add full guide

2026-03-21 01:02:57 +00:00
parent 8470d7fdf8
commit 0ae2c63991
1 changed files with 143 additions and 0 deletions
--- a/mtproto.md
+++ b/mtproto.md
@@ -0,0 +1,143 @@
 ### 1.Генерация ключа
 ```bash
 docker run --rm nineseconds/mtg:2 generate-secret --hex nextcloud.s.prox07-tg.ru
 Итог: ee5d4504a8802be40de729445e45ec644c6e657874636c6f75642e732e70726f7830372d74672e7275
 ```
 ### 2.Поднятие в докере MTProto + faketls
 docker run -d \
  --name mtproto-proxy \
  --restart unless-stopped \
  -p 443:443 \
  nineseconds/mtg:2 \
  simple-run -n 1.1.1.1 -i prefer-ipv4 0.0.0.0:443 ee5d4504a8802be40de729445e45ec644c6e657874636c6f75642e732e70726f7830372d74672e7275
 ### 3.Настройка sni + балансировка в roundrobin
 файл `/etc/haproxy/haproxy.cfg`:
 ```haproxy
 frontend https_front
    bind *:443
    mode tcp
    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    # Разделение по доменам (SNI)
    use_backend ide_backend if { req_ssl_sni -i ide.prox07-tg.ru }
    use_backend ide_backend if { req_ssl_sni -i proxmox.lord-mikrotik.ru }
    use_backend mtproto_backend if { req_ssl_sni -i nextcloud.s.prox07-tg.ru }
    # Если зашли по IP или левому домену — на Nginx (заглушка)
    default_backend ide_backend
 backend ide_backend
    mode tcp
    server local_nginx 127.0.0.1:4443 # Тут висит Nginx
 backend mtproto_backend
    mode tcp
    balance roundrobin
    #Основные ноды
    server nextcloud 77.232.135.174:7443 check weight 100 inter 2s rise 2 fall 3
    server gitea-matrix 188.225.32.119:9443 check weight 100 inter 2s rise 2 fall 3
    #Резервные ноды
    server dns 45.153.70.57:9443 check backup inter 2s rise 2 fall 3
 ```
 ### 4.Получение сертификатов для поддоменов
 ```bash
 certbot certonly --standalone -d ваш_домен.com
 ```
 ### 5.Пример найтроенного nginx 
 файл ``
 ```nginx
 server {
        listen 80 default_server;
        listen [::]:80 default_server;
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;
        root /var/www/html;
        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
 }
 server {
    listen 4443 ssl;
    server_name nextcloud.s.prox07-tg.ru;
    ssl_certificate /etc/letsencrypt/live/nextcloud.s.prox07-tg.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.s.prox07-tg.ru/privkey.pem;
    # Редирект на другой сервер
    return 301 https://nextcloud.lord-mikrotik.ru$request_uri;
 }
 server {
    listen 4443 ssl http2;
    server_name ide.prox07-tg.ru;
    ssl_certificate /etc/letsencrypt/live/ide.prox07-tg.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ide.prox07-tg.ru/privkey.pem;
    location / {
        proxy_pass http://127.0.0.1:8082; # Порт code-server
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
 }
 server {
    listen 4443 ssl http2;
    server_name proxmox.lord-mikrotik.ru;
    ssl_certificate /etc/letsencrypt/live/proxmox.lord-mikrotik.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/proxmox.lord-mikrotik.ru/privkey.pem;
    location / {
        proxy_pass https://10.135.0.243:8006; # Порт proxmox
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
 }
 ```