Kuendesa yako MProxy Telegraph ine nhamba

"Ndagarwa nhaka iyi,
kutanga naZello asina nyadzi; LinkedIn
uye kupera ne "munhu wese" pachikuva cheTeregiramu
munyika yangu.

Uye ipapo hiccup,
Mukuru wacho akawedzera nekukasira uye nenzwi guru:
asi ini ndichagadzirisa zvinhu (pano muIT)"
(...).

Durov, anotenda nenzira yakarurama kuti ihurumende dzehurumende dzinofanira kumutya, cypherpunk, uye Roskomnadzor nenhovo dzegoridhe dzine DPI mafirita hazvimutambudzi.
(Political technique)

Yangu tekinoroji mutemo yakareruka, ndinogona kutsanangura pano pfungwa dzangu pamusoro pekuvhara zvisina hanya muRunet, asi ndinotenda kuti vanofambira mberi vagari vemazuva ano Russian uye Habr vanoshandisa vakanzwa unprofessionalism yehurumende iripo muganda ravo, saka ini ndichagumira pachangu. mutsara mumwe chete: yedu yehunyanzvi mutemo ndeye "Digital Resistance" . "kupa hama neshamwari nzira yakagadzikana yekukurukurirana."

Kuendesa MTProto proxy Telegraph

• Iyo tekinoroji yenhanho yekuoma "nyore", kana, semuenzaniso, iwe uchitevera iyi cheat sheet.
• Chiyero chekuvimbika chiri "pamusoro peavhareji": iyo docker chifananidzo chinoshanda zvakatsiga, haidi kutangwazve zuva rega rega, sekunyora kwakaita vagadziri mune yavo yepamutemo Telegraph zvinyorwa, asi mudziyo ungangove uine humwe hudziviriro.
• Chiyero chekupikisa / kuzvidya mwoyo - 10 nhengo dzeISIS dziri kuruka mazano avo "hama dzinoshandisa", kurambidzwa hakuna kubva kuRKN kunyange kamwe chete nguva dzose (kubvira muchirimo).
• The trust level ndeye "public baby kusavimbika", dambudziko kudivi remutengi (dzimwe shamwari dziri kufungidzira nezveMtprotoProxy yangu).
• Testosterone mazinga - "haana kuwedzera."
• Mari yemari - "0₽".
• Mubayiro wezvemari - "hautsamiri kune mugari Durov." Kusimudzira - kugona kumanikidza kushambadza.

Isu tichasimudza yedu TelegraphProxy pane "yemahara / yemunhu" hunyanzvi hweAmazon-ec2: t2.micro. Ndakashandisa izvi motokari.

Zvakanaka, tumira sevha yako yemahara, enda kune webhusaiti yepamutemo dockerhub uye tora docker mudziyo.

Hapana chikonzero chekutsvaga imwe mufananidzo, faira, kana bhatani remashiripiti - "havapo", ese mashiripiti anoitwa muCLI:

$ docker pull telegrammessenger/proxy #образ скачан.

Asi zvisati zvaitika "izvo", isa docker yeCLI:

sudo apt-get install docker.io docker

Kupfuurirazve, mune zviri pamutemo zvinyorwa zveMtprotoProxyTelegram, isu tinopihwa kuita chimwe chinhu sechinotevera, tinoita:

$ sudo su && docker run -d -p443:443 --name=mtproto-proxy --restart=always -v proxy-config:/data telegrammessenger/proxy:latest #запускаем наш контейнер «mtproto-proxy».

Mushure memurairo uyu, tambo yeHEX ichaonekwa mune inobuda, asi isu hatisi kuifarira.

Isu tinonyora muCLI:

$ docker logs mtproto-proxy

Uye isu tinowana iyo data inodiwa:

Mukubuda kweiyi log, tinoratidzwa (smeared):

A) server yedu ip (yekunze server ip);
B) uye chakavanzika chisina kujairika - tambo isina kurongeka muHEX.

Usati wanyoresa MtproProxy yedu, unofanirwa kugadzirisa iyo huru firewall pamusoro peiptables (zvisinei kuti unoendesa sei traffic kune iyi VPC, ichange iine hutsinye, sezvo main firewall muAmazon-EC2 iri muwebhu interface uye ine yepamusoro pekutanga. iptables).

Tinoenda ku "kunyaradza Amazon-EC2" muChengetedzo Boka uye yakavhura inouya port 443 (inonzwisisika masking traffic kekutanga).

Isu tinotora yedu "ip uye yakavanzika" data kubva kurogi toenda kumutumwa weTeregiramu, tsvaga iyo yepamutemo MTProxy Admin Bot (@MTProxybot) uye nyoresa MtproProxy yedu: mhanyisa [/newproxy] kuraira uye pinda [yedu_ip:443], uye ipapo yedu [chakavanzika /HEX].

Kana iwe ukakanganisa paunenge uchipinda data, iyo bot inotsamwa uye inokutumira ku ...

Kana iwe ukazadza mitsara miviri pasina zvikanganiso, iwe unogashira mvumo uye chinongedzo chekushanda kune yako yazvino MtprotoProxyTelegram, iyo yaunogona kugovera chero munhu.

Zvakare, kuburikidza nebhoti iyi, unogona kuwedzera chiteshi chako chekutsigira (asi kwete chat), kwaunomanikidza maonero ako kune vashandisi vakabatana neserver yako, kana kuti haugone "spam" uye kusanetsa kuve vatengi vako vasina. kuratidza chiteshi mune yakapiniwa messenger list.

Mamwe mazwi mashoma nezve bot, kwaunogona kukumbira nhamba, asi "uyewo donut". Sezviri pachena, "nhamba" inowanikwa kana uine "boka revanhu vakasununguka" shure kwako Makhachkala.

Kuongorora

Vangani vashandisi vatinogona kubatanidza kune server yedu? Uye zvakadaro, ndiani / chii chiripo? Chii? Uye vangani?

Isu tinotarisa izvo zviripo maererano nezviri pamutemo zvinyorwa ... Hongu, pano, ita seizvi:

$ curl http://localhost:2398/stats или вот так $ docker exec mtproto-proxy curl http://localhost:2398/stats # и нам выдадут статистику прямо в CLI.

"Chengetedza homwe yako yakafara" Zvinoenderana nemirairo yakatsanangurwa, isu tinogara tichigamuchira chikanganiso chakafanana:

«curl: (7) Yakundikana kubatana kune localhost port 2398: Kubatana kwaramba»

Yedu proxy ichashanda. Asi! Bagel, kwete nhamba dzatinowana.

Iwe unogona kuita zvinhu kune dzvuku-maziso: cheki

$ netstat -an | grep 2398 и...

Pakutanga ndakafunga kuti iyi yaive imwe jamb kuseri kwevagadziri veTeregiramu (uye ndichiri kufunga kudaro), ipapo ndakawana mhinduro yakanaka yenguva pfupi: pukuta Docker Container ine faira.

Gare gare, imwe infa yakabata ziso rangu:

nezvemadhanzi ehurumende eRoskomnadzor akatenderedza "nhamba".

“Takavharira mamwe maproxies everuzhinji pamaseva edu tichishandisa dhatabhesi rechirongwa chefirehol. Iyi purojekiti inotarisisa mazita nema proxies eruzhinji uye inoita dhatabhesi navo.

Kubva panguva iyoyo (kureva, anenge mazuva maviri atove), hapana kana imwe kero yeIP yemumiriri wedu weRussia yakavharwa.

3. Tinokuudza kuti ungaita sei proxy inenge isingasviki kuRoskomnadzor uye kugovera script yekuvhara ma proxies evanhu.

- Gadziridza mudziyo weMTrototo proxy docker (kana daemon) kune yazvino vhezheni: RKN inoverengera shanduro dzekare nechiteshi chezviverengero, icho chaisungirirwa ku0.0.0.0 uye chakazvizivisa pachacho paInternet yese. Zvichiri nani, vhura zviteshi zvinodiwa uchishandisa iptables, uye uvhare zvakasara (rangarira kuti kana iri docker mudziyo, unofanirwa kushandisa iyo FORWARD mutemo).

- Roskomnadzor vakadzidza nzira yekurasa traffic kare: vanoona mafoni mukati meHTTP uye SOCKS5 proxies, uye ivo zvakare vanoona iyo yekare vhezheni yeMTrototo proxy obfuscation.

Kana vatengi vevamwe vanopa vane marara akadaro vakaisa kuwana Telegraph kuburikidza nemaproxies akadaro, iyo RKN inoona zvikumbiro zvakadaro uye nekukasika inovhara aya maproxies. Izvo zvakafanana zvinoenda kune MTProto proxy ine yekare obfuscation.

Mhinduro: govera chakavanzika chete nedd pakutanga kune vatengi vanobatana neiyo proxy (hapana chikonzero chekutsanangura mamwe mavara dd mumaseting eiyo mtproto proxy pachayo). Izvi zvinogonesa shanduro ye obfuscation iyo dumppiles isingakwanisi kuona.

Uye hapana HTTP kana SOCKS5 proxies.

- Kugadziriswa, nerubatsiro rwekuti muridzi wega wega weteregiramu proxy, uyo anogara achirambidzwa neRKN, anogona zvachose (kana kuti anenge akazara) kurega kuvhara (uye panguva imwechete kuve nechokwadi chokuti RKN iri kureva nhema).

Chinyorwa chinorambidza veruzhinji ma proxi uye kabhuku kadiki kwaro.

→ Chinhu

Yedu proxy ndeye pro-Western, ini handina kusangana nematambudziko / blockages panguva yechirimo uye inotonhorera yezhizha mazuva, haina kukwezva basa rekugadzira, saka handina kurasikirwa nekumhanya uye handina kuwedzera dd * prefix ku. kiyi.

Bhuku re "kuwana nhamba / kutarisa" maererano nemirairo yepamutemo yeMtprotoProxyTelegram haisi kushanda / yekare, uchafanirwa kugadzirisa mufananidzo wedocker.

Tinozvigadzirisa.

Mugaba uchiri kushanda:

$ docker stop mtproto-proxy #останавливаем наш запущенный docker-контейнер и запускаем новый образ с пропущенным флагом статистики

$ docker run --net=host --name=mtproto-proxy2 -d -p443:443 -v proxy-config:/data -e SECRET=ваш_предыдущий_секрет_hex telegrammessenger/proxy:latest

Ngationgororei nhamba:

$ curl http://localhost:2398/stats

curl: (7) Yakundikana kubatana ne 0.0.0.0 port 2398: Kubatana kwakaramba
Statistics haisati yavapo.!..

Tsvaga iyo ID yedocker mudziyo:

$ docker ps

CONTAINER ID MUFANANIDZO MURAIRO WAKASAKA STATUS PORTS MAZITA
f423c209cfdc telegrammessenger/proxy:zvino "/bin/sh -c '/bin/ba..." Inenge awa imwe yapfuura Kumusoro Inenge miniti imwe 0.0.0.0:443->443/tcp mtproto-proxy2

Isu tinoenda nechata chedu mukati meiyo docker mudziyo:

$ sudo docker exec -it f423c209cfdc /bin/bash

$ apt-get update
$ apt-get install nano
$ nano -$ run.sh

Uye mumutsetse wekupedzisira we "run.sh" script, wedzera mureza usipo:

«--http-stats»
"Exec /usr/local/bin/mtproto-proxy -p 2398 -H 443 -M "$ WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-iwe-you-doing -u mudzi $CONFIG --bvumira-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD"

Wedzera "--http-stats", chimwe chinhu chakadai chinofanira kushanda:

«exec /usr/local/bin/mtproto-proxy -p 2398 --http-stats -H 443 -M "$WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-are-you-doing -u root $CONFIG --allow-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD»

Ctrl+o/Ctrl+x/Ctrl+d (sevha/buda nano/kubuda mugaba).

