diff --git a/README.md b/README.md
index cbdc3aa..bd17ad1 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[Roundcube](https://roundcube.net/) webmail interface with postgres backend.
+[Roundcube](https://roundcube.net/) webmail interface with postgres backend and oauth login.
 
 # Environment Variables
 ## DOMAINS
@@ -39,29 +39,30 @@ Secret key for session secrets.
 
 Encryption algorithm for session secrets.
 
-## CARDDAV_PRESETS
-Configured preset addressbooks are created for a user as they log in.
+## OAUTH_PROVIDER_NAME
+Name of the oauth provider on the roundcube login page.
 
-For example:
-```$prefs['Personal'] = array(
-	// required attributes
-	'name'         =>  'Personal',
-	// will be substituted for the roundcube username
-	'username'     =>  '%u',
-	// will be substituted for the roundcube password
-	'password'     =>  '%p',
-	// %u will be substituted for the CardDAV username
-	'url'          =>  'https://my.nextcloud.org/remote.php/dav/addressbooks/users/%u/contacts/',
+## OAUTH_CLIENT_ID
+Client id for oauth login.
 
-	'active'       =>  true,
-	'readonly'     =>  false,
-	'refresh_time' => '02:00:00',
+## OAUTH_CLIENT_SECRET
+Client secret for oauth login.
 
-	'fixed'        =>  array( 'username' ),
-	'hide'        =>  false,
-);
+## OAUTH_AUTH_URI
+Auth uri for oauth login.
+
+Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/auth`
+
+## OAUTH_TOKEN_URI
+Token uri for oauth login.
+
+Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/token`
+
+## OAUTH_IDENTITY_URI
+Userinfo uri for oauth login.
+
+Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/userinfo`
 
-```
 
 # Ports
 - 80
diff --git a/rootfs/etc/confd/templates/config.inc.php.tmpl b/rootfs/etc/confd/templates/config.inc.php.tmpl
index d91c281..60695e5 100644
--- a/rootfs/etc/confd/templates/config.inc.php.tmpl
+++ b/rootfs/etc/confd/templates/config.inc.php.tmpl
@@ -39,3 +39,15 @@ $config['plugins'] = array('archive', 'managesieve', 'zipdownload');
 
 $config['spellcheck_engine'] = 'pspell';
 $config['default_charset'] = 'UTF-8';
+
+$config['oauth_provider'] = 'generic';
+$config['oauth_provider_name'] = '{{getenv "OAUTH_PROVIDER_NAME"}}';
+$config['oauth_client_id'] = '{{getenv "OAUTH_CLIENT_ID"}}';
+$config['oauth_client_secret'] = '{{getenv "OAUTH_CLIENT_SECRET"}}';
+$config['oauth_auth_uri'] = '{{getenv "OAUTH_AUTH_URI"}}';
+$config['oauth_token_uri'] = '{{getenv "OAUTH_TOKEN_URI"}}';
+$config['oauth_identity_uri'] = '{{getenv "OAUTH_IDENTITY_URI"}}';
+$config['oauth_scope'] = 'email profile openid';
+$config['oauth_auth_parameters'] = [];
+$config['oauth_identity_fields'] = ['preferred_username'];
+$config['oauth_login_redirect'] = true;
diff --git a/rootfs/etc/confd/templates/nginx.conf.tmpl b/rootfs/etc/confd/templates/nginx.conf.tmpl
index e4ec7f6..69289ed 100644
--- a/rootfs/etc/confd/templates/nginx.conf.tmpl
+++ b/rootfs/etc/confd/templates/nginx.conf.tmpl
@@ -22,7 +22,7 @@ http {
     {{range $domain := split (getenv "DOMAINS") ";"}}
 
     server {
-       listen 8080;
+        listen 8080;
 
         server_name {{ $domain }};
 
@@ -48,6 +48,7 @@ http {
             fastcgi_param PATH_INFO $path_info;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             fastcgi_param HTTPS on;
+			fastcgi_param SERVER_PORT 443;
             fastcgi_read_timeout 300;
             fastcgi_pass php;
         }