add full guide

2026-03-21 01:02:57 +00:00
parent 8470d7fdf8
commit 0ae2c63991
1 changed files with 143 additions and 0 deletions
--- a/mtproto.md
+++ b/mtproto.md
@@ -0,0 +1,143 @@
+### 1.Генерация ключа
+```bash
+docker run --rm nineseconds/mtg:2 generate-secret --hex nextcloud.s.prox07-tg.ru
+Итог: ee5d4504a8802be40de729445e45ec644c6e657874636c6f75642e732e70726f7830372d74672e7275
+```
+### 2.Поднятие в докере MTProto + faketls
+docker run -d \
+  --name mtproto-proxy \
+  --restart unless-stopped \
+  -p 443:443 \
+  nineseconds/mtg:2 \
+  simple-run -n 1.1.1.1 -i prefer-ipv4 0.0.0.0:443 ee5d4504a8802be40de729445e45ec644c6e657874636c6f75642e732e70726f7830372d74672e7275
+### 3.Настройка sni + балансировка в roundrobin
+файл `/etc/haproxy/haproxy.cfg`:
+```haproxy
+frontend https_front
+    bind *:443
+    mode tcp
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    # Разделение по доменам (SNI)
+    use_backend ide_backend if { req_ssl_sni -i ide.prox07-tg.ru }
+    use_backend ide_backend if { req_ssl_sni -i proxmox.lord-mikrotik.ru }
+    use_backend mtproto_backend if { req_ssl_sni -i nextcloud.s.prox07-tg.ru }
+
+    # Если зашли по IP или левому домену — на Nginx (заглушка)
+    default_backend ide_backend
+
+backend ide_backend
+    mode tcp
+    server local_nginx 127.0.0.1:4443 # Тут висит Nginx
+
+backend mtproto_backend
+    mode tcp
+    balance roundrobin
+    #Основные ноды
+    server nextcloud 77.232.135.174:7443 check weight 100 inter 2s rise 2 fall 3
+    server gitea-matrix 188.225.32.119:9443 check weight 100 inter 2s rise 2 fall 3
+    #Резервные ноды
+    server dns 45.153.70.57:9443 check backup inter 2s rise 2 fall 3
+```
+### 4.Получение сертификатов для поддоменов
+```bash
+certbot certonly --standalone -d ваш_домен.com
+```
+### 5.Пример найтроенного nginx 
+файл ``
+```nginx
+server {
+        listen 80 default_server;
+        listen [::]:80 default_server;
+
+        # SSL configuration
+        #
+        # listen 443 ssl default_server;
+        # listen [::]:443 ssl default_server;
+        #
+        # Note: You should disable gzip for SSL traffic.
+        # See: https://bugs.debian.org/773332
+        #
+        # Read up on ssl_ciphers to ensure a secure configuration.
+        # See: https://bugs.debian.org/765782
+        #
+        # Self signed certs generated by the ssl-cert package
+        # Don't use them in a production server!
+        #
+        # include snippets/snakeoil.conf;
+
+        root /var/www/html;
+
+        # Add index.php to the list if you are using PHP
+        index index.html index.htm index.nginx-debian.html;
+
+        server_name _;
+
+        location / {
+                # First attempt to serve request as file, then
+                # as directory, then fall back to displaying a 404.
+                try_files $uri $uri/ =404;
+        }
+
+        # pass PHP scripts to FastCGI server
+        #
+        #location ~ \.php$ {
+        #       include snippets/fastcgi-php.conf;
+        #
+        #       # With php-fpm (or other unix sockets):
+        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+        #       # With php-cgi (or other tcp sockets):
+        #       fastcgi_pass 127.0.0.1:9000;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #       deny all;
+        #}
+}
+
+
+server {
+    listen 4443 ssl;
+    server_name nextcloud.s.prox07-tg.ru;
+
+    ssl_certificate /etc/letsencrypt/live/nextcloud.s.prox07-tg.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/nextcloud.s.prox07-tg.ru/privkey.pem;
+
+    # Редирект на другой сервер
+    return 301 https://nextcloud.lord-mikrotik.ru$request_uri;
+}
+
+server {
+    listen 4443 ssl http2;
+    server_name ide.prox07-tg.ru;
+
+    ssl_certificate /etc/letsencrypt/live/ide.prox07-tg.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ide.prox07-tg.ru/privkey.pem;
+
+    location / {
+        proxy_pass http://127.0.0.1:8082; # Порт code-server
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+}
+
+server {
+    listen 4443 ssl http2;
+    server_name proxmox.lord-mikrotik.ru;
+
+    ssl_certificate /etc/letsencrypt/live/proxmox.lord-mikrotik.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/proxmox.lord-mikrotik.ru/privkey.pem;
+
+    location / {
+        proxy_pass https://10.135.0.243:8006; # Порт proxmox
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+}
+```