From c86c65ba9810c93a36f4ccbfbd26679962a3cf66 Mon Sep 17 00:00:00 2001 From: Teddysun Date: Mon, 1 Jun 2020 20:41:29 +0900 Subject: [PATCH] Removed mtproxy --- docker/mtproxy/Dockerfile | 30 --- docker/mtproxy/Dockerfile.architecture | 30 --- docker/mtproxy/README.md | 85 ------- docker/mtproxy/entrypoint.sh | 111 --------- docker/mtproxy/patches/randr_compat.patch | 274 ---------------------- 5 files changed, 530 deletions(-) delete mode 100644 docker/mtproxy/Dockerfile delete mode 100644 docker/mtproxy/Dockerfile.architecture delete mode 100644 docker/mtproxy/README.md delete mode 100644 docker/mtproxy/entrypoint.sh delete mode 100644 docker/mtproxy/patches/randr_compat.patch diff --git a/docker/mtproxy/Dockerfile b/docker/mtproxy/Dockerfile deleted file mode 100644 index 2d5586b..0000000 --- a/docker/mtproxy/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -# Dockerfile for MTProxy based alpine -# Copyright (C) 2020 Teddysun -# Reference URL: -# https://github.com/TelegramMessenger/MTProxy - -FROM alpine:latest AS builder -WORKDIR /root -COPY patches /root/patches -RUN set -ex \ - && apk add --no-cache git build-base linux-headers musl-dev openssl-dev zlib-dev \ - && git clone https://github.com/TelegramMessenger/MTProxy.git \ - && cd MTProxy \ - && patch -p0 -i /root/patches/randr_compat.patch \ - && make - -FROM alpine:latest -LABEL maintainer="Teddysun " - -COPY entrypoint.sh / -COPY --from=builder /root/MTProxy/objs/bin/mtproto-proxy /usr/bin - -RUN set -ex \ - && apk add --no-cache curl tzdata \ - && chmod 755 /entrypoint.sh -ENV TZ=Asia/Shanghai -EXPOSE 443 2398 -VOLUME /data -WORKDIR /data -ENTRYPOINT ["/entrypoint.sh"] -CMD [ "--port", "2398", "--http-ports", "443", "--slaves", "2", "--max-special-connections", "60000", "--allow-skip-dh" ] diff --git a/docker/mtproxy/Dockerfile.architecture b/docker/mtproxy/Dockerfile.architecture deleted file mode 100644 index ee0aa91..0000000 --- a/docker/mtproxy/Dockerfile.architecture +++ /dev/null @@ -1,30 +0,0 @@ -# Dockerfile for MTProxy based alpine -# Copyright (C) 2020 Teddysun -# Reference URL: -# https://github.com/TelegramMessenger/MTProxy - -FROM --platform=${TARGETPLATFORM} alpine:latest AS builder -WORKDIR /root -COPY patches /root/patches -RUN set -ex \ - && apk add --no-cache git build-base linux-headers musl-dev openssl-dev zlib-dev \ - && git clone https://github.com/TelegramMessenger/MTProxy.git \ - && cd MTProxy \ - && patch -p0 -i /root/patches/randr_compat.patch \ - && make - -FROM --platform=${TARGETPLATFORM} alpine:latest -LABEL maintainer="Teddysun " - -COPY entrypoint.sh / -COPY --from=builder /root/MTProxy/objs/bin/mtproto-proxy /usr/bin - -RUN set -ex \ - && apk add --no-cache curl tzdata \ - && chmod 755 /entrypoint.sh -ENV TZ=Asia/Shanghai -EXPOSE 443 2398 -VOLUME /data -WORKDIR /data -ENTRYPOINT ["/entrypoint.sh"] -CMD [ "--port", "2398", "--http-ports", "443", "--slaves", "2", "--max-special-connections", "60000", "--allow-skip-dh" ] diff --git a/docker/mtproxy/README.md b/docker/mtproxy/README.md deleted file mode 100644 index e91b6d2..0000000 --- a/docker/mtproxy/README.md +++ /dev/null @@ -1,85 +0,0 @@ -## MTProxy Docker Image by Teddysun - -The [Telegram Messenger MTProto proxy][1] is a zero-configuration container that automatically sets up a proxy server that speaks Telegram's native MTProto. - -This Docker Image Based on the work of [alexdoesh](https://github.com/alexdoesh/mtproxy) - -Docker images are built for quick deployment in various computing cloud providers. - -For more information on docker and containerization technologies, refer to [official document][2]. - -## Prepare the host - -If you need to install docker by yourself, follow the [official installation