您好,欢迎到访! 注册/登录
首页域名资讯 正文

nginx开启ct(Certificate Transparency) – HTTPS SSL 教程

博主:亿网亿网
2025-01-03 9 0条评论

nginx需要安装nginx-ct模块, 该模块开发与2015-05-14  可运行在 nginx 1.9.0以上版本.

以下安装方法适用于 ubuntu

# 安装依赖库 (nginx-ct 依赖golang)
sudo apt-get install unzip gcc libpcre3-dev zlib1g-dev make golang-go
#下载安装包
wget https://www.open ssl .org/source/openssl-1.0.2a.tar.gz
wget http://nginx.org/download/nginx-1.9.0.tar.gz
wget -O nginx-ct.zip https://github.com/grahamedgecombe/nginx-ct/archive/master.zip
tar zxf openssl-1.0.2a.tar.gz
tar zxf nginx-1.9.0.tar.gz
unzip nginx-ct.zip
# 编译 nginx 、openssl 1.0.2 、 CT module
cd nginx-1.9.0/
./configure --with-http_ssl_module 
    --with-openssl=`realpath ../openssl-1.0.2a` 
    --add-module=`realpath ../nginx-ct-master`
make
sudo make install
cd ..
# 创建SSL目录
sudo mkdir /usr/local/nginx/conf/ssl
# 创建 SCTs 目录sudo mkdir /usr/local/nginx/conf/ssl/scts# 下载nginx-ct ,并且编译wget -O ct-submit.zip https://github.com/grahamedgecombe/ct-submit/archive/master.zipunzip ct-submit.zipcd ct-submit-master/go build# 提交证书链log 输出 SCTs:sudo sh -c “./ct-submit-master ct.googleapis.com/aviator  </usr/local/nginx/conf/ssl/server.crt-bundle  >/usr/local/nginx/conf/ssl/scts/aviator.sct”sudo sh -c “./ct-submit-master ct.googleapis.com/pilot  </usr/local/nginx/conf/ssl/server.crt-bundle  >/usr/local/nginx/conf/ssl/scts/pilot.sct”sudo sh -c “./ct-submit-master ct.googleapis.com/rocketeer  </usr/local/nginx/conf/ssl/server.crt-bundle  >/usr/local/nginx/conf/ssl/scts/rocketeer.sct”sudo sh -c “./ct-submit-master ct1.digicert-ct.com/log  </usr/local/nginx/conf/ssl/server.crt-bundle  >/usr/local/nginx/conf/ssl/scts/digicert.sct”sudo sh -c “./ct-submit-master trustauth.cn  </usr/local/nginx/conf/ssl/server.crt-bundle  >/usr/local/nginx/conf/ssl/scts/izenpe.sct”sudo sh -c “./ct-submit-master log.certly.io  </usr/local/nginx/conf/ssl/server.crt-bundle  >/usr/local/nginx/conf/ssl/scts/certly.sct”
http {
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/server.crt-bundle;
ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
ssl_ct on;
ssl_ct_static_scts /usr/local/nginx/conf/ssl/scts;
}
}
重新启动nginx
service nginx reload

 

海报
文章版权及转载声明

本文作者:亿网 网址:https://www.edns.com/ask/post/150003.html 发布于 2025-01-03
文章转载或复制请以超链接形式并注明出处。

相关文章