Skip to content

Instantly share code, notes, and snippets.

@savely-krasovsky
Last active August 28, 2024 08:57
Show Gist options
  • Save savely-krasovsky/c4710307ff77936ac1ce1d1bbfa61834 to your computer and use it in GitHub Desktop.
Save savely-krasovsky/c4710307ff77936ac1ce1d1bbfa61834 to your computer and use it in GitHub Desktop.
Telegram webhooks with nginx reverse proxy

Make config file:

sudo nano /etc/nginx/sites-available/bot.conf

Then copy and paste bot.conf content and edit YOUR.DOMAIN strings. Now install Let's Encrypt on your server. For example in Debian you need to add jessie-backports and easily install it with apt-get:

sudo apt-get install -t jessie-backports letsencrypt

Then get cert for you domain:

sudo letsencrypt certonly --standalone --email [email protected] -d YOUR.DOMAIN --rsa-key-size 4096

Don't forget, you DNS A and AAAA record should point on server there you setup it, e. g. on your VPS.

Now get Diffie-Hellman key:

sudo openssl dhparam -dsaparam -out /etc/letsencrypt/live/YOUR.DOMAIN/dhparam.pem 4096

Make symlink on your new nginx config and restart nginx:

sudo ln -s /etc/nginx/sites-available/bot.conf /etc/nginx/sites-enable/bot.conf
sudo systemctl restart nginx

Ensure that you replace this:

const tg = new Telegram.Telegram('YOUR_TOKEN');

on this:

const tg = new Telegram.Telegram('YOUR_TOKEN', {
    webhook: {
        url: 'https://YOUR.DOMAIN',
        port: 3000,
        host: 'localhost'
    }
})
server {
listen 80;
listen [::]:80;
server_name YOUR.DOMAIN;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR.DOMAIN;
error_log /var/log/nginx/bot.error.log error;
### START OF SSL CONFIGURATION ###
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_chiphers 'EECDH+AESGCM:EECDH+AES256';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem;
ssl_dhparam /etc/letsencrypt/live/YOUR.DOMAIN/dhparam.pem;
### END OF SSL CONFIGURATION ###
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
}
}
@qq516249940
Copy link

你bot.conf第22行写错了,应该改成ssl_ciphers
yes,thank you reminded me。

@Patsjemoe
Copy link

Hi,
it is not clear to me where you change const tg = new Telegram.Telegram('YOUR_TOKEN');...it is not in the bot.conf file...
please advise.
thanks in advance
best regards
Ludo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment