MTProxy 代理搭建
发表更新学术 / MTProxy7 分钟读完 (大约1053个字)0次访问

MTProxy 代理搭建

官方 MTProxy (已和谐)

https://github.com/TelegramMessenger/MTProxy

编译安装

安装编译所需的额外依赖:

1
2
3
# centos7
$ yum -y install openssl-devel zlib-devel vim-common
$ yum -y groupinstall "Development Tools"
1
2
# ubuntu
$ apt install git curl build-essential libssl-dev zlib1g-dev

拉取项目文件以及进入到项目目录:

1
2
3
$ git clone https://github.com/TelegramMessenger/MTProxy
$ cd MTProxy
$ make

进入目录就可以看到编译好的可执行文件了:

1
cd objs/bin

现在我们通过Telegram的官方渠道获取两个配置文件:

1
2
curl -s https://core.telegram.org/getProxySecret -o proxy-secret
curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf

接着执行如下命令生成一个密匙,也可以使用已有的,不用生成:

1
head -c 16 /dev/urandom | xxd -ps

现在我们就可以尝试运行一下MTProxy了,执行如下命令:

1
./mtproto-proxy -u nobody -p 8888 -H 443 -S bccb764c3dc4977c8185a5ffc8866374 --aes-pwd proxy-secret proxy-multi.conf -M 1

注:

  1. 8888是本地监听端口,如无特殊需求保持默认即可。
  2. 443是服务端口,可根据需要自行修改。
  3. 将“密匙”替换成你之前生成的密匙。

开机启动

1
vi /etc/systemd/system/MTProxy.service
1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=MTProxy
After=network.target

[Service]
Type=simple
WorkingDirectory=/root/MTProxy
ExecStart=/root/MTProxy/objs/bin/mtproto-proxy -u nobody -p 8888 -H 443 -S bccb764c3dc4977c8185a5ffc8866374 --aes-pwd /root/MTProxy/objs/bin/proxy-secret /root/MTProxy/objs/bin/proxy-multi.conf -M 1
Restart=on-failure

[Install]
WantedBy=multi-user.target
1
2
3
4
systemctl daemon-reload
systemctl enable MTProxy.service
systemctl start MTProxy.service
systemctl status MTProxy.service

v2ray 内嵌 MTProxy (已和谐)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
{
    "inbound":{
        "listen":"127.0.0.1",
        "port":28888,
        "protocol":"vmess",
        "settings":{
            "udp":true,
            "clients":[
                {
                    "id":"7a8d53bd-cfe2-4718-9490-81d421271200",
                    "alterId":64,
                    "email":"123@v2ray.com"
                }
            ]
        },
        "streamSettings":{
            "network":"ws",
            "wsSettings":{
                "path":"/58f51920-48d1-4632-a4bc-c659c9e642b8"
            }
        }
    },
    "inboundDetour":[
        {
            "tag":"tg-in",
            "listen":"0.0.0.0",
            "port":1206,
            "protocol":"mtproto",
            "settings":{
                "users":[
                    {
                        "secret":"bccb764c3dc4977c8185a5ffc8866374"
                    }
                ]
            }
        }
    ],
    "outbound":{
        "protocol":"freedom",
        "settings":{

        }
    },
    "outboundDetour":[
        {
            "protocol":"blackhole",
            "settings":{

            },
            "tag":"blocked"
        },
        {
            "tag":"tg-out",
            "protocol":"mtproto",
            "settings":{

            }
        }
    ],
    "routing":{
        "strategy":"rules",
        "settings":{
            "rules":[
                {
                    "type":"field",
                    "inboundTag":[
                        "tg-in"
                    ],
                    "outboundTag":"tg-out"
                },
                {
                    "type":"field",
                    "ip":[
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag":"blocked"
                }
            ]
        }
    }
}

9seconds/mtg/fake-tls

docker 版本

https://hub.docker.com/r/nineseconds/mtg

安装 docker
1
2
3
curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker
拉取镜像
1
docker pull nineseconds/mtg:latest
生成反代秘钥
1
2
docker run --rm nineseconds/mtg:latest generate-secret tls -c bing.com
ee808b3b4ae628ae357d4664fced91ef8f62696e672e636f6d
创建 docker
1
docker run -d --restart always --name mtg --ulimit nofile=51200:51200 -p 12345:3128 nineseconds/mtg:latest run ee808b3b4ae628ae357d4664fced91ef8f62696e672e636f6d
查询代理信息
1
docker logs mtg
1
tg://proxy?port=12345&secret=ee808b3b4ae628ae357d4664fced91ef8f62696e672e636f6d&server=xx.xx.xx.xx

