Using Your Ubuntu Server As Telegram Proxy (MTProxy Snap)

Telegram is great, especially because it helps one stay away from the distractions that WhatsApp brings with it. Its unfortunately blocked in Pakistan, due to unknown reason but likely not related to censorship, given WhatsApp, Signal and every other messaging app works just fine.

The good news is Telegram upstream have their own proxy protocol and an implementation (https://github.com/TelegramMessenger/MTProxy), which seems to work well. I published MTProxy as a snap (https://snapcraft.io/mtproxy) yesterday, so thought it would make sense to share how others could setup their own proxy. This guide, will of course help me as a future reference as well.

So lets get started by installing MTProxy

snap install mtproxy

Due to security reasons, mtproxy drops privileges (if run as root) by calling setuid(), something a strictly confined snap does not allow due to security reasons, so my workaround was to create a new user on the server, so that mtproxy does not try to drop privileges.

So lets setup a new user and download proxy configurations from Telegram servers, more details: https://github.com/TelegramMessenger/MTProxy#running

useradd mtproxy -m
su - mtproxy
mkdir proxyconfig
curl -s https://core.telegram.org/getProxySecret -o proxyconfig/proxy-secret
curl -s https://core.telegram.org/getProxyConfig -o proxyconfig/proxy-multi.conf

Now lets exit the mtproxy user shell and create a secret to be used later by Telegram client apps

exit
head -c 16 /dev/urandom | xxd -ps

Now we create a systemd service so that our proxy runs in the background and starts automatically whenever the server is restarted. Open the below file for editing using nano (or the editor of your choice) and paste the below configuration.
Note: you must replace the random string that was generated in previous step with “my_secret” in below config.

sudo nano /etc/systemd/system/mtproxy.sevice
 [Unit]  
 Description=MTProxy  
 After=network.target  
 [Service]  
 Type=simple  
 User=mtproxy  
 WorkingDirectory=/home/mtproxy/proxyconfig  
 ExecStart=/snap/bin/mtproxy -u mtproxy -p 8888 -H 8000 -S my_secret --aes-pwd proxy-secret proxy-multi.conf -M 1  
 Restart=on-failure  
 [Install]  
 WantedBy=multi-user.target

Lets now start the service

systemctl enable mtproxy
systemctl start mtproxy

That’s it, we are done, you now have the Telegram proxy setup and (hopefully) working.

NOTE: This was only tested on DigitalOcean droplet, so your mileage may vary.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s