The Telegram Messenger MTProto proxy is a zero-configuration container that automatically sets up a proxy server that speaks Telegram's native MTProto.
This image is an unofficial fork of telegrammessenger/proxy which left unmaintained. Automatically built from the official implementation.
First pull the docker image from docker-hub: zeroberto/mtproto-proxy
mkdir -p /opt/mtproxy
docker run -d --network host \
-p 443:443 -p 2398:2398 --name=mtproxy \
--restart=always \
-e SECRET=$(hexdump -vn16 -e'4/4 "%08X" 1 "\n"' /dev/urandom) \
-v /opt/mtproxy:/data zeroberto/mtproto-proxy:latest
To quickly try it out use:
docker run -it --rm -p 443:443 zeroberto/mtproto-proxy:latest
The container's log output will contain the links to paste into the Telegram app:
[+] No secret passed. Will generate 1 random ones.
[*] Final configuration:
[*] Secret 1: ...
[*] tg:// link for secret 1 auto configuration: tg://proxy?server=...6&port=443&secret=...
[*] t.me link for secret 1: https://t.me/proxy?server=...&port=443&secret=...
[*] Tag: no tag
[*] External IP: ...
[*] Make sure to fix the links in case you run the proxy on a different port.
To start the proxy as a permanent daemon which starts after server/docker restart:
docker run -d -p 443:443 --name=mtproxy --restart=always -v mtproxy:/data zeroberto/mtproto-proxy:latest
Then obtain links for Telegram app by reading container's logs with docker logs -f mtproxy
.
-
The secret will persist across container upgrades in a volume. It is a mandatory configuration parameter. If not provided, it will be generated automatically at container start.
-
You may forward any other port to the container's
443
by changing left side port. -
Be sure to fix the automatic configuration links if you do so.
Please note that the proxy gets the Telegram core IP addresses at the start of the container. We try to keep the changes to a minimum, but you should restart the container about once a day, just in case.
Once your MTProxy server is up and running go to @MTProxybot and register your proxy with Telegram to gain access to usage statistics and monetization. Then set the TAG
environment variable.
Several options are configurable using environment variables.
If you need to specify a custom secret (say, if you are deploying multiple proxies with DNS load-balancing), you may pass the SECRET
environment variable as 16 bytes in lower-case hexidecimals: docker run ... -e SECRET=00baadf00d15abad1deaa51sbaadcafe zeroberto/mtproto-proxy:latest
The proxy may be configured to accept up to 16 different secrets. You may specify them explicitly as comma-separated hex strings in the SECRET
environment variable, or you may let the container generate the secrets automatically using the SECRET_COUNT
variable to limit the number of generated secrets.
💡Example: Manualy specify different secrets: docker run ... -e SECRET=secret1,secret2 zeroberto/mtproto-proxy:latest
💡Example: Set secret count: docker run ... -e SECRET_COUNT=4 zeroberto/mtproto-proxy:latest
A custom advertisement tag may be provided using the TAG
environment variable:
💡Example: Setting Tag: docker run ... -e TAG=3f40462915a3e6026a4d790127b95ded zeroberto/mtproto-proxy:latest
Please note that the tag is not persistent. You'll have to provide it as an environment variable every time you run an MTProto proxy container.
A single worker process is expected to handle tens of thousands of clients on a modern CPU. For best performance we artificially limit the proxy to 60000
connections per core and run one workers by default. If you have many clients, be sure to adjust the WORKERS
variable.
💡Example: Setting number of workers to 16: docker run ... -e WORKERS=16 zeroberto/mtproto-proxy:latest
DEBUG
: Set totrue
to enable init script debuggingSECRET_FILE
: Where to store generated secret.Defaults to/data/secret
PROXY_SECRET_FILE
: Optained from telegram servers for communication during init. Defaults to/data/proxy.secret
PROXY_CONFIG_FILE
: Telegram core IP addresses obtained from telegram during init. Defaults to/data/proxy.conf
IP
: Server external IP. If not provided, will be automatically detectedINTERNAL_IP
: Server internal IP for NAT. If not provided, will be automatically detected,PORT
: Listening port. Defaults to443
INTERNAL_PORT
: Monitoring port. Defaults to2398
ARGS
: Additional custom args to be passed tomtproto-proxy
binary
The MTProto proxy server exports internal statistics as tab-separated values over the http://localhost:2398/stats endpoint. Please note that this endpoint is available only from localhost: depending on your configuration, you may need to collect the statistics with docker exec mtproto-proxy curl http://localhost:2398/stats
.
ready_targets
: number of Telegram core servers the proxy will try to connect to.active_targets
: number of Telegram core servers the proxy is actually connected to. Should be equal to ready_targets.total_special_connections
: number of inbound client connectionstotal_max_special_connections
: the upper limit on inbound connections. Is equal to60000
multiplied by worker count.
MTProto Proxy may fail to operate properly in certain conditions. There are two major problem categories: the client might not be able to connect to your proxy server (client applications will hang in "connecting" state), or your proxy server is unable to connect to the core Telegram servers (application hangs in "updating" state).
"Connecting" problems are usually caused by a misconfigured firewall, a Docker port forwarding problem, a state censorship issue, or a combination of the above.
If clients hang in an "updating" state, be sure to check the following:
- Firewalls and/or DPI checkpoints between your proxy server and the core Telegram servers may not allow traffic to pass. Check your local firewall first.
- Your proxy server's system time should be within five seconds of UTC. You should be running a time synchronization daemon to keep these issues to a minimum.
- The MTProto Proxy must know about its globally routable external IP address if it's behind NAT. The container tries to detect the external IP address automatically, but this may fail if you have extracted the binary out of the container. Use
mtproto-proxy --nat-info
command line switch to configure the proxy server.