X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=apache%2Fmyslice.conf;h=c994af369aff4f4d6285decc82bb3bdb799dbf66;hb=92db172eb967bdfec2f949a1a15592c0409a31ed;hp=8f3ff2ba9c4f1ae014267af717c75507b7e2fb70;hpb=937653fd70bbf7d95bcf870e7f2b46b4a8fec486;p=myslice.git

diff --git a/apache/myslice.conf b/apache/myslice.conf
index 8f3ff2ba..c994af36 100644
--- a/apache/myslice.conf
+++ b/apache/myslice.conf
@@ -1,25 +1,50 @@
-## better use
-# https://docs.djangoproject.com/en/1.5/howto/deployment/wsgi/modwsgi/
-# instead
-#
-# XXX this is very rough, was just pasted from the (wrong) web page
-# and never tested, so feel free to rewrite completely if that sounds right
-#
-#Alias /robots.txt /usr/share/myslice/static/robots.txt
-Alias /favicon.ico /usr/share/myslice/static/favicon.ico
+# xxx it might be smarter to install wsgi.py in some other location 
+# so we don't have to hard-wire these paths here
+<VirtualHost *:80>
+        WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py
+        <Directory /usr/share/unfold/myslice>
+        <Files wsgi.py>
+        Order deny,allow
+        Allow from all
+        </Files>
+        </Directory>
+        Alias /static/ /usr/share/unfold/static/
+        <Directory /usr/share/unfold/static>
+        Order deny,allow
+        Allow from all
+        </Directory>
+</VirtualHost>
 
-#AliasMatch ^/([^/]*\.css) /usr/share/myslice/static/styles/$1
+# This port (not necessarily well picked) is configured 
+# with client-certificate required
+# corresponding trusted roots (e.g. ple.gid and plc.gid) should be 
+# configured in /etc/unfold/trusted_roots
+# check Jordan's email and pointer to trac, although we do not want 
+# this to be optional on that port
 
-Alias /static/ /usr/share/myslice/static/
+<VirtualHost *:443>
+        WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py
+        <Directory /usr/share/unfold/apache>
+        <Files myslice.wsgi>
+        Order deny,allow
+        Allow from all
+        </Files>
+        </Directory>
+        Alias /static/ /usr/share/unfold/static/
+        <Directory /usr/share/unfold/static>
+        Order deny,allow
+        Allow from all
+        </Directory>
 
-<Directory /usr/share/myslice/static/>
-Order deny,allow
-Allow from all
-</Directory>
+	SSLEngine on
+	SSLVerifyClient require
+	SSLVerifyDepth 5
+# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
+	SSLCACertificatePath /etc/unfold/trusted_roots
+# see init-ssl.sh for how to create self-signed stuff in here
+	SSLCertificateFile    /etc/unfold/myslice.cert
+	SSLCertificateKeyFile /etc/unfold/myslice.key
 
-WSGIScriptAlias / /usr/share/myslice/apache/myslice.wsgi
-
-<Directory /usr/share/myslice/apache>
-Order allow,deny
-Allow from all
-</Directory>
+#	SSLOptions +StdEnvVars +ExportCertData
+	SSLOptions +StdEnvVars
+</VirtualHost>