Cannot login into TDWeb from Russia, need some special address for proxy addons

[Twilightssuperb]

Telegram is blocked in Russia completely with it site, so I have to use VPN for access to .telegram.org. Also I have to add this stroke (full Telegram domain) to sites list for browser proxy/VPN addons. Nevertheless I cannot login into your TDWeb (I get no verification code), even when I wrote .telegram.org to sites list; proxies in browsers work in this mode. But when I Iaunch VPN for all sites (not only for exceptions list), I get verification code and can seamlessly use TDWeb.

So what web-address (associated with Telegram?) should I add to sites list for proxy addon only just for login?

Please, help. (In any case I can describe my issue in Russian, it's my native language.)

[hameda169]

I have this problem too and also I am a developer. Can anyone help me for implementing this telegram with proxies like socks5 or MTProto?

[savely-krasovsky]

@hameda169 TDLib fully supports proxy (HTTP, SOCKS, MTProto). So I guess you could get it work.

[hameda169]

@L11R I want some help and some description from this code. its connection with telegram is with wss(webSocket secure) and it isn't as simple as you are saying I guess

[savely-krasovsky]

@hameda169 Well, you are right, Telegram team uses WebSockets to communicate with their servers in case of WASM builds of TDLib.

const unsupportedMethods = [
      'getStorageStatistics',
      'getStorageStatisticsFast',
      'optimizeStorage',
      'addProxy',
      'init',
      'start'
];

But I guess we can just reverse proxy their server using Nginx. I will try it and post report here later.

[hameda169]

@L11R Thank you so much and I am waiting your post

[savely-krasovsky]

@hameda169 So I have able to get it work in Russia without any circumvention (VPN, etc). What I did:

1. Deployed 5 reverse proxies to proxify every Telegram data center (DC).
2. Patched TDLib with my reverse proxy servers.
3. Compiled TDLib, TDWeb and telegram-react.
4. Served telegram-react as static page.

Done, it works.

[hameda169]

@L11R Can you explain 1?

[savely-krasovsky]

@hameda169 Telegram communicates with those servers:

https://github.com/tdlib/td/blob/21dee3b1d923f3fdacc711b46ad102b1d0d1439b/td/telegram/net/ConnectionCreator.cpp#L1329-L1333

So you need to reverse proxy all of them, because user's media could on any of those (it usually depends on where user lives). For reverse proxy I personally use Nginx HTTPS server. My config:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        include /etc/letsencrypt/options-ssl-nginx.conf;

        ssl_certificate /etc/letsencrypt/live/my.domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/my.domain/privkey.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        server_name dc1.my.domain;

        location /apiws {
                add_header X-Robots-Tag 'noindex';

               # This headers could be not necessary
                proxy_set_header Host pluto.web.telegram.org;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                # Necessary part
                proxy_pass https://pluto.web.telegram.org;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

        location /robots.txt {
                return 200 "User-agent: *\nDisallow: /\n";
        }
}

[savely-krasovsky]

@hameda169 I found another solution. You can just up 5 reverse proxy servers, but there is no need to recompile everything. Just open .wasm file by any hex editor, find 5 those servers:

https://github.com/tdlib/td/blob/21dee3b1d923f3fdacc711b46ad102b1d0d1439b/td/telegram/net/ConnectionCreator.cpp#L1329-L1333

And replace them with your own. But! Your server should have same URL length as theirs. So for example:

aurora.web.telegram.org/apiws
xxx.your.own.server.org/apiws

pluto.web.telegram.org/apiws
xx.your.own.server.org/apiws

Where xxx and xx are just fillers to complete missing length. You can also use path. No need to use exactly /apiws path. Example:

aurora.web.telegram.org/apiws
your.own.server.org/xxx/apiws

Example nginx config for this case: https://gist.github.com/L11R/cd9336acb785491d93a9006af4e87481

If you really want to have own short length URL like 1.server.org/apiws then you still need to recompile TDLib, TDWeb and Telegram React.

[gasabr]

@L11R sorry, this might not be very relevant to the library, but still I would be grateful if you could help me with this one: is there a way to create proxies needed for telegram login widget?

Script itself could be received with wget https://core.telegram.org/widgets/login, I've tried to proxy all the urls in it, but later in the login process it sends redirect to oauth.telegram.org which is outside of the script and can not be proxied as far as I understand.

[savely-krasovsky]

@gasabr well. I don't think it's easy to do, but if there is only one redirect (or at least not so many) you can try to handle this redirect manually by using proxy_redirect directive inside location block.

[gasabr]

Thank a lot! Will try it out possibly

I thought that writing my own widget could be an option, because the original one is basically login page with some UX-sugar