1. Home
  2. Administration
  3. Telegram proxy (mtproto)

Telegram proxy (mtproto)

Using https://github.com/telemt/telemt.

You would need a docker installed on your VPS.

We want to start a proxy on :3443.

mkdir telemt
cd telemt
vi ./docker-compose.yml

docker-compose.yml

services:
  telemt:
    image: whn0thacked/telemt-docker:latest
    container_name: telemt
    restart: unless-stopped
    environment:
      - RUST_LOG=info
    volumes:
      - ./telemt.toml:/etc/telemt.toml:ro
    ports:
      - "3443:3443/tcp"
      - "9191:9091"
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    read_only: true
    tmpfs:
      - /tmp:rw,nosuid,nodev,noexec,size=16m

generate a random secret

openssl rand -hex 16
# or
head -c 16 /dev/urandom | xxd -ps

vi ./telemt.toml

telemt.toml (update values in `<>`)

### Telemt Based Config.toml
# We believe that these settings are sufficient for most scenarios
# where cutting-egde methods and parameters or special solutions are not needed

# === General Settings ===
[general]
use_middle_proxy = false
# Global ad_tag fallback when user has no per-user tag in [access.user_ad_tags]
ad_tag = "00000000000000000000000000000000"
# Per-user ad_tag in [access.user_ad_tags] (32 hex from @MTProxybot)

# === Log Level ===
# Log level: debug | verbose | normal | silent
# Can be overridden with --silent or --log-level CLI flags
# RUST_LOG env var takes absolute priority over all of these
log_level = "normal"

[general.modes]
classic = true
secure = false
tls = false

[general.links]
show = "*"
# show = ["alice", "bob"] # Only show links for alice and bob
# show = "*"              # Show links for all users
public_host = "<your VPS public host>"  # Host (IP or domain) for tg:// links
public_port = 3443                  # Port for tg:// links (default: server.port)

# === Server Binding ===
[server]
port = 3443
# proxy_protocol = false           # Enable if behind HAProxy/nginx with PROXY protocol
# metrics_port = 9090
# metrics_listen = "0.0.0.0:9090"  # Listen address for metrics (overrides metrics_port)
# metrics_whitelist = ["127.0.0.1", "::1", "0.0.0.0/0"]

[server.api]
enabled = true
listen = "0.0.0.0:9091"
whitelist = []
minimal_runtime_enabled = false
minimal_runtime_cache_ttl_ms = 1000

# Listen on multiple interfaces/IPs - IPv4
[[server.listeners]]
ip = "0.0.0.0"

# === Anti-Censorship & Masking ===
[censorship]
tls_domain = "www.microsoft.com"
mask = true
tls_emulation = true        # Fetch real cert lengths and emulate TLS records
tls_front_dir = "tlsfront"   # Cache directory for TLS emulation
mask_port = 443

[access.users]
# format: "username" = "32_hex_chars_secret"
hello = "<your random secret>"

docker compose up -d
# wait a few seconds
docker logs telemt|grep tg:

Don’t forget to allow this port in your VPS’ firewall:

ufw allow 3443/tcp

It will give you a link to be used as a proxy for Telegram. It works as a classical proxy, no fake tls.
For fake tls to be working, you need to updategeneral.modes part of the config to look as follows:

[general.modes]
classic = true
secure = false
tls = true

and general as well:

use_middle_proxy = true

That’s how you can get all proxy links by user:
curl -s http://127.0.0.1:9191/v1/users | jq

You can check if it’s working as expected this way (on your local machine):

curl -v -I --resolve petrovich.ru:443:[your vps' public ip] https://www.microsoft.com/
Leave a Comment

LEAVE A COMMENT

Copyright © 2015 Your Company. All Rights Reserved.

Powered by WordPress. Theme by Arinio