💬 Comment on #39: Russian DPI (TSPU) blocking fake-TLS connections (April 2026)

v4.6.0 is out with the server-side mitigations described above:

- ServerHello encrypted size variation widened to ±32 bytes
- ServerHello/CCS split into separate TCP segments
- New DPI Resistance docs page

These reduce fingerprinting surface but won't fix detection on their own — the core issue is the client's TLS fingerprint. Track tdesktop#30513 for the client-side fix.

View comment

💬 Comment on #37: QR-CODE (Mikrotik)

Fixed in 21b22d9 — the /link page now detects Docker-internal and loopback IPs and substitutes the external IP from --nat-info.

View comment

💬 Comment on #22: SOCKS5 upstream proxy support

Implemented in aae0470, documented in 354af2c.

View comment

🚀 New Release: v4.7.0



Release notes | GitHub

📋 New Issue #40: Per-IP rate limiting (real-time throughput cap)

by rkline0x
View issue

📋 New Issue #43: DNS over HTTPS (DoH) for DC resolution

by rkline0x
View issue

📋 New Issue #44: Wildcard certificate handling in fake-TLS mode

by rkline0x
View issue

📋 New Issue #47: DC latency and health probes

by rkline0x
View issue

📋 New Issue #48: a lot of CLOSE_WAIT connections growing over time

by gogabor
View issue

📋 New Issue #49: Manifest unknown error while pulling the image.

by ant-222
View issue

💬 Comment on #49: Manifest unknown error while pulling the image.

Fixed in 8465e7e. A cleanup step in the build workflow was incorrectly deleting untagged platform manifests that the multi-arch index references. docker pull ghcr.io/teleproxy/teleproxy:latest works again.

View comment

💬 Comment on #47: DC latency and health probes

Shipped in v4.8.0.

View comment

🚀 New Release: v4.8.0


DC health probes (#47).

- Periodic TCP handshake probes to all 5 Telegram DCs, exposed as Prometheus histograms (teleproxy_dc_latency_seconds), failure counters, and last-latency gauges
- Disabled by default. Enable with --dc-probe-interval 30 (CLI), dc_probe_interval = 30 (TOML), or DC_PROBE_INTERVAL=30 (Docker env)
- Probes run in master process only with non-blocking poll for sub-millisecond accuracy
- Text stats include per-DC latency, average, count, and failure fields

Release notes | GitHub

💬 Comment on #11: failed: auth error

A build cleanup script briefly removed platform manifests from the registry. It's been fixed and a new image is published.

Your container runtime cached the old manifest index. Force a fresh pull:

``
docker pull ghcr.io/teleproxy/teleproxy:latest
``

If you're on a system like Portainer or Watchtower that auto-updates, restart the update cycle so it re-fetches the index.

View comment

💬 Comment on #49: Manifest unknown error while pulling the image.

@ant-222 apologies for stealing your attention!

View comment

🚀 New Release: v4.9.0


PROXY protocol v1/v2 listener support.

- --proxy-protocol CLI flag / proxy_protocol = true TOML config / PROXY_PROTOCOL=true Docker env
- Auto-detects v1 (text) and v2 (binary) headers, extracts real client IP from load balancer
- IP ACLs re-checked against the real client IP after header parsing
- v2 LOCAL command accepted for health check probes
- New stats: proxy_protocol_enabled, proxy_protocol_connections, proxy_protocol_errors
- Prometheus metrics: teleproxy_proxy_protocol_connections_total, teleproxy_proxy_protocol_errors_total

Other changes:

- Fix auto-generated secret not written to TOML config
- TON wallet donation option
- Per-page SEO metadata, OpenGraph tags, JSON-LD structured data, robots.txt
- Complete Russian translation (100%), expanded Farsi and Vietnamese (38%)
- Merged duplicate issue notification workflows

Release notes | GitHub

💬 Comment on #21: RPM Packages

Live at https://teleproxy.github.io/repo/. Install on EL9, EL10, AlmaLinux, Rocky, Fedora 41/42:

dnf install https://teleproxy.github.io/repo/teleproxy-release-latest.noarch.rpm
dnf install teleproxy
systemctl enable --now teleproxy

Signed with RSA 4096 / SHA-512 (RHEL 9 rpm-sequoia compatible). Verified end-to-end against v4.9.0 in Rocky 9, including upgrade-preserves-config and clean uninstall.

View comment

🚀 New Release: v4.10.0


Graceful connection draining on secret removal (#45).

- Removing a secret via SIGHUP reload no longer drops in-flight connections.
The slot transitions to a draining state — new connections matching the
removed secret are rejected, but existing ones keep working until they
close naturally or drain_timeout_secs (default 300, 0 = infinite)
elapses, at which point stragglers are force-closed.
- Re-adding a draining secret revives the same slot — counters, byte totals,
and IP tracking carry over. Pinned -S CLI secrets remain immutable.
- New TOML option drain_timeout_secs (reloadable).
- New stats: secret_<lbl>_draining, secret_<lbl>_drain_age_seconds,
secret_<lbl>_rejected_draining, secret_<lbl>_drain_forced.
- Slot capacity expanded to 16 active + up to 16 draining at any moment.
- Fix latent bug where the per-secret connection counter could go negative
if a TLS connection closed between handshake and obfs2 init.

RPM repository (#21).

- New signed dnf repository at https://teleproxy.github.io/repo/ serving
EL9, EL10, AlmaLinux, Rocky Linux, and Fedora 41/42 on x86_64 and aarch64.
- One-line install: dnf install https://teleproxy.github.io/repo/teleproxy-release-latest.noarch.rpm && dnf install teleproxy.
- Packages signed with RSA 4096 / SHA-512 (RHEL 9 rpm-sequoia compatible).
- Built automatically from the existing static linux binaries via nfpm,
driven by repository_dispatch from the release workflow.
- First install generates a random secret in /etc/teleproxy/config.toml;
upgrades and removals never touch a user-edited config.

Release notes | GitHub

📋 New Issue #53: Metric teleproxy_proxy_protocol_connections_total remains 0 despite active traffic and PROXY_PROTOCOL=true

by voiprostov
View issue

📋 New Issue #55: Can teleproxy be published through Cloudflare IPs ?

by Turreterror42
View issue