# see also unfold.conf
+# see also unfold-initi-ssl.sh
#
# NOTE on packaging
#
# unfold-init-ssl.sh
# service apache2 restart
#
-# This port (not necessarily well picked) is configured
-# with client-certificate required
+# This port is configured with client-certificate *required*
# corresponding trusted roots (e.g. ple.gid and plc.gid) should be
# configured in /etc/unfold/trusted_roots
-# check Jordan's email and pointer to trac, although we do not want
-# this to be optional on that port
+#
<VirtualHost *:443>
WSGIDaemonProcess unfold-ssl processes=2 threads=25
# upgrading end
/usr/share/unfold/manage.py syncdb
/usr/share/unfold/manage.py migrate
-# enable required stuff
+# be ready, enable ssl
a2enmod ssl
-# name seems to depend on the debian distro
-a2dissite default || a2dissite 000-default || :
+# disable defaults; jessie seems to come with 000-default instead of just default
+# not quite sure about ssl, disable every possible combination
+for site in default default-ssl; do
+ for prefix in "" "000-"; do
+ s=${prefix}${site}
+ a2dissite $s || :
+ done
+done
a2ensite unfold.conf
# create a server-side cert/key and passes on gids to rehash them
+# because we do not enable ssl by default it is maybe not quite right to call this
+# at install-time anymore, although it should not hurt either
unfold-init-ssl.sh
+# restart in any case
service apache2 restart