"Na gaji wannan tashin hankali,
farawa da Zello mara kunya; LinkedIn
kuma yana ƙarewa da "kowa" akan dandalin Telegram
a duniya ta.Sannan ki huta,
Jami'in ya kara da cewa cikin gaggawa da babbar murya:
amma zan tsara abubuwa (a nan cikin IT)"
(...).
Durov, ya yi imanin cewa jihohi ne masu mulki da ya kamata su ji tsoronsa, cypherpunk, da Roskomnadzor da garkuwar zinariya tare da matattarar DPI ba su dame shi sosai.
(Dabaran Siyasa)
Manufofin fasaha na ya fi sauƙi, zan iya kwatanta tunanina game da toshe rashin kulawa a cikin Runet, amma na yi imani cewa 'yan ƙasa masu ci gaba na zamani na Rasha da masu amfani da Habr sun ji rashin kwarewa na gwamnatin yanzu a cikin fatar jikinsu, don haka zan iyakance kaina ga jumla guda ɗaya: manufarmu ta fasaha ita ce "Resistance Digital" . "samar da 'yan uwa da abokan arziki tabbataccen tashar sadarwa."
Ana tura MProto Proxy Telegram
- Matsayin fasaha na rikitarwa shine "mai sauƙi", idan, alal misali, kuna bin wannan takaddar yaudara.
- Matsayin amincin yana "sama matsakaici": hoton docker yana aiki da ƙarfi, baya buƙatar sake kunnawa kowace rana, kamar yadda masu haɓakawa suka rubuta a cikin takaddun Telegram ɗin su na hukuma, amma tabbas kwandon ya ƙunshi wasu lahani.
- Matsayin juriya / damuwa - 'yan ISIS 10 suna saƙa makircinsu "'yan uwa suna amfani da su", haramcin bai fito daga RKN ba ko da sau ɗaya a kowane lokaci (tun lokacin bazara).
- Matsayin amana shine "rashin amincewar jarirai na jama'a", matsala a gefen abokin ciniki (wasu abokai suna zargin MtprotoProxy na).
- Matakan Testosterone - "ba su yi girma ba."
- Kudin kuɗi - "0 ₽".
- Ladan kudi - "ba ya dogara da dan kasa Durov." Ƙaddamarwa - ikon ƙaddamar da talla.
Za mu haɓaka Proxy ɗin mu akan iyawar "kyauta / na sirri" na Amazon-ec2: t2.micro. na yi amfani mota.
Ok, shigar da uwar garken ku kyauta, je zuwa gidan yanar gizon hukuma kuma zazzage kwandon docker.
Babu buƙatar neman wani hoto, fayil, ko maɓallin sihiri - "ba su nan", duk sihirin ana yin su a cikin CLI:
$ docker pull telegrammessenger/proxy #образ скачан.Amma kafin "hakan", shigar da docker don CLI:
sudo apt-get install docker.io dockerBugu da ari, a cikin takaddun hukuma na MtprotoProxyTelegram, ana ba mu damar yin wani abu kamar haka, muna yin:
$ sudo su && docker run -d -p443:443 --name=mtproto-proxy --restart=always -v proxy-config:/data telegrammessenger/proxy:latest #запускаем наш контейнер «mtproto-proxy».
Bayan wannan umarni, kirtani na HEX za ta bayyana a cikin tashar tashar tashar, amma ba mu sha'awar shi.
Mun rubuta a cikin CLI:
$ docker logs mtproto-proxyKuma muna samun bayanan da ake buƙata:
A cikin fitowar wannan log ɗin, ana nuna mu (smeared):
A) ip uwar garken mu (ip na waje);
B) da sirrin bazuwar - kirtani bazuwar a cikin HEX.
Kafin yin rijistar MtproProxy ɗin mu, kuna buƙatar saita babban tacewar zaɓi akan iptables (komai yadda kuke tura zirga-zirga zuwa wannan VPC, zai zama mara kyau, tunda babban Tacewar zaɓi a cikin Amazon-EC2 yana cikin haɗin yanar gizo kuma yana da fifiko mafi girma akan. iptables).
Muna zuwa " Amazon-EC2" a cikin Ƙungiyar Tsaro da buɗe tashar jiragen ruwa mai shigowa 443 (mashin ma'ana a karon farko).
Muna ɗaukar bayanan "ip da sirri" daga log ɗin kuma je zuwa manzo na Telegram, nemo MTProxy Admin Bot (@MTProxybot) na hukuma kuma mu yi rajistar MtproProxy ɗin mu: gudanar da umarnin [/newproxy] kuma shigar da [our_ip:443], kuma sannan mu [asirin / HEX].
Idan kun yi rikici lokacin shigar da bayanai, bot ɗin zai yi fushi ya aika da ku zuwa ...
Idan kun cika layi biyu ba tare da kurakurai ba, zaku sami izini da hanyar haɗin aiki zuwa MtprotoProxyTelegram ɗinku na yanzu, wanda zaku iya rabawa tare da kowa.
