From 12c631ff3b716c973879272878241a971901e6b1 Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Sun, 30 Apr 2023 17:50:46 +0200
Subject: [PATCH] allow to disable ipv6/custom ip bindings/custom backend port
 binding

---
 README.md                                     |  37 +-
 compose.yaml                                  |  32 +-
 rootfs/bin/launch.sh                          |  12 +-
 rootfs/bin/start.sh                           | 497 +++++++++++-------
 .../nginx/conf/conf.d/no-server-name.conf     |   6 -
 .../nginx/conf/conf.d/npm-no-server-name.conf |  21 +
 rootfs/usr/local/nginx/conf/conf.d/npm.conf   |   8 +-
 7 files changed, 380 insertions(+), 233 deletions(-)
 create mode 100644 rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf

diff --git a/README.md b/README.md
index 3bb5bbef..7982a566 100644
--- a/README.md
+++ b/README.md
@@ -68,10 +68,11 @@ so that the barrier for entry here is low.
 - Passwort reset (only sqlite) (`docker exec -it nginx-proxy-manager password-reset.js USER_EMAIL PASSWORD`)
 - TLS supported for MariaDB/MySQL, please set the `DB_MYSQL_TLS` env to true. If you use self signed certificates you can upload them for example to `/data/etc/npm/ca.crt` and set the `DB_MYSQL_CA` to `/data/etc/npm/ca.crt` (not tested)
 - PUID/GGID support in network mode host (please add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`)
+- Option to set IP bindings (multiple instances) in network mode host
+- Option to change backend port
+- See composefile for all options
 
 ## Soon
-- disabling IPv4/IPv6 ([1](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh) / [2](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh) / nginx templates (nginx.js lines 200-300))
-- custom IP-Bindings in nginx/backend to allow multiple instances in host network mode
 - dark mode
 - more
 
@@ -139,18 +140,26 @@ services:
 #        - "/var/www:/var/www" # optional, if you want to use it as webserver for html/php
 #        - "/opt/npm-letsencrypt:/etc/letsencrypt" # Only needed for first time migration from original nginx-proxy-manager to this fork
         environment:
-        - "TZ=Europe/Berlin" # set timezone
-#        - "PUID=1000" # set group id
-#        - "PGID=1000" # set user id
-#        - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors
-#        - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost
-#        - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts
-#        - "CLEAN=false" # Clean folders
-#        - "FULLCLEAN=true" # Clean unused config folders
-#        - "PHP81=true" # Activate PHP81
-#        - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*
-#        - "PHP82=true" # Activate PHP82
-#        - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*
+        - "TZ=Europe/Berlin" # set timezone, default UTC
+#        - "PUID=1000" # set group id, default 0 (root)
+#        - "PGID=1000" # set user id, default 0 (root)
+#        - "NIBEP=48693" # internal port, always bound to 127.0.0.1, default 48693, you need to change it, if you want to run multiple npm instances in network mode host
+#        - "NPM_PORT=81" # Port the NPM backend should be bound to, default 81, you need to change it, if you want to run multiple npm instances in network mode host
+#        - "IPV4_BINDING=127.0.0.1" # IPv4 address to bind, defaults to all
+#        - "NPM_IPV4_BINDING=127.0.0.1" # IPv4 address to bind for the NPM backend, defaults to all
+#        - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all
+#        - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM backend, defaults to all
+#        - "DISABLE_IPV6=true" # disable IPv6, incompatible with IPV6_BINDING, default false
+#        - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM backend, incompatible with NPM_IPV6_BINDING, default false
+#        - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost, incompatible with NPM_IPV4_BINDING/NPM_IPV6_BINDING/NPM_DISABLE_IPV6, default false
+#        - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts, default unset/dummycerts
+#        - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors, default false
+#        - "CLEAN=false" # Clean folders, default true
+#        - "FULLCLEAN=true" # Clean unused config folders, default false
+#        - "PHP81=true" # Activate PHP81, default false
+#        - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*, default none
+#        - "PHP82=true" # Activate PHP82, default false
+#        - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*, default none
 ```
 
 3. Bring up your stack by running (or deploy your portainer stack)
diff --git a/compose.yaml b/compose.yaml
index fe05007b..45249bcd 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -10,15 +10,23 @@ services:
