Hello!
I have a specific infrastructure setup and need help with getting real client IP addresses while preserving all MTProto features (Fake TLS/DD-Secret).
Environment:
Host: KVM VPS (bare metal)
Virtualization: LXD containers
Proxy layer: HAProxy container (receives traffic on port 443)
Current Flow:
text
Internet → HAProxy (LXD) → MTProto Proxy container (seriyps/mtproto_proxy)
→ Web container (works with PROXY Protocol)
The Challenge:
HAProxy forwards traffic to the MTProto container, but the proxy only sees HAProxy's internal IP (e.g., 10.0.0.2), not the real user IPs. I need real IPs for:
Connection limiting per IP
Unique connection tracking
Potential banning mechanisms
Technical Detail:
I'm specifically using PROXY Protocol v1 (text-based) with HAProxy's send-proxy directive. It's simpler and works perfectly for my web services. I chose v1 over v2 because:
Human-readable format (easier debugging)
Simpler implementation on the receiver side
Sufficient for my needs (just need real IP, no extra metadata)
My Questions:
Does @seriyps/mtproto_proxy support PROXY Protocol v1?
I couldn't find any mention in the documentation or config examples.
If not, is v2 supported?
If no PROXY Protocol support exists, are there alternative ways to pass real IP from HAProxy to the Erlang backend while maintaining:
✅ Fake TLS (ee secrets + domain + SNI)
✅ DD-Secret
✅ Both protocols simultaneously
If this is a missing feature, would it be feasible to implement PROXY Protocol v1 support? (I'd be willing to test)
Current HAProxy config snippet:
text
backend mtproto
server mtproto1 10.0.0.3:1443 send-proxy # This sends PROXY v1
Thank you for your time and for this great project!
Hello!
I have a specific infrastructure setup and need help with getting real client IP addresses while preserving all MTProto features (Fake TLS/DD-Secret).
Environment:
Host: KVM VPS (bare metal)
Virtualization: LXD containers
Proxy layer: HAProxy container (receives traffic on port 443)
Current Flow:
text
Internet → HAProxy (LXD) → MTProto Proxy container (seriyps/mtproto_proxy)
→ Web container (works with PROXY Protocol)
The Challenge:
HAProxy forwards traffic to the MTProto container, but the proxy only sees HAProxy's internal IP (e.g., 10.0.0.2), not the real user IPs. I need real IPs for:
Connection limiting per IP
Unique connection tracking
Potential banning mechanisms
Technical Detail:
I'm specifically using PROXY Protocol v1 (text-based) with HAProxy's send-proxy directive. It's simpler and works perfectly for my web services. I chose v1 over v2 because:
Human-readable format (easier debugging)
Simpler implementation on the receiver side
Sufficient for my needs (just need real IP, no extra metadata)
My Questions:
Does @seriyps/mtproto_proxy support PROXY Protocol v1?
I couldn't find any mention in the documentation or config examples.
If not, is v2 supported?
If no PROXY Protocol support exists, are there alternative ways to pass real IP from HAProxy to the Erlang backend while maintaining:
✅ Fake TLS (ee secrets + domain + SNI)
✅ DD-Secret
✅ Both protocols simultaneously
If this is a missing feature, would it be feasible to implement PROXY Protocol v1 support? (I'd be willing to test)
Current HAProxy config snippet:
text
backend mtproto
server mtproto1 10.0.0.3:1443 send-proxy # This sends PROXY v1
Thank you for your time and for this great project!