Add keystone VirtualHost for port 443 when USE_SSL is True
Add a VirtualHost that defines the necessary options for
enabling SSL. The existing keystone Apache configuration already
does all the location handling.
Change-Id: I836a471a7258f14f051d3dd8bdb428286b5a11aa
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 8a4b0f0..249eaa5 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -34,6 +34,12 @@
%SSLKEYFILE%
</VirtualHost>
+%SSLLISTEN%<VirtualHost *:443>
+%SSLLISTEN% %SSLENGINE%
+%SSLLISTEN% %SSLCERTFILE%
+%SSLLISTEN% %SSLKEYFILE%
+%SSLLISTEN%</VirtualHost>
+
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
diff --git a/lib/keystone b/lib/keystone
index 6198e43..810acac 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -161,6 +161,7 @@
function _config_keystone_apache_wsgi {
local keystone_apache_conf
keystone_apache_conf=$(apache_site_config_for keystone)
+ keystone_ssl_listen="#"
local keystone_ssl=""
local keystone_certfile=""
local keystone_keyfile=""
@@ -169,6 +170,7 @@
local venv_path=""
if is_ssl_enabled_service key; then
+ keystone_ssl_listen=""
keystone_ssl="SSLEngine On"
keystone_certfile="SSLCertificateFile $KEYSTONE_SSL_CERT"
keystone_keyfile="SSLCertificateKeyFile $KEYSTONE_SSL_KEY"
@@ -186,6 +188,7 @@
s|%PUBLICPORT%|$keystone_service_port|g;
s|%ADMINPORT%|$keystone_auth_port|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%SSLLISTEN%|$keystone_ssl_listen|g;
s|%SSLENGINE%|$keystone_ssl|g;
s|%SSLCERTFILE%|$keystone_certfile|g;
s|%SSLKEYFILE%|$keystone_keyfile|g;