怎样在只有ipv6的vps上部署trojan-gfw?
应对评论要求和我的个人经验,这里给大家分享怎样在只有ipv6的vps上面部署trojan-gfw,证书的部分我这里直接去某个网站下载下来,从网站下载的证书只有1年有效期,部署很简单,但还是算了吧。我这里还是介绍用命令行来申请证书。
准备好一个域名,添加AAAA记录指向自己的ipv6地址
以下操作在vultr Ubuntu 19.10演示,其他Debian也一样啦
Info! 💬
本地要有ipv6,ssh连接到主机
证书acmesh从GitHub下载安装,显然无法在纯ipv6环境下使用,这里转用certbot
</div>
#ad
安装certbot和trojan
1
2
3
4
add-apt-repository ppa:certbot/certbot -y
add-apt-repository ppa:greaterfire/trojan -y
apt-get update
apt-get install trojan certbot -y
申请证书 只能用下面的方法
1
2
3
4
5
6
certbot certonly --standalone -d scaleya.xyz
# 生成ok,提示
Your certificate and chain have been saved at
/etc/letsencrypt/live/scaleya.xyz/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/scaleya.xyz/privkey.pem
给权限 默认的证书叭叭叭拉拉啊了
1
2
3
4
sudo chmod +rx /etc/letsencrypt/live
sudo chmod +rx /etc/letsencrypt/archive
chmod +r /etc/letsencrypt/archive/scaleya.xyz/privkey1.pem
# 注意换成自己的域名
修改trojan配置
1
2
3
4
nano /etc/trojan/config.json
line 3: 监听ipv6
line 7-10:trojan多用户密码
line 13-14: 证书换成自己的
config.json 示例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
...
"run_type" : "server" ,
"local_addr" : "::" ,
"local_port" : 443 ,
"remote_addr" : "127.0.0.1" ,
"remote_port" : 80 ,
"password" : [
"password1" ,
"password2"
] ,
"log_level" : 1 ,
"ssl" : {
"cert" : "/etc/letsencrypt/live/scaleya.xyz/fullchain.pem" ,
"key" : "/etc/letsencrypt/live/scaleya.xyz/privkey.pem" ,
"key_password" : "" ,
"cipher" : "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:E>
" cipher_tls 13 ": " TLS_AES_ 128 _GCM_SHA 256 : TLS_CHACHA 20 _POLY 1305 _SHA 256 : T>
"prefer_server_cipher" : true ,
...
启动Trojan 开机自启
1
2
3
systemctl enable trojan
systemctl start trojan
#systemctl status trojan
定时重启
1
2
3
4
apt-get install cron -y
#systemctl status cron
echo "0 0 * * * root service trojan restart" >> /etc/crontab
systemctl restart cron
删除证书
1
2
certbot delete --cert-name scaleya.xyz
# 或者 certbot delete 然后输入数字 选择删除的域名
Danger! 💀
似乎没放伪装站,不过影响不大。
#ad
远程协助在Telegram上联系我!
发送需求至邮箱可远程协助!
#邮箱
ycycxz@gmail.com