nginx开启ct(Certificate Transparency)

nginx需要安装nginx-ct模块, 该模块开发与2015-05-14 可运行在 nginx 1.9.0以上版本.

以下安装方法适用于 ubuntu

# 安装依赖库 (nginx-ct 依赖golang）

sudo apt-get install unzip gcc libpcre3-dev zlib1g-dev make golang-go


#下载安装包
wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz

wget http://nginx.org/download/nginx-1.9.0.tar.gz

wget -O nginx-ct.zip https://github.com/grahamedgecombe/nginx-ct/archive/master.zip

tar zxf openssl-1.0.2a.tar.gz

tar zxf nginx-1.9.0.tar.gz

unzip nginx-ct.zip




# 编译 nginx 、openssl 1.0.2 、 CT module

cd nginx-1.9.0/

./configure --with-http_ssl_module 

    --with-openssl=`realpath ../openssl-1.0.2a` 

    --add-module=`realpath ../nginx-ct-master`

make

sudo make install

cd ..




# 创建SSL目录

sudo mkdir /usr/local/nginx/conf/ssl

# 创建 SCTs 目录

sudo mkdir /usr/local/nginx/conf/ssl/scts

# 下载nginx-ct ，并且编译

wget -O ct-submit.zip https://github.com/grahamedgecombe/ct-submit/archive/master.zip

unzip ct-submit.zip

cd ct-submit-master/

go build

# 提交证书链log 输出 SCTs:

sudo sh -c “./ct-submit-master ct.googleapis.com/aviator