Contents
- 1 Preface
- 2 Policr Mini bot deployment
- 2.1 Preliminary preparation: Creating a robot for group verification
- 2.2 Deployment Process
- 2.2.1 Stable and development versions
- 2.2.2 Local deployment (Linux environment)
- 2.2.3 Local deployment (macOS environment)
- 3 Afterword
Preface
Because there are few people, I have never done group verification in the TG group. However, this week, I suddenly felt that it would be low for the group to be without verification, so I decided to create a group verification robot: firstly, it can prevent robots that automatically join the group to advertise; secondly, friends who join the group will think I am more professional.
After some research, I found two options:
1. Choose a ready-made robot solution
这种方案最出名的是”Group Help“,群地址为:GroupHelp Group AddressThis method is the simplest. The robot is ready-made. You only need to follow the instructions in the official group to add the robot to your own TG group and grant administrator privileges. It is a must-have for lazy people.
The advantage of this solution is that it is hassle-free, but the disadvantage is that you need to add other people’s robots to your group as administrators, which always feels awkward and insecure.
2. Manually built robot solution
这种方案最出名的就是”Policr Mini(beta)”,群地址为:Policr Mini Group AddressThis method requires its own host (and the network can access TG's API), and it needs to be installed and deployed by itself and then connected to TG, so it has certain technical requirements.
The advantage of this solution is safety, after all, it is a self-built robot, and the disadvantage is that it requires some fuss.
These two solutions have their own advantages and disadvantages. You can choose according to your actual needs. I will definitely choose the Policr Mini self-built solution.
Note: The github project address of Policr Mini is:https://github.com/Hentioe/policr-miniSince this article is mainly practical, I didn’t bother with some non-essential features (such as image verification) or features that are only needed in niche occasions (such as local API) (just focus on one that works), so friends who want these features can explore them by themselves according to the tutorials on the official website.
Policr Mini bot deployment
Preliminary preparation: Creating a robot for group verification
一般而言,不管是TG群(或者是TG频道或者web app)是因为哪种需求需要添加机器人,都有一个相同的前置操作:先创建对应的机器人,这步操作是通过在TG里单独和”BotFather”对话完成的。
1. Use@BotFather
Enter the conversation mode with BotFather
2. Use/newbot
Command to create a new robot
Save the robot token for later use.
3、在新建的机器人的”info”部分添加以下字段:
Powered by Policr Mini
As shown below:
This is a small agreement with the official. I use other people's things for free. I think we should try our best to respect the other party's suggestions within our ability:
4. Use/start
Commands can see all supported commands and their functions (optional)
Deployment Process
Stable and development versions
该项目自行部署的教程分为”稳定版”和”开发版”:
大家根据自己需要自行选择,我一般偏向稳定不折腾,所以选择了”稳定版”。
Local deployment (Linux environment)
Initialize the working environment
如果是Linux终端环境,请先确保已经成功安装了”Docker”和”Docker Compose”,如果没有安装请自行网上搜索使用系统对应的安装教程。
Initialize working directory and files
Note: The local deployment of Policr mini requires the support of the postgres database. According to my usual practice, I should directly use the existing local postgres database and then usedocker run
However, considering that most friends are more accustomed to the deployment method of docker-compose, and Policr mini involves more environmental parameters,docker run
The method is indeed a hassle, so in this article I will still follow the good practice of installing it using docker-compose:
1. Create a working directory (please modify the path according to the actual environment)
