"Ndinatengera chisokonezo ichi,
kuyambira ndi Zello wopanda manyazi; LinkedIn
ndikumaliza ndi "wina aliyense" papulatifomu ya Telegraph
mβdziko langa.Kenako hiccup,
Mkuluyo anawonjezera mwachangu komanso mokweza kuti:
koma ndikonza zinthu (pano mu IT)"
(...).
Durov, moyenerera amakhulupirira kuti ndi mayiko aulamuliro omwe ayenera kumuwopa, cypherpunk, Roskomnadzor ndi zishango zagolide ndi zosefera zawo za DPI sizimamuvutitsa.
(Njira zandale)
Ndondomeko yanga yaukadaulo ndiyosavuta, nditha kufotokozera pano malingaliro anga pakutsekereza mosasamala ku Runet, koma ndikukhulupirira kuti nzika zopita patsogolo za ogwiritsa ntchito Russian ndi Habr Zamakono zamva kusachita bwino kwa boma lomwe lilipo pakhungu lawo, kotero ndidzichepetsera ndekha. mawu amodzi: ndondomeko yathu yaukadaulo ndi "Digital Resistance" . "kupatsa achibale ndi abwenzi njira yolumikizirana yokhazikika."
Kutumiza MTProto proxy Telegraph
- Mulingo waukadaulo wazovuta ndi "zosavuta", ngati, mwachitsanzo, mumatsatira pepala lachinyengoli.
- Mulingo wodalirika ndi "pamwamba pa avareji": chithunzi cha docker chimagwira ntchito mokhazikika, sichiyenera kuyambiranso tsiku lililonse, monga momwe opanga adalembera muzolemba zawo za Telegraph, koma chidebecho mwina chili ndi zovuta zina.
- Mlingo wa kukana / nkhawa - mamembala a 10 a ISIS akuluka chiwembu chawo "achibale amachigwiritsa ntchito", chiletsocho sichinachokere ku RKN ngakhale kamodzi nthawi zonse (kuyambira masika).
- Kudalirana ndi "kusakhulupirira kwa ana pagulu", vuto kumbali ya kasitomala (abwenzi ena amandikayikira MtprotoProxy yanga).
- Miyezo ya Testosterone - "sanakwere."
- Ndalama zachuma - "0β½".
- Malipiro a zachuma - "sikudalira nzika Durov." Kutsatsa - kuthekera kokakamiza kutsatsa.
Tikweza TelegraphProxy yathu pazaulere "zaulere / zaumwini" za Amazon-ec2: t2.micro. Ndinagwiritsa ntchito galimoto.
Chabwino, tumizani seva yanu yaulere, pitani patsamba lovomerezeka ndikutsitsa chidebe cha docker.
Palibe chifukwa choyang'ana chithunzi, fayilo, kapena batani lamatsenga - "iwo kulibe", matsenga onse amachitika mu CLI:
$ docker pull telegrammessenger/proxy #ΠΎΠ±ΡΠ°Π· ΡΠΊΠ°ΡΠ°Π½.Koma "zisanachitike", yikani docker ya CLI:
sudo apt-get install docker.io dockerKupitilira apo, muzolemba zovomerezeka za MtprotoProxyTelegram, tapatsidwa kuti tichite izi, timachita:
$ sudo su && docker run -d -p443:443 --name=mtproto-proxy --restart=always -v proxy-config:/data telegrammessenger/proxy:latest #Π·Π°ΠΏΡΡΠΊΠ°Π΅ΠΌ Π½Π°Ρ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅Ρ Β«mtproto-proxyΒ».
Pambuyo pa lamuloli, chingwe cha HEX chidzawonekera pazotuluka, koma sitili ndi chidwi nazo.
Timalemba mu CLI:
$ docker logs mtproto-proxyNdipo timapeza zofunikira:
Pazotulutsa za chipikachi, tikuwonetsedwa (zopaka):
A) seva yathu ip (seva yakunja ip);
B) ndi chinsinsi mwachisawawa - chingwe chosasinthika mu HEX.
Musanalembetse MtproProxy yathu, muyenera kukonza ma firewall pa ma iptables (mosasamala kanthu momwe mungawongolere magalimoto ku VPC iyi, idzakhala yopanda pake, chifukwa chowotcha moto chachikulu ku Amazon-EC2 chili pa intaneti ndipo chimakhala chofunikira kwambiri. iptables).
