### Enable MTProxy Service to Autostart Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Enable the MTProxy service to automatically start after system reboots. ```bash systemctl enable MTProxy.service ``` -------------------------------- ### Install Dependencies and Build MTProxy Source: https://context7.com/getpagespeed/mtproxy/llms.txt Installs necessary dependencies on Debian/Ubuntu systems and compiles the mtproto-proxy binary using make. Ensure OpenSSL and zlib development libraries are available. ```bash # Install dependencies on Debian/Ubuntu apt install git curl build-essential libssl-dev zlib1g-dev # Clone and build git clone https://github.com/GetPageSpeed/MTProxy cd MTProxy make -j$(nproc) # Binary location ls -la objs/bin/mtproto-proxy ``` -------------------------------- ### Start MTProxy using Docker Compose Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Commands to start the MTProxy service defined in docker-compose.yml in detached mode and view its logs for generated secrets. ```bash docker-compose up -d ``` ```bash docker-compose logs mtproxy | grep "Generated secret" ``` -------------------------------- ### Docker Quick Start - Simplest Startup Source: https://context7.com/getpagespeed/mtproxy/llms.txt Launches MTProxy in a Docker container with automatic secret generation and default port mappings. The container is set to restart automatically. ```bash docker run -d \ --name mtproxy \ -p 443:443 \ -p 8888:8888 \ --restart unless-stopped \ ghcr.io/getpagespeed/mtproxy:latest ``` -------------------------------- ### Install Build Dependencies on CentOS/RHEL Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Installs development tools and libraries for building MTProxy on CentOS/RHEL systems. Note: Using Debian/Ubuntu packages is generally recommended. ```bash yum install openssl-devel zlib-devel yum groupinstall "Development Tools" ``` -------------------------------- ### Systemd Service for MTProxy (IPv6) Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md A systemd service file example for running MTProxy with IPv6 enabled. Ensure the ExecStart path and arguments are correct for your setup. ```ini [Unit] Description=MTProxy (IPv6) After=network.target [Service] Type=simple WorkingDirectory=/opt/MTProxy ExecStart=/opt/MTProxy/mtproto-proxy -6 -u nobody -p 8888 -H 443 -S --http-stats -P --aes-pwd proxy-secret proxy-multi.conf -M 1 Restart=on-failure [Install] WantedBy=multi-user.target ``` -------------------------------- ### Run MTProxy using Docker Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Quick start command to run MTProxy in a Docker container. This command automatically downloads the latest configuration, generates a secret if needed, and starts the proxy. ```bash docker run -d \ --name mtproxy \ -p 443:443 \ -p 8888:8888 \ --restart unless-stopped \ ghcr.io/getpagespeed/mtproxy:latest ``` -------------------------------- ### Create Systemd Service File for MTProxy Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Create a systemd service file for MTProxy. Ensure the WorkingDirectory and ExecStart paths are correct for your installation. ```bash nano /etc/systemd/system/MTProxy.service ``` -------------------------------- ### Docker Quick Start - Custom Configuration Source: https://context7.com/getpagespeed/mtproxy/llms.txt Runs MTProxy in Docker with custom environment variables for secret, proxy tag, domain, and worker count. A volume is mounted for persistent data. ```bash docker run -d \ --name mtproxy \ -p 443:443 \ -p 8888:8888 \ -e SECRET=cafe1234567890abcdef1234567890ab \ -e PROXY_TAG=your_proxy_tag_here \ -e EE_DOMAIN=www.google.com \ -e WORKERS=2 \ -v mtproxy-data:/opt/mtproxy/data \ --restart unless-stopped \ ghcr.io/getpagespeed/mtproxy:latest ``` -------------------------------- ### Basic Proxy Startup with Secret and Config Source: https://context7.com/getpagespeed/mtproxy/llms.txt Starts the MTProxy server with a secret for client authentication, downloads configuration from Telegram, and listens on port 443. Requires proxy-secret and proxy-multi.conf files. ```bash # Download proxy configuration files curl -fsSL https://core.telegram.org/getProxySecret -o proxy-secret curl -fsSL https://core.telegram.org/getProxyConfig -o proxy-multi.conf # Generate a random 16-byte secret SECRET=$(head -c 16 /dev/urandom | xxd -ps) echo "Generated secret: $SECRET" # Start the proxy ./objs/bin/mtproto-proxy \ -u nobody \ -p 8888 \ -H 443 \ -S "$SECRET" \ --http-stats \ --aes-pwd proxy-secret \ proxy-multi.conf \ -M 1 # Expected output: # config_filename = 'proxy-multi.conf' # Starting mtproto-proxy... # Listening on port 443 ``` -------------------------------- ### Run MTProxy with Configuration and Stats Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Starts the MTProxy server with specified user, ports, secrets, and configuration files. It enables HTTP statistics accessible on a local port. ```bash ./mtproto-proxy -u nobody -p 8888 -H 443 -S --http-stats --aes-pwd proxy-secret proxy-multi.conf -M 1 ``` -------------------------------- ### Install Python Dependencies for Local Testing Source: https://github.com/getpagespeed/mtproxy/blob/master/TESTING.md Install necessary Python packages for running MTProxy tests locally without Docker. Ensure you have Python 3.9+ installed. ```bash pip install -r tests/requirements.txt ``` -------------------------------- ### Run MTProxy Tests with Make Source: https://github.com/getpagespeed/mtproxy/blob/master/TESTING.md Execute the full test suite using the make command. This builds Docker images, starts the proxy and test runner, and performs connectivity checks. ```bash make test ``` -------------------------------- ### Install Build Dependencies on Debian/Ubuntu Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Installs the necessary packages for building MTProxy from source on Debian-based systems, including git, curl, build tools, and development libraries for OpenSSL and zlib. ```bash apt install git curl build-essential libssl-dev zlib1g-dev ``` -------------------------------- ### Basic Docker Compose Setup for MTProxy Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md A minimal docker-compose.yml file to deploy the MTProxy service. This configuration maps standard ports and sets the container to restart automatically. ```yaml services: mtproxy: image: ghcr.io/getpagespeed/mtproxy:latest ports: - "443:443" - "8888:8888" restart: unless-stopped ``` -------------------------------- ### Basic Systemd Service Configuration for MTProxy Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Edit the systemd service file with appropriate paths and parameters. This example includes options for HTTP stats and proxy tags. ```bash [Unit] Description=MTProxy After=network.target [Service] Type=simple WorkingDirectory=/opt/MTProxy ExecStart=/opt/MTProxy/mtproto-proxy -u nobody -p 8888 -H 443 -S -P ExecStart=/opt/MTProxy/mtproto-proxy -u nobody -p 8888 -H 443 -S --http-stats -P Restart=on-failure [Install] WantedBy=multi-user.target ``` -------------------------------- ### Docker Compose Configuration for MTProxy Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Example docker-compose.yml to deploy the MTProxy service, mapping ports and setting environment variables. ```yaml services: mtproxy: image: ghcr.io/getpagespeed/mtproxy:latest ports: - "443:443" - "8888:8888" environment: - SECRET=${SECRET} - PROXY_TAG=${PROXY_TAG} - RANDOM_PADDING=${RANDOM_PADDING} restart: unless-stopped ``` -------------------------------- ### Systemd Service Configuration for MTProxy Source: https://context7.com/getpagespeed/mtproxy/llms.txt Sets up MTProxy as a systemd service for automatic startup, management, and monitoring. Includes enabling and starting the service, and checking its status and logs. ```bash # Create service file cat > /etc/systemd/system/mtproxy.service << 'EOF' [Unit] Description=MTProxy Telegram Proxy After=network.target [Service] Type=simple WorkingDirectory=/opt/MTProxy ExecStart=/opt/MTProxy/objs/bin/mtproto-proxy \ -u nobody \ -p 8888 \ -H 443 \ -S cafe1234567890abcdef1234567890ab \ --http-stats \ -D www.google.com \ --aes-pwd proxy-secret proxy-multi.conf \ -M 1 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF # Enable and start systemctl daemon-reload systemctl enable mtproxy systemctl start mtproxy # Check status systemctl status mtproxy journalctl -u mtproxy -f ``` -------------------------------- ### Persist MTProxy Configuration with Volume Mounting Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Example of mounting a host directory to persist the Telegram DC configuration across container restarts. ```bash -v /path/to/host/data:/opt/mtproxy/data ``` -------------------------------- ### Running MTProxy Test Suite Source: https://context7.com/getpagespeed/mtproxy/llms.txt Commands to execute the MTProxy test suite, including options for