mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-15 17:16:07 +00:00
feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar (#5076)
* feat(mtproto): add MTProto (FakeTLS) protocol via managed mtg sidecar Xray-core has no mtproto proxy, so mtproto inbounds run as standalone mtg (9seconds/mtg) sidecar processes managed by the panel — one per inbound — and are excluded from the generated Xray config entirely. - model: MTProto protocol constant, validator, and FakeTLS secret helpers (GenerateFakeTLSSecret/HealMtprotoSecret) - mtproto package: per-inbound mtg process manager with reconcile, graceful stop, and best-effort Prometheus traffic scraping - runtime: delegate mtproto inbounds to the mtg manager instead of the Xray gRPC API; skip mtproto when building the Xray config - web: boot reconcile + StopAll wiring, periodic reconcile/traffic job, port-conflict transport, secret healing on inbound add/update - sub: tg:// proxy share-link generation - frontend: protocol option, Zod schema, Protocol tab (FakeTLS domain + regenerable secret), info-modal link, and i18n - provisioning: fetch mtg v2.2.8 in install.sh, DockerInit.sh, and the Linux + Windows release workflows * fix * fix * fix: address Copilot review comments on mtproto PR - web/web.go: create NewMtprotoJob once and reuse for cron + initial run - mtproto/manager.go: StopAll cleans up per-inbound config files on shutdown - mtproto/manager.go: CollectTraffic releases mutex before HTTP scrapes to avoid blocking Ensure/Reconcile/Remove during network I/O - database/model/model.go: panic on crypto/rand failure in mtprotoRandomMiddle instead of silently producing a weak all-zero secret - install.sh: fix chmod to handle renamed bin/mtg-linux-arm on armv5/v6/v7
This commit is contained in:
@@ -3,6 +3,7 @@ import { z } from 'zod';
|
||||
import { HttpInboundSettingsSchema } from './http';
|
||||
import { HysteriaInboundSettingsSchema } from './hysteria';
|
||||
import { MixedInboundSettingsSchema } from './mixed';
|
||||
import { MtprotoInboundSettingsSchema } from './mtproto';
|
||||
import { ShadowsocksInboundSettingsSchema } from './shadowsocks';
|
||||
import { TrojanInboundSettingsSchema } from './trojan';
|
||||
import { TunInboundSettingsSchema } from './tun';
|
||||
@@ -14,6 +15,7 @@ import { WireguardInboundSettingsSchema } from './wireguard';
|
||||
export * from './http';
|
||||
export * from './hysteria';
|
||||
export * from './mixed';
|
||||
export * from './mtproto';
|
||||
export * from './shadowsocks';
|
||||
export * from './trojan';
|
||||
export * from './tun';
|
||||
@@ -38,5 +40,6 @@ export const InboundSettingsSchema = z.discriminatedUnion('protocol', [
|
||||
z.object({ protocol: z.literal('mixed'), settings: MixedInboundSettingsSchema }),
|
||||
z.object({ protocol: z.literal('tunnel'), settings: TunnelInboundSettingsSchema }),
|
||||
z.object({ protocol: z.literal('tun'), settings: TunInboundSettingsSchema }),
|
||||
z.object({ protocol: z.literal('mtproto'), settings: MtprotoInboundSettingsSchema }),
|
||||
]);
|
||||
export type InboundSettings = z.infer<typeof InboundSettingsSchema>;
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
// MTProto (Telegram) inbound. Served by an mtg sidecar process, not Xray, so
|
||||
// it has no clients and no stream settings. `secret` is the FakeTLS secret
|
||||
// (ee-prefixed); the backend rebuilds it to match `fakeTlsDomain` on save.
|
||||
export const MtprotoInboundSettingsSchema = z.object({
|
||||
fakeTlsDomain: z.string().default('www.cloudflare.com'),
|
||||
secret: z.string().default(''),
|
||||
});
|
||||
export type MtprotoInboundSettings = z.infer<typeof MtprotoInboundSettingsSchema>;
|
||||
Reference in New Issue
Block a user