mkdir -p /docker/policr-mini
2. Create docker-compose.yml and .env files in the working directory
cd /docker/policr-mini touch docker-compose.yml touch .env
3. Use a text editor to save the following corresponding contents to docker-compose.yml and .env files respectively
docker-compose.yml file content:
version: "3"
services:
db:
image: postgres:16
environment:
POSTGRES_PASSWORD: {POSTGRES_PASSWORD}
POSTGRES_DB: policr_mini_prod
volumes:
- ./data:/var/lib/postgresql/data
restart: always
server:
image: gramoss/policr-mini:latest
ports:
-{POLICR_MINI_SERVER_PORT}:{POLICR_MINI_SERVER_PORT}
#-{POLICR_MINI_BOT_WEBHOOK_SERVER_PORT}:{POLICR_MINI_BOT_WEBHOOK_SERVER_PORT}
environment:
POLICR_MINI_DATABASE_URL: "ecto://postgres:{POSTGRES_PASSWORD}@db/policr_mini_prod"
POLICR_MINI_DATABASE_POOL_SIZE: {POLICR_MINI_DATABASE_POOL_SIZE}
POLICR_MINI_SERVER_ROOT_URL:{POLICR_MINI_SERVER_ROOT_URL}
POLICR_MINI_SERVER_SECRET_KEY_BASE: {POLICR_MINI_SERVER_SECRET_KEY_BASE}
POLICR_MINI_SERVER_PORT:{POLICR_MINI_SERVER_PORT}
POLICR_MINI_BOT_TOKEN: {POLICR_MINI_BOT_TOKEN}
POLICR_MINI_BOT_NAME:{POLICR_MINI_BOT_NAME}
POLICR_MINI_BOT_OWNER_ID: {POLICR_MINI_BOT_OWNER_ID}
#POLICR_MINI_BOT_API_BASE_URL:{POLICR_MINI_BOT_API_BASE_URL}
#POLICR_MINI_BOT_WORK_MODE: {POLICR_MINI_BOT_WORK_MODE}
#POLICR_MINI_BOT_WEBHOOK_URL:{POLICR_MINI_BOT_WEBHOOK_URL}
#POLICR_MINI_BOT_WEBHOOK_SERVER_PORT: {POLICR_MINI_BOT_WEBHOOK_SERVER_PORT}
POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH:{POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH}
POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT: {POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT}
POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY:{POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY}
POLICR_MINI_BOT_ASSETS_PATH: /_assets
POLICR_MINI_BOT_AUTO_GEN_COMMANDS: {POLICR_MINI_BOT_AUTO_GEN_COMMANDS}
POLICR_MINI_BOT_MOSAIC_METHOD:{POLICR_MINI_BOT_MOSAIC_METHOD}
POLICR_MINI_UNBAN_METHOD: {POLICR_MINI_UNBAN_METHOD}
POLICR_MINI_OPTS:{POLICR_MINI_OPTS}
volumes:
- ./_assets:/_assets
restart: always
depends_on:
- db
In general, the docker-compose.yml file does not need to be edited. Although a large number of variables are referenced in the file, the assignment operations for these variables are all in .env
file, so you only need to edit it separately later.env
File.
.env file contents:
POSTGRES_PASSWORD=<填入数据库密码> # 这里自定义一个密码,推荐随机一个较短的 hash 字符串
POLICR_MINI_DATABASE_POOL_SIZE=10 # 数据库连接池的大小,已预设值
POLICR_MINI_SERVER_ROOT_URL=<填入根 URL 地址> # 完成配置以后web管理页面的访问地址,比如https://mini.example.com
。
POLICR_MINI_SERVER_SECRET_KEY_BASE=<填入密钥> # 推荐随机一个较长的 hash 字符串
POLICR_MINI_SERVER_PORT=<填入端口号> # 例如 8080,其实就是宿主机上映射的端口号(同时也是容器内部应用使用的端口号,这个可以参看docker-compose.yml里面的变量定义)
POLICR_MINI_BOT_NAME=<填入机器人名称> # 请使用自己为policr mini的机器人的显示名称
POLICR_MINI_BOT_TOKEN=<填入机器人 Token> # 创建policr mini机器人时的token
POLICR_MINI_BOT_OWNER_ID=<填入机器人拥有者的 ID> # 就是机器人主人的TG账号的"ID"
POLICR_MINI_BOT_WORK_MODE=<填入工作模式> # 可选 polling/webhook。留空默认 polling
POLICR_MINI_BOT_WEBHOOK_URL=<填入 Webhook URL> # 可选配置,非 webhook 模式请留空
POLICR_MINI_BOT_WEBHOOK_SERVER_PORT=<填入 Webhook 的服务端口> # 可选配置,非 webhook 模式请留空
POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH=180 # 网格验证的单个图片格子宽度,视验证资源修改
POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT=120 # 网格验证的单个图片格子宽度,视验证资源修改
POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY=Lato # 网格验证的水印字体(每一个单元格编号文字的字体)
POLICR_MINI_BOT_AUTO_GEN_COMMANDS=true # 是否自动生成机器人命令,已预设值
POLICR_MINI_BOT_MOSAIC_METHOD=spoiler # 马赛克方法,预设值为 spoiler。也可设置为 classic
POLICR_MINI_UNBAN_METHOD=until_date # 解封方法,预设值为过期时间。也可设置为 api_call
POLICR_MINI_OPTS="" # 可选配置,此处预设为空
Note 1: Please fill in the correct variable values according to the above content and comments. Note that the variable values do not need angle brackets (<>
), the comments above are just for aesthetics.
