1. 安装TASSL
1.1 下载地址
1
https://github.com/jntass/TASSL-1.1.1
1.2 下载后解压打开,配置
1
./config --prefix=/usr/local/tassl no-shared
1.3 编译以及安装
1
make && make install
1.4 查看安装是否成功以及版本
1
/usr/local/tassl/bin/openssl version -a
1.5 签发国密证书
1
略
2. 安装nginx
2.1 下载
1
https://nginx.org/en/download.html // 本文选用nginx 1.14.2
2.1 配置
1
2
// 解压后打开 prefix 为nginx安装目录 openssl 为TASSL 源码目录
./configure --without-http_uwsgi_module --with-http_ssl_module --with-stream --with-stream_ssl_module --prefix=/usr/local/nginx --with-openssl=/home/test/new_ssl/TASSL-1.1.1
报错情况:
./configure: error: the HTTP gzip module requires the zlib library.
解决方案:
1 2 3
//原因:缺少zlib apt install zlib1g apt install zlib1g-dev
E: Unable to correct problems, you have held broken packages. 解决方案:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
// vi /etc/apt/sources.list 换源 #添加阿里源 deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse #中科大源 deb https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiverse deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiverse deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse #163源 deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse #清华源 deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
2.2 编译安装
1
`make && make install`
可能出现的报错:
- nginx make报错Makefile:8: recipe for target ‘build’ failed 报错完整信息
1 2 3 4 5 6 7 8 9 10 11 12 13
root@iZwz91qim1yorfi3qvql46Z:~/software/nginx-1.12.2# make make -f objs/Makefile make[1]: Entering directory ‘/root/software/nginx-1.12.2’ cd /usr/local/pcre \ && if [ -f Makefile ]; then make distclean; fi \ && CC=”cc” CFLAGS=”-O2 -fomit-frame-pointer -pipe ” \ ./configure –disable-shared /bin/sh: 3: ./configure: not found objs/Makefile:1167: recipe for target ‘/usr/local/pcre/Makefile’ failed make[1]: * [/usr/local/pcre/Makefile] Error 127 make[1]: Leaving directory ‘/root/software/nginx-1.12.2’ Makefile:8: recipe for target ‘build’ failed make: * [build] Error 2
解决方案: ```
- 大概率是路径配置错误
- 注意配置的绝对路径
3. nginx 配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8888 ssl;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
ssl_certificate /usr/local/tassl/tassl_demo/cert/certs/SS.crt;
ssl_certificate_key /usr/local/tassl/tassl_demo/cert/certs/SS.key;
ssl_certificate /usr/local/tassl/tassl_demo/cert/certs/SE.crt;
ssl_certificate_key /usr/local/tassl/tassl_demo/cert/certs/SE.key;
location / {
root html;
index index.html index.htm;
"nginx.conf" 123L, 2937C 46,68-75 16%