From 962225eccae57e45af2df69541aab0b60340c8c7 Mon Sep 17 00:00:00 2001
From: tpsilva <tiago.pasqualini@canonical.com>
Date: Fri, 1 Nov 2019 17:19:06 -0300
Subject: [PATCH] Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: Iaa80573dc2661089093c4c87ab100bf941f8b3b8
Closes-bug: #1845665
---
 hooks/cinder_utils.py | 5 +++++
 templates/ports.conf  | 4 ++++
 2 files changed, 9 insertions(+)
 create mode 100644 templates/ports.conf

diff --git a/hooks/cinder_utils.py b/hooks/cinder_utils.py
index ec6880e0..72a82261 100644
--- a/hooks/cinder_utils.py
+++ b/hooks/cinder_utils.py
@@ -162,6 +162,7 @@ CINDER_POLICY_JSON = '%s/policy.json' % CINDER_CONF_DIR
 CEPH_CONF = '/etc/ceph/ceph.conf'
 
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_SITE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_SITE_24_CONF = '/etc/apache2/sites-available/' \
     'openstack_https_frontend.conf'
@@ -250,6 +251,10 @@ BASE_RESOURCE_MAP = OrderedDict([
         'contexts': [cinder_contexts.ApacheSSLContext()],
         'services': ['apache2'],
     }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])
 
 
diff --git a/templates/ports.conf b/templates/ports.conf
new file mode 100644
index 00000000..103f3e05
--- /dev/null
+++ b/templates/ports.conf
@@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>