guide][3]. - -## Pull the image - -```bash -$ docker pull teddysun/mtproxy -``` - -This pulls the latest release of MTProxy. - -It can be found at [Docker Hub][4]. - -## Start a container - -You **must create a directory** `/etc/mtproxy` in host at first: - -``` -$ mkdir -p /etc/mtproxy -``` - -To start the proxy all you need to do is below: - -`docker run -d -p443:443 --name=mtproxy --restart=always -v /etc/mtproxy:/data teddysun/mtproxy` - -The container's log output (`docker logs mtproxy`) will contain the links to paste into the Telegram app: - -``` -[+] Using the explicitly passed secret: '00baadf00d15abad1deaa515baadcafe'. -[+] Saving it to /data/secret. -[*] Final configuration: -[*] Secret 1: 00baadf00d15abad1deaa515baadcafe -[*] tg:// link for secret 1 auto configuration: : tg://proxy?server=3.14.15.92&port=443&secret=00baadf00d15abad1deaa515baadcafe -[*] t.me link for secret 1: tg://proxy?server=3.14.15.92&port=443&secret=00baadf00d15abad1deaa515baadcafe -[*] Tag: no tag -[*] External IP: 3.14.15.92 -[*] Make sure to fix the links in case you run the proxy on a different port. -``` - -**Warning**: The port number `443` must be opened in firewall. - -The secret will persist across container upgrades in a volume. - -It is a mandatory configuration parameter: if not provided, it will be generated automatically at container start. - -You may forward any other port to the container's 443: be sure to fix the automatic configuration links if you do so. - -Please note that the proxy gets the Telegram core IP addresses at the start of the container. We try to keep the changes to a minimum, but you should restart the container about once a day, just in case. - -## Registering your proxy - -Once your MTProxy server is up and running go to [@MTProxybot](https://t.me/mtproxybot) and register your proxy with Telegram to gain access to usage statistics and monetization. - -## Custom configuration - -If you need to specify a custom secret (say, if you are deploying multiple proxies with DNS load-balancing), you may pass the SECRET environment variable as 16 bytes in lower-case hexidecimals: - -`docker run -d -p443:443 -v /etc/mtproxy:/data -e SECRET=00baadf00d15abad1deaa51sbaadcafe teddysun/mtproxy` - -## Monitoring - -The MTProto proxy server exports internal statistics as tab-separated values over the http://localhost:2398/stats endpoint. - -Please note that this endpoint is available only from localhost: depending on your configuration, you may need to collect the statistics with `docker exec mtproxy curl http://localhost:2398/stats`. - -* `ready_targets`: number of Telegram core servers the proxy will try to connect to. -* `active_targets`: number of Telegram core servers the proxy is actually connected to. Should be equal to ready_targets. -* `total_special_connections`: number of inbound client connections -* `total_max_special_connections`: the upper limit on inbound connections. Is equal to 60000 multiplied by worker count. - -[1]: https://github.com/TelegramMessenger/MTProxy -[2]: https://docs.docker.com/ -[3]: https://docs.docker.com/install/ -[4]: https://hub.docker.com/r/teddysun/mtproxy/ \ No newline at end of file diff --git a/docker/mtproxy/entrypoint.sh b/docker/mtproxy/entrypoint.sh deleted file mode 100644 index 63ff06c..0000000 --- a/docker/mtproxy/entrypoint.