HOW TO: Add the Webhook on Unraid/Docker with SWAG/NGINX/REVERSE-PROXY

[daredoes]

Hello,

I am opening this issue as a substitute for opening a fork and submitting a pull request to the README.

I have been trying to use this library for a... LONG... time and could not figure out how to get from polling to webhook.

Well, now I've figured it out, so I want to share this information with you, the reader.

Node Red

You'll want to set the Bot Settings to the following:

Update Mode - Webhook - Setting this value to Webhook will be necessary for receiving our updates via webhook... duh

Bot Host - telebot.yourdomain.com - Obviously, hopefully, yourdomain.com is a filler that you should replace with your domain. We're going to use telebot in this example though.

Bot Path - blank - We're going to leave this blank, best not to break anything.

Public Bot Port - 443 - We're setting this to 443, the SSL public port for a website, because we're assuming we have setup a reverse-proxy with certs through something like DuckDNS and SWAG

Local Bot Port - 8443 - This is the default value, but take note of it as we'll be using it soon. Don't set this to 1880 or whatever port Node-Red is running on, or you're gonna have a bad time. Like everything crashes, restart node red in safe mode and change the port bad time.

Certificate is Self-Signed - Unchecked - I'm pretty sure it's not self-signed through DuckDNS, so...

SSL Terminated By Reverse Proxy - Checked - By enabling this, we skip the need to do all that complex stuff involving certificate signing and whatever. Woo!

Node Red + Docker/Unraid

If you're like me, you're running this on something like HomeAssistant or Unraid. I'm running it on Unraid. Well, to make sure Telegram can send webhooks to our bot, we need to make sure our bot, running at port 8443 can be reached from our reverse-proxy.

Let's edit our node-red docker instance, and Add another Path, Port, Variable, Label, or Device, then fill in the modal with the following values:

Apply the changes, and you should see the following on your docker status page.

SWAG Proxy Conf

If you're also like me, you're running SWAG to do a reverse-proxy. Create a new subdomain proxy for telebot, our previously noted subdomain.

My configuration looks like this.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name telebot.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app 192.168.1.55;
        set $upstream_port 8443;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

Last But Not Least

Add your domain to your SWAG instance subdomains so it gets certified. Add the subdomain to your DNS records as a CNAME, or however you handle that stuff.

Once all of this is done, messages should come back from nodes pretty rapidly!

Hope this helps.

[windkh]

Thanks alot, I will merge this into the readme asap.

[windkh]

Reading your changes I noticed that you turn off SSL in the config assuming that you are inside an environment where some reverse proxy takes care of it.... I guess this is only one way how you can do it. I am thinking about moving that webhook stuff to a separate readme to keep the readme.md short and to have the webhook documentation in a separate place....

[daredoes]

Yeah, SSL is handled by SWAG, a docker app for Unraid that handles the reverse proxy. It gets the certificate for subdomains specified in it's settings, and then maps those subdomains to a local IP address and port. They could be self-signed... but I don't know, everything works, and I don't want to break anything.

Instead of an additional README, maybe the Wiki on the git repo could be a good place?

[windkh]

@daredoes maybe you can review the changes after I created the file and maybethen it would be helpful to have some more screenshots…

[daredoes]

Sure, happy to help with a review

[windkh]

integrated your changes in 10.0.9