Refactor webserver proxy variables and fix BigBlueButton deployment behavior

Refactor proxy/webserver configuration variables to a consistent webserver_* naming scheme across roles. Replace legacy variables like proxy_extra_configuration, client_max_body_size, vhost_flavour, location_ws and ws_port with webserver_extra_configuration, webserver_client_max_body_size, webserver_vhost_flavour, webserver_websocket_location and webserver_websocket_port. Update NGINX vhost and location templates (html, upload, ws, basic, ws_generic) as well as callers (sys-front-inj-all, sys-stk-front-proxy, various web-app-* and web-svc-* roles) to use the new naming.

Tighten docker-compose Git repository handling by making docker_git_repository_pull depend on docker_git_repository_address being defined, a string and non-empty. This avoids accidental Git operations when the repository address is unset or of the wrong type.

Refactor the BigBlueButton role structure and fix deployment bugs: introduce 01_core.yml to orchestrate docker/proxy setup, database seeding, websocket map deployment, docker-compose overrides and admin/bootstrap logic in a single once-executed entrypoint. Rename supporting task files (02_docker-compose.yml, 03_administrator.yml, 04_dependencies.yml) and update tasks/main.yml to delegate via include_tasks with run_once_web_app_bigbluebutton. Improve Greenlight admin creation behavior by treating the 'Email has already been taken' error as a non-fatal, unchanged outcome and running user:set_admin_role as a fallback, both for the primary password and the OIDC starred-password path.

Also standardize vhost flavour selection for services like Mailu, Discourse, CDN, Collabora, Coturn, OnlyOffice, Simpleicons and web-svc-logout by explicitly passing webserver_vhost_flavour where needed and aligning client_max_body_size and websocket configuration with the new webserver_* variables.

Reference: ChatGPT conversation https://chatgpt.com/share/6931c530-bba8-800f-9997-dd61dc1d497b

roles/docker-compose/defaults/main.yml

@@ -1,3 +1,3 @@
 docker_compose_file_creation_enabled: true  # If set to true the file creation will be skipped
 docker_compose_flush_handlers:        false # Set to true in the vars/main.yml of the including role to autoflush after docker compose routine
-docker_git_repository_pull:           "{{ docker_git_repository_address is defined }}"
+docker_git_repository_pull:           "{{ docker_git_repository_address is defined and docker_git_repository_address is string and docker_git_repository_address | length > 0 }}"

roles/sys-front-inj-all/tasks/main.yml

@@ -15,7 +15,7 @@
 - name: "Included dependent services"
   include_tasks: 01_dependencies.yml
   vars:
-    proxy_extra_configuration:     ""
+    webserver_extra_configuration:     ""
     docker_compose_flush_handlers: true
 
 - name: Reinitialize 'inj_enabled' for '{{ domain }}', after loading the required webservices

roles/sys-stk-front-proxy/defaults/main.yml

@@ -1,2 +1,2 @@
 # default vhost flavour
-vhost_flavour:              "basic" # valid: basic, ws_generic
+webserver_vhost_flavour: "basic" # valid: basic, ws_generic

roles/sys-stk-front-proxy/tasks/main.yml

@@ -8,7 +8,7 @@
   include_role:
     name: sys-util-csp-cert
 
-- name: "Copy NGINX ('{{ domain }}') config to '{{ front_proxy_domain_conf_dst }}'"
+- name: "Deploy NGINX config: '{{ domain }}' -> '{{ front_proxy_domain_conf_dst }}'"
   template:
     src: "{{ item }}"
     dest: "{{ front_proxy_domain_conf_dst }}"
@@ -17,7 +17,7 @@
   vars:
     nginx_template_candidates:
       - "{{ application_id | abs_role_path_by_application_id }}/templates/proxy.conf.j2"
-      - "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"
+      - "roles/sys-svc-proxy/templates/vhost/{{ webserver_vhost_flavour }}.conf.j2"
   with_first_found: "{{ nginx_template_candidates }}"
 
