Solved more domain related bugs

2025-02-22 12:29:39 +01:00 · 2025-02-21 06:32:12 +01:00 · 2025-02-21 06:32:12 +01:00 · c4b622ccdb
commit c4b622ccdb
parent 82e69fc7a6
33 changed files with 77 additions and 55 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -254,6 +254,8 @@ defaults_applications:
  ## Peertube
  peertube:
    version:              "bookworm"
    database:
      central_storage:    True 
  ## PHPMyAdmin
  phpmyadmin:
--- a/roles/docker-akaunting/templates/env.j2
+++ b/roles/docker-akaunting/templates/env.j2
@ -1,5 +1,5 @@
 # You should change this to match your reverse proxy DNS name and protocol
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
 LOCALE={{locale}}
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
--- a/roles/docker-attendize/tasks/main.yml
+++ b/roles/docker-attendize/tasks/main.yml
@ -12,10 +12,10 @@
    - "{{ domains.mailu }}"
    - "{{ domain }}"
- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
  template: 
    src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
 - name: "include tasks update-repository-with-files.yml"
--- a/roles/docker-bigbluebutton/tasks/main.yml
+++ b/roles/docker-bigbluebutton/tasks/main.yml
@ -9,10 +9,10 @@
 #- name: "include task certbot-and-globals.yml"
 #  include_tasks: certbot-and-globals.yml
 #
-#- name: configure {{domain}}.conf
+#- name: configure {{domains[application_id]}}.conf
 #  template: 
 #    src:  "nginx-proxy.conf.j2"
-#    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+#    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
 #  notify: restart nginx
 - name: "include role nginx-domain-setup for {{application_id}}"
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@ -40,7 +40,7 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
 # CONNECTION
 # ====================================
-DOMAIN={{domain}}
+DOMAIN={{domains[application_id]}}
 EXTERNAL_IPv4={{networks.internet.ip4}}
 # The following line is not tested and could lead to bugs:
@ -53,7 +53,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
 # TURN SERVER
 # uncomment and adjust following two lines to add an external TURN server
-TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
+TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
 TURN_SECRET={{bigbluebutton_turn_secret}}
 # Allowed SIP IPs
@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
 # Please refer to your SMTP provider to get the values for the variables below
 SMTP_SERVER={{system_email.host}}
-SMTP_DOMAIN={{domain}}
+SMTP_DOMAIN={{system_email.domain}}
 SMTP_PORT={{system_email.port}}
 SMTP_USERNAME={{system_email.username}}
 SMTP_PASSWORD={{system_email.password}}
@ -290,5 +290,5 @@ DEFAULT_REGISTRATION=invite
 OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
-OPENID_CONNECT_REDIRECT=https://{{domain}}
+OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
 {% endif %}
--- a/roles/docker-central-database/vars/database.yml
+++ b/roles/docker-central-database/vars/database.yml
@ -3,4 +3,6 @@ database_host:      "{{ 'central-' + database_type if applications[application_i
 database_name:      "{{ application_id }}"
 database_username:  "{{ application_id }}"
 database_port:      "{{ 3306 if database_type == 'mariadb' else 5432 }}"
-database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
+database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
 # Don't set application_id . It would conflict with central database logic
--- a/roles/docker-discourse/templates/discourse_application.yml.j2
+++ b/roles/docker-discourse/templates/discourse_application.yml.j2
@ -41,7 +41,7 @@ env:
  UNICORN_WORKERS: 8
  ## Required. Discourse will not work with a bare IP number.
-  DISCOURSE_HOSTNAME: {{domain}}
+  DISCOURSE_HOSTNAME: {{domains[application_id]}}
  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")
@ -122,7 +122,7 @@ run:
  - exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc.client.discovery_document}}'"
  - exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc.client.id}}'"         
  - exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc.client.secret}}'"     
-  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domain}}'"
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domains[application_id]}}'"
  - exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
 {% endif %}
--- a/roles/docker-friendica/templates/docker-compose.yml.j2
+++ b/roles/docker-friendica/templates/docker-compose.yml.j2
@ -20,7 +20,7 @@ services:
      test:
        [
          "CMD-SHELL",
-          "(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domain}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
+          "(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domains[application_id]}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
        ]
      interval: 1m
      timeout: 10s
--- a/roles/docker-friendica/templates/env.j2
+++ b/roles/docker-friendica/templates/env.j2
@ -1,8 +1,8 @@
 # The configuration options can be found here: 
 # @see https://hub.docker.com/_/friendica
-FRIENDICA_URL= https://{{domain}}
+FRIENDICA_URL= https://{{domains[application_id]}}
-HOSTNAME= {{domain}}
+HOSTNAME= {{domains[application_id]}}
 FRIENDICA_NO_VALIDATION={{no_validation | lower}}
 # Debugging
--- a/roles/docker-funkwhale/templates/env.j2
+++ b/roles/docker-funkwhale/templates/env.j2
@ -40,7 +40,7 @@ FUNKWHALE_WEB_WORKERS=4
 # Replace this by the definitive, public domain you will use for
 # your instance. It cannot be changed after initial deployment
 # without breaking your instance.
-FUNKWHALE_HOSTNAME={{domain}}
+FUNKWHALE_HOSTNAME={{domains[application_id]}}
 FUNKWHALE_PROTOCOL=https
 # Log level (debug, info, warning, error, critical)
--- a/roles/docker-gitea/templates/env.j2
+++ b/roles/docker-gitea/templates/env.j2
@ -7,7 +7,7 @@ DB_USER={{database_username}}
 DB_PASSWD={{database_password}}
 SSH_PORT={{ports.public.ssh[application_id]}}
 SSH_LISTEN_PORT=22
-DOMAIN={{domain}}
+DOMAIN={{domains[application_id]}}
-SSH_DOMAIN={{domain}}
+SSH_DOMAIN={{domains[application_id]}}
 RUN_MODE="{{run_mode}}"
-ROOT_URL="https://{{domain}}/"
+ROOT_URL="https://{{domains[application_id]}}/"
--- a/roles/docker-gitlab/templates/docker-compose.yml.j2
+++ b/roles/docker-gitlab/templates/docker-compose.yml.j2
@ -6,7 +6,7 @@ services:
  web:
    image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
-    hostname: '{{domain}}'
+    hostname: '{{domains[application_id]}}'
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
--- a/roles/docker-keycloak/templates/env.j2
+++ b/roles/docker-keycloak/templates/env.j2
@ -2,7 +2,7 @@
 # Documentation can be found here: 
 # @see https://www.keycloak.org/server/containers
-KC_HOSTNAME=                    https://{{domain}}
+KC_HOSTNAME=                    https://{{domains[application_id]}}
 KC_HTTP_ENABLED=                true
 # Health Checks
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@ -10,16 +10,16 @@
    domain: 	"{{ domains[application_id] }}"
    http_port: 	"{{ ports.localhost.http[application_id] }}"
- name: Create {{domain}}.conf if LDAP is exposed to internet
+- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
  template: 
    src:  "nginx.stream.conf.j2" 
-    dest: "{{nginx.directories.streams}}{{domain}}.conf"
+    dest: "{{nginx.directories.streams}}{{domains[application_id]}}.conf"
  notify: restart nginx
  when: applications.ldap.openldap.network.public | bool
- name: Remove {{domain}}.conf if LDAP is not exposed to internet
+- name: Remove {{domains[application_id]}}.conf if LDAP is not exposed to internet
  file:
-    path: "{{ nginx.directories.streams }}{{ domain }}.conf"
+    path: "{{ nginx.directories.streams }}{{ domains[application_id] }}.conf"
    state: absent
  when: not applications.ldap.openldap.network.public | bool
--- a/roles/docker-ldap/templates/phpldapadmin.env.j2
+++ b/roles/docker-ldap/templates/phpldapadmin.env.j2
@ -1,3 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-APP_URL=    https://{{domain}}
+APP_URL=    https://{{domains[application_id]}}
 LDAP_HOST=  openldap
--- a/roles/docker-mailu/templates/env.j2
+++ b/roles/docker-mailu/templates/env.j2
@ -20,7 +20,7 @@ SUBNET={{networks.local.mailu.subnet}}
 DOMAIN={{applications.mailu.domain}}
 # Hostnames for this server, separated with comas
-HOSTNAMES={{domain}}
+HOSTNAMES={{domains[application_id]}}
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=admin
@ -105,7 +105,7 @@ WEB_WEBMAIL=/webmail
 SITENAME=Mailservices
 # Linked Website URL
-WEBSITE=https://{{domain}}
+WEBSITE=https://{{domains[application_id]}}
@ -162,7 +162,7 @@ OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize
 # OpenID Connect provider configuration URL
 OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
 # OpenID redirect URL if HOSTNAME not matching your login url
-OIDC_REDIRECT_URL=https://{{domain}}
+OIDC_REDIRECT_URL=https://{{domains[application_id]}}
 # OpenID Connect Client ID for Mailu
 OIDC_CLIENT_ID={{oidc.client.id}}
 # OpenID Connect Client secret for Mailu
--- a/roles/docker-mastodon/tasks/create-domains.yml
+++ b/roles/docker-mastodon/tasks/create-domains.yml
@ -1,9 +1,11 @@
 - name: "include role receive certbot certificate"
  include_role: 
    name: nginx-https-recieve-certificate
  vars:
    domain: "{{domains[application_id]}}"
- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
  template: 
    src:  "mastodon.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
--- a/roles/docker-mastodon/templates/env.j2
+++ b/roles/docker-mastodon/templates/env.j2
@ -3,7 +3,7 @@
 # @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
-LOCAL_DOMAIN={{domain}}
+LOCAL_DOMAIN={{domains[application_id]}}
 ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
 SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
@ -66,7 +66,7 @@ OIDC_DISCOVERY=true
 OIDC_SCOPE="openid,profile,email"
 OIDC_UID_FIELD=preferred_username                       # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
 OIDC_CLIENT_ID={{oidc.client.id}}
-OIDC_REDIRECT_URI=https://{{domain}}/auth/auth/openid_connect/callback
+OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
 OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
 OIDC_CLIENT_SECRET={{oidc.client.secret}}
 OMNIAUTH_ONLY=true                                      # uncomment to only use OIDC for login / registration buttons
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -26,7 +26,7 @@
    src:  "templates/nginx.conf.j2" 
    dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
  vars:
-    # domain:     "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
+    domain:     "{{domains.matrix_synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
    http_port:  "{{ports.localhost.http.matrix_synapse}}"
  notify: restart nginx
--- a/roles/docker-mybb/tasks/main.yml
+++ b/roles/docker-mybb/tasks/main.yml
@ -3,7 +3,7 @@
  include_role: 
    name: docker-central-database
- name: "include tasks setup-domain.yml with {{domain}}"
+- name: "include tasks setup-domain.yml with {{domains[application_id]}}"
  include_tasks: setup-domain.yml
  loop: "{{ mybb_domains + [source_domain] }}"
  loop_control:
--- a/roles/docker-mybb/tasks/setup-domain.yml
+++ b/roles/docker-mybb/tasks/setup-domain.yml
@ -3,11 +3,13 @@
 - name: "include role receive certbot certificate"
  include_role: 
    name: nginx-https-recieve-certificate
  vars:
    domain: "{{domains[application_id]}}"
- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
  template: 
    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
  vars: 
-    nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domain}}';"
+    nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domains[application_id]}}';"
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -6,11 +6,13 @@
 - name: "include role receive certbot certificate"
  include_role: 
    name: nginx-https-recieve-certificate
  vars:
    domain: "{{domains[application_id]}}"
 - name: create nextcloud nginx proxy configuration file
  template: 
    src:  "proxy-nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
 - name: create internal nextcloud nginx configuration
--- a/roles/docker-openproject/templates/env.j2
+++ b/roles/docker-openproject/templates/env.j2
@ -7,7 +7,7 @@
 #   https://www.openproject.org/docs/installation-and-operations/configuration/environment/
 #
 OPENPROJECT_HTTPS=true
-OPENPROJECT_HOST__NAME={{domain}}
+OPENPROJECT_HOST__NAME={{domains[application_id]}}
 OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
 IMAP_ENABLED=false
 POSTGRES_PASSWORD="{{ database_password }}"
--- a/roles/docker-peertube/tasks/create-domains.yml
+++ b/roles/docker-peertube/tasks/create-domains.yml
@ -1,9 +1,11 @@
 - name: "include role receive certbot certificate"
  include_role: 
    name: nginx-https-recieve-certificate
  vars:
    domain: "{{domains[application_id]}}"
- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
  template: 
    src:  "templates/peertube.conf.j2"
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
--- a/roles/docker-peertube/templates/env.j2
+++ b/roles/docker-peertube/templates/env.j2
@ -8,7 +8,7 @@ PEERTUBE_DB_SSL=false
 PEERTUBE_DB_HOSTNAME={{database_host}}
