X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=apache%2Funfold-ssl.conf;fp=apache%2Funfold-ssl.conf;h=f75cc9408e6d7eefecc9300933cee8aee238a973;hb=78ed9c4a6e34dd6297ec15fc6767183ebd68609e;hp=0000000000000000000000000000000000000000;hpb=be5a6567c0cb7244b1843467844bb7f1efff1a51;p=myslice.git diff --git a/apache/unfold-ssl.conf b/apache/unfold-ssl.conf new file mode 100644 index 00000000..f75cc940 --- /dev/null +++ b/apache/unfold-ssl.conf @@ -0,0 +1,49 @@ +# see also unfold.conf +# +# NOTE on packaging +# +# this is not enabled by default because it would prevent apache from +# starting up properly when /etc/unfold/trusted_roots is empty +# +# So on debian you would typically need to run +# a2ensite unfold-ssl.conf +# unfold-init-ssl.sh +# service apache2 restart +# +# This port (not necessarily well picked) is configured +# with client-certificate required +# corresponding trusted roots (e.g. ple.gid and plc.gid) should be +# configured in /etc/unfold/trusted_roots +# check Jordan's email and pointer to trac, although we do not want +# this to be optional on that port + + + WSGIDaemonProcess unfold-ssl processes=2 threads=25 + WSGIProcessGroup unfold-ssl + CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common + ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log + WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi + + + Order deny,allow + Allow from all + + + Alias /static/ /usr/share/unfold/static/ + + Order deny,allow + Allow from all + + + SSLEngine on + SSLVerifyClient require + SSLVerifyDepth 5 +# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env. + SSLCACertificatePath /etc/unfold/trusted_roots +# see init-ssl.sh for how to create self-signed stuff in here + SSLCertificateFile /etc/unfold/myslice.cert + SSLCertificateKeyFile /etc/unfold/myslice.key + +# SSLOptions +StdEnvVars +ExportCertData + SSLOptions +StdEnvVars +