From 2d8d80e47e792c93d0158a0c82d45d5f66caba97 Mon Sep 17 00:00:00 2001 From: tpsilva Date: Sat, 2 Nov 2019 07:30:20 -0300 Subject: [PATCH] Disable Apache port 80 Currently, Apache ports.conf file is not being configured by this charm. This patch changes the ports.conf default file with another one that does not open port 80 on SSL environments. Change-Id: I63f46223c64f2561f505828491a482dea79dc39a Closes-bug: #1845665 --- lib/swift_utils.py | 5 +++++ templates/ports.conf | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 templates/ports.conf diff --git a/lib/swift_utils.py b/lib/swift_utils.py index 151d0ee..3a60531 100644 --- a/lib/swift_utils.py +++ b/lib/swift_utils.py @@ -94,6 +94,7 @@ MEMCACHED_CONF = '/etc/memcached.conf' SWIFT_RINGS_CONF = '/etc/apache2/conf.d/swift-rings' SWIFT_RINGS_24_CONF = '/etc/apache2/conf-available/swift-rings.conf' HAPROXY_CONF = '/etc/haproxy/haproxy.cfg' +APACHE_PORTS_CONF = '/etc/apache2/ports.conf' APACHE_SITES_AVAILABLE = '/etc/apache2/sites-available' APACHE_SITE_CONF = os.path.join(APACHE_SITES_AVAILABLE, 'openstack_https_frontend') @@ -200,6 +201,10 @@ CONFIG_FILES = OrderedDict([ 'hook_contexts': [MemcachedContext()], 'services': ['memcached'], }), + (APACHE_PORTS_CONF, { + 'contexts': [], + 'services': ['apache2'], + }), ]) RING_CONSUMER_ROLE = 'swift-proxy-rings-consumer' diff --git a/templates/ports.conf b/templates/ports.conf new file mode 100644 index 0000000..103f3e0 --- /dev/null +++ b/templates/ports.conf @@ -0,0 +1,4 @@ +# File written by Juju: don't open default ports on SSL environments (see LP 1845665). + + Listen 80 +