astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
telemt/docs/QUICK_START_GUIDE.en.md

3.9 KiB
Raw Blame History

Telemt via Systemd

Installation

This software is designed for Debian-based OS: in addition to Debian, these are Ubuntu, Mint, Kali, MX and many other Linux

1. Download

wget -qO- "https://github.com/telemt/telemt/releases/latest/download/telemt-$(uname -m)-linux-$(ldd --version 2>&1 | grep -iq musl && echo musl || echo gnu).tar.gz" | tar -xz

2. Move to the Bin folder

mv telemt /bin

3. Make the file executable

chmod +x /bin/telemt

How to use?

This guide "assumes" that you:

  • logged in as root or executed su - / sudo su
  • Already have the "telemt" executable file in the /bin folder. Read the Installation section.

0. Check port and generate secrets

The port you have selected for use should be MISSING from the list, when:

netstat -lnp

Generate 16 bytes/32 characters HEX with OpenSSL or another way:

openssl rand -hex 16

OR

xxd -l 16 -p /dev/urandom

OR

python3 -c 'import os; print(os.urandom(16).hex())'

Save the obtained result somewhere. You will need it later!

1. Place your config to /etc/telemt/telemt.toml

Create config directory:

mkdir /etc/telemt

Open nano

nano /etc/telemt/telemt.toml

paste your config

# === General Settings ===
[general]
# ad_tag = "00000000000000000000000000000000"
use_middle_proxy = false

[general.modes]
classic = false
secure = false
tls = true

[server]
port = 443

[server.api]
enabled = true
# listen = "127.0.0.1:9091"
# whitelist = ["127.0.0.1/32"]
# read_only = true

# === Anti-Censorship & Masking ===
[censorship]
tls_domain = "petrovich.ru"

[access.users]
# format: "username" = "32_hex_chars_secret"
hello = "00000000000000000000000000000000"

then Ctrl+S -> Ctrl+X to save

[!WARNING] Replace the value of the hello parameter with the value you obtained in step 0. Replace the value of the tls_domain parameter with another website.

2. Create telemt user

useradd -d /opt/telemt -m -r -U telemt
chown -R telemt:telemt /etc/telemt

3. Create service on /etc/systemd/system/telemt.service

Open nano

nano /etc/systemd/system/telemt.service

paste this Systemd Module

[Unit]
Description=Telemt
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=telemt
Group=telemt
WorkingDirectory=/opt/telemt
ExecStart=/bin/telemt /etc/telemt/telemt.toml
Restart=on-failure
LimitNOFILE=65536
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

then Ctrl+S -> Ctrl+X to save

reload systemd units

systemctl daemon-reload

4. To start it, enter the command systemctl start telemt

5. To get status information, enter systemctl status telemt

6. For automatic startup at system boot, enter systemctl enable telemt

7. To get the link(s), enter

curl -s http://127.0.0.1:9091/v1/users | jq

Any number of people can use one link.

Telemt via Docker Compose

1. Edit config.toml in repo root (at least: port, users secrets, tls_domain)
2. Start container:

docker compose up -d --build

3. Check logs:

docker compose logs -f telemt

4. Stop:

docker compose down

[!NOTE]

  • docker-compose.yml maps ./config.toml to /app/config.toml (read-only)
  • By default it publishes 443:443 and runs with dropped capabilities (only NET_BIND_SERVICE is added)
  • If you really need host networking (usually only for some IPv6 setups) uncomment network_mode: host

Run without Compose

docker build -t telemt:local .
docker run --name telemt --restart unless-stopped \
  -p 443:443 \
  -e RUST_LOG=info \
  -v "$PWD/config.toml:/app/config.toml:ro" \
  --read-only \
  --cap-drop ALL --cap-add NET_BIND_SERVICE \
  --ulimit nofile=65536:65536 \
  telemt:local