【补档】CentOS7 下搭建 Trojan 服务端(附带搬瓦工机器的一些特殊配制)
本文最后更新于 430 天前,其中的信息可能已经有所发展或是发生改变。

1、安装 Nginx 并启动
安装 Nginx:

yum -y install epel-release
yum -y install nginx
service nginx start
# 设置开机启动
systemctl enable nginx

访问 IP 测试下是否能访问到页面,不能到话去开启下防火墙和安全组,搬瓦工不需要这些操作因此在本文中略过。
接着配置 Nginx:

cd /etc/nginx
vi nginx.conf
# nginx.conf
    ...
    ...
    # ====== example.com ======
    # === usa-bwg-01.example.com ===
    server {
        listen       80;
        listen       [::]:80;
        server_name  usa-bwg-01.example.com;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        # Let's Encrypt 证书认证(优先级最高放在最前面)
        location ~ /.well-known {
            root /usr/share/nginx;
            allow all;
        }

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
    ...
    ...

之后重启:

nginx -s reload
service nginx restart

2、安装 certbot 并申请证书
安装:

yum -y install certbot

申请证书:

certbot certonly --webroot --agree-tos -v -t --email [email protected] -w /usr/share/nginx/ -d usa-bwg-01.example.com

这里我出现过两个错误:
① 搬瓦工上出现的证书过期错误:

...
...
    if 'timed out' in str(err) or 'did not complete (read)' in str(err):  # Python 2.6
TypeError: __str__ returned non-string (type Error)
An unexpected error occurred:
TypeError: __str__ returned non-string (type Error)
Please see the logfiles in /var/log/letsencrypt for more details.

想起来似乎是 2022 年上半年 Let's Encrypt 的证书过期过一次,于是检查了下服务器的根证书版本:

yum list updates -q | grep ca-certificates

返回的版本:

ca-certificates.noarch            2021.2.50-72.el7_9               updates

果然是过期了,更新下:

# 查看更新日志
rpm -qa --changelog ca-certificates | head -n5
# 安装更新
yum -y update ca-certificates

之后再申请就会成功了。
② 阿里云上碰到的 python2 脚本相关导入出错:

...
...
  File "/usr/lib/python2.7/site-packages/certbot/_internal/constants.py", line 6, in 
    from acme import challenges
  File "/usr/lib/python2.7/site-packages/acme/challenges.py", line 11, in 
    import requests
  File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in 
    from . import utils
  File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in 
    from .exceptions import InvalidURL
  File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in 
    from urllib3.exceptions import HTTPError as BaseHTTPError
  File "/usr/lib/python2.7/site-packages/urllib3/__init__.py", line 10, in 
    from .connectionpool import (
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 31, in 
    from .connection import (
  File "/usr/lib/python2.7/site-packages/urllib3/connection.py", line 45, in 
    from .util.ssl_ import (
  File "/usr/lib/python2.7/site-packages/urllib3/util/__init__.py", line 4, in 
    from .request import make_headers
  File "/usr/lib/python2.7/site-packages/urllib3/util/request.py", line 5, in 
    from ..exceptions import UnrewindableBodyError
ImportError: cannot import name UnrewindableBodyError

执行一下命令重新安装 python-requests 模块即可:

sudo pip uninstall requests
sudo pip uninstall urllib3
sudo yum remove python-urllib3
sudo yum remove python-requests
sudo yum install python-urllib3
sudo yum install python-requests

申请完成后别忘记添加定时任务更新证书,防止 3 个月后证书过期:

# 配置定时任务
crontab -e
# 每 12 小时更新一下证书
0 */12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
# 刷新定时任务
service crond restart

3、安装 Trojan-Go
注:这里使用 Trojan-Go 的原因是其支持连接复用,比起普通的 Trojan 服务端建立连接会更快,当然对后续视频的下载速度不会有太大影响。Trojan 原版和 Go 版的安装配置可以说是一样的,如果你想要安装原版的话只需要切换下载压缩包的地址即可。
下载并解压:

# 下载
yum -y install wget
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip
# 解压到 trojan-go 目录
mkdir trojan-go
yum -y install unzip
unzip -d trojan-go/ trojan-go-linux-amd64.zip

原版:

# 下载
yum -y install wget
wget https://github.com/trojan-gfw/trojan/releases/download/v1.16.0/trojan-1.16.0-linux-amd64.tar.xz
# 解压出 trojan 目录
tar -xvf trojan-1.16.0-linux-amd64.tar.xz
# 注意之后的操作中需要把 trojan-go 目录修改为 trojan

之后进入目录创建配置文件:

cd trojan-go
vi config.json

配置内容在下方,修改下你的密码和域名即可,我这里的可执行文件 trojan-go/root/trojan-go/ 中,如果你和我不一样也请自己更改下:

{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"log_level": 1,
"log_file": "/root/trojan-go/test.log",
"password": [
"YourPassword"
],
"buffer_size": 32,
"dns": [],
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "/etc/letsencrypt/live/usa-bwg-01.example.com/fullchain.pem",
"key": "/etc/letsencrypt/live/usa-bwg-01.example.com/privkey.pem",
"key_password": "",
"cipher": "",
"cipher_tls13": "",
"curves": "",
"prefer_server_cipher": false,
"sni": "usa-bwg-01.example.com",
"alpn": [
"http/1.1"
],
"session_ticket": true,
"reuse_session": true,
"plain_http_response": "",
"fallback_port": 80,
"fingerprint": "firefox",
"serve_plain_text": false
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"prefer_ipv4": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mux": {
"enabled": true,
"concurrency": 8,
"idle_timeout": 60
},
"router": {
"enabled": false,
"bypass": [],
"proxy": [],
"block": [],
"default_policy": "proxy",
"domain_strategy": "as_is",
"geoip": "/root/trojan-go/geoip.dat",
"geosite": "/root/trojan-go/geosite.dat"
},
"websocket": {
"enabled": false,
"path": "/",
"hostname": "usa-bwg-01.example.com",
"obfuscation_password": "",
"double_tls": true,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "/etc/letsencrypt/live/usa-bwg-01.example.com/fullchain.pem",
"key": "/etc/letsencrypt/live/usa-bwg-01.example.com/privkey.pem",
"key_password": "",
"prefer_server_cipher": false,
"sni": "usa-bwg-01.example.com",
"session_ticket": true,
"reuse_session": true,
"plain_http_response": ""
}
}
}

启动试下:

/root/trojan-go/trojan-go -config /root/trojan-go/config.json

如果跳出了请检查端口占用和日志。
端口占用查看:

yum -y install lsof
lsof -i:443

日志:

cat /root/trojan-go/test.log

Clash 中的配置段:

...
...
proxies:
- {name: Trojan-搬瓦工美国, type: trojan, server: usa-bwg-01.example.com, port: 443, password: YourPassword }
...
...

4、将 Trojan-Go 注册为服务方便开机启动
新建服务:

cd /usr/lib/systemd/system/
vi trojan-go.service

内容:

[Unit]
Description=trojan-go
After=network.target nss-lookup.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/root/trojan-go/trojan-go -config /root/trojan-go/config.json
Restart=on-failure
RestartSec=10
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target

之后的控制命令就很简单了:

# 启动
systemctl start trojan-go.service
# 关闭
systemctl stop trojan-go.service
# 设置开机自启动
systemctl enable trojan-go.service

结束。

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