How to install MTProxy on CentOS 7 linux

Today we are going to show you how to install MTProxy on CentOS 7 linux.

as you may know, MTProto is the Telegram Messenger protocol “designed for access to a server API from applications running on mobile devices”. for more information and technical details, please refer to official telegram documentation.

Here is our environment:

OS: CentOS 7 linux on VMWare.
Firewall: enabled
SElinux: enforcing

1- Install prerequisites

before installing mtproxy, we need to install some packages for compilation, ssl and etc. these packages are available in epel repository.
so first we install epel repository:

# yum update
# yum install openssl-devel zlib-devel perl-core
# yum groupinstall "Development Tools"
# yum update curl nss

2- Upgrade openssl

openssl version needs to be equal 1.1.0 or higher. if it shows you version equal to 1.1.0 or higher, simply skip this step. so first we check version:

# openssl version

and the output will be:

OpenSSL 1.0.2k-fips 26 Jan 2017

so run these commands:

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
# tar -zxf openssl-1.1.1d.tar.gz
# cd openssl-1.1.1d/
# ./config
# make
# make test
# make install

create soft link to libssl:

# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/
# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/

rename old openssl and make soft link to new openssl:

# mv /usr/bin/openssl /usr/bin/openssl.old
# ln -s /usr/local/bin/openssl /usr/bin/openssl

finally check openssl version again, it must show 1.1.0:

# openssl version
OpenSSL 1.1.1d 10 Sep 2019

3- Install MTproxy

first install git:

# yum install git

then download mtproxy from github:

# cd /opt/
# git clone https://github.com/TelegramMessenger/MTProxy.git
# cd MTProxy

then open Makefile:

# vim Makefile

find this line:

CFLAGS = $(ARCH) -O3 -std=gnu11 -Wall -mpclmul -march=core2 -mfpmath=sse -mssse3 -fno-strict-aliasing -fno-strict-overflow -fwrapv -DAES=1 -DCOMMIT=\"${COMMIT}\" -D_GNU_SOURCE=1 -D_FILE_OFFSET_BITS=64

and add this line to the end of above line:

-I/usr/local/src/openssl-1.1.1d/include/openssl -I/usr/local/src/openssl-1.1.1d/include/

again find this line:

LDFLAGS = $(ARCH) -ggdb -rdynamic -lm -lrt -lcrypto -lz -lpthread -lcrypto

and add this line to the end of above line:

-L/usr/local/src/openssl-1.1.1d/

save changes. then execute make command:

# make

it should not show any error after make completion.

4- Configure MTProxy
to connect to telegram servers, we need to obtain a secret. so run this command:

# curl -s https://core.telegram.org/getProxySecret -o proxy-secret

also we need to obtain telegram configuration for our mtproxy server. so run this command:

# curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf

Note: it’s highly recommended to update this config file once a day.
now, for users to connect to our mtproxy, we should generate a secret. so run this command:

# head -c 16 /dev/urandom | xxd -ps

and the output will be something like this:

b616b1c550f8fcce0a34465e0909b825

5- Random Padding

Because some ISPs, detect MTProxy traffic by packet size, it’s better to enable random padding. to enable it, “dd” string must be added to the start of secret in telegram client.
so here, our secret will be set in telegram client as:

ddb616b1c550f8fcce0a34465e0909b825

6- Systemd service

to run MTProxy as a service, first we create service file:

# vim /lib/systemd/system/MTProxy.service

then put these lines in it:

[Unit]
Description=MTProxy
After=network.target

[Service]
Type=simple
WorkingDirectory=/opt/MTProxy
ExecStart=/opt/MTProxy/objs/bin/mtproto-proxy -u nobody -p 8888 -H 443 -S b616b1c550f8fcce0a34465e0909b825 --aes-pwd proxy-secret proxy-multi.conf -M 1
Restart=on-failure

[Install]
WantedBy=multi-user.target

Note: you can replace b616b1c550f8fcce0a34465e0909b825 with your own secret.
then reload systemctl daemon:

# systemctl daemon-reload

finally enable mtproxy service:

# systemctl enable MTProxy.service

7- Configure firewall

we need to open port 443 and 8888 on firewall. so run these commands:

# firewall-cmd --add-port=443/tcp --permanent
# firewall-cmd --add-port=8888/tcp --permanent

then reload firewall:

# firewall-cmd --reload

8- Start MTproxy service

finally, start mtproxy service by running:

# systemctl start MTProxy.service

now in telegram client, add new proxy and select MTProxy type, enter server ip address and port 443 and secret. remember to add “dd” string to start of secret.