# Deploying an MTProto Proxy with Fake TLS: A Comprehensive Guide for Stable Telegram Access
In an era of increasing internet censorship and blocking, ensuring stable and secure access to messaging apps has become a top priority for many users. An MTProto proxy, enhanced with Fake TLS technology, offers an effective solution to bypass these restrictions. This guide outlines the process of deploying your own proxy server using Docker and a VPS in just a few minutes. This setup allows you to disguise Telegram traffic as regular HTTPS, making it significantly harder to detect and block.
How MTProto Proxy and Fake TLS Work
MTProto Proxy is a specialized proxy server developed by the Telegram team to provide a secure and encrypted connection. It utilizes the MTProto protocol, optimized for messenger operation, ensuring high speed and resilience against interruptions. Its primary purpose is to route Telegram traffic through an intermediary server, thereby bypassing direct IP address or domain blocks imposed on the messenger.
Fake TLS (Transport Layer Security) is a crucial addition to MTProto Proxy, significantly boosting its effectiveness in environments with active blocking. This technology allows MTProto traffic to be disguised as standard HTTPS traffic, which is typically used for secure connections to websites. A proxy server configured with Fake TLS simulates a regular HTTPS connection to a legitimate domain (e.g., ya.ru or google.com). To external monitoring systems, this traffic appears as ordinary web browsing, making it extremely difficult to detect and filter. A special ee prefix in the MTProto proxy's secret key signals the Telegram client to use Fake TLS mode, providing an additional layer of obfuscation.
Preparation for Deployment
For a successful MTProto proxy deployment with Fake TLS, several components are required. Choosing a reliable Virtual Private Server (VPS) provider is critically important, as the stability and speed of your proxy depend on it.
Minimum System Requirements for VPS:
- Operating System: Ubuntu 20.04, 22.04, or 24.04 LTS (Long Term Support) is recommended for its stability and up-to-date packages. However, the script is compatible with other Linux distributions that support Docker.
- RAM: 512 MB or more. This amount is sufficient for the basic operation of the MTProto proxy Docker container.
- Disk Space: 5 GB or more. Required for the operating system, Docker, and container logs.
- Docker Installed: The Docker containerization system is fundamental for running the MTProto proxy in an isolated environment.
Installing Docker on Ubuntu
If Docker is not yet installed on your VPS, execute the following commands. They will update the package list, install necessary dependencies, and the Docker Engine itself.
sudo apt update && sudo apt upgrade -y
sudo apt install docker.io -y
After Docker installation, it's recommended to check its status with the command sudo systemctl status docker to ensure the service is running and active.
Automated MTProto Proxy Deployment
To simplify the deployment process, a Bash script is provided that automates all steps: from secret generation to launching the Docker container and outputting connection information. This approach minimizes the chance of errors and reduces setup time to just a few minutes.
Creating and Running the Installation Script
- Create the script file: On your VPS, create a new file, for example,
start-mtproxy.sh, using thenanotext editor:
```bash
nano start-mtproxy.sh
```
- Insert the script code: Copy the following code and paste it into the created file. Save the changes (Ctrl+O, Enter, Ctrl+X).
```bash
#!/bin/bash
Colors for nice output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
CONTAINER_NAME="mtproto-proxy"
PORT="443"
FAKE_DOMAIN="ya.ru" # Fixed domain for Fake TLS
echo "π Starting MTProto proxy with Fake TLS"
echo "ββββββββββββββββββββββββββββββ"
echo -e "π Using domain: ${BLUE}${FAKE_DOMAIN}${NC}"
Generate secret for Fake TLS
echo -n "π Generating Fake TLS secret... "
Get hex of domain ya.ru
DOMAIN_HEX=$(echo -n $FAKE_DOMAIN | xxd -ps | tr -d '\n')
echo -e "\n Domain Hex: ${DOMAIN_HEX}"
Pad with random characters to 30 characters
DOMAIN_LEN=${#DOMAIN_HEX}
NEEDED=$((30 - DOMAIN_LEN))
RANDOM_HEX=$(openssl rand -hex 15 | cut -c1-$NEEDED)
Assemble secret
SECRET="ee${DOMAIN_HEX}${RANDOM_HEX}"
echo -e " Random padding: ${RANDOM_HEX}"
echo -e " Secret: ${YELLOW}${SECRET}${NC}"
echo " Length: ${#SECRET} characters"
Check if port 443 is free
echo -n "π Checking port ${PORT}... "
if ss -tuln | grep -q ":${PORT} "; then
echo -e "${YELLOW}port occupied${NC}"
# Find alternative port
for alt_port in 8443 8444 8445; do
if ! ss -tuln | grep -q ":${alt_port} "; then
PORT=$alt_port
echo " Using port: ${PORT}"
break
fi
done
else
echo -e "${GREEN}free${NC}"
fi
Stop old container if exists
echo -n "π Stopping old container... "
sudo docker stop ${CONTAINER_NAME} >/dev/null 2>&1
sudo docker rm ${CONTAINER_NAME} >/dev/null 2>&1
echo -e "${GREEN}done${NC}"
Launch official proxy from Telegram
echo -n "π¦ Starting container... "
sudo docker run -d \
--name ${CONTAINER_NAME} \
--restart unless-stopped \
-p ${PORT}:443 \
-e SECRET="${SECRET}" \
