1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
| #### Install golang package
apt-get install golang
#### Build ct-submit commands cd ~/git git clone https://github.com/grahamedgecombe/ct-submit cd ct-submit go build
#### Create scts directory and generate sct files for related domain mkdir /usr/local/nginx/conf/scts ./ct-submit ct.googleapis.com/aviator < /usr/local/nginx/conf/certs/domain.com.ecc.bundled.crt > /usr/local/nginx/conf/scts/domain.com.aviator.sct #### Download latest nginx, openssl and nginx-ct module to compile cd ~/download wget https://github.com/grahamedgecombe/nginx-ct/archive/v1.2.0.tar.gz -O nginx-ct-1.2.0.tar.gz wget https://www.openssl.org/source/openssl-1.0.2f.tar.gz wget http://nginx.org/download/nginx-1.9.12.tar.gz tar zxvf nginx-ct-1.2.0.tar.gz tar zxvf openssl-1.0.2f.tar.gz tar zxvf nginx-1.9.12.tar.gz cd nginx-1.9.12 ./configure --prefix=/usr/local/nginx --user=www --group=www --with-select_module --with-poll_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_geoip_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-pcre --with-pcre-jit --with-openssl=`realpath ../openssl-1.0.2f` --add-module=`realpath ../nginx-ct-1.2.0` make -j2 make install clean
#### Add nginx ct module config to related domain vim /usr/local/nginx/conf/vhosts/domain.com.conf
ssl_ct on; ssl_ct_static_scts /usr/local/nginx/conf/scts; #### Reload nginx config
/root/script/nginx.sh reload
#### Refernece
- https://www.certificate-transparency.org/resources-for-site-owners/nginx - https://imlonghao.com/35.html
|