forked from seriyps/mtproto_proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmtproto_proxy.app.src
150 lines (137 loc) · 6.49 KB
/
mtproto_proxy.app.src
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
{application, mtproto_proxy,
[{description, "High-performance Telegram MTProto proxy server"},
{vsn, "0.6.1"},
{registered, []},
{mod, { mtproto_proxy_app, []}},
{applications,
[lager,
ranch,
erlang_psq,
crypto,
ssl,
inets,
kernel,
stdlib
]},
{env,[
%% Close connection if it failed to perform handshake in this many seconds
{init_timeout_sec, 60},
{hibernate_timeout_sec, 60},
%% Close connection after this many seconds of inactivity
{ready_timeout_sec, 1200},
%% Telegram server uses your external IP address as part of encryption
%% key, so, you should know it.
%% You can configure IP lookup services by `ip_lookup_services' (should
%% return my IP address as one line from this URL) or set IP address
%% statically by `external_ip' (not both).
%% If both are unset, proxy will try to guess IP address
%% from getsockname().
%% `ip_lookup_services' will be tried one-by-one: if 1st is not responding,
%% 2nd one will be tried and so on
{ip_lookup_services,
["http://ipv4.seriyps.ru/",
"https://digitalresistance.dog/myIp",
"http://ipv4.myexternalip.com/raw"]},
%% {external_ip, "YOUR.SERVER.EXTERNAL.IP"},
%% Interface to listen for incoming connections
%% If not set, 0.0.0.0 will be used
{listen_ip, "0.0.0.0"},
%% You can add as much as you want. Names and ports should be unique
{ports, [#{name => mtp_handler_1,
port => 1443,
%% You can tell it to listen on specific IP.
%% If not set, top-level listen_ip will be used.
%% listen_ip => "1.2.3.4",
%% secret should be 32 hex chars [0-9a-f]
secret => <<"d0d6e111bada5511fcce9584deadbeef">>,
%% tag is what you get from @MTProxybot
tag => <<"dcbe8f1493fa4cd9ab300891c0b5b326">>}]},
{num_acceptors, 60},
{max_connections, 40960},
%% It's possible to forbid connection from telegram client to proxy
%% with some of the protocols. Ti's recommended to set this to
%% only `{allowed_protocols, [mtp_secure, mtp_fake_tls]}` because those
%% protocols are more resistant to DPI detection. Connections by other
%% protocols will be immediately disallowed.
{allowed_protocols, [mtp_fake_tls, mtp_secure, mtp_abridged, mtp_intermediate]},
%% Connection policies.
%% See README.md for documentation
%% {policy,
%% [{in_table, tls_domain, allowed_domains},
%% {not_in_table, [client_ipv4], banned_ips},
%% {max_connections, [port_name, tls_domain], 15}
%% ]},
{init_dc_connections, 2},
{clients_per_dc_connection, 300},
%% List of enabled replay-attack checks. See
%% https://habr.com/ru/post/452144/
%% session_storage - store last used 1st client packets in special
%% storage, drop connections with same 1st packet
%% Values: on/off
%% Default: off
{replay_check_session_storage, on},
%% server_error_filter - drop server error responses.
%% Values:
%% first - drop server error only if it's 1st server packet
%% on - drop all server error packets
%% off - don't drop server errors
%% Default: off
{replay_check_server_error_filter, first},
%% Options for `mtp_session_storage` replay attack check
%% Those settings are not precise! They are checked not in realtime, but
%% once per minute.
{replay_check_session_storage_opts,
#{%% Start to remove oldest items if there are more than max_items
%% records in the storage
max_items => 4000000,
%% Start to remove oldest items if storage occupies more than
%% `max_memory_mb` megabytes of memory
%% One session uses ~130-150bytes on 64bit linux;
%% 1Gb will be enough to store ~8mln sessions, which is
%% 24 hours of ~90 connections per second
max_memory_mb => 512,
%% Remove items used for the last time more than `max_age_minutes`
%% minutes ago.
%% Less than 10 minutes doesn't make much sense
max_age_minutes => 360}}
%% Should be module with function `notify/4' exported.
%% See mtp_metric:notify/4 for details
%% {metric_backend, my_metric_backend},
%% User-space recv socket buffer sizes. Set to higher if you have
%% enough RAM
%% {upstream_socket_buffer_size, 51200}, %50kb
%% {downstream_socket_buffer_size, 512000}, %500kb
%% Where to fetch telegram proxy configuration
%% Mostly used to testing
%% {proxy_secret_url, "https://core.telegram.org/getProxySecret"},
%% {proxy_config_url, "https://core.telegram.org/getProxyConfig"},
%% Upstream self-healthchecks tuning
%% {upstream_healthchecks,
%% [{qlen, 300}, % if queue length >X - close connection
%% {gc, 409600}, % if connection memory >X - do garbage collection
%% {total_mem, 3145728} % if connection memory >X - close connection
%% ]},
%% Downstream backpressure tuning
%% Values are configured per downstream connection, so, for example, if
%% `clients_per_dc_connection' is 300 and current number of connections
%% is 60,000, then there will be 200 downstream connections, each will
%% keep reading data from it's socket unless there is 10mb of data or
%% 600 packets not yet delivered by it's upstreams to clients
%% `*_per_upstream' options are the same, but will be multiplied by the
%% number of upstreams currently connected to this downstream
%% {downstream_backpressure,
%% #{%% 10mb; if not specified, it's 30kb * clients_per_dc_connection
%% bytes_total => 10485760,
%% %% if not specified, it's 2 * clients_per_dc_connection
%% packets_total => 600,
%% %% integer >= 1024
%% %% if not specified this check is skipped
%% bytes_per_upstream => 51200, %50kb
%% %% float >= 1
%% %% if not specified this check is skipped
%% packets_per_upstream => 3}}
]},
{modules, []},
{licenses, ["Apache 2.0"]},
{links, [{"GitHub", "https://github.com/seriyps/mtproto_proxy"}]}
]}.