# xxx it might be smarter to install wsgi.py in some other location # so we don't have to hard-wire these paths here # xxx it might also be helpful to set up a specific log channel for this # e.g. in /var/log/myslice.log WSGIDaemonProcess myslice processes=2 threads=25 WSGIProcessGroup myslice CustomLog ${APACHE_LOG_DIR}/myslice-access.log common ErrorLog ${APACHE_LOG_DIR}/myslice-error.log WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py Order deny,allow Allow from all Alias /static/ /usr/share/unfold/static/ Order deny,allow Allow from all # This port (not necessarily well picked) is configured # with client-certificate required # corresponding trusted roots (e.g. ple.gid and plc.gid) should be # configured in /etc/unfold/trusted_roots # check Jordan's email and pointer to trac, although we do not want # this to be optional on that port WSGIDaemonProcess myslice-ssl processes=2 threads=25 WSGIProcessGroup myslice-ssl CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py Order deny,allow Allow from all Alias /static/ /usr/share/unfold/static/ Order deny,allow Allow from all SSLEngine on SSLVerifyClient require SSLVerifyDepth 5 # make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env. SSLCACertificatePath /etc/unfold/trusted_roots # see init-ssl.sh for how to create self-signed stuff in here SSLCertificateFile /etc/unfold/myslice.cert SSLCertificateKeyFile /etc/unfold/myslice.key # SSLOptions +StdEnvVars +ExportCertData SSLOptions +StdEnvVars