Why telegram bot doesn't conflict with nginx?
Question:
I wrote a simple telegram bot and it works great without conflicting with my firewall. But my question is this, in the firewall I have ports 80 and 443 allowed for my site, but when I write a TCP socket in Python that should work through port 443 or port 80, the OS tells me that I need to run the program from the user’s root, but if I start the bot, then the OS does not swear at all about the rights and the bot works quietly. If I still decide to run a socket on port 443 or 80, then the OS replies that these ports are busy.
So, please explain to me why the telegram bot does not conflict with processes and ports?
My server is Ubuntu 22.04
P.S. I already asked this question on stackexchange, but as I understand it, they do not understand telegram bots, I hope you can help me.
Answers:
You’re confusing two things, I think.
nginx/apache/a python server process trying to listen on port 443 or 80 need to be run by root (or another user with elevated privilege levels).
A python bot trying to talk to a telegram server on port 443 doesn’t have that limitations; browsers also don’t need to run as root.
If this doesn’t answer your question you need to be a bit clearer on what you’re doing.
Oh… too much misunderstandings in your question. It will be better to understand basics of TCP connection and NAT tables first.
I will try to explain this situation in short
when I write a TCP socket in Python that should work through port 443 or port 80, the OS tells me that I need to run the program from the user’s root
- 80 and 443 are privileged ports and Linux doesn’t allow to use it under non-admin users. It has nothing to do with Nginx conflicts and may be solved by proper configuration
- If you will try to use non-privileged port like
8080 python may be executed even without admin permissions
So, please explain to me why the telegram bot does not conflict with processes and ports?
- Nginx and Python socket are listening at
80 and 443 ports and waiting for incoming connections. You have to access your server IP to initiate connection
- Telegram bot (and any another bot) are using Telegram servers to connect. Just imagine that you instantly looking in Telegram app and immediately answering on all messages. Bot doing the same stuff. It is just client for remote server (You don’t need to listen
443 at your machine to be able use Telegram app, right?). It is listening no port and don’t waiting for incoming connections but waiting for messages at remote server
- But you can argue "Hey stop, but Python bot still connected to Telegram servers. What ports it uses? Isn’t that is same as the socket?" → Here is the same TCP connection, but Python using OUTGOING dynamic ports to connect Telegram server’s INCOMING static port
443. Outgoing port may be 20323 or 27578 for example. It is all about NAT. In short any non-used port may be used to establish connection between remote 443 and local XXXX ports.
I wrote a simple telegram bot and it works great without conflicting with my firewall. But my question is this, in the firewall I have ports 80 and 443 allowed for my site, but when I write a TCP socket in Python that should work through port 443 or port 80, the OS tells me that I need to run the program from the user’s root, but if I start the bot, then the OS does not swear at all about the rights and the bot works quietly. If I still decide to run a socket on port 443 or 80, then the OS replies that these ports are busy.
So, please explain to me why the telegram bot does not conflict with processes and ports?
My server is Ubuntu 22.04
P.S. I already asked this question on stackexchange, but as I understand it, they do not understand telegram bots, I hope you can help me.
You’re confusing two things, I think.
nginx/apache/a python server process trying to listen on port 443 or 80 need to be run by root (or another user with elevated privilege levels).
A python bot trying to talk to a telegram server on port 443 doesn’t have that limitations; browsers also don’t need to run as root.
If this doesn’t answer your question you need to be a bit clearer on what you’re doing.
Oh… too much misunderstandings in your question. It will be better to understand basics of TCP connection and NAT tables first.
I will try to explain this situation in short
when I write a TCP socket in Python that should work through port 443 or port 80, the OS tells me that I need to run the program from the user’s root
- 80 and 443 are privileged ports and Linux doesn’t allow to use it under non-admin users. It has nothing to do with Nginx conflicts and may be solved by proper configuration
- If you will try to use non-privileged port like
8080python may be executed even without admin permissions
So, please explain to me why the telegram bot does not conflict with processes and ports?
- Nginx and Python socket are listening at
80and443ports and waiting for incoming connections. You have to access your server IP to initiate connection - Telegram bot (and any another bot) are using Telegram servers to connect. Just imagine that you instantly looking in Telegram app and immediately answering on all messages. Bot doing the same stuff. It is just client for remote server (You don’t need to listen
443at your machine to be able use Telegram app, right?). It is listening no port and don’t waiting for incoming connections but waiting for messages at remote server - But you can argue "Hey stop, but Python bot still connected to Telegram servers. What ports it uses? Isn’t that is same as the socket?" → Here is the same TCP connection, but Python using OUTGOING dynamic ports to connect Telegram server’s INCOMING static port
443. Outgoing port may be20323or27578for example. It is all about NAT. In short any non-used port may be used to establish connection between remote443and localXXXXports.