Teddysun преди 5 години
родител
ревизия
c86c65ba98
променени са 5 файла, в които са добавени 0 реда и са изтрити 530 реда
  1. 0 30
      docker/mtproxy/Dockerfile
  2. 0 30
      docker/mtproxy/Dockerfile.architecture
  3. 0 85
      docker/mtproxy/README.md
  4. 0 111
      docker/mtproxy/entrypoint.sh
  5. 0 274
      docker/mtproxy/patches/randr_compat.patch

+ 0 - 30
docker/mtproxy/Dockerfile

@@ -1,30 +0,0 @@
-# Dockerfile for MTProxy based alpine
-# Copyright (C) 2020 Teddysun <[email protected]>
-# Reference URL:
-# https://github.com/TelegramMessenger/MTProxy
-
-FROM alpine:latest AS builder
-WORKDIR /root
-COPY patches /root/patches
-RUN set -ex \
-	&& apk add --no-cache git build-base linux-headers musl-dev openssl-dev zlib-dev \
-	&& git clone https://github.com/TelegramMessenger/MTProxy.git \
-	&& cd MTProxy \
-	&& patch -p0 -i /root/patches/randr_compat.patch \
-	&& make
-
-FROM alpine:latest
-LABEL maintainer="Teddysun <[email protected]>"
-
-COPY entrypoint.sh /
-COPY --from=builder /root/MTProxy/objs/bin/mtproto-proxy /usr/bin
-
-RUN set -ex \
-	&& apk add --no-cache curl tzdata \
-	&& chmod 755 /entrypoint.sh
-ENV TZ=Asia/Shanghai
-EXPOSE 443 2398
-VOLUME /data
-WORKDIR /data
-ENTRYPOINT ["/entrypoint.sh"]
-CMD [ "--port", "2398", "--http-ports", "443", "--slaves", "2", "--max-special-connections", "60000", "--allow-skip-dh" ]

+ 0 - 30
docker/mtproxy/Dockerfile.architecture

@@ -1,30 +0,0 @@
-# Dockerfile for MTProxy based alpine
-# Copyright (C) 2020 Teddysun <[email protected]>
-# Reference URL:
-# https://github.com/TelegramMessenger/MTProxy
-
-FROM --platform=${TARGETPLATFORM} alpine:latest AS builder
-WORKDIR /root
-COPY patches /root/patches
-RUN set -ex \
-	&& apk add --no-cache git build-base linux-headers musl-dev openssl-dev zlib-dev \
-	&& git clone https://github.com/TelegramMessenger/MTProxy.git \
-	&& cd MTProxy \
-	&& patch -p0 -i /root/patches/randr_compat.patch \
-	&& make
-
-FROM --platform=${TARGETPLATFORM} alpine:latest
-LABEL maintainer="Teddysun <[email protected]>"
-
-COPY entrypoint.sh /
-COPY --from=builder /root/MTProxy/objs/bin/mtproto-proxy /usr/bin
-
-RUN set -ex \
-	&& apk add --no-cache curl tzdata \
-	&& chmod 755 /entrypoint.sh
-ENV TZ=Asia/Shanghai
-EXPOSE 443 2398
-VOLUME /data
-WORKDIR /data
-ENTRYPOINT ["/entrypoint.sh"]
-CMD [ "--port", "2398", "--http-ports", "443", "--slaves", "2", "--max-special-connections", "60000", "--allow-skip-dh" ]

+ 0 - 85
docker/mtproxy/README.md

@@ -1,85 +0,0 @@
-## MTProxy Docker Image by Teddysun
-
-The [Telegram Messenger MTProto proxy][1] is a zero-configuration container that automatically sets up a proxy server that speaks Telegram's native MTProto.
-
-This Docker Image Based on the work of [alexdoesh](https://github.com/alexdoesh/mtproxy)
-
-Docker images are built for quick deployment in various computing cloud providers.
-
-For more information on docker and containerization technologies, refer to [official document][2].
-
-## Prepare the host
-
-If you need to install docker by yourself, follow the [official installation guide][3].
-
-## Pull the image
-
-```bash
-$ docker pull teddysun/mtproxy
-```
-
-This pulls the latest release of MTProxy.
-
-It can be found at [Docker Hub][4].
-
-## Start a container
-
-You **must create a directory**  `/etc/mtproxy` in host at first:
-
-```
-$ mkdir -p /etc/mtproxy
-```
-
-To start the proxy all you need to do is below:
-
-`docker run -d -p443:443 --name=mtproxy --restart=always -v /etc/mtproxy:/data teddysun/mtproxy`
-
-The container's log output (`docker logs mtproxy`) will contain the links to paste into the Telegram app:
-
-```
-[+] Using the explicitly passed secret: '00baadf00d15abad1deaa515baadcafe'.
-[+] Saving it to /data/secret.
-[*] Final configuration:
-[*]   Secret 1: 00baadf00d15abad1deaa515baadcafe
-[*]   tg:// link for secret 1 auto configuration: : tg://proxy?server=3.14.15.92&port=443&secret=00baadf00d15abad1deaa515baadcafe
-[*]   t.me link for secret 1: tg://proxy?server=3.14.15.92&port=443&secret=00baadf00d15abad1deaa515baadcafe
-[*]   Tag: no tag
-[*]   External IP: 3.14.15.92
-[*]   Make sure to fix the links in case you run the proxy on a different port.
-```
-
-**Warning**: The port number `443` must be opened in firewall.
-
-The secret will persist across container upgrades in a volume.
-
-It is a mandatory configuration parameter: if not provided, it will be generated automatically at container start. 
-
-You may forward any other port to the container's 443: be sure to fix the automatic configuration links if you do so.
-
-Please note that the proxy gets the Telegram core IP addresses at the start of the container. We try to keep the changes to a minimum, but you should restart the container about once a day, just in case.
-
-## Registering your proxy
-
-Once your MTProxy server is up and running go to [@MTProxybot](https://t.me/mtproxybot) and register your proxy with Telegram to gain access to usage statistics and monetization.
-
-## Custom configuration
-
-If you need to specify a custom secret (say, if you are deploying multiple proxies with DNS load-balancing), you may pass the SECRET environment variable as 16 bytes in lower-case hexidecimals:
-
-`docker run -d -p443:443 -v /etc/mtproxy:/data -e SECRET=00baadf00d15abad1deaa51sbaadcafe teddysun/mtproxy`
-
-## Monitoring
-
-The MTProto proxy server exports internal statistics as tab-separated values over the http://localhost:2398/stats endpoint.
-
-Please note that this endpoint is available only from localhost: depending on your configuration, you may need to collect the statistics with `docker exec mtproxy curl http://localhost:2398/stats`.
-
-* `ready_targets`: number of Telegram core servers the proxy will try to connect to.
-* `active_targets`: number of Telegram core servers the proxy is actually connected to. Should be equal to ready_targets.
-* `total_special_connections`: number of inbound client connections
-* `total_max_special_connections`: the upper limit on inbound connections. Is equal to 60000 multiplied by worker count.
-
-[1]: https://github.com/TelegramMessenger/MTProxy
-[2]: https://docs.docker.com/
-[3]: https://docs.docker.com/install/
-[4]: https://hub.docker.com/r/teddysun/mtproxy/

