Comment 2 for bug 1919148

I have found a reproducer

Deploy keystone in HA and with SSL enabled.

If there is no hostname set, everything will works as expected.
The bug starts once one have set os-*-hostname config in keystone as follow:

$ juju config keystone os-admin-hostname=keystone.admin.local
$ juju config keystone os-internal-hostname=keystone.internal.local
$ juju config keystone os-public-hostname=keystone.public.local

# cat /etc/apache2/sites-enabled/openstack_http_frontend.conf
Listen 4990
Listen 35347
<VirtualHost 10.5.0.32:4990>
    ServerName keystone.admin.local
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/keystone/cert_keystone.admin.pub
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/keystone/cert_keystone.admin.pub
    SSLCertificateKeyFile /etc/apache2/ssl/keystone/key_keystone.admin.pub
    ProxyPass / http://localhost:4980/
    ProxyPassReverse / http://localhost:4980/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    IncludeOptional /etc/apache2/mellon*/sp-location*.conf
</VirtualHost>
<VirtualHost 10.5.0.32:35347>
    ServerName keystone.admin.local
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/keystone/cert_keystone.admin.pub
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/keystone/cert_keystone.admin.pub
    SSLCertificateKeyFile /etc/apache2/ssl/keystone/key_keystone.admin.pub
    ProxyPass / http://localhost:35337/
    ProxyPassReverse / http://localhost:35337/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    IncludeOptional /etc/apache2/mellon*/sp-location*.conf
</VirtualHost>
<VirtualHost 10.5.0.32:4990>
    ServerName keystone.int.local
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/keystone/cert_keystone.int.pub
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/keystone/cert_keystone.int.pub
    SSLCertificateKeyFile /etc/apache2/ssl/keystone/key_keystone.int.pub
    ProxyPass / http://localhost:4980/
    ProxyPassReverse / http://localhost:4980/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    IncludeOptional /etc/apache2/mellon*/sp-location*.conf
</VirtualHost>
<VirtualHost 10.5.0.32:35347>
    ServerName keystone.int.local
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/keystone/cert_keystone.int.pub
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/keystone/cert_keystone.int.pub
    SSLCertificateKeyFile /etc/apache2/ssl/keystone/key_keystone.int.pub
    ProxyPass / http://localhost:35337/
    ProxyPassReverse / http://localhost:35337/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    IncludeOptional /etc/apache2/mellon*/sp-location*.conf
</VirtualHost>
<VirtualHost 10.5.0.32:4990>
    ServerName keystone.public.local
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/keystone/cert_keystone.public.pub
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/keystone/cert_keystone.public.pub
    SSLCertificateKeyFile /etc/apache2/ssl/keystone/key_keystone.public.pub
    ProxyPass / http://localhost:4980/
    ProxyPassReverse / http://localhost:4980/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    IncludeOptional /etc/apache2/mellon*/sp-location*.conf
</VirtualHost>
<VirtualHost 10.5.0.32:35347>
    ServerName keystone.public.local
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/keystone/cert_keystone.public.pub
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/keystone/cert_keystone.public.pub
    SSLCertificateKeyFile /etc/apache2/ssl/keystone/key_keystone.public.pub
    ProxyPass / http://localhost:35337/
    ProxyPassReverse / http://localhost:35337/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    IncludeOptional /etc/apache2/mellon*/sp-location*.conf
</VirtualHost>
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
<Location />
    Order allow,deny
    Allow from all
</Location>