Simple MT-Proto proxy
Install dependencies, you would need common set of tools for building from source, and development packages for openssl and zlib.
On Debian/Ubuntu:
apt install git curl build-essential libssl-dev zlib1g-devOn CentOS/RHEL:
yum install openssl-devel zlib-devel
yum groupinstall "Development Tools"Clone the repo:
git clone https://github.com/TelegramMessenger/MTProxy
cd MTProxyTo build, simply run make, the binary will be in objs/bin/mtproto-proxy:
make && cd objs/binIf the build has failed, you should run make clean before building it again.
- Obtain a secret, used to connect to telegram servers.
curl -s https://core.telegram.org/getProxySecret -o proxy-secret- Obtain current telegram configuration. It can change (occasionally), so we encourage you to update it once per day (see below ).
curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf- Generate a secret to be used by users to connect to your proxy.
head -c 16 /dev/urandom | xxd -ps- Run
mtproto-proxy:
./mtproto-proxy -u nobody -p 8888 -H 443 -S <secret> --aes-pwd proxy-secret proxy-multi.conf -M 1... where:
nobodyis the username.mtproto-proxycallssetuid()to drop privilegies.443is the port, used by clients to connect to the proxy.8888is the local port. You can use it to get statistics frommtproto-proxy. Likewget localhost:8888/stats. You can only get this stat via loopback.<secret>is the secret generated at step 3. Also you can set multiple secrets:-S <secret1> -S <secret2>.proxy-secretandproxy-multi.confare obtained at steps 1 and 2.1is the number of workers. You can increase the number of workers, if you have a powerful server.
Also feel free to check out other options using mtproto-proxy --help.
- Generate the link with following schema:
tg://proxy?server=SERVER_NAME&port=PORT&secret=SECRET(or let the official bot generate it for you). - Register your proxy with @MTProxybot on Telegram.
- Set received tag with arguments:
-P <proxy tag> - Enjoy.
Due to some ISPs detecting MTProxy by packet sizes, random padding is added to packets if such mode is enabled.
It's only enabled for clients which request it.
Add dd prefix to secret (cafe...babe => ddcafe...babe) to enable
this mode on client side.
Set tag with argument: -D <domain>, the domain must support TLS 1.3.
The secret has this format: ee + <secret> + <domain> (in hex format)
When using this protocol, all others are disabled. Also, it is not recommended to set the value of workers for better replay protection.
- Create systemd service file (it's standard path for the most Linux distros, but you should check it before):
nano /etc/systemd/system/MTProxy.service- Edit this basic service (especially paths and params):
[Unit]
Description=MTProxy
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/MTProxy
ExecStart=/opt/MTProxy/mtproto-proxy -u nobody -p 8888 -H 443 -S <secret> -P <proxy tag> <other params>
Restart=on-failure
[Install]
WantedBy=multi-user.target- Reload daemons:
systemctl daemon-reload- Test fresh MTProxy service:
systemctl restart MTProxy.service
# Check status, it should be active
systemctl status MTProxy.service- Enable it, to autostart service after reboot:
systemctl enable MTProxy.serviceThis provides automatic proxy-multi.conf file update everyday
- Create and edit systemd service file (especially path of proxy-multi.conf file):
nano /etc/systemd/system/MTProxy-multiUpdater.service[Unit]
Description=Update MTPRoxy proxy-multi.conf file
[Service]
Type=oneshot
ExecStart=/usr/bin/curl -s https://core.telegram.org/getProxyConfig -o /opt/MTProxy/proxy-multi.conf- Add the timer (this example runs above service everyday at 4AM)
nano /etc/systemd/system/MTProxy-multiUpdater.service[Unit]
Description=MTProxy-multiUpdater timer
[Timer]
OnCalendar=*-*-* 4:00:00
Persistent=true
[Install]
WantedBy=timers.target- Reload daemons:
systemctl daemon-reload- Enable timer
systemctl enable MTProxy-multiUpdater.timer- Check timer is properly set up
systemctl list-timersTelegram is also providing official Docker image. Note: the image is outdated.