Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm

roles/svc-prx-openresty/README.md

@@ -0,0 +1,23 @@
+# OpenResty
+
+This role deploys an OpenResty container via Docker Compose, validates its configuration, and restarts it on changes.
+
+## Description
+
+- Runs an OpenResty container in host network mode  
+- Mounts Nginx configuration and Let’s Encrypt directories  
+- Validates the OpenResty (Nginx) configuration before any restart  
+- Restarts the container only if the configuration is valid  
+
+## Overview
+
+1. Loads the base Docker Compose setup  
+2. Adds the OpenResty service  
+3. Defines handlers to validate and restart the container  
+4. Triggers a restart on configuration changes  
+
+## Further Reading
+
+- [OpenResty Docker Hub](https://hub.docker.com/r/openresty/openresty)  
+- [OpenResty Official Documentation](https://openresty.org/)  
+- [Ansible Docker Compose Role on Galaxy](https://galaxy.ansible.com/)  

roles/svc-prx-openresty/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Validate OpenResty configuration
+  command: >
+    docker exec {{ openresty_container }} openresty -t -q
+  register: openresty_test
+  changed_when: false
+  failed_when: openresty_test.rc != 0
+  listen: restart openresty
+
+- name: Restart OpenResty container
+  command: docker restart {{ openresty_container }}
+  listen: restart openresty

roles/svc-prx-openresty/meta/main.yml

@@ -0,0 +1,20 @@
+---
+galaxy_info:
+  author: "Kevin Veen‑Birkenbach"
+  description: >
+    Role to provision an OpenResty container via Docker Compose.
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen‑Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  galaxy_tags:
+    - openresty
+    - nginx
+    - docker
+    - reverse_proxy
+  repository: "https://github.com/kevinveenbirkenbach/cymais"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/svc-prx-openresty"
+  min_ansible_version: "2.9"

roles/svc-prx-openresty/tasks/main.yml

@@ -0,0 +1,9 @@
+- name: "For '{{ application_id }}': Load docker-compose"
+  include_role: 
+    name: docker-compose
+  when: run_once_svc_prx_openresty is not defined
+
+- name: Run the docker_postgres tasks once
+  set_fact:
+    run_once_svc_prx_openresty: true
+  when: run_once_svc_prx_openresty is not defined

roles/svc-prx-openresty/templates/docker-compose.yml.j2

@@ -0,0 +1,15 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+  openresty:
+    container_name: {{ openresty_container }}
+    image: {{ openresty_image }}:{{ openresty_version }}
+    network_mode: "host"
+    volumes:
+      - {{ nginx.files.configuration }}:/usr/local/openresty/nginx/conf/nginx.conf:ro
+      - {{ nginx.directories.configuration }}:/usr/local/openresty/nginx/conf/conf.d:ro
+      - {{ nginx.files.configuration }}:{{ nginx.files.configuration }}:ro
+      - {{ nginx.directories.configuration }}:{{ nginx.directories.configuration }}:ro
+      - {{ nginx.directories.data.www }}:{{ nginx.directories.data.www }}:ro
+      - {{ nginx.directories.data.well_known }}:{{ nginx.directories.data.well_known }}:ro
+      - {{ letsencrypt_webroot_path }}:{{ letsencrypt_webroot_path }}:ro
+      - {{ letsencrypt_base_path }}:{{ letsencrypt_base_path }}:ro
+    command: ["openresty", "-g", "daemon off;"]

roles/svc-prx-openresty/vars/main.yml

@@ -0,0 +1,9 @@
+application_id:                 "svc-prx-openresty"
+
+# Openresty
+openresty_image:                "openresty/openresty"
+openresty_version:              "alpine"
+openresty_container:            "openresty"
+
+# Docker
+docker_compose_flush_handlers:  true