能否手动指定配置文件路径

[killgcd4ever]

第一次使用，用的trojan-gfw的systemd例子用了，结果启动失败，查看日志才发现找不到配置项。所以能否让用户自定义配置路径呢？谢谢！

[killgcd4ever]

May 24 21:26:29 vultr.guest trojan-go[18101]: [ERROR] 2020/05/24 21:26:29 github.com/p4gefau1t/trojan-go/proxy.(*proxyOption).Handle:option.go:38 Failed to parse config file | 127.0.0.1:80 is not a valid web server | Get "https://127.0.0.1/"

启动之后报这个错误，什么意思？

[p4gefau1t]

1. 可以指定路径，请先仔细阅读文档并学习systemd的基本配置

2. trojan-go启动时，会检测用户提供的伪装http服务器是否有效，如果无效则拒绝启动服务，请先仔细阅读文档

[killgcd4ever]

1.第一个问题，未找到文档说明，能指明在文档哪一节吗
2.确认伪装服务正常，因为原版trojan就是正常的
另外文档里面完整版的配置文件里面给出的内容有两处错误：
node:websocket->ssl->plain_http_response 后面多了一个逗号
node:api->ssl 外面一个花括号多了一个逗号

[p4gefau1t]

1. 请学习systemd的配置，阅读trojan-go.service，善用-h选项，并且readme也有提到如何启动服务

2. trojan-gfw可以启动，是因为trojan-gfw没有检测伪装服务合法性的机制。并且你所提供的日志并不完整，我也无法详细判定问题所在

3. 文档已经修正，感谢提醒

[killgcd4ever]

我的配置如下，烦请指正下，谢谢。因为我想和nginx和v2ray共存，所以利用了nginx的ngx_stream_ssl_preread_module模块的特性，把trojan-go放到了nginx后面。原版这样配置是没问题的。请问作者trojan-go该如何配置？顺便问下这样配置会不会降低安全性？如果实在要这样配置还有没有更好的建议？谢谢了，给你作揖！
nginx:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;

events {
accept_mutex on;
worker_connections 1024;
}

stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/access.log proxy;

map $ssl_preread_server_name $name {
	default nginx;
}

upstream nginx {
	server 127.0.0.1:8443;
}

server {
	listen 443;
	proxy_pass $name;
	ssl_preread on;
}

}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name mydomain.com ssr.mydomain.com www.mydomain.com;
	return 301 https://$host$request_uri; 
}

server {
	listen 80;
	listen [::]:80;
	root /usr/share/nginx/html;
	index index.html index.htm;
	server_name daze.mydomain.com goflyway.mydomain.com trojan.mydomain.com;
}	

server {
	listen 8443 ssl http2;
	listen [::]:8443 ssl http2;
	root /usr/share/nginx/html;
	index index.html index.htm;
	ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mydomain.com/key.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
	ssl_dhparam /etc/letsencrypt/live/mydomain.com/dhparam.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;
	ssl_ecdh_curve secp384r1;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers off;
	resolver 1.1.1.1 8.8.8.8 valid=300s;
	resolver_timeout 30s;
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
	server_name mydomain.com ssr.mydomain.com tj.mydomain.com www.mydomain.com;
	
	location /websocketpath {
		proxy_redirect off;
		proxy_pass http://127.0.0.1:29443;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

}

trojan-go:
{
"run_type": "server",
"local_addr": "127.0.0.1",
"local_port": 29443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"log_level": 1,
"log_file": "",
"password": [
"mypassword"
],
"buffer_size": 32,
"dns": [
"dot://1.1.1.1",
"1.1.1.1",
"8.8.8.8"
],
"ssl": {
"verify": true,
"cert": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",
"key": "/etc/letsencrypt/live/mydomain.com/key.pem",
"key_password": "",
"cipher": "",
"cipher_tls13": "",
"curves": "",
"prefer_server_cipher": false,
"sni": "mydomain.com",
"alpn": [
"http/1.1"
],
"session_ticket": true,
"reuse_session": true,
"plain_http_response": "",
"fallback_port": 0,
"fingerprint": "firefox",
"serve_plain_text": false
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"prefer_ipv4": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mux": {
"enabled": false,
"concurrency": 8,
"idle_timeout": 60
},
"router": {
"enabled": false,
"bypass": [],
"proxy": [],
"block": [],
"default_policy": "proxy",
"domain_strategy": "as_is",
"geoip": "./geoip.dat",
"geosite": "./geoip.dat"
},
"websocket": {
"enabled": true,
"path": "/websocketpath",
"hostname": "mydomain.com",
"obfuscation_password": "mypassword",
"double_tls": true,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",
"key": "/etc/letsencrypt/live/mydomain.com/key.pem",
"key_password": "",
"prefer_server_cipher": false,
"sni": "mydomain.com",
"session_ticket": true,
"reuse_session": true,
"plain_http_response": "",
}
},
"forward_proxy": {
"enabled": false,
"proxy_addr": "",
"proxy_port": 0,
"username": "",
"password": ""
},
"mysql": {
"enabled": false,
"server_addr": "localhost",
"server_port": 3306,
"database": "",
"username": "",
"password": "",
"check_rate": 60
},
"redis": {
"enabled": false,
"server_addr": "localhost",
"server_port": 6379,
"password": ""
},
"api": {
"enabled": false,
"api_addr": "",
"api_port": 0,
"api_tls": false,
"ssl": {
"cert": "",
"key": "",
"key_password": "",
"client_cert": []
},
}
}

[p4gefau1t]

1. 如果要让nginx做tls加解密，那trojan-go应该只处理明文tcp内容，serve_plain_text应该设置为true

2. 配置相关的问题建议在群组里提问，而不是使用issue，issue主要用来讨论bug和feature