running specific test types or running tests locally without Docker. Requires installing dependencies and setting environment variables. ```bash # Run full test suite make test # Run specific test types make test-tls # TLS/EE mode tests make test-multi-secret # Multiple secrets test make test-secret-limit # Per-secret connection limits make test-ip-acl # IP access control tests make test-drs-delays # Dynamic Record Sizing tests # Run tests locally without Docker pip install -r tests/requirements.txt export MTPROXY_HOST=localhost export MTPROXY_PORT=443 export MTPROXY_STATS_PORT=8888 python3 tests/test_proxy.py # Expected output: # Testing HTTP stats... # HTTP stats OK: config_filename... # Testing Prometheus metrics... # Prometheus metrics OK: 2048 bytes, 45 metrics # Testing MTProto port... # MTProto port OK # Tests passed! ``` -------------------------------- ### Fake-TLS Mode (EE Mode) Setup Source: https://context7.com/getpagespeed/mtproxy/llms.txt Enables Fake-TLS mode for DPI resistance, making traffic appear as regular HTTPS. Requires a domain for TLS mimicry. The client secret is generated by prefixing 'ee' to the server secret and appending the hex-encoded domain. ```bash # Server setup with domain for TLS mimicry ./objs/bin/mtproto-proxy \ -u nobody \ -p 8888 \ -H 443 \ -S "cafe1234567890abcdef1234567890ab" \ -D www.google.com \ --http-stats \ --aes-pwd proxy-secret \ proxy-multi.conf # Generate client secret (ee prefix + secret + domain hex) SECRET="cafe1234567890abcdef1234567890ab" DOMAIN="www.google.com" DOMAIN_HEX=$(echo -n "$DOMAIN" | xxd -ps) CLIENT_SECRET="ee${SECRET}${DOMAIN_HEX}" echo "Client secret: $CLIENT_SECRET" # Output: eecafe1234567890abcdef1234567890ab7777772e676f6f676c652e636f6d # Share link format: # tg://proxy?server=YOUR_IP&port=443&secret=$CLIENT_SECRET ``` -------------------------------- ### Docker Compose Management Commands Source: https://context7.com/getpagespeed/mtproxy/llms.txt Essential commands for managing the MTProxy service when using Docker Compose. Includes starting the service in detached mode, following logs, and checking the stats and metrics endpoints. ```bash # Start with docker-compose docker-compose up -d # View logs docker-compose logs -f mtproxy # Check stats curl http://localhost:8888/stats curl http://localhost:8888/metrics ``` -------------------------------- ### Get Domain HEX Dump Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Convert a domain name to its hexadecimal representation using 'xxd -plain'. This is required for constructing the EE mode client secret. ```bash echo -n www.google.com | xxd -plain ``` -------------------------------- ### MTProxy IPv6 Support Configuration Source: https://context7.com/getpagespeed/mtproxy/llms.txt Enables MTProxy to listen for client connections on both IPv4 and IPv6 interfaces. Use the `-6` flag and ensure your host system has IPv6 enabled. A client link example with an AAAA record is provided. ```bash # Enable IPv6 with -6 flag ./objs/bin/mtproto-proxy \ -6 \ -u nobody \ -p 8888 \ -H 443 \ -S "$SECRET" \ --http-stats \ --aes-pwd proxy-secret \ proxy-multi.conf # Verify IPv6 listening ss -ltnp | grep :443 # Expected: :::443 among listeners # Test locally curl -6 http://[::1]:8888/stats # Client link with hostname (AAAA record): # tg://proxy?server=proxy.example.com&port=443&secret=... # Check IPv6 is enabled on host sysctl net.ipv6.conf.all.disable_ipv6 # Should be 0 ``` -------------------------------- ### Run MTProxy in Direct Mode Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md This command starts the MTProxy in direct mode, bypassing Telegram's middle-end servers for reduced latency. It requires a secret and specifies ports for client connections and statistics. ```bash ./mtproto-proxy -S "$SECRET" -H 443 --direct -p 8888 --aes-pwd /dev/null ``` -------------------------------- ### MTProxy Configuration Refresh Script Source: https://context7.com/getpagespeed/mtproxy/llms.txt A shell script to automatically refresh MTProxy configuration from a specified URL and reload the proxy service if changes are detected. This script is intended to be run periodically, for example, via a cron job. It handles temporary file creation, comparison, and service reloading using SIGHUP. ```sh #!