kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 23:08:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added base for openproject nextcloud integration bug

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-06-20 13:13:15 +02:00
parent 68287c3c66
commit 20c3fdd455
6 changed files with 93 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
roles/nginx-docker-reverse-proxy/templates/vhost/basic.conf.j2
View File

@@ -15,21 +15,47 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if applications | is_feature_enabled('oauth2',application_id) %}
{% if applications[application_id].oauth2_proxy.location is defined %}
{# Exposed and Unprotected Location #}
{% if applications | is_feature_enabled('oauth2', application_id) %}
{% set acl = applications[application_id].oauth2_proxy.acl | default({}) %}
{% if acl.blacklist is defined %}
{# 1. Expose everything by default, then protect blacklisted paths #}
{% set oauth2_proxy_enabled = false %}
{% set location = "/" %}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
{% for loc in acl.blacklist %}
{% set oauth2_proxy_enabled = true %}
{% set location = loc %}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
{% endfor %}
{% elif acl.whitelist is defined %}
{# 2. Protect everything by default, then expose whitelisted paths #}
{% set oauth2_proxy_enabled = true %}
{% set location = applications[application_id].oauth2_proxy.location %}
{# Gated Location by OAuth2 Proxy #}
{% set location = "/" %}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
{% for loc in acl.whitelist %}
{% set oauth2_proxy_enabled = false %}
{% set location = loc %}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
{% endfor %}
{% else %}
{# 3. OAuth2 enabled but no (or empty) ACL — protect all #}
{% set oauth2_proxy_enabled = true %}
{# Protected Domain by OAuth2 Proxy #}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2'%}
{% set location = "/" %}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
{% endif %}
{% else %}
{# Exposed Domain - Not protected by OAuth2 Proxy #}
{# 4. OAuth2 completely disabled — expose all #}
{% set oauth2_proxy_enabled = false %}
{% set location = "/" %}
{% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
{% endif %}
}