Optimized webport and certbot_dns_api_token

roles/srv-proxy-7-4-core/templates/location/proxy_basic.conf.j2

@@ -4,14 +4,14 @@ location {{location | default("/")}}
     {% include 'roles/web-app-oauth2-proxy/templates/following_directives.conf.j2'%}
   {% endif %}
 
-  proxy_pass http://127.0.0.1:{{http_port}}{{location | default("/")}};
+  proxy_pass http://127.0.0.1:{{ http_port }}{{ location | default("/") }};
 
   # headers
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
-  proxy_set_header X-Forwarded-Port 443;
+  proxy_set_header X-Forwarded-Port {{ WEB_PORT }};
   proxy_set_header Accept-Encoding "";
 
   {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}

roles/srv-web-7-7-letsencrypt/tasks/set-caa-records.yml

@@ -1,4 +1,11 @@
 ---
+
+- name: "Validate certbot_dns_api_token"
+  fail:
+    msg: >
+      The variable "certbot_dns_api_token" must be defined and cannot be empty!
+  when: (certbot_dns_api_token | default('') | trim) == ''
+
 - name: "Ensure all CAA records are present"
   community.general.cloudflare_dns:
     api_token: "{{ certbot_dns_api_token }}"

roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2

@@ -1,5 +1,5 @@
-listen 443 ssl http2;
-listen [::]:443 ssl http2;
+listen {{ WEB_PORT }} ssl http2;
+listen [::]:{{ WEB_PORT }} ssl http2;
 
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ecdh_curve X25519:P-256;

roles/web-app-mailu/vars/mailu-dns.yml

@@ -36,6 +36,6 @@ mailu_dns_srv_records:
     priority: 20
     weight: 1
   autodiscover:
-    port: 443
+    port: "{{ WEB_PORT }}"
     priority: 20
     weight: 1

roles/web-app-matrix/templates/well-known.j2

@@ -1,3 +1,3 @@
 {
-    "m.server": "{{domains.matrix.synapse}}:443"
+    "m.server": "{{domains.matrix.synapse}}:{{ WEB_PORT }}"
 }