Ttojan-go+Caddy节点搭建,TLS证书由Caddy自动申请及更新,支持CDN
1、开启BBR加速
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p2、更新软件源及安装组件
apt updateapt install wgetapt install unzip3、下载go
wget https://go.dev/dl/go1.20.2.linux-amd64.tar.gz4、解压go
tar -C /usr/local -xzf go1.20.2.linux-amd64.tar.gz5、设置PATH
export PATH=$PATH:/usr/local/go/bin6、使用xcaddy编译安装Caddy
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest~/go/bin/xcaddy build --output caddy --with github.com/mholt/caddy-l4 --with github.com/mholt/caddy-dynamicdns --with github.com/caddy-dns/alidns --with github.com/caddy-dns/cloudflare --with github.com/caddy-dns/dnspod --with clevergo.tech/caddy-dnspodcn --with github.com/caddy-dns/duckdns --with github.com/mholt/caddy-webdavsetcap cap_net_bind_service=+ep ./caddy7、创建caddy的配置文件
mkdir /etc/caddy/cd /etc/caddy/touch config.json8、caddy配置信息(/etc/caddy/config.json)
{
"storage": {
"module": "file_system",
"root": "/etc/ssl"
},
"apps": {
"http": {
"servers": {
"h1": {
"listen": [
":80"
],
"routes": [
{
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"https://{http.request.host}{http.request.uri}"
]
},
"status_code": 301
}
]
}
]
},
"h1h2c": {
"listen": [
"127.0.0.1:85" //http/1.1及h2本地监听端口
],
"routes": [
{
"match": [
{
"host": [
"x.y.z" //限定域名访问,修改为自己的域名
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "headers",
"response": {
"set": {
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains; preload"
]
}
}
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.reverse_proxy.upstream.hostport}"
],
"X-Forwarded-Host": [
"{http.request.host}"
]
}
}
},
"transport": {
"protocol": "http",
"tls": {}
},
"upstreams": [
{
"dial": "www.bing.com:443" //伪装网站,自己修改
}
]
}
]
}
]
}
]
}
],
"automatic_https": {
"disable": true
},
"protocols": [
"h1","h2c"
]
}
}
},
"tls": {
"certificates": {
"automate": [
"x.y.z" //自动管理TLS证书,修改为自己的域名
]
},
"automation": {
"policies": [
{
"issuers": [
{
"module": "acme"
}
]
}
]
}
}
}
}9、将caddy移动/usr/bin/
mv caddy /usr/bin/10、测试配置文件是否有效
/usr/bin/caddy run --config /etc/caddy/config.json11、caddy开机自启配置信息(/etc/systemd/system/caddy.service)
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/config.json
ExecReload=/usr/bin/caddy reload --config /etc/caddy/config.json
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target12、在etc目录下创建trojan-go文件夹
mkdir /etc/trojan-go/13、下载trojan-go(/etc/trojan-go/)
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip14、解压trojan-go
unzip trojan-go-linux-amd64.zip15、trojan-go配置信息(/etc/trojan-go/config.json)
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443, //监听端口
"remote_addr": "127.0.0.1",
"remote_port": 85, //http/1.1与h2回落端口
"password": [
"xxxxxx" //修改为自己的密码
],
"ssl": {
"cert": "/etc/ssl/certificates/acme-v02.api.letsencrypt.org-directory/x.y.z/x.y.z.crt", //证书位置,绝对路径
"key": "/etc/ssl/certificates/acme-v02.api.letsencrypt.org-directory/x.y.z/x.y.z.key", //密钥位置,绝对路径
"key_password": "",
"prefer_server_cipher": true,
"cipher": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"curves": "",
"sni": "x.y.z", //修改为自己的域名
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": true,
"plain_http_response": "",
"fallback_addr": "",
"fallback_port": 0
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"prefer_ipv4": false
},
"mux": {
"enabled": true,
"concurrency": 8,
"idle_timeout": 60
},
"router": {
"enabled": true,
"block": [
"geoip:private"
],
"geoip": "/etc/trojan-go/geoip.dat",
"geosite": "/etc/trojan-go/geosite.dat"
},
"websocket": {
"enabled": true,
"path": "/Ray123", //ws路径
"host": "x.y.z" //修改为自己的域名
}
}16、trojan-go开机自启配置信息(/etc/systemd/system/trojan-go.service)
[Unit]
Description=Trojan-Go - An unidentifiable mechanism that helps you bypass GFW
Documentation=https://p4gefau1t.github.io/trojan-go/
After=network.target nss-lookup.target
[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/etc/trojan-go/trojan-go -config /etc/trojan-go/config.json
Restart=on-failure
RestartSec=10
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.targetsystemctl daemon-reload
systemctl start caddy
systemctl enable caddy
systemctl status caddy
systemctl start trojan-go
systemctl enable trojan-go
systemctl status trojan-go
本文链接:
/archives/1680052985045
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
Ray!
喜欢就支持一下吧