 - block:

roles/sys-svc-proxy/templates/location/html.conf.j2

@@ -10,7 +10,7 @@ location {{location}}
   {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %}
 
   # Client Limits for HTML
-  client_max_body_size {{ client_max_body_size | default('100m') }};
+  client_max_body_size {{ webserver_client_max_body_size | default('100m') }};
 
   {% set _loc = location|trim %}
   proxy_pass http://127.0.0.1:{{ http_port }}{{ (_loc|regex_replace('^(?:=|\\^~)\\s*','')) if not (_loc is match('^(@|~)')) else '' }};

roles/sys-svc-proxy/templates/location/upload.conf.j2

@@ -13,5 +13,5 @@ location {{ location_upload }} {
     proxy_send_timeout      120s;
 
     # Client Limits for Upload
-    client_max_body_size    {{ client_max_body_size }};
+    client_max_body_size    {{ webserver_client_max_body_size }};
 }

roles/sys-svc-proxy/templates/location/ws.conf.j2

@@ -1,9 +1,9 @@
-location {{ location_ws }} {
+location {{ webserver_websocket_location }} {
   proxy_set_header      Host              $host;
   proxy_set_header      X-Real-IP         $remote_addr;
   proxy_set_header      X-Forwarded-For   $proxy_add_x_forwarded_for;
   proxy_set_header      X-Forwarded-Proto $scheme;
-  proxy_pass            http://127.0.0.1:{{ ws_port }};
+  proxy_pass            http://127.0.0.1:{{ webserver_websocket_port }};
   
   # Proxy buffering needs to be disabled for websockets. 
   proxy_buffering      off;

roles/sys-svc-proxy/templates/vhost/basic.conf.j2

@@ -9,9 +9,9 @@ server
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
   
-  {% if proxy_extra_configuration is defined %}
+  {% if webserver_extra_configuration is defined %}
     {# Additional Domain Specific Configuration #}
-    {{ proxy_extra_configuration }}
+    {{ webserver_extra_configuration }}
   {% endif %}
 
   {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}

roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2

@@ -5,7 +5,7 @@ server {
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2' %}
 
-  client_max_body_size {{ client_max_body_size | default('100m') }};
+  client_max_body_size {{ webserver_client_max_body_size | default('100m') }};
   keepalive_timeout    70;
   sendfile             on;
 
@@ -22,7 +22,7 @@ server {
 
   {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
-  {% if location_ws | default(false) %}
+  {% if webserver_websocket_location | default(false) %}
     {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
   {% endif %}
 

roles/web-app-bigbluebutton/tasks/01_core.yml

@@ -0,0 +1,68 @@
+---
+- name: "load docker, proxy for '{{ application_id }}'"
+  include_role:
+    name: sys-stk-full-stateless
+  vars:
+    docker_compose_flush_handlers:        false
+    docker_compose_file_creation_enabled: false
+    docker_git_repository_pull:           true
+    docker_git_repository_address:        "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}"
+    docker_git_repository_branch:         "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
+    webserver_extra_configuration: >-
+      {{ lookup(
+           'ansible.builtin.template',
+           playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2',
+           template_vars={
+             'location': '^~ /html5client',
+             'oauth2_proxy_enabled': false,
+             'proxy_lua_enabled': false
+           }
+         ) | trim }}
+
+- name: "Include Seed routines for '{{ application_id }}' database backup"
+  include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}"
+  vars:
+    database_type:      "postgres"
+    database_instance:  "{{ entity_name }}"
+    database_password:  "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
+    database_username:  "postgres"
+    database_name:      "" # Multiple databases
+
+- name: configure websocket_upgrade.conf
+  copy: 
+    src:  "websocket_upgrade.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}"
+  notify: restart openresty
+
+- name: "Set BBB Facts"
+  set_fact:
+    BBB_ENV_FILE_LINK:                "{{ [ docker_repository_path, '.env' ] | path_join }}"
+    BBB_ENV_FILE_ORIGINE:             "{{ docker_compose.files.env }}"
+    BBB_DOCKER_COMPOSE_FILE_ORIGINE:  "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}"
+    BBB_DOCKER_COMPOSE_FILE_FINAL:    "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}"
+
+- name: Write docker-compose.override.yml for BigBlueButton
+  template:
+    src:  docker-compose.override.yml.j2
+    dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}"
+  notify: docker compose up
+
+- name: Create symbolic link from .env file to target location
+  file:
+    src:    "{{ BBB_ENV_FILE_ORIGINE }}"
+    dest:   "{{ BBB_ENV_FILE_LINK }}"
+    state:  link
+
+- name: "Setup docker-compose.yml file"
+  include_tasks: "02_docker-compose.yml"
+
+- name: flush docker service
+  meta: flush_handlers
+
+- name: "Setup administrator"
+  include_tasks: "03_administrator.yml"
+
+- name: "Load '{{ application_id }}' dependencies"
+  include_tasks: "04_dependencies.yml"
+
+- include_tasks: utils/once/flag.yml

roles/web-app-bigbluebutton/tasks/02_administrator.yml

@@ -1,48 +0,0 @@
----
-- name: "Wait until Greenlight is reachable via Nginx"
-  uri:
-    url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
-    validate_certs: true
-    status_code: 200
-    return_content: true
-  register: greenlight_http
-  until:
-    - greenlight_http.status == 200
-    - "'Greenlight' in greenlight_http.content or 'Sign in' in greenlight_http.content"
-  retries: 30
-  delay: 5
-  changed_when: false
-
-- block:
-    - name: "Create admin with primary password"
-      command:
-        cmd: >
-          {{ docker_compose_command_exec }}
-          greenlight
-          bundle exec rake
-          admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}']
-        chdir: "{{ docker_compose.directories.instance }}"
-      register: admin_create_primary
-      when: not BBB_OIDC_ENABLED | bool
-
-    - name: "Retry with starred password when invalid and OIDC enabled"
-      when: BBB_OIDC_ENABLED | bool
-      command:
-        cmd: >
-          {{ docker_compose_command_exec }}
-          greenlight
-          bundle exec rake
-          admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password ~ '*' }}']
-        chdir: "{{ docker_compose.directories.instance }}"
-      register: admin_create_retry
-      failed_when: admin_create_retry.rc not in [0, 2]
-
-  rescue:
-    - name: "Make existing user administrator (fallback)"
-      command:
-        cmd: >
-          {{ docker_compose_command_exec }}
-          greenlight
-          bundle exec rake
-          user:set_admin_role['{{ users.administrator.email }}']
-        chdir: "{{ docker_compose.directories.instance }}"