Tikupita ku" Amazon-EC2" mu Gulu la Chitetezo ndikutsegula doko 443 (zomveka masking kwa nthawi yoyamba).
Timatenga zidziwitso zathu za "ip ndi chinsinsi" pa chipikacho ndikupita kwa messenger wa Telegraph, pezani boma la MTProxy Admin Bot (@MTProxybot) ndikulembetsa MtproProxy yathu: yendetsani [/newproxy] lamulo ndikulowetsa [our_ip:443], ndi ndiye wathu [chinsinsi /HEX].
Mukasokoneza mukalowetsa data, bot imakwiya ndikukutumizani ku ...
Mukadzaza mizere iwiri popanda zolakwika, mudzalandira chivomerezo ndi ulalo wogwira ntchito ku MtprotoProxyTelegram yanu yamakono, yomwe mutha kugawana ndi aliyense.
Komanso, kudzera mu bot iyi, mutha kuwonjezera njira yanu yothandizira (koma osati macheza), komwe mungakakamize malingaliro anu kwa ogwiritsa ntchito omwe alumikizidwa ndi seva yanu, kapena simungathe "spam" komanso osasokoneza makasitomala anu kuwonetsa tchanelo mumndandanda wa amithenga wokhomedwa.
Mawu ochepa okhudza bot, komwe mungapemphe ziwerengero, koma "komanso donut". Mwachiwonekere, "chiwerengero" chimapezeka mukakhala ndi "khamu la anthu omasuka" kumbuyo kwanu Makhachkala.
Kuwunikira
Ndi ogwiritsa angati omwe tingalumikizane ndi seva yathu? Ndipo komabe, ndani / ndi chiyani? Chani? Ndipo angati?
Timayang'ana zomwe zilipo molingana ndi zolemba zovomerezeka ... Inde, apa, chitani chonchi:
$ curl http://localhost:2398/stats ΠΈΠ»ΠΈ Π²ΠΎΡ ΡΠ°ΠΊ $ docker exec mtproto-proxy curl http://localhost:2398/stats # ΠΈ Π½Π°ΠΌ Π²ΡΠ΄Π°Π΄ΡΡ ΡΡΠ°ΡΠΈΡΡΠΈΠΊΡ ΠΏΡΡΠΌΠΎ Π² CLI."Sungani thumba lanu mokulirapo" Malinga ndi malamulo omwe aperekedwa, tidzalandira cholakwika chofananira nthawi zonse:
Β«kupindika: (7) Yalephera kulumikiza ku doko la localhost 2398: Kulumikizana kwakanaΒ»
Woyimira wathu adzagwira ntchito. Koma! Bagel, osati ziwerengero zomwe timapeza.
Mutha kuchita zinthu zamaso ofiira: fufuzani
$ netstat -an | grep 2398 ΠΈ...Poyamba ndimaganiza kuti iyi inali jamb ina kumbuyo kwa opanga Telegraph (ndipo ndikuganizabe), ndiye ndidapeza yankho labwino kwakanthawi: pukutani Docker Container ndi fayilo.
Pambuyo pake, mwana wakhanda adandigwira:
za kuvina kwa boma la Roskomnadzor mozungulira "mawerengero".
"Taletsa ena mwa ma proxies pa seva yathu pogwiritsa ntchito nkhokwe za polojekiti ya firehol. Pulojekitiyi imayang'anira mndandanda wa ma proxies agulu ndikupanga ma database nawo.
Kuyambira nthawi imeneyo (ndiko kuti, pafupifupi masiku awiri kale), palibe adilesi imodzi ya IP ya projekiti yathu yaku Russia yomwe yatsekedwa.
3. Tikukuuzani momwe mungapangire proxy yomwe ili pafupi ndi Roskomnadzor ndikugawana script yoletsa ma proxies a anthu.
- Sinthani chotengera cha MTProto proxy docker (kapena daemon) kukhala mtundu waposachedwa: RKN imawerengera zomasulira zakale ndi doko la ziwerengero, lomwe linali lokhazikika ku 0.0.0.0 ndikudzizindikiritsa yokha pa intaneti yonse. Zabwino kwambiri, tsegulani madoko ofunikira pogwiritsa ntchito iptables, ndikutseka zotsalazo (kumbukirani kuti ngati muli ndi chidebe cha docker, muyenera kugwiritsa ntchito lamulo la FORWARD).
- Roskomnadzor adaphunzira kutaya magalimoto kalekale: amawona zopempha mkati mwa ma proxies a HTTP ndi SOCKS5, komanso amawona mtundu wakale wa MTProto proxy obfuscation.
Makasitomala a ena omwe ali ndi zotayira zotere akayika mwayi wofikira Telegalamu kudzera pa ma proxies oterowo, RKN imawona zopempha zotere ndipo nthawi yomweyo imatsekereza ma proxies. Zomwezo zimapitanso kwa MTProto proxy ndi obfuscation yakale.
Yankho: gawani chinsinsi kokha ndi dd koyambirira kwa makasitomala omwe amalumikizana ndi projekiti (palibe chifukwa chofotokozera zilembo zowonjezera dd pazokonda za proxy ya mtproto). Izi zipangitsa mtundu wa obfuscation womwe dumppiles sangazindikire.
Ndipo palibe ma proxies a HTTP kapena SOCKS5.
- Kusintha, mothandizidwa ndi mwiniwake aliyense wa telegram proxy, yemwe nthawi zonse amaletsedwa ndi RKN, akhoza kwathunthu (kapena pafupifupi kwathunthu) kusiya kutsekereza (ndipo nthawi yomweyo onetsetsani kuti RKN ikunama).
Script yomwe imaletsa ma proxies a anthu onse ndi kabuku kakang'ono ka izo.
β
Woyimira wathu ndi pro-Western, sindinakumane ndi zovuta / zotsekeka m'masiku achisanu ndi chilimwe, sizimakopanso ntchito yolenga, chifukwa chake sindinataye liwiro ndipo sindinawonjezere mawu oyamba a dd * kiyi.
Buku loti "kupeza ziwerengero / kuyang'anira" malinga ndi malangizo a MtprotoProxyTelegram silikugwira ntchito / lachikale, muyenera kukonza chithunzi cha docker.
Timakonza.
Chotengera chikugwirabe ntchito:
$ docker stop mtproto-proxy #ΠΎΡΡΠ°Π½Π°Π²Π»ΠΈΠ²Π°Π΅ΠΌ Π½Π°Ρ Π·Π°ΠΏΡΡΠ΅Π½Π½ΡΠΉ docker-ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅Ρ ΠΈ Π·Π°ΠΏΡΡΠΊΠ°Π΅ΠΌ Π½ΠΎΠ²ΡΠΉ ΠΎΠ±ΡΠ°Π· Ρ ΠΏΡΠΎΠΏΡΡΠ΅Π½Π½ΡΠΌ ΡΠ»Π°Π³ΠΎΠΌ ΡΡΠ°ΡΠΈΡΡΠΈΠΊΠΈ
$ docker run --net=host --name=mtproto-proxy2 -d -p443:443 -v proxy-config:/data -e SECRET=Π²Π°Ρ_ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠΈΠΉ_ΡΠ΅ΠΊΡΠ΅Ρ_hex telegrammessenger/proxy:latest
Tiyeni tiwone ziwerengero:
$ curl http://localhost:2398/stats
kupindika: (7) Kulephera kulumikiza ku doko la 0.0.0.0 2398: Kulumikizana kwakana
Ziwerengero sizikupezekabe.!..
Dziwani ID ya chotengera cha docker:
$ docker ps
CONTAINER ID IMAGE COMMAND ANAPANGITSA MAJINA AMAdoko
f423c209cfdc telegrammessenger/proxy:posachedwa "/bin/sh -c '/bin/ba..." Pafupifupi ola lapitalo Pafupifupi mphindi imodzi 0.0.0.0:443->443/tcp mtproto-proxy2
Timapita ndi charter yathu mkati mwa chidebe cha docker:
$ sudo docker exec -it f423c209cfdc /bin/bash
$ apt-get update
$ apt-get install nano
$ nano -$ run.sh
Ndipo pamzere womaliza wa "run.sh" script, onjezani mbendera yosowa:
Β«--http-ziwerengeroΒ»
"exec /usr/local/bin/mtproto-proxy -p 2398 -H 443 -M "$ WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-are-you-doing -u muzu $CONFIG --lolera-dumpha-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD"
Onjezani "--http-stats", china chake chonga ichi chiyenera kugwira ntchito:
Β«exec /usr/local/bin/mtproto-proxy -p 2398 --http-stats -H 443 -M "$WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-are-you-doing -u root $CONFIG --allow-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMDΒ»
Ctrl+o/Ctrl+x/Ctrl+d (sungani/tulukani nano/tulukani).
