1
sudo vim /etc/ssh/sshd_config
2
PermitRootLogin yes
3
PasswordAuthentication yes
4
sudo vim /root/.ssh/authorized_keys
5
sudo passwd user
6
sudo passwd root

1
# 更新系统
2
apt update -y && apt upgrade -y
3
# 安装工具
4
apt install socat nginx wget unzip -y
5
# https://github.com/p4gefau1t/trojan-go/releases
6
# 为 trojan-go 安置文件夹
7
mkdir -p /opt/trojan-go/
8
# 下载  trojan-go v0.10.6
9
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip -P /opt/trojan-go/
10
# 解压
11
unzip /opt/trojan-go/trojan-go-linux-amd64.zip -d /opt/trojan-go/

1
# 安装 acme.sh
2
curl https://get.acme.sh | sh
3
# 刷新环境
4
source ~/.bashrc
5
# 设置默认CA机构
6
acme.sh --set-default-ca --server letsencrypt
7
# 申请证书
8
acme.sh --issue -d $domain --standalone -k ec-256 --force
9
# 新建外部使用证书文件夹
10
mkdir -p /ssl/$domain/
11
# 发布到外部文件夹
12
acme.sh --installcert -d $domain --fullchainpath /ssl/$domain/fullchain.crt --keypath /ssl/$domain/privkey.key --ecc --force

1
cat > /etc/nginx/sites-available/$domain << EOF
2
server {
3
    listen 80;
4

5
    root /var/www/html;
6
    index index.html index.htm index.nginx-debian.html;
7
    server_name ${domain};
8
    location / {
9
        try_files \$uri \$uri/ =404;
10
    }
11

12
    if ( \$remote_addr != 127.0.0.1 ) {
13
        rewrite ^/(.*)$ https://${domain}/$1 redirect;
14
    }
15

16
    access_log /var/log/nginx/${domain}.access.log;
17
    error_log /var/log/nginx/${domain}.error.log;
18
}
19
EOF
20

21
sed -i "s/\${domain}/$domain/g" /etc/nginx/sites-available/$domain
22
# 启用虚拟主机(一个web服务)
23
ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/
24

25
systemctl enable nginx --now
26
systemctl stop nginx
27
systemctl start nginx
28
systemctl status nginx

1
cat > /opt/trojan-go/server.yaml << EOF
2
run-type: server
3
local-addr: 0.0.0.0
4
local-port: ${local_port} # trojan服务的端口
5
remote-addr: 127.0.0.1
6
remote-port: 80         # 非法请求重定向
7
password:
8
  - ${password}         # 密码
9
ssl:
10
  cert: /ssl/${domain}/fullchain.crt
11
  key: /ssl/${domain}/privkey.key
12
  sni: ${domain}
13
router:
14
  enabled: true
15
  block:
16
    - 'geoip:private'
17
  geoip: /opt/trojan-go/geoip.dat
18
  geosite: /opt/trojan-go/geosite.dat
19
mux:
20
  enabled: true
21
websocket:
22
  enabled: false
23
EOF
24

25
sed -i "s/\${domain}/$domain/g" /opt/trojan-go/server.yaml
26
sed -i "s/\${local_port}/$local_port/g" /opt/trojan-go/server.yaml
27
sed -i "s/\${password}/$password/g" /opt/trojan-go/server.yaml

1
cat > /etc/systemd/system/trojan-go.service << EOF
2
[Unit]
3
Description=Trojan-Go - An unidentifiable mechanism that helps you bypass GFW
4
Documentation=https://p4gefau1t.github.io/trojan-go
5
After=network.target nss-lookup.target
6

7
[Service]
8
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
9
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
10
NoNewPrivileges=true
11
ExecStart=/opt/trojan-go/trojan-go -config /opt/trojan-go/server.yaml
12
Restart=on-failure
13
RestartSec=10s
14
LimitNOFILE=infinity
15

16
[Install]
17
WantedBy=multi-user.target
18
EOF
19
# 刷新守护进程配置
20
systemctl daemon-reload
21

22
# 启用 trojan-go 服务
23
systemctl enable trojan-go --now
24
systemctl stop trojan-go
25
systemctl start trojan-go
26
systemctl status trojan-go

1
trojan://${password}@${domain}:${local_port}#Trojan-Server
2
# https://github.com/CareyWang/sub-web
3
https://bianyuan.xyz/