怎样在ipv6 only的vps上部署trojan-gfw?
怎样在只有ipv6的vps上部署trojan-gfw?
应对评论要求和我的个人经验,这里给大家分享怎样在只有ipv6的vps上面部署trojan-gfw,证书的部分我这里直接去某个网站下载下来,从网站下载的证书只有1年有效期,部署很简单,但还是算了吧。我这里还是介绍用命令行来申请证书。
准备好一个域名,添加AAAA记录指向自己的ipv6地址
- 这里就以
scaleya.xyz这个域名为例
以下操作在vultr Ubuntu 19.10演示,其他Debian也一样啦
- 本地要有ipv6,ssh连接到主机
- 证书acmesh从GitHub下载安装,显然无法在
纯ipv6环境下使用,这里转用certbot
安装certbot和trojan
1add-apt-repository ppa:certbot/certbot -y
2add-apt-repository ppa:greaterfire/trojan -y
3apt-get update
4apt-get install trojan certbot -y
申请证书 只能用下面的方法
1certbot certonly --standalone -d scaleya.xyz
2# 生成ok,提示
3Your certificate and chain have been saved at
4/etc/letsencrypt/live/scaleya.xyz/fullchain.pem
5Your key file has been saved at:
6/etc/letsencrypt/live/scaleya.xyz/privkey.pem
给权限 默认的证书叭叭叭拉拉啊了
1sudo chmod +rx /etc/letsencrypt/live
2sudo chmod +rx /etc/letsencrypt/archive
3chmod +r /etc/letsencrypt/archive/scaleya.xyz/privkey1.pem
4# 注意换成自己的域名
修改trojan配置
1nano /etc/trojan/config.json
2line 3: 监听ipv6
3line 7-10:trojan多用户密码
4line 13-14: 证书换成自己的
config.json 示例
1
2 "run_type": "server",
3 "local_addr": "::",
4 "local_port": 443,
5 "remote_addr": "127.0.0.1",
6 "remote_port": 80,
7 "password": [
8 "password1",
9 "password2"
10 ],
11 "log_level": 1,
12 "ssl": {
13 "cert": "/etc/letsencrypt/live/scaleya.xyz/fullchain.pem",
14 "key": "/etc/letsencrypt/live/scaleya.xyz/privkey.pem",
15 "key_password": "",
16 "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:E>
17 "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:T>
18 "prefer_server_cipher": true,
19
启动Trojan 开机自启
1systemctl enable trojan
2systemctl start trojan
3#systemctl status trojan
定时重启
1apt-get install cron -y
2#systemctl status cron
3echo "0 0 * * * root service trojan restart" >> /etc/crontab
4systemctl restart cron
删除证书
1certbot delete --cert-name scaleya.xyz
2# 或者 certbot delete 然后输入数字 选择删除的域名
似乎没放伪装站,不过影响不大。