From 7002a97b163ca3e45995b46e45fc868723513af9 Mon Sep 17 00:00:00 2001 From: Alex Doe Date: Mon, 11 Jun 2018 01:50:44 +0200 Subject: [PATCH 1/3] Updated submodule MTProxy Added Microbadger badge --- .gitmodules | 2 +- MTProxy | 2 +- README.md | 14 +++++++++----- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.gitmodules b/.gitmodules index 070ea20..1b04b8f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "MTProxy"] path = MTProxy - url = git@github.com:TelegramMessenger/MTProxy.git + url = https://github.com/TelegramMessenger/MTProxy.git diff --git a/MTProxy b/MTProxy index 20824f5..f9158e3 160000 --- a/MTProxy +++ b/MTProxy @@ -1 +1 @@ -Subproject commit 20824f5fa8af3939e667fba5c1785f02059c1c43 +Subproject commit f9158e3129efd4ccdc291aefb840209791226a77 diff --git a/README.md b/README.md index 3e70802..37024e8 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,13 @@ The Telegram Messenger MTProto proxy is a zero-configuration container that automatically sets up a proxy server that speaks Telegram's native MTProto. +[![](https://images.microbadger.com/badges/image/homdx/mtproxy.svg)](https://microbadger.com/images/homdx/mtproxy "Get your own image badge on microbadger.com") + +[![](https://images.microbadger.com/badges/version/homdx/mtproxy.svg)](https://microbadger.com/images/homdx/mtproxy "Get your own version badge on microbadger.com") + ## Quick reference To start the proxy all you need to do is -`docker run -d -p443:443 --name=mtproxy --restart=always -v ./config:/data alexdoesh/mtproxy:latest` +`docker run -d -p443:443 --name=mtproxy --restart=always -v ./config:/data homdx/mtproxy:latest` The container's log output (`docker logs mtproxy`) will contain the links to paste into the Telegram app: @@ -28,19 +32,19 @@ Once your MTProxy server is up and running go to [@MTProxybot](https://t.me/mtpr ## Custom configuration If you need to specify a custom secret (say, if you are deploying multiple proxies with DNS load-balancing), you may pass the SECRET environment variable as 16 bytes in lower-case hexidecimals.: -`docker run -d -p443:443 -v ./config:/data -e SECRET=00baadf00d15abad1deaa51sbaadcafe alexdoesh/mtproxy:latest` +`docker run -d -p443:443 -v ./config:/data -e SECRET=00baadf00d15abad1deaa51sbaadcafe homdx/mtproxy:latest` The proxy may be configured to accept up to 16 different secrets. You may specify them explicitly as comma-separated hex strings in the SECRET environment variable, or you may let the container generate the secrets automatically using the SECRET_COUNT variable to limit the number of generated secrets. `docker run -d -p443:443 -v ./config:/data -e SECRET=935ddceb2f6bbbb78363b224099f75c8,2084c7e58d8213296a3206da70356c81 telegrammessenger/proxy:latest` -`docker run -d -p443:443 -v ./config:/data -e SECRET_COUNT=4 alexdoesh/mtproxy:latest` +`docker run -d -p443:443 -v ./config:/data -e SECRET_COUNT=4 homdx/mtproxy:latest` A custom advertisement tag may be provided using the TAG environment variable: -`docker run -d -p443:443 -v ./configg:/data -e TAG=3f40462915a3e6026a4d790127b95ded alexdoesh/mtproxy:latest`. +`docker run -d -p443:443 -v ./config:/data -e TAG=3f40462915a3e6026a4d790127b95ded homdx/mtproxy:latest`. Please note that the tag is not persistent: you'll have to provide it as an environment variable every time you run an MTProto proxy container. A single worker process is expected to handle tens of thousands of clients on a modern CPU. For best performance we artificially limit the proxy to 60000 connections per core and run two workers by default. If you have many clients, be sure to adjust the WORKERS variable: -`docker run -d -p443:443 -v ./config:/data -e WORKERS=16 alexdoesh/mtproxy:latest` +`docker run -d -p443:443 -v ./config:/data -e WORKERS=16 homdx/mtproxy:latest` ## Monitoring The MTProto proxy server exports internal statistics as tab-separated values over the http://localhost:2398/stats endpoint. Please note that this endpoint is available only from localhost: depending on your configuration, you may need to collect the statistics with `docker exec mtproto-proxy curl http://localhost:2398/stats`. From 373f6b4b444516a9073532de1270c1782a29d397 Mon Sep 17 00:00:00 2001 From: homdx <37062532+homdx@users.noreply.github.com> Date: Wed, 3 Oct 2018 00:07:49 +0300 Subject: [PATCH 2/3] Security fix: Remote Code Execution in apk manager https://justi.cz/security/2018/09/13/alpine-apk-rce.html --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 9c99ec5..8bf4902 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,7 @@ LABEL maintainer="Alex Doe " \ description="Telegram Messenger MTProto zero-configuration proxy server." RUN apk add --no-cache curl \ + && apk --no-cache upgrade apk \ && ln -s /usr/lib/libcrypto.so.41 /usr/lib/libcrypto.so.1.0.0 # alpine:3.7 will need symlink to libcrypto.so.42 From b1ca7d2dcd7d1787be7cb73b84043401d8d7f0ba Mon Sep 17 00:00:00 2001 From: homdx <37062532+homdx@users.noreply.github.com> Date: Wed, 3 Oct 2018 00:17:39 +0300 Subject: [PATCH 3/3] Security fix: Remote Code Execution in apk manager https://justi.cz/security/2018/09/13/alpine-apk-rce.html --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8bf4902..ba16d3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,8 @@ LABEL maintainer="Alex Doe " \ description="Telegram Messenger MTProto zero-configuration proxy server." RUN apk add --no-cache curl \ - && apk --no-cache upgrade apk \ + && apk update \ + && apk upgrade apk --no-cache \ && ln -s /usr/lib/libcrypto.so.41 /usr/lib/libcrypto.so.1.0.0 # alpine:3.7 will need symlink to libcrypto.so.42