 #        - "/var/www:/var/www" # optional, if you want to use it as webserver for html/php
 #        - "/opt/npm-letsencrypt:/etc/letsencrypt" # Only needed for first time migration from original nginx-proxy-manager to this fork
         environment:
-        - "TZ=Europe/Berlin" # set timezone
-#        - "PUID=1000" # set group id
-#        - "PGID=1000" # set user id
-#        - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors
-#        - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost
-#        - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts
-#        - "CLEAN=false" # Clean folders
-#        - "FULLCLEAN=true" # Clean unused config folders
-#        - "PHP81=true" # Activate PHP81
-#        - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*
-#        - "PHP82=true" # Activate PHP82
-#        - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*
+        - "TZ=Europe/Berlin" # set timezone, default UTC
+#        - "PUID=1000" # set group id, default 0 (root)
+#        - "PGID=1000" # set user id, default 0 (root)
+#        - "NIBEP=48693" # internal port, always bound to 127.0.0.1, default 48693, you need to change it, if you want to run multiple npm instances in network mode host
+#        - "NPM_PORT=81" # Port the NPM backend should be bound to, default 81, you need to change it, if you want to run multiple npm instances in network mode host
+#        - "IPV4_BINDING=127.0.0.1" # IPv4 address to bind, defaults to all
+#        - "NPM_IPV4_BINDING=127.0.0.1" # IPv4 address to bind for the NPM backend, defaults to all
+#        - "IPV6_BINDING=[::1]" # IPv6 address to bind, defaults to all
+#        - "NPM_IPV6_BINDING=[::1]" # IPv6 address to bind for the NPM backend, defaults to all
+#        - "DISABLE_IPV6=true" # disable IPv6, incompatible with IPV6_BINDING, default false
+#        - "NPM_DISABLE_IPV6=true" # disable IPv6 for the NPM backend, incompatible with NPM_IPV6_BINDING, default false
+#        - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost, incompatible with NPM_IPV4_BINDING/NPM_IPV6_BINDING/NPM_DISABLE_IPV6, default false
+#        - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts, default unset/dummycerts
+#        - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors, default false
+#        - "CLEAN=false" # Clean folders, default true
+#        - "FULLCLEAN=true" # Clean unused config folders, default false
+#        - "PHP81=true" # Activate PHP81, default false
+#        - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*, default none
+#        - "PHP82=true" # Activate PHP82, default false
+#        - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*, default none
\ No newline at end of file
diff --git a/rootfs/bin/launch.sh b/rootfs/bin/launch.sh
index 2b838f18..0d5c9b7d 100755
--- a/rootfs/bin/launch.sh
+++ b/rootfs/bin/launch.sh
@@ -15,20 +15,20 @@ Group ID: $(id -g)
 "
 
 if ! nginx -t > /dev/null 2>&1; then
-    nginx -T || sleep inf
+    nginx -T
     sleep inf
 fi
 
 if [ "$PHP81" = "true" ]; then
     if ! PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; then
-        PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt || sleep inf
+        PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt
         sleep inf
     fi
 fi
 
 if [ "$PHP82" = "true" ]; then
     if ! PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; then
-        PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || sleep inf
+        PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt
         sleep inf
     fi
 fi
@@ -42,17 +42,17 @@ while (nginx -t > /dev/null 2>&1 && if [ "$PHP81" = true ]; then PHP_INI_SCAN_DI
 done
 
 if ! nginx -t > /dev/null 2>&1; then
-    nginx -T || sleep inf
+    nginx -T
 fi
 
 if [ "$PHP81" = "true" ]; then
     if ! PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt > /dev/null 2>&1; then
-        PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt || sleep inf
+        PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FORt
     fi
 fi
 
 if [ "$PHP82" = "true" ]; then
     if ! PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt > /dev/null 2>&1; then
-        PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt || sleep inf
+        PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FORt
     fi
 fi
diff --git a/rootfs/bin/start.sh b/rootfs/bin/start.sh
index 8a216f8c..5d45bc05 100755
--- a/rootfs/bin/start.sh
+++ b/rootfs/bin/start.sh
@@ -1,36 +1,92 @@
 #!/bin/sh
 
-if [ "$(id -u)" != "0" ]; then
+if [ "$(whoami)" != "root" ]; then
 	echo '--------------------------------------'
 	echo "This docker container must be run as root, do not specify a user."
