如果对使用SSH工具/域名解析还没有概念的朋友,推荐大家参考这篇文章进行搭建: 2020最新一键搭建Trojan实现科学上网超详细教程

原理:

trojan监听443端口,再配合web服务器实现伪装,访问80端口重定向443端口,所以需要https证书,同时访问域名是正常的网站,避开GFW的检测,相对难检测到。

搭建环境:

Debian 9 64位

搭建准备:

1.准备一台VPS:国外高性价比搭梯子服务器大全

2.申请域名证书:https://freessl.cn/或者https://letsencrypt.org/

3.购买域名并将其解析到主机: www.name.com 或者 www.namesilo.com

搭建Trojan服务

切换为root用户, 安装sudo命令工具

su
apt-get install sudo

升级系统及安装XZ

sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install xz-utils -y

安装Trojan

sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"

替换配置文件

sed  -i 's/path/etc/g' /usr/local/etc/trojan/config.json
sed  -i 's/to/trojan/g' /usr/local/etc/trojan/config.json
sed  -i 's/certificate.crt/trojan.crt/g' /usr/local/etc/trojan/config.json
sed  -i 's/private.key/trojan.key/g' /usr/local/etc/trojan/config.json
sed  -i 's/password1/yourpasswd/g' /usr/local/etc/trojan/config.json
sed  -i 's/password2/yourpasswd/g' /usr/local/etc/trojan/config.json

修改配置文件

sudo vim  /usr/local/etc/trojan/config.json

只需修改客户端连接密码和申请的域名证书文件路径,其他默认

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 80,
    "password": [
        "password1", //设置客户端连接密码,不支持特殊符号,可设置多个密码,用于多用户连接使用
        "password2"
    ],
    "log_level": 1,
    "ssl": {
        "cert": "/etc/trojan/trojan.crt", //申请的证书路径.pem后缀文件或.crt后缀文件
        "key": "/etc/trojan/trojan.key", //申请的密钥.key后缀文件
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": ""
    }
}

更多参数配置,请参考:https://trojan-gfw.github.io/trojan/config.html

开启trojan服务

sudo systemctl start trojan
sudo systemctl enable trojan

查看启用状态,用于启动失败排错

journalctl -e -u trojan.service

搭建nginx 服务

安装nginx

sudo apt install nginx -y

修改配置文件

删除默认配置文件,只留conf.d目录下配置文件

sudo rm -rf /etc/nginx/sites-available/
sudo rm -rf /etc/nginx/sites-enabled/
sudo rm -rf /etc/nginx/conf.d/default.conf
sudo touch /etc/nginx/conf.d/trojan.conf
sudo vim /etc/nginx/conf.d/trojan.conf

用下面的文件复制到trojan.conf中,将example.com替换为自己的域名(3处),其他默认

server {
    listen 127.0.0.1:80; #放在Trojan后面即可做伪装也可以是真正的网站
    server_name example.com; # 申请的域名,例如betterme.xin www.betterme.xin
    location / {
        # 这里可以反向代理自己另外一个网站,比如 proxy_pass https://betterme.xin;
    	root /usr/share/nginx/html/; #默认的根目录
        index index.html; #默认的html文件
        }
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; #HSTS标头
}

server {
    listen 80;
    listen [::]:80;
    server_name example.com; # 替换为自己的域名
    return 301 https://example.com; #301 https重定向 (替换为自己的域名)
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

检测配置文件是否正确,错误请修改正确。

nginx -t

软启动nginx

nginx -s reload

在浏览器输入自己的域名看看是否显示nginx页面,有则表示nginx配置成功

安装 bbrplus 加速

输入加速脚本安装

wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"
chmod +x tcp.sh
./tcp.sh

选择2: 安装 BBRplus版内核 , 当提示是否卸载内核时,选择[否/no] ,安完后reboot重启,这一步如果出现问题可以再执行一次脚本,卸载掉后重装

再执行一次./tcp.sh 选择7启用bbr plus

查看是否启用成功

sudo sysctl -p

当显示net.ipv4.tcp_congestion_control = bbrplus表示启用bbrplus成功

选装dns缓存配置

备份原有配置文件、自己新建

sudo dpkg --configure -a
sudo apt-get install dnsmasq -y sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak sudo touch /etc/dnsmasq.conf

监听本机

sudo echo "port=53" >> /etc/dnsmasq.conf
sudo echo "no-resolv" >> /etc/dnsmasq.conf
sudo echo "server=1.1.1.1#53" >> /etc/dnsmasq.conf
sudo echo "interface=lo" >> /etc/dnsmasq.conf
sudo echo "listen-address=127.0.0.1" >> /etc/dnsmasq.conf
sudo echo "cache-size=1000" >> /etc/dnsmasq.conf

将resolvconf包卸掉

apt-get autoremove resolvconf
reboot

重新登陆,修改权限

chmod a-w /etc/resolv.conf 

设定系统dns服务器为本机

chattr -i /etc/resolv.conf && echo "nameserver 127.0.0.1" > /etc/resolv.conf && chattr +i /etc/resolv.conf

开启服务并查看启动状态

sudo systemctl restart dnsmasq
sudo systemctl status dnsmasq

客户端配置:

Windows:Trojan节点使用Windows客户端配置教程

Android:Trojan节点安卓版如何连接?