Note 2: Some environments cannot recognize comments, so it is recommended to add #
And the Chinese explanation behind it are deleted together. Because I ignored this problem in some of my previous articles, errors may be reported during actual use.
Some extended explanations of some of the above variables:
POLICR_MINI_SERVER_ROOT_URL
: Required variable, used to generate background links./login
The link generated by the command is inaccessible, which may be due to incorrect configuration. If you ensure that the address configured by this variable is correct, then if you are back-to-source via the public network, you need to confirm whether the reverse proxy is configured correctly; or if you are back-to-source using the cloudflare tunnel, you need to confirm whether the corresponding public hostname is configured correctly. However, unlike WordPress and NextCloud, this address does not restrict access to other reachable addresses.POLICR_MINI_DATABASE_POOL_SIZE
: The size of the database connection pool. Roughly speaking, the smaller the pool, the lower the server consumption (low database memory and CPU usage), but it is not suitable for high-concurrency instances. The larger the pool, the higher the server resource consumption, but it can handle more concurrent connections. For instances that are only deployed to serve their own groups, set this value to the smallest possible (can be less than 10). The current value of this configuration for official instances is10
My own robot is only for personal use, so it is set to5
.POLICR_MINI_BOT_NAME
: Optional variable, used to display the official website's LOGO text and the suffix of the webpage title. Because the robot name often contains version information (and displaying these is redundant), a variable is specially provided for customization. When we define the value asPolicr Mini
, even if the robot's current name isPolicr Mini (beta)
You can still make the official website appear asPolicr Mini
.Notice: If this variable is not set, the bot's display name will be used directly.POLICR_MINI_BOT_OWNER_ID
: Required variable, used to identify the identity of the top administrator in the background. The ID here is not a user name, but a string of numbers. This ID is rarely displayed in the official TG client. You can @userinfobot Sending Commands/start
To get this ID:
POLICR_MINI_BOT_AUTO_GEN_COMMANDS
: Automatically generate robot commands. Set this value totrue
The command list of the robot will be automatically generated or updated at each startup, without the need to manually set it through BotFather. Sometimes, you may want to hide some or all commands, so you can set this value tofalse
.
In addition, as usual, I still keep usingdocker run
命令格式的搭建方式,以便万一有朋友需要用到。当然,这种需要postgres数据库和Policr Mini应用分开搭建,且数据库要保证在Policr Mini应用启动之前就已经正常运行;同时还需要单独创建一个”bridge”网络,因为Policr Mini会使用postgres数据库的容器名对其进行访问;最后,我为了方便,放弃了”.env”文件,把赋值都用-e
parameters to complete.
postgres databasedocker run
Format command:
docker run --name db -d --restart=always --net=public-net \ -e POSTGRES_PASSWORD=password \ -e POSTGRES_DB=policr_mini_prod \ -v /docker/policr-mini/data:/var/lib/postgresql /data\postgres:16
Policr Mini Appdocker run
Format command:
docker run --name server -d --restart=always --net=public-net \ -e POLICR_MINI_DATABASE_URL="ecto://postgres:password@db/policr_mini_prod" \ -e POLICR_MINI_DATABASE_POOL_SIZE=5 \ -e POLICR_MINI_SERVER_ROOT_URL=https ://example.com \ -e POLICR_MINI_SERVER_SECRET_KEY_BASE=xxxxxxxxxx \ -e POLICR_MINI_SERVER_PORT=8080 \ -e POLICR_MINI_BOT_TOKEN=xxxxxxxxx \ -e POLICR_MINI_BOT_NAME=xxxxxxxx \ -e POLICR_MINI_BOT_OWNER_ID=xxxxxxxx \ -e POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH=180 \ -e POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT=120 \ -e POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY=lato \ -e POLICR_MINI_BOT_ASSETS_PATH=/_assets \ -e POLICR_MINI_BOT_AUTO_GEN_COMMANDS=true \ -e POLICR_MINI_BOT_MOSAIC_METHOD=spoiler \ -e POLICR_MINI_UNBAN_METHOD=until_date \ -e POLICR_MINI_OPTS="" \ -p 8080:8080 \ -v /docker/policr-mini/_assets:/_assets \ gramoss/policr-mini:latest
Deploy TG group verification robot
Pull up the Policr Mini app
Note: Once again, you need to ensure that the device where you deploy Policr Mini is in a scientific environment, or at least able to communicate with the TG API normally (that is,https://api.telegram.org
), otherwise the Policr Mini will not start properly even if you pull it up.
