-## better use
-# https://docs.djangoproject.com/en/1.5/howto/deployment/wsgi/modwsgi/
-# instead
-#
-# XXX this is very rough, was just pasted from the (wrong) web page
-# and never tested, so feel free to rewrite completely if that sounds right
-#
-#Alias /robots.txt /usr/share/myslice/static/robots.txt
-Alias /favicon.ico /usr/share/unfold/static/favicon.ico
+<VirtualHost *:80>
+ WSGIScriptAlias / /usr/share/unfold/myslice/wsgi.py
+ <Directory /usr/share/unfold/myslice>
+ <Files wsgi.py>
+ Order deny,allow
+ Allow from all
+ </Files>
+ </Directory>
+ Alias /static/ /usr/share/unfold/static/
+ <Directory /usr/share/unfold/static>
+ Order deny,allow
+ Allow from all
+ </Directory>
+</VirtualHost>
-#AliasMatch ^/([^/]*\.css) /usr/share/myslice/static/styles/$1
+# This port (not necessarily well picked) is configured
+# with client-certificate required
+# corresponding trusted roots (e.g. ple.gid and plc.gid) should be
+# configured in /etc/unfold/trusted_roots
+# check Jordan's email and pointer to trac, although we do not want
+# this to be optional on that port
-Alias /static/ /usr/share/unfold/static/
+<VirtualHost *:443>
+ WSGIScriptAlias / /usr/share/unfold/myslice/wsgi.py
+ <Directory /usr/share/unfold/apache>
+ <Files myslice.wsgi>
+ Order deny,allow
+ Allow from all
+ </Files>
+ </Directory>
+ Alias /static/ /usr/share/unfold/static/
+ <Directory /usr/share/unfold/static>
+ Order deny,allow
+ Allow from all
+ </Directory>
-<Directory /usr/share/unfold/static/>
-Order deny,allow
-Allow from all
-</Directory>
+ SSLEngine on
+ SSLVerifyClient require
+ SSLVerifyDepth 5
+# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
+ SSLCACertificatePath /etc/unfold/trusted_roots
+# see init-ssl.sh for how to create self-signed stuff in here
+ SSLCertificateFile /etc/unfold/myslice.cert
+ SSLCertificateKeyFile /etc/unfold/myslice.key
-WSGIScriptAlias / /usr/share/unfold/apache/myslice.wsgi
-
-<Directory /usr/share/unfold/apache>
-Order allow,deny
-Allow from all
-</Directory>
+# SSLOptions +StdEnvVars +ExportCertData
+ SSLOptions +StdEnvVars
+</VirtualHost>