# trojan-rs
[](https://crates.io/crates/trojan)
[](https://docs.rs/trojan)
[](https://github.com/trojan-rs/trojan-rs/actions/workflows/ci.yml)
[](https://github.com/trojan-rs/trojan-rs/blob/master/LICENSE)
A high-performance Rust implementation of the [Trojan](https://trojan-gfw.github.io/trojan/protocol) protocol.
## Features
- **High Performance** - Built with async Rust and Tokio for maximum throughput
- **TLS 1.3 Support** - Modern encryption with configurable TLS versions and mTLS
- **WebSocket Transport** - Optional WebSocket encapsulation for CDN compatibility
- **Multiple Auth Backends** - Memory, SQLite, PostgreSQL, and MySQL support
- **User Management** - Full CLI for managing users with traffic limits
- **Prometheus Metrics** - Built-in metrics exporter for monitoring
- **Analytics** - Connection event tracking with ClickHouse backend
- **Rate Limiting** - Per-IP connection rate limiting
- **TCP Tuning** - Configurable TCP_NODELAY, Keep-Alive, SO_REUSEPORT, TCP Fast Open
- **Fallback Server** - Configurable fallback with connection warm pool
- **Certificate Management** - Self-signed certificate generation (optional feature)
- **Self-Upgrade** - Auto-update from GitHub releases (optional feature)
- **Cross-Platform** - Linux, macOS, and Windows support
## Installation
### Pre-built Binaries
Download from [GitHub Releases](https://github.com/trojan-rs/trojan-rs/releases).
### Cargo
```bash
cargo install trojan
```
### From Source
```bash
git clone https://github.com/trojan-rs/trojan-rs
cd trojan-rs
cargo build --release
```
## Usage
### Server
```bash
# Run with config file
trojan server -c config.toml
# Run with CLI options
trojan server --listen 0.0.0.0:443 \
--tls-cert /path/to/cert.pem \
--tls-key /path/to/key.pem \
--password "your-password" \
--fallback 127.0.0.1:80
```
### Certificate Generation
```bash
# Generate a self-signed certificate
trojan cert generate \
--domain example.com \
--domain localhost \
--ip 127.0.0.1 \
--output /etc/trojan \
--days 365
```
### User Management (SQL Backend)
```bash
# Initialize database
trojan auth init --database sqlite://users.db
# Add user
trojan auth add --database sqlite://users.db \
--password "user-password" \
--upload-limit 10737418240 \
--download-limit 107374182400
# List users
trojan auth list --database sqlite://users.db
# Remove user
trojan auth remove --database sqlite://users.db --password "user-password"
```
## Configuration
Supports TOML, YAML, JSON, and JSONC formats. Create a `config.toml` file:
```toml
[server]
listen = "0.0.0.0:443"
fallback = "127.0.0.1:80"
tcp_idle_timeout_secs = 600
udp_timeout_secs = 60
[server.tcp]
no_delay = true
keepalive_secs = 300
reuse_port = false
fast_open = false
[tls]
cert = "/etc/trojan/cert.pem"
key = "/etc/trojan/key.pem"
alpn = ["http/1.1"]
[auth]
passwords = ["password1", "password2"]
[websocket]
enabled = true
mode = "mixed"
path = "/ws"
[metrics]
listen = "127.0.0.1:9100"
[logging]
level = "info"
```
For all available options, see the [`trojan-config` documentation](https://docs.rs/trojan-config).
## Supported Platforms
| Linux | x86_64, aarch64, armv7, i686 |
| Linux (musl) | x86_64, aarch64, armv7, i686 |
| macOS | x86_64, aarch64 (Apple Silicon) |
| Windows | x86_64 |
## Crates
| [`trojan-core`](https://docs.rs/trojan-core) | Core types and utilities |
| [`trojan-proto`](https://docs.rs/trojan-proto) | Protocol encoding/decoding |
| [`trojan-auth`](https://docs.rs/trojan-auth) | Authentication backends |
| [`trojan-config`](https://docs.rs/trojan-config) | Configuration parsing |
| [`trojan-metrics`](https://docs.rs/trojan-metrics) | Prometheus metrics |
| [`trojan-analytics`](https://docs.rs/trojan-analytics) | Connection tracking |
| [`trojan-server`](https://docs.rs/trojan-server) | Server implementation |
| [`trojan-cert`](https://docs.rs/trojan-cert) | Certificate management |
## License
GPL-3.0-only