Use the following command to launch the Policr Mini application:
cd /docker/policr-mini docker-compose up -d
At this point, if everything is normal, use the.env
文件”POLICR_MINI_SERVER_ROOT_URL”变量中设定的访问地址即可正常访问web页面:
Add the verification robot to the TG group
Follow the steps below to add a verification robot in the TG group and set it as a group administrator:
Add the verification bot as an administrator:
启用”新成员验证”:
Finally, use it in the TG group
/sync
Command (can also be used in the verification robot private chat interface) to synchronize information with the locally deployed Policr mini application:Verify robot background settings
You can use it in the private chat interface of the verification robot/login
Command to get the token:
可以直接使用上图下方红框中的”进入后台”按键进入后台(前提是之前指定的web地址可以正常访问)。
If you need to log in to the console manually, you need to paste the token obtained in the above picture in the background of the WEB page:
然后即可进入后台配置界面,后台中最重要的设置项是”全局属性”:
一般保持默认值就行,不过如果有特殊要求可以自行修改,甚至可以在”方案定制”里修改验证机器人的默认行为:
I won’t say much about these, there are many options, you can see them for yourself when the time comes.
Advanced skills: webhook mode
Introduction to webhook mode
In the Telegram Bot API, Bots can receive updates in two ways:
• Long Polling Mode:Bot actively polls the Telegram server for updates.
• Webhook Mode:Telegram 服务器主动将更新推送到Bot的”Webhook URL”。
Policr Mini supports Webhook mode, which requires an HTTP server to be running (described later) to receive message updates pushed by Telegram.
By default, the robot will polling
Mode startup, this is a simple and effective mode, no additional configuration is required, and it is also the way I recommend to general friends because it is really simple.polling
The working model determines that its response speed will be slower thanwebhook
mode (and rotation training means that you need to send requests to the TG API frequently, and it is not clear whether there will be any adverse effects). The officialwebhook
Description (however, this description is too concise, and several things that need to be paid attention to in actual configuration are not made clear):
For those who have successfully usedpolling
For students who have deployed verification robots in the mode, if you are motivated (tossing energy), you can continue to challengewebhook
model.
Explanation of webhook related parameters
In the docker-compose.yml file,environment:
There are 4 parts commented out by "#", as shown in the following figure:
一般而言,配置webhook模式只需要上图红框中的3项,所以需要在docker-compose.yml文件里删掉这3项前面的”#”符号来取消注释。这3个选项分别对应的变量含义在”.env”文件中都有说明:
To be honest, these are actually very easy to understand. The following is an example after setting:
POLICR_MINI_BOT_WORK_MODE=webhook POLICR_MINI_BOT_WEBHOOK_URL=https://webhook.example.com/updates_hook POLICR_MINI_BOT_WEBHOOK_SERVER_PORT=8080
There are 2 things to note here:
1. POLICR_MINI_BOT_WEBHOOK_URL
For the URL used in the webhookhttps://webhook.example.com
For webhook mode, correct configuration is the prerequisite for normal operation. The correct configuration here refers to the corresponding adaptation settings for different return-to-source methods:
- 公网地址回源:如果选择这种回源方式,需要正确配置反向代理,这点和前面的另一个涉及访问网址的选项”POLICR_MINI_SERVER_ROOT_URL”是一样的,不过有一点要注意,就是不能开”人机检测”,否则会导致webhook模式失败(毕竟TG给webhook网址发的消息肯定不是人发的~)。如果担心安全问题,可以设置TG IP范围的白名单。
-
Cloudflare tunnel: If you choose this back-to-source method, you don’t need to bother with the reverse proxy. However, please note that if you set a WAF policy and enable the legendary 5-second shield, you need to correctly set the WAF skip policy so that the message sent by TG can reach the webhook URL normally. Take my skip configuration as an example:
2. POLICR_MINI_BOT_WEBHOOK_SERVER_PORT
在前面介绍webhook模式的时候,我提到过:”Policr Mini 支持 Webhook 模式,而这个模式需要一个 HTTP 服务器运行,以接收 Telegram 推送的消息更新。”,这个选项的作用其实就是在容器内部开一个端口来运行HTTP服务器(“容器内部”要划重点)。
In the docker-compose.yml file, the port part only takes effect for the port used for the POLICR_MINI_SERVER_ROOT_URL option by default, and the POLICR_MINI_BOT_WEBHOOK_SERVER_PORT option is in an ineffective state (commented out):
官方部署上也没提这点,我开始没注意,后来折腾半天没成功后,才发现对外端口都没打开,然后才注意这个,有点坑~,所以大家要记得,启用webhook模式需要取消注释,就是删掉”#”号。
Webhook mode verification
ifPOLICR_MINI_BOT_WORK_MODE
If the option specifies webhook, then policr mini will register with Telegram using the webhook mode. At this time, you can use the following method to verify whether policr mini is successfully registered as webhook mode on Telegram:
curl "https://api.telegram.org/bot/getWebhookInfo"
Note: The same is true when you access the above URL directly in the browser. When actually using it, just add the token to verify the robot after bot.<>
The symbol should be removed.
