phlinhng · March 28, 2024 13:39
diff --git a/a-trojan-with-nginx-stream-module.md b/a-trojan-with-nginx-stream-module.md
diff --git a/default.conf b/default.conf
 # 將 /etc/nginx/sites-available/default 的內容改成如下，可以實現全局 https 跳轉

 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
 }
diff --git a/nginx.conf b/nginx.conf
 # 在 /etc/nginx/nginx.conf 加入這段, 原先的內容不要刪
 stream {
 	map $ssl_preread_server_name $backend_name {
 		trojan.example.com trojan;
 		website1.example.com tls_backend;
 		website2.example.com tls_backend;
 		default web;
 	}

 	upstream web {
 		server 127.0.0.1:80;
 	}

 	upstream trojan {
 		server 127.0.0.1:8080;
 	}

 	upstream tls_backend {
 		server 127.0.0.1:8443;
 	}

 	server {
 		listen 443 reuseport;
 		listen [::]:443 reuseport;
 		proxy_pass  $backend_name;
 		ssl_preread on;
 	}
 }
diff --git a/trojan-go.conf b/trojan-go.conf
 {
  "run_type": "server",
  "local_addr": "127.0.0.1",
  "local_port": 8080,
  "remote_addr": "127.0.0.1",
  "remote_port": 80,
  "log_level": 5,
  "password": [
    "your_awesome_password"
  ],
  "ssl": {
    "verify_hostname": true,
    "cert": "/etc/ssl/trojan/fullchain.crt",
    "key": "/etc/ssl/trojan/key.key",
    "sni": "trojan.example.com",
    "alpn": [
      "http/1.1"
    ]
  },
  "router": {
    "enabled": false
  }
 }
diff --git a/trojan.conf b/trojan.conf
 # trojan 偽裝站設置
 # 將此檔案放到以下三種位置之一
 # 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
 # 位置2: 放到 /etc/nginx/conf.d
 # 位置3: 放到 /etc/nginx/sites-enabled

 server {
    listen 127.0.0.1:80;
    server_name trojan.example.com;

    root /var/www/html;
    index index.php index.html index.htm;
 }
diff --git a/web.conf b/web.conf
 # 其他網站全部監聽 127.0.0.1:8443, 在這個端口進行 TLS 握手
 # 將此檔案放到以下三種位置之一
 # 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
 # 位置2: 放到 /etc/nginx/conf.d
 # 位置3: 放到 /etc/nginx/sites-enabled

 server {
    listen 127.0.0.1:8443 ssl http2;
    server_name website1.example.com;

    ssl_certificate /path/to/fullchain.crt;
    ssl_certificate_key /path/to/key.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
    }
 }

 server {
    listen 127.0.0.1:8443 ssl http2;
    server_name website2.example.com;

    ssl_certificate /path/to/fullchain.crt;
    ssl_certificate_key /path/to/key.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
    }
 }
	# 將 /etc/nginx/sites-available/default 的內容改成如下，可以實現全局 https 跳轉

	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
	}
	# 在 /etc/nginx/nginx.conf 加入這段, 原先的內容不要刪
	stream {
	map $ssl_preread_server_name $backend_name {
	trojan.example.com trojan;
	website1.example.com tls_backend;
	website2.example.com tls_backend;
	default web;
	}

	upstream web {
	server 127.0.0.1:80;
	}

	upstream trojan {
	server 127.0.0.1:8080;
	}

	upstream tls_backend {
	server 127.0.0.1:8443;
	}

	server {
	listen 443 reuseport;
	listen [::]:443 reuseport;
	proxy_pass $backend_name;
	ssl_preread on;
	}
	}
	{
	"run_type": "server",
	"local_addr": "127.0.0.1",
	"local_port": 8080,
	"remote_addr": "127.0.0.1",
	"remote_port": 80,
	"log_level": 5,
	"password": [
	"your_awesome_password"
	],
	"ssl": {
	"verify_hostname": true,
	"cert": "/etc/ssl/trojan/fullchain.crt",
	"key": "/etc/ssl/trojan/key.key",
	"sni": "trojan.example.com",
	"alpn": [
	"http/1.1"
	]
	},
	"router": {
	"enabled": false
	}
	}
	# trojan 偽裝站設置
	# 將此檔案放到以下三種位置之一
	# 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
	# 位置2: 放到 /etc/nginx/conf.d
	# 位置3: 放到 /etc/nginx/sites-enabled

	server {
	listen 127.0.0.1:80;
	server_name trojan.example.com;

	root /var/www/html;
	index index.php index.html index.htm;
	}
	# 其他網站全部監聽 127.0.0.1:8443, 在這個端口進行 TLS 握手
	# 將此檔案放到以下三種位置之一
	# 位置1 (推荐): 放到 /etc/nginx/sites-available 下, 建立軟鏈到 /etc/nginx/sites-enabled
	# 位置2: 放到 /etc/nginx/conf.d
	# 位置3: 放到 /etc/nginx/sites-enabled

	server {
	listen 127.0.0.1:8443 ssl http2;
	server_name website1.example.com;

	ssl_certificate /path/to/fullchain.crt;
	ssl_certificate_key /path/to/key.key;
	ssl_protocols TLSv1.2 TLSv1.3;

	location / {
	}
	}

	server {
	listen 127.0.0.1:8443 ssl http2;
	server_name website2.example.com;

	ssl_certificate /path/to/fullchain.crt;
	ssl_certificate_key /path/to/key.key;
	ssl_protocols TLSv1.2 TLSv1.3;

	location / {
	}
	}