Telegram proxy (mtproto)

You would need a docker installed on your VPS.

We want to start a proxy on :3443.

mkdir telemt
cd telemt
vi ./docker-compose.yml

mkdir telemt

cd telemt

vi ./docker-compose.yml

docker-compose.yml

services:
  telemt:
    image: whn0thacked/telemt-docker:latest
    container_name: telemt
    restart: unless-stopped
    environment:
      - RUST_LOG=info
    volumes:
      - ./telemt.toml:/etc/telemt.toml:ro
    ports:
      - "3443:3443/tcp"
      - "9191:9091"
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    read_only: true
    tmpfs:
      - /tmp:rw,nosuid,nodev,noexec,size=16m

services:

telemt:

image: whn0thacked/telemt-docker:latest

container_name: telemt

restart: unless-stopped

environment:

- RUST_LOG=info

volumes:

- ./telemt.toml:/etc/telemt.toml:ro

ports:

- "3443:3443/tcp"

- "9191:9091"

security_opt:

- no-new-privileges:true

cap_drop:

- ALL

cap_add:

- NET_BIND_SERVICE

read_only: true

tmpfs:

- /tmp:rw,nosuid,nodev,noexec,size=16m

generate a random secret

openssl rand -hex 16
# or
head -c 16 /dev/urandom | xxd -ps

openssl rand -hex 16

# or

head -c 16 /dev/urandom | xxd -ps

vi ./telemt.toml

1	vi ./telemt.toml

telemt.toml (update values in <>)

### Telemt Based Config.toml
# We believe that these settings are sufficient for most scenarios
# where cutting-egde methods and parameters or special solutions are not needed

# === General Settings ===
[general]
use_middle_proxy = false
# Global ad_tag fallback when user has no per-user tag in [access.user_ad_tags]
ad_tag = "00000000000000000000000000000000"
# Per-user ad_tag in [access.user_ad_tags] (32 hex from @MTProxybot)

# === Log Level ===
# Log level: debug | verbose | normal | silent
# Can be overridden with --silent or --log-level CLI flags
# RUST_LOG env var takes absolute priority over all of these
log_level = "normal"

[general.modes]
classic = true
secure = false
tls = false

[general.links]
show = "*"
# show = ["alice", "bob"] # Only show links for alice and bob
# show = "*"              # Show links for all users
public_host = "<your VPS public host>"  # Host (IP or domain) for tg:// links
public_port = 3443                  # Port for tg:// links (default: server.port)

# === Server Binding ===
[server]
port = 3443
# proxy_protocol = false           # Enable if behind HAProxy/nginx with PROXY protocol
# metrics_port = 9090
# metrics_listen = "0.0.0.0:9090"  # Listen address for metrics (overrides metrics_port)
# metrics_whitelist = ["127.0.0.1", "::1", "0.0.0.0/0"]

[server.api]
enabled = true
listen = "0.0.0.0:9091"
whitelist = []
minimal_runtime_enabled = false
minimal_runtime_cache_ttl_ms = 1000

# Listen on multiple interfaces/IPs - IPv4
[[server.listeners]]
ip = "0.0.0.0"

# === Anti-Censorship & Masking ===
[censorship]
tls_domain = "www.microsoft.com"
mask = true
tls_emulation = true        # Fetch real cert lengths and emulate TLS records
tls_front_dir = "tlsfront"   # Cache directory for TLS emulation
mask_port = 443

[access.users]
# format: "username" = "32_hex_chars_secret"
hello = "<your random secret>"

### Telemt Based Config.toml

# We believe that these settings are sufficient for most scenarios

# where cutting-egde methods and parameters or special solutions are not needed

# === General Settings ===

[general]

use_middle_proxy = false

# Global ad_tag fallback when user has no per-user tag in [access.user_ad_tags]

ad_tag = "00000000000000000000000000000000"

# Per-user ad_tag in [access.user_ad_tags] (32 hex from @MTProxybot)

# === Log Level ===

# Log level: debug | verbose | normal | silent

# Can be overridden with --silent or --log-level CLI flags

# RUST_LOG env var takes absolute priority over all of these

log_level = "normal"

[general.modes]

classic = true

secure = false

tls = false

[general.links]

show = "*"

# show = ["alice", "bob"] # Only show links for alice and bob

# show = "*" # Show links for all users

public_host = "<your VPS public host>" # Host (IP or domain) for tg:// links

public_port = 3443 # Port for tg:// links (default: server.port)

# === Server Binding ===

[server]

port = 3443

# proxy_protocol = false # Enable if behind HAProxy/nginx with PROXY protocol

# metrics_port = 9090

# metrics_listen = "0.0.0.0:9090" # Listen address for metrics (overrides metrics_port)

# metrics_whitelist = ["127.0.0.1", "::1", "0.0.0.0/0"]

[server.api]

enabled = true

listen = "0.0.0.0:9091"

whitelist = []

minimal_runtime_enabled = false

minimal_runtime_cache_ttl_ms = 1000

# Listen on multiple interfaces/IPs - IPv4

[[server.listeners]]

ip = "0.0.0.0"

# === Anti-Censorship & Masking ===

[censorship]

tls_domain = "www.microsoft.com"

mask = true

tls_emulation = true # Fetch real cert lengths and emulate TLS records

tls_front_dir = "tlsfront" # Cache directory for TLS emulation

mask_port = 443

[access.users]

# format: "username" = "32_hex_chars_secret"

hello = "<your random secret>"

docker compose up -d
# wait a few seconds
docker logs telemt|grep tg:

docker compose up -d

# wait a few seconds

docker logs telemt|grep tg:

Don’t forget to allow this port in your VPS’ firewall:

ufw allow 3443/tcp

1	ufw allow 3443/tcp

It will give you a link to be used as a proxy for Telegram. It works as a classical proxy, no fake tls.
For fake tls to be working, you need to updategeneral.modes part of the config to look as follows:

[general.modes]
classic = true
secure = false
tls = true

[general.modes]

classic = true

secure = false

tls = true

and general as well:

use_middle_proxy = true

1	use_middle_proxy = true

That’s how you can get all proxy links by user:
curl -s http://127.0.0.1:9191/v1/users | jq

You can check if it’s working as expected this way (on your local machine):

curl -v -I --resolve petrovich.ru:443:[your vps' public ip] https://www.microsoft.com/

1	curl -v -I --resolve petrovich.ru:443:[your vps' public ip] https://www.microsoft.com/

Telegram proxy (mtproto)

Similar Posts

LEAVE A COMMENT Отменить ответ