openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Fix SSL logic in keystone-httpd.conf.j2

Browse Source 
Defining SSL parameters has nothing to do with
keystone_service_internaluri_proto. It should not be taken into
consideration there.
Theoretically speaking, environment can have TLS disabled on frontend
but enabled on backend.

Change-Id: I81b66a7388c335958badf7135f4289c3423cb229
This commit is contained in:
Damian Dabrowski 2023-06-04 17:24:09 +02:00
parent 2378e452ad
commit b73bcd9981
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/keystone-httpd.conf.j2
View File

@ -26,7 +26,7 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "http" RequestHeader set {{ keystone_secure_proxy_ssl_header }} "http"
{% endif %} {% endif %}
{% if keystone_backend_ssl | bool and keystone_service_internaluri_proto == "https" -%} {% if keystone_backend_ssl | bool -%}
SSLEngine on SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }} SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }} SSLCertificateKeyFile {{ keystone_ssl_key }}