telegrammessenger/proxy > /dev/null 2>&1
Check result
sleep 3
if sudo docker ps | grep -q ${CONTAINER_NAME}; then
SERVER_IP=$(curl -s ifconfig.me)
echo -e "${GREEN}β SUCCESS${NC}"
echo ""
echo "π CONNECTION INFORMATION:"
echo "ββββββββββββββββββββββββββββββ"
echo "π Server: ${SERVER_IP}"
echo "π Port: ${PORT}"
echo "π Secret: ${SECRET}"
echo "π Fake TLS domain: ${FAKE_DOMAIN}"
echo "ββββββββββββββββββββββββββββββ"
echo "π Telegram link (tap for auto-connect):"
echo -e "${GREEN}tg://proxy?server=${SERVER_IP}&port=${PORT}&secret=${SECRET}${NC}"
echo "ββββββββββββββββββββββββββββββ"
# Save configuration
cat > ~/mtproto_config.txt << EOF
SERVER=${SERVER_IP}
PORT=${PORT}
SECRET=${SECRET}
DOMAIN=${FAKE_DOMAIN}
LINK=tg://proxy?server=${SERVER_IP}&port=${PORT}&secret=${SECRET}
EOF
echo "β Configuration saved to ~/mtproto_config.txt"
# Show last logs
echo ""
echo "π Container logs:"
sudo docker logs --tail 5 ${CONTAINER_NAME}
else
echo -e "${RED}β ERROR${NC}"
sudo docker logs ${CONTAINER_NAME}
fi
```
- Make the script executable and run it:
```bash
chmod +x start-mtproxy.sh
./start-mtproxy.sh
```
Script Analysis
The script performs a sequence of actions aimed at quickly and correctly configuring the proxy:
- Defining the Fake TLS Domain: By default,
ya.ruis used. This domain will be simulated by the proxy server to disguise traffic. Experienced users can changeFAKE_DOMAINto another popular resource if desired. - Secret Generation: The script generates a unique secret key. It starts with the
eeprefix, which is mandatory for activating Fake TLS mode in the Telegram client. Following this prefix, the hexadecimal representation of the chosenFAKE_DOMAINis added, along with random characters, to achieve a total length of 30 characters. This ensures the uniqueness and security of the secret. - Port 443 Availability Check: The standard HTTPS port (443) is preferred for Fake TLS, as its use makes the traffic even less suspicious. The script checks if this port is free. If it's occupied, an alternative port (8443, 8444, or 8445) is automatically selected.
- Docker Container Management: The script first stops and removes any previously running container named
mtproto-proxyto avoid conflicts. Then, a new Docker container is launched using the officialtelegrammessenger/proxyimage. Launch parameters include:
* -d: Runs the container in detached (background) mode.
* --name mtproto-proxy: Assigns a name to the container for easier management.
* --restart unless-stopped: Automatically restarts the container upon failures or VPS reboots.
* -p ${PORT}:443: Maps the external port (determined by the script) to the internal port 443 of the container.
* -e SECRET="${SECRET}": Passes the generated secret to the container as an environment variable.
- Outputting Connection Information: After successfully launching the container, the script displays the server's IP address, the port used, the generated secret, and a ready-to-use link for automatic connection to the proxy in Telegram. A
~/mtproto_config.txtfile containing this information is also created. - Status Check: The script verifies if the Docker container is running and outputs the last 5 lines of its logs for quick diagnostics.
You can check the status of the running Docker container at any time using the command:
sudo docker ps
The output should show the mtproto-proxy container with a status of Up.
Connecting to the Proxy in Telegram
After successfully deploying the proxy server, you can easily connect to it within the Telegram client. Two main methods are available:
Automatic Connection (Recommended)
The simplest method is to use the link generated by the script. Simply copy and open the link (e.g., tg://proxy?server=...) in your browser or directly within Telegram. The messenger will automatically prompt you to add and activate the proxy server. Confirm the action by tapping "Add Proxy."
Manual Connection
If automatic connection doesn't work or you prefer manual setup, follow these steps using the information provided by the script (server IP address, port, secret):
- On Mobile Devices (Android/iOS):
1. Open Telegram and go to "Settings."
2. Select "Data and Storage."
3. Navigate to "Proxy Settings."
4. Tap "Add Proxy" and choose "MTProto" as the type.
5. Enter the server IP address, port, and secret key into the respective fields.
- On Desktop Clients (Windows/macOS/Linux):
1. Open Telegram and go to "Settings."
2. Select "Advanced" (or "Advanced Settings").
3. Under "Connection type," choose "Use custom proxy."
4. Click "Add Proxy" and select "MTProto" as the type.
5. Enter the server IP address, port, and secret key.
Key Takeaways
- Traffic Obfuscation: Fake TLS effectively conceals MTProto traffic as regular HTTPS, making it harder to block.
- Autonomy: Your own proxy on a VPS provides independence from public servers, enhancing stability and security.
- Ease of Deployment: Using Docker and an automated script allows you to set up the proxy in minutes.
- Flexibility: The script automatically selects a free port and provides all necessary connection information.
- Control: You have full control over the infrastructure and can modify the script to suit your needs.
β Editorial Team
No comments yet.