#!/usr/bin/env bash
set -e

DOMAIN="${1:-www.yandex.ru}"
PORT="${2:-443}"
NAME="mtproto-faketls"

apt update
apt install -y docker.io curl ufw iproute2

systemctl enable --now docker

if ss -tlnp | grep -q ":${PORT} "; then
  echo "Порт ${PORT} занят. Освободите его или запустите: $0 ${DOMAIN} 8443"
  exit 1
fi

docker pull nineseconds/mtg:2

SECRET=$(docker run --rm nineseconds/mtg:2 generate-secret --hex "$DOMAIN")

docker rm -f "$NAME" 2>/dev/null || true

docker run -d \
  --name "$NAME" \
  --restart unless-stopped \
  -p "${PORT}:${PORT}" \
  nineseconds/mtg:2 \
  simple-run -n 1.1.1.1 -i prefer-ipv4 "0.0.0.0:${PORT}" "$SECRET"

ufw allow "${PORT}/tcp" || true

IP=$(curl -4 -s https://api.ipify.org || hostname -I | awk '{print $1}')

echo
echo "MTProto Fake TLS proxy установлен."
echo "Domain mask: $DOMAIN"
echo "Server: $IP"
echo "Port: $PORT"
echo "Secret: $SECRET"
echo
echo "Ссылка:"
echo "tg://proxy?server=${IP}&port=${PORT}&secret=${SECRET}"
echo
echo "Проверка:"
echo "docker logs ${NAME}"