Trojan Monitoring
Real-time uptime monitoring for Trojan and Trojan-Go servers. TunnelHQ auto-detects trojan:// URIs, performs actual TLS handshakes with password verification, and supports WebSocket, gRPC, and raw TCP transports. Sub-second alerts, REST API, free for 5 monitors.
Why Trojan needs specialized monitoring
Trojan's entire design goal is to look exactly like normal HTTPS traffic. This is excellent for users but terrible for generic uptime monitors.
The whole protocol works by:
- Client opens a standard TLS connection to the server on port 443
- After the TLS handshake completes, client sends a password hash as the first bytes
- If the password matches, the server treats the connection as a SOCKS5-like tunnel
- If the password is wrong or missing, the server transparently proxies the traffic to a fallback web server — so to the outside world it looks identical to any HTTPS site
This means any TLS probe succeeds — you always get a valid handshake. Generic uptime monitors will report "up" whether the Trojan process is actually running or not. If Trojan has crashed but nginx is still serving the fallback website on 443, a port monitor says "up"; your Trojan users see failed connections.
TunnelHQ performs the actual Trojan password authentication handshake and verifies that you're connecting to a real Trojan server, not just a fallback website.
URI auto-detection
Paste any standard Trojan URI and TunnelHQ parses the config automatically:
trojan://[email protected]:443?
security=tls&
sni=server.example.com&
type=ws&
path=/tunnel&
host=server.example.com#Production-TrojanFrom this, TunnelHQ extracts:
- Password (URL-decoded)
- Endpoint (
server.example.com:443) - SNI and ALPN values
- Transport (
tcp,ws,grpc) - WebSocket path and Host header (if transport is ws)
- gRPC service name (if transport is grpc)
Trojan vs Trojan-Go
Trojan-Go is a Go implementation with additional features (multiplexing via Mux, Shadowsocks-style AEAD fallback, WebSocket/gRPC transports). TunnelHQ handles both:
- Classic Trojan (C++ original): Raw TLS + password auth
- Trojan-Go: Classic Trojan plus WebSocket transport with path routing, gRPC transport, Mux multiplexing
Common Trojan failure modes TunnelHQ catches
- Password rotation without client update
- TLS certificate expiry on the server
- SNI mismatch after domain rename
- Trojan-Go process crashed but fallback web server still running on 443
- WebSocket path renamed on server, old path now hits fallback
- gRPC service name rotated
- Certificate chain rebuilt without intermediate cert
Pricing for Trojan monitoring
| Plan | Trojan Monitors | Interval | Price |
|---|---|---|---|
| Free | 5 | 10 min | $0 |
| Starter | 20 | 5 min | $12/mo or $84/yr |
| Pro | 100 | 2 min | $39/mo or $276/yr |
| Business | 500 | 1 min | $99/mo or $756/yr |
FAQ
Can I monitor a Trojan server behind Cloudflare?
Yes for WebSocket-over-TLS Trojan — Cloudflare proxies WS fine. For raw TLS Trojan, Cloudflare terminates TLS at the edge, so the Trojan handshake can't pass through. Deploy WS transport if you want Cloudflare in front.
Does TunnelHQ work with the Trojan-Go Mux multiplexer?
Yes — the Mux layer is transparent to monitoring. TunnelHQ performs the Trojan auth handshake and then closes the connection; Mux logic happens post-auth.
Does subscription URL monitoring detect new Trojan configs?
Yes. Point TunnelHQ at your V2Ray/Clash subscription URL. It polls the URL, parses any Trojan (and VLESS, VMess, SS) configs inside, and auto-creates monitors for new ones.