From a1e1f5128a22a7d0cdc8136063d27d64c270021d Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 20 Jul 2016 18:12:09 -0400 Subject: [PATCH] Add keystone VirtualHost for port 443 when USE_SSL is True Add a VirtualHost that defines the necessary options for enabling SSL. The existing keystone Apache configuration already does all the location handling. Change-Id: I836a471a7258f14f051d3dd8bdb428286b5a11aa --- files/apache-keystone.template | 6 ++++++ lib/keystone | 3 +++ 2 files changed, 9 insertions(+) diff --git a/files/apache-keystone.template b/files/apache-keystone.template index 8a4b0f0c43..249eaa5d0e 100644 --- a/files/apache-keystone.template +++ b/files/apache-keystone.template @@ -34,6 +34,12 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" %SSLKEYFILE% +%SSLLISTEN% +%SSLLISTEN% %SSLENGINE% +%SSLLISTEN% %SSLCERTFILE% +%SSLLISTEN% %SSLKEYFILE% +%SSLLISTEN% + Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public SetHandler wsgi-script diff --git a/lib/keystone b/lib/keystone index 6198e43b58..810acac63f 100644 --- a/lib/keystone +++ b/lib/keystone @@ -161,6 +161,7 @@ function _cleanup_keystone_apache_wsgi { function _config_keystone_apache_wsgi { local keystone_apache_conf keystone_apache_conf=$(apache_site_config_for keystone) + keystone_ssl_listen="#" local keystone_ssl="" local keystone_certfile="" local keystone_keyfile="" @@ -169,6 +170,7 @@ function _config_keystone_apache_wsgi { local venv_path="" if is_ssl_enabled_service key; then + keystone_ssl_listen="" keystone_ssl="SSLEngine On" keystone_certfile="SSLCertificateFile $KEYSTONE_SSL_CERT" keystone_keyfile="SSLCertificateKeyFile $KEYSTONE_SSL_KEY" @@ -186,6 +188,7 @@ function _config_keystone_apache_wsgi { s|%PUBLICPORT%|$keystone_service_port|g; s|%ADMINPORT%|$keystone_auth_port|g; s|%APACHE_NAME%|$APACHE_NAME|g; + s|%SSLLISTEN%|$keystone_ssl_listen|g; s|%SSLENGINE%|$keystone_ssl|g; s|%SSLCERTFILE%|$keystone_certfile|g; s|%SSLKEYFILE%|$keystone_keyfile|g;