/bin/sh # mtproxy-config-refresh.sh CONFIG_PATH="/opt/mtproxy/data/proxy-multi.conf" CONFIG_URL="https://core.telegram.org/getProxyConfig" curl --connect-timeout 10 --max-time 30 --retry 3 \ -fsSL "$CONFIG_URL" -o "${CONFIG_PATH}.tmp" if [ $? -eq 0 ] && [ -s "${CONFIG_PATH}.tmp" ]; then if ! cmp -s "${CONFIG_PATH}.tmp" "$CONFIG_PATH"; then mv "${CONFIG_PATH}.tmp" "$CONFIG_PATH" # Reload proxy without restart pkill -SIGHUP mtproto-proxy echo "Config refreshed and proxy reloaded" else rm "${CONFIG_PATH}.tmp" echo "Config unchanged" fi else rm -f "${CONFIG_PATH}.tmp" echo "Config refresh failed" fi # Add to crontab for periodic refresh: # 0 */6 * * * /opt/mtproxy/config-refresh.sh ``` -------------------------------- ### Download and Prepare MTProxy Static Binary Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Download the pre-built static binary for your architecture and make it executable. A secret is generated for the proxy. ```bash # Download (choose amd64 or arm64) curl -Lo mtproto-proxy https://github.com/GetPageSpeed/MTProxy/releases/latest/download/mtproto-proxy-linux-amd64 chmod +x mtproto-proxy # Generate a secret SECRET=$(head -c 16 /dev/urandom | xxd -ps) ``` -------------------------------- ### Run MTProxy with IP Access Control Source: https://context7.com/getpagespeed/mtproxy/llms.txt Launches MTProxy with IP blocklist and allowlist enabled. The --ip-blocklist and --ip-allowlist flags specify the respective configuration files. ```bash ./objs/bin/mtproto-proxy \ -u nobody \ -p 8888 \ -H 443 \ -S "$SECRET" \ --ip-blocklist blocklist.txt \ --ip-allowlist allowlist.txt \ --http-stats \ --aes-pwd proxy-secret \ proxy-multi.conf ``` -------------------------------- ### Direct-to-DC Mode Startup Source: https://context7.com/getpagespeed/mtproxy/llms.txt Runs MTProxy in direct-to-data center mode, bypassing Telegram's middle-end relays for potentially lower latency. This mode does not require proxy-secret or proxy-multi.conf files. Note: --direct is incompatible with -P. ```bash # Generate secret SECRET=$(head -c 16 /dev/urandom | xxd -ps) # Run in direct mode (no proxy-secret or proxy-multi.conf needed) ./objs/bin/mtproto-proxy \ -u nobody \ -p 8888 \ -H 443 \ -S "$SECRET" \ --http-stats \ --direct \ -M 1 # Note: --direct is incompatible with -P (proxy tag) # Direct mode reduces latency but cannot use promoted channels ``` -------------------------------- ### Clone MTProxy Repository and Build Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Clones the MTProxy source code from GitHub and navigates into the project directory. It then builds the proxy binary, which will be located in `objs/bin/mtproto-proxy`. ```bash git clone https://github.com/GetPageSpeed/MTProxy cd MTProxy make && cd objs/bin ``` -------------------------------- ### Run MTProxy with Custom Backend Source: https://context7.com/getpagespeed/mtproxy/llms.txt Launches MTProxy with specified user, ports, secret, stats, and AES password. The --http-stats flag enables the stats endpoint, and --aes-pwd is used for secure password authentication. ```bash ./objs/bin/mtproto-proxy \ -u nobody \ -p 8888 \ -H 443 \ -S "cafe1234567890abcdef1234567890ab" \ -D mywebsite.com:8443 \ --http-stats \ --aes-pwd proxy-secret \ proxy-multi.conf ``` -------------------------------- ### Create IP Allowlist File Source: https://context7.com/getpagespeed/mtproxy/llms.txt Defines a list of IP address ranges in CIDR notation to allow client connections. When used, only IPs matching these ranges will be permitted. ```bash cat > allowlist.txt << 'EOF' \ # Allow only corporate network \ 10.0.0.0/8 \ 172.16.0.0/12 \ EOF ``` -------------------------------- ### Run Local MTProxy Tests Source: https://github.com/getpagespeed/mtproxy/blob/master/TESTING.md Execute the MTProxy test script using Python after setting up dependencies and environment variables. ```bash python3 tests/test_proxy.py ``` -------------------------------- ### Run MTProxy Tests with Docker Source: https://github.com/getpagespeed/mtproxy/blob/master/README.md Executes the MTProxy test suite using Docker. Ensure you have exported the necessary environment variables as detailed in TESTING.md before running this command. ```bash # Export environment variables (see TESTING.md) export MTPROXY_SECRET=... make test ``` -------------------------------- ### Configure Multiple Secrets with Labels and Limits Source: https://context7.com/getpagespeed/mtproxy/llms.txt Sets up MTProxy with multiple secrets, each associated with a human-readable label and a per-secret connection limit. This aids in access control and monitoring. Format: -S <32-hex-secret>: