social network

New MTProto-proxy server from Telegram

The proxy server is the intermediary between the client and the server. To circumvent the restrictions, the proxy server must be installed where there is no restriction on access to the required information, and there should not be any such limitations between the client and the proxy server.

Updated support for proxy servers in Telegram clients

 

  • New MTProto-proxy. Works with native MTProto protocol for Telegram
  • Open source server on GitHub
  • Docker-image on DockerHub
  • In mobile clients, it became possible to add several proxy servers of each type. The user can choose the most suitable

MTProto-proxy

 

  • MTProto-proxy works only with Telegram
  • The client and the server do not have an open information exchange phase
  • In the implementation of the MTProto-proxy server from Telegram, the proxy server and its owner do not have direct access to the meta-information of the MTProxy protocol (logins, for example).
  • For all kinds of filters and analyzers, the data exchange with the MTProto-proxy server looks like an unstructured binary bidirectional data flow between the client and the server. This makes it difficult to recognize the protocol for the purpose of limiting.

 

Fast start

To run your own MTProto-proxy server, only a machine with Docker installed and network access is required . On port 443 there should not be anything (nginx, apache). The first time the proxy server is launched, a secret key will be created that will be stored. Running with one command:

$ docker run -d --net=host --name=mtproto-proxy --restart=always \
    -v proxy-config:/data telegrammessenger/proxy

To view information about the secret key and special links, look at the container log with the command:

$ docker logs mtproto-proxy

[+] Using the explicitly passed secret: 'b7e70329dcf3721c4239b86ad32a90b8'.
[+] Saving it to /data/secret.
[*] Final configuration:
[*]   Secret 1: b7e70329dcf3721c4239b86ad32a90b8
[*]   tg:// link for secret 1 auto configuration: : tg://proxy?server=81.177.103.94&port=443&secret=b7e70329dcf3721c4239b86ad32a90b8
[*]   t.me link for secret 1: tg://proxy?server=81.177.103.94&port=443&secret=b7e70329dcf3721c4239b86ad32a90b8
[*]   Tag: no tag
[*]   External IP: 81.177.103.94
[*]   Make sure to fix the links in case you run the proxy on a different port.

It should be taken into account that the proxy server will try to “guess” the parameters for the links, so the IP and the port may be inaccurate and require correction.

The secret key

You can set your own private key using the SECRET environment variable:

$ docker run -d --net=host --name=mtproto-proxy --restart=always \
    -v proxy-config:/data -e SECRET=b7e70329dcf3721c4239b86ad32a90b8 \
    telegrammessenger/proxy

When using a proxy server (user groups), you can use several keys (up to 16). For example, for corporate installations I distinguish the following groups of users: boss, managers, users. For each of them I generate my own key. In case of compromise (leakage to the side) of the key, I change it for the group. What is the problem of compromising the key? In the traffic. The number of connections can completely fill the channel to your machine. You can also make a key rotation system. 

To set several keys, you must list them with a comma:

$ docker run -d --net=host --name=mtproto-proxy --restart=always \
    -v proxy-config:/data -e SECRET=b7e70329dcf3721c4239b86ad32a90b8,afccd434fb32248f29f033b189bd8541,878397a50627deb349d4c296bd9dc3c2 \
     telegrammessenger/proxy

Or you can set the desired number of keys for autogeneration via the SECRET_COUNT variable (no more than 16):

$ docker run -d --net=host --name=mtproto-proxy --restart=always \
    -v proxy-config:/data -e SECRET_COUNT=5 telegrammessenger/proxy

To generate your key, you can use, for example, one of the commands in Linux:

# работает даже на busybox:
$ tr -dc 'a-f0-9' < /dev/urandom | dd bs=1 count=32 2>/dev/null
$ hexdump -n 16 -e '4/4 "%08x" 1 "\n"' /dev/random    # требуется программа hexdump
$ openssl rand -hex 16    # требуется openssl

 

Performance

Each proxy server process can process tens of thousands of connections. For best performance, there is a limit of 60,000 connections per processor core. By default, two proxy server processes are started (with the assumption that each system will allocate by the kernel). You can increase the number of running processes through the WORKERS variable. Do not run them more than the processor has cores:

$ docker run -d --net=host --name=mtproto-proxy --restart=always \
    -v proxy-config:/data -e WORKERS=16 telegrammessenger/proxy

 

Using the Network

In the example, a key is given specifically --net=host. This avoids excessive address translation and allows IPv6 to be used directly from the box without configuration, if it is on the machine on which the proxy-server is started. 

Of course, you can run in a more classic way by specifying port forwarding:

$ docker run -d -p443:443 --name=mtproto-proxy --restart=always \
    -v proxy-config:/data telegrammessenger/proxy

You can also specify some other port, for example:

$ docker run -d -p8443:443 --name=mtproto-proxy --restart=always \
    -v proxy-config:/data telegrammessenger/proxy:latest

Note that the proxy server does not know anything about the “real” port and the link will be incorrect, it needs to be corrected.

Monitoring

MTProto-proxy server presents some statistics on its work. Statistics provided only on localhost: http://localhost:2398/stats

When you run a proxy server through a docker with a parameter --net=hostto get statistics, just use the command:, curl http://localhost:2398/statsor proxy through, for example, nginx somewhere outside. When running a proxy server through the docker with port forwarding statistics can be obtained by the command:

$ docker exec mtproto-proxy curl http://localhost:2398/stats

Some metrics:

  • ready_targets – the number of Telegram servers that the proxy server will try to connect to
  • active_targets – the number of connections to Telegram servers (in theory, it must be the same as ready_targets)
  • total_special_connections – the number of incoming client connections
  • total_max_special_connections – the maximum possible number of simultaneous connections

 

Advertising

Telegram allows you to monetize a proxy server through a subscription to Promoted-channel. A Promoted channel is a channel that you will automatically subscribe to when connecting to a proxy server. It will be attached to the top of the chat list and can not be deleted until you disconnect from this proxy server. 

To configure the Promoted channel, you should get the @MTProxybot special bot code and pass it to the TAG variable when the server starts:

$ docker run -d --net=host --name=mtproto-proxy --restart=always \
    -v proxy-config:/data -e TAG=85174e9e0ffa43c0d3a7167e52175268 \
    telegrammessenger/proxy:latest

This parameter is not remembered, it must be set each time when creating and recreating the container. 

Promoted-channel will be displayed at the top with an appropriate note for those clients who use this proxy server. If you subscribe to the channel, there will be no tagging.

Updating the proxy server

Developers of MTProto-proxy will try to make minimum changes, but recommend updating the proxy server at least once a day:

$ docker pull telegrammessenger/proxy    # обновить образ
$ docker stop mtproto-proxy    # остановить контейнер
$ docker rm mtproto-proxy     # удалить контейнер
$ docker run ....  # создать из обновленного образа и запустить контейнер заново
$ docker logs -f --tail=30 mtproto-proxy    # посмотреть журнал контейнера

 

Docker Compose

Example docker-compose.yml :

version: '3.0'

services:
        mtproxy:
                image: telegrammessenger/proxy:latest
                hostname: mtproxy
                container_name: mtproxy.local
                volumes:
                        - proxy-config:/data
                network_mode: "host"
                logging:
                        driver: syslog
                        options:
                                tag: mtproxy
                restart: always
volumes:
        proxy-config:
                external: true

To use Promoted channels, do not forget to add the TAG variable.

Updating the proxy server with Docker Compose

 

$ docker-compose pull mtproxy     # обновить образ
$ docker-compose up -d   # пересобрать и перезапустить контейнер
$ docker-compose logs -f --tail=30 mtproxy    # посмотреть журнал сервиса

 

Back to top button
Close
Close