+ 0 - 111
docker/mtproxy/entrypoint.sh

@@ -1,111 +0,0 @@
-#!/bin/sh
-if [ ! -z "$DEBUG" ]; then set -x; fi
-mkdir /data 2>/dev/null >/dev/null
-RANDOM=$(printf "%d" "0x$(head -c4 /dev/urandom | od -t x1 -An | tr -d ' ')")
-
-if [ -z "$WORKERS" ]; then
-    WORKERS=1
-fi
-
-SECRET_CMD=""
-if [ ! -z "$SECRET" ]; then
-    echo "[+] Using the explicitly passed secret: '$SECRET'."
-elif [ -f /data/secret ]; then
-    SECRET="$(cat /data/secret)"
-    echo "[+] Using the secret in /data/secret: '$SECRET'."
-else
-    if [[ ! -z "$SECRET_COUNT" ]]; then
-       if [[ "$SECRET_COUNT" -le 1 || "$SECRET_COUNT" -ge 16 ]]; then
-            echo "[F] Can generate between 1 and 16 secrets."
-            exit 5
-       fi
-    else
-      SECRET_COUNT="1"
-    fi
-
-    echo "[+] No secret passed. Will generate $SECRET_COUNT random ones."
-    SECRET="$(dd if=/dev/urandom bs=16 count=1 2>&1 | od -tx1  | head -n1 | tail -c +9 | tr -d ' ')"
-    for pass in $(seq 2 $SECRET_COUNT); do
-        SECRET="$SECRET,$(dd if=/dev/urandom bs=16 count=1 2>&1 | od -tx1  | head -n1 | tail -c +9 | tr -d ' ')"
-    done
-fi
-
-if echo "$SECRET" | grep -qE '^[0-9a-fA-F]{32}(,[0-9a-fA-F]{32}){0,15}$'; then
-    SECRET="$(echo "$SECRET" | tr '[:upper:]' '[:lower:]')"
-    SECRET_CMD="-S $(echo "$SECRET" | sed 's/,/ -S /g')"
-    echo -- "$SECRET_CMD" > /data/secret_cmd
-    echo "$SECRET" > /data/secret
-else
-    echo '[F] Bad secret format: should be 32 hex chars (for 16 bytes) for every secret; secrets should be comma-separated.'
-    exit 1
-fi
-
-if [ ! -z "$TAG" ]; then
-    echo "[+] Using the explicitly passed tag: '$TAG'."
-fi
-
-TAG_CMD=""
-if [[ ! -z "$TAG" ]]; then
-    if echo "$TAG" | grep -qE '^[0-9a-fA-F]{32}$'; then
-        TAG="$(echo "$TAG" | tr '[:upper:]' '[:lower:]')"
-        TAG_CMD="-P $TAG"
-    else
-        echo '[!] Bad tag format: should be 32 hex chars (for 16 bytes).'
-        echo '[!] Continuing.'
-    fi
-fi
-
-REMOTE_CONFIG=/data/proxy-multi.conf
-curl -s https://core.telegram.org/getProxyConfig -o ${REMOTE_CONFIG} || {
-    echo '[F] Cannot download proxy configuration from Telegram servers.'
-    exit 2
-}
-
-REMOTE_SECRET=/data/proxy-secret
-curl -s https://core.telegram.org/getProxySecret -o ${REMOTE_SECRET} || {
-    echo '[F] Cannot download proxy secret from Telegram servers.'
-    exit 5
-}
-
-if [ ! -z "$EXTERNAL_IP" ]; then
-    echo "[+] Using the explicitly passed external IP: ${EXTERNAL_IP}."
-else
-    EXTERNAL_IP="$(curl -s -4 "ipv4.icanhazip.com")"
-    if [[ -z "$EXTERNAL_IP" ]]; then
-        echo "[F] Cannot determine external IP address."
-        exit 3
-    else
-        echo "[+] Using the detected external IP: ${EXTERNAL_IP}."
-    fi
-fi
-
-if [ ! -z "$INTERNAL_IP" ]; then
-    echo "[+] Using the explicitly passed internal IP: ${INTERNAL_IP}."
-else
-    INTERNAL_IP="$(ip -4 route get 8.8.8.8 | grep '^8\.8\.8\.8\s' | grep -Eo 'src\s+\d+\.\d+\.\d+\.\d+' | awk '{print $2}')"
-    if [[ -z "$INTERNAL_IP" ]]; then
-        echo "[F] Cannot determine internal IP address."
-        exit 4
-    else
-        echo "[+] Using the detected internal IP: ${INTERNAL_IP}."
-    fi
-fi
-
-echo "[*] Final configuration:"
-I=1
-echo "$SECRET" | tr ',' '\n' | while read S; do
-    echo "[*]   Secret $I: $S"
-    echo "[*]   tg:// link for secret $I auto configuration: tg://proxy?server=${EXTERNAL_IP}&port=443&secret=${S}"
-    echo "[*]   t.me link for secret $I: https://t.me/proxy?server=${EXTERNAL_IP}&port=443&secret=${S}"
-    I=$(($I+1))
-done
-
-[ ! -z "$TAG" ] && echo "[*]   Tag: $TAG" || echo "[*]   Tag: no tag"
-echo "[*]   External IP: ${EXTERNAL_IP}"
-echo "[*]   Make sure to fix the links in case you run the proxy on a different port."
-echo
-echo '[+] Starting proxy...'
-sleep 1
-
-# start mtproto-proxy
-exec mtproto-proxy "$@" --aes-pwd ${REMOTE_SECRET} --user root ${REMOTE_CONFIG} --nat-info "$INTERNAL_IP:$EXTERNAL_IP" ${SECRET_CMD} ${TAG_CMD}

