Ukuhambisa iTelegram yakho yeMTroxy ngezibalo

"Ndiyifumene le nkunkuma,
ukuqala ngoZello ongenazintloni; LinkedIn
kunye nokuphela "ngomntu wonke" kwiqonga leTelegram
kwihlabathi lam.

Kwaye emva koko hiccup,
Igosa longeze ngokukhawuleza nangokukhwaza:
kodwa ndiza kubeka izinto ngolungelelwano (apha kwi-IT)"
(...).

UDurov, ukholelwa ngokufanelekileyo ukuba ngamagunya anegunya afanele amoyike, i-cypherpunk, kunye neRoskomnadzor kunye nezihlangu zegolide kunye nezihluzo zabo ze-DPI azimkhathazi ngokwenene.
(Ubuchule bezopolitiko)

Umgaqo-nkqubo wam wobugcisa ulula, ndiyakwazi ukuchaza apha iingcamango zam malunga nokuthintela ngokungakhathali kwi-Runet, kodwa ndiyakholelwa ukuba abemi abaqhubela phambili kubasebenzisi baseRashiya banamhlanje kunye nabasebenzisi be-Habr baye baziva bengazinzanga kurhulumente wangoku eluswini lwabo, ngoko ke ndiya kuzikhawulela. ibinzana elinye: umgaqo-nkqubo wethu wobugcisa "Ukumelana neDijithali" . "ukubonelela izalamane kunye nabahlobo ngejelo lonxibelelwano oluzinzileyo."

Kusetyenziswa iTelegram yommeli weMTProto

• Inqanaba lobugcisa lobunzima "lulula", ukuba, umzekelo, ulandela eli phepha lokukopela.
• Inqanaba lokuthembeka "lingaphezulu komndilili": umfanekiso wedoki usebenza ngokuzinzileyo, akufuneki ukuba uqalwe kwakhona yonke imihla, njengoko abaphuhlisi bebhale kuxwebhu lwabo lweTelegram esemthethweni, kodwa isikhongozeli mhlawumbi sinobuthathaka obuthile.
• Inqanaba lokuchasana / ukuxhalaba - amalungu angama-10 e-ISIS aluka amayelenqe abo "izalamane zisebenzise", ukuvalwa akuzange kuvele kwi-RKN nokuba kanye ngexesha lonke (ukususela entwasahlobo).
• Inqanaba lokuthembana "kukungathembi kwabantwana esidlangalaleni", ingxaki kwicala labaxumi (abanye abahlobo bayakrokrela iMtprotoProxy yam).
• Amanqanaba eTestosterone - "akazange aphakame."
• Iindleko zemali - "0₽".
• Umvuzo wemali - "ayixhomekeke kummi waseDurov." Ukukhuthaza - ukukwazi ukunyanzelisa intengiso.

Siza kuphakamisa iTelegramProxy yethu kwizakhono "zasimahla / zomntu" zeAmazon-ec2: t2.micro. ndidla ngoku oku imoto.

Kulungile, ifakwe iseva yakho yasimahla, yiya kwiwebhusayithi esemthethweni dockerhub kwaye ukhuphele isikhongozeli sedocker.

Akukho sidingo sokujonga umfanekiso othile, ifayile, okanye iqhosha lomlingo- "azikho", yonke imilingo yenziwa kwi-CLI:

$ docker pull telegrammessenger/proxy #образ скачан.

Kodwa ngaphambi kokuba "loo nto", faka i-docker ye-CLI:

sudo apt-get install docker.io docker

Ngaphaya koko, kuxwebhu olusemthethweni lweMtprotoProxyTelegram, sinikezelwa ukuba senze into efana nale ilandelayo, siyayenza:

$ sudo su && docker run -d -p443:443 --name=mtproto-proxy --restart=always -v proxy-config:/data telegrammessenger/proxy:latest #запускаем наш контейнер «mtproto-proxy».

Emva kwalo myalelo, umtya we-HEX uya kuvela kwisiphumo se-terminal, kodwa asinamdla kuyo.

Sibhala kwi-CLI:

$ docker logs mtproto-proxy

Kwaye sifumana idatha efunekayo:

Kwimveliso yale log, siboniswa (smeared):

A) iseva yethu ip (iseva yangaphandle ip);
B) kunye nemfihlo engaqhelekanga - umtya ongaqhelekanga kwi-HEX.

Ngaphambi kokubhalisa iMtproProxy yethu, kufuneka uqwalasele i-firewall engundoqo phezu kwe-iptables (kungakhathaliseki ukuba uhambisa njani kwakhona i-traffic kule VPC, iya kuba yimbi, kuba i-firewall engundoqo kwi-Amazon-EC2 ibekwe kwi-interface yewebhu kwaye inokubaluleka okuphezulu iiptables).

Siya ku "ikhonco I-Amazon-EC2" kwiQela loKhuseleko kunye ne-port evulekileyo engenayo i-443 (imasking enengqondo traffic okokuqala).

Sithatha idatha yethu "ye-ip kunye nemfihlo" kwilogi kwaye siye kumthunywa weTelegram, fumana i-MTProxy Admin Bot esemthethweni (@MTProxybot) kwaye ubhalise iMtproProxy yethu: sebenzisa [/newproxy] umyalelo kwaye ufake [yethu_ip:443], kwaye ke yethu [imfihlo /HEX].

Ukuba uyamosha xa ufaka idatha, i-bot iya kuba nomsindo kwaye ikuthumele ku ...

Ukuba ugcwalisa imigca emibini ngaphandle kweempazamo, uya kufumana imvume kunye nekhonkco elisebenzayo kwiMtprotoProxyTelegram yakho yangoku, onokuthi wabelane ngayo nabani na.

Kwakhona, ngale bot, unokongeza itshaneli yakho yenkxaso (kodwa hayi incoko), apho uya kunyanzelisa iimbono zakho kubasebenzisi abaqhagamshele kwiseva yakho, okanye awukwazi "ugaxekile" kwaye ungakhathazi ukuba ngabathengi bakho ebonisa isitishi kuluhlu lomyalezo oluphiniweyo.

Amagama ambalwa ngakumbi malunga ne-bot, apho unokucela khona izibalo, kodwa "kunye ne-donut". Kubonakala ukuba, "izibalo" ziyafumaneka xa "unesihlwele sabalayishi bamahhala" emva kwakho Makhachkala.

Ukubeka iliso

Kwaye bangaphi abasebenzisi esinokuqhagamshela kwiseva yethu? Kwaye kunjalo, ngubani / yintoni ekhoyo? Intoni? Kwaye bangaphi?

Sijonga into ekhoyo ngokwamaxwebhu asemthethweni ... Ewe, apha, yenza ngolu hlobo:

$ curl http://localhost:2398/stats или вот так $ docker exec mtproto-proxy curl http://localhost:2398/stats # и нам выдадут статистику прямо в CLI.

“Gcina ipokotho yakho ibe banzi” Ngokwemiyalelo ecetywayo, siya kuhlala sifumana impazamo efanayo:

«curl: (7) Ayiphumelelanga ukuqhagamshela kwizibuko le-localhost 2398: Uqhagamshelo lwaliwe»

Ummeli wethu uya kusebenza. Kodwa! Bagel, hayi izibalo esizifumanayo.

Unokwenza izinto zamehlo abomvu: khangela

$ netstat -an | grep 2398 и...

Ekuqaleni ndacinga ukuba le yenye i-jamb emva kwabaphuhlisi beTelegram (kwaye ndisacinga njalo), emva koko ndafumana isisombululo esilungileyo sexeshana: ipolisha i-Docker Container ngefayile.

Emva kwexesha, i-infa yabamba iliso lam:

malunga nemidaniso yelizwe laseRoskomnadzor malunga "namanani".

“Sithintele ezinye zeeproxi zoluntu kwiiseva zethu zisebenzisa uvimba weprojekthi ye-firehol. Le projekthi ibeka iliso kuluhlu kunye nabameli bakarhulumente kwaye yenza uvimba weenkcukacha kunye nabo.

Ukususela ngaloo mzuzu (oko kukuthi, phantse iintsuku ezimbini sele), akukho dilesi ye-IP enye ye-proxy yethu yaseRashiya ivaliwe.

3. Siyakuxelela indlela yokwenza i-proxy ephantse ingabikho kwi-Roskomnadzor kwaye wabelane ngeskripthi sokuthintela i-proxies yoluntu.

- Hlaziya isikhongozeli sedocker esisebenza njengommeli (okanye i-daemon) kuguqulelo lwamva nje: I-RKN ibala iinguqulelo ezindala ngezibuko leenkcukacha-manani, ebezibotshelelwe ku-0.0.0.0 kwaye zichongwe ngokwahlukileyo kwi-Intanethi iphela. Okungcono ngakumbi, vula izibuko eziyimfuneko usebenzisa iptables, kwaye uvale ukuphumla (khumbula ukuba kwimeko yesitya se-docker, kufuneka usebenzise umgaqo we-FORWARD).

- I-Roskomnadzor ifunde ukulahla i-traffic kwakudala: babona izicelo ngaphakathi kwe-HTTP kunye ne-SOCKS5 proxies, kwaye babona inguqu yakudala ye-MTProto proxy obfuscation.

Xa abaxumi babanye ababoneleli abaneendawo zokulahla ezinjalo bafakela ukufikelela kwiTelegram ngokusebenzisa iiproksi ezinjalo, i-RKN ibona ezo zicelo kwaye ngokukhawuleza ivala ezi proxies. Okufanayo kuya kwi-MTProto proxy ene-obfuscation endala.

Isisombululo: sasaza imfihlo kuphela nge-dd ekuqaleni kubaxhasi abaqhagamshela kwiproxy (akukho mfuneko yokukhankanya oonobumba abongezelelweyo dd kwizicwangciso zeproxy ye-mtproto ngokwayo). Oku kuya kwenza uguqulelo lwe-obfuscation ukuba i-dumppiles ingakwazi ukuyibona.

Kwaye akukho proxies ye-HTTP okanye ye-SOCKS5.

- Ukulungelelaniswa, ngoncedo apho umnini ngamnye we-telegram proxy, ohlala evinjelwa yi-RKN, unokuyeka ngokupheleleyo (okanye phantse ngokupheleleyo) ayeke ukuvimba (kwaye ngexesha elifanayo uqinisekise ukuba i-RKN ilele).

Iscript esivala abameli bakawonke-wonke kunye nencwadana encinci yaso.

→ Umthombo

Ummeleli wethu ungowaseNtshona, andidibananga naziphi na iingxaki / iibhlokhi ngexesha lentwasahlobo kunye neentsuku ezipholileyo zasehlotyeni, ayikhange itsale umsebenzi wokudala, ngenxa yoko andizange ndiphulukane nesantya kwaye andongezi isimaphambili sedd* kuyo. isitixo.

Incwadi ethi "ukufumana izibalo / ukubeka iliso" ngokwemiyalelo esemthethweni yeMtprotoProxyTelegram ayisebenzi / iphelelwe lixesha, kuya kufuneka ulungise umfanekiso wedocker.

Siyayilungisa.

Isikhongozeli sisaqhuba:

$ docker stop mtproto-proxy #останавливаем наш запущенный docker-контейнер и запускаем новый образ с пропущенным флагом статистики

$ docker run --net=host --name=mtproto-proxy2 -d -p443:443 -v proxy-config:/data -e SECRET=ваш_предыдущий_секрет_hex telegrammessenger/proxy:latest

Masijonge izibalo:

$ curl http://localhost:2398/stats

curl: (7) Ayiphumelelanga ukudibanisa ku-0.0.0.0 port 2398: Uqhagamshelo lwaliwe
Iinkcukacha-manani azikafumaneki.!..

Fumana isazisi sesikhongozeli sedoki:

$ docker ps

I-ID YOMFANEKISO YE-ID YOMTHETHO UMYALELO WENZA AMAGAMA EZIBUHLWE
f423c209cfdc telegrammessenger/proxy:yamva nje "/bin/sh -c '/bin/ba…" Malunga neyure edlulileyo Phezulu Malunga nomzuzu 0.0.0.0:443->443/tcp mtproto-proxy2

Sihamba kunye ne-charter yethu ngaphakathi kwi-docker container:

$ sudo docker exec -it f423c209cfdc /bin/bash

$ apt-get update
$ apt-get install nano
$ nano -$ run.sh

Kwaye kumgca wokugqibela weskripthi "run.sh", yongeza iflegi engekhoyo:

«--http-izibalo»
"Exec / usr / yendawo / bin / mtproto-proxy -p 2398 -H 443 -M "$ ABASEBENZI" -C 60000 --aes-pwd / etc/ telegram/hello-explorers-indlela-ukwenza ngayo -u ingcambu $CONFIG --vumela-tsiba-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD"

Yongeza "--http-stats", into enje kufuneka isebenze:

«exec /usr/local/bin/mtproto-proxy -p 2398 --http-stats -H 443 -M "$WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-are-you-doing -u root $CONFIG --allow-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD»

Ctrl+o/Ctrl+x/Ctrl+d (gcina/phuma nano/phuma isikhongozeli).

Qala kwakhona isikhongozeli sethu se-docker:

$ docker restart mtproto-proxy2

Konke, ngoku kumyalelo:

$ curl http://localhost:2398/stats #получаем объемную статистику

Kukho "inkunkuma" eninzi kwizibalo (i-1/3 yayo ikwisikrini), yenza isiteketiso:

$ echo "alias telega='curl localhost:2398/stats | grep -e total_special -e load_average_total'" >> .bashrc && bash

Sifumana ukuba isikhongozeli sedoki sapolishwa ngantoni: inani loqhagamshelo kunye nomthwalo:

$ telega

Isikhongozeli seDocker siyasebenza, izibalo ziyajikeleza.

Izibonelelo ezichithiweyo

Upholile njengoko unguStuart Redman, nokuba ushiya uphawu kwi-panty yakho. Umfanekiso osebenzayo weDocker ushiya unyawo olukhulu.

Akukho ngqiqweni ukuchaza iingenelo kunye nokungalunganga kwemifanekiso ye-docker, isitya se-docker ngumatshini omncinci osebenzisa izixhobo ezingaphantsi komatshini "wokwenyani", onjengeVirtualBox, kodwa uyayenza.

1) Yaziswa ngeenkcukacha-manani okanye ngaphandle kwe-docker-image, abaxumi ababini abadlalayo okanye abalishumi-izibonelelo zisetyenziswa ~ ngendlela efanayo: 75% ye-CPU yonke t2.micro yokusebenza.

2) Sijonge esweni iseva yeVPC:

Ukusuka kwigrafu yokusetyenziswa kwezibonelelo kwi-VPC, sibona ukuba isitya se-docker sihlala sidla ~ 7,5% ye-max iyonke. Ukusebenza kwe-CPU kwaye ngoMeyi 28 kwamiswa ndim ngenjongo / okwethutyana (Qaphela-i-OpenVPN kunye ne-pppp nazo ziyasebenza kwiseva).

Kutheni i-10% i-CPU engaguqukiyo yokusetyenziswa komda kule seva?

Kuba kukho izithintelo ezivela kwiAmazon EC2 kwaye zibalwa kwiikhredithi:

I-1 CPU credit = 1 CPU esebenza kwi-100% yomthwalo ngomzuzu omnye, kwaye sineekhredithi ze-6 (oko kukuthi, kwiindawo eziphakamileyo, ukusetyenziswa kwe-CPU ye-100% kunokwenzeka kwimizuzu engama-6, kwaye ke amandla e-CPU aya kuncipha). Olunye udibaniso: umzekelo, i-1 CPU credit = 1 CPU esebenza kwi-50% yomthwalo imizuzu emibini (oko kukuthi singasebenzisa i-CPU kwi-50% yomthwalo wemizuzu ye-12), okanye, umzekelo, i-10% - th umthwalo we-CPU ngexesha lonke ixesha, njl.

ezifunyanisiweyo

• Siyinxalenye ye "Digital Resistance". Babonelele "ooyise noonina" ngejelo lonxibelelwano elithembekileyo.
• Ukuba unayo iMtprotoProxyTelegram kunye ne-OpenVPN efakwe kwiseva, kodwa akusekho, akusayi kubakho kulibaziseka / iipings / ukusilela, kodwa ukuba uhlala uzama nge-t2 / micro yakho, linda iibhuleki zonxibelelwano.
• I-ping yam yaphesheya yi ~ 100-250ms, akukho kulibaziseka kunxibelelwano lwelizwi.
• Iindleko zemali yazo zonke "oku" (kubandakanywa nezibonelelo zeVPC) = 0₽.

Ukuprintwa kwakhona kwenqaku lakho.

UPD: Enkosi kwezinye i-habrausers ngezimvo eziluncedo, eneneni, inokwenzeka (ngaba izibalo ziyaxhaswa?), Kukho ii-analogues ezingcono ze-Mtproto proxy Telegram docker image.

umthombo: www.habr.com