Skip to content

Instantly share code, notes, and snippets.

@khavari

khavari/nginx_proxy.md

Last active July 17, 2025 21:56
Show Gist options
  • Save khavari/2bdf0cea441bc3195afb6a56862a0dfb to your computer and use it in GitHub Desktop.
Save khavari/2bdf0cea441bc3195afb6a56862a0dfb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx_proxy.md

Update server:

sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y
sudo apt install -y ubuntu-release-upgrader-core

Install the required tools:

sudo apt install -y nano htop git zip unzip curl python3 gettext screen cron software-properties-common

Install the nginx web server:

sudo apt update
sudo apt install -y nginx

Configure basic authentication for nginx:

sudo apt install apache2-utils
sudo touch /etc/nginx/.htpasswd
sudo htpasswd /etc/nginx/.htpasswd username

sudo chmod 640 /etc/nginx/.htpasswd
sudo chown root:www-data /etc/nginx/.htpasswd

Create config with basic authentication:

sudo nano /etc/nginx/sites-available/tg.example.com.conf

server {
    listen 80;
    listen [::]:80;
    server_name tg.example.com;
    
    access_log /var/log/nginx/tg_example_com_access.log;
    error_log /var/log/nginx/tg_example_com_error.log;

    location / {
        proxy_pass https://api.telegram.org;
        proxy_ssl_server_name on;
        proxy_set_header Host api.telegram.org;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        auth_basic "Basic Authentication";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

sudo ln -sf /etc/nginx/sites-available/tg.example.com.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Create config without authentication:

server {
    listen 80;
    listen [::]:80;
    server_name tg.example.com;
    
    access_log /var/log/nginx/tg_example_com_access.log;
    error_log /var/log/nginx/tg_example_com_error.log;

    location / {
        proxy_pass https://api.telegram.org;
        proxy_ssl_server_name on;
        proxy_set_header Host api.telegram.org;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Create config with ip restriction:

server {
    listen 80;
    listen [::]:80;
    server_name tg.example.com;
    
    access_log /var/log/nginx/tg_example_com_access.log;
    error_log /var/log/nginx/tg_example_com_error.log;

    location / {
    
        allow 86.5.90.165;
        allow 159.69.27.111;
        deny all;

        proxy_pass https://api.telegram.org;
        proxy_ssl_server_name on;
        proxy_set_header Host api.telegram.org;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
@khavari
Copy link
Author

khavari commented Jul 17, 2025

find public IP:

curl https://api.ipify.org
curl https://ipwho.is
curl https://checkip.amazonaws.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment