Implemented OAuth2-Proxy for LDAP

group_vars/all

@@ -296,13 +296,16 @@ mybb_version:               "latest"
 nextcloud_version:          "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
 
 #### OAuth2 Proxy
-oauth2_configuration_file:            "oauth2-proxy-keycloak.cfg"
-oauth2_proxy_active:                  false   # Needs to be set true in the roles which use it
-oauth2_version:                       "latest"
-oauth2_proxy_redirect_url:            "https://{{domain_keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
-# oauth2_proxy_port:                  >= 4180 # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
-# oauth2_proxy_upstream_application_and_port: # The name of the application which the server redirects to. Needs to be defined in role vars.
-oauth2_proxy_allowed_roles:           admin   # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
+oauth2_configuration_file:                    "oauth2-proxy-keycloak.cfg"
+oauth2_proxy_active:                          false                                     # Needs to be set true in the roles which use it
+oauth2_version:                               "latest"
+oauth2_proxy_redirect_url:                    "https://{{domain_keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
+# oauth2_proxy_port:                          >= 4180                                   # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
+oauth2_proxy_upstream_application_and_port:   "application:80"                          # The name of the application which the server redirects to. Needs to be defined in role vars.
+oauth2_proxy_allowed_roles:                   admin                                     # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
+oauth2_proxy_client_id:                       "{{primary_domain}}"                      # The id of the client application
+oauth2_proxy_client_secret:                   "{{primary_oauth2_proxy_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
+oauth2_proxy_cookie_secret:                   "{{primary_oauth2_proxy_cookie_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
 
 #### Open Project
 # openproject_oauth2_proxy_client_secret: Needs to be defined in inventory # The client ID configured in Keycloak for the application. 
@@ -315,8 +318,8 @@ peertube_version:                         "bookworm"
 #### PHPMyAdmin
 phpmyadmin_version:                       "latest"
 phpmyadmin_autologin:                     false     # This is a high security risk. Just activate this option if you know what you're doing
-# phpmyadmin_oauth2_proxy_client_secret:    Needs to be defined in inventory # The client ID configured in Keycloak for the application. 
-# phpmyadmin_oauth2_proxy_cookie_secret:    Needs to be defined in inventory # The client secret configured in Keycloak for the application.
+# phpmyadmin_oauth2_proxy_client_secret:  Needs to be defined in inventory # The client ID configured in Keycloak for the application. 
+# phpmyadmin_oauth2_proxy_cookie_secret:  Needs to be defined in inventory # The client secret configured in Keycloak for the application.
 
 #### Pixelfed
 pixelfed_app_name:          "Pictures on {{primary_domain}}"