Everything described below is the result of a technical experiment. The material is not advertising, does not call for any action, is provided for informational purposes only, and was prepared as part of research.

Abandoned official repository on GitHub

Main source of information: fork of the official repository on GitHub

Preparation

Install dependencies:

apt install git curl build-essential libssl-dev zlib1g-dev xxd

Clone the repository and enter it:

git clone https://github.com/GetPageSpeed/MTProxy && cd MTProxy

Compile and go to the directory with the executable:

make && cd objs/bin

Download Telegram service data:

curl -s https://core.telegram.org/getProxySecret -o ./proxy-secret && curl -s https://core.telegram.org/getProxyConfig -o ./proxy-multi.conf

Launch

Fake-TLS mode is considered the most resistant to blocking, so the traffic is disguised as it. In this example, “google.com” is used as the domain, but you can substitute any domain, for example the domain of a popular messenger that is not blocked, or your own site.

Generate a key:

DOMAIN="google.com" && RAW_HEX=$(head -c 16 /dev/urandom | xxd -ps) && HEX_DOMAIN=$(echo -n "$DOMAIN" | xxd -p) && FULL_SECRET="ee${RAW_HEX}${HEX_DOMAIN}" && echo -e "\n1. Raw key\n$RAW_HEX\n\n2. HEX domain ($DOMAIN):\n$HEX_DOMAIN\n\n3. Full key:\n$FULL_SECRET\n"

As a result, we get:

  1. Raw key:
  2. HEX domain (google.com):
  3. Full secret for Systemd and Telegram App:

Optional step for registering a sponsor channel (can be skipped):

  • go to MTProxybot
  • send the /newproxy command
  • send the server IP address and port in the ip_address:port format
  • send the raw key to @MTProxybot
  • receive a tag and a pair of proxy links; only the tag is needed.

Next, edit the configuration:

micro /etc/systemd/system/MTProxy.service

and insert the information into it (port 443 can be changed):

[Unit]
Description=Telegram MTProxy
After=network.target

[Service]
Type=simple
WorkingDirectory=/home/MTProxy
# Configuration update
ExecStartPre=/usr/bin/curl -s https://core.telegram.org/getProxySecret -o ./objs/bin/proxy-secret
ExecStartPre=/usr/bin/curl -s https://core.telegram.org/getProxyConfig -o ./objs/bin/proxy-multi.conf

# Proxy launch
ExecStart=/home/MTProxy/objs/bin/mtproto-proxy -u nobody -H 443 -S raw_key -D googel.com -P optional_MTProxybot_tag --aes-pwd ./objs/bin/proxy-secret ./objs/bin/proxy-multi.conf -M 1
Restart=on-failure

[Install]
WantedBy=multi-user.target

If you use your own site, specify the listening port, for example -D example-site.com:443.

Enable autostart and restart the service:

systemctl daemon-reload && systemctl enable MTProxy.service && systemctl restart MTProxy.service && systemctl status MTProxy.service

Add a daily service restart:

crontab -e

and add a restart line, for example at 3:00:

0 3 * * * /bin/systemctl restart MTProxy.service

For convenience, you can use a schedule generation service.

To build a working link, you need three parameters:

  • IP address
  • port (specified after -H)
  • full key (the one that starts with “ee”)

The final link is formed as:

https://t.me/proxy?server=IP_ADDRESS&port=PORT&secret=FULL_KEY

The generated link automatically adds the proxy when clicked.