roles/web-app-bigbluebutton/tasks/03_administrator.yml

@@ -0,0 +1,63 @@
+---
+- name: "Wait until Greenlight is reachable via Nginx"
+  uri:
+    url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+    validate_certs: true
+    status_code: 200
+    return_content: true
+  register: greenlight_http
+  until:
+    - greenlight_http.status == 200
+    - "'Greenlight' in greenlight_http.content or 'Sign in' in greenlight_http.content"
+  retries: 30
+  delay: 5
+  changed_when: false
+
+# Case 1: OIDC disabled → use primary password
+- name: "Create admin with primary password"
+  when: not (BBB_OIDC_ENABLED | bool)
+  command:
+    cmd: >
+      {{ docker_compose_command_exec }}
+      greenlight
+      bundle exec rake
+      admin:create['{{ users.administrator.username | upper }}',
+                   '{{ users.administrator.email }}',
+                   '{{ users.administrator.password }}']
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: admin_create
+  failed_when:
+    # Only fail if rc != 0 AND it's NOT the "already taken" case
+    - admin_create.rc != 0
+    - "'Email has already been taken' not in (admin_create.stderr | default(''))"
+  changed_when: admin_create.rc == 0
+
+# Case 2: OIDC enabled → retry with starred password
+- name: "Retry with starred password when OIDC enabled"
+  when: BBB_OIDC_ENABLED | bool
+  command:
+    cmd: >
+      {{ docker_compose_command_exec }}
+      greenlight
+      bundle exec rake
+      admin:create['{{ users.administrator.username | upper }}',
+                   '{{ users.administrator.email }}',
+                   '{{ users.administrator.password ~ '*' }}']
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: admin_create
+  failed_when:
+    - admin_create.rc != 0
+    - "'Email has already been taken' not in (admin_create.stderr | default(''))"
+  changed_when: admin_create.rc == 0
+
+- name: "Make existing user administrator (fallback)"
+  command:
+    cmd: >
+      {{ docker_compose_command_exec }}
+      greenlight
+      bundle exec rake
+      user:set_admin_role['{{ users.administrator.email }}']
+    chdir: "{{ docker_compose.directories.instance }}"
+  when:
+    - admin_create is defined
+    - "'Email has already been taken' in (admin_create.stderr | default(''))"

roles/web-app-bigbluebutton/tasks/main.yml

@@ -1,82 +1,6 @@
 ---
-- name: Render HTML-Location-Block in Variable
-  set_fact:
-    proxy_extra_configuration: >-
-      {{ lookup('ansible.builtin.template',
-                playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2') | trim }}
+- name: "Execute Role (once)"
+  include_tasks: 01_core.yml 
+  when: run_once_web_app_bigbluebutton is not defined
   vars:
-    location: '^~ /html5client'
-    oauth2_proxy_enabled: false
-    proxy_lua_enabled: false
-
-- name: "load docker, proxy for '{{ application_id }}'"
-  include_role:
-    name: sys-stk-full-stateless
-  vars:
-    docker_compose_flush_handlers:        false
-    docker_compose_file_creation_enabled: false
-    docker_git_repository_pull:           true
-    docker_git_repository_address:            "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}"
-    docker_git_repository_branch:             "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
-
-- name: "Unset 'proxy_extra_configuration'"
-  set_fact:
-    proxy_extra_configuration: null
-
-- name: "Include Seed routines for '{{ application_id }}' database backup"
-  include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}"
-  vars:
-    database_type:      "postgres"
-    database_instance:  "{{ entity_name }}"
-    database_password:  "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}"
-    database_username:  "postgres"
-    database_name:      "" # Multiple databases
-
-- name: configure websocket_upgrade.conf
-  copy: 
-    src:  "websocket_upgrade.conf"
-    dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}"
-  notify: restart openresty
-
-- name: "Set BBB Facts"
-  set_fact:
-    BBB_ENV_FILE_LINK:                "{{ [ docker_repository_path, '.env' ] | path_join }}"
-    BBB_ENV_FILE_ORIGINE:             "{{ docker_compose.files.env }}"
-    BBB_DOCKER_COMPOSE_FILE_ORIGINE:  "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}"
-    BBB_DOCKER_COMPOSE_FILE_FINAL:    "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}"
-
-- name: Write docker-compose.override.yml for BigBlueButton
-  template:
-    src:  docker-compose.override.yml.j2
-    dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}"
-  notify:
-    - docker compose up
-
-- name: deploy .env
-  # This seems redundant @todo Checkout if this is true and if so, delete it
-  template:
-    src:  env.j2
-    dest: "{{ BBB_ENV_FILE_ORIGINE }}"
-  notify:
-    - docker compose up
-
-- name: Create symbolic link from .env file to target location
-  file:
-    src:    "{{ BBB_ENV_FILE_ORIGINE }}"
-    dest:   "{{ BBB_ENV_FILE_LINK }}"
-    state:  link
-
-- name: "Setup docker-compose.yml file"
-  include_tasks: "01_docker-compose.yml"
-
-- name: Ensure all containers in instance are running
-  include_tasks: "{{ [ playbook_dir , 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}"
-
-- name: flush docker service
-  meta: flush_handlers
-
-- name: "Setup administrator"
-  include_tasks: "02_administrator.yml"
-
-- name: "Load '{{ application_id }}' dependencies"
-  include_tasks: "03_dependencies.yml"
+    application_id: 'web-app-bigbluebutton'

