Trojan搭建教程
手动搭建Trojan 高效上网
An unidentifiable mechanism that helps you bypass GFW.Trojan features multiple protocols over TLS to avoid both active/passive detections and ISP QoS limitations.Trojan is not a fixed program or protocol.
安装certbot
1add-apt-repository ppa:certbot/certbot -y
2apt-get update
3apt-get install certbot python-certbot-nginx -y
安装证书
1certbot certonly --nginx
| 干啥 | 内容 |
|---|---|
| 输入邮箱 | ldjglakg@gmail.com |
| 输入同意 | a |
| 同意接受 | y |
| 输入解析后的域名 | baidudc.com |
1IMPORTANT NOTES:
2 - Congratulations! Your certificate and chain have been saved at:
3 /etc/letsencrypt/live/kkk.com/fullchain.pem
4 Your key file has been saved at:
5 /etc/letsencrypt/live/kkk.com/privkey.pem
6 Your cert will expire on 2019-11-21. To obtain a new or tweaked
7 version of this certificate in the future, simply run certbot
8 again. To non-interactively renew *all* of your certificates, run
9 "certbot renew"
安装Trojan
1apt-get update
2apt install trojan
默认安装位置
1/etc/trojan
修改Trojan config.json配置
1cd /etc/trojan
2nano config.json
替换证书路径(原+新)
1#原
2"cert": "/path/to/certificate.crt",
3"key": "/path/to/private.key",
4
5#新
6"cert": "/etc/letsencrypt/live/kkk.com/fullchain.pem",
7"key": "/etc/letsencrypt/live/kkk.com/privkey.pem",
8
可能用到的快捷键
1ctrl+a:光标移动到行首
2ctrl+k:删除光标所在行
3ctrl+x:退出
4ctrl+6:标记/选择
5ctrl+d:剪贴
输入trojan,返回如下即正常
1[2019-08-23 13:15:16] [FATAL] trojan service (server) started at 0.0.0.0:443
赋予权限
1 chmod +rx /etc/letsencrypt/live
2 chmod +rx /etc/letsencrypt/archive
3 chmod +r /etc/letsencrypt/archive/kkk.com/privkey1.pem
运行
1systemctl start trojan
2systemctl restart trojan
3systemctl stop trojan
4systemctl status trojan
5systemctl enable trojan
2019.9.21更新
一键安装脚本
1bash <(curl -sL https://scaleya.netlify.com/share/trojan.sh)
一键安装脚本vultr版
1#!/bin/bash
2# ym 即解析后的域名
3# mm 即连接密码
4
5echo "ym.com
6mm123456
7"|bash <(curl -sL https://scaleya.netlify.com/share/trojan.sh)
一键安装脚本content
1#!/bin/bash
2apt-get update
3
4apt install socat -y
5apt install trojan -y
6apt install nginx -y
7service nginx stop
8curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh > acme.sh&&bash acme.sh --install \--home /etc
9
10read -p "pls ur domain:" ym
11echo "ur domain is $ym"
12read -p "pls ur mm:" mm
13echo "ur mm is $mm"
14ecc="ecc"
15
16/etc/acme.sh --issue --standalone -d $ym --keylength ec-256
17mkdir -p /etc/letsencrypt/$ym\_ecc
18/etc/acme.sh --install-cert -d $ym
19--ecc \
20 --cert-file /etc/letsencrypt/$ym\_ecc/cert.pem \
21 --key-file /etc/letsencrypt/$ym\_ecc/private.key \
22 --fullchain-file /etc/letsencrypt/$ym\_ecc/fullchain.pem \
23 --reloadcmd "sudo systemctl restart nginx.service"
24
25
26sudo chmod +rx /etc/letsencrypt/$ym\_ecc/*
27
28cat > /etc/trojan/config.json << EOF
29{
30 "run_type": "server",
31 "local_addr": "0.0.0.0",
32 "local_port": 443,
33 "remote_addr": "127.0.0.1",
34 "remote_port": 80,
35 "password": [
36 "$mm",
37 "password2"
38 ],
39 "log_level": 1,
40 "ssl": {
41 "cert": "/etc/letsencrypt/${ym}_${ecc}/cert.pem",
42 "key": "/etc/letsencrypt/${ym}_${ecc}/private.key",
43 "key_password": "",
44 "cipher": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY13 05:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SH A256:ECDHE-RSA-AES128-SHA256",
45 "prefer_server_cipher": true,
46 "alpn": [
47 "http/1.1"
48 ],
49 "reuse_session": true,
50 "session_ticket": false,
51 "session_timeout": 600,
52 "plain_http_response": "",
53 "curves": "",
54 "dhparam": ""
55 },
56 "tcp": {
57 "prefer_ipv4": false,
58 "no_delay": true,
59 "keep_alive": true,
60 "fast_open": false,
61 "fast_open_qlen": 20
62 },
63 "mysql": {
64 "enabled": false,
65 "server_addr": "127.0.0.1",
66 "server_port": 3306,
67 "database": "trojan",
68 "username": "trojan",
69 "password": ""
70 }
71}
72EOF
73
74
75
76
77systemctl enable trojan
78systemctl start trojan
79