程序员科学上网汇总

2025-06-01 15:35:43

本文主要针对程序员,解决 github 访问、clone、push 慢,docker 拉取镜像慢,无法访问 google、Stack Overflow 等。

建议使用 trojan-go,浏览器插件建议用:ZeroOmega,浏览器建议用 edge 或 chrome,Android app 建议用:igniter

trojan server 搭建

首先,我们需要一个 systemd 文件:/etc/systemd/system/trojan-go.service

/etc/systemd/system/trojan-go.service
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

[Unit]
Description=trojan-go service
After=network-online.target firewalld.service
Wants=network-online.target
StartLimitIntervalSec=0

[Service]
Restart=always
RestartSec=10
Nice=-20
LimitNOFILE=262140
ExecStart=/bin/bash /opt/trojan-go/startup.sh

[Install]
WantedBy=default.target

启动脚本:/opt/trojan-go/startup.sh 内容如下:

/opt/trojan-go/startup.sh
1
2

cd /opt/trojan-go
./trojan-go --config ./server.json > ./logs/startup.log

/opt/trojan-go/server.json 文件如下:

/opt/trojan-go/server.json
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 8443,
    "remote_addr": "127.0.0.1",
    "remote_port": 8082,
    "password": [
        "your-password-please-change-this-line"
    ],
    "ssl": {
	"cert": "/xxx/fullchain.cer",
        "key": "/xxx/xxx.key",
        "sni": "trojan.your-domain.com"
    },
    "router": {
        "enabled": true,
        "block": [
            "geoip:private"
        ],
        "geoip": "/opt/trojan-go/geoip.dat",
        "geosite": "/opt/trojan-go/geosite.dat"
    }
}

这里,假设 trojan-go 是下载到 /opt/trojan-go 目录下面;
最后,还需要一个 nginx 配置文件:

trojan.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

server {
    listen 8082;
    server_name trojan.your-domain.com;
    charset uft-8;
    location / {
        proxy_pass https://what-ever-you-want-to-proxy;
        gzip off;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Host what-ever-you-want-to-proxy;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    ssl_certificate_key /xxx/xxx.key;
    ssl_certificate /xxx/fullchain.cer;
}

trojan-go client 使用

systemd 文件这里忽略,可参考 server 的写法;startup 文件如下:

startup.sh
1
2
3

#!/bin/bash
cd /opt/trojan-go
./trojan-go -config ./config.json > ./startup.log

config.json 文件如下:

config.json
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

{
    "run_type": "client",
    "local_addr": "0.0.0.0",
    "local_port": 1080,
    "remote_addr": "trojan.your-domain.com",
    "remote_port": 8443,
    "password": [
        "your-password-please-change-this-line"
    ],
    "log_level": 1,
    "ssl": {
        "verify": true,
        "verify_hostname": true,
        "cert": "",
        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA",
        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
        "sni": "",
        "alpn": [
            "h2",
            "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "curves": ""
    },
    "tcp": {
        "no_delay": true,
        "keep_alive": true,
        "reuse_port": true,
        "fast_open": true,
        "fast_open_qlen": 20
    },
    "router": {
        "enabled": true,
        "bypass": [
            "geoip:cn",
            "geoip:private",
            "geosite:cn",
            "geosite:private"
        ],
        "block": [
            "geosite:category-ads"
        ],
        "proxy": [
            "geosite:geolocation-!cn"
        ],
        "default_policy": "proxy",
        "geoip": "/data/soft/trojan-go/geoip.dat",
        "geosite": "/data/soft/trojan-go/geosite.dat"
    }
}

只需要改前面域名和 password 部分即可;加上浏览器插件,至此畅游网络无压力,但是 github clone、push 以及 docker 镜像拉取依然慢。

hysteria2 搭建

这是一个比较新的,目前还在维护(2025.06.08),基于 http3,理论上丢包严重时,比 trojan-go 更好
官网:https://v2.hysteria.network/
Github: https://github.com/apernet/hysteria
server 配置如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

listen: :443 

tls:
  cert: /xxx/xxx.cer
  key: /xxx/xxx.key

auth:
  type: password
  password: your-password-change-it-please

masquerade: 
  type: proxy
  proxy:
    url: https://xxx.xxx.xxx
    rewriteHost: true

bandwidth:
  up: 1 gbps
  down: 1 gbps

ignoreClientBandwidth: true

另外,在启动脚本中,加入:

1
2

iptables -t nat -A PREROUTING -i eth0 -p udp --dport 10000:50000 -j REDIRECT --to-ports 443
ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 10000:50000 -j REDIRECT --to-ports 443

client 配置如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

server: xxx.xxx.xxx:443,10000-50000

auth: your-password-change-it-please

bandwidth: 
  up: 1024 mbps
  down: 1024 mbps

socks5:
  listen: 0.0.0.0:1080

fastOpen: true
lazy: true

transport:
  udp:
    hopInterval: 30s

请注意,带宽这里,设置为你实际能达到的上限,设置为 0 或 server 端 ignoreClientBandwidth=true 时使用 bbr 防拥堵算法,推荐用 bbr
Android 客户端建议用:https://github.com/MatsuriDayo/NekoBoxForAndroid

git 设置 socks5 代理

http 和 https 的代理

~/.gitconfig
1
2
3
4

[http "https://github.com"]
    proxy = socks5://localhost:1080
[http "http://github.com"]
    proxy = socks5://localhost:1080

ssh 代理

~/.ssh/config
1
2
3
4

Host github.com
    User git
    Port 22
    ProxyCommand nc -X 5 -x 127.0.0.1:1080 %h %p

这里 nc 需要装包,manjaro linux 需按照 openbsd-netcat,其他发行版,请自行搜索确认。

docker socks5 代理

首先,我们需要给 docker systemd 文件创建一个补丁文件:/etc/systemd/system/docker.service.d/http-proxy.conf

/etc/systemd/system/docker.service.d/http-proxy.conf
1
2
3
4
5

[Service]
Environment="ALL_PROXY=socks5://localhost:1080"
Environment="HTTP_PROXY=socks5://localhost:1080"
Environment="HTTPS_PROXY=socks5://localhost:1080"
Environment="NO_PROXY=localhost,127.0.0.1"
最后更新于
iframe 内嵌 grafana关于 wiki、博客、笔记的思考