 	echo '--------------------------------------'
-    sleep inf || exit 1
+    sleep inf
 fi
 
 if [ ! -d /data ]; then
 	echo '--------------------------------------'
 	echo "/data is not mounted! Check your docker configuration."
 	echo '--------------------------------------'
-    sleep inf || exit 1
+    sleep inf
 fi
 
-export PUID="${PUID:-0}" || exit 1
+export PUID="${PUID:-0}"
 if ! echo "$PUID" | grep -q "^[0-9]\+$"; then
-    echo "You've set PUID but not to an allowed value." || sleep inf
-    echo "It needs to be a string. Allowed are small digits 0-9" || sleep inf
-    echo "It is set to \"$PUID\"." || sleep inf
-    sleep inf || exit 1
+    echo "You've set PUID but not to an allowed value."
+    echo "It needs to be a string. Allowed are digits 0-9"
+    echo "It is set to \"$PUID\"."
+    sleep inf
 fi
 
-export PGID="${PGID:-0}" || exit 1
+export PGID="${PGID:-0}"
 if ! echo "$PGID" | grep -q "^[0-9]\+$"; then
-    echo "You've set PGID but not to an allowed value." || sleep inf
-    echo "It needs to be a string. Allowed are small digits 0-9" || sleep inf
-    echo "It is set to \"$PGID\"." || sleep inf
-    sleep inf || exit 1
+    echo "You've set PGID but not to an allowed value."
+    echo "It needs to be a string. Allowed are digits 0-9"
+    echo "It is set to \"$PGID\"."
+    sleep inf
 fi
 
-if [ "$PHP81" = true ] || [ "$PHP82" = true ]; then
+if [ -n "$IPV4_BINDING" ]; then
+    if ! echo "$IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
+        echo "You've set IPV4_BINDING but not to an allowed value."
+        echo "It needs to be a string. Allowed are digits 0-9 and dots"
+        echo "It is set to \"$IPV4_BINDING\"."
+        sleep inf
+    fi
+fi
+
+if [ "$DISABLE_IPV6" = "true" ] && [ -n "$IPV6_BINDING" ]; then
+    echo "You can't disable IPv6 and set a binding for it."
+    sleep inf
+fi
+
+if [ -n "$IPV6_BINDING" ]; then
+    if ! echo "$IPV6_BINDING" | grep -q "\[[0-9a-f:]\+\]"; then
+        echo "You've set IPV6_BINDING but not to an allowed value."
+        echo "It needs to be a string. Allowed are small letters a-z, digits 0-9 and colons inside square bracket"
+        echo "It is set to \"$IPV6_BINDING\"."
+        sleep inf
+    fi
+fi
+
+if { [ -n "$NPM_IPV4_BINDING" ] || [ -n "$NPM_IPV6_BINDING" ]; } && [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then
+    echo "You can't set IPv4/IPv6 bindings for npm, while NPM_LISTEN_LOCALHOST is enabled"
+    sleep inf
+fi
+
+if [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then
+    export NPM_IPV4_BINDING="127.0.0.1"
+    export NPM_IPV6_BINDING="[::1]"
+fi
+
+if [ -n "$NPM_IPV4_BINDING" ]; then
+    if ! echo "$NPM_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
+        echo "You've set NPM_IPV4_BINDING but not to an allowed value."
+        echo "It needs to be a string. Allowed are digits 0-9 and dots"
+        echo "It is set to \"$NPM_IPV4_BINDING\"."
+        sleep inf
+    fi
+fi
+
+if [ "$NPM_DISABLE_IPV6" = "true" ] && [ -n "$NPM_IPV6_BINDING" ]; then
+    echo "You can't disable IPv6 and set a binding for it."
+    sleep inf
+fi
+
+if [ -n "$NPM_IPV6_BINDING" ]; then
+    if ! echo "$NPM_IPV6_BINDING" | grep -q "\[[0-9a-f:]\+\]"; then
+        echo "You've set NPM_IPV6_BINDING but not to an allowed value."
+        echo "It needs to be a string. Allowed are small letters a-z, digits 0-9 and colons inside square bracket"
+        echo "It is set to \"$NPM_IPV6_BINDING\"."
