使用 Docker 部署 Trojan 与 Nginx

By / / 运维 / Leave a Comment

Docker Nginx Trojan

项目目录结构

  • docker-compose.yaml 是 Docker Compose 的配置文件
  • trojan/config.json 是 trojan-gfw 的配置文件
  • trojan/mysql-ca.pem 是 MySQL 数据库的 CA 根证书。如果数据库就在本机,可以不需要使用证书。如果数据库在另一台远程服务器,最好从数据库目录(通常是 /var/lib/mysql/ )拷贝 ca.pem 文件,防止在同数据库进行 TLS 连接时候被中间人攻击。

docker-compose.yml

services:
  trojan:
    image: teddysun/trojan  # 最精简的 trojan 镜像
    container_name: trojan-gfw
    ports:
      - "8443:443"  # 将宿主机的 8443 端口映射到容器的 443 端口
    volumes:
      # 挂载 trojan 配置
      - ./trojan/config.json:/etc/trojan/config.json:ro

      # 挂载 MySQL 数据库证书 (如果需要验证远程 MySQL 证书的话)
      - ./trojan/mysql-ca.pem:/etc/trojan/mysql-ca.pem:ro

      # 挂载 Let's Encrypt 证书文件(公钥链)
      - /etc/letsencrypt/live/xxx/fullchain.pem:/etc/trojan/fullchain.pem:ro

      # 挂载 Let's Encrypt 私钥
      - /etc/letsencrypt/live/xxx/privkey.pem:/etc/trojan/private.pem:ro
    restart: always

  nginx:
    image: nginx:alpine  # 使用最精简的 alpine 镜像
    container_name: nginx-trojan-fallback
    expose:
      - "80"  # 在 docker 网络中暴露容器的 80 端口,供 trojan 连接
              # 不映射到宿主机端口,避免冲突
    restart: always

config.json

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "nginx-trojan-fallback",
    "remote_port": 80,
    "password": [
    ],
    "log_level": 3,
    "ssl": {
        "cert": "/etc/trojan/fullchain.pem",
        "key": "/etc/trojan/private.pem",
        "key_password": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "prefer_server_cipher": true,
        "alpn": [
            "http/1.1",
            "h2"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "session_timeout": 600,
        "plain_http_response": "",
        "curves": "",
        "dhparam": ""
    },
    "tcp": {
        "prefer_ipv4": false,
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": false,
        "fast_open": false,
        "fast_open_qlen": 20
    },
    "mysql": {
        "enabled": true,
        "server_addr": "mysql_host",
        "server_port": 3306,
        "database": "xxx",
        "username": "xxx",
        "password": "xxx",
        "ca": "/etc/trojan/mysql-ca.pem",
        "key": "",  
        "cert": ""
    }
}

拉取镜像并启动容器

在项目目录下执行命令 sudo docker compose up -d.

使用 sudo docker ps 检查容器状态:

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top