网络代理
trojan-go
文档:https://p4gefau1t.github.io/trojan-go/
申请证书
-
下载证书配置工具:
curl https://get.acme.sh | sh
-
配置证书自动更新:
1$ vi test.cron 21 12 1,15 * * ${HOME}/.acme.sh/acme.sh --cron 3$ crontab -uroot test.cron 4# 检查是否添加成功 5$ crontab -uroot -l
-
设置环境变量:
source ~/.bashrc
-
安装nginx
1# 安装nginx 2$ apt-get install nginx 3 4# 配置防火墙 5$ iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT 6$ iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT 7 8# 测试访问:保证80端口可以访问,443不可以访问 9 10# 测试没问题后关闭nginx,因为签发证书的时候需要使用本地80端口 11systemctl stop nginx.service
-
在云厂商设置域名解析,例如你的域名为:
abc.com
,那么在腾讯云做如下配置: -
申请证书:
1# 安装socat 2$ apt-get install socat 3# 这里使用你的邮箱地址 4$ acme.sh --register-account -m 123456@qq.com 5# 这里使用你的域名,例如abc.com 6$ acme.sh --issue -d abc.com --standalone -k ec-256 --force 7# 创建目录存放证书,为方便区分,我们使用自己的域名做目录名 8$ mkdir -p /data/abc.com 9$ acme.sh --installcert -d abc.com --fullchainpath /data/abc.com/fullchain.crt --keypath /data/abc.com/privkey.key --ecc --force
安装trojan-go服务端
-
下载安装包:
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip
-
解压:
unar trojan-go-linux-amd64.zip
-
提取配置:
cd trojan-go-linux-amd64; mv example/server.json .
-
修改配置:
vi server.json
1{ 2 "run_type": "server", 3 "local_addr": "0.0.0.0", 4 "local_port": 443, 5 "remote_addr": "127.0.0.1", 6 "remote_port": 80, 7 "password": [ 8 "你的密码", # 配置密码 9 ], 10 "ssl": { # 配置证书,路径为上面保存证书的路径 11 "cert": "/data/abc.com/fullchain.crt", 12 "key": "/data/abc.com/privkey.key", 13 "sni": "abc.com" # 配置为你的域名 14 }, 15 "router": { 16 "enabled": true, 17 "block": [ 18 "geoip:private" 19 ], 20 "geoip": "/root/trojan/geoip.dat", 21 "geosite": "/root/trojan/geosite.dat" 22 } 23}
-
配置启动文件:
mv example/trojan-go.service /etc/systemd/system/trojan.service && vi /etc/systemd/system/trojan.service
1# 修改ExecStart为正确的启动命令:/root/trojan/trojan-go -config /root/trojan/server.json 2# 修改User=root 3 4[Unit] 5Description=Trojan-Go - An unidentifiable mechanism that helps you bypass GFW 6Documentation=https://p4gefau1t.github.io/trojan-go/ 7After=network.target nss-lookup.target 8 9[Service] 10User=root 11CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 12AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 13NoNewPrivileges=true 14ExecStart=/root/trojan/trojan-go -config /root/trojan/server.json 15Restart=on-failure 16RestartSec=10s 17LimitNOFILE=infinity 18 19[Install] 20WantedBy=multi-user.target
-
启动:
systemctl daemon-reload && systemctl start nginx.service && systemctl start trojan.service
-
测试443端口访问,能正常访问那么配置就成功了:
https://abc.com
安装trojan-go客户端
-
下载安装包:
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip
-
解压:
unar trojan-go-linux-amd64.zip
-
提取配置:
cd trojan-go-linux-amd64; mv example/client.json .
-
修改配置:
vi client.json
1{ 2 "run_type": "client", 3 "local_addr": "127.0.0.1", 4 "local_port": 1080, 5 "remote_addr": "1.2.3.4", # 你的云主机地址 6 "remote_port": 443, 7 "password": [ 8 "你的密码" # 服务端配置的密码 9 ], 10 "ssl": { 11 "sni": "abc.com" # 你的域名 12 }, 13 "mux": { 14 "enabled": true 15 }, 16 "router": { 17 "enabled": true, 18 "bypass": [ 19 "geoip:cn", 20 "geoip:private", 21 "geosite:cn", 22 "geosite:private" 23 ], 24 "block": [ 25 "geosite:category-ads" 26 ], 27 "proxy": [ 28 "geosite:geolocation-!cn" 29 ], 30 "default_policy": "proxy", 31 "geoip": "/usr/local/src/trojan/geoip.dat", # 注意路径配置 32 "geosite": "/usr/local/src/trojan/geosite.dat" 33 } 34}
-
配置启动文件:
mv example/trojan-go.service /etc/systemd/system/trojan.service && vi /etc/systemd/system/trojan.service
1# 修改ExecStart为正确的启动命令:/usr/local/src/trojan/trojan-go -config /usr/local/src/trojan/client.json 2 3[Unit] 4Description=Trojan-Go - An unidentifiable mechanism that helps you bypass GFW 5Documentation=https://p4gefau1t.github.io/trojan-go/ 6After=network.target nss-lookup.target 7 8[Service] 9User=nobody 10CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 11AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 12NoNewPrivileges=true 13ExecStart=/usr/local/src/trojan/trojan-go -config /usr/local/src/trojan/client.json 14Restart=on-failure 15RestartSec=10s 16LimitNOFILE=infinity 17 18[Install] 19WantedBy=multi-user.target
-
启动:
systemctl daemon-reload && systemctl start trojan.service
-
修改网络配置:
-
或者可以使用脚本启动trojan客户端并配置网络
启动脚本:
vi /usr/bin/start-ss
1#!/usr/bin/env bash 2 3ssPid=`ps -ef | grep trojan-go | grep -v grep | awk '{print $2}'` 4 5if [ ! -n "$ssPid" ] 6then 7 sudo systemctl start trojan.service 8fi 9 10gsettings set org.gnome.system.proxy mode manual 11 12git config --global http.proxy socks5://127.0.0.1:1080 13git config --global https.proxy socks5://127.0.0.1:1080 14git config --global http.https://github.com.proxy http://127.0.0.1:1080 15git config --global https.https://github.com.proxy https://127.0.0.1:1080
停止脚本:
vi /usr/bin/stop-ss
1#!/usr/bin/env bash 2 3ssPid=`ps -ef | grep trojan-go | grep -v grep | awk '{print $2}'` 4 5if [ -n "$ssPid" ] 6then 7 sudo systemctl stop trojan.service 8fi 9 10gsettings set org.gnome.system.proxy mode none 11 12git config --global --unset http.proxy 13git config --global --unset https.proxy 14git config --global --unset http.https://github.com.proxy 15git config --global --unset https.https://github.com.proxy
重启脚本:
vi /usr/bin/restart-ss
1#!/usr/bin/env bash 2 3stop-ss 4start-ss