+        sleep inf
+    fi
+fi
+
+if [ "$PHP81" = "true" ] || [ "$PHP82" = "true" ]; then
     apk add --no-cache fcgi
 fi
 
@@ -41,35 +97,35 @@ apk add --no-cache php81-fpm
     # From https://github.com/nextcloud/all-in-one/pull/1377/files
     if [ -n "$PHP81_APKS" ]; then
         if ! echo "$PHP81_APKS" | grep -q "^[a-z0-9 _-]\+$"; then
-            echo "You've set PHP81_APKS but not to an allowed value." || sleep inf
-            echo "It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens and underscores." || sleep inf
-            echo "It is set to \"$PHP81_APKS\"." || sleep inf
-            sleep inf || exit 1
+            echo "You've set PHP81_APKS but not to an allowed value."
+            echo "It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens and underscores."
+            echo "It is set to \"$PHP81_APKS\"."
+            sleep inf
         fi
-    
+
         for apk in $(echo "$PHP81_APKS" | tr " " "\n"); do
-    
+
             if ! echo "$apk" | grep -Ewq "php81-.*"; then
-                echo "$apk is a non allowed value." || sleep inf
-                echo "It needs to start with \"php81-\"." || sleep inf
-                echo "It is set to \"$apk\"." || sleep inf
-                sleep inf || exit 1
+                echo "$apk is a non allowed value."
+                echo "It needs to start with \"php81-\"."
+                echo "It is set to \"$apk\"."
+                sleep inf
             fi
-    
-            echo "Installing $apk via apk..." || sleep inf
+
+            echo "Installing $apk via apk..."
             if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
-                echo "The apk \"$apk\" was not installed!" || sleep inf
+                echo "The apk \"$apk\" was not installed!"
             fi
 
         done
     fi
-    
+
     mkdir -vp /data/php
-    cp -vrnT /etc/php81 /data/php/81 || sleep inf
-    sed -i "s|user =.*|user = root|" /data/php/81/php-fpm.d/www.conf || sleep inf
-    sed -i "s|group =.*|group = root|" /data/php/81/php-fpm.d/www.conf || sleep inf
-    sed -i "s|listen =.*|listen = /dev/php81.sock|" /data/php/81/php-fpm.d/www.conf || sleep inf
-    sed -i "s|include=.*|include=/data/php/81/php-fpm.d/*.conf|g" /data/php/81/php-fpm.conf || sleep inf
+    cp -vrnT /etc/php81 /data/php/81
+    sed -i "s|user =.*|user = root|" /data/php/81/php-fpm.d/www.conf
+    sed -i "s|group =.*|group = root|" /data/php/81/php-fpm.d/www.conf
+    sed -i "s|listen =.*|listen = /dev/php81.sock|" /data/php/81/php-fpm.d/www.conf
+    sed -i "s|include=.*|include=/data/php/81/php-fpm.d/*.conf|g" /data/php/81/php-fpm.conf
 
 else
     rm -vrf /data/php/81
@@ -82,35 +138,35 @@ apk add --no-cache php82-fpm
     # From https://github.com/nextcloud/all-in-one/pull/1377/files
     if [ -n "$PHP82_APKS" ]; then
         if ! echo "$PHP82_APKS" | grep -q "^[a-z0-9 _-]\+$"; then
-            echo "You've set PHP82_APKS but not to an allowed value." || sleep inf
-            echo "It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens and underscores." || sleep inf
-            echo "It is set to \"$PHP82_APKS\"." || sleep inf
-            sleep inf || exit 1
+            echo "You've set PHP82_APKS but not to an allowed value."
+            echo "It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens and underscores."
+            echo "It is set to \"$PHP82_APKS\"."
+            sleep inf
         fi
-    
+
         for apk in $(echo "$PHP82_APKS" | tr " " "\n"); do
-    
+
             if ! echo "$apk" | grep -Ewq "php82-.*"; then
-                echo "$apk is a non allowed value." || sleep inf
-                echo "It needs to start with \"php82-\"." || sleep inf
-                echo "It is set to \"$apk\"." || sleep inf
-                sleep inf || exit 1
+                echo "$apk is a non allowed value."
+                echo "It needs to start with \"php82-\"."
+                echo "It is set to \"$apk\"."
+                sleep inf
             fi
-    
-            echo "Installing $apk via apk..." || sleep inf
+
+            echo "Installing $apk via apk..."
             if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
-                echo "The apk \"$apk\" was not installed!" || sleep inf
+                echo "The apk \"$apk\" was not installed!"
             fi
 
         done
     fi
-    
+
     mkdir -vp /data/php
-    cp -vrnT /etc/php82 /data/php/82 || sleep inf
-    sed -i "s|user =.*|user = root|" /data/php/82/php-fpm.d/www.conf || sleep inf
-    sed -i "s|group =.*|group = root|" /data/php/82/php-fpm.d/www.conf || sleep inf
-    sed -i "s|listen =.*|listen = /dev/php82.sock|" /data/php/82/php-fpm.d/www.conf || sleep inf
-    sed -i "s|include=.*|include=/data/php/82/php-fpm.d/*.conf|g" /data/php/82/php-fpm.conf || sleep inf
+    cp -vrnT /etc/php82 /data/php/82
+    sed -i "s|user =.*|user = root|" /data/php/82/php-fpm.d/www.conf
+    sed -i "s|group =.*|group = root|" /data/php/82/php-fpm.d/www.conf
+    sed -i "s|listen =.*|listen = /dev/php82.sock|" /data/php/82/php-fpm.d/www.conf
+    sed -i "s|include=.*|include=/data/php/82/php-fpm.d/*.conf|g" /data/php/82/php-fpm.conf
 
 else
     rm -vrf /data/php/82
@@ -118,7 +174,7 @@ fi
 
 mkdir -p /tmp/acme-challenge \
          /tmp/certbot-work \
-         /tmp/certbot-log || sleep inf
+         /tmp/certbot-log
 
 mkdir -vp /data/tls/certbot/renewal \
           /data/tls/custom \
@@ -129,61 +185,61 @@ mkdir -vp /data/tls/certbot/renewal \
           /data/nginx/proxy_host \
           /data/nginx/dead_host \
           /data/nginx/stream \
-          /data/nginx/custom || sleep inf
+          /data/nginx/custom
 
 if [ -f /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite" ]; then
-    mv -vn /data/database.sqlite "$DB_SQLITE_FILE" || sleep inf
+    mv -vn /data/database.sqlite "$DB_SQLITE_FILE"
 fi
 
 if [ -f /data/nginx/default_host/site.conf ]; then
-    mv -vn /data/nginx/default_host/site.conf /data/nginx/default.conf || sleep inf
+    mv -vn /data/nginx/default_host/site.conf /data/nginx/default.conf
 fi
 
 if [ -f /data/nginx/default_www/index.html ]; then
-    mv -vn /data/nginx/default_www/index.html /data/nginx/html/index.html || sleep inf
+    mv -vn /data/nginx/default_www/index.html /data/nginx/html/index.html
 fi
 
 if [ -f /data/nginx/dummycert.pem ]; then
-    mv -vn /data/nginx/dummycert.pem /data/tls/dummycert.pem || sleep inf
+    mv -vn /data/nginx/dummycert.pem /data/tls/dummycert.pem
 fi
 
 if [ -f /data/nginx/dummykey.pem ]; then
-    mv -vn /data/nginx/dummykey.pem /data/tls/dummykey.pem || sleep inf
+    mv -vn /data/nginx/dummykey.pem /data/tls/dummykey.pem
 fi
 
 if [ -n "$(ls -A /data/nginx/html 2> /dev/null)" ]; then
-    mv -v /data/nginx/html/* /data/etc/html|| sleep inf
+    mv -v /data/nginx/html/* /data/etc/html
 fi
 
 if [ -n "$(ls -A /data/access 2> /dev/null)" ]; then
-    mv -v /data/access/* /data/etc/access || sleep inf
+    mv -v /data/access/* /data/etc/access
 fi
 
 if [ -n "$(ls -A /data/nginx/access 2> /dev/null)" ]; then
-    mv -v /data/nginx/access/* /data/etc/access || sleep inf
+    mv -v /data/nginx/access/* /data/etc/access
 fi
 
 if [ -n "$(ls -A /etc/letsencrypt 2> /dev/null)" ]; then
-    mv -v /etc/letsencrypt/* /data/tls/certbot || sleep inf
+    mv -v /etc/letsencrypt/* /data/tls/certbot
 fi
 
 if [ -n "$(ls -A /data/letsencrypt 2> /dev/null)" ]; then
-    mv -v /data/letsencrypt/* /data/tls/certbot || sleep inf
+    mv -v /data/letsencrypt/* /data/tls/certbot
 fi
 
 if [ -n "$(ls -A /data/custom_ssl 2> /dev/null)" ]; then
-    mv -v /data/custom_ssl/* /data/tls/custom || sleep inf
+    mv -v /data/custom_ssl/* /data/tls/custom
 fi
 
 if [ -n "$(ls -A /data/ssl 2> /dev/null)" ]; then
-    mv -v /data/ssl/* /data/tls || sleep inf
+    mv -v /data/ssl/* /data/tls
 fi
 
 if [ -z "$CLEAN" ]; then
     export CLEAN=true
 fi
 
-if [ "$CLEAN" = true ]; then
+if [ "$CLEAN" = "true" ]; then
     rm -vrf /data/letsencrypt-acme-challenge \
             /data/nginx/dummycert.pem \
             /data/nginx/dummykey.pem \
@@ -203,55 +259,55 @@ if [ "$CLEAN" = true ]; then
             /data/ssl \
             /data/logs \
             /data/error.log \
-            /data/nginx/error.log || sleep inf
+            /data/nginx/error.log
 fi
 
 if [ -f "$DB_SQLITE_FILE" ]; then
-    sqlite-vaccum.js || exit 1
+    sqlite-vaccum.js
 fi
 
 if [ -z "$FULLCLEAN" ]; then
     export FULLCLEAN=false
 fi
 
-if [ "$FULLCLEAN" = true ]; then
-    if [ "$PHP81" != true ] && [ "$PHP82" != true ]; then
+if [ "$FULLCLEAN" = "true" ]; then
+    if [ "$PHP81" != "true" ] && [ "$PHP82" != "true" ]; then
         rm -vrf /data/php
-    fi    
+    fi
     certbot-cleaner.sh
 fi
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|listen 80 http2|listen 80|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|listen 80 http2|listen 80|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|\(listen .*\) http3|\1 quic|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/html/|/data/etc/html/|g" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/access|/data/nginx/access|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/access|/data/etc/access|g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/access|/data/nginx/access|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/nginx/access|/data/etc/access|g" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/custom_ssl|/data/tls/custom|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/custom_ssl|/data/tls/custom|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate_key /data/nginx/dummykey.pem;|ssl_certificate_key /data/tls/dummykey.pem;|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate /data/nginx/dummycert.pem;|ssl_certificate /data/tls/dummycert.pem;|g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate_key /data/nginx/dummykey.pem;|ssl_certificate_key /data/tls/dummykey.pem;|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|ssl_certificate /data/nginx/dummycert.pem;|ssl_certificate /data/tls/dummycert.pem;|g" {} \;
 
-find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \; || sleep inf
-find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
-find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \; || sleep inf
+find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/ssl|/data/tls|g" {} \;
+find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/etc/letsencrypt|/data/tls/certbot|g" {} \;
+find /data/tls/certbot/renewal -type f -name '*.conf' -exec sed -i "s|/data/letsencrypt|/data/tls/certbot|g" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/force-ssl.conf;|include conf.d/include/force-tls.conf;|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/force-ssl.conf;|include conf.d/include/force-tls.conf;|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/ssl-ciphers.conf;|include conf.d/include/tls-ciphers.conf;|g" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|include conf.d/include/letsencrypt-acme-challenge.conf;|include conf.d/include/acme-challenge.conf;|g" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "/Asset Caching/d" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "/assets.conf/d" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "/Asset Caching/d" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "/assets.conf/d" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "/access_log/d" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "/proxy_http_version/d" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "/access_log/d" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "/proxy_http_version/d" {} \;
 
-find /data/nginx -type f -name '*.conf' -exec sed -i "/ssl_stapling/d" {} \; || sleep inf
-find /data/nginx -type f -name '*.conf' -exec sed -i "/ssl_stapling_verify/d" {} \; || sleep inf
+find /data/nginx -type f -name '*.conf' -exec sed -i "/ssl_stapling/d" {} \;
+find /data/nginx -type f -name '*.conf' -exec sed -i "/ssl_stapling_verify/d" {} \;
 
 touch /data/etc/html/index.html \
       /data/nginx/default.conf \
@@ -266,173 +322,232 @@ touch /data/etc/html/index.html \
       /data/nginx/custom/stream.conf \
       /data/nginx/custom/server_stream.conf \
       /data/nginx/custom/server_stream_tcp.conf \
-      /data/nginx/custom/server_stream_udp.conf || sleep inf
+      /data/nginx/custom/server_stream_udp.conf
 
 if [ -z "$NPM_CERT_ID" ]; then
-    export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-    export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-    echo "no NPM_CERT_ID set, using dummycerts for npm and default hosts." || sleep inf
+    export NPM_CERT=/data/tls/dummycert.pem
+    export NPM_KEY=/data/tls/dummykey.pem
+    echo "no NPM_CERT_ID set, using dummycerts for npm and default hosts."
 else
     if ! echo "$NPM_CERT_ID" | grep -q "[0-9]"; then
-        echo "NPM_CERT_ID is a non allowed value." || sleep inf
-        echo "It needs to be a number." || sleep inf
-        echo "It is set to \"$NPM_CERT_ID\"." || sleep inf
-        export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-        export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-        echo "using dummycerts for npm and default hosts." || sleep inf
+        echo "NPM_CERT_ID is a non allowed value."
+        echo "It needs to be a number."
+        echo "It is set to \"$NPM_CERT_ID\"."
+        export NPM_CERT=/data/tls/dummycert.pem
+        export NPM_KEY=/data/tls/dummykey.pem
+        echo "using dummycerts for npm and default hosts."
     else
-    
+
         if [ -d "/data/tls/certbot/live/npm-$NPM_CERT_ID" ]; then
             if ! ls /data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem > /dev/null 2>&1; then
-                echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem does not exist" || sleep inf
-                export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-                export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-                echo "using dummycerts for npm and default hosts." || sleep inf
+                echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem does not exist"
+                export NPM_CERT=/data/tls/dummycert.pem
+                export NPM_KEY=/data/tls/dummykey.pem
+                echo "using dummycerts for npm and default hosts."
             else
-                export NPM_CERT=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem || sleep inf
-                echo "NPM_CERT set to /data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem" || sleep inf
-            
+                export NPM_CERT=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem
+                echo "NPM_CERT set to /data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem"
+
                 if ! ls /data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem > /dev/null 2>&1; then
-                    echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem does not exist" || sleep inf
-                    export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-                    export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-                    echo "using dummycerts for npm and default hosts." || sleep inf
+                    echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem does not exist"
+                    export NPM_CERT=/data/tls/dummycert.pem
+                    export NPM_KEY=/data/tls/dummykey.pem
+                    echo "using dummycerts for npm and default hosts."
                 else
-                    export NPM_KEY=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem || sleep inf
-                    echo "NPM_KEY set to /data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem" || sleep inf
-            
+                    export NPM_KEY=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem
+                    echo "NPM_KEY set to /data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem"
+
                     if ! ls /data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem > /dev/null 2>&1; then
-                        echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem does not exist" || sleep inf
-                        export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-                        export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-                        echo "using dummycerts for npm and default hosts." || sleep inf
+                        echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem does not exist"
+                        export NPM_CERT=/data/tls/dummycert.pem
+                        export NPM_KEY=/data/tls/dummykey.pem
+                        echo "using dummycerts for npm and default hosts."
                     else
-                        export NPM_CHAIN=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem || sleep inf
-                        echo "NPM_CHAIN set to /data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem" || sleep inf
+                        export NPM_CHAIN=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem
+                        echo "NPM_CHAIN set to /data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem"
                     fi
                 fi
             fi
-            
+
         elif [ -d "/data/tls/custom/npm-$NPM_CERT_ID" ]; then
             if ! ls /data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem > /dev/null 2>&1; then
-                echo "/data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem does not exist" || sleep inf
-                export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-                export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-                echo "using dummycerts for npm and default hosts." || sleep inf
+                echo "/data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem does not exist"
+                export NPM_CERT=/data/tls/dummycert.pem
+                export NPM_KEY=/data/tls/dummykey.pem
+                echo "using dummycerts for npm and default hosts."
