Running Telegram through a self-hosted MTProto proxy Docker container is one of the cleanest ways to bypass geo-blocks in 2026 — no third-party middlemen, no shared secrets leaking to unknown operators, and a sub-60-second spin-up if you already have Docker installed. This article covers the best MTProto proxy Docker images worth running, how to pick between them, and a working compose setup you can copy directly.
Why Self-Host Instead of Using a Public List
Public proxy lists have a trust problem. When you connect through a random MTProto endpoint, the operator can see your IP, connection timing, and which Telegram servers you’re reaching. That’s not theoretical: the @ProxyMTProto Telegram Channel Review 2026: Are Public MTProto Lists Safe? piece we published earlier this year documents several high-follower channels that rotate proxies through servers in jurisdictions known for traffic logging.
Self-hosting flips the equation. You control the secret, the logs, and the VPS. The marginal cost is roughly $3-6/month on a small Hetzner or Vultr instance, and setup takes under 10 minutes.
The Four Docker Images Worth Considering
Not all images are maintained equally. Here’s where things stand in mid-2026:
| Image | Stars (Docker Hub) | Last push | Language | Secret rotation | Multi-arch |
|---|---|---|---|---|---|
telegrammessenger/proxy | 2.1k | 2025-11 | C | Manual | amd64 only |
alexdoas/mtproto-proxy | 890 | 2026-02 | C | Env var | amd64/arm64 |
ghcr.io/seriyps/mtproto-proxy | 610 | 2026-04 | Erlang | Auto-rotate | amd64/arm64 |
nineseconds/mtproxy | 420 | 2025-09 | Go | Env var | amd64/arm64 |
telegrammessenger/proxy is the official Telegram-maintained image. It’s the reference implementation but ships as amd64 only and the secret is set at container start, not runtime. Fine for a single VPS; annoying if you’re running arm64 nodes.
seriyps/mtproto-proxy (Erlang-based) is the standout pick for anyone who cares about uptime. The Erlang runtime handles thousands of concurrent connections without memory pressure, and the image supports automatic secret rotation via a cron-triggered HTTP call to Telegram’s config endpoint. It’s the image the serious self-hosters use.
alexdoas/mtproto-proxy is a solid middle ground: easy env-var config, multi-arch, and actively maintained through early 2026.
nineseconds/mtproxy (Go) is lean and compiles to a small binary, but development has slowed since late 2025. Worth watching but not a first pick today.
Quick-Start: Docker Compose for seriyps/mtproto-proxy
Generate a fresh secret first:
openssl rand -hex 16Then drop this into docker-compose.yml:
version: "3.9"
services:
mtproto:
image: ghcr.io/seriyps/mtproto-proxy:latest
restart: unless-stopped
ports:
- "443:443"
environment:
MT_SECRET: "dd<your_hex_secret_here>"
MT_PORT: "443"
MT_TAG: "" # optional: your Telegram ad tag
MT_WORKERS: "2"
volumes:
- ./proxy-data:/dataRun docker compose up -d. Within 30 seconds the proxy is live. Share the link with users as:
tg://proxy?server=YOUR_VPS_IP&port=443&secret=dd<your_hex_secret>The dd prefix signals a “fake TLS” (FakeTLS) handshake, which makes MTProto traffic look like standard HTTPS to deep packet inspection systems. This matters significantly for users in Russia, Iran, and China, where plain MTProto is fingerprinted and blocked. If you’re advising users in those regions, also review Telegram Proxy Services for Russia 2026: What Actually Works for the ISP-level blocking patterns still active this year.
Port Selection and Firewall Rules
Don’t expose the default port 2398. Block-lists have had that port flagged since 2022. Run on 443 or 8443 to blend with HTTPS traffic.
Key firewall rules (UFW example):
ufw allow 443/tcp— proxy trafficufw deny 2398/tcp— block default port to avoid scan fingerprintingufw allow 22/tcp— SSH, obviouslyufw enable
If you’re on a provider that charges for egress (AWS, GCP), note that a 100-user proxy pushing Telegram media traffic can burn 300-600 GB/month. Hetzner’s flat-rate plans are better suited here.
Comparing This Approach to Managed Proxy Lists
Self-hosting is not always the right answer. If you need a large pool of MTProto endpoints fast, the MTProto Proxy List for Telegram 2026 (Working, Updated Monthly) gives you vetted working proxies without provisioning infrastructure. The tradeoff is trust: curated lists from vetted sources are safer than random public channels, but still involve a third party.
For enterprise or team use, a hybrid approach works well:
- Run 2-3 self-hosted Docker instances on VPSes in different regions (Frankfurt, Singapore, New York).
- Use a curated backup list from a source like the Legitimate Telegram Proxy Servers 2026: Vetted MTProto + SOCKS5 List for failover.
- Rotate secrets monthly using a cron job or the seriyps auto-rotate feature.
- Monitor uptime with a simple curl health check against Telegram’s MTProto config endpoint.
This gives you primary reliability on infrastructure you control, with a tested fallback that doesn’t rely on public community lists.
Monitoring and Keeping the Image Updated
The seriyps image auto-pulls Telegram’s server config on startup, but you still need to keep the image itself current. Set a monthly cron on the host:
# /etc/cron.monthly/update-mtproto
docker pull ghcr.io/seriyps/mtproto-proxy:latest
docker compose -f /opt/mtproto/docker-compose.yml up -d --force-recreateWatch for two things in the logs:
"Config fetch failed"— Telegram’s config endpoint is unreachable, usually a transient DNS issue"Secret mismatch"— client is using an old secret, needs to re-add the proxy
The Official Telegram Proxy Server List 2026 (MTProto + SOCKS5) covers how Telegram’s own infrastructure rotates IPs, which is useful context when debugging config fetch failures.
Bottom Line
For most self-hosters in 2026, ghcr.io/seriyps/mtproto-proxy is the right pick: multi-arch, actively maintained, and built on a runtime that handles concurrency cleanly. Pair it with FakeTLS (the dd secret prefix), run on port 443, and you have a proxy that survives DPI in the regions where Telegram access is actually contested. DRT will keep tracking which images stay maintained and which go stale — check back before a major version upgrade.
Related guides on dataresearchtools.com
- Official Telegram Proxy Server List 2026 (MTProto + SOCKS5)
- @ProxyMTProto Telegram Channel Review 2026: Are Public MTProto Lists Safe?
- Legitimate Telegram Proxy Servers 2026: Vetted MTProto + SOCKS5 List
- Telegram Proxy Services for Russia 2026: What Actually Works
- Pillar: MTProto Proxy List for Telegram 2026 (Working, Updated Monthly)