Optimized injection layer on lua base, as replace for nginx replace. Also optimized cloudflare cache deletion(no everytime for cleanup). Still CDN is required for logout mechanism via JS and Nextcloud deploy is buggy after changing from nginx to openresty. Propably some variable overwritte topic. Should be solved tomorrow.

roles/srv-proxy-7-4-core/templates/location/README.md

@@ -0,0 +1,58 @@
+# Nginx Location Templates
+
+This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-7-4-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
+
+---
+
+## Overview of Files
+
+### `html.conf.j2`
+- **Purpose:**  
+  Handles "normal" web traffic such as HTML pages, API endpoints, and general HTTP(S) requests.
+- **Features:**  
+  - Proxies requests to the backend service.
+  - Optionally integrates with OAuth2 proxy for authentication.
+  - Sets all necessary proxy headers.
+  - Applies a Content Security Policy header.
+  - Activates buffering for advanced features such as Lua-based string replacements.
+  - Supports WebSocket upgrades for hybrid APIs.
+
+---
+
+### `ws.conf.j2`
+- **Purpose:**  
+  Handles WebSocket connections, enabling real-time features such as live updates or chats.
+- **Features:**  
+  - Sets all headers required for WebSocket upgrades.
+  - Disables proxy buffering (required for WebSockets).
+  - Uses `tcp_nodelay` for low latency.
+  - Proxies traffic to the backend WebSocket server.
+
+---
+
+### `media.conf.j2`
+- **Purpose:**  
+  Proxies and caches static media files (images, icons, etc.).
+- **Features:**  
+  - Matches image file extensions (jpg, png, gif, webp, ico, svg, etc.).
+  - Enables browser-side and proxy-side caching for efficient delivery.
+  - Adds cache control headers and exposes the upstream cache status.
+
+---
+
+## Usage
+
+These templates are intended for inclusion in larger Nginx configuration files via Jinja2.  
+They modularize your configuration by separating HTML, WebSocket, and media proxying, allowing for clear, reusable, and maintainable reverse proxy logic.
+
+- Use `html.conf.j2` for standard application HTTP/S endpoints.
+- Use `ws.conf.j2` for dedicated WebSocket endpoints.
+- Use `media.conf.j2` for efficient handling of static media content.
+
+---
+
+## Best Practices
+
+- Only enable WebSocket proxying (`ws.conf.j2`) for routes that actually require it, to avoid breaking buffering for standard HTTP.
+- Activate media proxying (`media.conf.j2`) if your application benefits from image caching at the proxy layer.
+- Keep templates modular for maintainability and scalability as your application grows.

roles/srv-proxy-7-4-core/templates/location/Todo.md

@@ -0,0 +1,2 @@
+# TODOS
+- ATM it seems like the media proxy isn't used. Propably it could make sense to activate it. -> Research it.

roles/srv-proxy-7-4-core/templates/location/html.conf.j2

@@ -21,13 +21,16 @@ location {{location | default("/")}}
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
 
-  # deactivate buffering
-  proxy_buffering off;
-  proxy_request_buffering off;
+  # Activate buffering
+  # Needs to be enabled, so that lua can do str replaces
+  proxy_buffering         on; 
+  proxy_request_buffering on;
 
   # timeouts
   proxy_connect_timeout       1s;
   proxy_send_timeout          900s;
   proxy_read_timeout          900s;
   send_timeout                900s;
+
+  {% include 'roles/srv-web-7-7-inj-compose/templates/location.lua.j2'%}
 }

roles/srv-proxy-7-4-core/templates/location/ws.conf.j2

@@ -0,0 +1,14 @@
+location {{ location_ws }} {
+  proxy_set_header Host              $host;
+  proxy_set_header X-Real-IP         $remote_addr;
+  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto https;
+  proxy_pass           http://127.0.0.1:{{ ws_port }};
+  
+  # Proxy buffering needs to be disabled for websockets. 
+  proxy_buffering      off;
+  proxy_http_version   1.1;
+  proxy_set_header     Upgrade        $http_upgrade;
+  proxy_set_header     Connection     $connection_upgrade;
+  tcp_nodelay          on;
+}