README.md

Last active February 5, 2023 14:04
Show Gist options
  • Star 12 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save savely-krasovsky/c4710307ff77936ac1ce1d1bbfa61834 to your computer and use it in GitHub Desktop.
Save savely-krasovsky/c4710307ff77936ac1ce1d1bbfa61834 to your computer and use it in GitHub Desktop.
Download ZIP
Telegram webhooks with nginx reverse proxy
Raw
README.md

Make config file:

sudo nano /etc/nginx/sites-available/bot.conf

Then copy and paste bot.conf content and edit YOUR.DOMAIN strings. Now install Let's Encrypt on your server. For example in Debian you need to add jessie-backports and easily install it with apt-get:

sudo apt-get install -t jessie-backports letsencrypt

Then get cert for you domain:

sudo letsencrypt certonly --standalone --email MAIL@YOUR.DOMAIN -d YOUR.DOMAIN --rsa-key-size 4096

Don't forget, you DNS A and AAAA record should point on server there you setup it, e. g. on your VPS.

Now get Diffie-Hellman key:

sudo openssl dhparam -dsaparam -out /etc/letsencrypt/live/YOUR.DOMAIN/dhparam.pem 4096

Make symlink on your new nginx config and restart nginx:

sudo ln -s /etc/nginx/sites-available/bot.conf /etc/nginx/sites-enable/bot.conf
sudo systemctl restart nginx

Ensure that you replace this:

const tg = new Telegram.Telegram('YOUR_TOKEN');

on this:

const tg = new Telegram.Telegram('YOUR_TOKEN', {
    webhook: {
        url: 'https://YOUR.DOMAIN',
        port: 3000,
        host: 'localhost'
    }
})
Raw
bot.conf
server {
listen 80;
listen [::]:80;
server_name YOUR.DOMAIN;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR.DOMAIN;
error_log /var/log/nginx/bot.error.log error;
### START OF SSL CONFIGURATION ###
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_chiphers 'EECDH+AESGCM:EECDH+AES256';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem;
ssl_dhparam /etc/letsencrypt/live/YOUR.DOMAIN/dhparam.pem;
### END OF SSL CONFIGURATION ###
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
}
}
@aplmikex
Copy link

你bot.conf第22行写错了,应该改成ssl_ciphers

@qq516249940
Copy link

你bot.conf第22行写错了,应该改成ssl_ciphers
yes,thank you reminded me。

@Patsjemoe
Copy link

Hi,
it is not clear to me where you change const tg = new Telegram.Telegram('YOUR_TOKEN');...it is not in the bot.conf file...
please advise.
thanks in advance
best regards
Ludo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment