在Debian9上手动搭建Trojan节点实现科学上网(方式1)
如果对使用SSH工具/域名解析还没有概念的朋友,推荐大家参考这篇文章进行搭建: 2020最新一键搭建Trojan实现科学上网超详细教程
原理:
trojan监听443端口,再配合web服务器实现伪装,访问80端口重定向443端口,所以需要https证书,同时访问域名是正常的网站,避开GFW的检测,相对难检测到。
搭建环境:
Debian 9 64位
搭建准备:
1.准备一台VPS:国外高性价比搭梯子服务器大全
2.申请域名证书:https://freessl.cn/或者https://letsencrypt.org/
3.购买域名并将其解析到主机: www.name.com 或者 www.namesilo.com
搭建Trojan服务
切换为root用户, 安装sudo命令工具
su
apt-get install sudo升级系统及安装XZ
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install xz-utils -y安装Trojan
sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"替换配置文件
sed -i 's/path/etc/g' /usr/local/etc/trojan/config.json
sed -i 's/to/trojan/g' /usr/local/etc/trojan/config.json
sed -i 's/certificate.crt/trojan.crt/g' /usr/local/etc/trojan/config.json
sed -i 's/private.key/trojan.key/g' /usr/local/etc/trojan/config.json
sed -i 's/password1/yourpasswd/g' /usr/local/etc/trojan/config.json
sed -i 's/password2/yourpasswd/g' /usr/local/etc/trojan/config.json修改配置文件
sudo vim /usr/local/etc/trojan/config.json只需修改客户端连接密码和申请的域名证书文件路径,其他默认
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"password1", //设置客户端连接密码,不支持特殊符号,可设置多个密码,用于多用户连接使用
"password2"
],
"log_level": 1,
"ssl": {
"cert": "/etc/trojan/trojan.crt", //申请的证书路径.pem后缀文件或.crt后缀文件
"key": "/etc/trojan/trojan.key", //申请的密钥.key后缀文件
"key_password": "",
"cipher": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
更多参数配置,请参考:https://trojan-gfw.github.io/trojan/config.html
开启trojan服务
sudo systemctl start trojan
sudo systemctl enable trojan查看启用状态,用于启动失败排错
journalctl -e -u trojan.service搭建nginx 服务
安装nginx
sudo apt install nginx -y修改配置文件
删除默认配置文件,只留conf.d目录下配置文件
sudo rm -rf /etc/nginx/sites-available/
sudo rm -rf /etc/nginx/sites-enabled/
sudo rm -rf /etc/nginx/conf.d/default.conf
sudo touch /etc/nginx/conf.d/trojan.conf
sudo vim /etc/nginx/conf.d/trojan.conf用下面的文件复制到trojan.conf中,将example.com替换为自己的域名(3处),其他默认
server {
listen 127.0.0.1:80; #放在Trojan后面即可做伪装也可以是真正的网站
server_name example.com; # 申请的域名,例如betterme.xin www.betterme.xin
location / {
# 这里可以反向代理自己另外一个网站,比如 proxy_pass https://betterme.xin;
root /usr/share/nginx/html/; #默认的根目录
index index.html; #默认的html文件
}
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; #HSTS标头
}
server {
listen 80;
listen [::]:80;
server_name example.com; # 替换为自己的域名
return 301 https://example.com; #301 https重定向 (替换为自己的域名)
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}检测配置文件是否正确,错误请修改正确。
nginx -t软启动nginx
nginx -s reload在浏览器输入自己的域名看看是否显示nginx页面,有则表示nginx配置成功
安装 bbrplus 加速
输入加速脚本安装
wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"
chmod +x tcp.sh
./tcp.sh选择2: 安装 BBRplus版内核 , 当提示是否卸载内核时,选择[否/no] ,安完后reboot重启,这一步如果出现问题可以再执行一次脚本,卸载掉后重装
再执行一次./tcp.sh 选择7启用bbr plus
查看是否启用成功
sudo sysctl -p 当显示net.ipv4.tcp_congestion_control = bbrplus表示启用bbrplus成功
选装dns缓存配置
备份原有配置文件、自己新建
sudo dpkg --configure -a
sudo apt-get install dnsmasq -y sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak sudo touch /etc/dnsmasq.conf监听本机
sudo echo "port=53" >> /etc/dnsmasq.conf
sudo echo "no-resolv" >> /etc/dnsmasq.conf
sudo echo "server=1.1.1.1#53" >> /etc/dnsmasq.conf
sudo echo "interface=lo" >> /etc/dnsmasq.conf
sudo echo "listen-address=127.0.0.1" >> /etc/dnsmasq.conf
sudo echo "cache-size=1000" >> /etc/dnsmasq.conf将resolvconf包卸掉
apt-get autoremove resolvconf
reboot重新登陆,修改权限
chmod a-w /etc/resolv.conf 设定系统dns服务器为本机
chattr -i /etc/resolv.conf && echo "nameserver 127.0.0.1" > /etc/resolv.conf && chattr +i /etc/resolv.conf开启服务并查看启动状态
sudo systemctl restart dnsmasq
sudo systemctl status dnsmasq客户端配置:
Windows:Trojan节点使用Windows客户端配置教程
Android:Trojan节点安卓版如何连接?
