创建网站
Snipaste_2021-02-22_15-52-59.png

修改默认的 Nginx 配置
Snipaste_2021-02-22_15-56-32.png

  • 在events模块后面、http 模块前面增加如下代码,按照自己的域名进行更改:
stream {
    # 这里就是 SNI 识别,将域名映射成一个配置名
    map $ssl_preread_server_name $backend_name {
        baidu.net web;
        www.baidu.net trojan;
    # 域名都不匹配情况下的默认值
        default web;
    }

    # web,配置转发详情
    upstream web {
        server 127.0.0.1:4433;
    }

    # trojan,配置转发详情
    upstream trojan {
        server 127.0.0.1:10110;
    }

    # 监听 443 并开启 ssl_preread
    server {
        listen 443 reuseport;
        listen [::]:443 reuseport;
        proxy_pass  $backend_name;
        ssl_preread on;
    }
}

利用宝塔在线申请 SSL 证书

  • 在网站设置里面,勾选两个绑定的域名,并为其申请 SSL 证书和开启强制 Https 的访问。

Snipaste_2021-02-22_15-59-43.png

修改网站的Nginx配置文件

Snipaste_2021-02-22_16-01-04.png

  • 删除在 server 模块下面的 server_name 里面的trojan域名,只保留web域名
  • 更改server 模块下面的443端口为 4433。
  • 在原有的 server 模块下面增加如下代码
server
{
    listen 10111;
    server_name www.baidu.net;
    location / {
        
        if ($http_host !~ "^baidu.net$") {
          rewrite  ^(.*)    https://baidu.net$1 permanent;
        }
 
       if ($server_port !~ 4433){
        rewrite ^(.*)   https://baidu.net$1 permanent;
    }
 
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
    }
    access_log logs/aaa.com_access.log;
}

更改完毕以后,回到 Nginx 设置界面,重启 Nginx 服务

安装官方Trojan服务

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"

设置Trojan开启自动启动

systemctl enable trojan   #设置Trojan开启自动启动

修改Trojan配置文件

  • 找到VPS以下文件 /usr/local/etc/trojan/config.json 修改为如下代码:(自行更改密码和域名证书路径)
{
    "run_type": "server",
    "local_addr": "127.0.0.1",
    "local_port": 10110,
    "remote_addr": "127.0.0.1",
    "remote_port": 10111,
    "password": [
        "321321321"
    ],
    "log_level": 1,
    "ssl": {
        "cert": "/www/server/panel/vhost/cert/baidu.net/fullchain.pem",
        "key": "/www/server/panel/vhost/cert/baidu.net/privkey.pem",
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.1"
        ],
        "alpn_port_override": {
            "h2": 81
        },
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": "",
        "key": "",
        "cert": "",
        "ca": ""
    }
}

更改完毕以后,上传并保存,重启Trojan服务

systemctl restart trojan

一键安装脚本+各种加速模块

  • 该脚本运行一次以后,以后想调出该脚本使用,只需要在 VPS 命令行输入 vasma 即可
wget -P /root -N --no-check-certificate "https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh" && chmod 700 /root/install.sh && /root/install.sh