Docs Config Trojan

Trojan

Disguises proxy traffic as standard HTTPS browsing, with TLS built in by design โ€” one of the more reliable protocols today, with a lower false-positive detection rate.

Example Config

config.yaml YAML
proxies:
  - name: "trojan"
    type: trojan
    server: server
    port: 443
    password: yourpsk
    udp: true

    sni: example.com
    client-fingerprint: random
    skip-cert-verify: true

    network: tcp

Field Reference

passwordRequired

The Trojan server password. Sending it in plaintext is part of the Trojan protocol's design, relying on TLS for protection.

networkOptional

The transport layer โ€” supports ws/grpc, defaulting to tcp if not set; see Transport Layer Configuration. Fields like sni belong to the TLS fields.

ss-opts (trojan-go compatibility)

Older versions of trojan-go support layering an extra Shadowsocks AEAD encryption on top of Trojan. If your node uses this combination, you'll need to enable it here as well:

YAML ss-opts
ss-opts:
  enabled: true
  method: aes-128-gcm
  password: "example"
ss-opts.methodOptional

Supports aes-128-gcm/aes-256-gcm/chacha20-ietf-poly1305. Most modern Trojan nodes don't need this layer โ€” you can skip it entirely.