Home

trojan

install

apt install trojan

prepare

准备公私钥对,申请证书,例如letsencrypt。

server/client可以分别申请,相互信任。

假设密码为mypasswd

server

假设server端:

  • host: xxx.example.com
  • port: 443
  • 私钥:/home/someusr/.cert/privkey.pem
  • 证书链: /home/someusr/.cert/fullchain.pem

配置/usr/local/etc/trojan/config.json:

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 80,
    "password": [
        "mypasswd"
    ],
    "log_level": 1,
    "ssl": {
        "cert": "/home/someusr/.cert/fullchain.pem",
        "key": "/home/someusr/.cert/privkey.pem",
        "key_password": "",
    "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.2", 
            "http/1.3", 
            "h2"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": "",
        "key": "",
        "cert": "",
        "ca": ""
    }
}

启动

 systemctl start trojan

添加开机启动

 systemctl enable trojan

client

假设client端:

  • 路径:/home/someclient/share/trojan
  • local port: 8888
  • cert chain:/home/someclient/share/trojan/fullchain.pem
  • priv key:/home/someclient/share/trojan/privkey.pem

配置/home/someclient/share/trojan/config.json:

{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 8888,
    "remote_addr": "xxx.example.com",
    "remote_port": 443,
    "password": [
        "mypasswd"
    ],
    "log_level": 1,
    "ssl": {
        "cert": "fullchain.pem",
        "key": "privkey.pem",
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.2",
            "http/1.3",
            "h2"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": "",
        "key": "",
        "cert": "",
        "ca": ""
    }
}

启动

cd /home/someclient/share/trojan
trojan -c config.json

Published

10 January 2024

Tags


Share On