trojan-usage-in-ubuntu

Posted on In

本文使用的trojan版本是1.16.0

安装

从这官网地址下载最新的软件。

1
cp -f trojan ~/.local/bin

压缩包里面的config.json是服务端的配置模板,这里暂时不用,只要进程即可。

配置

nvim ~/.local/etc/trojan.json,根据机场的节点修改

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 1080,
    "remote_addr": "修改这里",
    "remote_port": 修改这里注意是数值,
    "password": [
        "修改这里"
    ],
    "log_level": 1,
    "ssl": {
        "verify": true,
        "verify_hostname": true,
        "cert": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "sni": "",
        "alpn": [
            "h2",
            "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "curves": ""
    },
    "tcp": {
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    }
}
  • run_type: running trojan as client
  • local_addr: a SOCKS5 server interface will be bound to the specified interface. Feel free to change this to 0.0.0.0, ::1, :: or other addresses, if you know what you are doing.
  • local_port: a SOCKS5 interface will be bound to this port
  • remote_addr: server address (hostname)
  • remote_port: server port
  • password: password used for verification (only the first password in the array will be used)
  • log_level: how much log to dump. 0: ALL; 1: INFO; 2: WARN; 3: ERROR; 4: FATAL; 5: OFF.
  • ssl: SSL specific configurations
    • verify: whether to verify SSL certificate STRONGLY RECOMMENDED
    • verify_hostname: whether to verify SSL hostname (specified in the sni field) STRONGLY RECOMMENDED
    • cert: if verify is set to true, the same certificate used by the server or a collection of CA certificates could be provided. If you leave this field blank, OpenSSL will try to look for a system CA store and will be likely to fail. Certificates can be retrieved with this simple Python script.
    • cipher: a cipher list to send and use
    • cipher_tls13: a cipher list for TLS 1.3 to use
    • sni: the Server Name Indication field in the SSL handshake. If left blank, it will be set to remote_addr.
    • alpn: a list of ALPN protocols to send
    • reuse_session: whether to reuse SSL session
    • session_ticket: whether to use session tickets for session resumption
    • curves: ECC curves to send and use
  • tcp: TCP specific configurations
    • no_delay: whether to disable Nagle’s algorithm
    • keep_alive: whether to enable TCP Keep Alive
    • reuse_port: whether to enable TCP port reuse (kernel support required)
    • fast_open: whether to enable TCP Fast Open (kernel support required)
    • fast_open_qlen: the server’s limit on the size of the queue of TFO requests that have not yet completed the three-way handshake
参考trojan-gfw.github.io/trojan/config

系统服务

sudo -E vim /etc/systemd/system/trojan.service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[Unit]
Description=trojan
Documentation=man:trojan(1) https://trojan-gfw.github.io/trojan/config https://trojan-gfw.github.io/trojan/
After=network.target network-online.target nss-lookup.target mysql.service mariadb.service mysqld.service

[Service]
Type=simple
StandardError=journal
User=nobody
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/home/qlliu/.local/bin/trojan /home/qlliu/.local/etc/trojan.json # 注意这里的路径
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=1s

[Install]
WantedBy=multi-user.target

运行

1
2
3
4
5
systemctl start trojan
或者
service trojan start
或者
~/.local/bin/trojan ~/.local/etc/trojan.json