Necronicle 0ec1ff0bbd tg-tunnel: switch relay from Cloudflare Worker to dedicated VPS ...

New Go-based relay (vps-relay/) running on a dedicated Aeza VPS in
Amsterdam. Same mux wire protocol as the old CF worker — client
binaries just point at a new URL, no reprotocol work needed.

What this unlocks:
- No 10ms CPU limit (CF Worker Free tier kept killing sessions every
  30-100 seconds, forcing continuous reconnects and CONNECT_FAIL storms).
- No 6-concurrent-socket-per-invocation cap (was the single biggest
  bottleneck under load — we routinely saw `CONNECT throttled` on
  bursty clients).
- Sessions now live as long as the WebSocket stays up; observed 3+
  minute uptime with 0 disconnects in initial soak.

Relay characteristics:
- Same HMAC auth, same [streamId u16][type u8][payload] frames.
- Telegram DC IP allowlist identical to old worker.
- Single writer goroutine per session, single reader.
- ~11 MB RSS idle, <1% CPU under real traffic.
- Fronted by Caddy with Let's Encrypt cert on 213.176.74.63.nip.io.

Binaries rebuilt for all 9 architectures with the new default
--tunnel-url. Existing installations pick up the change on next
reinstall; manual override via --tunnel-url still works and points
back at the CF worker if someone needs it.

cf-worker/ source is kept in the tree as a reference / fallback
deployment target — not deleted.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-13 20:25:22 +03:00

5.3 MiB

Executable file

Raw History

View raw