[Mod_nss-list] Very simple nss.conf file
Rob Crittenden
rcritten at redhat.com
Tue Aug 25 18:21:54 UTC 2015
Cohen, Laurence wrote:
> I would like to construct a very simple nss.conf file that will redirect
> all traffic to a nss.maintenance file while we are doing maintenance. I
> don't need help with the scripting to move the correct nss.conf into
> place. I just need help with the contents of the nss.conf file itself.
> It only needs one rule. Redirect all traffic to the maintenance file
> which will contain text that we are in maintenance mode.
For the redirect you'll need to use mod_rewrite but that's out of scope
of mod_nss. This is a pretty minimal nss.conf. This page looks related:
https://css-tricks.com/snippets/htaccess/temporary-maintenance-using-mod_rewrite/
Here is a pretty basic nss.conf:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
NSSPassPhraseDialog "file:/etc/httpd/conf/password.conf"
NSSPassPhraseHelper /usr/libexec/nss_pcache
NSSRequireSafeNegotiation on
<VirtualHost _default_:443>
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
LogLevel warn
NSSEngine on
NSSCipherSuite
+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol TLSv1.0,TLSv1.1
NSSNickname Server-Cert
NSSCertificateDatabase /etc/httpd/alias
</VirtualHost>
rob
More information about the Mod_nss-list
mailing list