Implemented location dedicated OAuth2 Proxy and solved other bugs

group_vars/all/07_applications.yml

@@ -82,7 +82,6 @@ defaults_applications:
     lam:
       version:                        "latest"
       administrator_password:         "{{user_administrator_initial_password}}" # CHANGE for security reasons
-      oauth2_proxy_active:            true
     openldap:
       version:                        "latest"
       network:
@@ -94,7 +93,10 @@ defaults_applications:
     webinterface:                     "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
     administrator_username:           "{{administrator_username}}"
     ldap_enabled:                     True                                      # Should have the same value as applications.ldap.openldap.network.local.
-                                                                                # Both need to be set to True to load the ldap_network in the docker compose file
+    oauth2_proxy:
+      enabled:                        true                                      # Activate the OAuth2 Proxy for the LDAP Webinterface
+      application:                    lam                                       # Needs to be the same as webinterface
+      port:                           80                                        # If you use phpldapadmin set it to 8080
     # administrator_password:                                                   # CHANGE for security reasons in inventory file
     # administrator_database_password:                                          # CHANGE for security reasons in inventory file
 
@@ -112,6 +114,8 @@ defaults_applications:
   ## Matomo
   matomo:
     version:                          "latest"
+    oauth2_proxy:
+      enabled:                        false                                     # Deactivated atm. @todo implement 
 
   ## Mastodon
   mastodon:
@@ -163,9 +167,12 @@ defaults_applications:
 
   ## Open Project
   openproject:
-    version:              "13"  # Update when available. Sadly no rolling release implemented
-    oauth2_proxy_active:  true
-    ldap_enabled:         True  # Enables LDAP by default 
+    version:              "13"    # Update when available. Sadly no rolling release implemented
+    oauth2_proxy:  
+      enabled:            true    # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
+      application:        "proxy"
+      port:               "80"
+    ldap_enabled:         True    # Enables LDAP by default 
 
   ## Peertube
   peertube:
@@ -175,7 +182,10 @@ defaults_applications:
   phpmyadmin:
     version:              "latest"
     autologin:            false     # This is a high security risk. Just activate this option if you know what you're doing
-    oauth2_proxy_active:  true
+    oauth2_proxy:  
+      enabled:            true
+      port:               "80"
+      application:        "application"
 
   ## Pixelfed
   pixelfed:
@@ -198,4 +208,9 @@ defaults_applications:
   ## YOURLS
   yourls:
     administrator_username:  "{{administrator_username}}"
-    version:                 "latest"
+    version:                 "latest"
+    oauth2_proxy:  
+      enabled:                true
+      application:            "application"
+      port:                   "80"
+      location:               "/admin/"                       # Protects the admin arear

group_vars/all/09_ports.yml

@@ -7,6 +7,7 @@ ports:
       phpmyadmin:     4181
       ldap:           4182
       openproject:    4183
+      yourls:         4184
     ldap:
       openldap:       389
     http:
@@ -25,7 +26,7 @@ ports:
       roulette-wheel: 8013
       joomla:         8014
       attendize:      8015
-      #matrix:         8016 Not used anymore
+      #matrix:        8016 Not used anymore
       baserow:        8017
       matomo:         8018
       listmonk:       8019

group_vars/all/10_networks.yml

@@ -50,8 +50,9 @@ defaults_networks:
       subnet: 192.168.102.48/28
     nextcloud:
       subnet: 192.168.102.64/28
-    oauth2_proxy:
-      subnet: 192.168.102.80/28
+    # This network should be free. Use it for another application ->
+    #oauth2_proxy:
+    #  subnet: 192.168.102.80/28
     peertube:
       subnet: 192.168.102.96/28
     phpmyadmin:

group_vars/all/11_iam.yml

@@ -7,7 +7,7 @@
 #############################################
 # @see https://en.wikipedia.org/wiki/OpenID_Connect
 
-## Private configuration variables:
+## Helper Variables:
 _oidc_client_realm:       "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
 _oidc_client_issuer_url:  "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"
 
@@ -25,18 +25,11 @@ defaults_oidc:
     logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"      # Endpoint to log out the user
     change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"  # URL for managing or changing user credentials
 
-#############################################
-### OAuth2-Proxy                          ###
-#############################################
-# The name of the application which the server redirects to. Needs to be defined in role vars.
-oauth2_proxy_upstream_application_and_port:  "application:80"
-oauth2_proxy_active:                         false   
-
 #############################################
 ### LDAP                                  ###
 #############################################
 
-# Helper variables
+# Helper Variables:
 _ldap_dn_base: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
 
 ldap: