### Install Trojan-GFW using Quickstart Script Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Executes a shell script to automate the installation of Trojan-GFW. This script fetches the latest version and configures it. ```bash sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)" ``` ```bash sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)" ``` -------------------------------- ### Install Trojan-GFW on Gentoo Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on Gentoo systems using the emerge package manager. ```bash sudo emerge --sync sudo emerge -av trojan ``` -------------------------------- ### Install Trojan-GFW on macOS using Homebrew Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on macOS using Homebrew by tapping the official repository and installing the package. ```bash brew tap trojan-gfw/homebrew-trojan brew install trojan ``` -------------------------------- ### Install Trojan-GFW on Fedora Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on Fedora systems using the dnf package manager. ```bash sudo dnf install trojan ``` -------------------------------- ### Trojan Client Configuration Example Source: https://github.com/trojan-gfw/trojan/blob/master/docs/config.md A valid JSON configuration file for a Trojan client. This example demonstrates the structure for specifying connection details, password, logging, SSL settings, and TCP optimizations. ```json { "run_type": "client", "local_addr": "127.0.0.1", "local_port": 1080, "remote_addr": "example.com", "remote_port": 443, "password": [ "password1" ], "log_level": 1, "ssl": { "verify": true, "verify_hostname": true, "cert": "", "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA", "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "sni": "", "alpn": [ "h2", "http/1.1" ], "reuse_session": true, "session_ticket": false, "curves": "" }, "tcp": { "no_delay": true, "keep_alive": true, "reuse_port": false, "fast_open": false, "fast_open_qlen": 20 } } ``` -------------------------------- ### Server Configuration Example Source: https://github.com/trojan-gfw/trojan/blob/master/docs/config.md A sample server.json file demonstrating the configuration for a Trojan server. This includes network addresses, ports, passwords, logging levels, SSL/TLS settings, TCP optimizations, and MySQL authenticator details. ```json { "run_type": "server", "local_addr": "0.0.0.0", "local_port": 443, "remote_addr": "127.0.0.1", "remote_port": 80, "password": [ "password1", "password2" ], "log_level": 1, "ssl": { "cert": "/path/to/certificate.crt", "key": "/path/to/private.key", "key_password": "", "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384", "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "prefer_server_cipher": true, "alpn": [ "http/1.1" ], "alpn_port_override": { "h2": 81 }, "reuse_session": true, "session_ticket": false, "session_timeout": 600, "plain_http_response": "", "curves": "", "dhparam": "" }, "tcp": { "prefer_ipv4": false, "no_delay": true, "keep_alive": true, "reuse_port": false, "fast_open": false, "fast_open_qlen": 20 }, "mysql": { "enabled": false, "server_addr": "127.0.0.1", "server_port": 3306, "database": "trojan", "username": "trojan", "password": "", "key": "", "cert": "", "ca": "" } } ``` -------------------------------- ### Install Trojan-GFW on Chrome OS using Linux (beta) Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on Chrome OS by enabling the Linux (beta) environment and compiling from source. ```bash sudo -i apt update apt -y install git g++ cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev git clone https://github.com/trojan-gfw/trojan.git cd trojan/ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr -DSYSTEMD_SERVICE=ON . make install ``` -------------------------------- ### Install Trojan-GFW from AUR on Arch Linux Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs the development version of Trojan-GFW from the Arch User Repository (AUR) using an AUR helper. ```bash $(AURHelper) -S trojan-git ``` -------------------------------- ### Build Trojan-GFW from source on Debian <= 9 Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Builds and installs Trojan-GFW from source on older Debian versions. Requires development tools and libraries. ```bash TROJAN_DEBIAN_VERSION="1.10.0-3" sudo apt update sudo apt install build-essential devscripts debhelper cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev python3 curl openssl dget http://ftp.us.debian.org/debian/pool/main/t/trojan/trojan_${TROJAN_DEBIAN_VERSION}.dsc dpkg-source -x trojan_${TROJAN_DEBIAN_VERSION}.dsc trojan-${TROJAN_DEBIAN_VERSION} cd trojan-${TROJAN_DEBIAN_VERSION}/ dpkg-buildpackage -us -uc -d sudo dpkg -i ../trojan_${TROJAN_DEBIAN_VERSION}_$(dpkg-architecture -q DEB_BUILD_ARCH).deb sudo apt purge devscripts debhelper cmake ``` -------------------------------- ### Run Trojan-GFW using Docker Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Launches a basic Trojan-GFW Docker container, mounting a configuration file and exposing the default port. ```bash sudo docker run -it --name trojan \ --mount type=bind,source=/etc/trojan/config.json,target=/config/config.json \ -p 443:443 \ trojangfw/trojan ``` -------------------------------- ### Install Trojan-GFW on Arch Linux Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW using the pacman package manager on Arch Linux. ```bash sudo pacman -S trojan ``` -------------------------------- ### Install Trojan-GFW on Ubuntu 18.10 & 19.04 Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on Ubuntu versions 18.10 and 19.04 by adding a PPA and using apt. ```bash sudo add-apt-repository ppa:greaterfire/trojan sudo apt-get update sudo apt-get install trojan ``` -------------------------------- ### Enable EPEL Repository and Install Trojan-GFW on RHEL/CentOS 8 Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Enables the EPEL repository and installs Trojan-GFW on RHEL 8 or CentOS 8 systems using dnf. ```bash dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ## for CentOS 8 dnf config-manager --set-enabled PowerTools ## for RHEL 8 ARCH=$( /bin/arch ) subscription-manager repos --enable "codeready-builder-for-rhel-8-${ARCH}-rpms" ``` ```bash sudo dnf install trojan ``` -------------------------------- ### Install Trojan-GFW on Ubuntu >= 19.04 Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on Ubuntu versions 19.04 and later using the apt package manager. ```bash sudo apt-get install trojan ``` -------------------------------- ### Install Trojan-GFW on AOSC OS / Debian Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW using the apt package manager on Debian-based systems. ```bash sudo apt-get install trojan ``` -------------------------------- ### Install Trojan-GFW on Debian 10 Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Installs Trojan-GFW on Debian 10 using the apt package manager. ```bash sudo apt install trojan ``` -------------------------------- ### Build and Install Trojan Source: https://github.com/trojan-gfw/trojan/blob/master/docs/build.md Compiles, tests, and installs the Trojan software using CMake and Make. Assumes dependencies are met and the repository has been cloned. ```bash mkdir build cd build/ cmake .. make ctest sudo make install ``` -------------------------------- ### Upgrade Chrome OS to Debian Buster and Install Trojan-GFW Source: https://github.com/trojan-gfw/trojan/wiki/Binary-&-Package-Distributions Upgrades the Chrome OS Linux environment to Debian Buster and installs Trojan-GFW. ```bash sudo -i apt update && apt dist-upgrade cp /etc/apt/sources.list /etc/apt/sources.list.bak sed -i 's/stretch/buster/g' /etc/apt/sources.list apt update && apt dist-upgrade apt install trojan ``` -------------------------------- ### Install Dependencies on Debian Source: https://github.com/trojan-gfw/trojan/blob/master/docs/build.md Installs essential build tools and libraries required for compiling Trojan on Debian-based systems. ```bash sudo apt -y install build-essential cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev ``` -------------------------------- ### Install Privoxy on Termux Source: https://github.com/trojan-gfw/trojan/wiki/Mobile-Platforms Command to install Privoxy on Termux, a tool that can be used to convert SOCKS5 proxies to HTTP proxies. ```bash apt install privoxy ``` -------------------------------- ### Server Configuration Parameters Source: https://github.com/trojan-gfw/trojan/blob/master/docs/config.md Detailed explanation of the parameters within the server.json configuration file for Trojan. This covers network binding, remote connection details, authentication, logging, SSL/TLS options, TCP tuning, and MySQL integration. ```APIDOC Server Configuration Parameters: - `run_type`: Specifies the role of the Trojan instance, typically 'server'. - `local_addr`: The network interface address the Trojan server binds to. Can be '0.0.0.0' for all interfaces or a specific IP address. - `local_port`: The port number the Trojan server listens on. - `remote_addr`: The IP address of the remote endpoint the server connects to for specific protocols. - `remote_port`: The port number of the remote endpoint. - `password`: An array of strings representing passwords used for client authentication. - `log_level`: Controls the verbosity of logging. Options range from 0 (ALL) to 5 (OFF). SSL/TLS Configuration (`ssl`): - `cert`: Path to the server's SSL certificate file. A full chain certificate is recommended. - `key`: Path to the server's private key file. - `key_password`: Password for the private key file, if any. - `cipher`: A colon-separated list of allowed TLS ciphers for older TLS versions. - `cipher_tls13`: A colon-separated list of allowed TLS ciphers for TLS 1.3. - `prefer_server_cipher`: Boolean, if true, the server's cipher preference is used. - `alpn`: An array of Application-Layer Protocol Negotiation strings (e.g., 'http/1.1'). - `alpn_port_override`: A map to override the remote port based on matched ALPN protocols. - `reuse_session`: Boolean, enables SSL session reuse. - `session_ticket`: Boolean, enables session tickets for faster resumption. - `session_timeout`: Duration in seconds for SSL session timeout when `reuse_session` is true. - `plain_http_response`: Content to send in response to plain HTTP requests. - `curves`: Specifies ECC curves to use for key exchange. - `dhparam`: Path to a Diffie-Hellman parameter file; if blank, a default is used. TCP Configuration (`tcp`): - `prefer_ipv4`: Boolean, prioritizes IPv4 addresses when both IPv4 and IPv6 are available. - `no_delay`: Boolean, disables Nagle's algorithm for reduced latency. - `keep_alive`: Boolean, enables TCP Keep Alive probes. - `reuse_port`: Boolean, enables TCP port reuse (requires kernel support). - `fast_open`: Boolean, enables TCP Fast Open (requires kernel support). - `fast_open_qlen`: Maximum queue length for incomplete TCP Fast Open connections. MySQL Authenticator Configuration (`mysql`): - `enabled`: Boolean, enables the MySQL authenticator. - `server_addr`: IP address of the MySQL server. - `server_port`: Port number of the MySQL server. - `database`: Name of the MySQL database to connect to. - `username`: Username for MySQL authentication. - `password`: Password for MySQL authentication. - `key`: Path to the client's private key for MySQL SSL connection. - `cert`: Path to the client's certificate for MySQL SSL connection. - `ca`: Path to the Certificate Authority file for MySQL SSL connection. ``` -------------------------------- ### Trojan-GFW Shadowsocks Integration Flow Source: https://github.com/trojan-gfw/trojan/wiki/Shadowsocks-SIP003-Integration Illustrates the communication flow between Shadowsocks clients and servers using Trojan-GFW plugins. This setup is experimental and for entertainment