ubuntu 搭建Trojan服务 启动vpn服务

特点

高性能、难以检测的代理工具

安装依赖

sudo apt update
sudo apt install curl nginx certbot python3-certbot-nginx mysql-server

下载和安装Trojan

# 下载最新版Trojan
sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"

申请SSL证书

# 替换your-domain.com为您的域名
sudo certbot certonly --standalone -d your-domain.com
// 注意：可能要将 nginx 停掉 （nginx stop）

# 复制证书到Trojan目录
sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem /usr/local/etc/trojan/certificate.crt
sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem /usr/local/etc/trojan/private.key

配置Trojan服务器

编辑配置文件 /usr/local/etc/trojan/config.json：
修改password ，ssl.cert ，ssl.key，其他不用改

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 80,
    "password": [
        "your_strong_password_1",
        "your_strong_password_2"
    ],
    "log_level": 1,
    "ssl": {
        "cert": "/usr/local/etc/trojan/certificate.crt",
        "key": "/usr/local/etc/trojan/private.key",
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": ""
    }
}

配置Nginx作为前端

创建Nginx配置文件 /etc/nginx/sites-available/trojan

server {
    listen 80;
    server_name your-domain.com;

    # 伪装网站内容
    location / {
        root /var/www/html;
        index index.html;
    }

    # 阻止对Trojan路径的直接访问
    location /trojan {
        return 404;
    }
}

启用Nginx配置

sudo ln -s /etc/nginx/sites-available/trojan /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

启动Trojan服务

# 启动Trojan
sudo systemctl start trojan
sudo systemctl enable trojan

# 检查状态
sudo systemctl status trojan

使用客户端

https://clashx.info/

https://clashmac.com/

https://itlanyan.com/trojan-clients-download/comment-page-1/

配置 - 打开配置文件夹，copy config.yaml to your-doman.yaml
添加 Trojan 配置

proxies:

# Trojan
- name: "trojan"
  type: trojan
  server: your-domain.com
  port: 443
  password: password1
  alpn:
     - h2
     - http/1.1
  # skip-cert-verify: true

# 代理组策略
# 策略组示例请查阅 Clash 项目 README 以使用最新格式：https://github.com/Dreamacro/clash/blob/master/README.md
proxy-groups: