--- /dev/null
+# see also unfold.conf
+#
+# NOTE on packaging
+#
+# this is not enabled by default because it would prevent apache from
+# starting up properly when /etc/unfold/trusted_roots is empty
+#
+# So on debian you would typically need to run
+# a2ensite unfold-ssl.conf
+# unfold-init-ssl.sh
+# service apache2 restart
+#
+# This port (not necessarily well picked) is configured
+# with client-certificate required
+# corresponding trusted roots (e.g. ple.gid and plc.gid) should be
+# configured in /etc/unfold/trusted_roots
+# check Jordan's email and pointer to trac, although we do not want
+# this to be optional on that port
+
+<VirtualHost *:443>
+ WSGIDaemonProcess unfold-ssl processes=2 threads=25
+ WSGIProcessGroup unfold-ssl
+ CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common
+ ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log
+ WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi
+ <Directory /usr/share/unfold/apache/>
+ <Files unfold.wsgi>
+ Order deny,allow
+ Allow from all
+ </Files>
+ </Directory>
+ Alias /static/ /usr/share/unfold/static/
+ <Directory /usr/share/unfold/static>
+ Order deny,allow
+ Allow from all
+ </Directory>
+
+ SSLEngine on
+ SSLVerifyClient require
+ SSLVerifyDepth 5
+# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
+ SSLCACertificatePath /etc/unfold/trusted_roots
+# see init-ssl.sh for how to create self-signed stuff in here
+ SSLCertificateFile /etc/unfold/myslice.cert
+ SSLCertificateKeyFile /etc/unfold/myslice.key
+
+# SSLOptions +StdEnvVars +ExportCertData
+ SSLOptions +StdEnvVars
+</VirtualHost>
+# see also unfold-ssl.conf
+
<VirtualHost *:80>
WSGIDaemonProcess unfold processes=2 threads=25
WSGIProcessGroup unfold
Allow from all
</Directory>
</VirtualHost>
-
-# This port (not necessarily well picked) is configured
-# with client-certificate required
-# corresponding trusted roots (e.g. ple.gid and plc.gid) should be
-# configured in /etc/unfold/trusted_roots
-# check Jordan's email and pointer to trac, although we do not want
-# this to be optional on that port
-
-<VirtualHost *:443>
- WSGIDaemonProcess unfold-ssl processes=2 threads=25
- WSGIProcessGroup unfold-ssl
- CustomLog ${APACHE_LOG_DIR}/myslice-ssl-access.log common
- ErrorLog ${APACHE_LOG_DIR}/myslice-ssl-error.log
- WSGIScriptAlias / /usr/share/unfold/apache/unfold.wsgi
- <Directory /usr/share/unfold/apache/>
- <Files unfold.wsgi>
- Order deny,allow
- Allow from all
- </Files>
- </Directory>
- Alias /static/ /usr/share/unfold/static/
- <Directory /usr/share/unfold/static>
- Order deny,allow
- Allow from all
- </Directory>
-
- SSLEngine on
- SSLVerifyClient require
- SSLVerifyDepth 5
-# make this a symlink to /etc/sfa/trusted_roots if that makes sense in your env.
- SSLCACertificatePath /etc/unfold/trusted_roots
-# see init-ssl.sh for how to create self-signed stuff in here
- SSLCertificateFile /etc/unfold/myslice.cert
- SSLCertificateKeyFile /etc/unfold/myslice.key
-
-# SSLOptions +StdEnvVars +ExportCertData
- SSLOptions +StdEnvVars
-</VirtualHost>
( '/usr/share/unfold/static/img', glob ('static/img/*')),
( '/usr/share/unfold/static/fonts', glob ('static/fonts/*')),
( '/usr/share/unfold/templates', glob ('templates/*')),
- ( 'apache', [ 'apache/unfold.conf', 'apache/unfold.wsgi' ]),
+ ( 'apache', [ 'apache/unfold.conf', 'apache/unfold-ssl.conf', 'apache/unfold.wsgi' ]),
( '/etc/unfold/trusted_roots', []),
( '/var/unfold', []),
])