* all the local material for this deployment gets into /etc/unfold/
* I could not find a way to have client-auth without server auth;
- this is totally weird, and stupid, but just so
+ this is totally weird, and stupid, but that's how it is
so there is a need to install a (probably self-signed) cert
and related key in
/etc/unfold/myslice.cert
key=/etc/unfold/myslice.key
cert=/etc/unfold/myslice.cert
+# provide a hostname as the first arg to this command
+# (otherwise we use hostname)
if [[ -n "$@" ]] ; then hostname=$1; shift; else hostname=$(hostname); fi
function init_trusted_roots () {
apache/unfold.conf /etc/apache2/sites-available
manage.py usr/share/unfold/
usr/bin/unfold-init-ssl.sh
+etc/unfold/trusted_roots
+var/unfold
#!/bin/bash
+# tmp - (or?)
+set -x
# if this requires a service to be running, add something like this
# update-rc.d unfold defaults
[ -d /var/unfold ] || mkdir /var/unfold
/usr/share/unfold/manage.py migrate
# enable required stuff
a2enmod ssl
-a2dissite default
+a2dissite default || :
a2ensite unfold.conf
+# create a server-side cert/key and passes on gids to rehash them
+unfold-init-ssl.sh
service apache2 restart