Centos7安装trojan脚本
Centos7安装trojan脚本
参考: https://omaidb.github.io/2022/02/22/Centos8%E5%AE%89%E8%A3%85trojan/
#!/usr/bin/env bash
# !!!声明:该脚本仅适用于Centos7安装trojan
# 定义trojan版本
trojan_version=1.16.0
# ifCMD函数,判断上一条命令(不等于0)没执行成就停止,成功就继续运行
function ifcmd() {
if [ $? -ne 0 ]; then
exit
fi
}
# 判断wget是否存在,如果不存在就安装wget
which wget || yum install wget -y
ifcmd
# 安装推荐的包
yum install telnet proxychains-ng -y
# 如果下载出错,就使用镜像站下载
## -T=3 3秒未响应就使用国内镜像下载
wget -cO /usr/local/src/trojan-$trojan_version-linux-amd64.tar.xz https://github.com/trojan-gfw/trojan/releases/download//v$trojan_version/trojan-$trojan_version-linux-amd64.tar.xz --no-check-certificate ||
wget -cO /usr/local/src/trojan-$trojan_version-linux-amd64.tar.xz https://ghproxy.com/https://github.com/trojan-gfw/trojan/releases/download//v$trojan_version/trojan-$trojan_version-linux-amd64.tar.xz --no-check-certificate
# 如果二进制包没下载下来,退出
ifcmd
# 进入src目录
cd /usr/local/src/ || exit
# 解压trojan.tar.xz
tar xvf trojan-$trojan_version-linux-amd64.tar.xz
# 将源文件修改为trojan,赋予trojan可执行程序,
chmod +x /usr/local/src/trojan/trojan
# 进入目录成功就返回原目录,进入目录失败就创建/usr/local/trojan目录
(cd /usr/local/trojan && cd -) || mkdir -p /usr/local/trojan
# 将trojan可执行文件移动到/usr/local/trojan/
mv /usr/local/src/trojan/trojan /usr/local/trojan/
# 进入/etc/trojan,失败就创建目录再进入目录
cd /etc/trojan || (mkdir -p /etc/trojan && cd /etc/trojan || exit)
# 根据目录判断系统发行版
service_dir=" "
cert_file=" "
if [ -d /usr/lib/systemd/system/ ]; then
echo "Centos系统"
service_dir=/usr/lib/systemd/system/
cert_file=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
else
echo "Ubuntu系统"
service_dir=/lib/systemd/system/
cert_file=/etc/ssl/certs/ca-certificates.crt
fi
# 将配置文件写入trojan.json文件
echo '{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 1080,
"remote_addr": "pac.ibm.com",
"remote_port": 443,
"password": [
"ibm123"
],
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
}
}' >/etc/trojan/config.json
# 创建trojan.service文件
echo "
[Unit]
# 服务的定义描述
Description=trojan
Documentation=man:trojan(1) https://trojan-gfw.github.io/trojan/config https://trojan-gfw.github.io/trojan/
# 服务启动的前置条件
After=network.target network-online.target nss-lookup.target
[Service]
# service类型
Type=simple
StandardError=journal
# 由哪个用户运行
User=nobody
AmbientCapabilities=CAP_NET_BIND_SERVICE
# 需要启动的程序
ExecStart=/usr/local/trojan/trojan -c /etc/trojan/config.json
ExecReload=/bin/kill -HUP \$MAINPID
# 重启策略,失败时重启
Restart=on-failure
# 重启间隔时间
RestartSec=1s
# 最大运行秒数(7天自动重启)
RuntimeMaxSec=604800
[Install]
# 定义service放在哪个target里面
WantedBy=multi-user.target
" >${service_dir}/trojan.service
# 重载systemctl 设置trojan服务开机自启
systemctl daemon-reload && systemctl enable --now trojan
常见错误处理
参考: https://github.com/trojan-gfw/trojan/issues/362
如果提示: SSL handshake failed
您需要将配置文件中的
“verify”:true
”verify_hostname”:true
, 修改为false
, 这是不推荐
的方法
fatal: load_verify_file: no such file or directory
taojan
启动时报错:fatal: load_verify_file: no such file or directory
这个错误是找不到证书
.根据你的发行版将config.json
中的cert
修改为对应的证书路径
即可.
手工指定根证书-Centos7
Centos7
的根证书路径是/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
该文件合并了所有根证书
,是存储TLS证书颁发机构(CA)根证书
的文件,这些根证书用于验证TLS连接中的服务器证书的可信性
。
"cert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
手工指定根证书-Ubuntu18
参考: https://qa.1r1g.cn/unix/ask/33941001/
http://manpages.ubuntu.com/manpages/bionic/man8/update-ca-certificates.8.html
Ubuntu18
的证书路径是/etc/ssl/certs/ca-certificates.crt
"cert": "/etc/ssl/certs/ca-certificates.crt",