kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-05 09:51:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized injection layer on lua base, as replace for nginx replace. Also optimized cloudflare cache deletion(no everytime for cleanup). Still CDN is required for logout mechanism via JS and Nextcloud deploy is buggy after changing from nginx to openresty. Propably some variable overwritte topic. Should be solved tomorrow.

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-24 19:13:13 +02:00
parent f62355e490
commit 27973c2773
36 changed files with 483 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2
View File

@@ -6,7 +6,7 @@ server
{% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
{% endif %}
{% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.lua.j2'%}
{% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}
{% if proxy_extra_configuration is defined %}
{# Additional Domain Specific Configuration #}
@@ -15,9 +15,6 @@ server
{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
{% if applications | get_app_conf(application_id, 'features.logout', False) or domain == primary_domain %}
{% include 'roles/web-svc-logout/templates/logout-proxy.conf.j2' %}
{% endif %}
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
{% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', False, {}) %}
@@ -25,38 +22,38 @@ server
{# 1. Expose everything by default, then protect blacklisted paths #}
{% set oauth2_proxy_enabled = false %}
{% set location = "/" %}
{% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
{% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
{% for loc in acl.blacklist %}
{% set oauth2_proxy_enabled = true %}
{% set location = loc %}
{% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
{% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
{% endfor %}
{% elif acl.whitelist is defined %}
{# 2. Protect everything by default, then expose whitelisted paths #}
{% set oauth2_proxy_enabled = true %}
{% set location = "/" %}
{% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
{% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
{% for loc in acl.whitelist %}
{% set oauth2_proxy_enabled = false %}
{% set location = loc %}
{% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
{% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
{% endfor %}
{% else %}
{# 3. OAuth2 enabled but no (or empty) ACL — protect all #}
{% set oauth2_proxy_enabled = true %}
{% set location = "/" %}
{% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
{% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
{% endif %}
{% else %}
{# 4. OAuth2 completely disabled — expose all #}
{% set oauth2_proxy_enabled = false %}
{% set location = "/" %}
{% include 'roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2' %}
{% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
{% endif %}
}