purposes. ```text Shadowsocks Client === Trojan Forward (Client-Side Plugin) ===== Trojan Server (Server-Side Plugin) === Shadowsocks Server ``` -------------------------------- ### Trojan GFW Forward Configuration (forward.json) Source: https://github.com/trojan-gfw/trojan/blob/master/docs/config.md Configuration for port forwarding through a Trojan connection. This setup is used when you need to redirect traffic to a specific destination endpoint via the Trojan proxy. Key parameters include local and remote addresses/ports, password, UDP timeout, and detailed SSL/TCP settings. ```json { "run_type": "forward", "local_addr": "127.0.0.1", "local_port": 5901, "remote_addr": "example.com", "remote_port": 443, "target_addr": "127.0.0.1", "target_port": 5901, "password": [ "password1" ], "udp_timeout": 60, "log_level": 1, "ssl": { "verify": true, "verify_hostname": true, "cert": "", "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA", "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "sni": "", "alpn": [ "h2", "http/1.1" ], "reuse_session": true, "session_ticket": false, "curves": "" }, "tcp": { "no_delay": true, "keep_alive": true, "reuse_port": false, "fast_open": false, "fast_open_qlen": 20 } } ``` -------------------------------- ### Compile Trojan in Termux on Android Source: https://github.com/trojan-gfw/trojan/wiki/Mobile-Platforms Steps to compile the Trojan client within the Termux environment on Android. This includes installing necessary dependencies, downloading the Trojan source code, and configuring the build process using CMake. ```bash apt install wget git clang cmake openssl wget https://mirrors.ustc.edu.cn/termux/dists/stable/main/binary-aarch64/boost_1.69.0-2_aarch64.deb wget https://mirrors.ustc.edu.cn/termux/dists/stable/main/binary-aarch64/boost-dev_1.69.0-2_aarch64.deb chmod 777 boost_1.69.0-2_aarch64.deb chmod 777 boost-dev_1.69.0-2_aarch64.deb dpkg -i ./boost_1.69.0-2_aarch64.deb dpkg -i ./boost-dev_1.69.0-2_aarch64.deb git clone https://github.com/trojan-gfw/trojan cd trojan/ cmake -DCMAKE_INSTALL_PREFIX=/data/data/com.termux/files/usr -DENABLE_MYSQL=OFF . make install ``` -------------------------------- ### Run Trojan GFW Linux Smoke Tests Source: https://github.com/trojan-gfw/trojan/blob/master/tests/LinuxSmokeTest/README.md Executes basic and fake client smoke tests for Trojan GFW on Linux. Requires the path to the Trojan installation directory. ```bash ./basic.sh /path/to/trojan ./fake-client.sh /path/to/trojan ``` -------------------------------- ### MySQL User Table Structure for Trojan Source: https://github.com/trojan-gfw/trojan/blob/master/docs/authenticator.md Example SQL schema for the 'users' table used by Trojan GFW for authentication. Specifies fields for username, password, quota, and data transfer, along with primary key and index. ```sql CREATE TABLE users ( id INT UNSIGNED NOT NULL AUTO_INCREMENT, username VARCHAR(64) NOT NULL, password CHAR(56) NOT NULL, quota BIGINT NOT NULL DEFAULT 0, download BIGINT UNSIGNED NOT NULL DEFAULT 0, upload BIGINT UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (id), INDEX (password) ); ``` -------------------------------- ### Clone Trojan Repository Source: https://github.com/trojan-gfw/trojan/blob/master/docs/build.md Clones the Trojan project from its GitHub repository and navigates into the project directory. ```bash git clone https://github.com/trojan-gfw/trojan.git cd trojan/ ``` -------------------------------- ### Trojan GFW Command-Line Usage Source: https://github.com/trojan-gfw/trojan/blob/master/docs/usage.md Provides an overview of the command-line arguments and options available for the Trojan GFW client. This includes flags for specifying configuration files, log locations, testing, and displaying version information. ```bash usage: ./trojan [-htv] [-l LOG] [-k KEYLOG] [[-c] CONFIG] options: -c [ --config ] CONFIG specify config file -h [ --help ] print help message -k [ --keylog ] KEYLOG specify keylog file location (OpenSSL >= 1.1.1) -l [ --log ] LOG specify log file location -t [ --test ] test config file -v [ --version ] print version and build info ``` -------------------------------- ### Run Trojan as System User Source: https://github.com/trojan-gfw/trojan/wiki/Limiting-Server-Network-Access Demonstrates how to execute the Trojan GFW binary as the 'trojan' user. ```bash sudo -u trojan trojan /path/to/config ``` -------------------------------- ### Trojan GFW NAT Configuration (nat.json) Source: https://github.com/trojan-gfw/trojan/blob/master/docs/config.md Configuration for transparent proxying (NAT) with Trojan GFW. This requires setting up iptables rules to redirect traffic. The configuration is similar to the client config, enabling transparent proxying of network traffic. ```json { "run_type": "nat", "local_addr": "127.0.0.1", "local_port": 12345, "remote_addr": "example.com", "remote_port": 443, "password": [ "password1" ], "log_level": 1, "ssl": { "verify": true, "verify_hostname": true, "cert": "", "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA", "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "sni": "", "alpn": [ "h2", "http/1.1" ], "reuse_session": true, "session_ticket": false, "curves": "" }, "tcp": { "no_delay": true, "keep_alive": true, "reuse_port": false, "fast_open": false, "fast_open_qlen": 20 } } ``` -------------------------------- ### Run Trojan-GFW Docker Container Source: https://github.com/trojan-gfw/trojan/wiki/_Footer This command launches a Docker container for Trojan-GFW. It mounts a local configuration file into the container and maps port 443 to the host machine. ```bash sudo docker run -it --name trojan \ --mount type=bind,source=/etc/trojan/config.json,target=/config/config.json \ -p 443:443 \ trojangfw/trojan ``` -------------------------------- ### MySQL Configuration for Trojan Authentication Source: https://github.com/trojan-gfw/trojan/blob/master/docs/authenticator.md Configuration settings for enabling and connecting to a MySQL database for user authentication in Trojan GFW. Includes server address, port, credentials, and SSL/TLS options. ```json { "mysql": { "enabled": true, "server_addr": "127.0.0.1", "server_port": 3306, "database": "trojan", "username": "trojan", "password": "", "key": "", "cert": "", "ca": "" } } ``` -------------------------------- ### CMake Build Configuration for Trojan Source: https://github.com/trojan-gfw/trojan/blob/master/CMakeLists.txt Configures the build process for the Trojan project using CMake. It sets C++ standards, includes necessary libraries like Boost and OpenSSL, and defines platform-specific build options. ```cmake cmake_minimum_required(VERSION 3.7.2) project(trojan CXX) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/") if(NOT CMAKE_BUILD_TYPE) set(CMAKE_BUILD_TYPE Release) endif() set(CMAKE_CXX_STANDARD 11) if(MSVC) add_definitions(-D_CRT_SECURE_NO_WARNINGS) else() add_definitions(-Wall -Wextra) endif() file(GLOB_RECURSE CPP_LIST src/*.cpp) add_executable(trojan ${CPP_LIST}) target_include_directories(trojan PRIVATE src) set(THREADS_PREFER_PTHREAD_FLAG ON) find_package(Threads REQUIRED) target_link_libraries(trojan ${CMAKE_THREAD_LIBS_INIT}) find_package(Boost 1.66.0 REQUIRED COMPONENTS system program_options) target_include_directories(trojan PRIVATE ${Boost_INCLUDE_DIR}) target_link_libraries(trojan ${Boost_LIBRARIES}) if(MSVC) add_definitions(-DBOOST_DATE_TIME_NO_LIB) endif() find_package(OpenSSL 1.1.0 REQUIRED) target_include_directories(trojan PRIVATE ${OPENSSL_INCLUDE_DIR}) target_link_libraries(trojan ${OPENSSL_LIBRARIES}) if(OPENSSL_VERSION VERSION_GREATER_EQUAL 1.1.1) option(ENABLE_SSL_KEYLOG "Build with SSL KeyLog support" ON) if(ENABLE_SSL_KEYLOG) add_definitions(-DENABLE_SSL_KEYLOG) endif() option(ENABLE_TLS13_CIPHERSUITES "Build with TLS1.3 ciphersuites