更新 trojan.sh

add port forward

trojan.sh

@@ -78,9 +78,9 @@ EOF
             red "不存在/usr/src/trojan-cert/$your_domain目录"
             exit 1
         fi
-        ~/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
-        ~/.acme.sh/acme.sh  --issue  -d $your_domain  --nginx
-        if test -s /root/.acme.sh/$your_domain/fullchain.cer; then
+        /root/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
+        /root/.acme.sh/acme.sh  --issue  -d $your_domain  --nginx
+        if test -s /root/.acme.sh/$your_domain_ecc/fullchain.cer; then
             cert_success="1"
         fi
     elif [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then
@@ -89,9 +89,9 @@ EOF
         now_time=`date +%s`
         minus=$(($now_time - $create_time ))
         if [  $minus -gt 5184000 ]; then
-            ~/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
-            ~/.acme.sh/acme.sh  --issue  -d $your_domain  --nginx
-            if test -s /root/.acme.sh/$your_domain/fullchain.cer; then
+            /root/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
+            /root/.acme.sh/acme.sh  --issue  -d $your_domain  --nginx
+            if test -s /root/.acme.sh/$your_domain_ecc/fullchain.cer; then
                 cert_success="1"
             fi
         else 
@@ -100,8 +100,8 @@ EOF
         fi        
     else 
         mkdir /usr/src/trojan-cert/$your_domain
-        ~/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
-        ~/.acme.sh/acme.sh  --issue  -d $your_domain  --nginx
+        /root/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
+        /root/.acme.sh/acme.sh  --issue  -d $your_domain  --nginx
         if test -s /root/.acme.sh/$your_domain_ecc/fullchain.cer; then
             cert_success="1"
         fi
@@ -266,7 +266,7 @@ EOF
         chmod +x ${systempwd}trojan.service
         systemctl enable trojan.service
         cd /root
-        ~/.acme.sh/acme.sh  --installcert  -d  $your_domain   \
+        /root/.acme.sh/acme.sh  --installcert  -d  $your_domain   \
             --key-file   /usr/src/trojan-cert/$your_domain/private.key \
             --fullchain-file  /usr/src/trojan-cert/$your_domain/fullchain.cer \
             --reloadcmd  "systemctl restart trojan"	
@@ -424,6 +424,10 @@ function repair_cert(){
     blue "务必与之前失败使用的域名一致"
     green "============================"
     read your_domain
+    if test -s /root/.acme.sh/$your_domain_ecc/fullchain.cer; then
+        green "证书文件存在"
+        exit 1
+    fi
     real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
     local_addr=`curl ipv4.icanhazip.com`
     if [ $real_addr == $local_addr ] ; then
@@ -433,20 +437,20 @@ function repair_cert(){
             now_time=`date +%s`
             minus=$(($now_time - $create_time ))
             if [  $minus -gt 5184000 ]; then
-                ~/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
-                ~/.acme.sh/acme.sh  --issue  -d $your_domain  --standalone
-                ~/.acme.sh/acme.sh  --installcert  -d  $your_domain   \
-                    --key-file   /usr/src/trojan-cert/$your_domain/private.key \
-                    --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \
-                    --reloadcmd  "systemctl restart trojan"
-                if test -s /usr/src/trojan-cert/$your_domain/fullchain.cer; then
-                    green "证书申请成功"
-                    systemctl restart trojan
-                    systemctl start nginx
-                else
-                    red "申请证书失败"
-                fi
-            else 
+        /root/.acme.sh/acme.sh  --register-account  -m myemail@example.com --server zerossl
+        /root/.acme.sh/acme.sh  --issue  -d $your_domain  --standalone
+        /root/.acme.sh/acme.sh  --installcert  -d  $your_domain   \
+            --key-file   /usr/src/trojan-cert/$your_domain/private.key \
+            --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \
+            --reloadcmd  "systemctl restart trojan"
+        if test -s /usr/src/trojan-cert/$your_domain/fullchain.cer; then
+            green "证书申请成功"
+            systemctl restart trojan
+            systemctl start nginx
+        else
+            red "申请证书失败"
+        fi
+    else
                 ~/.acme.sh/acme.sh  --installcert  -d  $your_domain   \
                     --key-file   /usr/src/trojan-cert/$your_domain/private.key \
                     --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \
@@ -490,7 +494,12 @@ function remove_trojan(){
     green "trojan删除完毕"
     green "=============="
 }
- 
+function port_forward(){
+    iptables -t nat -A PREROUTING -p tcp --dport 49000:50000 -j REDIRECT --to-ports 443
+    green "=========================="
+    green "已将49000-50000端口转发至443"
+    green "=========================="
+}
 function update_trojan(){
     /usr/src/trojan/trojan -v 2>trojan.tmp
     curr_version=`cat trojan.tmp | grep "trojan" | awk '{print $4}'`
@@ -543,6 +552,7 @@ start_menu(){
     red " 2. 卸载trojan"
     green " 3. 升级trojan"
     green " 4. 修复证书"
+    green " 5. 端口映射"    
     blue " 0. 退出脚本"
     echo
     read -p "请输入数字 :" num
@@ -561,6 +571,9 @@ start_menu(){
     install_acme
     repair_cert 
     ;;
+    5)
+    port_forward
+    ;;
     0)
     exit 1
     ;;