Chrome:如何在Chrome浏览器上使用SwitchyOmega插件连接Trojan节点?

MAC: trojan mac版客户端配置trojan节点教程

IOS: 苹果IOS如何连接Trojan节点?

如果嫌麻烦的话推荐大家用一键脚本搭建:Trojan搭建教程/一键脚本安装,快速实现科学上网

如果有想要直接下载就能使用的朋友,大家也可以看下我推荐的国外的优质梯子 :2020国外优质梯子推荐

来源: https://betterme.xin/posts/2019-12/trojan/

2 对 “在Debian9上手动搭建Trojan节点实现科学上网(方式1)”的想法;

  1. 请问 trojan服务 启动失败是怎么回事,查询状态如下:

    root@debian:~# sudo systemctl status trojan
    ● trojan.service – trojan
    Loaded: loaded (/etc/systemd/system/trojan.service; enabled; vendor preset: enabled)
    Active: activating (auto-restart) (Result: exit-code) since Sun 2020-04-26 23:45:16 HKT; 2s ago
    Docs: https://trojan-gfw.github.io/trojan/config
    https://trojan-gfw.github.io/trojan/
    Process: 938 ExecStart=/usr/local/bin/trojan /usr/local/etc/trojan/config.json (code=exited, status=1/FAILURE)
    Main PID: 938 (code=exited, status=1/FAILURE)

    Apr 26 23:45:16 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
    Apr 26 23:45:16 debian systemd[1]: trojan.service: Unit entered failed state.
    Apr 26 23:45:16 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.

    查看启用状态,失败状态如下:
    root@debian:~# journalctl -e -u trojan.service
    Apr 26 23:46:17 debian systemd[1]: Started trojan.
    Apr 26 23:46:17 debian trojan[979]: Welcome to trojan 1.15.1
    Apr 26 23:46:17 debian trojan[979]: [2020-04-26 23:46:17] [FATAL] fatal: bind: Address already in use
    Apr 26 23:46:17 debian trojan[979]: [2020-04-26 23:46:17] [FATAL] exiting. . .
    Apr 26 23:46:17 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
    Apr 26 23:46:17 debian systemd[1]: trojan.service: Unit entered failed state.
    Apr 26 23:46:17 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
    Apr 26 23:46:21 debian systemd[1]: trojan.service: Service hold-off time over, scheduling restart.
    Apr 26 23:46:21 debian systemd[1]: Stopped trojan.
    Apr 26 23:46:21 debian systemd[1]: Started trojan.
    Apr 26 23:46:21 debian trojan[981]: Welcome to trojan 1.15.1
    Apr 26 23:46:21 debian trojan[981]: [2020-04-26 23:46:21] [FATAL] fatal: bind: Address already in use
    Apr 26 23:46:21 debian trojan[981]: [2020-04-26 23:46:21] [FATAL] exiting. . .
    Apr 26 23:46:21 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
    Apr 26 23:46:21 debian systemd[1]: trojan.service: Unit entered failed state.
    Apr 26 23:46:21 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
    Apr 26 23:46:24 debian systemd[1]: trojan.service: Service hold-off time over, scheduling restart.
    Apr 26 23:46:24 debian systemd[1]: Stopped trojan.
    Apr 26 23:46:24 debian systemd[1]: Started trojan.
    Apr 26 23:46:24 debian trojan[983]: Welcome to trojan 1.15.1
    Apr 26 23:46:24 debian trojan[983]: [2020-04-26 23:46:24] [FATAL] fatal: bind: Address already in use
    Apr 26 23:46:24 debian trojan[983]: [2020-04-26 23:46:24] [FATAL] exiting. . .
    Apr 26 23:46:24 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
    Apr 26 23:46:24 debian systemd[1]: trojan.service: Unit entered failed state.
    Apr 26 23:46:24 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
    Apr 26 23:46:27 debian systemd[1]: trojan.service: Service hold-off time over, scheduling restart.
    Apr 26 23:46:27 debian systemd[1]: Stopped trojan.
    Apr 26 23:46:27 debian systemd[1]: Started trojan.
    Apr 26 23:46:27 debian trojan[985]: Welcome to trojan 1.15.1
    Apr 26 23:46:27 debian trojan[985]: [2020-04-26 23:46:27] [FATAL] fatal: bind: Address already in use
    Apr 26 23:46:27 debian trojan[985]: [2020-04-26 23:46:27] [FATAL] exiting. . .
    Apr 26 23:46:27 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
    Apr 26 23:46:27 debian systemd[1]: trojan.service: Unit entered failed state.
    Apr 26 23:46:27 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.

发表评论

邮箱地址不会被公开。 必填项已用*标注