roles/web-app-bluesky/tasks/main.yml

@@ -17,7 +17,7 @@
   vars:
     domain:                     "{{ BLUESKY_WEB_DOMAIN }}"
     http_port:                  "{{ BLUESKY_WEB_PORT }}"
-    proxy_extra_configuration:  "{{ BLUESKY_FRONT_PROXY_CONTENT }}"
+    webserver_extra_configuration:  "{{ BLUESKY_FRONT_PROXY_CONTENT }}"
   when: BLUESKY_WEB_ENABLED | bool
 
 - name: "Include front proxy for {{ BLUESKY_VIEW_DOMAIN_FINAL }}:{{ BLUESKY_VIEW_PORT }}"

roles/web-app-desktop/vars/main.yml

@@ -3,7 +3,7 @@ application_id:                   "web-app-desktop"
 http_port:                        "{{ ports.localhost.http[application_id] }}"
 
 ## Webserver
-proxy_extra_configuration:        "{{ lookup('template', 'nginx/sso.html.conf.j2') }}"
+webserver_extra_configuration:        "{{ lookup('template', 'nginx/sso.html.conf.j2') }}"
 
 # Desktop
 

roles/web-app-discourse/tasks/03_docker.yml

@@ -8,7 +8,8 @@
   include_role:
     name: sys-stk-full-stateful
   vars:
-    docker_compose_flush_handlers: true
+    docker_compose_flush_handlers:  true
+    webserver_vhost_flavour:        "basic"
 
 - name: pull docker repository
   git:

roles/web-app-espocrm/vars/main.yml

@@ -1,16 +1,15 @@
 # General
-application_id:                   "web-app-espocrm"
-entity_name:                      "{{ application_id | get_entity_name }}"
-
+application_id:                     "web-app-espocrm"
+entity_name:                        "{{ application_id | get_entity_name }}"
 
 # Database
-database_type:                    "mariadb"
+database_type:                      "mariadb"
 
 # Webserver
-location_ws:                      "/ws"
-ws_port:                          "{{ ports.localhost.websocket[application_id] }}"
-client_max_body_size:             "100m"
-vhost_flavour:                    "ws_generic"
+webserver_websocket_location:              "/ws"
+webserver_websocket_port:           "{{ ports.localhost.websocket[application_id] }}"
+webserver_client_max_body_size:     "100m"
+webserver_vhost_flavour:            "ws_generic"
 
 # Espocrm
 

roles/web-app-funkwhale/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:                   "web-app-funkwhale"
-proxy_extra_configuration:        "client_max_body_size 512M;"
+webserver_extra_configuration:        "client_max_body_size 512M;"
 database_type:                    "postgres"
 funkwhale_media_root:             "/srv/funkwhale/data/"
 funkwhale_static_root:            "{{funkwhale_media_root}}static"

roles/web-app-joomla/vars/main.yml

@@ -2,7 +2,7 @@
 application_id:                   "web-app-joomla"
 database_type:                    "mariadb"
 container_port:                   80
-client_max_body_size:             "{{ JOOMLA_POST_MAX_SIZE }}"
+webserver_client_max_body_size:             "{{ JOOMLA_POST_MAX_SIZE }}"
 
