github/across
1
0
Fork 0
mirror of https://github.com/teddysun/across.git synced 2025-01-18 22:09:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Removed mtproxy

Browse Source
This commit is contained in:
Teddysun 2020-06-01 20:41:29 +09:00
parent dca412bf6d
commit c86c65ba98
5 changed files with 0 additions and 530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docker/mtproxy/Dockerfile
View File

@ -1,30 +0,0 @@
# Dockerfile for MTProxy based alpine
# Copyright (C) 2020 Teddysun <i@teddysun.com>
# Reference URL:
# https://github.com/TelegramMessenger/MTProxy
FROM alpine:latest AS builder
WORKDIR /root
COPY patches /root/patches
RUN set -ex \
&& apk add --no-cache git build-base linux-headers musl-dev openssl-dev zlib-dev \
&& git clone https://github.com/TelegramMessenger/MTProxy.git \
&& cd MTProxy \
&& patch -p0 -i /root/patches/randr_compat.patch \
&& make
FROM alpine:latest
LABEL maintainer="Teddysun <i@teddysun.com>"
COPY entrypoint.sh /
COPY --from=builder /root/MTProxy/objs/bin/mtproto-proxy /usr/bin
RUN set -ex \
&& apk add --no-cache curl tzdata \
&& chmod 755 /entrypoint.sh
ENV TZ=Asia/Shanghai
EXPOSE 443 2398
VOLUME /data
WORKDIR /data
ENTRYPOINT ["/entrypoint.sh"]
CMD [ "--port", "2398", "--http-ports", "443", "--slaves", "2", "--max-special-connections", "60000", "--allow-skip-dh" ]

30
docker/mtproxy/Dockerfile.architecture
View File

@ -1,30 +0,0 @@
# Dockerfile for MTProxy based alpine
# Copyright (C) 2020 Teddysun <i@teddysun.com>
# Reference URL:
# https://github.com/TelegramMessenger/MTProxy
FROM --platform=${TARGETPLATFORM} alpine:latest AS builder
WORKDIR /root
COPY patches /root/patches
RUN set -ex \
&& apk add --no-cache git build-base linux-headers musl-dev openssl-dev zlib-dev \
&& git clone https://github.com/TelegramMessenger/MTProxy.git \
&& cd MTProxy \
&& patch -p0 -i /root/patches/randr_compat.patch \
&& make
FROM --platform=${TARGETPLATFORM} alpine:latest
LABEL maintainer="Teddysun <i@teddysun.com>"
COPY entrypoint.sh /
COPY --from=builder /root/MTProxy/objs/bin/mtproto-proxy /usr/bin
RUN set -ex \
&& apk add --no-cache curl tzdata \
&& chmod 755 /entrypoint.sh
ENV TZ=Asia/Shanghai
EXPOSE 443 2398
VOLUME /data
WORKDIR /data
ENTRYPOINT ["/entrypoint.sh"]
CMD [ "--port", "2398", "--http-ports", "443", "--slaves", "2", "--max-special-connections", "60000", "--allow-skip-dh" ]

