Update Dockerfile

Dockerfile

@@ -1,28 +1,31 @@
 FROM node:20-bookworm-slim
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
-      ca-certificates git graphicsmagick curl nginx openssl \
+      ca-certificates git graphicsmagick curl openssl \
     && rm -rf /var/lib/apt/lists/*
 
 RUN npm install -g n8n
 
 RUN mkdir -p /home/node/.n8n && chown -R node:node /home/node
 
-# Self-signed cert so nginx can serve TLS on localhost
-RUN mkdir -p /etc/nginx/ssl \
+# Self-signed cert so Node can intercept TLS calls to api.telegram.org
+RUN mkdir -p /etc/ssl/telegram \
     && openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-         -keyout /etc/nginx/ssl/key.pem \
-         -out    /etc/nginx/ssl/cert.pem \
+         -keyout /etc/ssl/telegram/key.pem \
+         -out    /etc/ssl/telegram/cert.pem \
          -subj   "/CN=api.telegram.org" \
          -addext "subjectAltName=DNS:api.telegram.org"
 
-# Remove the default nginx site
-RUN rm -f /etc/nginx/sites-enabled/default
-
-# Allow Node to accept our self-signed cert on localhost
+# n8n must trust our self-signed cert (for the local interception layer)
 ENV NODE_TLS_REJECT_UNAUTHORIZED=0
 
+# ── Runtime env vars (set these in HF Space secrets) ──────────────────────
+# TG_PROXY_URL   = https://your-app.vercel.app   (your Vercel proxy URL)
+# PROXY_SECRET   = a random password you chose in Vercel env vars
+# PORT           = 7860  (HF default, already set by HF)
+
 COPY start.sh /start.sh
 RUN chmod +x /start.sh
 
+EXPOSE 7860
 CMD ["/start.sh"]