 # Joomla
 JOOMLA_VERSION:                   "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"

roles/web-app-listmonk/tasks/main.yml

@@ -4,7 +4,7 @@
     name: sys-stk-full-stateful
   vars:
     docker_compose_flush_handlers: false
-    proxy_extra_configuration: >-
+    webserver_extra_configuration: >-
       {% if not LISTMONK_PUBLIC_API_ENABLED | bool %}
       {{ lookup('file', '{{ playbook_dir }}/roles/web-app-listmonk/files/deactivate-public-api.conf') }}
       {% else %}

roles/web-app-mailu/tasks/01_core.yml

@@ -29,8 +29,9 @@
   include_role:
     name: sys-stk-full-stateful
   vars:
-    docker_compose_flush_handlers: true
-    domain: "{{ MAILU_HOSTNAME }}"
+    docker_compose_flush_handlers:  true
+    webserver_vhost_flavour:        "basic"
+    domain:                         "{{ MAILU_HOSTNAME }}"
 
 - name: "Include Cert deploy service for '{{ role_name }}'"
   include_role:

roles/web-app-mailu/vars/main.yml

@@ -1,7 +1,7 @@
 # General
 application_id:                       "web-app-mailu"
 http_port:                            "{{ ports.localhost.http[application_id] }}"
-proxy_extra_configuration:            "client_max_body_size 31M;"
+webserver_extra_configuration:            "client_max_body_size 31M;"
 
 # Database Configuration
 database_password:                    "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}"

roles/web-app-mastodon/tasks/main.yml

@@ -6,11 +6,11 @@
   loop_control:
     loop_var: domain
   vars:
-    http_port:            "{{ ports.localhost.http[application_id] }}"
-    location_ws:          "/api/v1/streaming"
-    ws_port:              "{{ ports.localhost.websocket[application_id] }}"
-    client_max_body_size: "80m"
-    vhost_flavour:        "ws_generic"
+    http_port:                      "{{ ports.localhost.http[application_id] }}"
+    webserver_websocket_location:   "/api/v1/streaming"
+    webserver_websocket_port:       "{{ ports.localhost.websocket[application_id] }}"
+    webserver_client_max_body_size: "80m"
+    webserver_vhost_flavour:        "ws_generic"
 
 - name: "load docker and db for {{ application_id }}"
   include_role:

roles/web-app-matrix/templates/synapse/homeserver.yaml.j2

@@ -1,6 +1,6 @@
 server_name: "{{ MATRIX_SERVER_NAME }}"
 pid_file: /data/homeserver.pid
-max_upload_size: {{ client_max_body_size }}
+max_upload_size: {{ webserver_client_max_body_size }}
 listeners:
   - port: 8008
     tls: false

roles/web-app-matrix/vars/main.yml

@@ -5,7 +5,7 @@ database_type:                        "postgres"
 
 # Webserver
 location_upload:                      "~ ^/_matrix/media/v3/"
-client_max_body_size:                 "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}"
+webserver_client_max_body_size:       "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}"
 
 # Matrix
 

roles/web-app-nextcloud/templates/proxy.conf.j2

@@ -18,14 +18,14 @@ server
   fastcgi_buffers 64 4K;
 
   {% if NEXTCLOUD_HPB_SIGNALING_ENABLED | bool %}
-    {% set location_ws = '^~ ' ~ NEXTCLOUD_HPB_SIGNALING_LOCATION %}
-    {% set ws_port     = NEXTCLOUD_PORT %}
+    {% set webserver_websocket_location = '^~ ' ~ NEXTCLOUD_HPB_SIGNALING_LOCATION %}
+    {% set webserver_websocket_port     = NEXTCLOUD_PORT %}
     {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
   {% endif %}
 
