Production-ready, security-focused MTProto Proxy for Telegram with minimal attack surface.
Important
This is the official Telegram MTProto proxy, not third-party implementations. Fully compatible with all Telegram clients
Tip
Use TLS mode (-D flag) to make traffic indistinguishable from HTTPS - recommended for censored networksđź’ˇ
Important
UID/GID is set to 10480 - prevents conflicts with system users and follows security best practices
DOMAIN="cloudflare.com"
DOMAIN_HEX=$(echo -n cloudflare.com | xxd -ps)
RANDOM_HEX=$(head -c 16 /dev/urandom | xxd -ps)
EXTERNAL_IP=$(curl -s ifconfig.me)
INTERNAL_IP=172.17.0.2 # your container local IP
docker run -d \
--name mtproxy \
-p 443:3478 \
-p 8888:8888 \
ammnt/mtproxy:slim \
--nat-info $INTERNAL_IP:$EXTERNAL_IP \
-S $RANDOM_HEX \
-D $DOMAIN
echo "Your secret key: ee${RANDOM_HEX}${DOMAIN_HEX}"services:
mtproxy:
image: ammnt/mtproxy:slim
container_name: mtproxy
restart: unless-stopped
ports:
- "443:3478"
- "8888:8888"
command:
- "--nat-info"
- "172.17.0.2:${EXTERNAL_IP}"
- "-S"
- "${RANDOM_HEX}"
- "-D"
- "${DOMAIN}"
environment:
- EXTERNAL_IP=${EXTERNAL_IP}
- RANDOM_HEX=${RANDOM_HEX}
- DOMAIN=${DOMAIN}https://docs.docker.com/engine/security/rootless/
- Distroless base - built from
scratchwith zero bloat, no shell, no package manager - Minimal attack surface - only the binary and shared libraries in the final image
- Rootless by design - runs as non-root user
mtproxy(UID/GID 10480) - CIS Docker Benchmark - follows industry security best practices
- Stripped symbols - no debugging information in production
- UPX compressed - minimal memory footprint with fast decompression
- Pinned dependencies - exact versions for all build packages
- Minimal layers - optimized Docker layer caching
- Efficient logging - direct to stdout for container integration
- Graceful shutdown - SIGQUIT handling for connection draining
- Comprehensive labels - full OCI metadata compliance
Found an issue or have an improvement?
This project is open source and maintained with ❤️ by ammnt
Based on the official Telegram MTProxy under GPLv2 license.