Telegram is great, especially because it helps one stay away from the distractions that WhatsApp brings with it. Its unfortunately blocked in Pakistan, due to unknown reason but likely not related to censorship, given WhatsApp, Signal and every other messaging app works just fine.
The good news is Telegram upstream have their own proxy protocol and an implementation (https://github.com/TelegramMessenger/MTProxy), which seems to work well. I published MTProxy as a snap (https://snapcraft.io/mtproxy) yesterday, so thought it would make sense to share how others could setup their own proxy. This guide, will of course help me as a future reference as well.
So lets get started by installing MTProxy
snap install mtproxy
Due to security reasons, mtproxy drops privileges (if run as root) by calling setuid(), something a strictly confined snap does not allow due to security reasons, so my workaround was to create a new user on the server, so that mtproxy does not try to drop privileges.
So lets setup a new user and download proxy configurations from Telegram servers, more details: https://github.com/TelegramMessenger/MTProxy#running
useradd mtproxy -m su - mtproxy mkdir proxyconfig curl -s https://core.telegram.org/getProxySecret -o proxyconfig/proxy-secret curl -s https://core.telegram.org/getProxyConfig -o proxyconfig/proxy-multi.conf
Now lets exit the mtproxy user shell and create a secret to be used later by Telegram client apps
exit head -c 16 /dev/urandom | xxd -ps
Now we create a systemd service so that our proxy runs in the background and starts automatically whenever the server is restarted. Open the below file for editing using nano (or the editor of your choice) and paste the below configuration.
Note: you must replace the random string that was generated in previous step with “my_secret” in below config.
sudo nano /etc/systemd/system/mtproxy.sevice
[Unit] Description=MTProxy After=network.target [Service] Type=simple User=mtproxy WorkingDirectory=/home/mtproxy/proxyconfig ExecStart=/snap/bin/mtproxy -u mtproxy -p 8888 -H 8000 -S my_secret --aes-pwd proxy-secret proxy-multi.conf -M 1 Restart=on-failure [Install] WantedBy=multi-user.target
Lets now start the service
systemctl enable mtproxy systemctl start mtproxy
That’s it, we are done, you now have the Telegram proxy setup and (hopefully) working.
NOTE: This was only tested on DigitalOcean droplet, so your mileage may vary.