WSGIDaemonProcess unfold processes=2 threads=25 WSGIProcessGroup unfold CustomLog ${APACHE_LOG_DIR}/unfold-access.log common ErrorLog ${APACHE_LOG_DIR}/unfold-error.log WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi Order deny,allow Allow from all Alias /static/ /usr/share/unfold/static/ Order deny,allow Allow from all # This port (not necessarily well picked) is configured # with client-certificate required # corresponding trusted roots (e.g. ple.gid and plc.gid) should be # configured in /etc/unfold/trusted_roots # check Jordan's email and pointer to trac, although we do not want # this to be optional on that port WSGIDaemonProcess unfold-ssl processes=2 threads=25 WSGIProcessGroup unfold-ssl CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi Order deny,allow Allow from all Alias /static/ /usr/share/unfold/static/ Order deny,allow Allow from all SSLEngine on SSLVerifyClient require SSLVerifyDepth 5 # make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env. SSLCACertificatePath /etc/unfold/trusted_roots # see init-ssl.sh for how to create self-signed stuff in here SSLCertificateFile /etc/unfold/myslice.cert SSLCertificateKeyFile /etc/unfold/myslice.key # SSLOptions +StdEnvVars +ExportCertData SSLOptions +StdEnvVars