LLHOST
preview-img
  • #howto
  • #manual
  • #mtproto_proxy

How to Set Up MTProto Proxy for Telegram on Ubuntu 22.04

March 29, 2026
3 min read

What is MTProto Proxy?

MTProto is Telegram's own transport protocol. An MTProto proxy acts as a relay between Telegram clients and Telegram's servers. In fake-TLS mode the traffic is indistinguishable from regular HTTPS — useful for bypassing DPI-based blocks.

Prerequisites

  • Ubuntu 22.04 LTS with root access
  • Public IPv4 address
  • Port 443 available (recommended — least likely to be blocked)

Step 1 — Update the system

apt update && apt upgrade -y

apt install -y wget

Step 2 — Download and install mtg v2.2.6

# Download

wget https://github.com/9seconds/mtg/releases/download/v2.2.6/mtg-2.2.6-linux-amd64.tar.gz

# Extract — produces directory mtg-2.2.6-linux-amd64/

tar xzf mtg-2.2.6-linux-amd64.tar.gz

# Install binary

mv mtg-2.2.6-linux-amd64/mtg /usr/local/bin/mtg

chmod +x /usr/local/bin/mtg

# Verify

mtg --version

Step 3 — Generate a secret

The secret identifies your proxy. Use fake-TLS mode (ee... prefix) — it disguises traffic as HTTPS to a real domain:

mtg generate-secret --hex google.com

Example output:

ee473ce5d4958eb5f968c87680a23854a0676f6f676c652e636f6d

Choose a domain that makes sense for your server's IP. For example, if your VPS is from DigitalOcean — use digitalocean.com. If Hetzner — hetzner.com. This makes the traffic less suspicious.

Save this value — it goes into the config and the client link.

Step 4 — Create the configuration file

Only secret and bind-to are mandatory. Create /etc/mtg.toml:

nano /etc/mtg.toml

Minimal working config:

secret = "YOUR_SECRET_HERE"

bind-to = "0.0.0.0:443"

This is enough to run the proxy. All other options have sensible defaults.

If port 443 is already occupied by another service, use a different port, e.g. 0.0.0.0:8443

Step 5 — Create a systemd service

nano /etc/systemd/system/mtg.service

Content:

[Unit]

Description=mtg - MTProto proxy server

Documentation=https://github.com/9seconds/mtg

After=network.target

[Service]

ExecStart=/usr/local/bin/mtg run /etc/mtg.toml

Restart=always

RestartSec=3

DynamicUser=true

AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]

WantedBy=multi-user.target

next run commands: 

systemctl daemon-reload

systemctl enable --now mtg

systemctl status mtg

Step 6 — Get the client connection link

mtg access /etc/mtg.toml

Example output:

{

"ipv4": {

"ip": "1.2.3.4",

"port": 443,

"tg_url": "tg://proxy?port=443&secret=...&server=1.2.3.4",

"tg_qrcode": "https://api.qrserver.com/...",

"tme_url": "https://t.me/proxy?port=443&secret=...&server=1.2.3.4",

"tme_qrcode": "https://api.qrserver.com/..."

},

"ipv6": { "..." },

"secret": {

"hex": "ee...",

"base64": "..."

}

}

  • tg_url (tg://proxy?...) — use this one. Opens directly in Telegram and adds the proxy automatically.
  • tme_url (https://t.me/proxy?...) — redirects to the Telegram download page in most browsers. Do not use.
  • tg_qrcode — QR code for the tg:// link, convenient for mobile scanning
  • If the server has IPv6, an ipv6 block with separate links will appear

How to connect on the client side

Option 1 — click the tg:// link (Telegram desktop must be installed):

tg://proxy?port=443&secret=YOUR_SECRET&server=YOUR_IP

Option 2 — add manually in Telegram:

Settings → Data and Storage → Proxy → Add Proxy → select MTProto, then fill in

Option 3 — QR code (convenient for mobile):

Open the tg_qrcode URL from the mtg access output in a browser and scan it with your phone camera.

Step 7 — Verify

# Port is listening

ss -tlnp | grep 443

# Live logs

journalctl -u mtg -f

Test from Telegram client: Open the tg://proxy?... link → Settings → Data and Storage → Proxy Settings → verify Connected.

We are using cookies!We use cookies to enhance your experience. See our Privacy Policy.