If everything goes well, you will get a response similar to the following:
{ "ok": true, "result": { "url": "https://your-server.com/webhook-url", "has_custom_certificate": false, "pending_update_count": 0 } }
Take my response as an example:
可选进阶技能:自建本地”Telegram BotAPI”
existenvironment:
中还有一个”POLICR_MINI_BOT_API_BASE_URL”选项,我之前并没有提,因为常规部署webhook时用不到,只有需要部署本地API的时候才需要用到。那么,什么是本地API,它有什么功能呢?
简单来说,本地”Telegram Bot API”就像是一个”中间代理层”,它起到了以下几个核心功能:
1. Remove restrictions on official APIs
• Request rate limiting: The official API has a limit on the number of requests per second (usually 30 per second). The local API allows you to break these limits because it caches and optimizes interactions with Telegram servers.
• Concurrency Limits: The local API can be configured with a higher number of concurrent connections (through parameters such as max_connections) to better handle high-volume requests.
2. Improve privacy
• Before communicating with Telegram official API, all message contents will first communicate with the local API.
• This means: sensitive information can be filtered or encrypted locally to avoid direct transmission to Telegram official servers; messages can be logged or analyzed locally to meet certain compliance requirements.
3. Optimize and integrate traffic
• Aggregate Request: The local API can integrate requests from multiple Bots or multiple users and then send them to the Telegram official server, reducing the number of direct interactions with the official server.
• Caching and rate control: Through the local API, some repeated or frequent requests (such as obtaining a list of group members) can be cached to reduce unnecessary traffic.
4. Easy to debug and control
• The local API provides more fine-grained logging and control capabilities, allowing you to more easily monitor, debug, and optimize the behavior of your Bot.
• For example, monitoring which requests are most time-consuming, or capturing error responses from Telegram's official API to handle them in advance.
5. Final data is sent to Telegram
• After all optimizations are done locally, the local API will send data to the Telegram official server with minimal latency and optimized frequency.
• It's like a proxy server, only it's smarter and can do more customized things.
This architecture is very useful in high-traffic scenarios, when privacy is high or custom control is needed, but for me, it is completely useless, so I have no motivation to tinker with it. Friends who are interested can try it themselves.
Note: If you use the local API and process messages from Telegram directly, the local API will periodically pull updates from Telegram instead of relying on Webhook to receive them (that is, the local API and Webhook are actually two mutually exclusive methods: one is to actively access TG, and the other is to passively wait for TG to access). When using the local API, the process becomes that you actively request updates from Telegram at regular intervals (actually, it is a round-robin training) instead of waiting for Telegram to push updates, so the response may be slower than the webhook method. Of course, in exchange, you get the core functions mentioned above, and at the same time, there is no need to expose a webhook access URL to the outside world.
