From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Mon, 10 Feb 2014 13:38:03 +0000 (+0100)
Subject: split unfold and unfold-ssl so we can enable only the non-SSL stuff; the SSL service... 
X-Git-Tag: myslice-0.3-0~2^2~3
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=78ed9c4a6e34dd6297ec15fc6767183ebd68609e;p=myslice.git

split unfold and unfold-ssl so we can enable only the non-SSL stuff; the SSL service requires /etc/unfold/trusted_roots/ to be non-empty, so we cannot enable this by default
---

diff --git a/apache/unfold-ssl.conf b/apache/unfold-ssl.conf
new file mode 100644
index 00000000..f75cc940
--- /dev/null
+++ b/apache/unfold-ssl.conf
@@ -0,0 +1,49 @@
+# see also unfold.conf
+#
+# NOTE on packaging
+# 
+# this is not enabled by default because it would prevent apache from
+# starting up properly when /etc/unfold/trusted_roots is empty
+# 
+# So on debian you would typically need to run
+# a2ensite unfold-ssl.conf
+# unfold-init-ssl.sh
+# service apache2 restart
+#
+# This port (not necessarily well picked) is configured 
+# with client-certificate required
+# corresponding trusted roots (e.g. ple.gid and plc.gid) should be 
+# configured in /etc/unfold/trusted_roots
+# check Jordan's email and pointer to trac, although we do not want 
+# this to be optional on that port
+
+<VirtualHost *:443>
+	WSGIDaemonProcess unfold-ssl processes=2 threads=25
+	WSGIProcessGroup  unfold-ssl
+	CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common
+	ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log
+        WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi
+        <Directory /usr/share/unfold/apache/>
+        <Files unfold.wsgi>
+        Order deny,allow
+        Allow from all
+        </Files>
+        </Directory>
+        Alias /static/ /usr/share/unfold/static/
+        <Directory /usr/share/unfold/static>
+        Order deny,allow
+        Allow from all
+        </Directory>
+
+	SSLEngine on
+	SSLVerifyClient require
+	SSLVerifyDepth 5
+# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
+	SSLCACertificatePath /etc/unfold/trusted_roots
+# see init-ssl.sh for how to create self-signed stuff in here
+	SSLCertificateFile    /etc/unfold/myslice.cert
+	SSLCertificateKeyFile /etc/unfold/myslice.key
+
+#	SSLOptions +StdEnvVars +ExportCertData
+	SSLOptions +StdEnvVars
+</VirtualHost>
diff --git a/apache/unfold.conf b/apache/unfold.conf
index ff3de7f0..357db7ee 100644
--- a/apache/unfold.conf
+++ b/apache/unfold.conf
@@ -1,3 +1,5 @@
+# see also unfold-ssl.conf
+
 <VirtualHost *:80>
 	WSGIDaemonProcess unfold processes=2 threads=25
 	WSGIProcessGroup  unfold
@@ -16,41 +18,3 @@
         Allow from all
         </Directory>
 </VirtualHost>
-
-# This port (not necessarily well picked) is configured 
-# with client-certificate required
-# corresponding trusted roots (e.g. ple.gid and plc.gid) should be 
-# configured in /etc/unfold/trusted_roots
-# check Jordan's email and pointer to trac, although we do not want 
-# this to be optional on that port
-
-<VirtualHost *:443>
-	WSGIDaemonProcess unfold-ssl processes=2 threads=25
-	WSGIProcessGroup  unfold-ssl
-	CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common
-	ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log
-        WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi
-        <Directory /usr/share/unfold/apache/>
-        <Files unfold.wsgi>
-        Order deny,allow
-        Allow from all
-        </Files>
-        </Directory>
-        Alias /static/ /usr/share/unfold/static/
-        <Directory /usr/share/unfold/static>
-        Order deny,allow
-        Allow from all
-        </Directory>
-
-	SSLEngine on
-	SSLVerifyClient require
-	SSLVerifyDepth 5
-# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
-	SSLCACertificatePath /etc/unfold/trusted_roots
-# see init-ssl.sh for how to create self-signed stuff in here
-	SSLCertificateFile    /etc/unfold/myslice.cert
-	SSLCertificateKeyFile /etc/unfold/myslice.key
-
-#	SSLOptions +StdEnvVars +ExportCertData
-	SSLOptions +StdEnvVars
-</VirtualHost>
diff --git a/setup.py b/setup.py
index 5d767922..d7008a38 100644
--- a/setup.py
+++ b/setup.py
@@ -21,7 +21,7 @@ setup(packages = packages,
           ( '/usr/share/unfold/static/img', glob ('static/img/*')),
           ( '/usr/share/unfold/static/fonts', glob ('static/fonts/*')),
           ( '/usr/share/unfold/templates', glob ('templates/*')),
-          ( 'apache', [ 'apache/unfold.conf', 'apache/unfold.wsgi' ]),
+          ( 'apache', [ 'apache/unfold.conf', 'apache/unfold-ssl.conf', 'apache/unfold.wsgi' ]),
           ( '/etc/unfold/trusted_roots', []),
           ( '/var/unfold', []),
         ])