arsalanses · January 26, 2025 12:16
diff --git a/compose.yml b/compose.yml
 services:
  nginx:
    image: nginx:1.27
    restart: always
    #ports:
    #  - "80:80"
    volumes:
      - ./conf.d/tgapi.conf:/etc/nginx/conf.d/tgapi.conf
      # - ./conf.d/nginx.conf:/etc/nginx/nginx.conf
      # - ./log:/var/log/nginx
    networks:
      - web
 #     extra_hosts:
 #       - "host.docker.internal:host-gateway"

 networks:
  web:
    external: true
diff --git a/reload.sh b/reload.sh
 #!/bin/bash

 set -xe

 docker compose exec -it nginx nginx -t
 docker compose exec -it nginx nginx -s reload

 echo "Nginx related processes:"
 ps -C nginx --no-headers | wc -l
diff --git a/tgapi.conf b/tgapi.conf
 limit_conn_zone $binary_remote_addr zone=addr:10m;
 limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

 server {
    listen 80;
    server_name tgapi.example.ir;

    access_log /var/log/nginx/tgapi.access.log;
    error_log /var/log/nginx/tgapi.error.log;

    limit_conn addr 10;
    limit_req zone=one burst=20 nodelay;
    server_tokens off;

    add_header x-loc-intrnal "hz-g2-uptk";

    if ($http_user_agent ~* (wget|libwww-perl)) {
        return 403;
    }

    location ~* (\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)$ {
        return 403;
    }

    location ~ /\.(ht|env|git) {
        deny all;
        return 404;
    }

    location = /favicon.ico {
        access_log off;
        log_not_found off;
        return 204;
    }

    location / {
        return 444;
    }

    location ~* ^/bot {
        resolver 8.8.8.8;
        proxy_buffering off;
        proxy_pass https://api.telegram.org$request_uri;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Timeout for connecting to the proxied server
        proxy_connect_timeout 60s;
        # Timeout for reading a response from the proxied server
        proxy_read_timeout 10s;
        # Timeout for transmitting a request to the proxied server
        proxy_send_timeout 10s;

        limit_rate 100k;
    }

    location = /basic_status {
        stub_status;
    }

 }
	services:
	nginx:
	image: nginx:1.27
	restart: always
	#ports:
	# - "80:80"
	volumes:
	- ./conf.d/tgapi.conf:/etc/nginx/conf.d/tgapi.conf
	# - ./conf.d/nginx.conf:/etc/nginx/nginx.conf
	# - ./log:/var/log/nginx
	networks:
	- web
	# extra_hosts:
	# - "host.docker.internal:host-gateway"

	networks:
	web:
	external: true
	#!/bin/bash

	set -xe

	docker compose exec -it nginx nginx -t
	docker compose exec -it nginx nginx -s reload

	echo "Nginx related processes:"
	ps -C nginx --no-headers \| wc -l
	limit_conn_zone $binary_remote_addr zone=addr:10m;
	limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

	server {
	listen 80;
	server_name tgapi.example.ir;

	access_log /var/log/nginx/tgapi.access.log;
	error_log /var/log/nginx/tgapi.error.log;

	limit_conn addr 10;
	limit_req zone=one burst=20 nodelay;
	server_tokens off;

	add_header x-loc-intrnal "hz-g2-uptk";

	if ($http_user_agent ~* (wget\|libwww-perl)) {
	return 403;
	}

	location ~* (\.php\|\.asp\|\.exe\|\.pl\|\.cgi\|\.scgi)$ {
	return 403;
	}

	location ~ /\.(ht\|env\|git) {
	deny all;
	return 404;
	}

	location = /favicon.ico {
	access_log off;
	log_not_found off;
	return 204;
	}

	location / {
	return 444;
	}

	location ~* ^/bot {
	resolver 8.8.8.8;
	proxy_buffering off;
	proxy_pass https://api.telegram.org$request_uri;

	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	# Timeout for connecting to the proxied server
	proxy_connect_timeout 60s;
	# Timeout for reading a response from the proxied server
	proxy_read_timeout 10s;
	# Timeout for transmitting a request to the proxied server
	proxy_send_timeout 10s;

	limit_rate 100k;
	}

	location = /basic_status {
	stub_status;
	}

	}