Back to Home

MTProto proxy with Fake TLS: Bypassing Telegram Blocks on VPS

Learn how to quickly deploy your own MTProto proxy with Fake TLS on VPS using Docker. Detailed guide for stable and secure access to Telegram, bypassing any blocks.

Deploying MTProto proxy with Fake TLS to bypass Telegram blocks
Advertisement 728x90

# Deploying an MTProto Proxy with Fake TLS: A Comprehensive Guide for Stable Telegram Access

In an era of increasing internet censorship and blocking, ensuring stable and secure access to messaging apps has become a top priority for many users. An MTProto proxy, enhanced with Fake TLS technology, offers an effective solution to bypass these restrictions. This guide outlines the process of deploying your own proxy server using Docker and a VPS in just a few minutes. This setup allows you to disguise Telegram traffic as regular HTTPS, making it significantly harder to detect and block.

How MTProto Proxy and Fake TLS Work

MTProto Proxy is a specialized proxy server developed by the Telegram team to provide a secure and encrypted connection. It utilizes the MTProto protocol, optimized for messenger operation, ensuring high speed and resilience against interruptions. Its primary purpose is to route Telegram traffic through an intermediary server, thereby bypassing direct IP address or domain blocks imposed on the messenger.

Fake TLS (Transport Layer Security) is a crucial addition to MTProto Proxy, significantly boosting its effectiveness in environments with active blocking. This technology allows MTProto traffic to be disguised as standard HTTPS traffic, which is typically used for secure connections to websites. A proxy server configured with Fake TLS simulates a regular HTTPS connection to a legitimate domain (e.g., ya.ru or google.com). To external monitoring systems, this traffic appears as ordinary web browsing, making it extremely difficult to detect and filter. A special ee prefix in the MTProto proxy's secret key signals the Telegram client to use Fake TLS mode, providing an additional layer of obfuscation.

Google AdInline article slot

Preparation for Deployment

For a successful MTProto proxy deployment with Fake TLS, several components are required. Choosing a reliable Virtual Private Server (VPS) provider is critically important, as the stability and speed of your proxy depend on it.

Minimum System Requirements for VPS:

  • Operating System: Ubuntu 20.04, 22.04, or 24.04 LTS (Long Term Support) is recommended for its stability and up-to-date packages. However, the script is compatible with other Linux distributions that support Docker.
  • RAM: 512 MB or more. This amount is sufficient for the basic operation of the MTProto proxy Docker container.
  • Disk Space: 5 GB or more. Required for the operating system, Docker, and container logs.
  • Docker Installed: The Docker containerization system is fundamental for running the MTProto proxy in an isolated environment.

Installing Docker on Ubuntu

If Docker is not yet installed on your VPS, execute the following commands. They will update the package list, install necessary dependencies, and the Docker Engine itself.

Google AdInline article slot
sudo apt update && sudo apt upgrade -y
sudo apt install docker.io -y

After Docker installation, it's recommended to check its status with the command sudo systemctl status docker to ensure the service is running and active.

Automated MTProto Proxy Deployment

To simplify the deployment process, a Bash script is provided that automates all steps: from secret generation to launching the Docker container and outputting connection information. This approach minimizes the chance of errors and reduces setup time to just a few minutes.

Creating and Running the Installation Script

  • Create the script file: On your VPS, create a new file, for example, start-mtproxy.sh, using the nano text editor:

```bash

Google AdInline article slot

nano start-mtproxy.sh

```

  • Insert the script code: Copy the following code and paste it into the created file. Save the changes (Ctrl+O, Enter, Ctrl+X).

```bash

#!/bin/bash

Colors for nice output

GREEN='\033[0;32m'

RED='\033[0;31m'

YELLOW='\033[1;33m'

BLUE='\033[0;34m'

NC='\033[0m'

CONTAINER_NAME="mtproto-proxy"

PORT="443"

FAKE_DOMAIN="ya.ru" # Fixed domain for Fake TLS

echo "πŸš€ Starting MTProto proxy with Fake TLS"

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

echo -e "πŸ“Œ Using domain: ${BLUE}${FAKE_DOMAIN}${NC}"

Generate secret for Fake TLS

echo -n "πŸ”‘ Generating Fake TLS secret... "

Get hex of domain ya.ru

DOMAIN_HEX=$(echo -n $FAKE_DOMAIN | xxd -ps | tr -d '\n')

echo -e "\n Domain Hex: ${DOMAIN_HEX}"

Pad with random characters to 30 characters

DOMAIN_LEN=${#DOMAIN_HEX}

NEEDED=$((30 - DOMAIN_LEN))

RANDOM_HEX=$(openssl rand -hex 15 | cut -c1-$NEEDED)

Assemble secret

SECRET="ee${DOMAIN_HEX}${RANDOM_HEX}"

echo -e " Random padding: ${RANDOM_HEX}"

echo -e " Secret: ${YELLOW}${SECRET}${NC}"

echo " Length: ${#SECRET} characters"

Check if port 443 is free

echo -n "πŸ” Checking port ${PORT}... "

if ss -tuln | grep -q ":${PORT} "; then

echo -e "${YELLOW}port occupied${NC}"

# Find alternative port

for alt_port in 8443 8444 8445; do

if ! ss -tuln | grep -q ":${alt_port} "; then

PORT=$alt_port

echo " Using port: ${PORT}"

break

fi

done

else

echo -e "${GREEN}free${NC}"

fi

Stop old container if exists

echo -n "πŸ›‘ Stopping old container... "

sudo docker stop ${CONTAINER_NAME} >/dev/null 2>&1

sudo docker rm ${CONTAINER_NAME} >/dev/null 2>&1

echo -e "${GREEN}done${NC}"

Launch official proxy from Telegram

echo -n "πŸ“¦ Starting container... "

sudo docker run -d \

--name ${CONTAINER_NAME} \

--restart unless-stopped \

-p ${PORT}:443 \

-e SECRET="${SECRET}" \

telegrammessenger/proxy > /dev/null 2>&1

Check result

sleep 3

if sudo docker ps | grep -q ${CONTAINER_NAME}; then

SERVER_IP=$(curl -s ifconfig.me)

echo -e "${GREEN}βœ… SUCCESS${NC}"

echo ""

echo "πŸ“Š CONNECTION INFORMATION:"

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

echo "🌐 Server: ${SERVER_IP}"

echo "πŸ”Œ Port: ${PORT}"

echo "πŸ”‘ Secret: ${SECRET}"

echo "🌐 Fake TLS domain: ${FAKE_DOMAIN}"

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

echo "πŸ”— Telegram link (tap for auto-connect):"

echo -e "${GREEN}tg://proxy?server=${SERVER_IP}&port=${PORT}&secret=${SECRET}${NC}"

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

# Save configuration

cat > ~/mtproto_config.txt << EOF

SERVER=${SERVER_IP}

PORT=${PORT}

SECRET=${SECRET}

DOMAIN=${FAKE_DOMAIN}

LINK=tg://proxy?server=${SERVER_IP}&port=${PORT}&secret=${SECRET}

EOF

echo "βœ… Configuration saved to ~/mtproto_config.txt"

# Show last logs

echo ""

echo "πŸ“‹ Container logs:"

sudo docker logs --tail 5 ${CONTAINER_NAME}

else

echo -e "${RED}❌ ERROR${NC}"

sudo docker logs ${CONTAINER_NAME}

fi

