X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=apache%2Fmyslice.conf;h=b36a75ecd8ba91c327bde726dc81ceccdbe42a1b;hb=dcd1b07f1d6a300dd561d67d70bdbec3e6fa801a;hp=712b8ad2e8945187703acfabc38bb06ca81f34bb;hpb=4d5798c6127fb74fca1dc154a837d1bfdec1acaf;p=myslice.git

diff --git a/apache/myslice.conf b/apache/myslice.conf
index 712b8ad2..b36a75ec 100644
--- a/apache/myslice.conf
+++ b/apache/myslice.conf
@@ -1,5 +1,5 @@
 <VirtualHost *:80>
-        WSGIScriptAlias / /usr/share/unfold/apache/myslice.wsgi
+        WSGIScriptAlias / /usr/share/unfold/myslice/wsgi.py
         <Directory /usr/share/unfold/myslice>
         <Files wsgi.py>
         Order deny,allow
@@ -12,3 +12,37 @@
         Allow from all
         </Directory>
 </VirtualHost>
+
+# This port (not necessarily well picked) is configured 
+# with client-certificate required
+# corresponding trusted roots (e.g. ple.gid and plc.gid) should be 
+# configured in /etc/unfold/trusted_roots
+# check Jordan's email and pointer to trac, although we do not want 
+# this to be optional on that port
+
+<VirtualHost *:443>
+        WSGIScriptAlias / /usr/share/unfold/myslice/wsgi.py
+        <Directory /usr/share/unfold/apache>
+        <Files myslice.wsgi>
+        Order deny,allow
+        Allow from all
+        </Files>
+        </Directory>
+        Alias /static/ /usr/share/unfold/static/
+        <Directory /usr/share/unfold/static>
+        Order deny,allow
+        Allow from all
+        </Directory>
+
+	SSLEngine on
+	SSLVerifyClient require
+	SSLVerifyDepth 5
+# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
+	SSLCACertificatePath /etc/unfold/trusted_roots
+# see init-ssl.sh for how to create self-signed stuff in here
+	SSLCertificateFile    /etc/unfold/myslice.cert
+	SSLCertificateKeyFile /etc/unfold/myslice.key
+
+#	SSLOptions +StdEnvVars +ExportCertData
+	SSLOptions +StdEnvVars
+</VirtualHost>