85
docker/mtproxy/README.md
View File

@ -1,85 +0,0 @@
## MTProxy Docker Image by Teddysun
The [Telegram Messenger MTProto proxy][1] is a zero-configuration container that automatically sets up a proxy server that speaks Telegram's native MTProto.
This Docker Image Based on the work of [alexdoesh](https://github.com/alexdoesh/mtproxy)
Docker images are built for quick deployment in various computing cloud providers.
For more information on docker and containerization technologies, refer to [official document][2].
## Prepare the host
If you need to install docker by yourself, follow the [official installation guide][3].
## Pull the image
```bash
$ docker pull teddysun/mtproxy
```
This pulls the latest release of MTProxy.
It can be found at [Docker Hub][4].
## Start a container
You **must create a directory** `/etc/mtproxy` in host at first:
```
$ mkdir -p /etc/mtproxy
```
To start the proxy all you need to do is below:
`docker run -d -p443:443 --name=mtproxy --restart=always -v /etc/mtproxy:/data teddysun/mtproxy`
The container's log output (`docker logs mtproxy`) will contain the links to paste into the Telegram app:
```
[+] Using the explicitly passed secret: '00baadf00d15abad1deaa515baadcafe'.
[+] Saving it to /data/secret.
[*] Final configuration:
[*] Secret 1: 00baadf00d15abad1deaa515baadcafe
[*] tg:// link for secret 1 auto configuration: : tg://proxy?server=3.14.15.92&port=443&secret=00baadf00d15abad1deaa515baadcafe
[*] t.me link for secret 1: tg://proxy?server=3.14.15.92&port=443&secret=00baadf00d15abad1deaa515baadcafe
[*] Tag: no tag
[*] External IP: 3.14.15.92
[*] Make sure to fix the links in case you run the proxy on a different port.
```
**Warning**: The port number `443` must be opened in firewall.
The secret will persist across container upgrades in a volume.
It is a mandatory configuration parameter: if not provided, it will be generated automatically at container start.
You may forward any other port to the container's 443: be sure to fix the automatic configuration links if you do so.
Please note that the proxy gets the Telegram core IP addresses at the start of the container. We try to keep the changes to a minimum, but you should restart the container about once a day, just in case.
## Registering your proxy
Once your MTProxy server is up and running go to [@MTProxybot](https://t.me/mtproxybot) and register your proxy with Telegram to gain access to usage statistics and monetization.
## Custom configuration
If you need to specify a custom secret (say, if you are deploying multiple proxies with DNS load-balancing), you may pass the SECRET environment variable as 16 bytes in lower-case hexidecimals:
`docker run -d -p443:443 -v /etc/mtproxy:/data -e SECRET=00baadf00d15abad1deaa51sbaadcafe teddysun/mtproxy`
## Monitoring
The MTProto proxy server exports internal statistics as tab-separated values over the http://localhost:2398/stats endpoint.
Please note that this endpoint is available only from localhost: depending on your configuration, you may need to collect the statistics with `docker exec mtproxy curl http://localhost:2398/stats`.
* `ready_targets`: number of Telegram core servers the proxy will try to connect to.
* `active_targets`: number of Telegram core servers the proxy is actually connected to. Should be equal to ready_targets.
* `total_special_connections`: number of inbound client connections
* `total_max_special_connections`: the upper limit on inbound connections. Is equal to 60000 multiplied by worker count.
[1]: https://github.com/TelegramMessenger/MTProxy
[2]: https://docs.docker.com/
[3]: https://docs.docker.com/install/
[4]: https://hub.docker.com/r/teddysun/mtproxy/

111
docker/mtproxy/entrypoint.sh
View File

@ -1,111 +0,0 @@
#!/bin/sh
if [ ! -z "$DEBUG" ]; then set -x; fi
mkdir /data 2>/dev/null >/dev/null
RANDOM=$(printf "%d" "0x$(head -c4 /dev/urandom | od -t x1 -An | tr -d ' ')")
if [ -z "$WORKERS" ]; then
WORKERS=1
fi
SECRET_CMD=""
if [ ! -z "$SECRET" ]; then
echo "[+] Using the explicitly passed secret: '$SECRET'."
elif [ -f /data/secret ]; then
SECRET="$(cat /data/secret)"
echo "[+] Using the secret in /data/secret: '$SECRET'."
else
if [[ ! -z "$SECRET_COUNT" ]]; then
if [[ "$SECRET_COUNT" -le 1 || "$SECRET_COUNT" -ge 16 ]]; then
echo "[F] Can generate between 1 and 16 secrets."
exit 5
fi
else
SECRET_COUNT="1"
fi
echo "[+] No secret passed. Will generate $SECRET_COUNT random ones."
SECRET="$(dd if=/dev/urandom bs=16 count=1 2>&1 | od -tx1 | head -n1 | tail -c +9 | tr -d ' ')"
for pass in $(seq 2 $SECRET_COUNT); do
SECRET="$SECRET,$(dd if=/dev/urandom bs=16 count=1 2>&1 | od -tx1 | head -n1 | tail -c +9 | tr -d ' ')"
done
fi
if echo "$SECRET" | grep -qE '^[0-9a-fA-F]{32}(,[0-9a-fA-F]{32}){0,15}$'; then
SECRET="$(echo "$SECRET" | tr '[:upper:]' '[:lower:]')"
SECRET_CMD="-S $(echo "$SECRET" | sed 's/,/ -S /g')"
echo -- "$SECRET_CMD" > /data/secret_cmd
echo "$SECRET" > /data/secret
else
echo '[F] Bad secret format: should be 32 hex chars (for 16 bytes) for every secret; secrets should be comma-separated.'
exit 1
fi
if [ ! -z "$TAG" ]; then
echo "[+] Using the explicitly passed tag: '$TAG'."
fi
TAG_CMD=""
if [[ ! -z "$TAG" ]]; then
if echo "$TAG" | grep -qE '^[0-9a-fA-F]{32}$'; then
TAG="$(echo "$TAG" | tr '[:upper:]' '[:lower:]')"
TAG_CMD="-P $TAG"
else
echo '[!] Bad tag format: should be 32 hex chars (for 16 bytes).'
echo '[!] Continuing.'
fi
fi
REMOTE_CONFIG=/data/proxy-multi.conf
curl -s https://core.telegram.org/getProxyConfig -o ${REMOTE_CONFIG} || {
echo '[F] Cannot download proxy configuration from Telegram servers.'
exit 2
}
REMOTE_SECRET=/data/proxy-secret
curl -s https://core.telegram.org/getProxySecret -o ${REMOTE_SECRET} || {
echo '[F] Cannot download proxy secret from Telegram servers.'
exit 5
}
if [ ! -z "$EXTERNAL_IP" ]; then
echo "[+] Using the explicitly passed external IP: ${EXTERNAL_IP}."
else
EXTERNAL_IP="$(curl -s -4 "ipv4.icanhazip.com")"
if [[ -z "$EXTERNAL_IP" ]]; then
echo "[F] Cannot determine external IP address."
exit 3
else
echo "[+] Using the detected external IP: ${EXTERNAL_IP}."
fi
fi
if [ ! -z "$INTERNAL_IP" ]; then
echo "[+] Using the explicitly passed internal IP: ${INTERNAL_IP}."
else
INTERNAL_IP="$(ip -4 route get 8.8.8.8 | grep '^8\.8\.8\.8\s' | grep -Eo 'src\s+\d+\.\d+\.\d+\.\d+' | awk '{print $2}')"
if [[ -z "$INTERNAL_IP" ]]; then
echo "[F] Cannot determine internal IP address."
exit 4
else
echo "[+] Using the detected internal IP: ${INTERNAL_IP}."
fi
fi
echo "[*] Final configuration:"
I=1
echo "$SECRET" | tr ',' '\n' | while read S; do
echo "[*] Secret $I: $S"
echo "[*] tg:// link for secret $I auto configuration: tg://proxy?server=${EXTERNAL_IP}&port=443&secret=${S}"
echo "[*] t.me link for secret $I: https://t.me/proxy?server=${EXTERNAL_IP}&port=443&secret=${S}"
I=$(($I+1))
done
[ ! -z "$TAG" ] && echo "[*] Tag: $TAG" || echo "[*] Tag: no tag"
echo "[*] External IP: ${EXTERNAL_IP}"
echo "[*] Make sure to fix the links in case you run the proxy on a different port."
echo
echo '[+] Starting proxy...'
sleep 1
# start mtproto-proxy
exec mtproto-proxy "$@" --aes-pwd ${REMOTE_SECRET} --user root ${REMOTE_CONFIG} --nat-info "$INTERNAL_IP:$EXTERNAL_IP" ${SECRET_CMD} ${TAG_CMD}

