Replaced web_protocol by WEB_PROTOCOL

group_vars/all/00_general.yml

@@ -16,8 +16,8 @@ HOST_DECIMAL_MARK:        ","
 # Deployment mode
 deployment_mode:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
 
-web_protocol:           "https"       # Web protocol type. Use https or http. If you run local you need to change it to http
+WEB_PROTOCOL:           "https"       # Web protocol type. Use https or http. If you run local you need to change it to http
-WEB_PORT:               "{{ 443 if web_protocol == 'https' else 80 }}"  # Default port web applications will listen to
+WEB_PORT:               "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}"  # Default port web applications will listen to
 
 ## Domain
 primary_domain_tld:     "localhost"                                     # Top Level Domain of the server

group_vars/all/12_oidc.yml

@@ -12,7 +12,7 @@ _oidc_client_realm:         "{{ oidc.client.realm if oidc.client is defined and
 _oidc_url:                  "{{ 
                                 (oidc.url 
                                   if (oidc is defined and oidc.url is defined) 
-                                  else web_protocol ~ '://' ~ (domains | get_domain('web-app-keycloak'))
+                                  else WEB_PROTOCOL ~ '://' ~ (domains | get_domain('web-app-keycloak'))
                                 ) 
                             }}"
 _oidc_client_issuer_url:    "{{ _oidc_url }}/realms/{{_oidc_client_realm}}"

group_vars/all/15_about.yml

@@ -30,4 +30,4 @@ defaults_service_provider:
   legal:
     editorial_responsible:  "Johannes Gutenberg"
     source_code:            "https://github.com/kevinveenbirkenbach/infinito-nexus"
-    imprint:                "{{web_protocol}}://{{ domains | get_domain('web-svc-html') }}/imprint.html"
+    imprint:                "{{WEB_PROTOCOL}}://{{ domains | get_domain('web-svc-html') }}/imprint.html"

roles/srv-proxy-6-6-domain/tasks/main.yml

@@ -16,7 +16,7 @@
 
 - name: "Check if {{ domains | get_domain(application_id) }} is reachable (only if config unchanged)"
   uri:
-    url: "{{ domains | get_url(application_id, web_protocol) }}"
+    url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
   register: site_check
   failed_when: false
   changed_when: false

roles/srv-web-7-7-inj-logout/templates/head_sub.j2

@@ -1 +1 @@
-<script src="{{ domains | get_url('web-svc-cdn', web_protocol) }}/logout.js?{{ inj_logout_js_version }}"></script>
+<script src="{{ domains | get_url('web-svc-cdn', WEB_PROTOCOL) }}/logout.js?{{ inj_logout_js_version }}"></script>

roles/srv-web-7-7-inj-logout/templates/logout_one_liner.js.j2

@@ -1,5 +1,5 @@
 initLogoutPatch(
     '{{ oidc.client.logout_url }}',
-    '{{ web_protocol }}',
+    '{{ WEB_PROTOCOL }}',
     '{{ primary_domain }}'
 );

roles/srv-web-7-7-inj-matomo/vars/main.yml

@@ -1,4 +1,4 @@
 base_domain:              "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
-matomo_index_php_url:     "{{ domains | get_url('web-app-matomo', web_protocol) }}/index.php"
+matomo_index_php_url:     "{{ domains | get_url('web-app-matomo', WEB_PROTOCOL) }}/index.php"
 matomo_auth_token:        "{{ applications['web-app-matomo'].credentials.auth_token }}"
 matomo_verification_url:  "{{ matomo_index_php_url }}?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{ base_domain }}&format=json&token_auth={{ matomo_auth_token }}"

roles/sys-hlth-webserver/templates/sys-hlth-webserver.py.j2

@@ -40,7 +40,7 @@ for filename in os.listdir(config_path):
         parts = domain.split('.')
         
         # Prepare the URL and expected status codes
-        url = f"{{ web_protocol }}://{domain}"
+        url = f"{{ WEB_PROTOCOL }}://{domain}"
         
         redirected_domains = [domain['source'] for domain in {{ current_play_domain_mappings_redirect}}]
         redirected_domains.append("{{domains | get_domain('web-app-mailu')}}")

roles/web-app-akaunting/templates/env.j2

@@ -1,5 +1,5 @@
 # You should change this to match your reverse proxy DNS name and protocol
-APP_URL={{ domains | get_url(application_id, web_protocol) }}
+APP_URL={{ domains | get_url(application_id, WEB_PROTOCOL) }}
 LOCALE={{ HOST_LL }}
 
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)

roles/web-app-bigbluebutton/templates/env.j2

@@ -290,6 +290,6 @@ DEFAULT_REGISTRATION=invite
 OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
-OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, web_protocol) }}
+OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, WEB_PROTOCOL) }}
 # OPENID_CONNECT_UID_FIELD=sub default
 {% endif %}

roles/web-app-bluesky/templates/docker-compose.yml.j2

@@ -22,8 +22,8 @@
       dockerfile: Dockerfile 
       # It doesn't compile yet with this parameters. @todo Fix it
       args:
-        REACT_APP_PDS_URL: "{{ web_protocol }}://{{domains[application_id].api}}" # URL des PDS
+        REACT_APP_PDS_URL: "{{ WEB_PROTOCOL }}://{{domains[application_id].api}}" # URL des PDS
-        REACT_APP_API_URL: "{{ web_protocol }}://{{domains[application_id].api}}" # API-URL des PDS
+        REACT_APP_API_URL: "{{ WEB_PROTOCOL }}://{{domains[application_id].api}}" # API-URL des PDS
         REACT_APP_SITE_NAME: "{{primary_domain | upper}} - Bluesky"
         REACT_APP_SITE_DESCRIPTION: "Decentral Social "
     ports:

roles/web-app-espocrm/templates/env.j2

@@ -23,7 +23,7 @@ ESPOCRM_ADMIN_USERNAME={{ applications | get_app_conf(application_id, 'users.adm
 ESPOCRM_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}
 
 # Public base URL of the EspoCRM instance
-ESPOCRM_SITE_URL={{ domains | get_url(application_id, web_protocol) }}
+ESPOCRM_SITE_URL={{ domains | get_url(application_id, WEB_PROTOCOL) }}
 
 # ------------------------------------------------
 # General UI & locale settings

roles/web-app-funkwhale/templates/env.j2

@@ -37,7 +37,7 @@ FUNKWHALE_WEB_WORKERS=4
 # your instance. It cannot be changed after initial deployment
 # without breaking your instance.
 FUNKWHALE_HOSTNAME={{domains | get_domain(application_id)}}
-FUNKWHALE_PROTOCOL={{ web_protocol }}
+FUNKWHALE_PROTOCOL={{ WEB_PROTOCOL }}
 
 # Log level (debug, info, warning, error, critical)
 LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %}

roles/web-app-gitea/templates/env.j2

@@ -4,7 +4,7 @@
 # General
 DOMAIN={{domains | get_domain(application_id)}}
 RUN_MODE="{{ 'dev' if (INFINITO_ENVIRONMENT | lower) == 'development' else 'prod' }}"
-ROOT_URL="{{ domains | get_url(application_id, web_protocol) }}/"
+ROOT_URL="{{ domains | get_url(application_id, WEB_PROTOCOL) }}/"
 APP_NAME="{{ applications | get_app_conf(application_id, 'title', True) }}"
 USER_UID=1000
 USER_GID=1000

roles/web-app-keycloak/templates/import/realm.json.j2

@@ -517,7 +517,7 @@
         "/realms/{{ keycloak_realm }}/account/*"
       ],
       "webOrigins": [
-        "{{ domains | get_url('web-app-keycloak', web_protocol) }}"
+        "{{ domains | get_url('web-app-keycloak', WEB_PROTOCOL) }}"
       ],
       "notBefore": 0,
       "bearerOnly": false,
@@ -825,9 +825,9 @@
       "clientId": "{{ keycloak_realm }}",
       "name": "",
       "description": "",
-      "rootUrl":  "{{ web_protocol }}://{{ keycloak_realm }}/",
+      "rootUrl":  "{{ WEB_PROTOCOL }}://{{ keycloak_realm }}/",
-      "adminUrl": "{{ web_protocol }}://{{ keycloak_realm }}/",
+      "adminUrl": "{{ WEB_PROTOCOL }}://{{ keycloak_realm }}/",
-      "baseUrl":  "{{ web_protocol }}://{{ keycloak_realm }}/",
+      "baseUrl":  "{{ WEB_PROTOCOL }}://{{ keycloak_realm }}/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
@@ -837,10 +837,10 @@
       {%- for domain_application_id, domain in domains.items() %}
         {%- if applications | get_app_conf(domain_application_id, 'features.oauth2', False) or applications | get_app_conf(domain_application_id, 'features.oidc', False) %}
           {%- if domain is string %}
-            {%- set _ = redirect_uris.append(web_protocol ~ '://' ~ domain ~ '/*') %}
+            {%- set _ = redirect_uris.append(WEB_PROTOCOL ~ '://' ~ domain ~ '/*') %}
           {%- else %}
             {%- for d in domain %}
-              {%- set _ = redirect_uris.append(web_protocol ~ '://' ~ d ~ '/*') %}
+              {%- set _ = redirect_uris.append(WEB_PROTOCOL ~ '://' ~ d ~ '/*') %}
             {%- endfor %}
           {%- endif %}
         {%- endif %}
@@ -848,7 +848,7 @@
       
       "redirectUris": {{ redirect_uris | tojson }},
       "webOrigins": [
-        "{{ web_protocol }}://*.{{primary_domain}}"
+        "{{ WEB_PROTOCOL }}://*.{{primary_domain}}"
       ],
       "notBefore": 0,
       "bearerOnly": false,
@@ -865,7 +865,7 @@
         "oidc.ciba.grant.enabled": "false",
         "client.secret.creation.time": "0",
         "backchannel.logout.session.required": "true",
-        "post.logout.redirect.uris": "{{ web_protocol }}://{{primary_domain}}/*##+",
+        "post.logout.redirect.uris": "{{ WEB_PROTOCOL }}://{{primary_domain}}/*##+",
         "frontchannel.logout.session.required": "true",
         "oauth2.device.authorization.grant.enabled": "false",
         "display.on.consent.screen": "false",

roles/web-app-listmonk/vars/main.yml

@@ -8,7 +8,7 @@ listmonk_name:    "{{ applications | get_app_conf(application_id, 'docker.servic
 
 listmonk_settings:
   - key: "app.root_url"
-    value: '"{{ domains | get_url(application_id, web_protocol) }}"'
+    value: '"{{ domains | get_url(application_id, WEB_PROTOCOL) }}"'
 
   - key: "app.notify_emails"
     value: "{{ [ users.administrator.email ] | to_json }}"

roles/web-app-matomo/vars/main.yml

@@ -5,7 +5,7 @@ database_type:        "mariadb"
 
 # Matomo
 matomo_excluded_ips:  "{{ applications | get_app_conf(application_id, 'excluded_ips', True) }}"
-matomo_index_php_url: "{{ domains | get_url(application_id, web_protocol) }}/index.php"
+matomo_index_php_url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}/index.php"
 matomo_auth_token:    "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}"
 matomo_version:       "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version', True) }}"
 matomo_image:         "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"

roles/web-app-matrix/templates/docker-compose.yml.j2

@@ -81,7 +81,7 @@
       KEYV_URL: ''
       KEYV_BOT_ENCRYPTION: 'false'
       KEYV_BOT_STORAGE: 'true'
-      MATRIX_HOMESERVER_URL: '{{ web_protocol }}://{{ domains[application_id].synapse }}'
+      MATRIX_HOMESERVER_URL: '{{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}'
       MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
       MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
       MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}'

roles/web-app-matrix/templates/element.config.json.j2

@@ -1,11 +1,11 @@
 {
     "default_server_config": {
         "m.homeserver": {
-            "base_url": "{{ web_protocol }}://{{domains[application_id].synapse}}",
+            "base_url": "{{ WEB_PROTOCOL }}://{{domains[application_id].synapse}}",
             "server_name": "{{domains[application_id].synapse}}"
         },
         "m.identity_server": {
-            "base_url": "{{ web_protocol }}://{{primary_domain}}"
+            "base_url": "{{ WEB_PROTOCOL }}://{{primary_domain}}"
         }
     },
     "brand": "Element",

roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2

@@ -134,7 +134,7 @@ bridge:
     double_puppet_allow_discovery: false
     # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
     #
     # If set, custom puppets will be enabled automatically for local users

roles/web-app-matrix/templates/mautrix/signal.config.yml.j2

@@ -141,7 +141,7 @@ bridge:
     federate_rooms: true
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/slack.config.yml.j2

@@ -118,7 +118,7 @@ bridge:
 
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2

@@ -198,7 +198,7 @@ bridge:
     sync_direct_chat_list: false
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2

@@ -236,7 +236,7 @@ bridge:
     force_active_delivery_receipts: false
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/synapse/homeserver.yaml.j2

@@ -25,8 +25,8 @@ report_stats:                   true
 macaroon_secret_key:            "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
 form_secret:                    "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"
 signing_key_path:               "/data/{{domains[application_id].synapse}}.signing.key"
-web_client_location:            "{{ web_protocol }}://{{domains[application_id].element}}"
+web_client_location:            "{{ WEB_PROTOCOL }}://{{domains[application_id].element}}"
-public_baseurl:                 "{{ web_protocol }}://{{domains[application_id].synapse}}"
+public_baseurl:                 "{{ WEB_PROTOCOL }}://{{domains[application_id].synapse}}"
 trusted_key_servers:
   - server_name: "matrix.org"
 admin_contact: 'mailto:{{ users.administrator.email }}'

roles/web-app-moodle/tasks/oidc.yml

@@ -39,7 +39,7 @@
     - { name: "field_lock_lastname",  value: "locked" }
     - { name: "field_map_email",      value: "locked" }
     #- { name: "showloginform",        value: 0 }  # Deactivate if OIDC is active
-    - { name: "alternateloginurl",    value: "{{ domains | get_url(application_id, web_protocol) }}/auth/oidc/" }
+    - { name: "alternateloginurl",    value: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}/auth/oidc/" }
   loop_control:
     label: "{{ item.name }}"
   command: >

roles/web-app-navigator/config/main.yml

@@ -16,7 +16,7 @@ server:
       font-src:
         - https://cdnjs.cloudflare.com
       frame-src:
-        - "{{ web_protocol }}://*.{{primary_domain}}" # Makes sense that all of the website content is available in the navigator
+        - "{{ WEB_PROTOCOL }}://*.{{primary_domain}}" # Makes sense that all of the website content is available in the navigator
     flags:
       style-src:
         unsafe-inline: true

roles/web-app-nextcloud/templates/env.j2

@@ -32,7 +32,7 @@ NEXTCLOUD_ADMIN_PASSWORD=       "{{applications | get_app_conf(application_id, '
 NEXTCLOUD_TRUSTED_DOMAINS=      "{{ domains[application_id] | select | join(',') }}"
 # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
 TRUSTED_PROXIES=                "{{ networks.internet.values() | select | join(',') }}"
-OVERWRITECLIURL=                "{{ domains | get_url(application_id, web_protocol) }}"
+OVERWRITECLIURL=                "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 OVERWRITEPROTOCOL=              "https"
 
