一、gcc环境安装
1、检查gcc环境是否安装
gcc -v
2、在线安装
sudo apt-get update
sudo apt-get install build-essential
3、离线安装
(1)采用RPM包安装(源码包没有gcc环境无法编译)
(2)RPM依赖包,下载地址:centos-7-os-x86_64-Packages安装包下载_开源镜像站-阿里云
- gcc rpm包清单
cpp-4.8.5-36.el7.x86_64.rpm
gcc-4.8.5-36.el7.x86_64.rpm
glibc-devel-2.17-260.el7.x86_64.rpm
glibc-headers-2.17-260.el7.x86_64.rpm
kernel-headers-3.10.0-957.12.2.el7.x86_64.rpm
libmpc-1.0.1-3.el7.x86_64.rpm
mpfr-3.1.1-4.el7.x86_64.rpm
gcc-c++ rpm包清单
autogen-libopts-5.18-5.el7.x86_64.rpm
gcc-c++-4.8.5-36.el7.x86_64.rpm
glibc-2.17-260.el7.x86_64.rpm
glibc-common-2.17-260.el7.x86_64.rpm
keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm
krb5-devel-1.15.1-34.el7.x86_64.rpm
libcom_err-devel-1.42.9-13.el7.x86_64.rpm
libgcc-4.8.5-36.el7.x86_64.rpm
libgomp-4.8.5-36.el7.x86_64.rpm
libselinux-devel-2.5-14.1.el7.x86_64.rpm
libsepol-devel-2.5-10.el7.x86_64.rpm
libstdc++-4.8.5-36.el7.x86_64.rpm
libstdc++-devel-4.8.5-36.el7.x86_64.rpm
libverto-devel-0.2.5-4.el7.x86_64.rpm
nscd-2.17-260.el7.x86_64.rpm
ntp-4.2.6p5-28.el7.centos.x86_64.rpm
ntpdate-4.2.6p5-28.el7.centos.x86_64.rpm
openssl-1.0.2k-16.el7.x86_64.rpm
openssl-devel-1.0.2k-16.el7.x86_64.rpm
openssl-libs-1.0.2k-16.el7.x86_64.rpm
openssl098e-0.9.8e-29.el7.centos.3.x86_64.rpm
pkgconfig-0.27.1-4.el7.x86_64.rpm
tcl-8.5.13-8.el7.x86_64.rpm
zlib-1.2.7-18.el7.x86_64.rpm
zlib-devel-1.2.7-18.el7.x86_64.rpm
(3)将RPM包上传至服务器任意目录,进入目录,用以下命令执行
rpm -Uvh *.rpm --nodeps --force
(4)再次检查gcc
gcc -v
二、nginx部署
1) 下载gmssl_openssl_1.1_bxx.tar.gz到/root/下
2) 解压 tar xzfm gmssl_openssl_1.1_bxx.tar.gz -C /usr/local
3) 下载nginx-1.24.0.tar.gz到/root/下
4) 解压 tar xzfm nginx-1.24.0.tar.gz
5) 进入目录 cd /root/nginx-1.24.0
6) 编辑auto/lib/openssl/conf,将全部$OPENSSL/.openssl/修改为$OPENSSL/并保存
7) 编译配置
./configure \
--without-http_gzip_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-file-aio \
--with-openssl="/usr/local/gmssl" \
--with-cc-opt="-I/usr/local/gmssl/include" \
--with-ld-opt="-lm"
8) 编译安装
make install
9) /usr/local/nginx即为生成的nginx目录
10)nginx.conf配置(国密单向)
server
{
listen 0.0.0.0:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECC-SM4-GCM-SM3;
ssl_verify_client off;
ssl_certificate /usr/local/nginx/conf/demo1.sm2.sig.crt.pem;
ssl_certificate_key /usr/local/nginx/conf/demo1.sm2.sig.key.pem;
ssl_certificate /usr/local/nginx/conf/demo1.sm2.enc.crt.pem;
ssl_certificate_key /usr/local/nginx/conf/demo1.sm2.enc.key.pem;
location /
{
root html;
index index.html index.htm;
}
}
10)nginx.conf配置(国密双向)
server
{
listen 0.0.0.0:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECC-SM4-GCM-SM3;
ssl_client_certificate /usr/local/nginx/conf/demo1.sm2.trust;
ssl_verify_client on;
ssl_certificate /usr/local/nginx/conf/demo1.sm2.sig.crt.pem;
ssl_certificate_key /usr/local/nginx/conf/demo1.sm2.sig.key.pem;
ssl_certificate /usr/local/nginx/conf/demo1.sm2.enc.crt.pem;
ssl_certificate_key /usr/local/nginx/conf/demo1.sm2.enc.key.pem;
location /
{
root html;
index index.html index.htm;
}
}
11)启动nginx,如提示缺少nginx.pid文件,可用以下命令启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
12)查看nginx进程
ps -ef | grep nginx
三、浏览器访问验证SSL证书
1、需下载密信浏览器
2、访问验证