Конфиг для сервера ml-lv-1g telemt ver. 3.0.2

fix(ci): replace deprecated actions-rs/cargo with direct cross commands

.github/workflows/release.yml

@@ -56,12 +56,11 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-${{ matrix.target }}-cargo-
 
+      - name: Install cross
+        run: cargo install cross --git https://github.com/cross-rs/cross
+
       - name: Build Release
-        uses: actions-rs/cargo@ae10961054e4aa8bff448f48a500763b90d5c550 # v1.0.1
-        with:
-          use-cross: true
-          command: build
-          args: --release --target ${{ matrix.target }}
+        run: cross build --release --target ${{ matrix.target }}
 
       - name: Package binary
         run: |

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "telemt"
-version = "3.0.3"
+version = "3.0.4"
 edition = "2024"
 
 [dependencies]

README.md

@@ -10,74 +10,40 @@
 
 ### 🇷🇺 RU
 
-15 февраля мы опубликовали `telemt 3` с поддержкой Middle-End Proxy, а значит:
+18 февраля мы опубликовали `telemt 3.0.3`, он имеет:
 
-- с функциональными медиа, в том числе с CDN/DC=203  
-- с Ad-tag — показывайте спонсорский канал и собирайте статистику через официального бота  
-- с новым подходом к безопасности и асинхронности  
-- с высокоточной диагностикой криптографии через `ME_DIAG`  
+- улучшенный механизм Middle-End Health Check
+- высокоскоростное восстановление инициализации Middle-End
+- меньше задержек на hot-path
+- более корректную работу в Dualstack, а именно - IPv6 Middle-End
+- аккуратное переподключение клиента без дрифта сессий между Middle-End
+- автоматическая деградация на Direct-DC при массовой (>2 ME-DC-групп) недоступности Middle-End
+- автодетект IP за NAT, при возможности - будет выполнен хендшейк с ME, при неудаче - автодеградация
+- единственный известный специальный DC=203 уже добавлен в код: медиа загружаются с CDN в Direct-DC режиме
 
-Для использования нужно:
+[Здесь вы можете найти релиз](https://github.com/telemt/telemt/releases/tag/3.0.3)
 
-1. Версия `telemt` ≥3.0.0
-2. Выполнение любого из наборов условий:
-   - публичный IP для исходящих соединений установлен на интерфейса инстанса с `telemt`
-     - ЛИБО
-   - вы используете NAT 1:1 + включили STUN-пробинг
-3. В конфиге, в секции `[general]` указать:
-```toml
-use_middle_proxy = true
-```
-
-Если условия из пункта 1 не выполняются:
-1. Выключите ME-режим:
-   - установите `use_middle_proxy = false`
-     - ЛИБО
-   - Middle-End Proxy будет выключен автоматически по таймауту, но это займёт больше времени при запуске
-2. В конфиге, добавьте в конец:
-```toml
-[dc_overrides]
-"203" = "91.105.192.100:443"
-```
-
-Если у вас есть компетенции в асинхронных сетевых приложениях, анализе трафика, реверс-инжиниринге или сетевых расследованиях — мы открыты к идеям и pull requests.
+Если у вас есть компетенции в асинхронных сетевых приложениях, анализе трафика, реверс-инжиниринге или сетевых расследованиях - мы открыты к идеям и pull requests!
 
 </td>
 <td width="50%" valign="top">
 
 ### 🇬🇧 EN
 
-On February 15, we released `telemt 3` with support for Middle-End Proxy, which means:
+On February 18, we released `telemt 3.0.3`. This version introduces:
 
-- functional media, including CDN/DC=203  
-- Ad-tag support – promote a sponsored channel and collect statistics via Telegram bot  
-- new approach to security and asynchronicity  
-- high-precision cryptography diagnostics via `ME_DIAG`  
+- improved Middle-End Health Check method  
+- high-speed recovery of Middle-End init
+- reduced latency on the hot path  
+- correct Dualstack support: proper handling of IPv6 Middle-End  
+- *clean* client reconnection without session "drift" between Middle-End
+- automatic degradation to Direct-DC mode in case of large-scale (>2 ME-DC groups) Middle-End unavailability  
+- automatic public IP detection behind NAT; first - Middle-End handshake is performed, otherwise automatic degradation is applied  
+- known special DC=203 is now handled natively: media is delivered from the CDN via Direct-DC mode  
 
-To use this feature, the following requirements must be met:
-1. `telemt` version ≥ 3.0.0
-2. One of the following conditions satisfied:
-   - the instance running `telemt` has a public IP address assigned to its network interface for outbound connections  
-     - OR
-   - you are using 1:1 NAT and have STUN probing enabled  
-3. In the config file, under the `[general]` section, specify:
-```toml
-use_middle_proxy = true
-````
+[Release is available here](https://github.com/telemt/telemt/releases/tag/3.0.3)
 
-If the conditions from step 1 are not satisfied:
-1. Disable Middle-End mode:
-   - set `use_middle_proxy = false`
-     - OR
-   - Middle-End Proxy will be disabled automatically after a timeout, but this will increase startup time
-
-2. In the config file, add the following at the end:
-```toml
-[dc_overrides]
-"203" = "91.105.192.100:443"
-```
-
-If you have expertise in asynchronous network applications, traffic analysis, reverse engineering, or network forensics — we welcome ideas, suggestions, and pull requests.
+If you have expertise in asynchronous network applications, traffic analysis, reverse engineering, or network forensics - we welcome ideas and pull requests!
 
 </td>
 </tr>
@@ -88,6 +54,8 @@ If you have expertise in asynchronous network applications, traffic analysis, re
 
 ⚓ Our implementation of **TLS-fronting** is one of the most deeply debugged, focused, advanced and *almost* **"behaviorally consistent to real"**:  we are confident we have it right - [see evidence on our validation and traces](#recognizability-for-dpi-and-crawler)
 
+⚓ Our ***Middle-End Pool*** is fastest by design in standard scenarios, compared to other implementations of connecting to the Middle-End Proxy: non dramatically, but usual
+
 # GOTO
 - [Features](#features)
 - [Quick Start Guide](#quick-start-guide)

config.toml

@@ -9,7 +9,7 @@ use_middle_proxy = true
 [network]
 # Enable/disable families; ipv6 = true/false/auto(None)
 ipv4 = true
-ipv6 = true
+ipv6 = false
 # prefer = 4 or 6
 prefer = 4
 multipath = false
@@ -44,7 +44,7 @@ ip = "::"
 
 # Users to show in the startup log (tg:// links)
 [general.links]
-show = ["hello"] # Users to show in the startup log (tg:// links)
+show = ["nikita-phone", "nikita-pc", "nikita-work-notebook", "marishka-phone", "marishka-notebook", "marishka-work-pc", "mama-phone", "mama-notebook", "melkiy-phone", "melkiy-pc", "melkiy-kristina-phone", "melkiy-kristina-pc", "bakak-phone", "bakak-nastya-phone", "maksik-phone", "maksik-oksana-phone", "dyusha-phone", "dyusha-anya-phone", "che-phone", "che-pc", "che-work-pc", "che-ira-phone", "irina-phone", "irina-work-pc"] # Users to show in the startup log (tg:// links)
 # public_host = "proxy.example.com"  # Host (IP or domain) for tg:// links
 # public_port = 443                  # Port for tg:// links (default: server.port)
 
@@ -57,10 +57,10 @@ client_ack = 300
 
 # === Anti-Censorship & Masking ===
 [censorship]
-tls_domain = "petrovich.ru"
+tls_domain = "ss.lv"
 mask = true
 mask_port = 443
-# mask_host = "petrovich.ru" # Defaults to tls_domain if not set
+# mask_host = "ss.lv" # Defaults to tls_domain if not set
 # mask_unix_sock = "/var/run/nginx.sock" # Unix socket (mutually exclusive with mask_host)
 fake_cert_len = 2048
 
@@ -72,7 +72,30 @@ ignore_time_skew = false
 
 [access.users]
 # format: "username" = "32_hex_chars_secret"
-hello = "00000000000000000000000000000000"
+nikita-phone = "e532cec08e066a8d45fb945b1cdec0dc"
+nikita-pc = "fa15f7570100b3017489b0e7ff0b553e"
+nikita-work-notebook = "c766653345b52de197b2328a34ac2b81"
+marishka-phone = "e998e1ad3e9b3a3bcd3a767e4ff05195"
+marishka-notebook = "c2a38b03c01748b16f07d81ba450457e"
+marishka-work-pc = "5525928d62b8a8f6fa328cb86552b299"
+mama-phone = "0ee2854d9f59f0208a609f8e89c2d8f4"
+mama-notebook = "3a6a9d8ffeb5b15b205d6df49169bd15"
+melkiy-phone = "18c7faca1770daa3e9efc0e6bc71786e"
+melkiy-pc = "60a96310c7b911dc6409f374d3bdbe01"
+melkiy-kristina-phone = "8c46f4b8b645f9d69aa55579b5e00814"
+melkiy-kristina-pc = "b487f03a2a8f3f679230a9e0f6d041d2"
+bakak-phone = "4d2cb97596daca295bb71b082d1409ce"
+bakak-nastya-phone = "ba153cb77c696f8a5414ff04cbf04bbb"
+maksik-phone = "1978306633ae757b97d3862e07285a10"
+maksik-oksana-phone = "40b53e0f524e4db3fa6c544c80916792"
+dyusha-phone = "03ee33bfadf0cfa85ba02f7ae15f3090"
+dyusha-anya-phone = "a602b93d6e6a9236cb812c7b83ea2304"
+che-phone = "4e511dfb04c7676a7ba99288adb65478"
+che-pc = "5a04595f59fd2f0497ec5277a4feb8c2"
+che-work-pc = "11c4ee5b67005b0d17a655b68e5b8cad"
+che-ira-phone = "3346aa0488fccb297dc5caee6b025e7b"
+irina-phone = "a5545d304bf842e215ced69ffce84c00"
+irina-work-pc = "f5eccc94fab5620d4ec2a84e22c7e272"
 
 # [access.user_max_tcp_conns]
 # hello = 50

docker-compose.yml

@@ -11,7 +11,7 @@ services:
     volumes:
       - ./config.toml:/run/telemt/config.toml:ro
     tmpfs:
-      - /run/telemt:rw,mode=1777,size=1m
+      - /run/telemt:rw,mode=1777,size=64m
     environment:
       - RUST_LOG=info
     # Uncomment this line if you want to use host network for IPv6, but bridge is default and usually better