Ithumela i-MTProxy Telegraph yakho ngezibalo

"Ngalizuza leli gciwane,
kuqale ngoZello ongenamahloni; I-LinkedIn
futhi iphetha ngokuthi "wonke umuntu" endaweni yesikhulumi seTelegram
emhlabeni wami.

Bese u-hiccup,
Isikhulu sengeze ngokuxhamazela nangokuzwakalayo:
kodwa ngizobeka izinto ngendlela (lapha ku-IT)"
(...).

UDurov, ukholelwa ngokufanelekile ukuthi yizifunda ezigunyazayo okufanele zimesabe, i-cypherpunk, neRoskomnadzor nezihlangu zegolide ezinezihlungi zabo ze-DPI azimkhathazi ngempela.
(Isu lepolitiki)

Inqubomgomo yami yezobuchwepheshe ilula, ngiyakwazi ukuchaza lapha imicabango yami mayelana nokuvinjelwa ngokunganaki e-Runet, kodwa ngikholelwa ukuthi izakhamizi eziqhubekayo zabasebenzisi be-Modern Russian kanye ne-Habr ziye zazizwa zingenamsebenzi kuhulumeni wamanje esikhumbeni sabo, ngakho-ke ngizozikhawulela umushwana owodwa: inqubomgomo yethu yobuchwepheshe ithi “Ukumelana Nedijithali” . "ukuhlinzeka izihlobo nabangane ngesiteshi sokuxhumana esizinzile."

Kusetshenziswa iTelegram yommeleli weMTProto

• Izinga lobuchwepheshe lobunzima "lulula", uma, isibonelo, ulandela leli shidi lokukopela.
• Izinga lokuthembeka “lingaphezu kwesilinganiso”: isithombe sedokhu sisebenza ngokuzinzile, asidingi ukuqaliswa kabusha nsuku zonke, njengoba abathuthukisi bebhale emibhalweni yabo esemthethweni yeTelegramu, kodwa isitsha cishe siqukethe ubungozi obuthile.
• Izinga lokumelana/nokukhathazeka - Amalungu angu-10 e-ISIS aluka uzungu lwawo "izihlobo zisebenzisa", ukuvinjelwa akuzange kuvele ku-RKN ngisho nakanye ngaso sonke isikhathi (kusukela entwasahlobo).
• Izinga lokuthembana "ukungathembi ingane esidlangalaleni", inkinga ngasohlangothini lweklayenti (abanye abangani bayasola nge-MtprotoProxy yami).
• Amazinga e-testosterone - "awazange akhuphuke."
• Izindleko zezezimali - "0₽".
• Umvuzo wezezimali - "akuxhomekile kwisakhamuzi saseDurov." Ukukhangisa - ikhono lokuphoqelela ukukhangisa.

Sizophakamisa i-TelegramProxy yethu kumakhono "amahhala / womuntu" we-Amazon-ec2: t2.micro. ngisebenzise lokhu imoto.

Kulungile, kufakwe iseva yakho yamahhala, vakashela iwebhusayithi esemthethweni dockerhub bese ulanda isitsha se-docker.

Asikho isidingo sokubheka isithombe, ifayela, noma inkinobho yomlingo - "azikho", wonke umlingo wenziwa ku-CLI:

$ docker pull telegrammessenger/proxy #образ скачан.

Kepha ngaphambi kokuthi "lokho", faka i-docker ye-CLI:

sudo apt-get install docker.io docker

Ngaphezu kwalokho, emibhalweni esemthethweni ye-MtprotoProxyTelegram, sinikezwa ukuthi senze okuthile okufana nokulandelayo, sikwenza:

$ sudo su && docker run -d -p443:443 --name=mtproto-proxy --restart=always -v proxy-config:/data telegrammessenger/proxy:latest #запускаем наш контейнер «mtproto-proxy».

Ngemva kwalo myalo, kuzovela iyunithi yezinhlamvu ye-HEX ekuphumeni kwetheminali, kodwa asinandaba nayo.

Sibhala ku-CLI:

$ docker logs mtproto-proxy

Futhi sithola idatha edingekayo:

Ekuphumeni kwaleli logi, siyaboniswa (sigcotshwe):

A) iseva yethu ip (iseva yangaphandle ip);
B) kanye nemfihlo engahleliwe - iyunithi yezinhlamvu engahleliwe ku-HEX.

Ngaphambi kokubhalisa i-MtproProxy yethu, udinga ukumisa i-firewall enkulu phezu kwama-iptables (kungakhathaliseki ukuthi uqondisa kanjani kabusha ithrafikhi kule VPC, kuzoba kubi, njengoba i-firewall enkulu e-Amazon-EC2 itholakala kusixhumi esibonakalayo sewebhu futhi inokubaluleka okuphezulu ngaphezu iptables).

Siya ku "ikhonsoli I-Amazon-EC2" kuQembu Lezokuphepha futhi uvule imbobo engenayo engu-443 (imasking enengqondo traffic okokuqala).

Sithatha idatha yethu "ye-ip nemfihlo" kulogi bese siya kusigijimi socingo, sithole i-MTProxy Admin Bot esemthethweni (@MTProxybot) bese sibhalisa i-MtproProxy yethu: sebenzisa umyalo [/newproxy] bese ufaka [yethu_ip:443], futhi bese yethu [imfihlo /HEX].

Uma ungcolisa lapho ufaka idatha, i-bot izothukuthela futhi ikuthumele ku ...

Uma ugcwalisa imigqa emibili ngaphandle kwamaphutha, uzothola imvume kanye nesixhumanisi esisebenzayo ku-MtprotoProxyTelegram yakho yamanje, ongabelana ngayo nanoma ubani.

Futhi, ngale bot, ungakwazi ukwengeza isiteshi sakho soxhaso (kodwa hhayi ingxoxo), lapho uzobeka khona imibono yakho kubasebenzisi abaxhume kuseva yakho, noma awukwazi "ukufaka ugaxekile" futhi ungakukhathazi ukuba ngamakhasimende akho ikhombisa isiteshi ohlwini lwezithunywa eziphiniwe.

Amagama ambalwa ngaphezulu mayelana ne-bot, lapho ungacela khona izibalo, kodwa "futhi i-donut". Ngokusobala, "izibalo" ziyatholakala uma "unesixuku sabalayishi bamahhala" ngemuva kwakho Makhachkala.

Ukuqapha

Bangaki abasebenzisi esingabaxhuma kuseva yethu? Futhi noma kunjalo, ubani / yini ekhona? Ini? Futhi bangaki?

Sibheka ukuthi yini ekhona ngokwemibhalo esemthethweni ... Yebo, lapha, kwenze kanje:

$ curl http://localhost:2398/stats или вот так $ docker exec mtproto-proxy curl http://localhost:2398/stats # и нам выдадут статистику прямо в CLI.

“Gcina iphakethe lakho libe banzi” Ngokwemiyalelo ehlongozwayo, sizohlala sithola iphutha elifanayo:

«curl: (7) Yehlulekile ukuxhuma kwimbobo ye-localhost 2398: Ukuxhumeka kunqatshiwe»

Ummeleli wethu uzosebenza. Kodwa! I-Bagel, hhayi izibalo esizitholayo.

Ungenza izinto zamehlo abomvu: hlola

$ netstat -an | grep 2398 и...

Ekuqaleni ngacabanga ukuthi lokhu kwakungenye i-jamb ngemuva kwabathuthukisi beTelegram (futhi ngisacabanga kanjalo), ngabe sengithola isisombululo esihle sesikhashana: pholisha i-Docker Container ngefayela.

Kamuva, i-infa yangibamba iso lami:

mayelana nemidanso yombuso yaseRoskomnadzor ezungeze "izibalo".

“Sivimbe abanye abameleli bomphakathi kumaseva ethu sisebenzisa imininingwane yephrojekthi ye-firehol. Le phrojekthi iqapha uhlu olunabameleli bomphakathi futhi yenza izingosi zolwazi ngazo.

Kusukela ngaleso sikhathi (okungukuthi, cishe izinsuku ezimbili kakade), alikho nelilodwa ikheli le-IP lommeleli wethu waseRussia elivinjiwe.

3. Sikutshela ukuthi uwenza kanjani ummeleli ocishe angenwe yi-Roskomnadzor futhi wabelane ngeskripthi sokuvimba abameleli bomphakathi.

- Buyekeza isiqukathi sedokha sommeleli we-MTProto (noma i-daemon) siye enguqulweni yakamuva: I-RKN ibala izinguqulo ezindala ngembobo yezibalo, ebiboshelwe ku-0.0.0.0 futhi yazikhomba yona ngokukhethekile kuyo yonke i-inthanethi. Okungcono nakakhulu, vula izimbobo ezidingekayo usebenzisa ama-iptables, bese uvala okunye (khumbula ukuthi esimweni sesitsha se-docker, kufanele usebenzise umthetho we-FORWARD).

- I-Roskomnadzor ifunde ukulahla ithrafikhi kudala: ibona izingcingo ngaphakathi kwama-proxies e-HTTP kanye ne-SOCKS5, futhi babona nenguqulo yakudala ye-MTrototo proxy obfuscation.

Lapho amaklayenti abanye abahlinzeki abanala ma-proxies anjalo efaka ukufinyelela ku-Telegram ngama-proxies anjalo, i-RKN ibona lezi zicelo futhi ivimbe ngokushesha lawa ma-proxy. Okufanayo kuya kummeleli we-MTProto nge-obfuscation yakudala.

Isixazululo: sabalalisa imfihlo kuphela ngo-dd ekuqaleni kumaklayenti axhumeka kummeleli (asikho isidingo sokucacisa izinhlamvu ezengeziwe dd kuzilungiselelo zommeleli we-mtproto uqobo). Lokhu kuzonika amandla inguqulo ye-obfuscation i-dumppiles engakwazi ukuyibona.

Futhi awekho ama-proxies e-HTTP noma e-SOCKS5.

- Ukulungiswa, ngosizo lapho umnikazi ngamunye wommeleli we-telegram, ovame ukuvinjelwa yi-RKN, angakwazi ngokuphelele (noma cishe ngokuphelele) ukuyeka ukuvimbela (futhi ngesikhathi esifanayo aqinisekise ukuthi i-RKN iqamba amanga).

Iskripthi esivimbela ama-proxi asesidlangalaleni kanye nemanuwali encane yawo.

→ Umthombo

Ummeleli wethu ungowe-pro-Western, angizange ngihlangabezane nezinkinga / ukuvinjwa phakathi nezinsuku zasentwasahlobo nezipholile zasehlobo, awuzange uhehe nomsebenzi wokudala, ngakho-ke angizange ngilahlekelwe ijubane futhi angingezanga isiqalo se-dd* ku- ukhiye.

Imanuwali "ukuthola izibalo/ukuqapha" ngokwemiyalo esemthethweni ye-MtprotoProxyTelegram ayisebenzi/iphelelwe yisikhathi, kuzodingeka ulungise isithombe sedokhu.

Siyayilungisa.

Isiqukathi sisasebenza:

$ docker stop mtproto-proxy #останавливаем наш запущенный docker-контейнер и запускаем новый образ с пропущенным флагом статистики

$ docker run --net=host --name=mtproto-proxy2 -d -p443:443 -v proxy-config:/data -e SECRET=ваш_предыдущий_секрет_hex telegrammessenger/proxy:latest

Ake sihlole izibalo:

$ curl http://localhost:2398/stats

curl: (7) Yehlulekile ukuxhuma ku-0.0.0.0 port 2398: Ukuxhumeka kunqatshiwe
Izibalo azikatholakali.!..

Thola i-ID yesiqukathi se-docker:

$ docker ps

UMYALELO WOMFANEKISO WE-ID WESIGQIZINI WADALA AMAGAMA ESITHUTHI SESITHUTHU
f423c209cfdc telegrammessenger/proxy:yakamuva "/bin/sh -c '/bin/ba..." Cishe ihora eledlule Phezulu Cishe umzuzu 0.0.0.0:443->443/tcp mtproto-proxy2

Sihamba ne-charter yethu ngaphakathi kwesitsha se-docker:

$ sudo docker exec -it f423c209cfdc /bin/bash

$ apt-get update
$ apt-get install nano
$ nano -$ run.sh

Futhi emgqeni wokugcina wombhalo othi "run.sh", engeza ifulegi elingekho:

«--http-izibalo»
"exec /usr/local/bin/mtproto-proxy -p 2398 -H 443 -M "$ WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how- are-you-doing -u impande $CONFIG --vumela-yeqa-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD"

Engeza "--http-stats", into efana nalena kufanele isebenze:

«exec /usr/local/bin/mtproto-proxy -p 2398 --http-stats -H 443 -M "$WORKERS" -C 60000 --aes-pwd /etc/telegram/hello-explorers-how-are-you-doing -u root $CONFIG --allow-skip-d h --nat-info "$INTERNAL_IP:$IP" $SECRET_CMD $TAG_CMD»

Ctrl+o/Ctrl+x/Ctrl+d (londoloza/phuma esiqukathi se-nano/phuma).

Qala kabusha isitsha sethu se-docker:

$ docker restart mtproto-proxy2

Konke, manje ngomyalo:

$ curl http://localhost:2398/stats #получаем объемную статистику

Kukhona "udoti" omningi ezibalweni (i-1/3 yayo isesikrinini), yakha isiteketiso:

$ echo "alias telega='curl localhost:2398/stats | grep -e total_special -e load_average_total'" >> .bashrc && bash

Sithola ukuthi isitsha se-docker sapholishelwa ini: inombolo yokuxhumana nomthwalo:

$ telega

Isiqukathi se-Docker siyasebenza, izibalo ziyajikeleza.

Izinsiza ezisetshenzisiwe

Njengoba upholile njengoba u-Stuart Redman, ngisho ushiya umaki ephentini lakho. Isithombe se-Docker esisebenzayo sishiya isigxivizo esikhulu.

Akunangqondo ukuchaza izinzuzo nezingozi zezithombe ze-docker, isitsha se-docker siwumshini omncane-virtual odla izinsiza ezincane kunomshini obonakalayo "wangempela", njenge-VirtualBox, kodwa iyakwenza.

1) Yethulwe ngezibalo zesithombe se-docker noma ngaphandle kwaso, amaklayenti amabili ayadlala noma ayishumi - izinsiza zisetshenziswa ~ ngendlela efanayo: 75% wakho wonke ukusebenza kwe-CPU t2.micro.

2) Sibheka ukuqapha kweseva ye-VPC:

Kusuka kugrafu yokusetshenziswa kwensiza ku-VPC, sibona ukuthi isiqukathi sedokhu sihlala sisebenzisa ~ 7,5% yenani eliphelele. Ukusebenza kwe-CPU futhi ngoMeyi 28 kwamiswa yimi ngenhloso/isikhashana (Qaphela - I-OpenVPN ne-pppp nazo ziyasebenza kuseva).

Kungani ukusetshenziswa kwe-CPU okungashintshi okungu-10% kungumkhawulo wale seva?

Ngoba kunemikhawulo evela ku-Amazon EC2 futhi ibalwa ngamakhredithi:

Ikhredithi engu-1 ye-CPU = I-CPU engu-1 esebenza ngomthwalo ongu-100% umzuzu owodwa, futhi sinekhredithi engu-6 (okungukuthi, eziqongweni, ukusetshenziswa kwe-CPU engu-100% kungenzeka phakathi nemizuzu engu-6, bese amandla e-CPU azokwehla). Ezinye izinhlanganisela: isibonelo, ikhredithi ye-CPU engu-1 = i-CPU engu-1 egijima ku-50% umthwalo imizuzu emibili (okungukuthi singasebenzisa i-CPU ngomthwalo ongu-50% imizuzu engu-12), noma, isibonelo, umthwalo we-CPU ongaguquki 10% - th ngesikhathi sonke isikhathi, njll.

okutholakele

• Siyingxenye ye-"Digital Resistance". Banikeze "obaba nomama" babo ngesiteshi sokuxhumana esithembekile.
• Uma une-MtprotoProxyTelegram ne-OpenVPN efakwe kuseva, kodwa ngeke kusaba khona, ngeke kube khona ukubambezeleka / ama-pings / ukwehluleka, kodwa uma uzama njalo nge-t2 / micro yakho, linda amabhuleki okuxhumana.
• I-ping yami yaphesheya ingu-~100-250ms, akukho ukubambezeleka ekuxhumaneni ngezwi.
• Izindleko zezezimali zakho konke "lokhu" (kuhlanganise nezinsiza ze-VPC) = 0₽.

Ukuphrinta kabusha kwe-athikili yakho.

UPD: Sibonga ama-habrauser athile ngamazwana awusizo, ngempela, kungenzeka (ingabe izibalo ziyasekelwa?), Kukhona ama-analogue angcono wesithombe esisemthethweni se-Telegram sommeleli we-Mtproto.

Source: www.habr.com