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh -if [ ! -z "$DEBUG" ]; then set -x; fi -mkdir /data 2>/dev/null >/dev/null -RANDOM=$(printf "%d" "0x$(head -c4 /dev/urandom | od -t x1 -An | tr -d ' ')") - -if [ -z "$WORKERS" ]; then - WORKERS=1 -fi - -SECRET_CMD="" -if [ ! -z "$SECRET" ]; then - echo "[+] Using the explicitly passed secret: '$SECRET'." -elif [ -f /data/secret ]; then - SECRET="$(cat /data/secret)" - echo "[+] Using the secret in /data/secret: '$SECRET'." -else - if [[ ! -z "$SECRET_COUNT" ]]; then - if [[ "$SECRET_COUNT" -le 1 || "$SECRET_COUNT" -ge 16 ]]; then - echo "[F] Can generate between 1 and 16 secrets." - exit 5 - fi - else - SECRET_COUNT="1" - fi - - echo "[+] No secret passed. Will generate $SECRET_COUNT random ones." - SECRET="$(dd if=/dev/urandom bs=16 count=1 2>&1 | od -tx1 | head -n1 | tail -c +9 | tr -d ' ')" - for pass in $(seq 2 $SECRET_COUNT); do - SECRET="$SECRET,$(dd if=/dev/urandom bs=16 count=1 2>&1 | od -tx1 | head -n1 | tail -c +9 | tr -d ' ')" - done -fi - -if echo "$SECRET" | grep -qE '^[0-9a-fA-F]{32}(,[0-9a-fA-F]{32}){0,15}$'; then - SECRET="$(echo "$SECRET" | tr '[:upper:]' '[:lower:]')" - SECRET_CMD="-S $(echo "$SECRET" | sed 's/,/ -S /g')" - echo -- "$SECRET_CMD" > /data/secret_cmd - echo "$SECRET" > /data/secret -else - echo '[F] Bad secret format: should be 32 hex chars (for 16 bytes) for every secret; secrets should be comma-separated.' - exit 1 -fi - -if [ ! -z "$TAG" ]; then - echo "[+] Using the explicitly passed tag: '$TAG'." -fi - -TAG_CMD="" -if [[ ! -z "$TAG" ]]; then - if echo "$TAG" | grep -qE '^[0-9a-fA-F]{32}$'; then - TAG="$(echo "$TAG" | tr '[:upper:]' '[:lower:]')" - TAG_CMD="-P $TAG" - else - echo '[!] Bad tag format: should be 32 hex chars (for 16 bytes).' - echo '[!] Continuing.' - fi -fi - -REMOTE_CONFIG=/data/proxy-multi.conf -curl -s https://core.telegram.org/getProxyConfig -o ${REMOTE_CONFIG} || { - echo '[F] Cannot download proxy configuration from Telegram servers.' - exit 2 -} - -REMOTE_SECRET=/data/proxy-secret -curl -s https://core.telegram.org/getProxySecret -o ${REMOTE_SECRET} || { - echo '[F] Cannot download proxy secret from Telegram servers.' - exit 5 -} - -if [ ! -z "$EXTERNAL_IP" ]; then - echo "[+] Using the explicitly passed external IP: ${EXTERNAL_IP}." -else - EXTERNAL_IP="$(curl -s -4 "ipv4.icanhazip.com")" - if [[ -z "$EXTERNAL_IP" ]]; then - echo "[F] Cannot determine external IP address." - exit 3 - else - echo "[+] Using the detected external IP: ${EXTERNAL_IP}." - fi -fi - -if [ ! -z "$INTERNAL_IP" ]; then - echo "[+] Using the explicitly passed internal IP: ${INTERNAL_IP}." -else - INTERNAL_IP="$(ip -4 route get 8.8.8.8 | grep '^8\.8\.8\.8\s' | grep -Eo 'src\s+\d+\.\d+\.\d+\.\d+' | awk '{print $2}')" - if [[ -z "$INTERNAL_IP" ]]; then - echo "[F] Cannot determine internal IP address." - exit 4 - else - echo "[+] Using the detected internal IP: ${INTERNAL_IP}." - fi -fi - -echo "[*] Final configuration:" -I=1 -echo "$SECRET" | tr ',' '\n' | while read S; do - echo "[*] Secret $I: $S" - echo "[*] tg:// link for secret $I auto configuration: tg://proxy?server=${EXTERNAL_IP}&port=443&secret=${S}" - echo "[*] t.me link for secret $I: https://t.me/proxy?server=${EXTERNAL_IP}&port=443&secret=${S}" - I=$(($I+1)) -done - -[ ! -z "$TAG" ] && echo "[*] Tag: $TAG" || echo "[*] Tag: no tag" -echo "[*] External IP: ${EXTERNAL_IP}" -echo "[*] Make sure to fix the links in case you run the proxy on a different port." -echo -echo '[+] Starting proxy...' -sleep 1 - -# start mtproto-proxy -exec mtproto-proxy "$@" --aes-pwd ${REMOTE_SECRET} --user root ${REMOTE_CONFIG} --nat-info "$INTERNAL_IP:$EXTERNAL_IP" ${SECRET_CMD} ${TAG_CMD} \ No newline at end of file diff --git a/docker/mtproxy/patches/randr_compat.patch b/docker/mtproxy/patches/randr_compat.patch deleted file mode 100644 index fce9ca1..0000000 --- a/docker/mtproxy/patches/randr_compat.patch +++ /dev/null @@ -1,274 +0,0 @@ -Index: jobs/jobs.h -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- jobs/jobs.h (revision cdd348294d86e74442bb29bd6767e48321259bec) -+++ jobs/jobs.h (date 1527996954000) -@@ -28,6 +28,8 @@ - #include "net/net-msg.h" - #include "net/net-timers.h" - -+#include "common/randr_compat.h" -+ - #define __joblocked - #define __jobref - -Index: common/server-functions.c -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- common/server-functions.c (revision cdd348294d86e74442bb29bd6767e48321259bec) -+++ common/server-functions.c (date 1527998325000) -@@ -35,7 +35,9 @@ - #include - #include - #include -+#ifdef __GLIBC__ - #include -+#endif - #include - #include - #include -@@ -168,6 +170,7 @@ - } - - void print_backtrace (void) { -+#ifdef __GLIBC__ - void *buffer[64]; - int nptrs = backtrace (buffer, 64); - kwrite (2, "\n------- Stack Backtrace -------\n", 33); -@@ -178,6 +181,7 @@ - kwrite (2, s, strlen (s)); - kwrite (2, "\n", 1); - } -+#endif - } - - pthread_t debug_main_pthread_id; -Index: common/randr_compat.h -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- common/randr_compat.h (date 1527998264000) -+++ common/randr_compat.h (date 1527998264000) -@@ -0,0 +1,72 @@ -+/* -+ The GNU C Library is free software. See the file COPYING.LIB for copying -+ conditions, and LICENSES for notices about a few contributions that require -+ these additional notices to be distributed. License copyright years may be -+ listed using range notation, e.g., 2000-2011, indicating that every year in -+ the range, inclusive, is a copyrightable year that would otherwise be listed -+ individually. -+*/ -+ -+#pragma once -+ -+#include -+#include -+ -+struct drand48_data { -+ unsigned short int __x[3]; /* Current state. */ -+ unsigned short int __old_x[3]; /* Old state. */ -+ unsigned short int __c; /* Additive const. in congruential formula. */ -+ unsigned short int __init; /* Flag for initializing. */ -+ unsigned long long int __a; /* Factor in congruential formula. */ -+}; -+ -+union ieee754_double -+{ -+ double d; -+ -+ /* This is the IEEE 754 double-precision format. */ -+ struct -+ { -+#if __BYTE_ORDER == __BIG_ENDIAN -+ unsigned int negative:1; -+ unsigned int exponent:11; -+ /* Together these comprise the mantissa. */ -+ unsigned int mantissa0:20; -+ unsigned int mantissa1:32; -+#endif /* Big endian. */ -+#if __BYTE_ORDER == __LITTLE_ENDIAN -+ /* Together these comprise the mantissa. */ -+ unsigned int mantissa1:32; -+ unsigned int mantissa0:20; -+ unsigned int exponent:11; -+ unsigned int negative:1; -+#endif /* Little endian. */ -+ } ieee; -+ -+ /* This format makes it easier to see if a NaN is a signalling NaN. */ -+ struct -+ { -+#if __BYTE_ORDER == __BIG_ENDIAN -+ unsigned int negative:1; -+ unsigned int exponent:11; -+ unsigned int quiet_nan:1; -+ /* Together these comprise the mantissa. */ -+ unsigned int mantissa0:19; -+ unsigned int mantissa1:32; -+#else -+ /* Together these comprise the mantissa. */ -+ unsigned int mantissa1:32; -+ unsigned int mantissa0:19; -+ unsigned int quiet_nan:1; -+ unsigned int exponent:11; -+ unsigned int negative:1; -+#endif -+ } ieee_nan; -+}; -+ -+#define IEEE754_DOUBLE_BIAS 0x3ff /* Added to exponent. */ -+ -+int drand48_r (struct drand48_data *buffer, double *result); -+int lrand48_r (struct drand48_data *buffer, long int *result); -+int mrand48_r (struct drand48_data *buffer, long int *result); -+int srand48_r (long int seedval, struct drand48_data *buffer); -\ No newline at end of file -Index: Makefile -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- Makefile (revision cdd348294d86e74442bb29bd6767e48321259bec) -+++ Makefile (date 1527998107000) -@@ -40,6 +40,7 @@ - DEPENDENCE_NORM := $(subst ${OBJ}/,${DEP}/,$(patsubst %.o,%.d,${OBJECTS})) - - LIB_OBJS_NORMAL := \ -+ ${OBJ}/common/randr_compat.o \ - ${OBJ}/common/crc32c.o \ - ${OBJ}/common/pid.o \ - ${OBJ}/common/sha1.o \ -Index: common/randr_compat.c -IDEA additional info: -Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP -<+>UTF-8 -=================================================================== ---- common/randr_compat.c (date 1527998213000) -+++ common/randr_compat.c (date 1527998213000) -@@ -0,0 +1,120 @@ -+/* -+ The GNU C Library is free software. See the file COPYING.LIB for copying -+ conditions, and LICENSES for notices about a few contributions that require -+ these additional notices to be distributed. License copyright years may be -+ listed using range notation, e.g., 2000-2011, indicating that every year in -+ the range, inclusive, is a copyrightable year that would otherwise be listed -+ individually. -+*/ -+ -+#include -+#include "common/randr_compat.h" -+ -+int __drand48_iterate (unsigned short int xsubi[3], struct drand48_data *buffer) { -+ uint64_t X; -+ uint64_t result; -+ -+ /* Initialize buffer, if not yet done. */ -+ if (!buffer->__init == 0) -+ { -+ buffer->__a = 0x5deece66dull; -+ buffer->__c = 0xb; -+ buffer->__init = 1; -+ } -+ -+ /* Do the real work. We choose a data type which contains at least -+ 48 bits. Because we compute the modulus it does not care how -+ many bits really are computed. */ -+ -+ X = (uint64_t) xsubi[2] << 32 | (uint32_t) xsubi[1] << 16 | xsubi[0]; -+ -+ result = X * buffer->__a + buffer->__c; -+ -+ xsubi[0] = result & 0xffff; -+ xsubi[1] = (result >> 16) & 0xffff; -+ xsubi[2] = (result >> 32) & 0xffff; -+ -+ return 0; -+} -+ -+int __erand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, double *result) { -+ union ieee754_double temp; -+ -+ /* Compute next state. */ -+ if (__drand48_iterate (xsubi, buffer) < 0) -+ return -1; -+ -+ /* Construct a positive double with the 48 random bits distributed over -+ its fractional part so the resulting FP number is [0.0,1.0). */ -+ -+ temp.ieee.negative = 0; -+ temp.ieee.exponent = IEEE754_DOUBLE_BIAS; -+ temp.ieee.mantissa0 = (xsubi[2] << 4) | (xsubi[1] >> 12); -+ temp.ieee.mantissa1 = ((xsubi[1] & 0xfff) << 20) | (xsubi[0] << 4); -+ -+ /* Please note the lower 4 bits of mantissa1 are always 0. */ -+ *result = temp.d - 1.0; -+ -+ return 0; -+} -+ -+int __nrand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, long int *result) { -+ /* Compute next state. */ -+ if (__drand48_iterate (xsubi, buffer) < 0) -+ return -1; -+ -+ /* Store the result. */ -+ if (sizeof (unsigned short int) == 2) -+ *result = xsubi[2] << 15 | xsubi[1] >> 1; -+ else -+ *result = xsubi[2] >> 1; -+ -+ return 0; -+} -+ -+int __jrand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, long int *result) { -+ /* Compute next state. */ -+ if (__drand48_iterate (xsubi, buffer) < 0) -+ return -1; -+ -+ /* Store the result. */ -+ *result = (int32_t) ((xsubi[2] << 16) | xsubi[1]); -+ -+ return 0; -+} -+ -+int drand48_r (struct drand48_data *buffer, double *result) { -+ return __erand48_r (buffer->__x, buffer, result); -+} -+ -+int lrand48_r (struct drand48_data *buffer, long int *result) { -+ /* Be generous for the arguments, detect some errors. */ -+ if (buffer == NULL) -+ return -1; -+ -+ return __nrand48_r (buffer->__x, buffer, result); -+} -+ -+int mrand48_r (struct drand48_data *buffer, long int *result) { -+ /* Be generous for the arguments, detect some errors. */ -+ if (buffer == NULL) -+ return -1; -+ -+ return __jrand48_r (buffer->__x, buffer, result); -+} -+ -+int srand48_r (long int seedval, struct drand48_data *buffer) { -+ /* The standards say we only have 32 bits. */ -+ if (sizeof (long int) > 4) -+ seedval &= 0xffffffffl; -+ -+ buffer->__x[2] = seedval >> 16; -+ buffer->__x[1] = seedval & 0xffffl; -+ buffer->__x[0] = 0x330e; -+ -+ buffer->__a = 0x5deece66dull; -+ buffer->__c = 0xb; -+ buffer->__init = 1; -+ -+ return 0; -+} -\ No newline at end of file