环境:centos7
一键安装trojan
# bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
配置trojan
以oblog.a333web.xyz为例
cat //cfwww.d8wz.com/usr/local/etc/trojan/config.json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 8483,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"888899996666"
],
"log_level": 1,
"ssl": {
"cert": "/etc/letsencrypt/live/oblog.a333web.xyz/fullchain.pem",
"key": "/etc/letsencrypt/live/oblog.a333web.xyz/privkey.pem",
"key_password": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"alpn_port_override": {
"h2": 81
},
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": "",
"key": "",
"cert": "",
"ca": ""
}
}
安装nginx
yum -y install gcc gcc-c++ autoconf automake make zlib zlib-devel openssl openssl-devel pcre pcre-devel wget
yum install git -y
wget https://www.openssl.org/source/openssl-1.1.1q.tar.gz --no-check-certificate
tar xzf openssl-1.1.1q.tar.gz
git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli
git submodule update --init
cd
#wget http://nginx.org/download/nginx-1.12.2.tar.gz
wget https://nginx.org/download/nginx-1.22.1.tar.gz
tar -xf nginx-1.22.1.tar.gz
cd nginx-1.22.1
./configure \
--prefix=/usr/local/nginx \
--with-http_gzip_static_module \
--with-http_v2_module \
--with-openssl-opt=enable-tls1_3 \
--with-http_ssl_module \
--with-stream \
--with-stream_ssl_preread_module \
--with-openssl=/root/openssl-1.1.1q \
--add-module=../ngx_brotli
make
make install
mkdir -p /usr/local/nginx/conf.d;mkdir -p /usr/local/nginx/cert/
配置nginx伪装流量
useradd www
cat > /usr/local/nginx/conf/nginx.conf<<EOF
user www;
worker_processes auto;
error_log /dev/null;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
include mime.types;
default_type application/octet-stream;
access_log off;
log_format access '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
client_header_timeout 15;
client_body_timeout 60;
send_timeout 60;
client_max_body_size 20m;
server_tokens off;
gzip on;
gzip_min_length 2k;
gzip_buffers 4 32k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
include ../conf.d/*.conf;
}
EOF
cat > /usr/local/nginx/conf.d/de.conf <<EOF
server {
listen 80;
server_name oblog.a333web.xyz 127.0.0.1;
charset utf-8;
root /data/www/oblog.a333web.xyz/;
index index.html;
}
EOF
echo "测试" > /data/www/oblog.a333web.xyz/index.html
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx
echo "/usr/local/nginx/sbin/nginx">>/etc/rc.local
chmod +x /etc/rc.local
访问:http://oblog.a333web.xyz
获取免费ssl证书
yum install -y epel-release
yum install -y certbot
certbot certonly --webroot -w /data/www/oblog.a333web.xyz/ -d oblog.a333web.xyz -m fuxxklik2@gmail.com --agree-tos
ls /etc/letsencrypt/live/oblog.a333web.xyz/
注意:http://oblog.a333web.xyz 要访问得通
自动改端口,通过订阅信息更新
cat /root/trojan_port.sh
#!/bin/bash
#
function rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
n_time=`date +"%Y年%m月%d日 %H:%M:%S"`
p_port=8000
rnd=$(rand 1 999)
let n_port=${p_port}+$rnd
echo "新端口$n_port"
sed -i "/local_port/c \"local_port\": $n_port," /usr/local//cfwww.d8wz.com/etc/trojan/config.json
systemctl restart trojan
sleep 3
echo "最新端口:$n_port"
echo "trojan://888899996666@oblog.a333web.xyz:${n_port}?sni=oblog.a333web.xyz#%E7%BE%8E%E5%9B%BDtj-167.45"|base64 >/data/www/oblog.a333web.xyz/ttr
echo "订阅连接:http://oblog.a333web.xyz/ttr"
启动trojan:
systemctl start trojan
systemctl enable trojan
设置定时任务
crontab -l
1 1 21 * * /usr/bin/certbot renew --quiet
1 2,8,16 * * * /bin/bash /root/trojan_port.sh > /dev/null 2>&1
开启BBR加速
cd
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh
chmod +x bbr.sh
./bbr.sh
注释:
1、需要重启
2、就是升级内核,添加下面两个内核参数
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
客户端下载地址
安卓(v2rayNG_1.6.23.apk):https://github.com/2dust/v2rayNG/releases/tag/1.6.23
windows(3.29版本v2rayN-Core.zip):https://github.com/2dust/v2rayN/releases?page=3
订阅信息
http://oblog.a333web.xyz/ttr
后期
需要给http://oblog.a333web.xyz 这个加点静态或者php网站内容,伪装真实点
相关文章
暂无评论...