NameVirtualHost *:443
<VirtualHost *:443>
        ServerAdmin webmaster@localhost

        SSLEngine On
        SSLCipherSuite HIGH:MEDIUM
        SSLCertificateFile    /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key
        SSLCACertificatePath  /etc/apache2/ssl/clients

	#Unset http-headers (prevent users to set http-header and connect to a
	#different database as defined in the client certificate)
	RequestHeader unset MPULS_DBNAME
        RequestHeader unset MPULS_APPNAME

	# If you do not want to use client certificates comment out the
	# following line and set 'dbname' and 'agencyname'
	# Do not forget to comment out the requirements under <location>
        SSLVerifyClient        require
	# Set correct headers for dbname and appname.
	# Format of SSL_CLIENT_S_DN_CN: "XXX XXX XXX dbname" 
	RequestHeader set MPULS_DBNAME %{SSL_CLIENT_S_DN_CN}s
        RequestHeader set MPULS_APPNAME %{SSL_CLIENT_S_DN}s 

        SSLVerifyDepth         1
        SSLSessionCacheTimeout 1800
        SSLOptions             StdEnvVars

        WSGIDaemonProcess www-data processes=2 threads=30
        WSGIProcessGroup www-data 

	# Set correct path to the mpuls.wsgi script
        WSGIScriptAlias / /home/mpuls/mpuls/mpuls.wsgi

        <Location />
		# Please set correct SSL_CLIENT_S_DN_OU
                SSLRequire (%{SSL_CLIENT_S_DN_OU} eq "WASKO_Demo" \
                or %{SSL_CLIENT_S_DN_OU} eq "mpuls") \
                and %{SSL_CLIENT_VERIFY} eq "SUCCESS"

                # Insert filter
                SetOutputFilter DEFLATE

                # Netscape 4.x has some problems...
                BrowserMatch ^Mozilla/4 gzip-only-text/html

                # Netscape 4.06-4.08 have some more problems
                BrowserMatch ^Mozilla/4\.0[678] no-gzip

                # MSIE masquerades as Netscape, but it is fine
                BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                # Don't compress images
                SetEnvIfNoCase Request_URI \
                \.(?:gif|jpe?g|png)$ no-gzip dont-vary

                # Make sure proxies don't deliver the wrong content
                Header append Vary User-Agent env=!dont-vary
        </Location>

	DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                # RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/mpuls-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/mpuls-access.log combined
        ServerSignature On
</VirtualHost>