|
本帖最后由 nic2013 于 2020-2-27 11:27 编辑
核心内容:让 Trojan监听非443端口。
新建一个 vhost 让 LNMP/oneinstack 自动申请好 Let's Encrypt 证书。
修改 vhost 默认配置文件。
- server
- {
- listen 80;
- server_name www.www.91ai.net www.91ai.net;
- root /data/wwwroot/default;
- index index.html index.htm index.php;
- }
复制代码
在 /usr/local/nginx/conf/nginx.conf 的 http 字段添加如下代码
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
复制代码
/usr/local/nginx/sbin/nginx -t 测试一下,无误后 service nginx restart
让 Trojan监听非443端口,比如监听90端口。
cd /usr/src 目录,下载 Trojan 服务端 https://github.com/trojan-高墙/trojan/releases/download/v1.14.1/trojan-1.14.1-linux-amd64.tar.xz
解压 tar xf trojan-1.14.1-linux-amd64.tar.xz
在 /usr/src/trojan 目录新建一个 server.conf 配置文件
- {
- "run_type": "server",
- "local_addr": "0.0.0.0",
- "local_port": 90,
- "remote_addr": "127.0.0.1",
- "remote_port": 80,
- "password": [
- "password1"
- ],
- "log_level": 1,
- "ssl": {
- "cert": "/usr/local/nginx/conf/ssl/证书实际路径.crt",
- "key": "/usr/local/nginx/conf/ssl/证书实际路径.key",
- "key_password": "",
- "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
- "prefer_server_cipher": true,
- "alpn": [
- "http/1.1"
- ],
- "reuse_session": true,
- "session_ticket": false,
- "session_timeout": 600,
- "plain_http_response": "",
- "curves": "",
- "dhparam": ""
- },
- "tcp": {
- "no_delay": true,
- "keep_alive": true,
- "fast_open": false,
- "fast_open_qlen": 20
- },
- "mysql": {
- "enabled": false,
- "server_addr": "127.0.0.1",
- "server_port": 3306,
- "database": "trojan",
- "username": "trojan",
- "password": ""
- }
- }
复制代码
创建 Trojan 自启服务
Debian9 系统找到/lib/systemd/system/目录,并创建trojan.service文件
CentOS7 系统找到/usr/lib/systemd/system/目录,并创建trojan.service文件
打开trojan.service文件,并写入以下代码
- [Unit]
- Description=trojan
- After=network.target
-
- [Service]
- Type=simple
- PIDFile=/usr/src/trojan/trojan/trojan.pid
- ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf"
- ExecReload=
- ExecStop=/usr/src/trojan/trojan
- PrivateTmp=true
-
- [Install]
- WantedBy=multi-user.target
复制代码
设置启动 Trojan 服务
systemctl start trojan.service #启动 Trojan
systemctl enable trojan.service #设置 Trojan 服务开机自启
systemctl stop trojan.service #停止 Trojan
下载 Trojan 客户端软件
https://github.com/trojan-高墙/trojan/releases/download/v1.14.1/trojan-1.14.1-win.zip
把服务器上的 fullchain.crt 证书放到 本地 Trojan 客户端文件夹,重命名为fullchain.cer。
修改 Trojan 文件夹里面的config.json文件
- {
- "run_type": "client",
- "local_addr": "127.0.0.1",
- "local_port": 1080,
- "remote_addr": "www.www.91ai.net",
- "remote_port": 90, #与vps服务端端口一致
- "password": [
- "password1"
- ],
- "log_level": 1,
- "ssl": {
- "verify": true,
- "verify_hostname": true,
- "cert": "fullchain.cer",
- "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
- "sni": "",
- "alpn": [
- "h2",
- "http/1.1"
- ],
- "reuse_session": true,
- "session_ticket": false,
- "curves": ""
- },
- "tcp": {
- "no_delay": true,
- "keep_alive": true,
- "fast_open": false,
- "fast_open_qlen": 20
- }
- }
复制代码
|
|