Yambitsaninso chidebe chathu cha docker:
$ docker restart mtproto-proxy2Chilichonse, tsopano pakulamula:
$ curl http://localhost:2398/stats #ΠΏΠΎΠ»ΡΡΠ°Π΅ΠΌ ΠΎΠ±ΡΠ΅ΠΌΠ½ΡΡ ΡΡΠ°ΡΠΈΡΡΠΈΠΊΡ
Pali "zinyalala" zambiri pamawerengero (1/3 yake ili pazenera), pangani dzina:
$ echo "alias telega='curl localhost:2398/stats | grep -e total_special -e load_average_total'" >> .bashrc && bashTimapeza zomwe chidebe cha docker chinapukutidwa: kuchuluka kwa zolumikizira ndi katundu:
$ telega
Chidebe cha Docker chikuyenda, ziwerengero zikuzungulira.
Zida zogwiritsidwa ntchito
Monga momwe mulili Stuart Redman, ngakhale mumasiya chizindikiro pamapazi anu. Chithunzi chothamanga cha Docker chimasiya chopondapo chachikulu.
Palibe zomveka kufotokoza ubwino ndi kuipa kwa zithunzi za docker, chidebe cha docker ndi makina a mini-virtual omwe amawononga zinthu zochepa kusiyana ndi makina enieni " enieni", monga VirtualBox, koma amatero.
1) Kukhazikitsidwa ndi kapena popanda ziwerengero zazithunzi za docker, makasitomala awiri amangoyenda kapena khumi - zothandizira zimagwiritsidwa ntchito ~ mwanjira yomweyo: 75% ya magwiridwe onse a CPU t2.micro.
2) Timayang'ana kuwunika kwa seva ya VPC:
Kuchokera pazithunzi zogwiritsira ntchito zida pa VPC, tikuwona kuti chidebe cha docker chimadya ~ 7,5% ya kuchuluka konse. Kuchita kwa CPU ndipo pa Meyi 28 kudayimitsidwa ndi ine mwadala / kwakanthawi (Zindikirani - OpenVPN & pppp ikugwiranso ntchito pa seva).
Chifukwa chiyani 10% yogwiritsa ntchito CPU nthawi zonse ndi malire a seva iyi?
Chifukwa pali zoletsa kuchokera ku Amazon EC2 ndipo amawerengeredwa mu ngongole:
1 CPU ngongole = 1 CPU ikugwira ntchito pa 100% katundu kwa mphindi imodzi, ndipo tili ndi ngongole 6 (ndiko kuti, pamtunda, 100% kugwiritsa ntchito CPU ndizotheka mkati mwa mphindi 6, ndiyeno mphamvu ya CPU idzachepa). Kuphatikiza kwina: mwachitsanzo, 1 CPU ngongole = 1 CPU ikuyenda pa 50% katundu kwa mphindi ziwiri (i.e. titha kugwiritsa ntchito CPU pa 50% katundu kwa mphindi 12), kapena, mwachitsanzo, 10% - th CPU katundu nthawi zonse. nthawi zonse, etc.
anapezazo
- Ndife gawo la "Digital Resistance". Anapatsa "abambo ndi amayi" awo njira yodalirika yolumikizirana.
- Ngati muli ndi MtprotoProxyTelegram ndi OpenVPN zotumizidwa pa seva, koma palibenso, sipadzakhala kuchedwa / pings / zolephera, koma ngati mukuyesera t2 / micro yanu nthawi zonse, dikirani mabuleki olankhulana.
- Ping yanga yakunja ndi ~ 100-250ms, palibe kuchedwa mukulankhulana kwamawu.
- Ndalama zandalama za "izi" zonse (kuphatikiza zida za VPC) = 0β½.
Kusindikizanso nkhani yanu.
UPD: Chifukwa cha ma habrausers ena chifukwa cha ndemanga zothandiza, ndithudi, ndizotheka (kodi ziwerengero zimathandizidwa?), Pali zofananira bwino za chithunzi chovomerezeka cha Mtproto Telegraph docker.
Source: www.habr.com