# 首先确保国外有 Trojan 服务端
# 在腾讯云服务器上安装 Trojan 客户端
$ tar -xvf trojan-1.16.0-linux-amd64.tar.xz
$ mv trojan/trojan /usr/local/bin
# 配置 Trojan 客户端配置文件
$ mkdir /etc/trojan
$ cat > /etc/trojan/config.json <<-EOF
{
"run_type": "client",
"local_addr": "0.0.0.0",
"local_port": 1080,
"remote_addr": "xxxx",
"remote_port": 443,
"password": [
"xxxxx"
],
"log_level": 1,
"ssl": {
"verify": false,
"verify_hostname": false,
"cert": ""
}
}
EOF
# 配置 Systemd 的 Trojan 客户端服务
$ cat > /etc/systemd/system/trojan.service <<-EOF
[Unit]
Description=trojan
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/trojan -c /etc/trojan/config.json -l /var/log/trojan.log
ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=1048576
[Install]
WantedBy=multi-user.target
EOF
# 创建日志文件
$ touch /var/log/trojan.log
$ chown nobody:nogroup /var/log/trojan.log
# 启动 Trojan
$ systemctl enable trojan
$ systemctl start trojan
# 验证代理是否成功
$ curl
ip.sb --socks5 127.0.0.1:1080
# 在 Systemd 中配置 Docker Daemon 使用 SOCKS5 代理,其中代理 IP 改为自己的 Trojan 客户端 IP
$ mkdir -p /etc/systemd/system/docker.service.d
$ tee /etc/systemd/system/docker.service.d/socks5-proxy.conf <<-'EOF'
[Service]
Environment="HTTP_PROXY=socks5://172.27.111.113:1080/" "HTTPS_PROXY=socks5://172.27.111.113:1080/" "NO_PROXY=localhost,127.0.0.1,
docker.io,
yanzhe919.mirror.aliyuncs.com,
99nkhzdo.mirror.aliyuncs.com,*.aliyuncs.com,*.mirror.aliyuncs.com,
registry.docker-cn.com,
hub.c.163.com,
hub-auth.c.163.com,"
EOF
# 重启 Docker Daemon 服务
$ systemctl daemon-reload
$ systemctl restart docker
$ systemctl show --property=Environment docker # 查看环境变量是否生效
# 测试能否下载 Google 镜像
$ docker pull
k8s.gcr.io/kube-proxy:v1.22.0