直接安装

https://github.com/9seconds/mtg

直接下载编译好的mtg的二进制文件
1
wget https://github.com/9seconds/mtg/releases/download/v1.0.1/mtg-linux-amd64
重命名二进制包
1
mv mtg-linux-amd64 mtg
赋予 root 用户对该二进制文件的可执行权限
1
chmod +x /root/mtg
使用该二进制文件生成反代某 https 网站的密钥
1
2
/root/mtg generate-secret -c www.moerats.com tls
ee398719d843ac18ce51f06d3ebba18c607777772e6d6f65726174732e636f6d  //假设这是生成的密钥
systemctl 开机启动
1
vi /etc/systemd/system/mtproxy.service
1
2
3
4
5
6
7
8
9
10
11
[Unit]
Description=mtproxy
After=network.target

[Service]
Type=simple
ExecStart=/root/mtg run -b 0.0.0.0:22283 ee398719d843ac18ce51f06d3ebba18c607777772e6d6f65726174732e636f6d
Restart=on-failure

[Install]
WantedBy=multi-user.target
1
2
3
4
systemctl daemon-reload
systemctl enable mtproxy.service
systemctl start mtproxy.service
systemctl status mtproxy.service
获取 tg 代理链接
1
tg://proxy?port=22283&secret=ee398719d843ac18ce51f06d3ebba18c60*******174732e636f6d&server=ip

freejohn123/mtproto-tls-server

https://github.com/freejohn123/mtproto-tls-server

Install Nginx

1
2
apt update && apt upgrade
apt install nginx

Get ssl

1
2
3
4
apt install certbot python-certbot-nginx
certbot --nginx

certbot renew --dry-run

Install go

1
2
3
wget https://golang.org/dl/go1.15.2.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.15.2.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin

Mtg

1
2
3
4
5
6
7
8
apt install git
git clone https://github.com/9seconds/mtg.git

cd mtg
go build
cp mtg /usr/local/bin

mtg generate-secret -c host.example.com tls

Nginx config

1
2
listen [::]:993 ssl ipv6only=on; # managed by Certbot
listen 993 ssl; # managed by Certbot

Mtg service

1
nano /usr/lib/systemd/system/mtg.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[Unit]
Description=Telegram MTProto Proxy Server
Documentation=https://github.com/9seconds/mtg
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/mtg run -w 128KB -r 128KB --prefer-ip ipv4 --cloak-port 993 -b 0.0.0.0:443 <secret>
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=never
RestartSec=1
LimitNOFILE=65536
PrivateDevices=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=yes
ProtectControlGroups=yes
DynamicUser=yes
ProtectSystem=full
RestrictSUIDSGID=true
PrivateTmp=yes
NoNewPrivileges=yes
ProtectClock=yes
ProtectKernelLogs=yes
CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP)
CapabilityBoundingSet=~CAP_SYS_ADMIN
CapabilityBoundingSet=~CAP_SYS_PTRACE
RestrictNamespaces=~CLONE_NEWUSER 

[Install]
WantedBy=multi-user.target
1
2
3
4
5
systemctl enable mtg
systemctl start mtg

systemctl status mtg
journalctl -u mtg
#
忙忙忙

链接

分类

最新文章

归档

标签

MTProxy1
N11
Navigation1
adguardhome2
bash1
bbr2
bench2
ccaa1
cf1
chocolatey1
chrome1
cmder1
command1
dns1
docker2
domains1
esxi2
filebrowser1
firewalld1
gwd1
hexo3
iptables1
keyboard1
lede1
linshi1
mtu1
music1
nginx2
nodejs1
package1
port1
redmi1
rss1
rssbot1
scoop1
script1
servercat1
shadowsocks-libev1
software2
ssh1
ssl1
time1
ufw1
vnstat1
vp91
vps3
wordpress1
youtube-dl1
编码1
×