   {% if NEXTCLOUD_WHITEBOARD_ENABLED | bool %}
-    {% set location_ws = '^~ ' ~ NEXTCLOUD_WHITEBOARD_LOCATION %}
-    {% set ws_port     = NEXTCLOUD_PORT %}
+    {% set webserver_websocket_location = '^~ ' ~ NEXTCLOUD_WHITEBOARD_LOCATION %}
+    {% set webserver_websocket_port     = NEXTCLOUD_PORT %}
     {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
   {% endif %}
 

roles/web-app-openproject/tasks/main.yml

@@ -3,7 +3,7 @@
   include_role:
     name: sys-stk-full-stateful
   vars:
-    client_max_body_size:           "30m"
+    webserver_client_max_body_size:           "30m"
     docker_git_repository_branch:       "stable/{{ OPENPROJECT_VERSION }}"
     docker_git_repository_address:      "https://github.com/opf/openproject-deploy"
     docker_git_repository_pull:     true

roles/web-app-peertube/tasks/main.yml

@@ -7,7 +7,7 @@
   vars:
     # Websockt and http listen to the same port
     http_port:  "{{ ports.localhost.http[application_id] }}"
-    ws_port:    "{{ ports.localhost.http[application_id] }}"
+    webserver_websocket_port:    "{{ ports.localhost.http[application_id] }}"
 
 - name: "load docker and db for {{ application_id }}"
   include_role:

roles/web-app-peertube/templates/peertube.conf.j2

@@ -46,11 +46,11 @@ server {
   # Websocket
   ##
 
-  {% set location_ws = "@websocket" %}
+  {% set webserver_websocket_location = "@websocket" %}
   {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
 
   location /socket.io {
-    try_files /dev/null {{ location_ws }};
+    try_files /dev/null {{ webserver_websocket_location }};
   }
 
   location /tracker/socket {
@@ -58,6 +58,6 @@ server {
     # Don't close the websocket before then
     proxy_read_timeout 15m; # default is 60s
 
-    try_files /dev/null {{ location_ws }};
+    try_files /dev/null {{ webserver_websocket_location }};
   }
 }

roles/web-app-pixelfed/vars/main.yml

@@ -1,6 +1,6 @@
 # General
 application_id:             "web-app-pixelfed"
-proxy_extra_configuration:  "client_max_body_size 512M;"
+webserver_extra_configuration:  "client_max_body_size 512M;"
 database_type:              "mariadb"
 
 # Pixelfed

roles/web-app-suitecrm/vars/main.yml

@@ -7,7 +7,7 @@ domain:                               "{{ domains | get_domain(application_id) }
 database_type:                        "mariadb"
 
 # Webserver
-client_max_body_size:                 "100m"
+webserver_client_max_body_size:                 "100m"
 
 # General
 SUITECRM_WELL_SOFTWARE_NAME:          "{{ SOFTWARE_NAME | lower | replace('.', '-') }}"

roles/web-app-syncope/templates/proxy.conf

@@ -10,9 +10,9 @@ server
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
   
-  {% if proxy_extra_configuration is defined %}
+  {% if webserver_extra_configuration is defined %}
     {# Additional Domain Specific Configuration #}
-    {{ proxy_extra_configuration }}
+    {{ webserver_extra_configuration }}
   {% endif %}
 
   {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}

roles/web-app-wordpress/tasks/main.yml

@@ -6,7 +6,7 @@
   loop_control:
     loop_var: domain
   vars:
-    proxy_extra_configuration: "client_max_body_size {{ WORDPRESS_MAX_UPLOAD_SIZE }};"
+    webserver_extra_configuration: "client_max_body_size {{ WORDPRESS_MAX_UPLOAD_SIZE }};"
     http_port: "{{ ports.localhost.http[application_id] }}"
 
 - name: "load docker and db for {{ application_id }}"

roles/web-app-yourls/vars/main.yml

@@ -3,7 +3,7 @@ application_id:                 "web-app-yourls"
 database_type:                  "mariadb"
 
 # Webserver
-proxy_extra_configuration:      "{{ lookup('template', 'redirect.conf.j2') }}"
+webserver_extra_configuration:      "{{ lookup('template', 'redirect.conf.j2') }}"
 
