CF_KEY调用CloudFlare+CDN来纯手工docker建立最纯粹的trojan-go+CDN
date
Feb 6, 2022
slug
newservice-cloudflare-ssl-trojan-go-docker
status
Published
summary
新服务 CloudFlare SSL签发
tags
service
type
Post
URL
Summary
步骤
签发 SSL
#export CF_Key="e59702ff9624bbb7f7a"
#export CF_Email="your_cf@email.account"
export CF_SSL_DOMAIN="x.yourdomain.com"
export SSL_LOCATION="/etc/ssl" # export SSL_LOCATION=$(pwd)
# 创建证书目录
apt update -y && apt-get install -y wget vim socat
wget -qO- get.acme.sh | bash
mkdir -p $SSL_LOCATION
source ~/.zshrc #~/.acme.sh/acme.sh
acme.sh --register-account -m any@love.com
# 获取证书
# acme.sh --issue --dns dns_cf -d yourdomain.com -d *.yourdomain.com -k ec-256 # for wildcard
acme.sh --issue --dns dns_cf -d $CF_SSL_DOMAIN -k ec-256
# standalone mode
acme.sh --issue -d $CF_SSL_DOMAIN --standalone
# 安装证书和私钥到指定位置
acme.sh --installcert -d $CF_SSL_DOMAIN --fullchain-file $SSL_LOCATION/$CF_SSL_DOMAIN.crt --key-file $SSL_LOCATION/$CF_SSL_DOMAIN.key --ecc
# assuming current folder
#acme.sh --installcert -d $CF_SSL_DOMAIN --fullchain-file server.crt --key-file server.key
acme.sh --upgrade --auto-upgrade
acme.sh --renew -d $CF_SSL_DOMAIN --forcetrojan-go docker service + cdn (无须cdn这将所有相关去掉即可)
export DOCKER_NAME='trojan-go'
export DOCKER_PORT=44443
export DOCKER_PASSWORD='Pa$$w0rd9527'
export DOCKER_SNI='orc.xxx.com' # export DOCKER_SNI=$CF_SSL_DOMAIN
mkdir /data/trojan-go && cd /data/trojan-go
cat > config.json <<EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "example.com",
"remote_port": 80,
"password": [
"$DOCKER_PASSWORD"
],
"ssl": {
"cert": "/data/server.crt",
"key": "/data/server.key",
"sni": "$DOCKER_SNI"
},
"websocket": {
"enabled": true,
"path": "/randpath",
"hostname": "$CF_SSL_DOMAIN"
}
}
EOF
docker run \
-d --name=${DOCKER_NAME} --restart=always \
-p $DOCKER_PORT:443 \
-p 8443:443 \
-p 9443:443 \
-p 10443:443 \
-p 11443:443 \
-p 12443:443 \
-p 13443:443 \
-p 14443:443 \
-v $SSL_LOCATION/$CF_SSL_DOMAIN.crt:/data/server.crt:ro `#check location` \
-v $SSL_LOCATION/$CF_SSL_DOMAIN.key:/data/server.key:ro \
-v $(pwd):/etc/trojan-go \
teddysun/trojan-go
# docker run -d --name trojan-go-manual --restart always -p 443:443 -v $(pwd):/etc/trojan-go -v /etc/ssl:/etc/ssl teddysun/trojan-go
# 也可以用--network host; 这样就可以和warp共存了
docker run -d --name trojan-go-manual --restart always --network host -v $(pwd):/etc/trojan-go -v /etc/ssl:/etc/ssl teddysun/trojan-go
# 客户端比如clashx里面的配置
- name: "Trojan|orcjp1日本甲骨文免费1"
type: trojan
server: orcjp1.xx.yy
port: 443
password: your-own-password
sni: orcjp1.xx.yy
skip-cert-verify: true
network: ws
udp: true
ws-opts:
path: /randpath
headers:
Host: orcjp1.xx.yy
一键开启加了使用了CloudFlare自签发的证书+必须开始cdn
mkdir -p /data/trojan-go-cdn; cd /data/trojan-go-cdn
# 先找好可以key & cert
cat > private.key <<EOF
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDP5POtzNZfbHRS
-----END PRIVATE KEY-----
EOF
cat > cert.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgIUYzJXQBvpBbmBZIPj4WCeNJL6MG0wDQYJKoZIhvcNAQEL
-----END CERTIFICATE-----
EOF
export CF_SSL_DOMAIN="orcjp1.xx.yy"
export DOCKER_PASSWORD='Pa$$w0rd9527'
cat > config.json <<EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "example.com",
"remote_port": 80,
"password": [
"$DOCKER_PASSWORD"
],
"ssl": {
"cert": "/etc/trojan-go/cert.crt",
"key": "/etc/trojan-go/private.key",
"sni": "$CF_SSL_DOMAIN"
},
"websocket": {
"enabled": true,
"path": "/randpath",
"hostname": "$CF_SSL_DOMAIN"
}
}
EOF
docker run -d --name trojan-go-cdn --restart always -p 443:443 -v $(pwd):/etc/trojan-go teddysun/trojan-go
# 也可以用--network host; 这样就可以和warp共存了
docker run -d --name trojan-go-cdn --restart always --network host -v $(pwd):/etc/trojan-go teddysun/trojan-go
docker logs -f trojan-go-cdn
docker rm -f trojan-go-cdn