CF_KEY调用CloudFlare+CDN来纯手工docker建立最纯粹的trojan-go+CDN

date
Feb 6, 2022
slug
newservice-cloudflare-ssl-trojan-go-docker
status
Published
summary
新服务 CloudFlare SSL签发
tags
service
type
Post
URL

Summary

步骤

签发 SSL

#export CF_Key="e59702ff9624bbb7f7a"
#export CF_Email="your_cf@email.account"
export CF_SSL_DOMAIN="x.yourdomain.com"
export SSL_LOCATION="/etc/ssl" # export SSL_LOCATION=$(pwd)

# 创建证书目录
apt update -y && apt-get install -y wget vim socat
wget -qO- get.acme.sh | bash
mkdir -p $SSL_LOCATION

source ~/.zshrc #~/.acme.sh/acme.sh
acme.sh --register-account -m any@love.com
# 获取证书
# acme.sh --issue --dns dns_cf -d yourdomain.com -d *.yourdomain.com -k ec-256 # for wildcard
acme.sh --issue --dns dns_cf -d $CF_SSL_DOMAIN -k ec-256

# standalone mode
acme.sh --issue -d $CF_SSL_DOMAIN --standalone



# 安装证书和私钥到指定位置
acme.sh --installcert -d $CF_SSL_DOMAIN --fullchain-file $SSL_LOCATION/$CF_SSL_DOMAIN.crt --key-file $SSL_LOCATION/$CF_SSL_DOMAIN.key --ecc

# assuming current folder
#acme.sh --installcert -d $CF_SSL_DOMAIN --fullchain-file server.crt --key-file server.key

acme.sh --upgrade --auto-upgrade


acme.sh --renew -d $CF_SSL_DOMAIN --force

trojan-go docker service + cdn (无须cdn这将所有相关去掉即可)

notion image
export DOCKER_NAME='trojan-go'
export DOCKER_PORT=44443
export DOCKER_PASSWORD='Pa$$w0rd9527'
export DOCKER_SNI='orc.xxx.com' # export DOCKER_SNI=$CF_SSL_DOMAIN

mkdir /data/trojan-go && cd /data/trojan-go

cat > config.json <<EOF
{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "example.com",
    "remote_port": 80,
    "password": [
        "$DOCKER_PASSWORD"
    ],
    "ssl": {
        "cert": "/data/server.crt",
        "key": "/data/server.key",
        "sni": "$DOCKER_SNI"
    },
    "websocket": {
      "enabled": true,
      "path": "/randpath",
      "hostname": "$CF_SSL_DOMAIN"
    }
}
EOF

docker run \
    -d --name=${DOCKER_NAME} --restart=always \
    -p $DOCKER_PORT:443 \
    -p 8443:443 \
    -p 9443:443 \
    -p 10443:443 \
    -p 11443:443 \
    -p 12443:443 \
    -p 13443:443 \
    -p 14443:443 \
    -v $SSL_LOCATION/$CF_SSL_DOMAIN.crt:/data/server.crt:ro `#check location` \
    -v $SSL_LOCATION/$CF_SSL_DOMAIN.key:/data/server.key:ro \
    -v $(pwd):/etc/trojan-go \
    teddysun/trojan-go

# docker run -d --name trojan-go-manual --restart always -p 443:443 -v $(pwd):/etc/trojan-go -v /etc/ssl:/etc/ssl teddysun/trojan-go

# 也可以用--network host; 这样就可以和warp共存了
docker run -d --name trojan-go-manual --restart always --network host -v $(pwd):/etc/trojan-go -v /etc/ssl:/etc/ssl teddysun/trojan-go


# 客户端比如clashx里面的配置
- name: "Trojan|orcjp1日本甲骨文免费1"
  type: trojan
  server: orcjp1.xx.yy
  port: 443
  password: your-own-password
  sni: orcjp1.xx.yy
  skip-cert-verify: true
  network: ws
  udp: true
  ws-opts:
    path: /randpath
    headers:
      Host: orcjp1.xx.yy
notion image

一键开启加了使用了CloudFlare自签发的证书+必须开始cdn

mkdir -p /data/trojan-go-cdn; cd /data/trojan-go-cdn

# 先找好可以key & cert
cat > private.key <<EOF
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDP5POtzNZfbHRS
-----END PRIVATE KEY-----
EOF

cat > cert.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgIUYzJXQBvpBbmBZIPj4WCeNJL6MG0wDQYJKoZIhvcNAQEL
-----END CERTIFICATE-----
EOF

export CF_SSL_DOMAIN="orcjp1.xx.yy"
export DOCKER_PASSWORD='Pa$$w0rd9527'
cat > config.json <<EOF
{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "example.com",
    "remote_port": 80,
    "password": [
        "$DOCKER_PASSWORD"
    ],
    "ssl": {
        "cert": "/etc/trojan-go/cert.crt",
        "key": "/etc/trojan-go/private.key",
        "sni": "$CF_SSL_DOMAIN"
    },
    "websocket": {
      "enabled": true,
      "path": "/randpath",
      "hostname": "$CF_SSL_DOMAIN"
    }
}
EOF
docker run -d --name trojan-go-cdn --restart always -p 443:443 -v $(pwd):/etc/trojan-go teddysun/trojan-go

# 也可以用--network host; 这样就可以和warp共存了
docker run -d --name trojan-go-cdn --restart always --network host -v $(pwd):/etc/trojan-go teddysun/trojan-go

docker logs -f trojan-go-cdn

docker rm -f  trojan-go-cdn


© Ying Bun 2021 - 2024