+ 0 - 274
docker/mtproxy/patches/randr_compat.patch

@@ -1,274 +0,0 @@
-Index: jobs/jobs.h
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
-===================================================================
---- jobs/jobs.h	(revision cdd348294d86e74442bb29bd6767e48321259bec)
-+++ jobs/jobs.h	(date 1527996954000)
-@@ -28,6 +28,8 @@
- #include "net/net-msg.h"
- #include "net/net-timers.h"
- 
-+#include "common/randr_compat.h"
-+
- #define __joblocked
- #define __jobref
- 
-Index: common/server-functions.c
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
-===================================================================
---- common/server-functions.c	(revision cdd348294d86e74442bb29bd6767e48321259bec)
-+++ common/server-functions.c	(date 1527998325000)
-@@ -35,7 +35,9 @@
- #include <arpa/inet.h>
- #include <assert.h>
- #include <errno.h>
-+#ifdef __GLIBC__
- #include <execinfo.h>
-+#endif
- #include <fcntl.h>
- #include <getopt.h>
- #include <grp.h>
-@@ -168,6 +170,7 @@
- }
- 
- void print_backtrace (void) {
-+#ifdef __GLIBC__
-   void *buffer[64];
-   int nptrs = backtrace (buffer, 64);
-   kwrite (2, "\n------- Stack Backtrace -------\n", 33);
-@@ -178,6 +181,7 @@
-     kwrite (2, s, strlen (s));
-     kwrite (2, "\n", 1);
-   }
-+#endif
- }
- 
- pthread_t debug_main_pthread_id;
-Index: common/randr_compat.h
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
-===================================================================
---- common/randr_compat.h	(date 1527998264000)
-+++ common/randr_compat.h	(date 1527998264000)
-@@ -0,0 +1,72 @@
-+/*
-+    The GNU C Library is free software.  See the file COPYING.LIB for copying
-+    conditions, and LICENSES for notices about a few contributions that require
-+    these additional notices to be distributed.  License copyright years may be
-+    listed using range notation, e.g., 2000-2011, indicating that every year in
-+    the range, inclusive, is a copyrightable year that would otherwise be listed
-+    individually.
-+*/
-+
-+#pragma once
-+
-+#include <endian.h>
-+#include <pthread.h>
-+
-+struct drand48_data {
-+    unsigned short int __x[3];	/* Current state.  */
-+    unsigned short int __old_x[3]; /* Old state.  */
-+    unsigned short int __c;	/* Additive const. in congruential formula.  */
-+    unsigned short int __init;	/* Flag for initializing.  */
-+    unsigned long long int __a;	/* Factor in congruential formula.  */
-+};
-+
-+union ieee754_double
-+{
-+    double d;
-+
-+    /* This is the IEEE 754 double-precision format.  */
-+    struct
-+    {
-+#if	__BYTE_ORDER == __BIG_ENDIAN
-+        unsigned int negative:1;
-+        unsigned int exponent:11;
-+        /* Together these comprise the mantissa.  */
-+        unsigned int mantissa0:20;
-+        unsigned int mantissa1:32;
-+#endif				/* Big endian.  */
-+#if	__BYTE_ORDER == __LITTLE_ENDIAN
-+        /* Together these comprise the mantissa.  */
-+        unsigned int mantissa1:32;
-+        unsigned int mantissa0:20;
-+        unsigned int exponent:11;
-+        unsigned int negative:1;
-+#endif				/* Little endian.  */
-+    } ieee;
-+
-+    /* This format makes it easier to see if a NaN is a signalling NaN.  */
-+    struct
-+    {
-+#if	__BYTE_ORDER == __BIG_ENDIAN
-+        unsigned int negative:1;
-+        unsigned int exponent:11;
-+        unsigned int quiet_nan:1;
-+        /* Together these comprise the mantissa.  */
-+        unsigned int mantissa0:19;
-+        unsigned int mantissa1:32;
-+#else
-+        /* Together these comprise the mantissa.  */
-+        unsigned int mantissa1:32;
-+        unsigned int mantissa0:19;
-+        unsigned int quiet_nan:1;
-+        unsigned int exponent:11;
-+        unsigned int negative:1;
-+#endif
-+    } ieee_nan;
-+};
-+
-+#define IEEE754_DOUBLE_BIAS	0x3ff /* Added to exponent.  */
-+
-+int drand48_r (struct drand48_data *buffer, double *result);
-+int lrand48_r (struct drand48_data *buffer, long int *result);
-+int mrand48_r (struct drand48_data *buffer, long int *result);
-+int srand48_r (long int seedval, struct drand48_data *buffer);
-\ No newline at end of file
-Index: Makefile
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
-===================================================================
---- Makefile	(revision cdd348294d86e74442bb29bd6767e48321259bec)
