From 92e75b5aad36a557f769dc2106e49af25ef98cc8 Mon Sep 17 00:00:00 2001
From: tpsilva <tiago.pasqualini@canonical.com>
Date: Sat, 2 Nov 2019 06:31:06 -0300
Subject: [PATCH] Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: I35ba6bb31af6d795d02d90d0d127ac5c6c129d0f
Closes-bug: #1845665
---
 hooks/keystone_utils.py | 5 +++++
 templates/ports.conf    | 4 ++++
 2 files changed, 9 insertions(+)
 create mode 100644 templates/ports.conf

diff --git a/hooks/keystone_utils.py b/hooks/keystone_utils.py
index edd69e4e..54249d7c 100644
--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@@ -207,6 +207,7 @@ else:
 
 
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
 MEMCACHED_CONF = '/etc/memcached.conf'
@@ -295,6 +296,10 @@ BASE_RESOURCE_MAP = OrderedDict([
                      context.SyslogContext()],
         'services': [],
     }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])
 
 valid_services = {
diff --git a/templates/ports.conf b/templates/ports.conf
new file mode 100644
index 00000000..103f3e05
--- /dev/null
+++ b/templates/ports.conf
@@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>