一、安装面板。
1、登录服务器,输入以下代码下载
yum install -y wget && wget -O install.sh http://download.bt.cn/install/install_6.0.sh && sh install.sh2、安装完成后,依次安装 Nginx1.18、MySQL5.6、PHP7.4等环境
二、安装网站
1、解析域名,@记录和www记录。
2、分别点击 “软件商店” – “一键部署” ,找到 WordPress 并选择一键部署,填写解析好的两个域名。
3、部署完毕以后,输入我们绑定的域名进行数据库配置及网站设置。
4、在网站设置里面开启 “伪静态” 为 WordPress ,然后转到配置文件设置。
5、在线申请ssl证书,在网站设置里面,勾选两个绑定的域名,并为其申请 SSL 证书和开启强制 Https 的访问。域名申请选择DNS申请。
6、找到 “软件商店” – “已安装” – “Nginx1.18”,设置 Nginx 的配置信息,复制代码如下(17、18域名需要替换):
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
stream {
# 这里就是 SNI 识别,将域名映射成一个配置名
map $ssl_preread_server_name $backend_name {
lidaye.cc web;
www.lidaye.cc trojan;
# 域名都不匹配情况下的默认值
default web;
}
# web,配置转发详情
upstream web {
server 127.0.0.1:4433;
}
# trojan,配置转发详情
upstream trojan {
server 127.0.0.1:10110;
}
# 监听 443 并开启 ssl_preread
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
location ~ /tmp/ {
return 403;
}
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}
7、转到配置文件,删除在 server 模块下面的 server_name 里面的 二级域名,只保留主域名, server 模块里面的443端口更改为 4433。在原有的 server 模块下面增加如下代码(需要替换域名)。
server
{
listen 10111;
server_name www.lidaye.cc.net;
location / {
if ($http_host !~ "^lidaye.cc$") {
rewrite ^(.*) https://lidaye.cc$1 permanent;
}
if ($server_port !~ 4433){
rewrite ^(.*) https://lidaye.cc$1 permanent;
}
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log logs/aaa.com_access.log;
}8、更改完毕以后,关闭ssl服务,重启nginx,再开启ssl服务。
三、安装trojan。
1、安装代码如下。
sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"2、设置开机自启动。
systemctl enable trojan #设置Trojan开启自动启动3、修改Trojan配置文件,找到VPS以下文件 /usr/local/etc/trojan/config.json 修改为如下代码:(自行更改密码和域名证书路径)
{
"run_type": "server",
"local_addr": "127.0.0.1",
"local_port": 10110,
"remote_addr": "127.0.0.1",
"remote_port": 10111,
"password": [
"lidaye9527"
],
"log_level": 1,
"ssl": {
"cert": "/www/server/panel/vhost/cert/lidaye.cc/fullchain.pem",
"key": "/www/server/panel/vhost/cert/lidaye.cc/privkey.pem",
"key_password": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"alpn_port_override": {
"h2": 81
},
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": "",
"key": "",
"cert": "",
"ca": ""
}
}4、重启trojan
systemctl restart trojan
楼主残忍的关闭了评论