tls/ssl+trojan

技术 评论

tls/ssl+trojan协议实现虚拟攀爬

首先安装证书工具:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
yum install gnutls-utils -y   

安装完成后,可以使用如下命令查看证书工具是否安装成功:

# certtool --version

创建两个文本文件”ca.txt”和”trojan.txt”,作为证书模板来使用,文件内容分别如下:

/* ca.txt */
cn = "192.168.1.1"
organization = "GlobalSign RULTR"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key

/* trojan.txt */
cn = "192.168.1.1"
organization = "GlobalSign RULTR"
expiration_days = 3650
signing_key
encryption_key
tls_www_server

然后使用如下命令生成 CA 证书和 IP 地址域名证书:

# certtool --generate-privkey --outfile ca-key.pem
# certtool --generate-self-signed --load-privkey ca-key.pem --template ca.txt --outfile ca-cert.pem
# certtool --generate-privkey --outfile trojan-key.pem
# certtool --generate-certificate --load-privkey trojan-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template trojan.txt --outfile trojan-cert.pem


[下载trojan](https://github.com/trojan-gfw/trojan/releases/download/v1.14.1/trojan-1.14.1-linux-amd64.tar.xz)

配置trojan服务端
```json
{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 7990,
    "password": "wau0e9f8u3h",
    "log_level": 1,
    "ssl": {
        "cert": "/etc/trojan/trojan-cert.pem",
        "key": "/etc/trojan/trojan-key.pem",
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
        "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": ""
    }
}

复制
cp trojan-key.pem /etc/trojan
cp trojan-cert.pem /etc/trojan
cp config /etc/config

新建一个 Trojan 服务文件”/usr/lib/systemd/system/trojan.service”
nano /usr/lib/systemd/system/trojan.service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[Unit]
Description=trojan
Documentation=man:trojan(1) https://trojan-gfw.github.io/trojan/config https://trojan-gfw.github.io/trojan/
After=network.target mysql.service mariadb.service mysqld.service

[Service]
Type=simple
StandardError=journal
User=trojan
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/trojan  /etc/trojan/config
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
1
2
3
4
# 添加用户
groupadd -g 12345 trojan
useradd -g 12345 -s /usr/sbin/nologin trojan
chown -R trojan:trojan /etc/trojan

无人访问之无聊博客 ++

Powered by Netlify and Travis-ci