Instead of ngrok, pinggy etc – we’ll do it using own nginx web-server and ssh-tunnel.
/etc/nginx/sites-enabled/tgbot-webhook.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# if ($scheme == http) then we'll forwarding to 443 server { listen 80; listen [::]:80; server_name alabuga.dev; return 301 https://$server_name$request_uri:8443; access_log /var/log/nginx/access80.log; error_log /var/log/nginx/errors80.log error; } server { listen 8443 ssl http2; listen [::]:8443 ssl http2; server_name alabuga.dev; # m_tgBot.getApi().setWebhook("https://alabuga.dev:8443"); access_log /var/log/nginx/access443.log; error_log /var/log/nginx/errors443.log error; ### START OF SSL CONFIGURATION ### ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EECDH+AES256'; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_stapling on; ssl_stapling_verify on; ssl_certificate /home/a/crt_and_full_chain.crt; ssl_certificate_key /home/a/private-key.pem; ### END OF SSL CONFIGURATION ### add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; location / { proxy_set_header _path "/<MY_BOT_TOKEN>"; # TgWebhookServer.h patch proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:3000; # TgWebhookTcpServer webhookServer(3000, m_tgBot); } } |
On the Bot’s computer in our local network (behind NAT)
|
1 |
ssh -R 3000:localhost:3000 ssh-user@alabuga.dev |