Hakanan, ta wannan bot, zaku iya ƙara tashar tallafin ku (amma ba taɗi ba), inda zaku sanya ra'ayoyinku ga masu amfani waɗanda suka haɗa da sabar ku, ko kuma ba za ku iya "spam" ba kuma kada ku dame abokan cinikinku masu yuwuwa ba tare da. nuna tashar a cikin jerin manzo da aka liƙa.
Wasu 'yan ƙarin kalmomi game da bot, inda za ku iya buƙatar ƙididdiga, amma "kuma donut". A bayyane yake, "ƙididdiga" yana samuwa lokacin da kake da "taron masu kayatarwa" a bayanka Makhachkala.
Kulawa
Masu amfani nawa za mu iya haɗawa zuwa uwar garken mu? Kuma ko ta yaya, wane / menene? Menene? Kuma nawa?
Muna kallon abin da ke can bisa ga takaddun hukuma ... Ee, a nan, yi shi kamar haka:
$ curl http://localhost:2398/stats или вот так $ docker exec mtproto-proxy curl http://localhost:2398/stats # и нам выдадут статистику прямо в CLI."Kiyaye aljihunka mafi fadi" Dangane da umarnin da aka tsara, koyaushe za mu sami kuskure iri ɗaya:
«curl: (7) An kasa haɗi zuwa tashar jiragen ruwa na localhost 2398: Haɗin ya ƙi»
Wakilin mu zai yi aiki. Amma! Bagel, ba kididdigar da muke samu ba.
Kuna iya yin abubuwa don ja-ido: duba
$ netstat -an | grep 2398 и...Da farko na yi tunanin cewa wannan wata jamb ce a bayan masu haɓaka Telegram (kuma har yanzu ina tsammanin haka), sannan na sami mafita mai kyau na ɗan lokaci: goge Docker Container da fayil.
Daga baya, wani infa ya kama idona:
game da raye-rayen jihar na Roskomnadzor a kusa da "kididdiga".
“Mun toshe wasu wakilai na jama’a a kan sabar mu ta amfani da ma’ajin bayanai na aikin kashe gobara. Wannan aikin yana sa ido kan jeri tare da wakilai na jama'a kuma yana yin bayanan bayanai tare da su.
Tun daga wannan lokacin (wato, kusan kwana biyu kenan), babu adireshin IP ko ɗaya na wakilin mu na Rasha da aka toshe.
3. Mun gaya muku yadda ake yin wakili wanda kusan ba shi da lahani ga Roskomnadzor da raba rubutun don toshe wakilan jama'a.
- Sabunta kwandon docker na MTProto (ko daemon) zuwa sabon sigar: RKN yana ƙididdige tsoffin juzu'i ta tashar kididdigar, wanda aka ɗaure zuwa 0.0.0.0 kuma ta keɓance ta musamman ga Intanet gabaɗaya. Mafi kyau duk da haka, bude tashoshin da ake buƙata ta amfani da iptables, kuma rufe sauran (tuna cewa a cikin akwati na docker, ya kamata ku yi amfani da ka'idar GABA).
- Roskomnadzor sun koyi yadda ake zubar da zirga-zirga tuntuni: suna ganin buƙatu a cikin HTTP da SOCKS5 proxies, kuma suna ganin tsohuwar sigar MTProto proxy obfuscation.
Lokacin da abokan ciniki na wasu masu samar da irin wannan juji suka shigar da damar Telegram ta irin waɗannan wakilai, RKN yana ganin irin waɗannan buƙatun kuma nan da nan ya toshe waɗannan proxies. Haka yake ga MTProto proxy tare da tsohon obfuscation.
Magani: rarraba sirri kawai tare da dd a farkon zuwa abokan ciniki waɗanda suka haɗa zuwa wakili (babu buƙatar saka ƙarin haruffa dd a cikin saitunan mtproto proxy kanta). Wannan zai ba da damar sigar obfuscation wanda dumppiles ba zai iya ganowa ba.
Kuma babu HTTP ko SOCKS5 proxies.
- Daidaita, tare da taimakon wanda kowane mai mallakar telegram, wanda RKN ke dakatar da shi akai-akai, zai iya dakatar da toshewa gaba ɗaya (ko kusan gaba ɗaya) (kuma a lokaci guda tabbatar da cewa RKN yana kwance).
Rubutun da ke hana wakilan jama'a da ƙaramin littafin jagora don shi.
→
Wakilin mu shine Pro-Western, Ban gamu da wata matsala / toshewa ba a lokacin bazara da kwanakin bazara mai sanyi, shima bai ja hankalin wani aikin kirkira ba, don haka ban rasa taki ba kuma ban ƙara dd * prefix zuwa makullin.
Littafin "samun kididdigar / sa ido" bisa ga umarnin hukuma na MtprotoProxyTelegram ba ya aiki / tsufa, dole ne ku gyara hoton docker.
Mu gyara shi.
Har yanzu kwandon yana gudana:
$ docker stop mtproto-proxy #останавливаем наш запущенный docker-контейнер и запускаем новый образ с пропущенным флагом статистики
$ docker run --net=host --name=mtproto-proxy2 -d -p443:443 -v proxy-config:/data -e SECRET=ваш_предыдущий_секрет_hex telegrammessenger/proxy:latest
Mu duba kididdiga:
$ curl http://localhost:2398/stats
curl: (7) An kasa haɗawa zuwa tashar 0.0.0.0 2398: Haɗin ya ƙi
Har yanzu ba a samu kididdiga ba.!...
Nemo ID na kwandon docker:
$ docker ps
UMMARNIN SIFFOFIN KWANTA KWANTA YA KIRKIRA SUNAYEN MATSAYI TA SHAFIN
f423c209cfdc telegrammessenger/proxy: latest "/bin/sh -c '/bin/ba..." Kimanin awa daya da suka wuce Kusan minti daya 0.0.0.0:443->443/tcp mtproto-proxy2
Muna tafiya tare da takardar mu a cikin kwandon docker:
$ sudo docker exec -it f423c209cfdc /bin/bash
$ apt-get update
$ apt-get install nano
$ nano -$ run.sh
Kuma a cikin layin ƙarshe na rubutun "run.sh", ƙara tutar da ta ɓace:
«--http-stats»
"exec /usr/local/bin/mtproto-proxy -p 2398 -H 443 -M"$ WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-yaya-kuke-yi-u tushen $CONFIG --allow-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD"
Ƙara "-http-stats", wani abu kamar wannan yakamata yayi aiki:
«exec /usr/local/bin/mtproto-proxy -p 2398 --http-stats -H 443 -M "$WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-are-you-doing -u root $CONFIG --allow-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD»
Ctrl+o/Ctrl+x/Ctrl+d (ajiye/fita nano/kwandon fita).
Sake kunna kwandon docker ɗin mu:
$ docker restart mtproto-proxy2Komai, yanzu akan umarni:
$ curl http://localhost:2398/stats #получаем объемную статистику
Akwai "datti" da yawa a cikin ƙididdiga (1/3 na shi yana kan allon), ƙirƙirar lakabi:
$ echo "alias telega='curl localhost:2398/stats | grep -e total_special -e load_average_total'" >> .bashrc && bashMun sami abin da aka goge kwandon docker don: adadin haɗin da kaya:
$ telega
Akwatin Docker yana gudana, ƙididdiga suna juyawa.
An kashe albarkatun
Kamar yadda kake Stuart Redman, har ma kuna barin alama akan wando. Hoton Docker mai gudana yana barin babban sawun ƙafa.
Ba shi da ma'ana don bayyana fa'idodi da rashin amfani na hotunan docker, kwandon docker ƙaramin na'ura ne mai kama-da-wane wanda ke cinye ƙasa da albarkatu fiye da na'ura mai kama-da-wane, kamar VirtualBox, amma yana aikatawa.
1) An ƙaddamar da shi tare da ko ba tare da kididdigar hoto na docker ba, ana amfani da abokan ciniki biyu frolic ko goma - ana amfani da albarkatu ~ hanya ɗaya: 75% na duk aikin CPU t2.micro.
2) Muna kallon sa ido na uwar garken VPC:
Daga jadawalin amfani da albarkatu akan VPC, mun ga cewa kwandon docker yana cinye ~ 7,5% na jimlar max. Ayyukan CPU kuma a ranar 28 ga Mayu na dakatar da ni da gangan / na ɗan lokaci (Lura - OpenVPN & pptp suma suna gudana akan sabar).
Me yasa 10% akai-akai amfani da CPU ke iyakance ga wannan uwar garken?
Domin akwai ƙuntatawa daga Amazon EC2 kuma ana ƙididdige su a cikin ƙididdiga:
1 CPU credit = 1 CPU yana aiki akan nauyin 100% na minti daya, kuma muna da ƙididdiga 6 (wato, a kololuwa, 100% CPU amfani yana yiwuwa a cikin mintuna 6, sannan ƙarfin CPU zai ragu). Sauran haɗuwa: misali, 1 CPU credit = 1 CPU yana gudana a 50% lodi na minti biyu (watau za mu iya amfani da CPU a nauyin 50% na minti 12), ko, alal misali, 10% - th nauyin CPU a lokacin. dukan lokaci, da dai sauransu.
binciken
- Mu ne ɓangare na "Digital Resistance". Samar da “mahaifinsu da uwayensu” ingantaccen tashar sadarwa.
- Idan kuna da MtprotoProxyTelegram da OpenVPN da aka tura akan sabar, amma babu ƙari, ba za a sami jinkiri / pings / kasawa ba, amma idan kuna koyaushe gwaji tare da t2 / micro ɗinku, to ku jira birki na sadarwa.
- Pingina na ketare shine ~ 100-250ms, babu jinkiri a cikin sadarwar murya.
- Kudin kuɗi na duk "wannan" (gami da albarkatun VPC) = 0₽.
Sake buga labarin ku.
UPD: Godiya ga wasu masu amfani da habraus don sharhi masu amfani, haƙiƙa, yana yiwuwa (ana goyan bayan kididdigar?), Akwai ingantattun kwatancen hoton docker na Mtproto proxy Telegram.
source: www.habr.com