Home Data Center Series Policr Mini Practice: Building a Secure and Efficient Telegram Group Verification System

Preface

Because there are few people, I have never done group verification in the TG group. However, this week, I suddenly felt that it would be low for the group to be without verification, so I decided to create a group verification robot: firstly, it can prevent robots that automatically join the group to advertise; secondly, friends who join the group will think I am more professional.

After some research, I found two options:

1. Choose a ready-made robot solution

这种方案最出名的是”Group Help“,群地址为:GroupHelp Group AddressThis method is the simplest. The robot is ready-made. You only need to follow the instructions in the official group to add the robot to your own TG group and grant administrator privileges. It is a must-have for lazy people.

The advantage of this solution is that it is hassle-free, but the disadvantage is that you need to add other people’s robots to your group as administrators, which always feels awkward and insecure.

2. Manually built robot solution

这种方案最出名的就是”Policr Mini(beta)”,群地址为:Policr Mini Group AddressThis method requires its own host (and the network can access TG's API), and it needs to be installed and deployed by itself and then connected to TG, so it has certain technical requirements.

The advantage of this solution is safety, after all, it is a self-built robot, and the disadvantage is that it requires some fuss.

These two solutions have their own advantages and disadvantages. You can choose according to your actual needs. I will definitely choose the Policr Mini self-built solution.

Note: The github project address of Policr Mini is:https://github.com/Hentioe/policr-miniSince this article is mainly practical, I didn’t bother with some non-essential features (such as image verification) or features that are only needed in niche occasions (such as local API) (just focus on one that works), so friends who want these features can explore them by themselves according to the tutorials on the official website.

Policr Mini bot deployment

Preliminary preparation: Creating a robot for group verification

一般而言,不管是TG群(或者是TG频道或者web app)是因为哪种需求需要添加机器人,都有一个相同的前置操作:先创建对应的机器人,这步操作是通过在TG里单独和”BotFather”对话完成的。

1. Use@BotFatherEnter the conversation mode with BotFather
image.png

2. Use/newbotCommand to create a new robot

image.png

Save the robot token for later use.

3、在新建的机器人的”info”部分添加以下字段:

Powered by Policr Mini

As shown below:

image.png

This is a small agreement with the official. I use other people's things for free. I think we should try our best to respect the other party's suggestions within our ability:
image.png

4. Use/startCommands can see all supported commands and their functions (optional)
image.png

Deployment Process

Stable and development versions

该项目自行部署的教程分为”稳定版”和”开发版”:

image.png

大家根据自己需要自行选择,我一般偏向稳定不折腾,所以选择了”稳定版”。

Local deployment (Linux environment)

Initialize the working environment

如果是Linux终端环境,请先确保已经成功安装了”Docker”和”Docker Compose”,如果没有安装请自行网上搜索使用系统对应的安装教程。

Initialize working directory and files

Note: The local deployment of Policr mini requires the support of the postgres database. According to my usual practice, I should directly use the existing local postgres database and then usedocker runHowever, considering that most friends are more accustomed to the deployment method of docker-compose, and Policr mini involves more environmental parameters,docker runThe method is indeed a hassle, so in this article I will still follow the good practice of installing it using docker-compose:
1. Create a working directory (please modify the path according to the actual environment)

mkdir -p /docker/policr-mini

2. Create docker-compose.yml and .env files in the working directory

cd /docker/policr-mini touch docker-compose.yml touch .env

3. Use a text editor to save the following corresponding contents to docker-compose.yml and .env files respectively
docker-compose.yml file content:

version: "3"

services:
  db:
    image: postgres:16
    environment:
      POSTGRES_PASSWORD: {POSTGRES_PASSWORD}
      POSTGRES_DB: policr_mini_prod
    volumes:
      - ./data:/var/lib/postgresql/data
    restart: always

