我之前写过V2ray+Nginx实现WebSocket+TLS伪装代理的博文,用了几个月,效果不错的。本来不准备更换方案,但是我发现MT7621主控的路由器跑V2ray最高就8Mbps左右的速度,电脑上可以跑到30Mbps。很明显路由器成为了瓶颈。相对于Golang写的V2ray,用C写的Trojan明显应该可以消耗更少的资源,于是有了更换Trojan的想法。
安装Trojan和Nginx
参考以下两个链接分别安装Nginx和Trojan,其中Trojan是在客户端和在服务器上都要安装的,跟SS不同,Trojan服务端和客户端是一体的。Nginx只需服务器安装就可以了。
Trojan官方Linux下安装指南
我之前写过编译安装和配置Nginx的博文
服务端设置
网上所有的方案就是让Trojan监听443端口,然后将识别出的正常网页流量转发到Nginx,这样无疑会降低访问正常网页的速度。但是想想我的网站也没多少访问量,而且这样应该会提升科学上网的速度,符合我的初衷,于是就开干了。
Nginx配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
user root;
worker_processes 2;
pid /var/run/nginx.pid;
error_log /var/log/nginx_error.log;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
client_header_buffer_size 4k;
open_file_cache max=102400 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
client_header_timeout 15;
client_body_timeout 15;
reset_timedout_connection on;
send_timeout 15;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 3;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
server_tokens off;
access_log /var/log/nginx_access.log;
server {
listen 0.0.0.0:80;
server_name weiyangbo.com www.weiyangbo.com; #此处填你网站的域名
root /www; #此处填你的网站目录
location / {
expires 10h;
fancyindex on;
fancyindex_exact_size off;
fancyindex_localtime on;
fancyindex_header "/fancyindex/header.html";
fancyindex_footer "/fancyindex/footer.html";
fancyindex_ignore "fancyindex" "Download"; #可以自定义文件服务器中不显示的文件或文件夹
fancyindex_name_length 500;
}
location ~* ^.+\.(jpg|gif|png|img|apk|tar.gz|wmv|jpeg|mp3|mp4|zip|rar)$ {
valid_referers none blocked www.weiyangbo.com weiyangbo.com;
if ($invalid_referer){
return 403;
break;
}
access_log off;
}
}
}
|
Nginx配置写完之后可以用nginx -t命令检查一下Nginx的配置文件有没有语法错误。然后nginx -s reload重启Nginx。
还有Trojan的服务端配置,默认在/usr/local/etc/trojan/config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| {
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"填你的密码",
"可以填多个"
],
"log_level": 1,
"ssl": {
"cert": "/etc/nginx/cert/xxxxxxx.pem",
"key": "/etc/nginx/cert/xxxxxxx.key",
"key_password": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": true,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
|
确认配置文件填好之后,可以尝试启动Trojan
sudo systemctl start trojan
如果没有报错应该是启动成功了,也可以sudo systemctl status trojan检查一下。
测试没有问题就可以加入开机自启了
sudo systemctl enable trojan
客户端配置
略
总结与后记
测试下来非常失望,在路由器上科学上网的的速度仅仅比V2ray好上一点点,原来正常网页的访问速度却是明显降低了。可能是我路由器真的该淘汰了。后来进一步测试发现是由于路由器上开起了BBR拥塞算法导致的,取消之后立马可以跑到30Mbps(服务器上限)。
