Install and deploy Trojan-Go in Docker with Nginx as a companion for multi-domain requests.
Prepare
- Open 80、443 ports for the server to external.
- Nginx occupies 80, 443, and 1443 ports.
- Trojan-Go occupies 25550 ports.
Request sorts: client request to Nginx that matched to Trojan-Go, if not matched then to another domain.
Note: Please notice server ports whether open, I suggest you limit ports.
# Check the server's firewall status
sudo ufw status
# Allow ports able request
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
# Open firewall
sudo ufw enable
Install Docker
sudo apt update
curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh
Note
Need to create the directory in your server corresponding to the docker container, then to the directory for running the docker container command. For example, create a named ’nginx’ directory and cd nginx to run the docker container command.
Free SSL website: https://www.sslforfree.com/
Nginx
Running container
Need settings the nginx.conf file and SSL certificates to upload to nginx/conf directory before running the container.
docker run --restart=always --name nginx -d --network host -v $(pwd)/html:/usr/share/nginx/html -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf -v $(pwd)/logs:/var/log/nginx -v $(pwd)/conf:/etc/nginx/conf nginx:1.18.0
nginx.conf
Suppose xxx.tk is an example, request www.xxx.tk domain forward to trojan-go to handle nor default forward 1443 port to handle. Note: mainly listening to 443 port then to forward.
Add server 1443 listening chunk if you have other domains that need to settings.
stream {
map $ssl_preread_server_name $backend_name {
www.xxx.tk trojan;
default web;
}
upstream web {
server 127.0.0.1:1443;
}
upstream trojan {
server 127.0.0.1:22250;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}
http {
server {
listen 1443 ssl;
server_name xxx.tk;
client_max_body_size 1000M;
ssl_certificate /etc/nginx/conf/certificate.crt;
ssl_certificate_key /etc/nginx/conf/private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
rewrite .* https://github.com;
}
server {
listen 80;
server_name xxx.tk;
client_max_body_size 1000M;
rewrite .* https://github.com;
}
}
Description
xxx.tk domain responsibility for open-show website content, www.xxx.tk this sub-domain responsibility communication between trojan-go.
First of all, settings nginx.conf file finished then you need a insure xxx.tk domain able to request.
Trojan-Go
Running container
SSL certificates upload to the running command’s directory and need settings config.json file
docker run \
--name trojango \
--restart=always \
-d \
-v $(pwd):/etc/trojan-go \
--network host \
p4gefau1t/trojan-go \
/etc/trojan-go/config.json
config.json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 22250,
"remote_addr": "xxx.tk",
"remote_port": 80,
"password": [
"123456"
],
"ssl": {
"cert": "/etc/trojan-go/certificate.crt",
"key": "/etc/trojan-go/private.key",
"sni": "www.xxx.tk",
"fallback_addr": "127.0.0.1",
"fallback_port": 1443
},
"mux": {
"enabled": true
}
}
Clash proxies
{name: test, type: trojan, server: www.xxx.tk, port: 443, password: 123456, skip-cert-verify: true}
