Comments (6)
killgcd4ever
commented on May 17, 2024
May 24 21:26:29 vultr.guest trojan-go[18101]: [ERROR] 2020/05/24 21:26:29 github.com/p4gefau1t/trojan-go/proxy.(*proxyOption).Handle:option.go:38 Failed to parse config file | 127.0.0.1:80 is not a valid web server | Get "https://127.0.0.1/"
启动之后报这个错误,什么意思?
from trojan-go.
p4gefau1t
commented on May 17, 2024
-
可以指定路径,请先仔细阅读文档并学习systemd的基本配置
-
trojan-go启动时,会检测用户提供的伪装http服务器是否有效,如果无效则拒绝启动服务,请先仔细阅读文档
from trojan-go.
killgcd4ever
commented on May 17, 2024
1.第一个问题,未找到文档说明,能指明在文档哪一节吗
2.确认伪装服务正常,因为原版trojan就是正常的
另外文档里面完整版的配置文件里面给出的内容有两处错误:
node:websocket->ssl->plain_http_response 后面多了一个逗号
node:api->ssl 外面一个花括号多了一个逗号
from trojan-go.
p4gefau1t
commented on May 17, 2024
-
请学习systemd的配置,阅读trojan-go.service,善用-h选项,并且readme也有提到如何启动服务
-
trojan-gfw可以启动,是因为trojan-gfw没有检测伪装服务合法性的机制。并且你所提供的日志并不完整,我也无法详细判定问题所在
-
文档已经修正,感谢提醒
from trojan-go.
killgcd4ever
commented on May 17, 2024
我的配置如下,烦请指正下,谢谢。因为我想和nginx和v2ray共存,所以利用了nginx的ngx_stream_ssl_preread_module模块的特性,把trojan-go放到了nginx后面。原版这样配置是没问题的。请问作者trojan-go该如何配置?顺便问下这样配置会不会降低安全性?如果实在要这样配置还有没有更好的建议?谢谢了,给你作揖!
nginx:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;
events {
accept_mutex on;
worker_connections 1024;
}
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/access.log proxy;
map $ssl_preread_server_name $name {
default nginx;
}
upstream nginx {
server 127.0.0.1:8443;
}
server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com ssr.mydomain.com www.mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen [::]:80;
root /usr/share/nginx/html;
index index.html index.htm;
server_name daze.mydomain.com goflyway.mydomain.com trojan.mydomain.com;
}
server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_dhparam /etc/letsencrypt/live/mydomain.com/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_ecdh_curve secp384r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
resolver 1.1.1.1 8.8.8.8 valid=300s;
resolver_timeout 30s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
server_name mydomain.com ssr.mydomain.com tj.mydomain.com www.mydomain.com;
location /websocketpath {
proxy_redirect off;
proxy_pass http://127.0.0.1:29443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
trojan-go:
{
"run_type": "server",
"local_addr": "127.0.0.1",
"local_port": 29443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"log_level": 1,
"log_file": "",
"password": [
"mypassword"
],
"buffer_size": 32,
"dns": [
"dot://1.1.1.1",
"1.1.1.1",
"8.8.8.8"
],
"ssl": {
"verify": true,
"cert": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",
"key": "/etc/letsencrypt/live/mydomain.com/key.pem",
"key_password": "",
"cipher": "",
"cipher_tls13": "",
"curves": "",
"prefer_server_cipher": false,
"sni": "mydomain.com",
"alpn": [
"http/1.1"
],
"session_ticket": true,
"reuse_session": true,
"plain_http_response": "",
"fallback_port": 0,
"fingerprint": "firefox",
"serve_plain_text": false
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"prefer_ipv4": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mux": {
"enabled": false,
"concurrency": 8,
"idle_timeout": 60
},
"router": {
"enabled": false,
"bypass": [],
"proxy": [],
"block": [],
"default_policy": "proxy",
"domain_strategy": "as_is",
"geoip": "./geoip.dat",
"geosite": "./geoip.dat"
},
"websocket": {
"enabled": true,
"path": "/websocketpath",
"hostname": "mydomain.com",
"obfuscation_password": "mypassword",
"double_tls": true,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",
"key": "/etc/letsencrypt/live/mydomain.com/key.pem",
"key_password": "",
"prefer_server_cipher": false,
"sni": "mydomain.com",
"session_ticket": true,
"reuse_session": true,
"plain_http_response": "",
}
},
"forward_proxy": {
"enabled": false,
"proxy_addr": "",
"proxy_port": 0,
"username": "",
"password": ""
},
"mysql": {
"enabled": false,
"server_addr": "localhost",
"server_port": 3306,
"database": "",
"username": "",
"password": "",
"check_rate": 60
},
"redis": {
"enabled": false,
"server_addr": "localhost",
"server_port": 6379,
"password": ""
},
"api": {
"enabled": false,
"api_addr": "",
"api_port": 0,
"api_tls": false,
"ssl": {
"cert": "",
"key": "",
"key_password": "",
"client_cert": []
},
}
}
from trojan-go.
p4gefau1t
commented on May 17, 2024
-
如果要让nginx做tls加解密,那trojan-go应该只处理明文tcp内容,serve_plain_text应该设置为true
-
配置相关的问题建议在群组里提问,而不是使用issue,issue主要用来讨论bug和feature
from trojan-go.
Related Issues (20)
- [BUG]无法通过ipv6建立连接 HOT 9
- [BUG] exe file HOT 1
- how to rejoin the telegram group HOT 4
- [BUG] HOT 1
- how to using WARP proxy for outbound like xray core? HOT 3
- 可以内置一个简单的http server吗? HOT 1
- 华为手机没法用,只能装别的了
- [BUG] 新出了个检测:https://github.com/XTLS/Trojan-killer,会被识别否? HOT 2
- [BUG]使用自签名证书启动服务端失败 HOT 2
- [BUG] 我使用了clash链接trojan-go,全局模式,无法链接到google HOT 7
- [BUG] tls handshake failed | EOF
- [BUG]windows exe闪退 HOT 3
- [BUG]tls handshake failed | EOF
- 翻墙用户到查20年, 影响三代! HOT 6
- [Feature] 是否可以考虑API 可以直接通过Http协议restful能够直接进行操作访问?
- 电报可以拉我一下么 HOT 1
- 无法在国内链接ChatGPT,会被识别来源的ip HOT 5
- 构建失败 unknown revision 476fab902fbe HOT 13
- [BUG] Trojan-go Use IPv6 for DNS on a Server with IPv6 Disabled
- 服务器已经有 nginx 了,可以不配置 https 部署吗 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trojan-go.