ansible-podman/roles/service/tasks/proxy.yaml

---
- name: OAuth2 proxy for {{ service_name }}
  ansible.builtin.include_tasks: oauth2_proxy.yaml
  when: _service_oauth2_proxy

- name: Reverse proxy for {{ service_name }}
  ansible.builtin.import_role:
    name: uumas.general.vhost
  vars:
    vhost_type: reverse_proxy
    vhost_id: "{{ service_name }}"
    vhost_domains: "{{ service_domains }}"
    vhost_proxy_target_netproto: unix
    vhost_proxy_target_socket: "/run/{{ service_name }}-socat.sock"
    vhost_proxy_headers: "{{ _service_proxy_headers }}"
    vhost_proxy_auth_socket: "{{ _service_oauth2_socket }}"
    vhost_proxy_auth_uri: /oauth2/auth
    vhost_proxy_auth_unauthorized_redir: "/oauth2/sign_in?rd={scheme}://{host}{uri}"
    vhost_locations: "{{ _service_vhost_locations }}"