more thoroughly disable default services; plus, various comments around

diff --git a/apache/unfold-ssl.conf b/apache/unfold-ssl.conf
index f75cc94..337ce78 100644 (file)
--- a/apache/unfold-ssl.conf
+++ b/apache/unfold-ssl.conf
@@ -1,4 +1,5 @@
 # see also unfold.conf
+# see also unfold-initi-ssl.sh
 #
 # NOTE on packaging
 # 
@@ -10,12 +11,10 @@
 # unfold-init-ssl.sh
 # service apache2 restart
 #
-# This port (not necessarily well picked) is configured 
-# with client-certificate required
+# This port is configured with client-certificate *required*
 # corresponding trusted roots (e.g. ple.gid and plc.gid) should be 
 # configured in /etc/unfold/trusted_roots
-# check Jordan's email and pointer to trac, although we do not want 
-# this to be optional on that port
+# 
 
 <VirtualHost *:443>
        WSGIDaemonProcess unfold-ssl processes=2 threads=25

diff --git a/debian/unfold.postinst b/debian/unfold.postinst
index c5cd80d..bdc052c 100644 (file)
--- a/debian/unfold.postinst
+++ b/debian/unfold.postinst
@@ -9,11 +9,20 @@ chmod -R 700 /var/unfold
 # upgrading end
 /usr/share/unfold/manage.py syncdb
 /usr/share/unfold/manage.py migrate
-# enable required stuff
+# be ready, enable ssl
 a2enmod ssl
-# name seems to depend on the debian distro
-a2dissite default || a2dissite 000-default || :
+# disable defaults; jessie seems to come with 000-default instead of just default
+# not quite sure about ssl, disable every possible combination
+for site in default default-ssl; do 
+    for prefix in "" "000-"; do
+       s=${prefix}${site}
+       a2dissite $s || :
+    done
+done
 a2ensite unfold.conf
 # create a server-side cert/key and passes on gids to rehash them
+# because we do not enable ssl by default it is maybe not quite right to call this
+# at install-time anymore, although it should not hurt either
 unfold-init-ssl.sh
+# restart in any case
 service apache2 restart