Recently the vmess + ws is getting blocked by GFW more and more often, so I need to change port every day
I decide to change to trojan-go which have more obfuscation function but requires
- A domain, I get it from namecheap which cost less than 10 USD / year
- New added record will work in minutes, but change of origin record will take days
-
A ssl certification, you can get free one from certbot
-
As usual your VPS with CN2 GIA route, which you can get from bandwagonhost(you need to login, click Client Area -> Services -> Order New Services to get CN2 server)
yum install nginx
# and change this part of the config file in /etc/nginx/nginx.conf
vim /etc/nginx/nginx.conf
server {
listen 80;
listen [::]:80;
server_name "fill in your domain name which you add to the record in the above screenshot";
systemctl restart nginxFollow the instruction, if it says The requested nginx plugin does not appear to be installed then
pip install letsencrypt-nginx
and rerun the fail command it should work
Run the certbot --nginx not the certonly one
After that, certbot will change your nginx config, it will bind 443 port, 80 port, and redirect 80 port to 443 port
But our trojan requires 443 port binding, so we need to change the config a liitle bit
For 443 port
- We change the port from 443 to 8900
- We remember the key_a and key_b location
For 80 port
- We remove the redirection, and copy what will be displayed on 443 port to 80 port
vim /etc/nginx/nginx.conf
# for the 443 port
server {
server_name xx;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
listen [::]:8900 ssl ipv6only=on; # managed by Certbot
listen 8900 ssl; # managed by Certbot
ssl_certificate key_a; # remember the key_a location
ssl_certificate_key key_b; # remember the key_b location
}
# for the 80 port
server {
listen 80;
listen [::]:80;
server_name xxx;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}Install trojan-go
git clone https://github.com/p4gefau1t/trojan-go.git
cd trojan-go
make
make install
cd build
# you can find a trojan-go binary hereWrite a server config, you will need to update the
- password
- key_a to the key_a location from above step
- key_b to the key_b location from above step
cat server.json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"your_password"
],
"ssl": {
"cert": "key_a",
"key": "key_b",
"fallback_port": 8900
}
}And start trojan-go in background or in a screen/tmux session
./trojan-go -config ./server.jsonThen you config the trojan connection from your mobile/PC it should work
This is part my clash config on Mac
- name: "trojan-111"
type: trojan
server: your_domain_name
port: 443
password: your_passwordThis is my v2rayNG config on Android
