# xxx it might be smarter to install wsgi.py in some other location 
# so we don't have to hard-wire these paths here
<VirtualHost *:80>
        WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py
        <Directory /usr/share/unfold/myslice>
        <Files wsgi.py>
        Order deny,allow
        Allow from all
        </Files>
        </Directory>
        Alias /static/ /usr/share/unfold/static/
        <Directory /usr/share/unfold/static>
        Order deny,allow
        Allow from all
        </Directory>
</VirtualHost>

# This port (not necessarily well picked) is configured 
# with client-certificate required
# corresponding trusted roots (e.g. ple.gid and plc.gid) should be 
# configured in /etc/unfold/trusted_roots
# check Jordan's email and pointer to trac, although we do not want 
# this to be optional on that port

<VirtualHost *:443>
        WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py
        <Directory /usr/share/unfold/apache>
        <Files myslice.wsgi>
        Order deny,allow
        Allow from all
        </Files>
        </Directory>
        Alias /static/ /usr/share/unfold/static/
        <Directory /usr/share/unfold/static>
        Order deny,allow
        Allow from all
        </Directory>

	SSLEngine on
	SSLVerifyClient require
	SSLVerifyDepth 5
# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
	SSLCACertificatePath /etc/unfold/trusted_roots
# see init-ssl.sh for how to create self-signed stuff in here
	SSLCertificateFile    /etc/unfold/myslice.cert
	SSLCertificateKeyFile /etc/unfold/myslice.key

#	SSLOptions +StdEnvVars +ExportCertData
	SSLOptions +StdEnvVars
</VirtualHost>