Tangazve yedu docker mudziyo:

$ docker restart mtproto-proxy2

Zvese, zvino pakuraira:

$ curl http://localhost:2398/stats #получаем объемную статистику

Kune akawanda "marara" muhuwandu (1/3 yacho iri pachiratidziro), gadzira alias:

$ echo "alias telega='curl localhost:2398/stats | grep -e total_special -e load_average_total'" >> .bashrc && bash

Isu tinowana izvo iyo docker yakakwenenzverwa: nhamba yekubatanidza uye mutoro:

$ telega

Iyo Docker mudziyo uri kushanda, iwo manhamba ari kutenderera.

Zviwanikwa zvakashandiswa

Sezvinotonhorera sezvauri Stuart Redman, kunyangwe iwe unosiya mucherechedzo pamapanty ako. Mufananidzo unomhanya weDocker unosiya tsoka hombe.

Izvo hazvina musoro kutsanangura mabhenefiti uye kuipa kwemifananidzo yedocker, docker mudziyo uri mini-virtual muchina unoshandisa zvishoma zviwanikwa pane "chaiwo" chaiwo muchina, senge VirtualBox, asi inodaro.

1) Yakatangwa kana isina docker-image statistics, vatengi vaviri vanotamba kana gumi - zviwanikwa zvinoshandiswa ~ nenzira imwechete: 75% yeCPU yese t2.micro performance.

2) Isu tinotarisa kutarisa kweVPC server:

Kubva pane zviwanikwa zvekushandisa girafu paVPC, tinoona kuti docker mudziyo unogara uchidya ~ 7,5% yehuwandu hwese. CPU performance uye muna Chivabvu 28 yakamiswa neni nemaune / kwenguva pfupi (Cherechedza - OpenVPN & pppp zvakare iri kushanda pane sevha).

Nei 10% inogara CPU ichishandisa muganho we server iyi?

Nekuti pane zvirambidzo kubva kuAmazon EC2 uye inoverengerwa mumakiredhiti:

1 CPU chikwereti = 1 CPU inoshanda pa 100% mutoro kweminiti imwe, uye isu tine zvikwereti zvitanhatu (kureva, pakakwirira, 6% CPU kushandiswa kunogoneka mukati memaminetsi matanhatu, uye ipapo simba reCPU richadzikira). Mamwe masanganiswa: semuenzaniso, 100 CPU chikwereti = 6 CPU inomhanya pa1% mutoro kwemaminitsi maviri (kureva kuti tinogona kushandisa CPU pa1% mutoro kwemaminitsi gumi nemaviri), kana, semuenzaniso, inogara 50% - th CPU mutoro panguva. nguva yose, etc.

zvakawanikwa

• Isu tiri chikamu che "Digital Resistance". Akapa "madzibaba naamai" avo nzira yakavimbika yekukurukurirana.
• Kana iwe uine MtprotoProxyTelegram uye OpenVPN yakaiswa pane sevha, asi hapasisina, hapazovi nekunonoka / pings / kutadza, asi kana iwe uchigara uchiedza net2 / micro yako, mirira mabhureki ekutaurirana.
• Ping yangu yekumhiri kwemakungwa ndeye ~ 100-250ms, hapana kunonoka mukutaura kwezwi.
• Mari yemari kune ese "izvi" (kusanganisira VPC zviwanikwa) = 0₽.

Kudhindwazve kwechinyorwa chako.

UPD: Kutenda kune mamwe ma habrausers emashoko anobatsira, chokwadi, zvinogoneka (nhamba dzinotsigirwa here?), Kune ari nani analogues eiyo official Mtproto proxy Telegraph docker mufananidzo.

Source: www.habr.com