Update readme and app.src default config

* Add link to telegram group * Simplify private proxy examples * More performace tips * Change order of options in app.src to more logical

Update readme and app.src default config
* Add link to telegram group * Simplify private proxy examples * More performace tips * Change order of options in app.src to more logical
21d6a7a5 · Sergey Prokhorov · 047193d8 · 21d6a7a5 · 21d6a7a5 · 21d6a7a5
Unverified Commit 21d6a7a5 authored Oct 14, 2019 by Sergey Prokhorov
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 26 deletions

README.md README.md +11 -10

sys.config.example config/sys.config.example +3 -1

mtproto_proxy.app.src src/mtproto_proxy.app.src +15 -15

No files found.
--- a/README.md
+++ b/README.md
@@ -3,6 +3,8 @@ Erlang mtproto proxy

 This part of code was extracted from [@socksy_bot](https://t.me/socksy_bot).

+Support: https://t.me/erlang_mtproxy .
+
 Features
 --------

@@ -402,22 +404,18 @@ with fake-TLS domains from whitelist.
     <..>
 ```

-Now we can assign each customer unique fake-TLS domain and give them unique TLS secret.
+Now we can assign each customer unique fake-TLS domain, eg, `my-client1.example.com`
+and give them unique TLS secret.
 Because we only allow 10 connections with single fake-TLS secret, they will not be able to
-share their credentials with others:
+share their credentials with others. To add client's fake domain to whitelist:

 ```bash
 /opt/mtp_proxy/bin/mtp_proxy eval '
-PortName = mtp_handler_1,
-{ok, ProxySecret} = mtproto_proxy_app:get_port_secret(PortName),
-NumRecords = mtp_policy_table:table_size(customer_domains),
-SubDomain = mtp_handler:hex(<<NumRecords:16, (crypto:strong_rand_bytes(4))/binary>>),
-Domain = <<SubDomain/binary, ".google.com">>,
-mtp_policy_table:add(customer_domains, tls_domain, Domain),
-Secret = mtp_fake_tls:format_secret_hex(ProxySecret, Domain),
-io:format("Secret: ~s;\nDomain: ~s\n", [Secret, Domain]).'
+mtp_policy_table:add(customer_domains, tls_domain, "my-client1.example.com").'
 ```

+And then use http://seriyps.ru/mtpgen.html to generate unique link for them.
+
 ### IPv6

 Currently proxy only supports client connections via IPv6, but can only connect to Telegram servers
@@ -458,6 +456,9 @@ If your server have low amount of RAM, try to set
 {upstream_socket_buffer_size, 5120},
 {downstream_socket_buffer_size, 51200},
 {replay_check_session_storage, off},
+{init_timeout_sec, 10},
+{hibernate_timeout_sec, 30},
+{ready_timeout_sec, 120},  % close connection after 2min of inactivity
 ```

 this may make proxy slower, it can start to consume bit more CPU, will be vulnerable to replay attacks,

--- a/config/sys.config.example
+++ b/config/sys.config.example
@@ -2,8 +2,9 @@
 [
 {mtproto_proxy,
  %% see src/mtproto_proxy.app.src for examples.
-  %% DO NOT EDIT src/mtproto_proxy.app.src!!!
  [
+   %% PUT YOUR CUSTOM SETTINGS BELOW vvvvv
+
   %% {ports,
   %%  [#{name => mtp_handler_1,
   %%     listen_ip => "0.0.0.0",
@@ -11,6 +12,7 @@
   %%     secret => <<"d0d6e111bada5511fcce9584deadbeef">>,
   %%     tag => <<"dcbe8f1493fa4cd9ab300891c0b5b326">>}
   %%  ]}
+   %% ^^^^^ END
   ]},

 %% Logging config

--- a/src/mtproto_proxy.app.src
+++ b/src/mtproto_proxy.app.src
@@ -70,21 +70,6 @@
        {init_dc_connections, 2},
        {clients_per_dc_connection, 300},

-        %% List of enabled replay-attack checks. See
-        %% https://habr.com/ru/post/452144/
-        %% session_storage - store last used 1st client packets in special
-        %% storage, drop connections with same 1st packet
-        %% Values: on/off
-        %% Default: off
-        {replay_check_session_storage, on},
-        %% server_error_filter - drop server error responses.
-        %% Values:
-        %%     first - drop server error only if it's 1st server packet
-        %%     on - drop all server error packets
-        %%     off - don't drop server errors
-        %% Default: off
-        {replay_check_server_error_filter, first},
-
        %% This option controls how proxy closes client sockets
        %% (SO_LINGER timeout=0 socket option)
        %% Can be useful if you have too many connection attempts with wrong
@@ -100,6 +85,21 @@
        %% - always - always close socket with RST
        {reset_close_socket, off},

+        %% server_error_filter - drop server error responses.
+        %% Values:
+        %%     first - drop server error only if it's 1st server packet
+        %%     on - drop all server error packets
+        %%     off - don't drop server errors
+        %% Default: off
+        {replay_check_server_error_filter, first},
+
+        %% List of enabled replay-attack checks. See
+        %% https://habr.com/ru/post/452144/
+        %% session_storage - store last used 1st client packets in special
+        %% storage, drop connections with same 1st packet
+        %% Values: on/off
+        %% Default: off
+        {replay_check_session_storage, on},
        %% Options for `mtp_session_storage` replay attack check
        %% Those settings are not precise! They are checked not in realtime, but
        %% once per minute.