| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 |
- # This is an example of the configuration file for mtg. You actually can
- # run mtg with it. It starts a proxy on all interfaces with a secret
- # ee367a189aee18fa31c190054efd4a8e9573746f726167652e676f6f676c65617069732e636f6d
- #
- # It has all possible options with default values. So, a real world
- # configuration file should contain only those options you are going to
- # use. You do not need to enumerate all of them. In other words, each
- # option here has a default value. If you comment a key-value pair, it
- # should not make any effect.
- #
- # stats is the only exception.
-
- # Debug starts application in debug mode. It starts to be quite verbose
- # in output. Actually, the idea is that you run it in debug mode only if
- # you have any issue.
- debug = false
-
- # A secret. Please remember that mtg supports only FakeTLS mode, legacy
- # simple and secured mode are prohibited. For you it means that secret
- # should either be base64-encoded or starts with ee.
- secret = "ee367a189aee18fa31c190054efd4a8e9573746f726167652e676f6f676c65617069732e636f6d"
-
- # Host:port pair to run proxy on.
- bind-to = "0.0.0.0:3128"
-
- # A size of user-space buffer for TCP to use. Since we do 2 connections,
- # then we have tcp-buffer * (4 + 2) per each connection: read/write for
- # each connection + 2 copy buffers to pump the data between sockets.
- tcp-buffer = "4kb"
-
- # Sometimes you want to enforce mtg to use some types of
- # IP connectivity to Telegram. We have 4 modes:
- # - prefer-ipv6:
- # We can use both ipv4 and ipv6 but ipv6 has a preference
- # - prefer-ipv4:
- # We can use both ipv4 and ipv6 but ipv4 has a preference
- # - only-ipv6:
- # Only ipv6 connectivity is used
- # - only-ipv4:
- # Only ipv4 connectivity is used
- prefer-ips = "prefer-ipv6"
-
- # FakeTLS uses domain fronting protection. So it needs to know a port to
- # access.
- cloak-port = 443
-
- # Path to access file. Each time when proxy starts up, it writes an
- # access file. This file contains a JSON with settings how to access
- # this proxy.
- #
- # Pass filepath here or '-' if you want to dump into stdout.
- access-file = "-"
-
- # FakeTLS can compare timestamps to prevent probes. Each message has
- # encrypted timestamp. So, mtg can compare this timestamp and decide if
- # we need to proceed with connection or not.
- #
- # Please ensure that you have some ntp active on this host. Otherwise,
- # you can endup with badly performing proxy.
- [probes.time]
- # You can enable/disable that. A good idea is always enable.
- enabled = true
- # Time can be skewed by many reasons. So, this is a time interval
- # when message is cosidered as a good one.
- allow-skewness = "5s"
-
- # Some countries do active probing on Telegram connections. This technique
- # allows to protect from such effort.
- #
- # mtg has a cache of some connection fingerprints. Actually, first bytes
- # of each connection. So, it stores them in some in-memory LRU+TTL cache.
- # You can configure this cache here.
- [probes.anti-replay]
- # You can enable/disable this feature.
- enabled = true
- # max size of such a cache. Please be aware that this number is
- # approximate we try hard to store data quite dense but it is possible
- # that we can go over this limit for 10-20% under some conditions and
- # architectures.
- max-size = "16mb"
- # TTL for each cache record.
- ttl = "8h"
-
- # public ip addresses of the server. Actually, it is required only to
- # generate a correct access file. if you use default values here, mtg
- # will try to resolve these IPs on its own.
- [public-ip]
- ipv4 = ""
- ipv6 = ""
-
- # you can redefine a dialer for mtg. Dialer is how we 'dial' to either
- # some external services or telegram. empty string means default
- # connectivity.
- #
- # it is also possible to use socks5 or shadowsocks here
- #
- # socks5 example:
- # socks5://user:password@host:port
- # shadowsocks example (SIP002):
- # ss://YWVzLTEyOC1nY206dGVzdA@192.168.100.1:8888
- #
- # You can define 2 dialers here: telegram and default. Telegram dialer
- # is used to connect to Telegram servers only. Default is used for other
- # purposes, like accessing ifconfig.co to obtains public address (DNS is
- # resolved via DoH)
- #
- # Please also be aware that dialers are only doing TCP. If UDP is
- # required (for statsd for example), then these dialers are going to be
- # ignored.
- #
- # If telegram dialer is not defined, a default one is going to be used.
- [dialers]
- telegram = ""
- default = ""
-
- # statsd statistics integration.
- [stats.statsd]
- # enabled/disabled
- enabled = false
- # host:port for UDP endpoint of statsd
- address = "127.0.0.1:8888"
- # prefix of metric for statsd
- metric-prefix = "mtg"
-
- # prometheus metrics integration.
- [stats.prometheus]
- # enabled/disabled
- enabled = true
- # host:port where to start http server for endpoint
- bind-to = "127.0.0.1:3129"
- # prefix of http path
- http-path = "/"
- # prefix for metrics for prometheus
- metric-prefix = "mtg"
|