  server:
    image: gramoss/policr-mini:latest
    ports:
      -{POLICR_MINI_SERVER_PORT}:{POLICR_MINI_SERVER_PORT}
      #-{POLICR_MINI_BOT_WEBHOOK_SERVER_PORT}:{POLICR_MINI_BOT_WEBHOOK_SERVER_PORT}
    environment:
      POLICR_MINI_DATABASE_URL: "ecto://postgres:{POSTGRES_PASSWORD}@db/policr_mini_prod"
      POLICR_MINI_DATABASE_POOL_SIZE: {POLICR_MINI_DATABASE_POOL_SIZE}
      POLICR_MINI_SERVER_ROOT_URL:{POLICR_MINI_SERVER_ROOT_URL}
      POLICR_MINI_SERVER_SECRET_KEY_BASE: {POLICR_MINI_SERVER_SECRET_KEY_BASE}
      POLICR_MINI_SERVER_PORT:{POLICR_MINI_SERVER_PORT}
      POLICR_MINI_BOT_TOKEN: {POLICR_MINI_BOT_TOKEN}
      POLICR_MINI_BOT_NAME:{POLICR_MINI_BOT_NAME}
      POLICR_MINI_BOT_OWNER_ID: {POLICR_MINI_BOT_OWNER_ID}
      #POLICR_MINI_BOT_API_BASE_URL:{POLICR_MINI_BOT_API_BASE_URL}
      #POLICR_MINI_BOT_WORK_MODE: {POLICR_MINI_BOT_WORK_MODE}
      #POLICR_MINI_BOT_WEBHOOK_URL:{POLICR_MINI_BOT_WEBHOOK_URL}
      #POLICR_MINI_BOT_WEBHOOK_SERVER_PORT: {POLICR_MINI_BOT_WEBHOOK_SERVER_PORT}
      POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH:{POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH}
      POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT: {POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT}
      POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY:{POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY}
      POLICR_MINI_BOT_ASSETS_PATH: /_assets
      POLICR_MINI_BOT_AUTO_GEN_COMMANDS: {POLICR_MINI_BOT_AUTO_GEN_COMMANDS}
      POLICR_MINI_BOT_MOSAIC_METHOD:{POLICR_MINI_BOT_MOSAIC_METHOD}
      POLICR_MINI_UNBAN_METHOD: {POLICR_MINI_UNBAN_METHOD}
      POLICR_MINI_OPTS:{POLICR_MINI_OPTS}
    volumes:
      - ./_assets:/_assets
    restart: always
    depends_on:
      - db

In general, the docker-compose.yml file does not need to be edited. Although a large number of variables are referenced in the file, the assignment operations for these variables are all in .env file, so you only need to edit it separately later.envFile.


.env file contents:

POSTGRES_PASSWORD=<填入数据库密码> # 这里自定义一个密码,推荐随机一个较短的 hash 字符串
POLICR_MINI_DATABASE_POOL_SIZE=10 # 数据库连接池的大小,已预设值
POLICR_MINI_SERVER_ROOT_URL=<填入根 URL 地址> # 完成配置以后web管理页面的访问地址,比如https://mini.example.com。
POLICR_MINI_SERVER_SECRET_KEY_BASE=<填入密钥> # 推荐随机一个较长的 hash 字符串
POLICR_MINI_SERVER_PORT=<填入端口号> # 例如 8080,其实就是宿主机上映射的端口号(同时也是容器内部应用使用的端口号,这个可以参看docker-compose.yml里面的变量定义)
POLICR_MINI_BOT_NAME=<填入机器人名称> # 请使用自己为policr mini的机器人的显示名称
POLICR_MINI_BOT_TOKEN=<填入机器人 Token> # 创建policr mini机器人时的token
POLICR_MINI_BOT_OWNER_ID=<填入机器人拥有者的 ID> # 就是机器人主人的TG账号的"ID"
POLICR_MINI_BOT_WORK_MODE=<填入工作模式> # 可选 polling/webhook。留空默认 polling
POLICR_MINI_BOT_WEBHOOK_URL=<填入 Webhook URL> # 可选配置,非 webhook 模式请留空
POLICR_MINI_BOT_WEBHOOK_SERVER_PORT=<填入 Webhook 的服务端口> # 可选配置,非 webhook 模式请留空
POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH=180 # 网格验证的单个图片格子宽度,视验证资源修改
POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT=120 # 网格验证的单个图片格子宽度,视验证资源修改
POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY=Lato # 网格验证的水印字体(每一个单元格编号文字的字体)
POLICR_MINI_BOT_AUTO_GEN_COMMANDS=true # 是否自动生成机器人命令,已预设值
POLICR_MINI_BOT_MOSAIC_METHOD=spoiler # 马赛克方法,预设值为 spoiler。也可设置为 classic
POLICR_MINI_UNBAN_METHOD=until_date # 解封方法,预设值为过期时间。也可设置为 api_call
POLICR_MINI_OPTS="" # 可选配置,此处预设为空

