This post is being written because I set up an MTProto server for a friend in Russia who is concerned Telegram may be blocked soon after the country has decided to block uncensored western sites such as the BBC, Twitter, and Facebook and he is concerned Telegram may be next, but it is a good solution for bypassing blocking on a more local level. MTProto runs on any port you want, but using port 443 will disguise the outgoing connection to your server as ordinary HTTPS traffic – we will use port 443 in our guide.
You will need:
- A VPS/VM, low spec is OK (ours has 2GB of RAM and a dual core 2GHz processor, I think far less would be fine and is running Ubuntu 20.04, but any distro should be fine). Ours is with IONOS (https://ionos.co.uk – not sponsored).
- A domain if you wish to have a hostname for your server, you can just use the IP address of your server instead.
- This guide also includes aspects copied from Telegram’s MTProxy GitHub, but their guide wasn’t quite right so I have amended aspects of it here. Their GitHub repo is here: https://github.com/TelegramMessenger/MTProxy
This guide assumes your server is already configured and up to date, and that you don’t have any other services listening on the port you intend to use. It is OK to have multiple things on the server, I have a VPN server running on mine too on different ports.
1. Ensure you have the requisite dependencies installed to build MTProxy from source:
apt install git curl build-essential libssl-dev zlib1g-dev
On RHEL and RHEL derivatives (CentOS/Alma Linux/Rocky Linux etc):
yum install openssl-devel zlib-devel yum groupinstall "Development Tools"
2. Then clone the repo, and build:
git clone https://github.com/TelegramMessenger/MTProxy cd MTProxy make && cd objs/bin
Find your current directory using pwd (stands for print working directory) and make a note of it, you will need it later on:
The output for pwd for me is:
3. Configure MTProxy
Now you’ll need to obtain a secret from Telegram which is used to connect to Telegram’s servers:
curl -s https://core.telegram.org/getProxySecret -o proxy-secret
Now obtain the current Telegram configuration, Telegram’s GitHub says to update daily so we’ll set up a cron to do that later.
curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf
Next, generate a 16 character secret that you’ll use to authenticate users with your proxy server:
head -c 16 /dev/urandom | xxd -ps
Test the configuration by running MTProxy from the CLI.
./mtproto-proxy -u nobody -p 8888 -H 443 -S <secret> --aes-pwd proxy-secret proxy-multi.conf -M 1
From Telegram’s GitHub:
nobody is the username.
setuid() to drop privilegies.
443 is the port, used by clients to connect to the proxy.
8888 is the local port. You can use it to get statistics from
wget localhost:8888/stats. You can only get this stat via loopback.
<secret> is the secret generated at step 3. Also you can set multiple secrets:
-S <secret1> -S <secret2>.
proxy-multi.conf are obtained at steps 1 and 2.
1 is the number of workers. You can increase the number of workers, if you have a powerful server.
4. Test the server
Then connect to the server to test by typing this into a web browser and allowing it to open in Telegram:
For bypassing censorship, I would suggest appending the secret (e.g; dd94e5233dd994526b3ad95adf0ec79648) with dd to use Telegram’s random padding mode (“Due to some ISPs detecting MTProxy by packet sizes, random padding is added to packets if such mode is enabled.”).
If it works, press CTRL+C to terminate, and now we can get to creating a service to keep this running permanently:
5. Create a service
Next we will copy MTProxy into /opt (the default directory for unbundled packages), you will need the directory you made a note of in step 2.
mkdir /opt/MTProxy cp /root/MTProxy/objs/bin/* /opt/MTProxy/
Create systemd service file:
Edit this basic service (especially paths and params):
[Unit] Description=MTProxy After=network.target [Service] Type=simple WorkingDirectory=/opt/MTProxy ExecStart=/opt/MTProxy/mtproto-proxy -u nobody -p 8888 -H 443 -S <SECRET> --aes-pwd proxy-secret proxy-multi.conf -M 1 Restart=on-failure [Install] WantedBy=multi-user.target
Test fresh MTProxy service:
systemctl restart MTProxy.service # Check status, it should be active systemctl status MTProxy.service
Enable it, to autostart service after reboot:
systemctl enable MTProxy.service
6. Automate fetching Telegram configuration and restarting the service
The last step is to automate fetching Telegram configuration (mentioned in step 3).
Paste in the following:
#!/bin/bash # Script to fetch proxy-multi.conf cd /opt/MTProxy curl https://core.telegram.org/getProxyConfig > proxy-multi.conf systemctl restart MTProxy.service
Then add the cronjob (it will run at midnight every day):
Open your crontab file in the interactive editor (on Ubuntu it allows you to pick an editor, but some distros will make you use VI/VIM):
Then paste the following line into the file:
0 0 * * * /bin/bash /opt/MTProxy/proxy-multi.sh
Now you’re done!