Skip to content

Instantly share code, notes, and snippets.

@hitrust

hitrust/a-trojan-with-nginx-stream-module.md

Forked from phlinhng/a-trojan-with-nginx-stream-module.md
Created May 18, 2022 07:40
Show Gist options
  • Save hitrust/7f7f56728baa8e96f70517147d63fca7 to your computer and use it in GitHub Desktop.
Save hitrust/7f7f56728baa8e96f70517147d63fca7 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @phlinhng phlinhng revised this gist Sep 1, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion trojan.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -6,7 +6,7 @@

    server {
    listen 127.0.0.1:80;
    server_name ;
    server_name trojan.example.com;

    root /var/www/html;
    index index.php index.html index.htm;
  2. @phlinhng phlinhng revised this gist Sep 1, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion web.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    # 其他網站全部監聽 127.0.0.1:8082, 在這個端口進行 TLS 握手
    # 其他網站全部監聽 127.0.0.1:8443, 在這個端口進行 TLS 握手
    # 將此檔案放到以下三種位置之一
    # 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
    # 位置2: 放到 /etc/nginx/conf.d
  3. @phlinhng phlinhng revised this gist Aug 25, 2020. 4 changed files with 8 additions and 8 deletions.
    6 changes: 3 additions & 3 deletions nginx.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -8,15 +8,15 @@ stream {
    }

    upstream web {
    server 127.0.0.1:8080;
    server 127.0.0.1:80;
    }

    upstream trojan {
    server 127.0.0.1:8081;
    server 127.0.0.1:8080;
    }

    upstream tls_backend {
    server 127.0.0.1:8082;
    server 127.0.0.1:8443;
    }

    server {
    4 changes: 2 additions & 2 deletions trojan-go.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -1,9 +1,9 @@
    {
    "run_type": "server",
    "local_addr": "127.0.0.1",
    "local_port": 8081,
    "local_port": 8080,
    "remote_addr": "127.0.0.1",
    "remote_port": 8080,
    "remote_port": 80,
    "log_level": 5,
    "password": [
    "your_awesome_password"
    2 changes: 1 addition & 1 deletion trojan.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -5,7 +5,7 @@
    # 位置3: 放到 /etc/nginx/sites-enabled

    server {
    listen 127.0.0.1:8080;
    listen 127.0.0.1:80;
    server_name ;

    root /var/www/html;
    4 changes: 2 additions & 2 deletions web.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -5,7 +5,7 @@
    # 位置3: 放到 /etc/nginx/sites-enabled

    server {
    listen 127.0.0.1:8082 ssl http2;
    listen 127.0.0.1:8443 ssl http2;
    server_name website1.example.com;

    ssl_certificate /path/to/fullchain.crt;
    @@ -17,7 +17,7 @@ server {
    }

    server {
    listen 127.0.0.1:8082 ssl http2;
    listen 127.0.0.1:8443 ssl http2;
    server_name website2.example.com;

    ssl_certificate /path/to/fullchain.crt;
  4. @phlinhng phlinhng revised this gist Aug 25, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion nginx.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -3,7 +3,7 @@ stream {
    map $ssl_preread_server_name $backend_name {
    trojan.example.com trojan;
    website1.example.com tls_backend;
    website2.example.com tls_backend;
    website2.example.com tls_backend;
    default web;
    }

  5. @phlinhng phlinhng renamed this gist Aug 25, 2020. 1 changed file with 0 additions and 0 deletions.
    0 trojan-with-nginx-stream-module.md → a-trojan-with-nginx-stream-module.md
    View file
    File renamed without changes.
  6. @phlinhng phlinhng renamed this gist Aug 25, 2020. 1 changed file with 0 additions and 0 deletions.
    0 README.md → trojan-with-nginx-stream-module.md
    View file
    File renamed without changes.
  7. @phlinhng phlinhng created this gist Aug 25, 2020.
    1 change: 1 addition & 0 deletions README.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1 @@
    利用 NGINX 的 Stream 模塊 sni_preread 功能,可以做到讓 Trojan 和其他網站在同一台機器上共享 443 端口。
    8 changes: 8 additions & 0 deletions default.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,8 @@
    # 將 /etc/nginx/sites-available/default 的內容改成如下,可以實現全局 https 跳轉

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
    }
    28 changes: 28 additions & 0 deletions nginx.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,28 @@
    # 在 /etc/nginx/nginx.conf 加入這段, 原先的內容不要刪
    stream {
    map $ssl_preread_server_name $backend_name {
    trojan.example.com trojan;
    website1.example.com tls_backend;
    website2.example.com tls_backend;
    default web;
    }

    upstream web {
    server 127.0.0.1:8080;
    }

    upstream trojan {
    server 127.0.0.1:8081;
    }

    upstream tls_backend {
    server 127.0.0.1:8082;
    }

    server {
    listen 443 reuseport;
    listen [::]:443 reuseport;
    proxy_pass $backend_name;
    ssl_preread on;
    }
    }
    23 changes: 23 additions & 0 deletions trojan-go.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,23 @@
    {
    "run_type": "server",
    "local_addr": "127.0.0.1",
    "local_port": 8081,
    "remote_addr": "127.0.0.1",
    "remote_port": 8080,
    "log_level": 5,
    "password": [
    "your_awesome_password"
    ],
    "ssl": {
    "verify_hostname": true,
    "cert": "/etc/ssl/trojan/fullchain.crt",
    "key": "/etc/ssl/trojan/key.key",
    "sni": "trojan.example.com",
    "alpn": [
    "http/1.1"
    ]
    },
    "router": {
    "enabled": false
    }
    }
    13 changes: 13 additions & 0 deletions trojan.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,13 @@
    # trojan 偽裝站設置
    # 將此檔案放到以下三種位置之一
    # 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
    # 位置2: 放到 /etc/nginx/conf.d
    # 位置3: 放到 /etc/nginx/sites-enabled

    server {
    listen 127.0.0.1:8080;
    server_name ;

    root /var/www/html;
    index index.php index.html index.htm;
    }
    29 changes: 29 additions & 0 deletions web.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,29 @@
    # 其他網站全部監聽 127.0.0.1:8082, 在這個端口進行 TLS 握手
    # 將此檔案放到以下三種位置之一
    # 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
    # 位置2: 放到 /etc/nginx/conf.d
    # 位置3: 放到 /etc/nginx/sites-enabled

    server {
    listen 127.0.0.1:8082 ssl http2;
    server_name website1.example.com;

    ssl_certificate /path/to/fullchain.crt;
    ssl_certificate_key /path/to/key.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
    }
    }

    server {
    listen 127.0.0.1:8082 ssl http2;
    server_name website2.example.com;

    ssl_certificate /path/to/fullchain.crt;
    ssl_certificate_key /path/to/key.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
    }
    }