Note 1: Please fill in the correct variable values according to the above content and comments. Note that the variable values do not need angle brackets (<>), the comments above are just for aesthetics.

Note 2: Some environments cannot recognize comments, so it is recommended to add # And the Chinese explanation behind it are deleted together. Because I ignored this problem in some of my previous articles, errors may be reported during actual use.


Some extended explanations of some of the above variables:

  • POLICR_MINI_SERVER_ROOT_URL: Required variable, used to generate background links. /login The link generated by the command is inaccessible, which may be due to incorrect configuration. If you ensure that the address configured by this variable is correct, then if you are back-to-source via the public network, you need to confirm whether the reverse proxy is configured correctly; or if you are back-to-source using the cloudflare tunnel, you need to confirm whether the corresponding public hostname is configured correctly. However, unlike WordPress and NextCloud, this address does not restrict access to other reachable addresses.
  • POLICR_MINI_DATABASE_POOL_SIZE: The size of the database connection pool. Roughly speaking, the smaller the pool, the lower the server consumption (low database memory and CPU usage), but it is not suitable for high-concurrency instances. The larger the pool, the higher the server resource consumption, but it can handle more concurrent connections. For instances that are only deployed to serve their own groups, set this value to the smallest possible (can be less than 10). The current value of this configuration for official instances is 10My own robot is only for personal use, so it is set to5.
  • POLICR_MINI_BOT_NAME: Optional variable, used to display the official website's LOGO text and the suffix of the webpage title. Because the robot name often contains version information (and displaying these is redundant), a variable is specially provided for customization. When we define the value as Policr Mini , even if the robot's current name is Policr Mini (beta) You can still make the official website appear as Policr Mini.Notice: If this variable is not set, the bot's display name will be used directly.
  • POLICR_MINI_BOT_OWNER_ID: Required variable, used to identify the identity of the top administrator in the background. The ID here is not a user name, but a string of numbers. This ID is rarely displayed in the official TG client. You can @userinfobot Sending Commands/startTo get this ID:
    image.png
  • POLICR_MINI_BOT_AUTO_GEN_COMMANDS: Automatically generate robot commands. Set this value to true The command list of the robot will be automatically generated or updated at each startup, without the need to manually set it through BotFather. Sometimes, you may want to hide some or all commands, so you can set this value to false.

In addition, as usual, I still keep usingdocker run命令格式的搭建方式,以便万一有朋友需要用到。当然,这种需要postgres数据库和Policr Mini应用分开搭建,且数据库要保证在Policr Mini应用启动之前就已经正常运行;同时还需要单独创建一个”bridge”网络,因为Policr Mini会使用postgres数据库的容器名对其进行访问;最后,我为了方便,放弃了”.env”文件,把赋值都用-eparameters to complete.

postgres databasedocker runFormat command:

docker run --name db -d --restart=always --net=public-net \ -e POSTGRES_PASSWORD=password \ -e POSTGRES_DB=policr_mini_prod \ -v /docker/policr-mini/data:/var/lib/postgresql /data\postgres:16

Policr Mini Appdocker runFormat command:

docker run --name server -d --restart=always --net=public-net \ -e POLICR_MINI_DATABASE_URL="ecto://postgres:password@db/policr_mini_prod" \ -e POLICR_MINI_DATABASE_POOL_SIZE=5 \ -e POLICR_MINI_SERVER_ROOT_URL=https ://example.com \ -e POLICR_MINI_SERVER_SECRET_KEY_BASE=xxxxxxxxxx \ -e POLICR_MINI_SERVER_PORT=8080 \ -e POLICR_MINI_BOT_TOKEN=xxxxxxxxx \ -e POLICR_MINI_BOT_NAME=xxxxxxxx \ -e POLICR_MINI_BOT_OWNER_ID=xxxxxxxx \ -e POLICR_MINI_BOT_GRID_CAPTCHA_INDI_WIDTH=180 \ -e POLICR_MINI_BOT_GRID_CAPTCHA_INDI_HEIGHT=120 \ -e POLICR_MINI_BOT_GRID_CAPTCHA_WATERMARK_FONT_FAMILY=lato \ -e POLICR_MINI_BOT_ASSETS_PATH=/_assets \ -e POLICR_MINI_BOT_AUTO_GEN_COMMANDS=true \ -e POLICR_MINI_BOT_MOSAIC_METHOD=spoiler \ -e POLICR_MINI_UNBAN_METHOD=until_date \ -e POLICR_MINI_OPTS="" \ -p 8080:8080 \ -v /docker/policr-mini/_assets:/_assets \ gramoss/policr-mini:latest

Deploy TG group verification robot

Pull up the Policr Mini app

Note: Once again, you need to ensure that the device where you deploy Policr Mini is in a scientific environment, or at least able to communicate with the TG API normally (that is,https://api.telegram.org), otherwise the Policr Mini will not start properly even if you pull it up.


Use the following command to launch the Policr Mini application:

cd /docker/policr-mini docker-compose up -d

At this point, if everything is normal, use the.env文件”POLICR_MINI_SERVER_ROOT_URL”变量中设定的访问地址即可正常访问web页面:
image.png

Add the verification robot to the TG group

Follow the steps below to add a verification robot in the TG group and set it as a group administrator:

image.png

image.png

image.png

image.png

Add the verification bot as an administrator:
image.png

image.png

启用”新成员验证”:
image.png

image.png

Finally, use it in the TG group/syncCommand (can also be used in the verification robot private chat interface) to synchronize information with the locally deployed Policr mini application:
image.png

Verify robot background settings

You can use it in the private chat interface of the verification robot/loginCommand to get the token:
image.png

可以直接使用上图下方红框中的”进入后台”按键进入后台(前提是之前指定的web地址可以正常访问)。

If you need to log in to the console manually, you need to paste the token obtained in the above picture in the background of the WEB page:

image.png

然后即可进入后台配置界面,后台中最重要的设置项是”全局属性”:
image.png

一般保持默认值就行,不过如果有特殊要求可以自行修改,甚至可以在”方案定制”里修改验证机器人的默认行为:
image.png

I won’t say much about these, there are many options, you can see them for yourself when the time comes.

Advanced skills: webhook mode

Introduction to webhook mode

In the Telegram Bot API, Bots can receive updates in two ways:

Long Polling Mode:Bot actively polls the Telegram server for updates.

Webhook Mode:Telegram 服务器主动将更新推送到Bot的”Webhook URL”。

Policr Mini supports Webhook mode, which requires an HTTP server to be running (described later) to receive message updates pushed by Telegram.

