trojan - xxooxxooxx/xxooxxooxx.github.io GitHub Wiki
nginx
- /etc/nginx/conf.d/example.com.conf
+-------------------------------+
80 ---nginx----127.0.0.1:80 |
| | |
443 ---trojan-------- |
+-------------------------------+
server {
listen 127.0.0.1:80;
server_name example.com;
location / {
proxy_pass https://www.example.org;
}
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
}
server {
listen 80;
listen [::]:80;
charset utf-8;
server_name example.com;
location ^~ /.well-known/acme-challenge/ {
default_type text/plain;
root /var/www/html;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80 default_server;
listen 127.0.0.1:80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
trojan
apt-get update && apt-get install curl socat -y&& curl https://get.acme.sh | sh
exec bash -l
acme.sh --upgrade --auto-upgrade
mkdir /etc/trojan/
acme.sh --issue -w /var/www/html -d example.com -k ec-256 --log --renew-hook "killall -s 10 trojan"
acme.sh --installcert -d example.com --fullchainpath /etc/trojan/trojan.crt --keypath /etc/trojan/trojan.key --ecc --reloadcmd "systemctl enable trojan.service"
nginx ->trojan
+--------------------------------------+
80/443-----nginx------trojan(127.0.0.1:447) |
| |--nginx_web(127.0.0.1:80) |
+--------------------------------------+
.
stream {
upstream other {
server 127.0.0.1:446;
}
upstream web {
server 127.0.0.1:445;
}
map $ssl_preread_server_name $backend_name {
www.example.com unix:/run/nginx-trojan-stream.sock;
xxx.example.com other;
default web;
}
server {
listen unix:/run/nginx-trojan-stream.sock proxy_protocol;
proxy_pass 127.0.0.1:447;
}
server {
listen 443 reuseport;
proxy_pass $backend_name;
proxy_protocol on;
ssl_preread on;
}
}
.
{
"run_type": "server",
"local_addr": "127.0.0.1",
"local_port": 447,
"remote_addr": "127.0.0.1",
"remote_port": 80,