support" ON) if(ENABLE_TLS13_CIPHERSUITES) add_definitions(-DENABLE_TLS13_CIPHERSUITES) endif() endif() option(ENABLE_MYSQL "Build with MySQL support" ON) if(ENABLE_MYSQL) find_package(MySQL REQUIRED) target_include_directories(trojan PRIVATE ${MYSQL_INCLUDE_DIR}) target_link_libraries(trojan ${MYSQL_LIBRARIES}) add_definitions(-DENABLE_MYSQL) endif() option(FORCE_TCP_FASTOPEN "Force build with TCP Fast Open support" OFF) if(FORCE_TCP_FASTOPEN) add_definitions(-DTCP_FASTOPEN=23 -DTCP_FASTOPEN_CONNECT=30) endif() if(CMAKE_SYSTEM_NAME STREQUAL Linux) option(ENABLE_NAT "Build with NAT support" ON) if(ENABLE_NAT) add_definitions(-DENABLE_NAT) endif() option(ENABLE_REUSE_PORT "Build with SO_REUSEPORT support" ON) if(ENABLE_REUSE_PORT) add_definitions(-DENABLE_REUSE_PORT) endif() endif() if(APPLE) find_library(CoreFoundation CoreFoundation) find_library(Security Security) target_link_libraries(trojan ${CoreFoundation} ${Security}) endif() if(WIN32) target_link_libraries(trojan wsock32 ws2_32 crypt32) else() set(SYSTEMD_SERVICE AUTO CACHE STRING "Install systemd service") set_property(CACHE SYSTEMD_SERVICE PROPERTY STRINGS AUTO ON OFF) set(SYSTEMD_SERVICE_PATH /lib/systemd/system CACHE PATH "Systemd service path") if(SYSTEMD_SERVICE STREQUAL AUTO) if(EXISTS /usr/lib/systemd/system) set(SYSTEMD_SERVICE ON) set(SYSTEMD_SERVICE_PATH /usr/lib/systemd/system CACHE PATH "Systemd service path" FORCE) elseif(EXISTS /lib/systemd/system) set(SYSTEMD_SERVICE ON) set(SYSTEMD_SERVICE_PATH /lib/systemd/system CACHE PATH "Systemd service path" FORCE) endif() endif() include(GNUInstallDirs) install(TARGETS trojan DESTINATION ${CMAKE_INSTALL_BINDIR}) install(FILES examples/server.json-example DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/trojan RENAME config.json) set(DEFAULT_CONFIG ${CMAKE_INSTALL_FULL_SYSCONFDIR}/trojan/config.json CACHE STRING "Default config path") add_definitions(-DDEFAULT_CONFIG=\"${DEFAULT_CONFIG}\") install(FILES docs/trojan.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) install(DIRECTORY docs/ DESTINATION ${CMAKE_INSTALL_DOCDIR} FILES_MATCHING PATTERN "*.md") install(DIRECTORY examples DESTINATION ${CMAKE_INSTALL_DOCDIR} FILES_MATCHING PATTERN "*.json-example") if(SYSTEMD_SERVICE STREQUAL ON) set(CONFIG_NAME config) configure_file(examples/trojan.service-example trojan.service) set(CONFIG_NAME %i) configure_file(examples/trojan.service-example trojan@.service) install(FILES ${CMAKE_BINARY_DIR}/trojan.service ${CMAKE_BINARY_DIR}/trojan@.service DESTINATION ${SYSTEMD_SERVICE_PATH}) endif() enable_testing() add_test(NAME LinuxSmokeTest-basic COMMAND bash ${CMAKE_SOURCE_DIR}/tests/LinuxSmokeTest/basic.sh ${CMAKE_BINARY_DIR}/trojan) add_test(NAME LinuxSmokeTest-fake-client COMMAND bash ${CMAKE_SOURCE_DIR}/tests/LinuxSmokeTest/fake-client.sh ${CMAKE_BINARY_DIR}/trojan) SET_TESTS_PROPERTIES(LinuxSmokeTest-fake-client PROPERTIES DEPENDS "LinuxSmokeTest-basic") endif() ``` -------------------------------- ### Trojan GFW Signal Handling Source: https://github.com/trojan-gfw/trojan/blob/master/docs/usage.md Details how the Trojan GFW client responds to specific Unix signals. SIGHUP triggers a service reload with configuration updates, dropping existing connections. SIGUSR1 reloads SSL certificates and private keys without dropping connections. ```APIDOC Signal Handling: - SIGHUP: Reloads the configuration and restarts the service, dropping all existing connections. Ensures the trojan process does not exit when the shell exits if run in the background. - SIGUSR1: Reloads the SSL server's certificate and private key. Existing connections are unaffected by the new certificate. ``` -------------------------------- ### Trojan Configuration for Shadowsocks Plugin Source: https://github.com/trojan-gfw/trojan/wiki/Shadowsocks-SIP003-Integration Details how to pass a Trojan configuration to the `--plugin-opts` option of Shadowsocks. Specific fields need to be excluded or set based on whether it's a client-side