 # Redis Configuration

roles/web-app-nextcloud/vars/plugins/bbb.yml

@@ -4,4 +4,4 @@ plugin_configuration:
     configvalue:  "{{ applications | get_app_conf('web-app-bigbluebutton', 'credentials.shared_secret', False,'') }}"
   - appid:        "bbb"
     configkey:    "api.url"
-    configvalue:  "{{ domains | get_url('web-app-bigbluebutton', web_protocol) }}{{ applications | get_app_conf('web-app-bigbluebutton', 'api_suffix', False,'') }}"
+    configvalue:  "{{ domains | get_url('web-app-bigbluebutton', WEB_PROTOCOL) }}{{ applications | get_app_conf('web-app-bigbluebutton', 'api_suffix', False,'') }}"

roles/web-app-nextcloud/vars/system.yml

@@ -18,4 +18,4 @@ nextcloud_system_config:
     value: "{{domains | get_domain(application_id)}}"
 
   - parameter: "overwrite.cli.url"
-    value: "{{ domains | get_url(application_id, web_protocol) }}"
+    value: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"

roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2

@@ -8,7 +8,7 @@ whitelist_domains       =   [".{{ primary_domain }}"]
 # keycloak provider
 client_secret           =   "{{ oidc.client.secret }}"
 client_id               =   "{{ oidc.client.id }}"
-redirect_url            =   "{{ web_protocol }}://{{ domains | get_domain(oauth2_proxy_application_id) }}/oauth2/callback"
+redirect_url            =   "{{ WEB_PROTOCOL }}://{{ domains | get_domain(oauth2_proxy_application_id) }}/oauth2/callback"
 oidc_issuer_url         =   "{{ oidc.client.issuer_url }}"
 provider                =   "oidc"
 provider_display_name   =   "{{ oidc.button_text }}"

roles/web-app-phpldapadmin/templates/env.j2

@@ -1,3 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-APP_URL=    {{ domains | get_url(application_id, web_protocol) }}
+APP_URL=    {{ domains | get_url(application_id, WEB_PROTOCOL) }}
 LDAP_HOST=  {{ldap.server.domain}}

roles/web-app-pixelfed/templates/env.j2

@@ -5,7 +5,7 @@ APP_KEY={{applications | get_app_conf(application_id, 'credentials.app_key', Tru
 APP_NAME="{{ pixelfed_titel }}"
 APP_ENV={{ INFINITO_ENVIRONMENT | lower }}
 APP_DEBUG={{enable_debug | string | lower }}
-APP_URL={{ domains | get_url(application_id, web_protocol) }}
+APP_URL={{ domains | get_url(application_id, WEB_PROTOCOL) }}
 APP_DOMAIN="{{domains | get_domain(application_id)}}"
 ADMIN_DOMAIN="{{domains | get_domain(application_id)}}"
 SESSION_DOMAIN="{{domains | get_domain(application_id)}}"

roles/web-app-port-ui/config/main.yml

@@ -20,7 +20,7 @@ server:
       connect-src:
         - https://ka-f.fontawesome.com
       frame-src:
-        - "{{ web_protocol }}://*.{{primary_domain}}"
+        - "{{ WEB_PROTOCOL }}://*.{{primary_domain}}"
     flags:
       style-src:
         unsafe-inline: true

roles/web-app-port-ui/tasks/main.yml

@@ -25,7 +25,7 @@
 
 - name: "Load images for applications feature simpleicons is enabled "
   set_fact:
-    portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, web_protocol) }}"
+    portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, WEB_PROTOCOL) }}"
   when:
     - (applications | get_app_conf(application_id, 'features.simpleicons', False))
     - run_once_docker_portfolio is not defined

roles/web-app-port-ui/templates/menu/followus.yml.j2

@@ -10,7 +10,7 @@ followus:
       description: Follow {{ 'our' if service_provider.type == 'legal' else 'my' }} updates on Mastodon.
       icon:
         class: fa-brands fa-mastodon
-      url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
+      url: "{{ WEB_PROTOCOL }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
       identifier: "{{service_provider.contact.mastodon}}"
       iframe: {{ applications | get_app_conf('web-app-mastodon','features.port-ui-desktop',True) }}
 {% endif %}
@@ -30,7 +30,7 @@ followus:
       icon:
           class: fa-solid fa-camera
       identifier: "{{service_provider.contact.pixelfed}}"
-      url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
+      url: "{{ WEB_PROTOCOL }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
       iframe: {{ applications | get_app_conf('web-app-pixelfed','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.peertube  is defined and service_provider.contact.peertube  != "" %}
@@ -39,7 +39,7 @@ followus:
       icon:
         class: fa-solid fa-video
       identifier: "{{service_provider.contact.peertube}}"
-      url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
+      url: "{{ WEB_PROTOCOL }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
       iframe: {{ applications | get_app_conf('web-app-peertube','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
@@ -48,7 +48,7 @@ followus:
       icon:
         class: fa-solid fa-blog
       identifier: "{{service_provider.contact.wordpress}}"
-      url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
+      url: "{{ WEB_PROTOCOL }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
       iframe: {{ applications | get_app_conf('web-app-wordpress','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %}
@@ -57,6 +57,6 @@ followus:
       icon:
         class: fas fa-net-wired
       identifier: "{{service_provider.contact.friendica}}"
-      url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
+      url: "{{ WEB_PROTOCOL }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
       iframe: {{ applications | get_app_conf('web-app-friendica','features.port-ui-desktop',True) }}
 {% endif %}

roles/web-app-port-ui/templates/menu/header.yml.j2

@@ -15,4 +15,4 @@
       description: Reload the application
       icon:
         class: fa-solid fa-rotate-right
-      url:   "{{ web_protocol }}://{{ domains | get_domain('web-app-port-ui') }}"
+      url:   "{{ WEB_PROTOCOL }}://{{ domains | get_domain('web-app-port-ui') }}"

roles/web-app-snipe-it/vars/main.yml

@@ -9,7 +9,7 @@ database_type:      "mariadb"
 docker_compose_flush_handlers:          true
 
 # Snipe-IT specific
-snipe_it_url:       "{{ domains | get_url(application_id, web_protocol) }}"
+snipe_it_url:       "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 snipe_it_version:   "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.version', True) }}"
 snipe_it_image:     "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.image', True) }}"
 snipe_it_container:      "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.name', True) }}"

roles/web-app-syncope/templates/docker-compose.yml.j2

@@ -10,7 +10,7 @@
      environment:
        SPRING_PROFILES_ACTIVE: docker,postgresql,saml2
        OPENJPA_REMOTE_COMMIT: sjvm
-       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[rest]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, WEB_PROTOCOL) }}/{{syncope_paths[rest]}}/
     # database variablen auslesen
 
    console: 
@@ -22,7 +22,7 @@
      restart: always
      environment:
        SPRING_PROFILES_ACTIVE: docker,saml2
-       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[console]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, WEB_PROTOCOL) }}/{{syncope_paths[console]}}/
 
    enduser: 
      depends_on:
@@ -33,6 +33,6 @@
      restart: always
      environment:
        SPRING_PROFILES_ACTIVE: docker,saml2
-       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[enduser]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, WEB_PROTOCOL) }}/{{syncope_paths[enduser]}}/
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-syncope/templates/proxy.conf

@@ -16,7 +16,7 @@ server
   {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% for path in syncope_paths.values() %}
-    {% set location =  web_protocol ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}
+    {% set location =  WEB_PROTOCOL ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}
     {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2'%}
   {% endfor %}
 }

roles/web-app-wordpress/tasks/install.yml

@@ -2,7 +2,7 @@
   command: >
     docker-compose exec -T -u www-data application
     wp core install
-      --url="{{ domains | get_url(application_id, web_protocol) }}"
+      --url="{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
       --title="{{ applications | get_app_conf(application_id, 'title', True) }}"
       --admin_user="{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
       --admin_password="{{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}"

roles/web-app-wordpress/vars/discourse.yml

@@ -11,7 +11,7 @@ discourse_settings:
 
