Centos7安装trojan脚本
#!/usr/bin/env bash
# !!!声明:该脚本仅适用于Centos7安装trojan
# 定义trojan版本
trojan_version=1.16.0
# ifCMD函数,判断上一条命令(不等于0)没执行成就停止,成功就继续运行
function ifcmd() {
if [ $? -ne 0 ]; then
exit
fi
}
# 判断wget是否存在,如果不存在就安装wget
which wget || yum install wget -y
ifcmd
# 安装推荐的包
yum install telnet proxychains-ng -y
# 如果下载出错,就使用镜像站下载
## -T=3 3秒未响应就使用国内镜像下载
wget -cO /usr/local/src/trojan-$trojan_version-linux-amd64.tar.xz https://github.com/trojan-gfw/trojan/releases/download//v$trojan_version/trojan-$trojan_version-linux-amd64.tar.xz --no-check-certificate ||
wget -cO /usr/local/src/trojan-$trojan_version-linux-amd64.tar.xz https://ghproxy.com/https://github.com/trojan-gfw/trojan/releases/download//v$trojan_version/trojan-$trojan_version-linux-amd64.tar.xz --no-check-certificate
# 如果二进制包没下载下来,退出
ifcmd
# 进入src目录
cd /usr/local/src/ || exit
# 解压trojan.tar.xz
tar xvf trojan-$trojan_version-linux-amd64.tar.xz
# 将源文件修改为trojan,赋予trojan可执行程序,
chmod +x /usr/local/src/trojan/trojan
# 进入目录成功就返回原目录,进入目录失败就创建/usr/local/trojan目录
(cd /usr/local/trojan && cd -) || mkdir -p /usr/local/trojan
# 将trojan可执行文件移动到/usr/local/trojan/
mv /usr/local/src/trojan/trojan /usr/local/trojan/
# 进入/etc/trojan,失败就创建目录再进入目录
cd /etc/trojan || (mkdir -p /etc/trojan && cd /etc/trojan || exit)
# 根据目录判断系统发行版
service_dir=" "
cert_file=" "
if [ -d /usr/lib/systemd/system/ ]; then
echo "Centos系统"
service_dir=/usr/lib/systemd/system/
cert_file=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
else
echo "Ubuntu系统"
service_dir=/lib/systemd/system/
cert_file=/etc/ssl/certs/ca-certificates.crt
fi
# 将配置文件写入trojan.json文件
echo '{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 1080,
"remote_addr": "pac.ibm.com",
"remote_port": 443,
"password": [
"ibm123"
],
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": "",
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
}
}' >/etc/trojan/config.json
# 创建trojan.service文件
echo "
[Unit]
# 服务的定义描述
Description=trojan
Documentation=man:trojan(1) https://trojan-gfw.github.io/trojan/config https://trojan-gfw.github.io/trojan/
# 服务启动的前置条件
After=network.target network-online.target nss-lookup.target
[Service]
# service类型
Type=simple
StandardError=journal
# 由哪个用户运行
User=nobody
AmbientCapabilities=CAP_NET_BIND_SERVICE
# 需要启动的程序
ExecStart=/usr/local/trojan/trojan -c /etc/trojan/config.json
ExecReload=/bin/kill -HUP \$MAINPID
# 重启策略,失败时重启
Restart=on-failure
# 重启间隔时间
RestartSec=1s
# 最大运行秒数(7天自动重启)
RuntimeMaxSec=604800
[Install]
# 定义service放在哪个target里面
WantedBy=multi-user.target
" >${service_dir}/trojan.service
# 重载systemctl 设置trojan服务开机自启
systemctl daemon-reload && systemctl enable --now trojan
常见错误处理
您需要将配置文件中的
“verify”:true”verify_hostname”:truefalse不推荐fatal: load_verify_file: no such file or directory
taojanfatal: load_verify_file: no such file or directory找不到证书config.jsoncert证书路径手工指定证书-Centos7
Centos7/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"cert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
手工指定证书-Ubuntu18
Ubuntu18/etc/ssl/certs/ca-certificates.crt"cert": "/etc/ssl/certs/ca-certificates.crt",