or server-side plugin. ```text Pass a whole working trojan config to the `--plugin-opts` option of shadowsocks. Exclude `remote_addr`, `remote_port`, `local_addr`, and `local_port` for the client-side plugin, and `local_addr` and `local_port` for the server-side plugin, as they will be filled by shadowsocks. Note that you do need to fill in the `target_addr` and `target_port` fields of the client-side plugin to be the listening address and port of the shadowsocks server for it to work, but since shadowsocks [refuses to cooperate](https://github.com/shadowsocks/shadowsocks-libev/issues/2164), you'll have to set it every time you restart shadowsocks server. ``` -------------------------------- ### Create Trojan System User Source: https://github.com/trojan-gfw/trojan/wiki/Limiting-Server-Network-Access Creates a system user named 'trojan' with no login shell, intended for running the Trojan GFW process. ```bash sudo useradd -r trojan --shell=/usr/sbin/nologin ``` -------------------------------- ### Trojan-GFW HTTP 2 Configuration Source: https://github.com/trojan-gfw/trojan/wiki/Adaptation-to-New-Specifications-(TLS-1.3-and-HTTP-2) This section explains how to configure Trojan-GFW to work with HTTP 2. It emphasizes the importance of ALPN settings in the server configuration. ```APIDOC Server Configuration: ALPN (Application-Layer Protocol Negotiation): - Prioritize 'h2' in the ALPN section of the server config to enable HTTP 2. - Example: `alpn: h2;http/1.1` ``` -------------------------------- ### CMake Build Options for Trojan Source: https://github.com/trojan-gfw/trojan/blob/master/docs/build.md Customizes the Trojan build process using CMake variables to enable or disable specific features and configurations. ```cmake -DDEFAULT_CONFIG=/path/to/default/config.json -DENABLE_MYSQL=ON -DENABLE_MYSQL=OFF -DENABLE_NAT=ON -DENABLE_NAT=OFF -DENABLE_REUSE_PORT=ON -DENABLE_REUSE_PORT=OFF -DENABLE_SSL_KEYLOG=ON -DENABLE_SSL_KEYLOG=OFF -DENABLE_TLS13_CIPHERSUITES=ON -DENABLE_TLS13_CIPHERSUITES=OFF -DFORCE_TCP_FASTOPEN=ON -DFORCE_TCP_FASTOPEN=OFF -DSYSTEMD_SERVICE=AUTO -DSYSTEMD_SERVICE=ON -DSYSTEMD_SERVICE=OFF -DSYSTEMD_SERVICE_PATH=/path/to/systemd/system ``` -------------------------------- ### Kitsunebi-android Custom Configuration Source: https://github.com/trojan-gfw/trojan/wiki/Mobile-Platforms A custom configuration file for Kitsunebi-android, designed to bypass China's domain/IP and local network restrictions by routing traffic through a Trojan SOCKS5 proxy. ```config { "outbounds": [ { "protocol": "socks", "settings": { "servers": [ { "address": "127.0.0.1", "port": -----replace with the value of "local_port" in your client config----- } ] }, "tag": "proxy" }, { "protocol": "freedom", "settings": {}, "tag": "direct" } ], "dns": { "servers": [ { "address": "114.114.114.114", "port": 53, "domains": [ "geosite:geolocation-cn" ] }, { "address": "8.8.8.8", "port": 53, "domains": [ "geosite:geolocation-!cn" ] }, "114.114.114.114" ] }, "routing": { "strategy": "rules", "domainStrategy": "IPIfNonMatch", "settings": { "rules": [ { "type": "field", "ip": [ "geoip:private", "geoip:cn" ], "outboundTag": "direct" }, { "type": "field", "domain": [ "-----replace with your trojan domain-----" ], "port": -----replace with your trojan port----- "network": "tcp", "protocol": [ "tls" ], "outboundTag": "direct" }, { "type": "field", "inboundTag": "tunsocks", "outboundTag": "proxy" } ] } } } ``` -------------------------------- ### Patch CMakeLists.txt for Linker Errors Source: https://github.com/trojan-gfw/trojan/wiki/Mobile-Platforms A patch to modify the CMakeLists.txt file to resolve potential linker errors, specifically by adding the 'atomic' library. ```patch if(ENABLE_MYSQL) target_link_libraries(trojan ${MYSQL_LIBRARIES}) add_definitions(-DENABLE_MYSQL) endif() +target_link_libraries(trojan atomic) if(WIN32) target_link_libraries(trojan wsock32 ws2_32 crypt32) else() ```