trojan 0.5.2

A Rust implementation of the Trojan protocol
Documentation

trojan-rs

Crates.io Documentation CI License

A high-performance Rust implementation of the Trojan protocol.

Features

  • High Performance - Built with async Rust and Tokio for maximum throughput
  • TLS 1.3 Support - Modern encryption with configurable TLS versions and mTLS
  • WebSocket Transport - Optional WebSocket encapsulation for CDN compatibility
  • Multiple Auth Backends - Memory, SQLite, PostgreSQL, and MySQL support
  • User Management - Full CLI for managing users with traffic limits
  • Prometheus Metrics - Built-in metrics exporter for monitoring
  • Analytics - Connection event tracking with ClickHouse backend
  • Rate Limiting - Per-IP connection rate limiting
  • TCP Tuning - Configurable TCP_NODELAY, Keep-Alive, SO_REUSEPORT, TCP Fast Open
  • Fallback Server - Configurable fallback with connection warm pool
  • Certificate Management - Self-signed certificate generation (optional feature)
  • Self-Upgrade - Auto-update from GitHub releases (optional feature)
  • Cross-Platform - Linux, macOS, and Windows support

Installation

Pre-built Binaries

Download from GitHub Releases.

Cargo

cargo install trojan

From Source

git clone https://github.com/trojan-rust/trojan-rust
cd trojan-rs
cargo build --release

Usage

Server

# Run with config file
trojan server -c config.toml

# Run with CLI options
trojan server --listen 0.0.0.0:443 \
  --tls-cert /path/to/cert.pem \
  --tls-key /path/to/key.pem \
  --password "your-password" \
  --fallback 127.0.0.1:80

Certificate Generation

# Generate a self-signed certificate
trojan cert generate \
  --domain example.com \
  --domain localhost \
  --ip 127.0.0.1 \
  --output /etc/trojan \
  --days 365

User Management (SQL Backend)

# Initialize database
trojan auth init --database sqlite://users.db

# Add user
trojan auth add --database sqlite://users.db \
  --password "user-password" \
  --upload-limit 10737418240 \
  --download-limit 107374182400

# List users
trojan auth list --database sqlite://users.db

# Remove user
trojan auth remove --database sqlite://users.db --password "user-password"

Configuration

Supports TOML, YAML, JSON, and JSONC formats. Create a config.toml file:

[server]
listen = "0.0.0.0:443"
fallback = "127.0.0.1:80"
tcp_idle_timeout_secs = 600
udp_timeout_secs = 60

[server.tcp]
no_delay = true
keepalive_secs = 300
reuse_port = false
fast_open = false

[tls]
cert = "/etc/trojan/cert.pem"
key = "/etc/trojan/key.pem"
alpn = ["http/1.1"]

[auth]
passwords = ["password1", "password2"]

[websocket]
enabled = true
mode = "mixed"
path = "/ws"

[metrics]
listen = "127.0.0.1:9100"

[logging]
level = "info"

For all available options, see the trojan-config documentation.

Supported Platforms

Platform Architecture
Linux x86_64, aarch64, armv7, i686
Linux (musl) x86_64, aarch64, armv7, i686
macOS x86_64, aarch64 (Apple Silicon)
Windows x86_64

Crates

Crate Description
trojan-core Core types and utilities
trojan-proto Protocol encoding/decoding
trojan-auth Authentication backends
trojan-config Configuration parsing
trojan-metrics Prometheus metrics
trojan-analytics Connection tracking
trojan-server Server implementation
trojan-cert Certificate management

License

GPL-3.0-only