   - name: discourse_connect
     key: url
-    value: "{{ domains | get_url('web-app-discourse', web_protocol) }}"
+    value: "{{ domains | get_url('web-app-discourse', WEB_PROTOCOL) }}"
   - name: discourse_connect
     key: api-key
     value: "{{ vault_discourse_api_key }}"

roles/web-app-yourls/templates/env.j2

@@ -2,7 +2,7 @@ YOURLS_DB_HOST: "{{ database_host }}"
 YOURLS_DB_USER: "{{ database_username }}"
 YOURLS_DB_PASS: "{{ database_password }}"
 YOURLS_DB_NAME: "{{ database_name }}"
-YOURLS_SITE:    "{{ domains | get_url(application_id, web_protocol) }}"
+YOURLS_SITE:    "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 YOURLS_USER:    "{{ yourls_user }}"
 YOURLS_PASS:    "{{ yourls_password }}"
 # The following deactivates the login mask for admins, if the oauth2 proxy is activated 

roles/web-svc-asset/config/main.yml

@@ -1,5 +1,5 @@
 source_directory: "{{ playbook_dir }}/assets"
-url:              "{{ web_protocol }}://<< defaults_applications['web-svc-file']server.domains.canonical[0] >>/assets"
+url:              "{{ WEB_PROTOCOL }}://<< defaults_applications['web-svc-file']server.domains.canonical[0] >>/assets"
 server:
   domains:
     canonical:

roles/web-svc-logout/config/main.yml

@@ -16,12 +16,12 @@ server:
         unsafe-inline: true
     whitelist:
       connect-src:
-        - "{{ web_protocol }}://*.{{ primary_domain }}"
+        - "{{ WEB_PROTOCOL }}://*.{{ primary_domain }}"
-        - "{{ web_protocol }}://{{ primary_domain }}"
+        - "{{ WEB_PROTOCOL }}://{{ primary_domain }}"
       script-src-elem:
         - https://cdn.jsdelivr.net
       style-src:
         - https://cdn.jsdelivr.net
       frame-ancestors:
-        - "{{ web_protocol }}://<< defaults_applications[web-app-keycloak].server.domains.canonical[0] >>"
+        - "{{ WEB_PROTOCOL }}://<< defaults_applications[web-app-keycloak].server.domains.canonical[0] >>"
 

roles/web-svc-logout/templates/logout-proxy.conf.j2

@@ -8,7 +8,7 @@ location = /logout {
     proxy_http_version 1.1;
 
     # CORS headers – allow your central page to call this
-    add_header 'Access-Control-Allow-Origin'  '{{ domains | get_url('web-svc-logout', web_protocol) }}' always;
+    add_header 'Access-Control-Allow-Origin'  '{{ domains | get_url('web-svc-logout', WEB_PROTOCOL) }}' always;
     add_header 'Access-Control-Allow-Credentials' 'true'                                                always;
     add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'                                            always;
     add_header 'Access-Control-Allow-Headers' 'Accept, Authorization'                                   always;

roles/web-svc-simpleicons/templates/server.js.j2

@@ -15,7 +15,7 @@ function getExportName(slug) {
 
 // Root: redirect to your documentation
 app.get('/', (req, res) => {
-  res.redirect('{{ domains | get_url('web-app-sphinx', web_protocol) }}/{{ application_id | rel_role_path_by_application_id }}/README.html');
+  res.redirect('{{ domains | get_url('web-app-sphinx', WEB_PROTOCOL) }}/{{ application_id | rel_role_path_by_application_id }}/README.html');
 });
 
 // GET /:slug.svg

templates/roles/web-app/config/README.md.j2

@@ -15,7 +15,7 @@ applications:
 You can reference values from the generated `defaults_applications` dictionary at build time by embedding `<< ... >>` placeholders inside your template. For example:
 
 ```yaml
-url: "{{ web_protocol }}://<< defaults_applications.web-svc-file.domains.canonical[0] >>/assets"
+url: "{{ WEB_PROTOCOL }}://<< defaults_applications.web-svc-file.domains.canonical[0] >>/assets"
 ```
 
 - The `<< ... >>` placeholders are resolved by the [`DictRenderer`](../../../utils/dict_renderer.py) helper class.