68 lines
1.9 KiB
Markdown
68 lines
1.9 KiB
Markdown
## 准备工作
|
||
**你可以选择CloudFlare的workers进行反代,但大陆的网络你懂的,这里介绍用你自己服务器反代方式**
|
||
搭建一个TGbot api反代,你需要:
|
||
1.一个不受GFW封锁的服务器(且安装好nginx)
|
||
2.一个域名(提前申请SSL证书)
|
||
</br>
|
||
## NGINX配置
|
||
编辑你nginx的配置文件,在http{}中加上如下配置
|
||
```
|
||
# http强制跳转到htpps
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name yourDomainName;
|
||
|
||
# Enforce HTTPS
|
||
return 301 https://$server_name$request_uri;
|
||
}
|
||
## https
|
||
server {
|
||
listen 443 ssl;
|
||
listen [::]:443 ssl;
|
||
|
||
server_name yourDomainName;
|
||
|
||
## ssl密钥路径自己改改
|
||
ssl_certificate server.pem;
|
||
ssl_certificate_key server.key;
|
||
|
||
## root非必要
|
||
root /var/www/tgbot/;
|
||
|
||
## dns必须写,不然会报502错误
|
||
resolver 8.8.8.8;
|
||
|
||
## 以bot开头的请求都会被正则匹配到
|
||
location ~* ^/bot {
|
||
proxy_buffering off;
|
||
proxy_pass https://api.telegram.org$request_uri;
|
||
proxy_http_version 1.1;
|
||
}
|
||
|
||
## 和上面root一样非必要,这个主要是用来确认服务器状态的。也可以改成return 403
|
||
location /{
|
||
try_files /$uri $uri /index.html;
|
||
}
|
||
|
||
## no log no fix
|
||
error_log /var/log/tg.log error;
|
||
}
|
||
```
|
||
`yourDomainName`-你准备的域名
|
||
`ssl_certificate`-SSL证书路径
|
||
`ssl_certificate_key`-SSL证书路径
|
||
</br>
|
||
## 使用方式
|
||
:tada:然后执行`systemctl restart nginx`回到nezha将原来的https://api.telegram.org/ 替换为https://yourDomainName/ ,即可正常推送消息
|
||
</br>
|
||
## 防止盗用
|
||
`serverIp`-你监控鸡的ip地址,你系统安装的那个就用那个命令,ufw iptables都可.
|
||
```bash
|
||
#ubuntu
|
||
ufw allow proto tcp from serverIp to any port 443
|
||
#centos
|
||
iptables -I INPUT -p tcp --dport 443 -j DROP
|
||
iptables -I INPUT -s serverIp -p tcp --dport 443 -j ACCEPT
|
||
```
|