diff --git a/roles/docker-oauth2-proxy/templates/endpoint.conf.j2 b/roles/docker-oauth2-proxy/templates/endpoint.conf.j2
new file mode 100644
index 00000000..41ead278
--- /dev/null
+++ b/roles/docker-oauth2-proxy/templates/endpoint.conf.j2
@@ -0,0 +1,16 @@
+  # Include OAuth2 Proxy
+  # Raise the maximal header size.
+  # Keycloak uses huge headers for authentification 
+  proxy_buffer_size 16k;
+  proxy_buffers 8 16k;
+  proxy_busy_buffers_size 16k;
+  large_client_header_buffers 4 16k;
+
+  # OAuth2-Proxy-Endpoint
+  location /oauth2/ {
+      proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}};
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+  }
\ No newline at end of file
diff --git a/roles/docker-oauth2-proxy/templates/following_directives.conf.j2 b/roles/docker-oauth2-proxy/templates/following_directives.conf.j2
new file mode 100644
index 00000000..ec672283
--- /dev/null
+++ b/roles/docker-oauth2-proxy/templates/following_directives.conf.j2
@@ -0,0 +1,9 @@
+# The following directives enforce OAuth2 authentication:
+
+auth_request /oauth2/auth;
+# This directive issues an internal sub-request to '/oauth2/auth' for every incoming request.
+# The sub-request checks if the client is authenticated.
+
+error_page 401 = /oauth2/start;
+# If the authentication check fails (i.e., a 401 Unauthorized is returned),
+# this directive redirects the client to '/oauth2/start', which typically initiates the OAuth2 login process.
\ No newline at end of file
diff --git a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
index b2b25988..0dd85365 100644
--- a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
+++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
@@ -3,22 +3,7 @@ server
   server_name {{domain}};
 
   {% if oauth2_proxy_active | bool %}
-  # Include OAuth2 Proxy
-  # Raise the maximal header size.
-  # Keycloak uses huge headers for authentification 
-  proxy_buffer_size 16k;
-  proxy_buffers 8 16k;
-  proxy_busy_buffers_size 16k;
-  large_client_header_buffers 4 16k;
-
-  # OAuth2-Proxy-Endpoint
-  location /oauth2/ {
-      proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}};
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-  }
+    {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%}
   {% endif %}
 
   {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
diff --git a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
index 11ea4a85..262fd2f0 100644
--- a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
+++ b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
@@ -1,8 +1,7 @@
 location /
 {
   {% if oauth2_proxy_active | bool %}
-  auth_request /oauth2/auth;
-  error_page 401 = /oauth2/start;
+    {% include 'roles/docker-oauth2-proxy/templates/following_directives.conf.j2'%}
   {% endif %}
 
   proxy_pass http://127.0.0.1:{{http_port}}/;