+# xxx it might be smarter to install wsgi.py in some other location
+# so we don't have to hard-wire these paths here
+# xxx it might also be helpful to set up a specific log channel for this
+# e.g. in /var/log/myslice.log
<VirtualHost *:80>
- WSGIScriptAlias / /usr/share/unfold/apache/myslice.wsgi
+ WSGIDaemonProcess myslice processes=2 threads=25
+ WSGIProcessGroup myslice
+ CustomLog ${APACHE_LOG_DIR}/myslice-access.log common
+ ErrorLog ${APACHE_LOG_DIR}/myslice-error.log
+ WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py
+ <Directory /usr/share/unfold/myslice>
+ <Files wsgi.py>
+ Order deny,allow
+ Allow from all
+ </Files>
+ </Directory>
+ Alias /static/ /usr/share/unfold/static/
+ <Directory /usr/share/unfold/static>
+ Order deny,allow
+ Allow from all
+ </Directory>
+</VirtualHost>
+
+# This port (not necessarily well picked) is configured
+# with client-certificate required
+# corresponding trusted roots (e.g. ple.gid and plc.gid) should be
+# configured in /etc/unfold/trusted_roots
+# check Jordan's email and pointer to trac, although we do not want
+# this to be optional on that port
+
+<VirtualHost *:443>
+ WSGIDaemonProcess myslice-ssl processes=2 threads=25
+ WSGIProcessGroup myslice-ssl
+ CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common
+ ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log
+ WSGIScriptAlias / /usr/lib/python2.7/dist-packages/myslice/wsgi.py
<Directory /usr/share/unfold/apache>
<Files myslice.wsgi>
Order deny,allow
Order deny,allow
Allow from all
</Directory>
+
+ SSLEngine on
+ SSLVerifyClient require
+ SSLVerifyDepth 5
+# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
+ SSLCACertificatePath /etc/unfold/trusted_roots
+# see init-ssl.sh for how to create self-signed stuff in here
+ SSLCertificateFile /etc/unfold/myslice.cert
+ SSLCertificateKeyFile /etc/unfold/myslice.key
+
+# SSLOptions +StdEnvVars +ExportCertData
+ SSLOptions +StdEnvVars
</VirtualHost>
git://git.onelab.eu / myslice.git / blobdiff