1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
| #### Install golang package
apt-get install golang
#### Build ct-submit commands
cd ~/git
git clone https://github.com/grahamedgecombe/ct-submit
cd ct-submit
go build
#### Create scts directory and generate sct files for related domain
mkdir /usr/local/nginx/conf/scts
./ct-submit ct.googleapis.com/aviator < /usr/local/nginx/conf/certs/domain.com.ecc.bundled.crt > /usr/local/nginx/conf/scts/domain.com.aviator.sct
#### Download latest nginx, openssl and nginx-ct module to compile
cd ~/download
wget https://github.com/grahamedgecombe/nginx-ct/archive/v1.2.0.tar.gz -O nginx-ct-1.2.0.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2f.tar.gz
wget http://nginx.org/download/nginx-1.9.12.tar.gz
tar zxvf nginx-ct-1.2.0.tar.gz
tar zxvf openssl-1.0.2f.tar.gz
tar zxvf nginx-1.9.12.tar.gz
cd nginx-1.9.12
./configure --prefix=/usr/local/nginx --user=www --group=www --with-select_module --with-poll_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_geoip_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-pcre --with-pcre-jit --with-openssl=`realpath ../openssl-1.0.2f` --add-module=`realpath ../nginx-ct-1.2.0`
make -j2
make install clean
#### Add nginx ct module config to related domain
vim /usr/local/nginx/conf/vhosts/domain.com.conf
ssl_ct on;
ssl_ct_static_scts /usr/local/nginx/conf/scts;
#### Reload nginx config
/root/script/nginx.sh reload
#### Refernece
- https://www.certificate-transparency.org/resources-for-site-owners/nginx
- https://imlonghao.com/35.html
|
