From 8ecc6bd2ebcce9a84b1e8e39c3d7bcc84dcafd8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9=20=D0=9F=D1=80=D0=BE?= =?UTF-8?q?=D1=85=D0=BE=D1=80=D0=BE=D0=B2?= Date: Sun, 3 Mar 2019 19:48:27 +0100 Subject: [PATCH 1/3] Fix option validation in start.sh --- start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/start.sh b/start.sh index b755948..ab14486 100755 --- a/start.sh +++ b/start.sh @@ -51,7 +51,7 @@ done # if at least one option is set... if [ -n "${PORT}" -o -n "${SECRET}" -o -n "${TAG}" ]; then # If at least one of them not set... - [ -z "${PORT}" -o -z "${SECRET}" -o -z "${SECRET}" ] && \ + [ -z "${PORT}" -o -z "${SECRET}" -o -z "${TAG}" ] && \ error "Not enough options: -p '${PORT}' -s '${SECRET}' -t '${TAG}'" # validate format From 7b3e800dc93f52823d0e38d8817ed3aff88eac5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9=20=D0=9F=D1=80=D0=BE?= =?UTF-8?q?=D1=85=D0=BE=D1=80=D0=BE=D0=B2?= Date: Sun, 3 Mar 2019 20:15:45 +0100 Subject: [PATCH 2/3] Add option to enable dd-only mode from command line --- README.md | 9 +++++---- start.sh | 28 +++++++++++++++++++++------- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ca67d3c..04b1ce1 100644 --- a/README.md +++ b/README.md @@ -40,9 +40,10 @@ docker run -d --network=host -e MTP_PORT=443 -e MTP_SECRET=d0d6e111bada5511fcce9 Where -* `-p 443` / `MTP_PORT` proxy port -* `-s d0d6e111bada5511fcce9584deadbeef` / `MTP_SECRET` proxy secret (don't append `dd`! it should be 32 chars long!) -* `-t dcbe8f1493fa4cd9ab300891c0b5b326` / `MTP_TAG` ad-tag that you get from [@MTProxybot](https://t.me/MTProxybot) +* `-p 443` / `MTP_PORT=…` proxy port +* `-s d0d6e111bada5511fcce9584deadbeef` / `MTP_SECRET=…` proxy secret (don't append `dd`! it should be 32 chars long!) +* `-t dcbe8f1493fa4cd9ab300891c0b5b326` / `MTP_TAG=…` ad-tag that you get from [@MTProxybot](https://t.me/MTProxybot) +* `-d` / `MTP_DD_ONLY=t` only allow "secure" connections (dd-secrets) ### To run with custom config-file @@ -247,6 +248,6 @@ Helpers Number of connections -```erlang +```bash /opt/mtp_proxy/bin/mtp_proxy eval 'lists:sum([proplists:get_value(all_connections, L) || {_, L} <- ranch:info()]).' ``` diff --git a/start.sh b/start.sh index ab14486..5ead358 100755 --- a/start.sh +++ b/start.sh @@ -2,6 +2,7 @@ # Script that helps to overwrite port/secret/ad tag from command line without changing config-files CMD="/opt/mtp_proxy/bin/mtp_proxy foreground" +# CMD="/opt/mtp_proxy/bin/mtp_proxy console" THIS=$0 usage() { @@ -10,13 +11,16 @@ usage() { echo "${THIS}" echo "To start in single-port mode configured from command-line:" echo "${THIS} -p -s -t " + echo "To only allow connections with randomized protocol (dd-secrets):" + echo "${THIS} -d" echo "Parameters:" echo "-p : port to listen on. 1-65535" echo "-s : proxy secret. 32 hex characters 0-9 a-f" - echo "-t : promo tag, that you get from @MTProxybot. 32 hex characters" - echo "port secret and tag can also be configured via environment variables:" - echo "MTP_PORT, MTP_SECRET, MTP_TAG" - echo "If both command line and environment are set, command line have higher priority" + echo "-t : promo tag that you get from @MTProxybot. 32 hex characters" + echo "-d: only allow 'secure' connections (with dd-secret)" + echo "port, secret, tag and secure mode can also be configured via environment variables:" + echo "MTP_PORT, MTP_SECRET, MTP_TAG, MTP_DD_ONLY" + echo "If both command line and environment are set, command line have higher priority." } error() { @@ -29,9 +33,10 @@ error() { PORT=${MTP_PORT:-""} SECRET=${MTP_SECRET:-""} TAG=${MTP_TAG:-""} +DD_ONLY=${MTP_DD_ONLY:-""} # check command line options -while getopts "p:s:t:h" o; do +while getopts "p:s:t:dh" o; do case "${o}" in p) PORT=${OPTARG} @@ -42,12 +47,21 @@ while getopts "p:s:t:h" o; do t) TAG=${OPTARG} ;; + d) + DD_ONLY="y" + ;; h) usage exit 0 esac done +DD_ARG="" + +if [ -n "${DD_ONLY}" ]; then + DD_ARG='-mtproto_proxy allowed_protocols [mtp_secure]' +fi + # if at least one option is set... if [ -n "${PORT}" -o -n "${SECRET}" -o -n "${TAG}" ]; then # If at least one of them not set... @@ -62,7 +76,7 @@ if [ -n "${PORT}" -o -n "${SECRET}" -o -n "${TAG}" ]; then [ -n "`echo $TAG | grep -x '[[:xdigit:]]\{32\}'`" ] || \ error "Invalid tag. Should be 32 chars of 0-9 a-f" - exec $CMD -mtproto_proxy ports "[#{name => mtproto_proxy, port => $PORT, secret => <<\"$SECRET\">>, tag => <<\"$TAG\">>}]" + exec $CMD $DD_ARG -mtproto_proxy ports "[#{name => mtproto_proxy, port => $PORT, secret => <<\"$SECRET\">>, tag => <<\"$TAG\">>}]" else - exec $CMD + exec $CMD $DD_ARG fi From 69d5a18e38882840e9bdb5a26fb07a0171f63bc2 Mon Sep 17 00:00:00 2001 From: Sergey Prokhorov Date: Sat, 8 Jun 2019 22:40:55 +0200 Subject: [PATCH 3/3] Update IP lookup service address --- src/mtproto_proxy.app.src | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mtproto_proxy.app.src b/src/mtproto_proxy.app.src index b1400a1..d586cb5 100644 --- a/src/mtproto_proxy.app.src +++ b/src/mtproto_proxy.app.src @@ -29,7 +29,7 @@ %% `ip_lookup_services' will be tried one-by-one: if 1st is not responding, %% 2nd one will be tried and so on {ip_lookup_services, - ["http://ip.seriyps.ru/", + ["http://ipv4.seriyps.ru/", "https://digitalresistance.dog/myIp", "http://ipv4.myexternalip.com/raw"]}, %% {external_ip, "YOUR.SERVER.EXTERNAL.IP"},