By default, the robot will pollingMode startup, this is a simple and effective mode, no additional configuration is required, and it is also the way I recommend to general friends because it is really simple.pollingThe working model determines that its response speed will be slower thanwebhookmode (and rotation training means that you need to send requests to the TG API frequently, and it is not clear whether there will be any adverse effects). The officialwebhookDescription (however, this description is too concise, and several things that need to be paid attention to in actual configuration are not made clear):
image.png

For those who have successfully usedpollingFor students who have deployed verification robots in the mode, if you are motivated (tossing energy), you can continue to challengewebhookmodel.

Explanation of webhook related parameters

In the docker-compose.yml file,environment:There are 4 parts commented out by "#", as shown in the following figure:

image.png

一般而言,配置webhook模式只需要上图红框中的3项,所以需要在docker-compose.yml文件里删掉这3项前面的”#”符号来取消注释。这3个选项分别对应的变量含义在”.env”文件中都有说明:
image.png

To be honest, these are actually very easy to understand. The following is an example after setting:

POLICR_MINI_BOT_WORK_MODE=webhook POLICR_MINI_BOT_WEBHOOK_URL=https://webhook.example.com/updates_hook POLICR_MINI_BOT_WEBHOOK_SERVER_PORT=8080

There are 2 things to note here:

1. POLICR_MINI_BOT_WEBHOOK_URL

For the URL used in the webhookhttps://webhook.example.comFor webhook mode, correct configuration is the prerequisite for normal operation. The correct configuration here refers to the corresponding adaptation settings for different return-to-source methods:

  • 公网地址回源:如果选择这种回源方式,需要正确配置反向代理,这点和前面的另一个涉及访问网址的选项”POLICR_MINI_SERVER_ROOT_URL”是一样的,不过有一点要注意,就是不能开”人机检测”,否则会导致webhook模式失败(毕竟TG给webhook网址发的消息肯定不是人发的~)。如果担心安全问题,可以设置TG IP范围的白名单。
  • Cloudflare tunnel: If you choose this back-to-source method, you don’t need to bother with the reverse proxy. However, please note that if you set a WAF policy and enable the legendary 5-second shield, you need to correctly set the WAF skip policy so that the message sent by TG can reach the webhook URL normally. Take my skip configuration as an example:
    image.png

2. POLICR_MINI_BOT_WEBHOOK_SERVER_PORT

在前面介绍webhook模式的时候,我提到过:”Policr Mini 支持 Webhook 模式,而这个模式需要一个 HTTP 服务器运行,以接收 Telegram 推送的消息更新。”,这个选项的作用其实就是在容器内部开一个端口来运行HTTP服务器(“容器内部”要划重点)。

In the docker-compose.yml file, the port part only takes effect for the port used for the POLICR_MINI_SERVER_ROOT_URL option by default, and the POLICR_MINI_BOT_WEBHOOK_SERVER_PORT option is in an ineffective state (commented out):
image.png

官方部署上也没提这点,我开始没注意,后来折腾半天没成功后,才发现对外端口都没打开,然后才注意这个,有点坑~,所以大家要记得,启用webhook模式需要取消注释,就是删掉”#”号。

Webhook mode verification

ifPOLICR_MINI_BOT_WORK_MODEIf the option specifies webhook, then policr mini will register with Telegram using the webhook mode. At this time, you can use the following method to verify whether policr mini is successfully registered as webhook mode on Telegram:

curl "https://api.telegram.org/bot/getWebhookInfo"

Note: The same is true when you access the above URL directly in the browser. When actually using it, just add the token to verify the robot after bot.<>The symbol should be removed.

If everything goes well, you will get a response similar to the following:

{ "ok": true, "result": { "url": "https://your-server.com/webhook-url", "has_custom_certificate": false, "pending_update_count": 0 } }

Take my response as an example:
image.png

可选进阶技能:自建本地”Telegram BotAPI”

existenvironment:中还有一个”POLICR_MINI_BOT_API_BASE_URL”选项,我之前并没有提,因为常规部署webhook时用不到,只有需要部署本地API的时候才需要用到。那么,什么是本地API,它有什么功能呢?

简单来说,本地”Telegram Bot API”就像是一个”中间代理层”,它起到了以下几个核心功能:

1. Remove restrictions on official APIs

Request rate limiting: The official API has a limit on the number of requests per second (usually 30 per second). The local API allows you to break these limits because it caches and optimizes interactions with Telegram servers.

Concurrency Limits: The local API can be configured with a higher number of concurrent connections (through parameters such as max_connections) to better handle high-volume requests.

2. Improve privacy

• Before communicating with Telegram official API, all message contents will first communicate with the local API.

• This means: sensitive information can be filtered or encrypted locally to avoid direct transmission to Telegram official servers; messages can be logged or analyzed locally to meet certain compliance requirements.

3. Optimize and integrate traffic

Aggregate Request: The local API can integrate requests from multiple Bots or multiple users and then send them to the Telegram official server, reducing the number of direct interactions with the official server.

Caching and rate control: Through the local API, some repeated or frequent requests (such as obtaining a list of group members) can be cached to reduce unnecessary traffic.

4. Easy to debug and control

• The local API provides more fine-grained logging and control capabilities, allowing you to more easily monitor, debug, and optimize the behavior of your Bot.

• For example, monitoring which requests are most time-consuming, or capturing error responses from Telegram's official API to handle them in advance.

5. Final data is sent to Telegram

• After all optimizations are done locally, the local API will send data to the Telegram official server with minimal latency and optimized frequency.

• It's like a proxy server, only it's smarter and can do more customized things.

This architecture is very useful in high-traffic scenarios, when privacy is high or custom control is needed, but for me, it is completely useless, so I have no motivation to tinker with it. Friends who are interested can try it themselves.

Note: If you use the local API and process messages from Telegram directly, the local API will periodically pull updates from Telegram instead of relying on Webhook to receive them (that is, the local API and Webhook are actually two mutually exclusive methods: one is to actively access TG, and the other is to passively wait for TG to access). When using the local API, the process becomes that you actively request updates from Telegram at regular intervals (actually, it is a round-robin training) instead of waiting for Telegram to push updates, so the response may be slower than the webhook method. Of course, in exchange, you get the core functions mentioned above, and at the same time, there is no need to expose a webhook access URL to the outside world.

Verify the robot's general functions

After successfully building the verification robot, several common functions are provided in the private chat interface with the verification robot (some of which have been mentioned above):

image.png

/pingYou can test whether the robot is active (that is, whether TG can communicate normally with the policr mini application you deployed locally). If it is normal, the following display will be displayed:
image.png

/syncYou can synchronize the group input to the local policr mini application. If normal, there will be a special effect of particles spreading out. Because the speed is too fast, it is difficult to take a screenshot, so I only took a screenshot like this:
image.png

/loginThe previously configured web backend URL will be given, and you can directly click to log in (provided that it is correctly configured and accessible):
image.png

/consoleThis is the console that will be used to replace background functions in the future:
image.png

It does look a lot taller:
image.png

Local deployment (macOS environment)

If you are using a Windows or Mac environment, you can install Docker for Desktop to support this (download address is as follows:https://www.docker.com/products/docker-desktop/):
image.png

I tried to install it using Docker Desktop for Mac. I won't go into details here, but I'll mention two key points:

1、docker desktop for mac默认是支持docker-compose的,但是命令和linux下略有不同,没有”-“,比如,命令”docker-compose up -d”,在mac下变成了”docker compose up -d”,以此类推。

2、mac默认”.”开头的文件只能是系统文件,所以直接创建.envThe file will report an error:

image.png

Use in Linux environmentdocker-compose up -d能正常工作的前提是工作目录下同时存在”docker-compose.yml”和”.env”文件,而mac下因为不能用”.env”的文件名,所以实际运行”docker compose up -d”命令时,会出现如下报错:
image.png

其实就是不能从”.env”文件里获取变量的具体赋值,这也正常,本来”.env”文件就没了。

In theory, there are two solutions:

1. Explicitly specify the environment variable file in docker-compose.yml, similar to the following:

    env_file: -policrmini.env

这样做的目的是避免非要用”.env”做环境文件名的尴尬场景,不过嘛,我尝试了下,并没有成功,也不知道为啥,懒得研究了。

2、直接放弃”.env”文件,把所有赋值直接写到”docker-compose.yml”文件中,如下:

image.png

This approach worked.

