5 # this is not enabled by default because it would prevent apache from
6 # starting up properly when /etc/unfold/trusted_roots is empty
8 # So on debian you would typically need to run
9 # a2ensite unfold-ssl.conf
11 # service apache2 restart
13 # This port (not necessarily well picked) is configured
14 # with client-certificate required
15 # corresponding trusted roots (e.g. ple.gid and plc.gid) should be
16 # configured in /etc/unfold/trusted_roots
17 # check Jordan's email and pointer to trac, although we do not want
18 # this to be optional on that port
21 WSGIDaemonProcess unfold-ssl processes=2 threads=25
22 WSGIProcessGroup unfold-ssl
23 CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common
24 ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log
25 WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi
26 <Directory /usr/share/unfold/apache/>
32 Alias /static/ /usr/share/unfold/static/
33 <Directory /usr/share/unfold/static>
39 SSLVerifyClient require
41 # make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
42 SSLCACertificatePath /etc/unfold/trusted_roots
43 # see init-ssl.sh for how to create self-signed stuff in here
44 SSLCertificateFile /etc/unfold/myslice.cert
45 SSLCertificateKeyFile /etc/unfold/myslice.key
47 # SSLOptions +StdEnvVars +ExportCertData
48 SSLOptions +StdEnvVars