Open Stack

I'm trying to get a grip on what the HTTPD configuration should be for 
Horizon in order for it to use HTTPS.  This rally should be the default, 
but the devstack and puppet choice of putting the Horizon config inside 
a Virtualhoat *:80  section in the config file makes it tricky.  If I 
remove the

<VirtualHost *:80>
and corresponding
</VirtualHost>

Then I can enable HTTPS in devstack by:

running with SSLrequireSSL  and It inherits all of the VirstualHost 
*:443 configuration.

For Keystone, we do:

<VirtualHost *:5000>  (and 35357)

  SSLEngine On
     SSLCertificateFile /opt/stack/data/CA/int-ca/devstack-cert.crt
     SSLCertificateKeyFile 
/opt/stack/data/CA/int-ca/private/devstack-cert.key
</VirtualHost>


I'd like to drop port 5000 all-together, as we are using a port assigned 
to a different service.  35357 is also problematic as it is in the 
middle of the Ephemeral range.  Since we are  talking about running 
everything in one web server anywya, using port 80/443 for all web stuff 
is the right approach.

Yeah, I might have mentioned this a time or two before.

So, assuming we want to be able to make both Horizon and Keystone run on 
port 443 by default, what is the right abstraction for the HTTPD 
configuration?  I am assuming we still want separate values for the 
environment:

     WSGIDaemonProcess
     WSGIProcessGroup
     WSGIApplicationGroup
     WSGIPassAuthorization


In Devstack, we set

     SetEnv APACHE_RUN_USER ayoung
     SetEnv APACHE_RUN_GROUP ayoung

For the Horizon Servcie ,and making this match for all HTTPD service 
makes sense, but probably want to be able to allow for separation of he 
users on Production deployments.  How should we scope these?  Or does it 
really matter?

We want to make sure we have an extensible approach that will support 
other services running on 443.



Probably time to update https://wiki.openstack.org/wiki/URLs  with the 
other services.