nginx需要安装nginx-ct模块, 该模块开发与2015-05-14 可运行在 nginx 1.9.0以上版本.

以下安装方法适用于 ubuntu

#安装依赖库(nginx-ct依赖golang）

sudoapt-getinstallunzipgcclibpcre3-devzlib1g-devmakegolang-go #下载安装包 wgethttps://www.openssl.org/source/openssl-1.0.2a.tar.gz wgethttp://nginx.org/download/nginx-1.9.0.tar.gz wget-Onginx-ct.ziphttps://github.com/grahamedgecombe/nginx-ct/archive/master.zip tarzxfopenssl-1.0.2a.tar.gz tarzxfnginx-1.9.0.tar.gz unzipnginx-ct.zip #编译nginx、openssl1.0.2、CTmodule cdnginx-1.9.0/ ./configure--with-http_ssl_module --with-openssl=`realpath../openssl-1.0.2a` --add-module=`realpath../nginx-ct-master` make sudomakeinstall cd.. #创建SSL目录 sudomkdir/usr/local/nginx/conf/ssl

# 创建 SCTs 目录sudo mkdir /usr/local/nginx/conf/ssl/scts# 下载nginx-ct ，并且编译wget -O ct-submit.zip https://github.com/grahamedgecombe/ct-submit/archive/master.zipunzip ct-submit.zipcd ct-submit-master/go build# 提交证书链log 输出 SCTs:sudo sh -c “./ct-submit-master ct.googleapis.com/aviator </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/aviator.sct”sudo sh -c “./ct-submit-master ct.googleapis.com/pilot </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/pilot.sct”sudo sh -c “./ct-submit-master ct.googleapis.com/rocketeer </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/rocketeer.sct”sudo sh -c “./ct-submit-master ct1.digicert-ct.com/log </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/digicert.sct”sudo sh -c “./ct-submit-master </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/izenpe.sct”sudo sh -c “./ct-submit-master log.certly.io </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/certly.sct”

http{ server{ listen443; sslon; ssl_certificate/usr/local/nginx/conf/ssl/server.crt-bundle; ssl_certificate_key/usr/local/nginx/conf/ssl/server.key; ssl_cton; ssl_ct_static_scts/usr/local/nginx/conf/ssl/scts; } } 重新启动nginx servicenginxreload