```

  • Make the script executable and run it:

```bash

chmod +x start-mtproxy.sh

./start-mtproxy.sh

```

Script Analysis

The script performs a sequence of actions aimed at quickly and correctly configuring the proxy:

  • Defining the Fake TLS Domain: By default, ya.ru is used. This domain will be simulated by the proxy server to disguise traffic. Experienced users can change FAKE_DOMAIN to another popular resource if desired.
  • Secret Generation: The script generates a unique secret key. It starts with the ee prefix, which is mandatory for activating Fake TLS mode in the Telegram client. Following this prefix, the hexadecimal representation of the chosen FAKE_DOMAIN is added, along with random characters, to achieve a total length of 30 characters. This ensures the uniqueness and security of the secret.
  • Port 443 Availability Check: The standard HTTPS port (443) is preferred for Fake TLS, as its use makes the traffic even less suspicious. The script checks if this port is free. If it's occupied, an alternative port (8443, 8444, or 8445) is automatically selected.
  • Docker Container Management: The script first stops and removes any previously running container named mtproto-proxy to avoid conflicts. Then, a new Docker container is launched using the official telegrammessenger/proxy image. Launch parameters include:

* -d: Runs the container in detached (background) mode.

* --name mtproto-proxy: Assigns a name to the container for easier management.

* --restart unless-stopped: Automatically restarts the container upon failures or VPS reboots.

* -p ${PORT}:443: Maps the external port (determined by the script) to the internal port 443 of the container.

* -e SECRET="${SECRET}": Passes the generated secret to the container as an environment variable.

  • Outputting Connection Information: After successfully launching the container, the script displays the server's IP address, the port used, the generated secret, and a ready-to-use link for automatic connection to the proxy in Telegram. A ~/mtproto_config.txt file containing this information is also created.
  • Status Check: The script verifies if the Docker container is running and outputs the last 5 lines of its logs for quick diagnostics.

You can check the status of the running Docker container at any time using the command:

sudo docker ps

The output should show the mtproto-proxy container with a status of Up.

Connecting to the Proxy in Telegram

After successfully deploying the proxy server, you can easily connect to it within the Telegram client. Two main methods are available:

Automatic Connection (Recommended)

The simplest method is to use the link generated by the script. Simply copy and open the link (e.g., tg://proxy?server=...) in your browser or directly within Telegram. The messenger will automatically prompt you to add and activate the proxy server. Confirm the action by tapping "Add Proxy."

Manual Connection

If automatic connection doesn't work or you prefer manual setup, follow these steps using the information provided by the script (server IP address, port, secret):

  • On Mobile Devices (Android/iOS):

1. Open Telegram and go to "Settings."

2. Select "Data and Storage."

3. Navigate to "Proxy Settings."

4. Tap "Add Proxy" and choose "MTProto" as the type.

5. Enter the server IP address, port, and secret key into the respective fields.

  • On Desktop Clients (Windows/macOS/Linux):

1. Open Telegram and go to "Settings."

2. Select "Advanced" (or "Advanced Settings").

3. Under "Connection type," choose "Use custom proxy."

4. Click "Add Proxy" and select "MTProto" as the type.

5. Enter the server IP address, port, and secret key.

Key Takeaways

  • Traffic Obfuscation: Fake TLS effectively conceals MTProto traffic as regular HTTPS, making it harder to block.
  • Autonomy: Your own proxy on a VPS provides independence from public servers, enhancing stability and security.
  • Ease of Deployment: Using Docker and an automated script allows you to set up the proxy in minutes.
  • Flexibility: The script automatically selects a free port and provides all necessary connection information.
  • Control: You have full control over the infrastructure and can modify the script to suit your needs.

β€” Editorial Team

Advertisement 728x90

Read Next