Centos7安装trojan脚本

#!/usr/bin/env bash

# !!!声明:该脚本仅适用于Centos7安装trojan

# 定义trojan版本
trojan_version=1.16.0

# ifCMD函数,判断上一条命令(不等于0)没执行成就停止,成功就继续运行
function ifcmd() {
    if [ $? -ne 0 ]; then
        exit
    fi
}

# 判断wget是否存在,如果不存在就安装wget
which wget || yum install wget -y

ifcmd

# 安装推荐的包
yum install telnet proxychains-ng -y

# 如果下载出错,就使用镜像站下载
## -T=3 3秒未响应就使用国内镜像下载
wget -cO /usr/local/src/trojan-$trojan_version-linux-amd64.tar.xz https://github.com/trojan-gfw/trojan/releases/download//v$trojan_version/trojan-$trojan_version-linux-amd64.tar.xz --no-check-certificate ||
    wget -cO /usr/local/src/trojan-$trojan_version-linux-amd64.tar.xz https://ghproxy.com/https://github.com/trojan-gfw/trojan/releases/download//v$trojan_version/trojan-$trojan_version-linux-amd64.tar.xz --no-check-certificate


# 如果二进制包没下载下来,退出
ifcmd

# 进入src目录
cd /usr/local/src/ || exit
# 解压trojan.tar.xz
tar xvf trojan-$trojan_version-linux-amd64.tar.xz

# 将源文件修改为trojan,赋予trojan可执行程序,
chmod +x /usr/local/src/trojan/trojan

# 进入目录成功就返回原目录,进入目录失败就创建/usr/local/trojan目录
(cd /usr/local/trojan && cd -) || mkdir -p /usr/local/trojan

# 将trojan可执行文件移动到/usr/local/trojan/
mv /usr/local/src/trojan/trojan /usr/local/trojan/

# 进入/etc/trojan,失败就创建目录再进入目录
cd /etc/trojan || (mkdir -p /etc/trojan && cd /etc/trojan || exit)

# 根据目录判断系统发行版
service_dir=" "
cert_file=" "
if [ -d /usr/lib/systemd/system/ ]; then
    echo "Centos系统"
    service_dir=/usr/lib/systemd/system/
    cert_file=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

else
    echo "Ubuntu系统"
    service_dir=/lib/systemd/system/
    cert_file=/etc/ssl/certs/ca-certificates.crt
fi

# 将配置文件写入trojan.json文件
echo '{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 1080,
    "remote_addr": "pac.ibm.com",
    "remote_port": 443,
    "password": [
        "ibm123"
    ],
    "log_level": 1,
    "ssl": {
        "verify": true,
        "verify_hostname": true,
        "cert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "sni": "",
        "alpn": [
            "h2",
            "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "curves": "",
    },
    "tcp": {
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    }
}' >/etc/trojan/config.json

# 创建trojan.service文件
echo "
[Unit]
# 服务的定义描述
Description=trojan
Documentation=man:trojan(1) https://trojan-gfw.github.io/trojan/config https://trojan-gfw.github.io/trojan/
# 服务启动的前置条件
After=network.target network-online.target nss-lookup.target

[Service]
# service类型
Type=simple
StandardError=journal
# 由哪个用户运行
User=nobody
AmbientCapabilities=CAP_NET_BIND_SERVICE
# 需要启动的程序
ExecStart=/usr/local/trojan/trojan -c /etc/trojan/config.json

ExecReload=/bin/kill -HUP \$MAINPID
# 重启策略,失败时重启
Restart=on-failure
# 重启间隔时间
RestartSec=1s
# 最大运行秒数(7天自动重启)
RuntimeMaxSec=604800

[Install]
# 定义service放在哪个target里面
WantedBy=multi-user.target
" >${service_dir}/trojan.service

# 重载systemctl 设置trojan服务开机自启
systemctl daemon-reload && systemctl enable --now trojan

常见错误处理

您需要将配置文件中的

“verify”:true”verify_hostname”:truefalse不推荐

fatal: load_verify_file: no such file or directory

taojanfatal: load_verify_file: no such file or directory找不到证书config.jsoncert证书路径

手工指定证书-Centos7

Centos7/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
"cert": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",

手工指定证书-Ubuntu18

Ubuntu18/etc/ssl/certs/ca-certificates.crt
"cert": "/etc/ssl/certs/ca-certificates.crt",