Up-to-date tutorial on how to set a Telegram MTProxy on an Ubuntu 22.04 sever using AWS Lightsail

telegram-mtproxy.md

How to set up a Telegram Proxy

This uses the native built-in proxy feature in the Telegram app.

The problem is the README in the official TelegramMessenger/MTProxy repo is outdated and fails at multiple points if you try following the steps described. Here's an updated version as of March 2024.

Instructions

1. Launch a clean Ubuntu 22.04 instance. I'm using AWS Lightsail. ssh into the machine:

ssh ubuntu@ip

2. Update apt:

sudo apt-get update

3. Install dependencies:

sudo apt install git curl build-essential libssl-dev zlib1g-dev

4. Clone the repo:

git clone https://github.com/TelegramMessenger/MTProxy
cd MTProxy

5. Change the Makefile and add the -fcommon flag to CFLAGS and LDFLAGS as per this PR

nano Makefile

Save and exit

6. Build the binaries

make

Make sure it compiles without errors.

7. Move the binary to /opt/MTProxy for ease of running:

sudo mkdir /opt/MTProxy
sudo cp objs/bin/mtproto-proxy /opt/MTProxy/

8. Go to the new directory:

cd /opt/MTProxy

9. Obtain the Telegram secret:

sudo curl -s https://core.telegram.org/getProxySecret -o proxy-secret

10. Obtain the Telegram configuration:

sudo curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf

11. Generate a proxy secret. This will output a string of random numbers and letters. Keep the result at hand, you will need it in a few steps:

head -c 16 /dev/urandom | xxd -ps

12. Create a mtproxy user to run the proxy:

sudo useradd -m -s /bin/false mtproxy

13. Update the ownership of the MTProxy directory to the new user

sudo chown -R mtproxy:mtproxy /opt/MTProxy

14. Allow traffic on port 8443 by opening the ports in the AWS Lightsail instance:

    • Navigate to your AWS Lightsail instance
    • In the Networking tab, under "IPv4 Firewall", click "Add rule"
    • Add a rule for a "Custom" TCP protocol on 8443. Make sure "Duplicate rule for IPv6" is active
    • Click "create"

15. Now we need to know our AWS instance's private and public IP to pass them to MTProxy.

All AWS instances are behind a NAT, and this causes the RPC protocol handshake to fail if a private-to-public network address translation is not passed explicitly to MTProxy as the --nat-info param. If you don't do this, the proxy will look like it's running normally, but Telegram clients will not be able to connect, and the app will show a message like "Proxy unavailable" or an infinite "Conecting..." message.

If you don't know how to look up your AWS instance's public and private IPs, follow these steps

Once you have your private and public IP, which should look something like 170.10.0.200 and 18.180.0.1, keep them at hand because you'll need them in a moment and continue.

16. Set up a systemd service to run the proxy:

sudo nano /etc/systemd/system/MTProxy.service

Copy the folliwng config:

[Unit]
Description=MTProxy
After=network.target

[Service]
Type=simple
WorkingDirectory=/opt/MTProxy
ExecStart=/opt/MTProxy/mtproto-proxy -u mtproxy -p 8888 -H 8443 -S <YOUR_SECRET_FROM_STEP_11> --aes-pwd proxy-secret proxy-multi.conf -M 1 --http-stats --nat-info <YOUR_PRIVATE_IP>:<YOUR_PUBLIC_IP>
Restart=on-failure

[Install]
WantedBy=multi-user.target

Save and exit

17. Reload the systemd daemons:

sudo systemctl daemon-reload

18. Test the MTProxy service and verify it started just fine:

sudo systemctl restart MTProxy.service

# Check status, it should be active
sudo systemctl status MTProxy.service

The proxy is ready!

You should now be able to connect to it inside Telegram by using a link like:

tg://proxy?server=<YOUR_PUBLIC_IP>&port=8443&secret=<YOUR_SECRET_FROM_STEP_11>