devstack/files/apache-keystone.template

Listen %PUBLICPORT%
Listen %ADMINPORT%
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined

<VirtualHost *:%PUBLICPORT%>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/%APACHE_NAME%/keystone.log
    CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
    %SSLENGINE%
    %SSLCERTFILE%
    %SSLKEYFILE%

    <Directory %KEYSTONE_BIN%>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:%ADMINPORT%>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/%APACHE_NAME%/keystone.log
    CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
    %SSLENGINE%
    %SSLCERTFILE%
    %SSLKEYFILE%

    <Directory %KEYSTONE_BIN%>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

Alias /identity %PUBLICWSGI%
<Location /identity>
    SetHandler wsgi-script
    Options +ExecCGI

    WSGIProcessGroup keystone-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
</Location>

Alias /identity_admin %ADMINWSGI%
<Location /identity_admin>
    SetHandler wsgi-script
    Options +ExecCGI

    WSGIProcessGroup keystone-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
</Location>