-+++ Makefile	(date 1527998107000)
-@@ -40,6 +40,7 @@
- DEPENDENCE_NORM	:=	$(subst ${OBJ}/,${DEP}/,$(patsubst %.o,%.d,${OBJECTS}))
- 
- LIB_OBJS_NORMAL := \
-+	${OBJ}/common/randr_compat.o \
- 	${OBJ}/common/crc32c.o \
- 	${OBJ}/common/pid.o \
- 	${OBJ}/common/sha1.o \
-Index: common/randr_compat.c
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
-===================================================================
---- common/randr_compat.c	(date 1527998213000)
-+++ common/randr_compat.c	(date 1527998213000)
-@@ -0,0 +1,120 @@
-+/*
-+    The GNU C Library is free software.  See the file COPYING.LIB for copying
-+    conditions, and LICENSES for notices about a few contributions that require
-+    these additional notices to be distributed.  License copyright years may be
-+    listed using range notation, e.g., 2000-2011, indicating that every year in
-+    the range, inclusive, is a copyrightable year that would otherwise be listed
-+    individually.
-+*/
-+
-+#include <stddef.h>
-+#include "common/randr_compat.h"
-+
-+int __drand48_iterate (unsigned short int xsubi[3], struct drand48_data *buffer) {
-+    uint64_t X;
-+    uint64_t result;
-+
-+    /* Initialize buffer, if not yet done.  */
-+    if (!buffer->__init == 0)
-+    {
-+        buffer->__a = 0x5deece66dull;
-+        buffer->__c = 0xb;
-+        buffer->__init = 1;
-+    }
-+
-+    /* Do the real work.  We choose a data type which contains at least
-+       48 bits.  Because we compute the modulus it does not care how
-+       many bits really are computed.  */
-+
-+    X = (uint64_t) xsubi[2] << 32 | (uint32_t) xsubi[1] << 16 | xsubi[0];
-+
-+    result = X * buffer->__a + buffer->__c;
-+
-+    xsubi[0] = result & 0xffff;
-+    xsubi[1] = (result >> 16) & 0xffff;
-+    xsubi[2] = (result >> 32) & 0xffff;
-+
-+    return 0;
-+}
-+
-+int __erand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, double *result) {
-+    union ieee754_double temp;
-+
-+    /* Compute next state.  */
-+    if (__drand48_iterate (xsubi, buffer) < 0)
-+        return -1;
-+
-+    /* Construct a positive double with the 48 random bits distributed over
-+       its fractional part so the resulting FP number is [0.0,1.0).  */
-+
-+    temp.ieee.negative = 0;
-+    temp.ieee.exponent = IEEE754_DOUBLE_BIAS;
-+    temp.ieee.mantissa0 = (xsubi[2] << 4) | (xsubi[1] >> 12);
-+    temp.ieee.mantissa1 = ((xsubi[1] & 0xfff) << 20) | (xsubi[0] << 4);
-+
-+    /* Please note the lower 4 bits of mantissa1 are always 0.  */
-+    *result = temp.d - 1.0;
-+
-+    return 0;
-+}
-+
-+int __nrand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, long int *result) {
-+    /* Compute next state.  */
-+    if (__drand48_iterate (xsubi, buffer) < 0)
-+        return -1;
-+
-+    /* Store the result.  */
-+    if (sizeof (unsigned short int) == 2)
-+        *result = xsubi[2] << 15 | xsubi[1] >> 1;
-+    else
-+        *result = xsubi[2] >> 1;
-+
-+    return 0;
-+}
-+
-+int __jrand48_r (unsigned short int xsubi[3], struct drand48_data *buffer, long int *result) {
-+    /* Compute next state.  */
-+    if (__drand48_iterate (xsubi, buffer) < 0)
-+        return -1;
-+
-+    /* Store the result.  */
-+    *result = (int32_t) ((xsubi[2] << 16) | xsubi[1]);
-+
-+    return 0;
-+}
-+
-+int drand48_r (struct drand48_data *buffer, double *result) {
-+    return __erand48_r (buffer->__x, buffer, result);
-+}
-+
-+int lrand48_r (struct drand48_data *buffer, long int *result) {
-+    /* Be generous for the arguments, detect some errors.  */
-+    if (buffer == NULL)
-+        return -1;
-+
-+    return __nrand48_r (buffer->__x, buffer, result);
-+}
-+
-+int mrand48_r (struct drand48_data *buffer, long int *result) {
-+    /* Be generous for the arguments, detect some errors.  */
-+    if (buffer == NULL)
-+        return -1;
-+
-+    return __jrand48_r (buffer->__x, buffer, result);
-+}
-+
-+int srand48_r (long int seedval, struct drand48_data *buffer) {
-+    /* The standards say we only have 32 bits.  */
-+    if (sizeof (long int) > 4)
-+        seedval &= 0xffffffffl;
-+
-+    buffer->__x[2] = seedval >> 16;
-+    buffer->__x[1] = seedval & 0xffffl;
-+    buffer->__x[0] = 0x330e;
-+
-+    buffer->__a = 0x5deece66dull;
-+    buffer->__c = 0xb;
-+    buffer->__init = 1;
-+
-+    return 0;
-+}
-\ No newline at end of file