Chrome:如何在Chrome浏览器上使用SwitchyOmega插件连接Trojan节点?
MAC: trojan mac版客户端配置trojan节点教程
IOS: 苹果IOS如何连接Trojan节点?
如果嫌麻烦的话推荐大家用一键脚本搭建:Trojan搭建教程/一键脚本安装,快速实现科学上网
如果有想要直接下载就能使用的朋友,大家也可以看下我推荐的国外的优质梯子 :2020国外优质梯子推荐
请问 trojan服务 启动失败是怎么回事,查询状态如下:
root@debian:~# sudo systemctl status trojan
● trojan.service – trojan
Loaded: loaded (/etc/systemd/system/trojan.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2020-04-26 23:45:16 HKT; 2s ago
Docs: https://trojan-gfw.github.io/trojan/config
https://trojan-gfw.github.io/trojan/
Process: 938 ExecStart=/usr/local/bin/trojan /usr/local/etc/trojan/config.json (code=exited, status=1/FAILURE)
Main PID: 938 (code=exited, status=1/FAILURE)
Apr 26 23:45:16 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 23:45:16 debian systemd[1]: trojan.service: Unit entered failed state.
Apr 26 23:45:16 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
查看启用状态,失败状态如下:
root@debian:~# journalctl -e -u trojan.service
Apr 26 23:46:17 debian systemd[1]: Started trojan.
Apr 26 23:46:17 debian trojan[979]: Welcome to trojan 1.15.1
Apr 26 23:46:17 debian trojan[979]: [2020-04-26 23:46:17] [FATAL] fatal: bind: Address already in use
Apr 26 23:46:17 debian trojan[979]: [2020-04-26 23:46:17] [FATAL] exiting. . .
Apr 26 23:46:17 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 23:46:17 debian systemd[1]: trojan.service: Unit entered failed state.
Apr 26 23:46:17 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
Apr 26 23:46:21 debian systemd[1]: trojan.service: Service hold-off time over, scheduling restart.
Apr 26 23:46:21 debian systemd[1]: Stopped trojan.
Apr 26 23:46:21 debian systemd[1]: Started trojan.
Apr 26 23:46:21 debian trojan[981]: Welcome to trojan 1.15.1
Apr 26 23:46:21 debian trojan[981]: [2020-04-26 23:46:21] [FATAL] fatal: bind: Address already in use
Apr 26 23:46:21 debian trojan[981]: [2020-04-26 23:46:21] [FATAL] exiting. . .
Apr 26 23:46:21 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 23:46:21 debian systemd[1]: trojan.service: Unit entered failed state.
Apr 26 23:46:21 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
Apr 26 23:46:24 debian systemd[1]: trojan.service: Service hold-off time over, scheduling restart.
Apr 26 23:46:24 debian systemd[1]: Stopped trojan.
Apr 26 23:46:24 debian systemd[1]: Started trojan.
Apr 26 23:46:24 debian trojan[983]: Welcome to trojan 1.15.1
Apr 26 23:46:24 debian trojan[983]: [2020-04-26 23:46:24] [FATAL] fatal: bind: Address already in use
Apr 26 23:46:24 debian trojan[983]: [2020-04-26 23:46:24] [FATAL] exiting. . .
Apr 26 23:46:24 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 23:46:24 debian systemd[1]: trojan.service: Unit entered failed state.
Apr 26 23:46:24 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
Apr 26 23:46:27 debian systemd[1]: trojan.service: Service hold-off time over, scheduling restart.
Apr 26 23:46:27 debian systemd[1]: Stopped trojan.
Apr 26 23:46:27 debian systemd[1]: Started trojan.
Apr 26 23:46:27 debian trojan[985]: Welcome to trojan 1.15.1
Apr 26 23:46:27 debian trojan[985]: [2020-04-26 23:46:27] [FATAL] fatal: bind: Address already in use
Apr 26 23:46:27 debian trojan[985]: [2020-04-26 23:46:27] [FATAL] exiting. . .
Apr 26 23:46:27 debian systemd[1]: trojan.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 23:46:27 debian systemd[1]: trojan.service: Unit entered failed state.
Apr 26 23:46:27 debian systemd[1]: trojan.service: Failed with result ‘exit-code’.
用这个脚本搭建一下:Trojan一键脚本搭建/安装超详细教程,秒杀v2ray/shadowsocks等梯子实现快速科学上网