Verify the robot's general functions
After successfully building the verification robot, several common functions are provided in the private chat interface with the verification robot (some of which have been mentioned above):
/ping
You can test whether the robot is active (that is, whether TG can communicate normally with the policr mini application you deployed locally). If it is normal, the following display will be displayed:/sync
You can synchronize the group input to the local policr mini application. If normal, there will be a special effect of particles spreading out. Because the speed is too fast, it is difficult to take a screenshot, so I only took a screenshot like this:/login
The previously configured web backend URL will be given, and you can directly click to log in (provided that it is correctly configured and accessible):/console
This is the console that will be used to replace background functions in the future:It does look a lot taller:
Local deployment (macOS environment)
If you are using a Windows or Mac environment, you can install Docker for Desktop to support this (download address is as follows:https://www.docker.com/products/docker-desktop/):
I tried to install it using Docker Desktop for Mac. I won't go into details here, but I'll mention two key points:
1、docker desktop for mac默认是支持docker-compose的,但是命令和linux下略有不同,没有”-“,比如,命令”docker-compose up -d”,在mac下变成了”docker compose up -d”,以此类推。
2、mac默认”.”开头的文件只能是系统文件,所以直接创建.env
The file will report an error:
Use in Linux environment
docker-compose up -d
能正常工作的前提是工作目录下同时存在”docker-compose.yml”和”.env”文件,而mac下因为不能用”.env”的文件名,所以实际运行”docker compose up -d”命令时,会出现如下报错:其实就是不能从”.env”文件里获取变量的具体赋值,这也正常,本来”.env”文件就没了。
In theory, there are two solutions:
1. Explicitly specify the environment variable file in docker-compose.yml, similar to the following:
env_file: -policrmini.env
这样做的目的是避免非要用”.env”做环境文件名的尴尬场景,不过嘛,我尝试了下,并没有成功,也不知道为啥,懒得研究了。
2、直接放弃”.env”文件,把所有赋值直接写到”docker-compose.yml”文件中,如下:
This approach worked.
Afterword
Let me say a few words about the scientific way to deploy the Policr Minil Lnux environment.
1. Foreign VPS: There is nothing much to say about this, it does not require any scientific knowledge and there will be no problem in deploying it.
2. Domestic VPS (Global Science): There is no problem with this type, in fact, it is no different from foreign VPS
3. Domestic VPS (whitelist science): This type of VPS only needs to guarantee the domain nameapi.telegram.org
Just add it to the whitelist and it will not affect the use.
4. Domestic VPS (cannot set up scientific VPS): This scenario may be because the VPS has other functions (such as production environment) and cannot perform operations with global impact.
Then, another way is to rely on the proxy of the docker environment itself. It is generally recommended to create or edit/etc/docker/daemon.json
To open the daemon.json file, first open the daemon.json file:
vim /etc/docker/daemon.json
Then copy and paste the following content into the daemon.json file:
{ "proxies": { "default": { "httpProxy": "http://your-proxy-server:port", # your-proxy-server:port
is the proxy server address and port you use "httpsProxy": "http://your-proxy-server:port", "noProxy": "localhost,127.0.0.1" } } }
Then restart the Docker service:
systemctl restart docker
采用这种方式,可以让拉取镜像和容器启动前的流量均可以使用代理(会影响所有docker,大家需要评估是否适合自己的环境,也可能会有一些特殊情况:比如创建或者编辑这个”daemon.json”文件反而会导致docker服务异常的,这种时候就要靠大家自己排查了)。
为什么我要提”容器启动前的流量”这一点呢?因为另一种影响更小的容器使用代理的方式,是在创建容器时使用环境参数来指定代理,以docker-compose.yml的配置为例,只要在environment:
Adding the following configuration will enable this docker to use the proxy to access the Internet:
HTTP_PROXY: http://your-proxy-server:port
HTTPS_PROXY: http://your-proxy-server:port
NO_PROXY: localhost,127.0.0.1
In fact, this method has the least impact and is the most recommended method. However, this method can only take effect after the container is started completely normally. The only problem with Policr Mini is that it will communicate with the TG API during the startup phase. If the communication fails, the container cannot start. Therefore, this most recommended method with the least impact cannot be used.
In addition, this article also involves the knowledge of reverse proxy and cloudflare tunnel. Friends who are not familiar with it can refer to my previous articles:
- Reverse Proxy
If you use the Baota panel, you can refer to the article for reverse proxy configuration:Linux panel series configure reverse proxy and use non-443 port for publishing; If you use NPM, you can refer to the article for reverse proxy configuration:Docker series uses Docker to build its own reverse proxy based on NPM).
- cloudflare tunnel
You can refer to the article:The home data center series uses tunnel technology to allow home broadband without public IP to use cloudflare for free to quickly build a website (recommended).