Tobias Wüst
2341815daf
Rename roles/OpnForm → roles/opnform so the role resolves as
digitalboard.core.opnform (Ansible collection convention is
lowercase). Update tests/test.yml reference accordingly.
Add automated admin user creation via POST /api/register, gated on
opnform_admin_email + opnform_admin_password. Idempotent through a
prior login probe. Without these vars the manual setup page flow is
preserved.
Add automated OIDC IdentityConnection setup via the per-workspace
/api/open/workspaces/{id}/oidc-connections endpoint, gated on
opnform_oidc_enabled. Hard-coupled to the admin bootstrap (the API
requires an authenticated admin token); validation block fails fast
if OIDC is enabled without admin credentials. Supports both an
explicit opnform_oidc_group_role_mappings list and a fallback
opnform_oidc_admin_group convenience var.
Convert opnform_oidc_scopes from space-separated string to YAML list
to match OpnForm's API expectation. Rewrite README "First login" and
"OIDC setup" sections to reflect that self-hosted OpnForm does not
ship a pre-seeded admin and to document the new bootstrap paths.
BREAKING CHANGE: opnform_oidc_scopes changed from space-separated
string to YAML list. Inventories that override it must update from
"openid profile email" to [openid, profile, email].
43 lines
1.2 KiB
Django/Jinja
43 lines
1.2 KiB
Django/Jinja
map $original_uri $api_uri {
|
|
~^/api(/.*$) $1;
|
|
default $original_uri;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name {{ opnform_domain }};
|
|
root /app/public;
|
|
|
|
client_max_body_size {% raw %}${NGINX_MAX_BODY_SIZE}{% endraw %};
|
|
|
|
access_log /dev/stdout;
|
|
error_log /dev/stderr error;
|
|
|
|
index index.html index.htm index.php;
|
|
|
|
location / {
|
|
proxy_http_version 1.1;
|
|
proxy_pass http://ui:3000;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
}
|
|
|
|
location ~/(api|open|local\/temp|forms\/assets)/ {
|
|
set $original_uri $uri;
|
|
try_files $uri $uri/ /index.php$is_args$args;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass api:9000;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/public/index.php;
|
|
fastcgi_param REQUEST_URI $api_uri;
|
|
}
|
|
}
|