274
docker/mtproxy/patches/randr_compat.patch
View File

@ -1,274 +0,0 @@
Index: jobs/jobs.h
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- jobs/jobs.h (revision cdd348294d86e74442bb29bd6767e48321259bec)
+++ jobs/jobs.h (date 1527996954000)
@@ -28,6 +28,8 @@
#include "net/net-msg.h"
#include "net/net-timers.h"
+#include "common/randr_compat.h"
+
#define __joblocked
#define __jobref
Index: common/server-functions.c
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- common/server-functions.c (revision cdd348294d86e74442bb29bd6767e48321259bec)
+++ common/server-functions.c (date 1527998325000)
@@ -35,7 +35,9 @@
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
+#ifdef __GLIBC__
#include <execinfo.h>
+#endif
#include <fcntl.h>
#include <getopt.h>
#include <grp.h>
@@ -168,6 +170,7 @@
}
void print_backtrace (void) {
+#ifdef __GLIBC__
void *buffer[64];
int nptrs = backtrace (buffer, 64);
kwrite (2, "\n------- Stack Backtrace -------\n", 33);
@@ -178,6 +181,7 @@
kwrite (2, s, strlen (s));
kwrite (2, "\n", 1);
}
+#endif
}
pthread_t debug_main_pthread_id;
Index: common/randr_compat.h
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- common/randr_compat.h (date 1527998264000)
+++ common/randr_compat.h (date 1527998264000)
@@ -0,0 +1,72 @@
+/*
+ The GNU C Library is free software. See the file COPYING.LIB for copying
+ conditions, and LICENSES for notices about a few contributions that require
+ these additional notices to be distributed. License copyright years may be
+ listed using range notation, e.g., 2000-2011, indicating that every year in
+ the range, inclusive, is a copyrightable year that would otherwise be listed
+ individually.
+*/
+
+#pragma once
+
+#include <endian.h>
+#include <pthread.h>
+
+struct drand48_data {
+ unsigned short int __x[3]; /* Current state. */
+ unsigned short int __old_x[3]; /* Old state. */
+ unsigned short int __c; /* Additive const. in congruential formula. */
+ unsigned short int __init; /* Flag for initializing. */
+ unsigned long long int __a; /* Factor in congruential formula. */
+};
+
+union ieee754_double
+{
+ double d;
+
+ /* This is the IEEE 754 double-precision format. */
+ struct
+ {
+#if __BYTE_ORDER == __BIG_ENDIAN
+ unsigned int negative:1;
+ unsigned int exponent:11;
+ /* Together these comprise the mantissa. */
+ unsigned int mantissa0:20;
+ unsigned int mantissa1:32;
+#endif /* Big endian. */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ /* Together these comprise the mantissa. */
+ unsigned int mantissa1:32;
+ unsigned int mantissa0:20;
+ unsigned int exponent:11;
+ unsigned int negative:1;
+#endif /* Little endian. */
+ } ieee;
+
+ /* This format makes it easier to see if a NaN is a signalling NaN. */
+ struct
+ {
+#if __BYTE_ORDER == __BIG_ENDIAN
+ unsigned int negative:1;
+ unsigned int exponent:11;
+ unsigned int quiet_nan:1;
+ /* Together these comprise the mantissa. */
+ unsigned int mantissa0:19;
+ unsigned int mantissa1:32;
+#else
+ /* Together these comprise the mantissa. */
+ unsigned int mantissa1:32;
+ unsigned int mantissa0:19;
+ unsigned int quiet_nan:1;
+ unsigned int exponent:11;
+ unsigned int negative:1;
+#endif
+ } ieee_nan;
+};
+
+#define IEEE754_DOUBLE_BIAS 0x3ff /* Added to exponent. */
+
+int drand48_r (struct drand48_data *buffer, double *result);
+int lrand48_r (struct drand48_data *buffer, long int *result);
+int mrand48_r (struct drand48_data *buffer, long int *result);
+int srand48_r (long int seedval, struct drand48_data *buffer);
\ No newline at end of file
Index: Makefile
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- Makefile (revision cdd348294d86e74442bb29bd6767e48321259bec)
+++ Makefile (date 1527998107000)
@@ -40,6 +40,7 @@
