MTProxyMax

The Ultimate Telegram Proxy Manager Built on Rust

Generate Convert Improve

Install / Use

/learn @SamNet-dev/MTProxyMax

About this skill

Quality Score

0/100

README

<h1 align="center">MTProxyMax</h1> The Ultimate Telegram MTProto Proxy Manager One script. Full control. Zero hassle. <img src="https://img.shields.io/badge/version-1.0.4-brightgreen" alt="Version"/> <img src="https://img.shields.io/badge/license-MIT-blue" alt="License"/> <img src="https://img.shields.io/badge/engine-Rust_(telemt_3.x)-orange" alt="Engine"/> <img src="https://img.shields.io/badge/platform-Linux-lightgrey" alt="Platform"/> <img src="https://img.shields.io/badge/bash-4.2+-yellow" alt="Bash"/> <img src="https://img.shields.io/badge/docker-multi--arch-blue" alt="Docker"/> <a href="#-quick-start">Quick Start</a> • <a href="#-features">Features</a> • <a href="#-comparison">Comparison</a> • <a href="#-telegram-bot-17-commands">Telegram Bot</a> • <a href="#-cli-reference">CLI Reference</a> • <a href="#-changelog">Changelog</a>

MTProxyMax is a full-featured Telegram MTProto proxy manager powered by the telemt 3.x Rust engine. It wraps the raw proxy engine with an interactive TUI, a complete CLI, a Telegram bot for remote management, per-user access control, traffic monitoring, proxy chaining, and automatic updates — all in a single bash script.

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/SamNet-dev/MTProxyMax/main/install.sh)"

Why MTProxyMax?

Most MTProxy tools give you a proxy and a link. That's it. MTProxyMax gives you a full management platform:

🔐 Multi-user secrets with individual bandwidth quotas, device limits, and expiry dates
🤖 Telegram bot with 17 commands — manage everything from your phone
🗂️ Replication — sync config to slave servers automatically via rsync+SSH
🖥️ Interactive TUI — no need to memorize commands, menu-driven setup
📊 Prometheus metrics — real per-user traffic stats, not just iptables guesses
🔗 Proxy chaining — route through SOCKS5 upstreams for extra privacy
🔄 Auto-recovery — detects downtime, restarts automatically, alerts you on Telegram
🐳 Pre-built Docker images — installs in seconds, not minutes

🚀 Quick Start

One-Line Install

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/SamNet-dev/MTProxyMax/main/install.sh)"

The interactive wizard walks you through everything: port, domain, first user secret, and optional Telegram bot setup.

Manual Install

curl -fsSL https://raw.githubusercontent.com/SamNet-dev/MTProxyMax/main/mtproxymax.sh -o mtproxymax
chmod +x mtproxymax
sudo ./mtproxymax install

After Install

mtproxymax           # Open interactive TUI
mtproxymax status    # Check proxy health

✨ Features

🛡️ FakeTLS V2 Obfuscation

Your proxy traffic looks identical to normal HTTPS traffic. The Fake TLS V2 engine mirrors real TLS 1.3 sessions — per-domain profiles, real cipher suites, dynamic certificate lengths, and realistic record fragmentation. The TLS handshake SNI points to a cover domain (e.g., cloudflare.com), making it indistinguishable from regular web browsing to any DPI system.

Traffic masking goes further — when a non-Telegram client probes your server, the connection is forwarded to the real cover domain. Your server responds exactly like cloudflare.com would.

👥 Multi-User Secret Management

Each user gets their own secret key with a human-readable label:

Add/remove users instantly — config regenerates and proxy hot-reloads
Enable/disable access without deleting the key
Rotate a user's secret — new key, same label, old link stops working
QR codes — scannable directly in Telegram

🔒 Per-User Access Control

Fine-grained limits enforced at the engine level:

| Limit | Description | Example | Best For | |-------|-------------|---------|----------| | Max Connections | Concurrent connections (1 app = 1 conn) | 3 | Device limiting | | Max IPs | Unique IP addresses allowed | 5 | Anti-sharing / abuse | | Data Quota | Lifetime bandwidth cap | 10G, 500M | Fair usage | | Expiry Date | Auto-disable after date | 2026-12-31 | Temporary access |

Tip: Use conns for device limits, not ips. Each Telegram app opens exactly 1 connection (multiplexed internally), so conns 3 = max 3 devices. IP limits are less reliable because mobile users roam between cell towers (briefly showing 2 IPs for 1 device), and multiple devices behind the same WiFi share 1 IP. Use ips as a secondary anti-sharing measure.

Traffic and quotas are lifetime (cumulative), not monthly. They don't auto-reset. Use mtproxymax secret reset-traffic <label> to manually reset counters, or rotate the secret.

mtproxymax secret setlimits alice 100 5 10G 2026-12-31

📋 User Management Recipes

<details> <summary>Limit Devices Per User (Recommended)</summary>

mtproxymax secret setlimit alice conns 1    # Single device only
mtproxymax secret setlimit family conns 5   # Family — up to 5 devices

If someone with conns 1 shares their link, the second device can't connect. Each Telegram app = exactly 1 connection.

</details> <details> <summary>Device Limit Tiers</summary>

| Scenario | conns | ips (optional) | |----------|---------|-------------------| | Single person, one device | 1 | 2 (allow roaming) | | Single person, multiple devices | 3 | 5 | | Small family | 5 | 10 | | Small group / office | 30 | 50 | | Public/open link | 0 | 0 (unlimited) |

Set ips slightly higher than conns to allow for mobile roaming (cell tower switches temporarily show 2 IPs for 1 device).

</details> <details> <summary>Time-Limited Sharing Link</summary>

mtproxymax secret add shared-link
mtproxymax secret setlimits shared-link 50 30 10G 2026-06-01

When the expiry date hits, the link stops working automatically.

</details> <details> <summary>Per-Person Keys (Recommended)</summary>

mtproxymax secret add alice
mtproxymax secret add bob
mtproxymax secret add charlie

# Each person gets their own link — revoke individually
mtproxymax secret setlimit alice conns 2    # 2 devices
mtproxymax secret setlimit bob conns 1      # 1 device
mtproxymax secret setlimit charlie conns 3  # 3 devices

</details> <details> <summary>Disable, Rotate, Remove</summary>

mtproxymax secret disable bob    # Temporarily cut off
mtproxymax secret enable bob     # Restore access

mtproxymax secret rotate alice   # New key, old link dies instantly

mtproxymax secret remove bob     # Permanent removal

</details>

🤖 Telegram Bot (17 Commands)

Full proxy management from your phone. Setup takes 60 seconds:

mtproxymax telegram setup

| Command | Description | |---------|-------------| | /mp_status | Proxy status, uptime, connections | | /mp_secrets | List all users with active connections | | /mp_link | Get proxy details + QR code image | | /mp_add <label> | Add new user | | /mp_remove <label> | Delete user | | /mp_rotate <label> | Generate new key for user | | /mp_enable <label> | Re-enable disabled user | | /mp_disable <label> | Temporarily disable user | | /mp_limits | Show all user limits | | /mp_setlimit | Set user limits | | /mp_traffic | Per-user traffic breakdown | | /mp_upstreams | List proxy chains | | /mp_health | Run diagnostics | | /mp_restart | Restart proxy | | /mp_update | Check for updates | | /mp_help | Show all commands |

Automatic alerts:

🔴 Proxy down → instant notification + auto-restart attempt
🟢 Proxy started → sends connection details + QR codes
📊 Periodic traffic reports at your chosen interval

🗂️ Replication (Master-Slave Config Sync)

Keep multiple proxy servers in sync automatically. The master pushes config changes to all slaves via rsync+SSH on a configurable interval. Slaves receive secrets.conf, upstreams.conf, instances.conf, and config.toml — their own role settings and local state are never overwritten.

Setup takes two commands:

# On master — run wizard, select Master, add slave
mtproxymax replication setup

# On slave — run wizard, select Slave
mtproxymax replication setup

How it works:

Master generates a self-contained sync script at /opt/mtproxymax/mtproxymax-sync.sh
A systemd timer fires every N seconds (default: 60) and runs the sync
On change — proxy container on slave is automatically restarted
settings.conf and replication.conf are always excluded — slave role is never overwritten

mtproxymax replication status     # Show role, timer state, last sync
mtproxymax replication sync       # Trigger immediate sync
mtproxymax replication logs       # View sync log
mtproxymax replication test       # Test SSH connectivity to all slaves
mtproxymax replication promote    # Promote slave to master (failover)

Roles:

| Role | Description | |------|-------------| | Master | Pushes config to slaves on schedule | | Slave | Receives config, read-only. Changes must be made on master | | Standalone | Replication disabled (default) |

🔗 Proxy Chaining (Upstream Routing)

Route traffic through intermediate servers:

# Route 20% through Cloudflare WARP
mtproxymax upstream add warp socks5 127.0.0.1:40000 - - 20

# Route through a backup VPS
mtproxymax upstream add backup socks5 203.0.113.50:1080 user pass 80

# Hostnames are supported (resolved by the engine)
mtproxymax upstream add remote socks5 my-proxy.example.com:1080 user pass 50

Supports SOCKS5 (with auth), SOCKS4, and direct routing with weight-based load balancing. Addresses can be IPs o

Related Skills

himalaya

340.5k

CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).

node-connect

340.5k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

84.2k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

coding-agent

340.5k

Delegate coding tasks to Codex, Claude Code, or Pi agents via background process