 # PeerTube server configuration
-PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
+PEERTUBE_WEBSERVER_HOSTNAME={{domains[application_id]}}
 PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
 PEERTUBE_SECRET={{peertube_secret}}
--- a/roles/docker-peertube/templates/peertube.conf.j2
+++ b/roles/docker-peertube/templates/peertube.conf.j2
@ -1,5 +1,5 @@
 server {
-  server_name {{domain}};
+  server_name {{domains[application_id]}};
  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
--- a/roles/docker-pixelfed/templates/env.j2
+++ b/roles/docker-pixelfed/templates/env.j2
@ -5,10 +5,10 @@ APP_KEY={{pixelfed_app_key}}
 APP_NAME="{{applications.pixelfed.titel}}"
 APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
-APP_DOMAIN="{{domain}}"
+APP_DOMAIN="{{domains[application_id]}}"
-ADMIN_DOMAIN="{{domain}}"
+ADMIN_DOMAIN="{{domains[application_id]}}"
-SESSION_DOMAIN="{{domain}}"
+SESSION_DOMAIN="{{domains[application_id]}}"
 OPEN_REGISTRATION=false
 ENFORCE_EMAIL_VERIFICATION=false
--- a/roles/docker-snipe_it/templates/env.j2
+++ b/roles/docker-snipe_it/templates/env.j2
@ -5,7 +5,7 @@ APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
 # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
 APP_KEY={{applications.snipe_it.app_key}}
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='{{timezone}}'
 APP_LOCALE={{locale}}
--- a/roles/docker-taiga/templates/env.j2
+++ b/roles/docker-taiga/templates/env.j2
@ -1,6 +1,6 @@
 # Taiga's URLs - Variables to define where Taiga should be served
 TAIGA_SITES_SCHEME  =   https          # serve Taiga using "http" or "https" (secured) connection
-TAIGA_SITES_DOMAIN  =   "{{domain}}"   # Taiga's base URL
+TAIGA_SITES_DOMAIN  =   "{{domains[application_id]}}"   # Taiga's base URL
 TAIGA_SUBPATH       =   ""  # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
 WEBSOCKETS_SCHEME   =   wss # events connection protocol (use either "ws" or "wss")
--- a/roles/docker-yourls/templates/env.j2
+++ b/roles/docker-yourls/templates/env.j2
@ -2,6 +2,6 @@ YOURLS_DB_HOST: "{{database_host}}"
 YOURLS_DB_USER: "{{database_username}}"
 YOURLS_DB_PASS: "{{database_password}}"
 YOURLS_DB_NAME: "{{database_name}}"
-YOURLS_SITE:    "https://{{domain}}"
+YOURLS_SITE:    "https://{{domains[application_id]}}"
 YOURLS_USER:    "{{applications.yourls.administrator_username}}"
 YOURLS_PASS:    "{{yourls_administrator_password}}"
--- a/roles/nginx-modifier-css/templates/global.css.j2
+++ b/roles/nginx-modifier-css/templates/global.css.j2
@ -907,6 +907,12 @@ div.statusError {
    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-55), var(--color-60), var(--color-61), var(--color-65));
 }
 div.wrapper footer.main-footer, div.wrapper div.content-wrapper{
    background-color: var(--color-85);
    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-89), var(--color-85), var(--color-80), var(--color-79));
    color: var(--color-39);
 }
 /** Nextcloud specific **/
 html.ng-csp header#header{
    background-color: var(--color-80);
--- a/roles/nginx-serve-files/tasks/main.yml
+++ b/roles/nginx-serve-files/tasks/main.yml
@ -1,11 +1,13 @@
 ---
- name: "include role nginx-modifier-all for {{domain}}"
+- name: "include role nginx-modifier-all for {{domains[application_id]}}"
  include_role: 
    name: nginx-modifier-all
- name: "include role nginx-https-recieve-certificate for {{domain}}"
+- name: "include role nginx-https-recieve-certificate for {{domains[application_id]}}"
  include_role: 
    name: nginx-https-recieve-certificate
  vars:
    domain: "{{domains[application_id]}}"
 - name: "generate {{domains[application_id]}}.conf"
  template: 
--- a/roles/nginx-serve-html/tasks/main.yml
+++ b/roles/nginx-serve-html/tasks/main.yml
@ -1,11 +1,13 @@
 ---
- name: "include role nginx-modifier-all for {{domain}}"
+- name: "include role nginx-modifier-all for {{domains[application_id]}}"
  include_role: 
    name: nginx-modifier-all
- name: "include role nginx-https-recieve-certificate for {{domain}}"
+- name: "include role nginx-https-recieve-certificate for {{domains[application_id]}}"
  include_role: 
    name: nginx-https-recieve-certificate
  vars:
    domain: "{{domains[application_id]}}"
 - name: "generate {{domains[application_id]}}.conf"
  template: