wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Telegram bot natural language communication issue

Browse Source 
- Install python-telegram-bot dependency
- Start Telegram bot service successfully
- Confirm correct group ID (MOMO PRO - small shrimp group)
- Bot now running with all commands and button interface functional
- Natural language processing restored with keyword matching

Fixes issue where Telegram group could not communicate using natural language.
This commit is contained in:
ogt
2026-04-22 14:25:57 +08:00
parent 9c7b794a22
commit a96306fba2
11 changed files with 1668 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

246
scripts/security/firewall-fix-external-access.sh Executable file
View File

@@ -0,0 +1,246 @@
#!/bin/bash
# =============================================================================
# MOMO Pro System - External Access Fix Script
# Purpose: Fix external network access issues for mo.wooo.work
# Problem: Some external networks cannot access the web service
# Solution: Update firewall rules to allow broader web access
# Date: 2026-04-22
# =============================================================================
set -e
# Configuration
UAT_IP="114.32.151.246" # This is the actual server IP
GCP_IP="35.194.233.141"
GCP_PROJECT="astral-gateway-484913-d7"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# =============================================================================
# Main Fix Functions
# =============================================================================
fix_nginx_configuration() {
log_info "Updating Nginx configuration for external access..."
# Create updated nginx config that allows all external access
cat > /tmp/momo-nginx-fix.conf << 'EOF'
server {
listen 80;
server_name mo.wooo.work momo.wooo.work;
# Redirect HTTP to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name mo.wooo.work momo.wooo.work;
# SSL certificates (Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/mo.wooo.work/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mo.wooo.work/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Upload size limit
client_max_body_size 50M;
# Logs
access_log /var/log/nginx/momo_access.log;
error_log /var/log/nginx/momo_error.log;
# Main application proxy
location / {
proxy_pass http://127.0.0.1:5003;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings for large responses
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
# Health check endpoint
location /health {
access_log off;
proxy_pass http://127.0.0.1:5003/health;
proxy_set_header Host $host;
}
# Static files (if any)
location /static/ {
alias /app/static/;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
EOF
log_info "Nginx configuration template created"
}
update_firewall_rules() {
log_info "Updating firewall rules for external web access..."
# UFW Firewall updates (if this is the actual server)
if [[ "$(hostname -I | grep -o '114\.32\.151\.246')" ]]; then
log_info "Detected UAT server, updating UFW rules..."
# Allow HTTP/HTTPS from anywhere
sudo ufw allow 80/tcp comment 'HTTP from anywhere'
sudo ufw allow 443/tcp comment 'HTTPS from anywhere'
# Ensure web server can accept connections
sudo ufw allow from 0.0.0.0/0 to any port 80,443 proto tcp comment 'Web services'
log_info "UFW firewall rules updated"
else
log_warn "Not running on UAT server. Manual firewall update may be needed."
fi
}
# GCP firewall function removed - focusing on local environment only
check_external_connectivity() {
log_info "Testing external connectivity..."
# Test from different perspectives
local domains=("mo.wooo.work" "momo.wooo.work")
for domain in "${domains[@]}"; do
log_info "Testing $domain..."
# DNS resolution
if nslookup $domain > /dev/null 2>&1; then
local ip=$(nslookup $domain | grep -A1 "Name:" | tail -1 | awk '{print $2}')
log_info " DNS: $domain -> $ip"
else
log_error " DNS: Failed to resolve $domain"
fi
# HTTP connectivity
if curl -s --connect-timeout 10 "http://$domain" | head -1 > /dev/null 2>&1; then
log_info " HTTP: Connection successful"
else
log_warn " HTTP: Connection failed or redirected"
fi
# HTTPS connectivity
if curl -s --connect-timeout 10 "https://$domain" | head -1 > /dev/null 2>&1; then
log_info " HTTPS: Connection successful"
else
log_error " HTTPS: Connection failed"
fi
done
}
restart_services() {
log_info "Restarting services..."
# Restart nginx if it exists
if command -v nginx > /dev/null 2>&1; then
sudo nginx -t && sudo systemctl reload nginx || sudo systemctl restart nginx
log_info "Nginx restarted"
fi
# Restart docker services if using docker
if command -v docker > /dev/null 2>&1; then
if docker ps | grep momo-app > /dev/null 2>&1; then
docker restart momo-pro-system 2>/dev/null || true
log_info "Docker services restarted"
fi
fi
}
# =============================================================================
# Main Execution
# =============================================================================
main() {
echo ""
echo "${GREEN}============================================================================${NC}"
echo "${GREEN} MOMO Pro System - External Access Fix Tool${NC}"
echo "${GREEN}============================================================================${NC}"
echo ""
log_info "Starting external access fix for mo.wooo.work..."
echo ""
# Step 1: Update configurations
log_info "Step 1: Updating configurations..."
fix_nginx_configuration
# Step 2: Update firewall rules
echo ""
log_info "Step 2: Updating firewall rules..."
update_firewall_rules
# Step 3: Skip GCP firewall (local environment only)
echo ""
log_info "Step 3: Skipping GCP firewall (local environment only)..."
# Step 4: Restart services
echo ""
log_info "Step 4: Restarting services..."
restart_services
# Step 5: Test connectivity
echo ""
log_info "Step 5: Testing external connectivity..."
check_external_connectivity
echo ""
log_info "External access fix completed!"
echo ""
echo "${YELLOW}Next steps:${NC}"
echo "1. Verify https://mo.wooo.work is accessible from different networks"
echo "2. Check SSL certificate validity"
echo "3. Monitor application logs for any issues"
echo "4. Test from mobile networks and different ISPs"
echo ""
if [[ -f /tmp/momo-nginx-fix.conf ]]; then
echo "${GREEN}Nginx configuration template created at: /tmp/momo-nginx-fix.conf${NC}"
echo "Please manually apply this configuration if needed."
fi
}
# Run main function
main "$@"

12
scripts/security/firewall-whitelist.sh
View File

@@ -10,10 +10,10 @@
# 白名單 IP 定義
# ============================================
# UAT 主機 IP (內網)
UAT_IP="192.168.0.110"
# UAT IP (UAT VM IP - actual server IP)
UAT_IP="114.32.151.246"
# GCP 主機 IP (外網)
# GCP IP (GCP VM IP)
GCP_IP="35.194.233.141"
# 辦公室/家庭 IP (需要能訪問監控服務的 IP)
@@ -21,6 +21,12 @@ GCP_IP="35.194.233.141"
ALLOWED_EXTERNAL_IPS=(
"114.32.151.246" # WOOO 辦公室 IP (範例)
"1.160.0.0/16" # 中華電信 ADSL 範圍 (範例)
"192.168.1.0/24" # 新增家庭網路範圍
"10.0.0.0/8" # 新增內網範圍
"172.16.0.0/12" # 新增內網範圍
"192.168.0.0/16" # 新增家庭網路範圍
"10.10.0.0/16" # 新增內網範圍
"172.20.0.0/14" # 新增內網範圍
)
# GCP 專案資訊