 # Yourls
 YOURLS_USER:                    "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"

roles/web-svc-cdn/tasks/main.yml

@@ -1,7 +1,8 @@
 - include_tasks: 01_core.yml
   when: run_once_web_svc_cdn is not defined
   vars:
-    application_id: 'web-svc-cdn'
+    application_id:           'web-svc-cdn'
+    webserver_vhost_flavour:  "basic"
 
 - name: "Reset docker compose Handler for CDN"
   include_tasks: utils/load_handlers.yml

roles/web-svc-collabora/tasks/01_core.yml

@@ -1,11 +1,13 @@
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: sys-stk-full-stateless
+    name:   sys-stk-full-stateless
     public: true
   vars:
     docker_compose_flush_handlers:        true
     docker_compose_file_creation_enabled: true
     docker_git_repository_pull:           false
+    webserver_vhost_flavour:              "basic"
+    application_id:                       'web-svc-collabora'
 
 - name: Update Collabora systemplate to include new fonts
   command: "{{ COLLABORA_DOCKER_CONF_EXEC }} update-system-template"

roles/web-svc-collabora/templates/proxy.conf.j2

@@ -19,7 +19,7 @@ server {
   {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
   {# WebSocket handling for Collabora #}
-  {% set location_ws = '^~ /cool/' %}
-  {% set ws_port = http_port %}
+  {% set webserver_websocket_location = '^~ /cool/' %}
+  {% set webserver_websocket_port = http_port %}
   {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
 }

roles/web-svc-coturn/tasks/01_core.yml

@@ -5,5 +5,6 @@
     docker_compose_file_creation_enabled: true
     docker_git_repository_pull:           false
     docker_compose_flush_handlers:        true
+    webserver_vhost_flavour:              "basic"
 
 - include_tasks: utils/once/flag.yml

roles/web-svc-logout/tasks/01_core.yml

@@ -24,11 +24,15 @@
   include_role:
     name: sys-stk-full-stateless
   vars:
-    client_max_body_size:         "10M" # Necessary to overwrite parent values
-    location_ws:                  ""
-    docker_git_repository_address:    "https://github.com/kevinveenbirkenbach/universal-logout"
-    docker_git_repository_pull:   true
-    docker_compose_flush_handlers: true
+    application_id:                 'web-svc-logout'
+    webserver_client_max_body_size: "10M" # Necessary to overwrite parent values
+    webserver_websocket_location:   ""
+    webserver_vhost_flavour:        "basic"
+    webserver_extra_configuration:  ""
+    docker_git_repository_address:  "https://github.com/kevinveenbirkenbach/universal-logout"
+    docker_git_repository_pull:     true
+    docker_git_repository_branch:   "main"
+    docker_compose_flush_handlers:  true
 
 - name: Create symbolic link from .env file to repository
   file:

roles/web-svc-onlyoffice/tasks/01_core.yml

@@ -5,5 +5,6 @@
     docker_compose_flush_handlers:        true
     docker_compose_file_creation_enabled: true
     docker_git_repository_pull:           false
+    webserver_vhost_flavour:              "basic"
 
 - include_tasks: utils/once/flag.yml

roles/web-svc-simpleicons/tasks/01_core.yml

@@ -2,9 +2,10 @@
   include_role:
     name: sys-stk-full-stateless
   vars:
-    aca_origin:  "* always"
-    aca_methods: "'GET, OPTIONS' always"
-    aca_headers: '"Origin, X-Requested-With, Content-Type, Accept, Authorization" always'
+    aca_origin:               "* always"
+    aca_methods:              "'GET, OPTIONS' always"
+    aca_headers:              '"Origin, X-Requested-With, Content-Type, Accept, Authorization" always'
+    webserver_vhost_flavour:  "basic"
 
 - name: "Copy '{{ application_id }}' files"
   template: