Trojan Server
High-performance Trojan protocol server with TLS, WebSocket, and rule-based routing
trojan-server is the core component of trojan-rs. It accepts Trojan protocol connections over TLS, authenticates clients, and proxies traffic to its destination. Non-Trojan traffic is forwarded to a configurable fallback address, making the server indistinguishable from a normal HTTPS server.
Features
- TLS 1.2/1.3 with configurable cipher suites and mTLS support
- WebSocket transport for CDN compatibility (mixed and split modes)
- Multiple auth backends — in-memory, SQLite, PostgreSQL, MySQL
- User management CLI with traffic limits and expiration
- Rule-based routing — domain, IP CIDR, GeoIP, Surge/Clash rule formats
- Load balancing — round-robin, IP hash, least connections, failover
- Rate limiting with per-IP connection throttling
- Fallback server with connection warm pool
- Prometheus metrics with 30+ metric definitions
- ClickHouse analytics for connection event tracking
- TCP tuning — TCP_NODELAY, Keep-Alive, SO_REUSEPORT, TCP Fast Open
- Signal handling — SIGHUP reload, SIGTERM graceful shutdown
Quick Start
trojan server -c config.toml[server]
listen = "0.0.0.0:443"
fallback = "127.0.0.1:80"
[tls]
cert = "/etc/trojan/cert.pem"
key = "/etc/trojan/key.pem"
[auth]
passwords = ["your-secret-password"]Architecture
Client ──TLS──▶ trojan-server ──▶ Target
│
└── (invalid auth) ──▶ Fallback HTTP server