Post

Update On Getting Over China Great Firewall

In this post, we will discuss a practical method for circumventing the China Great Firewall (CGFW) using self-hosted solutions within your homelab infrastructure. This approach focuses on DevOps automation and.

Posted
By
views 2 min read

# Update On Getting Over China Great Firewall

In this post, we will discuss a practical method for circumventing the China Great Firewall (CGFW) using self-hosted solutions within your homelab infrastructure. This approach focuses on DevOps automation and open-source tools to ensure seamless, secure, and reliable internet access.

Prerequisites

  1. A physical or virtual machine running a Linux distribution (e.g., Ubuntu 20.04 LTS) with at least 2GB RAM and 20GB storage.
  2. Basic knowledge of command-line interface (CLI).
  3. Access to a VPN service provider that bypasses the CGFW (optional but recommended).
  4. Docker CE version 19.03.12 or later: apt install docker-ce=19.03.12
  5. Docker Compose version 1.26.2 or later: apt install docker-compose=1.26.2

Solution Steps

Step 1: Create a new directory and navigate to it

1

mkdir cgfw-bypass && cd cgfw-bypass

Step 2: Configure Docker Compose YAML file (docker-compose.yml)

Create a file named docker-compose.yml with the following content:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

version: '3'
services:
  trojan:
    image: containrrr/trojan:v1.12.1
    container_name: trojan
    restart: always
    environment:
      - PROXY_USER=<your username>
      - PROXY_PASSWORD=<your password>
      - GEOIP_DATA_FILE=/usr/share/GeoLite2-Country/GeoLite2-Country.mmdb
      - REDIRECT_PORT=80,443
      - LETSENCRYPT_HOSTNAME=<your domain or IP>
      - UDP_PORT_RANGE=10000-65000
      - WS_PATH=/ws
    ports:
      - "80:80"
      - "443:443"
      - "10000:10000/udp" # Change this to your custom port range
    volumes:
      - ./geoshape.json:/etc/trojan/geoip.json # Optional, for geographical restrictions

Replace <your username>, <your password>, and <your domain or IP> with appropriate values. If you have specific geographical requirements, provide a geoshape.json file with the necessary configuration.

Step 3: Build and Run Docker Compose

1

docker-compose up -d

Your Trojan server is now running in a container and accessible over ports 80 and 443. If you have specified a custom UDP port range, ensure that it does not conflict with other services on your machine.

Troubleshooting

  1. Check the logs of the Trojan container: docker-compose logs -f
  2. Verify the container is running: docker ps
  3. Check if your domain/IP is accessible from outside the firewall: Use a tool like mxtoolbox or similar services to check your DNS resolution and connectivity.

Conclusion

This solution provides a self-hosted method for bypassing the China Great Firewall using open-source tools such as Trojan and Docker Compose. By automating this process, you can maintain a secure, scalable, and reliable infrastructure to ensure seamless access to the global internet. Keep in mind potential security considerations when deploying your setup. Use strong passwords, implement geographical restrictions if needed, and monitor your servers for any unusual activities.

Remember that using this method may violate local laws and regulations; please be aware of your legal responsibilities before proceeding.

DevOps, Infrastructure
homelab self-hosted tutorial
This post is licensed under CC BY 4.0 by the author.