2022-04-04 21:00:18 +00:00
|
|
|
# use $sanitized_request instead of $request to hide Telegram token
|
|
|
|
log_format token_filter '$remote_addr - $remote_user [$time_local] '
|
|
|
|
'"$sanitized_request" $status $body_bytes_sent '
|
|
|
|
'"$http_referer" "$http_user_agent"';
|
|
|
|
|
2020-11-06 22:24:59 +00:00
|
|
|
upstream telegram-bot-api {
|
|
|
|
server api:8081;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name _;
|
|
|
|
|
|
|
|
chunked_transfer_encoding on;
|
|
|
|
proxy_connect_timeout 600;
|
|
|
|
proxy_send_timeout 600;
|
|
|
|
proxy_read_timeout 600;
|
|
|
|
send_timeout 600;
|
|
|
|
client_max_body_size 2G;
|
|
|
|
client_body_buffer_size 30M;
|
|
|
|
keepalive_timeout 0;
|
2022-04-04 21:00:18 +00:00
|
|
|
|
|
|
|
set $sanitized_request $request;
|
|
|
|
if ( $sanitized_request ~ (\/bot\d+):[-\w]+\/(\S+) ) {
|
|
|
|
set $sanitized_request $1:<hidden-token>/$2;
|
|
|
|
}
|
|
|
|
access_log /var/log/nginx/access.log token_filter;
|
2020-11-06 22:24:59 +00:00
|
|
|
|
|
|
|
location ~* \/file\/bot\d+:(.*) {
|
|
|
|
rewrite ^/file\/bot(.*) /$1 break;
|
|
|
|
try_files $uri @files;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
try_files $uri @api;
|
|
|
|
}
|
|
|
|
|
|
|
|
location @files {
|
|
|
|
root /var/lib/telegram-bot-api;
|
|
|
|
gzip on;
|
|
|
|
gzip_vary on;
|
|
|
|
gzip_proxied any;
|
|
|
|
gzip_comp_level 6;
|
|
|
|
gzip_buffers 64 8k;
|
|
|
|
gzip_http_version 1.1;
|
|
|
|
gzip_min_length 1100;
|
|
|
|
}
|
|
|
|
|
|
|
|
location @api {
|
|
|
|
proxy_pass http://telegram-bot-api;
|
|
|
|
proxy_redirect off;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Host $server_name;
|
|
|
|
}
|
2022-04-04 21:00:18 +00:00
|
|
|
}
|