DEPENDENCE_NORM := $(subst ${OBJ}/,${DEP}/,$(patsubst %.o,%.d,${OBJECTS}))
LIB_OBJS_NORMAL := \
+ ${OBJ}/common/randr_compat.o \
${OBJ}/common/crc32c.o \
${OBJ}/common/pid.o \
${OBJ}/common/sha1.o \
Index: common/randr_compat.c
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- common/randr_compat.c (date 1527998213000)
+++ common/randr_compat.c (date 1527998213000)
@@ -0,0 +1,120 @@
+/*
+ The GNU C Library is free software. See the file COPYING.LIB for copying
+ conditions, and LICENSES for notices about a few contributions that require
+ these additional notices to be distributed. License copyright years may be
+ listed using range notation, e.g., 2000-2011, indicating that every year in
+ the range, inclusive, is a copyrightable year that would otherwise be listed
+ individually.
+*/
+
+#include <stddef.h>
+#include "common/randr_compat.h"
+
+int __drand48_iterate (unsigned short int xsubi[3], struct drand48_data *buffer) {
+ uint64_t X;
+ uint64_t result;
+
+ /* Initialize buffer, if not yet done. */
+ if (!buffer->__init == 0)
+ {
+ buffer->__a = 0x5deece66dull;
+ buffer->__c = 0xb;
+ buffer->__init = 1;
+ }
+
+ /* Do the real work. We choose a data type which contains at least
+ 48 bits. Because we compute the modulus it does not care how
+ many bits really are computed. */
+
+ X = (uint64_t) xsubi[2] << 32 | (uint32_t) xsubi[1] << 16 | xsubi[0];
+
+ result = X * buffer->__a + buffer->__c;
+
+ xsubi[0] = result & 0xffff;
+ xsubi[1] = (result >> 16) & 0xffff;
+ xsubi[2] = (result >> 32) & 0xffff;
+
+ return 0;
+}
+
+int __erand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, double *result) {
+ union ieee754_double temp;
+
+ /* Compute next state. */
+ if (__drand48_iterate (xsubi, buffer) < 0)
+ return -1;
+
+ /* Construct a positive double with the 48 random bits distributed over
+ its fractional part so the resulting FP number is [0.0,1.0). */
+
+ temp.ieee.negative = 0;
+ temp.ieee.exponent = IEEE754_DOUBLE_BIAS;
+ temp.ieee.mantissa0 = (xsubi[2] << 4) | (xsubi[1] >> 12);
+ temp.ieee.mantissa1 = ((xsubi[1] & 0xfff) << 20) | (xsubi[0] << 4);
+
+ /* Please note the lower 4 bits of mantissa1 are always 0. */
+ *result = temp.d - 1.0;
+
+ return 0;
+}
+
+int __nrand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, long int *result) {
+ /* Compute next state. */
+ if (__drand48_iterate (xsubi, buffer) < 0)
+ return -1;
+
+ /* Store the result. */
+ if (sizeof (unsigned short int) == 2)
+ *result = xsubi[2] << 15 | xsubi[1] >> 1;
+ else
+ *result = xsubi[2] >> 1;
+
+ return 0;
+}
+
+int __jrand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, long int *result) {
+ /* Compute next state. */
+ if (__drand48_iterate (xsubi, buffer) < 0)
+ return -1;
+
+ /* Store the result. */
+ *result = (int32_t) ((xsubi[2] << 16) | xsubi[1]);
+
+ return 0;
+}
+
+int drand48_r (struct drand48_data *buffer, double *result) {
+ return __erand48_r (buffer->__x, buffer, result);
+}
+
+int lrand48_r (struct drand48_data *buffer, long int *result) {
+ /* Be generous for the arguments, detect some errors. */
+ if (buffer == NULL)
+ return -1;
+
+ return __nrand48_r (buffer->__x, buffer, result);
+}
+
+int mrand48_r (struct drand48_data *buffer, long int *result) {
+ /* Be generous for the arguments, detect some errors. */
+ if (buffer == NULL)
+ return -1;
+
+ return __jrand48_r (buffer->__x, buffer, result);
+}
+
+int srand48_r (long int seedval, struct drand48_data *buffer) {
+ /* The standards say we only have 32 bits. */
+ if (sizeof (long int) > 4)
+ seedval &= 0xffffffffl;
+
+ buffer->__x[2] = seedval >> 16;
+ buffer->__x[1] = seedval & 0xffffl;
+ buffer->__x[0] = 0x330e;
+
+ buffer->__a = 0x5deece66dull;
+ buffer->__c = 0xb;
+ buffer->__init = 1;
+
+ return 0;
+}
\ No newline at end of file