4.2 KiB
Telemt via Systemd
Installation
This software is designed for Debian-based OS: in addition to Debian, these are Ubuntu, Mint, Kali, MX and many other Linux
1. Download
wget -qO- "https://github.com/telemt/telemt/releases/latest/download/telemt-$(uname -m)-linux-$(ldd --version 2>&1 | grep -iq musl && echo musl || echo gnu).tar.gz" | tar -xz
2. Move to the Bin folder
mv telemt /bin
3. Make the file executable
chmod +x /bin/telemt
How to use?
This guide "assumes" that you:
- logged in as root or executed
su -/sudo su - Already have the "telemt" executable file in the /bin folder. Read the Installation section.
0. Check port and generate secrets
The port you have selected for use should not be in the list:
netstat -lnp
Generate 16 bytes/32 characters in HEX format with OpenSSL or another way:
openssl rand -hex 16
OR
xxd -l 16 -p /dev/urandom
OR
python3 -c 'import os; print(os.urandom(16).hex())'
Save the obtained result somewhere. You will need it later!
1. Place your config to /etc/telemt/telemt.toml
Create the config directory:
mkdir /etc/telemt
Open nano
nano /etc/telemt/telemt.toml
Insert your configuration:
# === General Settings ===
[general]
# ad_tag = "00000000000000000000000000000000"
use_middle_proxy = false
[general.modes]
classic = false
secure = false
tls = true
[server]
port = 443
[server.api]
enabled = true
# listen = "127.0.0.1:9091"
# whitelist = ["127.0.0.1/32"]
# read_only = true
# === Anti-Censorship & Masking ===
[censorship]
tls_domain = "petrovich.ru"
[access.users]
# format: "username" = "32_hex_chars_secret"
hello = "00000000000000000000000000000000"
then Ctrl+S -> Ctrl+X to save
[!WARNING] Replace the value of the hello parameter with the value you obtained in step 0.
Additionally, change the value of the tls_domain parameter to a different website. Changing the tls_domain parameter will break all links that use the old domain!
2. Create telemt user
useradd -d /opt/telemt -m -r -U telemt
chown -R telemt:telemt /etc/telemt
3. Create service in /etc/systemd/system/telemt.service
Open nano
nano /etc/systemd/system/telemt.service
Insert this Systemd module:
[Unit]
Description=Telemt
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=telemt
Group=telemt
WorkingDirectory=/opt/telemt
ExecStart=/bin/telemt /etc/telemt/telemt.toml
Restart=on-failure
LimitNOFILE=65536
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
then Ctrl+S -> Ctrl+X to save
reload systemd units
systemctl daemon-reload
4. To start it, enter the command systemctl start telemt
5. To get status information, enter systemctl status telemt
6. For automatic startup at system boot, enter systemctl enable telemt
7. To get the link(s), enter:
curl -s http://127.0.0.1:9091/v1/users | jq
Any number of people can use one link.
[!WARNING] Only the command from step 7 can provide a working link. Do not try to create it yourself or copy it from anywhere if you are not sure what you are doing!
Telemt via Docker Compose
1. Edit config.toml in repo root (at least: port, users secrets, tls_domain)
2. Start container:
docker compose up -d --build
3. Check logs:
docker compose logs -f telemt
4. Stop:
docker compose down
[!NOTE]
docker-compose.ymlmaps./config.tomlto/app/config.toml(read-only)- By default it publishes
443:443and runs with dropped capabilities (onlyNET_BIND_SERVICEis added)- If you really need host networking (usually only for some IPv6 setups) uncomment
network_mode: host
Run without Compose
docker build -t telemt:local .
docker run --name telemt --restart unless-stopped \
-p 443:443 \
-p 9090:9090 \
-p 9091:9091 \
-e RUST_LOG=info \
-v "$PWD/config.toml:/app/config.toml:ro" \
--read-only \
--cap-drop ALL --cap-add NET_BIND_SERVICE \
--ulimit nofile=65536:65536 \
telemt:local