Afterword

Let me say a few words about the scientific way to deploy the Policr Minil Lnux environment.

1. Foreign VPS: There is nothing much to say about this, it does not require any scientific knowledge and there will be no problem in deploying it.

2. Domestic VPS (Global Science): There is no problem with this type, in fact, it is no different from foreign VPS

3. Domestic VPS (whitelist science): This type of VPS only needs to guarantee the domain nameapi.telegram.orgJust add it to the whitelist and it will not affect the use.

4. Domestic VPS (cannot set up scientific VPS): This scenario may be because the VPS has other functions (such as production environment) and cannot perform operations with global impact.

Then, another way is to rely on the proxy of the docker environment itself. It is generally recommended to create or edit/etc/docker/daemon.jsonTo open the daemon.json file, first open the daemon.json file:

vim /etc/docker/daemon.json

Then copy and paste the following content into the daemon.json file:

{ "proxies": { "default": { "httpProxy": "http://your-proxy-server:port", # your-proxy-server:portis the proxy server address and port you use "httpsProxy": "http://your-proxy-server:port", "noProxy": "localhost,127.0.0.1" } } }

Then restart the Docker service:

systemctl restart docker

采用这种方式,可以让拉取镜像和容器启动前的流量均可以使用代理(会影响所有docker,大家需要评估是否适合自己的环境,也可能会有一些特殊情况:比如创建或者编辑这个”daemon.json”文件反而会导致docker服务异常的,这种时候就要靠大家自己排查了)。

为什么我要提”容器启动前的流量”这一点呢?因为另一种影响更小的容器使用代理的方式,是在创建容器时使用环境参数来指定代理,以docker-compose.yml的配置为例,只要在environment:Adding the following configuration will enable this docker to use the proxy to access the Internet:

   HTTP_PROXY: http://your-proxy-server:port
   HTTPS_PROXY: http://your-proxy-server:port
   NO_PROXY: localhost,127.0.0.1

In fact, this method has the least impact and is the most recommended method. However, this method can only take effect after the container is started completely normally. The only problem with Policr Mini is that it will communicate with the TG API during the startup phase. If the communication fails, the container cannot start. Therefore, this most recommended method with the least impact cannot be used.

In addition, this article also involves the knowledge of reverse proxy and cloudflare tunnel. Friends who are not familiar with it can refer to my previous articles:

  • Reverse Proxy

If you use the Baota panel, you can refer to the article for reverse proxy configuration:Linux panel series configure reverse proxy and use non-443 port for publishing; If you use NPM, you can refer to the article for reverse proxy configuration:Docker series uses Docker to build its own reverse proxy based on NPM).

  • cloudflare tunnel

You can refer to the article:The home data center series uses tunnel technology to allow home broadband without public IP to use cloudflare for free to quickly build a website (recommended).

The content of the blog is original. Please indicate the source when reprinting! For more blog articles, you can go toSitemapUnderstand. The RSS address of the blog is:https://blog.tangwudi.com/feed, welcome to subscribe; if necessary, you can joinTelegram GroupDiscuss the problem together.
No Comments

Send Comment Edit Comment


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠(ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ°Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
Emoticons
Emoji
Little Dinosaur
flower!
Previous
Next
       

This site has disabled the right mouse button and various shortcut keys. The code block content can be copied directly by clicking the copy button in the upper right corner

en_US