前不久写了Docker 部署 Shadowsocks-libev和v2ray的教程,趁今晚有时间,补上群友一直想要的Docker 部署 trojan 服务端的教程。
一、创建 Dockerfile
mkdir trojan && cd trojan
vi Dockerfile
复制粘贴:
FROM alpine
RUN ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo Asia/Shanghai > /etc/timezone
RUN apk add --no-cache --virtual .build-deps \
wget \
tar \
curl \
build-base \
cmake \
boost-dev \
openssl \
openssl-dev \
mariadb-connector-c-dev \
&& mkdir /tmp/trojan \
&& cd /tmp/trojan \
&& wget https://github.com/trojan-gfw/trojan/archive/master.tar.gz -O trojan.tar.gz && tar -zxf trojan.tar.gz && mv -f trojan-master trojan \
&& (cd trojan && cmake . && make -j $(nproc) && strip -s trojan \
&& mv trojan /usr/local/bin) \
&& apk del .build-deps \
&& cd ~/ && rm -rf /tmp/trojan \
&& apk add --no-cache --virtual .trojan-rundeps \
libstdc++ \
boost-system \
boost-program_options \
mariadb-connector-c
CMD ["trojan", "/etc/trojan/config.json"]
二、创建 trojan 服务端配置
mkdir /etc/trojan
vi /etc/trojan/config.json
复制粘贴:
{
"run_type": "server",
"local_addr": "0.0.0.0、服务器IP或者域名都可以",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"你的密码,建议带特殊符号"
],
"log_level": 5,
"ssl": {
"cert": "/etc/trojan/cert/certificate.crt",
"key": "/etc/trojan/cert/private.key",
"key_password": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"alpn_port_override": {
"h2": 81
},
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": "",
"key": "",
"cert": "",
"ca": ""
}
}
其中ssl节点下的cert和key为域名证书路径,需要配置在/etc/trojan/cert路径下,并把域名证书上传到服务器 /etc/trojan/cert文件夹下,文件名需要和配置保持一致。
三、运行 trojan
1、创建镜像
docker build -t trojan .
2、启动容器
docker run --restart=always \
-p 443:443 \
--name=trojan \
-v /etc/trojan:/etc/trojan \
-i -t -d \
trojan
如果服务器上还有v2ray或者网站在运行,可以把端口映射为其他端口,如 -p 8443:443,然后用Apache或者Nginx反代使用443端口。
3、检查容器是否运行正常
docker ps -a
到此可以愉快的使用 trojan 客户端连接了!
关于修改 trojan 配置
执行:
vi /etc/trojan/config.json
修改自己想要的配置参数,保存退出后重启 trojan 容器即可生效
docker restart trojan