feat(mtproto): adopt dolonet/mtg-multi and make MTProto inbounds multi-client

Replace the upstream 9seconds/mtg sidecar with the dolonet/mtg-multi fork so a single MTProto inbound can serve many per-user secrets. Each panel client is now one named FakeTLS secret in the fork's [secrets] section: clients are first-class (attach/detach, limits, expiry, per-client tg:// links) exactly like every other protocol, mirroring the WireGuard multi-client model. Per-client traffic and online status come from the fork's /stats JSON API (its Prometheus output has no per-user label), fed into the existing email-keyed client_traffics accumulator; an optional throttle caps concurrent connections. A one-time seeder converts each legacy single-secret inbound into a one-client inbound.

The fork ships only linux/darwin amd64/arm64 binaries but is pure Go, so provisioning builds it from source for every supported platform (release.yml, DockerInit.sh) while keeping the panel-expected mtg-<os>-<arch> filename and the 'run' verb, so process.go is untouched. Also fixes a pre-existing update.sh gap that never renamed the mtg binary for armv6/armv7 updates.
This commit is contained in:
MHSanaei
2026-07-06 16:04:32 +02:00
parent 5e9606aa4d
commit d97bd8643e
54 changed files with 1160 additions and 453 deletions
+3
View File
@@ -234,6 +234,7 @@ export const EXAMPLES: Record<string, unknown> = {
"publicKey": "",
"reset": 0,
"reverse": null,
"secret": "ee1234567890abcdef1234567890abcd7777772e636c6f7564666c6172652e636f6d",
"security": "",
"subId": "",
"tgId": 0,
@@ -265,6 +266,7 @@ export const EXAMPLES: Record<string, unknown> = {
"publicKey": "",
"reset": 0,
"reverse": null,
"secret": "",
"security": "",
"subId": "",
"tgId": 0,
@@ -402,6 +404,7 @@ export const EXAMPLES: Record<string, unknown> = {
"enable": true,
"id": 1,
"listen": "",
"mtprotoDomain": "",
"nodeAddress": "",
"nodeId": null,
"port": 443,
+12
View File
@@ -1141,6 +1141,11 @@ export const SCHEMAS: Record<string, unknown> = {
"description": "VLESS simple reverse proxy settings",
"nullable": true
},
"secret": {
"description": "MTProto FakeTLS secret",
"example": "ee1234567890abcdef1234567890abcd7777772e636c6f7564666c6172652e636f6d",
"type": "string"
},
"security": {
"description": "Security method (e.g., \"auto\", \"aes-128-gcm\")",
"type": "string"
@@ -1253,6 +1258,9 @@ export const SCHEMAS: Record<string, unknown> = {
"type": "integer"
},
"reverse": {},
"secret": {
"type": "string"
},
"security": {
"type": "string"
},
@@ -1291,6 +1299,7 @@ export const SCHEMAS: Record<string, unknown> = {
"publicKey",
"reset",
"reverse",
"secret",
"security",
"subId",
"tgId",
@@ -1809,6 +1818,9 @@ export const SCHEMAS: Record<string, unknown> = {
"listen": {
"type": "string"
},
"mtprotoDomain": {
"type": "string"
},
"nodeAddress": {
"description": "Share-host resolution inputs, mirroring the subscription's\nresolveInboundAddress so the clients page renders a node-managed WireGuard\nEndpoint that points at the node, not the master panel. NodeAddress is the\nhosting node's externally reachable address (empty for this panel's own\ninbounds); Listen and ShareAddrStrategy/ShareAddr feed the same\nnode→listen→custom fallback the share/QR links already use.",
"type": "string"
+3
View File
@@ -242,6 +242,7 @@ export interface Client {
publicKey?: string;
reset: number;
reverse?: ClientReverse | null;
secret?: string;
security: string;
subId: string;
tgId: number;
@@ -275,6 +276,7 @@ export interface ClientRecord {
publicKey: string;
reset: number;
reverse: unknown;
secret: string;
security: string;
subId: string;
tgId: number;
@@ -396,6 +398,7 @@ export interface InboundOption {
enable: boolean;
id: number;
listen?: string;
mtprotoDomain?: string;
nodeAddress?: string;
nodeId?: number | null;
port: number;
+3
View File
@@ -258,6 +258,7 @@ export const ClientSchema = z.object({
publicKey: z.string().optional(),
reset: z.number().int(),
reverse: z.lazy(() => ClientReverseSchema).nullable().optional(),
secret: z.string().optional(),
security: z.string(),
subId: z.string(),
tgId: z.number().int(),
@@ -293,6 +294,7 @@ export const ClientRecordSchema = z.object({
publicKey: z.string(),
reset: z.number().int(),
reverse: z.unknown(),
secret: z.string(),
security: z.string(),
subId: z.string(),
tgId: z.number().int(),
@@ -423,6 +425,7 @@ export const InboundOptionSchema = z.object({
enable: z.boolean(),
id: z.number().int(),
listen: z.string().optional(),
mtprotoDomain: z.string().optional(),
nodeAddress: z.string().optional(),
nodeId: z.number().int().nullable().optional(),
port: z.number().int(),