使用 docker 启动trojan
1、启动trojan,设置配置文件和证书目录映射
docker run -d --name trojan -v /etc/trojan/config.json:/config/config.json -v /www/my_certs/web_certs/xxxx.com:/config/certs --network trojan-net -e TZ="Asia/Shanghai" trojangfw/trojan
2、启动nginx镜像
docker run --name nginx -p 80:80 -p 443:443 -v /www/nginx/nginx.conf:/etc/nginx/nginx.conf -v /www/nginx/conf.d:/etc/nginx/conf.d -v /www/my_certs:/etc/nginx/cert -v /var/log/nginx:/var/log/nginx -e TZ="Asia/Shanghai" --network trojan-net -d nginx
3、修改.../trojan/config.json配置正确的证书路径和密码等
4、设置反向代理(重点)
++++++++++++++++++++++++++++++++++++
nginx.conf中添加如下内容
# 流量转发核心配置
stream {
# 这里就是 SNI 识别,将域名映射成一个配置名
map $ssl_preread_server_name $backend_name {
xxxx.com web;
xxxtrojan.com trojan;
# 域名都不匹配情况下的默认值
default web;
}
# web,配置转发详情
upstream web {
server 127.0.0.1:10240;
}
# trojan,配置转发详情
upstream trojan {
server 172.21.0.2:443;
}
# 监听 443 并开启 ssl_preread
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}
http {、、后面的保持不变就好