Releases · seriyps/mtproto_proxy

11 Apr 23:08

seriyps

0.8.4

0180d7e

0.8.4 — Split-mode, SNI-secrets and reliability improvements Latest

Latest

🆕 New features

Split-mode: front/back node deployment (0.8.4)
Run the Ranch listener (front, domestic server) and DC pool (back, foreign server) as separate Erlang nodes connected via Erlang distribution. Helps bypass DPI that targets direct connections to foreign IPs. See Split-mode setup in the README.

New config key role: both (default) | front | back
New config key back_node (front node): name of the back Erlang node
make ROLE=front|back and make init-config ROLE=front|back build targets
TLS distribution support with scripts/gen_dist_certs.sh helper
Config examples: config/sys.config.{front,back}.example, config/vm.args.{front,back}.example

Per-SNI derived secrets (0.8.3)
Each fake-TLS SNI domain gets a unique 16-byte secret derived from the base secret + SNI + a private salt. Users cannot extract the base secret from their proxy link or forge tokens for other domains.
New config keys: {per_sni_secrets, off | on}, {per_sni_secret_salt, <<"…">>}

Transparent client migration on DC connection death (0.8.3)
When Telegram closes a downstream DC connection, connected clients are silently remapped to a surviving or freshly-spawned replacement connection instead of being dropped.

RPC_PING / RPC_PONG (0.8.3)
Proxy now decodes RPC_PING from Telegram and responds with RPC_PONG, matching the reference C implementation.

TCP keepalives on downstream connections (0.8.3)
KEEPIDLE=40s, KEEPINTVL=40s, KEEPCNT=5 — matches the reference C implementation.

🐛 Bug fixes

TLS decode_error alert on malformed ClientHello / missing SNI (0.8.3): scanners that send structurally invalid ClientHellos now receive a proper TLS fatal alert instead of seeing a silent connection close (which is itself detectable).
RPC protocol flags (0.8.3): FLAG_ABRIDGED / FLAG_INTERMEDIATE / FLAG_PAD are now set correctly per client protocol; previously always sent FLAG_ABRIDGED.
Memory leak in mtp_handler (0.8.2): .hello_acc accumulator was never cleared after handshake, retaining the full ClientHello for the lifetime of the connection.
Noisy error logs on expected DC rotation (0.8.3): when Telegram closes a downstream connection with no active clients, the pool now logs info instead of error.

⚙️ Improvements

DC fallback uses Telegram's declared default DC (0.8.3): mtp_config now parses the default X; line from Telegram's config response; DC pool lookup falls back to the declared default instead of a random choice.
Ranch 1.7 → 2.2 (0.8.2): updated protocol callback and ranch:info/0 usage for Ranch 2.x API.
ETS table for mtp_config changed to protected (0.8.3): only mtp_config writes; all other processes read.

🐳 Docker / infra

Base image upgraded to erlang:27-alpine / alpine:3.22 (0.8.3).

Upgrade notes

Config format is unchanged; role defaults to both so existing single-server deployments need no changes.
Ranch 2.x is now required (updated in rebar.lock); if you vendor deps, re-run rebar3 upgrade ranch.
mtp_config:get_netloc_safe/1 removed (was dead code since 2018).