Roskomnadzor and Telegram bots through a proxy
It’s impossible to think of a better advertisement for an excellent messenger - “the inflexible Durov keeps the defense and stands for the confidentiality of his clients, as in his life”. But the essence of this post is not in the marketing component of blocking Telegram in Russia. If your Telegram bot has stopped working and you need to urgently restore this work, welcome to Cat.
Last night we ran into a problem that was expected to collide. The API server of one of our clients was located in Heroku. Yesterday, a disgruntled client writes to me (in Telegram, of course) that information randomly appears on the site, then no. The site itself (application on NodeJS) has already been transferred to the Moscow server in advance to reduce ping.
After half an hour of studying the problem, a simple conclusion was obtained: Roskomnadzor blocked part of the heroku addresses. Heroku servers are rotated at the DNS level, and the DNS sometimes gave a working IP, sometimes not. By the way, finding out the cause of the problem was still quite difficult - when we tested with the developers - there was no problem. When the client tested - were. Thoughts were already appearing to respond to the client with the great phrase of the developer “everything works on my computer”.
The solution was quite simple - we moved the API application server to the St. Petersburg client server and there it was quietly deployed. Everything worked fine, except, of course, integration with Telegram. Since it is not possible to abandon this integration, since There is no decent alternative, we started to look for a solution to this problem. Everything is simple with Telegram's native client - interaction with the proxy server is already built into it and its configuration takes a few seconds. With the Bot API, it's a little different. The application interacts with https://api.telegram.org/ for each Telegram bot action, and this address is, of course, blocked by the RKN.
As an express solution to the problem, it immediately occurred to connect the client's API server to our OpenVPN network to bypass this lock. The decision was immediately rejected because response rate left much to be desired. Google and Yandex could not share with me useful information on solving this issue.
As a result, a simple and obvious thought occurred to me: to raise independently the simplest proxy server for connecting to telegrams. Below is the nginx config which now does an excellent job.
server {
listen 80;
server_name my-telegram-proxy.server;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://api.telegram.org/;
client_max_body_size 100M;
}
}
Later in the application, I changed the url BOT API to interact with the telegram - instead of
https://api.telegram.org/bot I
wrote
http: //my-telegram-proxy.server/bot
and Bot Api integration was successful
For more convenience, I created a docker container with detailed instructions for its use. This will allow you to raise your telegram bot proxy with one command in seconds
https://hub.docker.com/r/zvinger/docker-proxy-rkn/builds/
Example command: docker run -d -p 8012:80 zvinger/docker-proxy-rkn
and specify http: // server address: 8012 / in the application configuration. You can select any port when entering the command