Docker 部署 trojan 服务最新版简单教程

前不久写了Docker 部署 Shadowsocks-libev和v2ray的教程,趁今晚有时间,补上群友一直想要的Docker 部署 trojan 服务端的教程。

一、创建 Dockerfile

mkdir trojan && cd trojan
vi Dockerfile

复制粘贴:

FROM alpine

RUN ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo Asia/Shanghai > /etc/timezone

RUN apk add --no-cache --virtual .build-deps \
        wget \
		tar \
		curl \
		build-base \
        cmake \
        boost-dev \
		openssl \
        openssl-dev \
        mariadb-connector-c-dev \
	&& mkdir /tmp/trojan \
	&& cd /tmp/trojan \
	&& wget https://github.com/trojan-gfw/trojan/archive/master.tar.gz -O trojan.tar.gz && tar -zxf trojan.tar.gz && mv -f trojan-master trojan \
    && (cd trojan && cmake . && make -j $(nproc) && strip -s trojan \
    && mv trojan /usr/local/bin) \
    && apk del .build-deps \
	&& cd ~/ && rm -rf /tmp/trojan \
    && apk add --no-cache --virtual .trojan-rundeps \
        libstdc++ \
        boost-system \
        boost-program_options \
        mariadb-connector-c

CMD ["trojan", "/etc/trojan/config.json"]

二、创建 trojan 服务端配置

mkdir /etc/trojan
vi /etc/trojan/config.json

复制粘贴:

{
    "run_type": "server",
    "local_addr": "0.0.0.0、服务器IP或者域名都可以",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 80,
    "password": [
        "你的密码,建议带特殊符号"
    ],
    "log_level": 5,
    "ssl": {
        "cert": "/etc/trojan/cert/certificate.crt",
        "key": "/etc/trojan/cert/private.key",
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.1"
        ],
        "alpn_port_override": {
            "h2": 81
        },
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": false,
        "server_addr": "127.0.0.1",
        "server_port": 3306,
        "database": "trojan",
        "username": "trojan",
        "password": "",
        "key": "",
        "cert": "",
        "ca": ""
    }
}

其中ssl节点下的cert和key为域名证书路径,需要配置在/etc/trojan/cert路径下,并把域名证书上传到服务器 /etc/trojan/cert文件夹下,文件名需要和配置保持一致。

trojan 证书路径

三、运行 trojan

1、创建镜像

docker build -t trojan .

2、启动容器

docker run --restart=always \
-p 443:443 \
--name=trojan \
-v /etc/trojan:/etc/trojan \
-i -t -d \
trojan

如果服务器上还有v2ray或者网站在运行,可以把端口映射为其他端口,如 -p 8443:443,然后用Apache或者Nginx反代使用443端口。

3、检查容器是否运行正常

docker ps -a

到此可以愉快的使用 trojan 客户端连接了!

关于修改 trojan 配置

执行:

vi /etc/trojan/config.json

修改自己想要的配置参数,保存退出后重启 trojan 容器即可生效

docker restart trojan