             else
-                export NPM_CERT=/data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem || sleep inf
-                echo "NPM_CERT set to /data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem" || sleep inf
-            
+                export NPM_CERT=/data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem
+                echo "NPM_CERT set to /data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem"
+
                 if ! ls /data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem > /dev/null 2>&1; then
-                    echo "/data/tls/custom/npm-$NPM_CERT_ID/privkey.pem does not exist" || sleep inf
-                    export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-                    export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-                    echo "using dummycerts for npm and default hosts." || sleep inf
+                    echo "/data/tls/custom/npm-$NPM_CERT_ID/privkey.pem does not exist"
+                    export NPM_CERT=/data/tls/dummycert.pem
+                    export NPM_KEY=/data/tls/dummykey.pem
+                    echo "using dummycerts for npm and default hosts."
                 else
-                    export NPM_KEY=/data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem || sleep inf
-                    echo "NPM_KEY set to /data/tls/custom/npm-$NPM_CERT_ID/privkey.pem" || sleep inf
-            
+                    export NPM_KEY=/data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem
+                    echo "NPM_KEY set to /data/tls/custom/npm-$NPM_CERT_ID/privkey.pem"
+
                     if ! ls /data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem > /dev/null 2>&1; then
-                        echo "/data/tls/custom/npm-$NPM_CERT_ID/chain.pem does not exist" || sleep inf
-                        export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-                        export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-                        echo "using dummycerts for npm and default hosts." || sleep inf
+                        echo "/data/tls/custom/npm-$NPM_CERT_ID/chain.pem does not exist"
+                        export NPM_CERT=/data/tls/dummycert.pem
+                        export NPM_KEY=/data/tls/dummykey.pem
+                        echo "using dummycerts for npm and default hosts."
                     else
-                        export NPM_CHAIN=/data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem || sleep inf
-                        echo "NPM_CHAIN set to /data/tls/custom/npm-$NPM_CERT_ID/chain.pem" || sleep inf
+                        export NPM_CHAIN=/data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem
+                        echo "NPM_CHAIN set to /data/tls/custom/npm-$NPM_CERT_ID/chain.pem"
                     fi
                 fi
             fi
-            
+
         else
-            export NPM_CERT=/data/tls/dummycert.pem || sleep inf
-            export NPM_KEY=/data/tls/dummykey.pem || sleep inf
-            echo "cert with ID $NPM_CERT_ID does not exist, using dummycerts for npm and default hosts." || sleep inf
+            export NPM_CERT=/data/tls/dummycert.pem
+            export NPM_KEY=/data/tls/dummykey.pem
+            echo "cert with ID $NPM_CERT_ID does not exist, using dummycerts for npm and default hosts."
         fi
     fi
 fi
 
-ns="$(tr "[:upper:]" "[:lower:]" < /etc/resolv.conf | grep -P "^nameserver ((?:[0-9.]+)|(?:[0-9a-f:]+))$" | awk 'BEGIN{ORS=" "} $1=="nameserver" {print ($2 ~ ":")? "["$2"]": $2}' | sed "s| *$||")"
+ns="$(tr "[:upper:]" "[:lower:]" < /etc/resolv.conf | grep -P "^nameserver ((?:[0-9.]+)|(?:[0-9a-f:]+))$" | awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' | sed "s| *$||")"
 export ns
-sed -i "s|resolver.*|resolver $ns;|g" /usr/local/nginx/conf/nginx.conf || sleep inf
-echo "using this nameservers: \"$ns\"" || sleep inf
+if [ "$DISABLE_IPV6" = "true" ]; then
+    sed -i "s|resolver.*|resolver $ns valid=10s ipv6=off;|g" /usr/local/nginx/conf/nginx.conf
+else
+    sed -i "s|resolver.*|resolver $ns valid=10s;|g" /usr/local/nginx/conf/nginx.conf
+fi
+echo "using this nameservers: \"$ns\""
 
-sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/include/default.conf || sleep inf
-sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/include/default.conf || sleep inf
-if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/include/default.conf || sleep inf; fi
+sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/include/default.conf
+sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/include/default.conf
+if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/include/default.conf; fi
 
-sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf
-sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf
-if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf; fi
+sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/no-server-name.conf; fi
 
-sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf
-sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf
-if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf; fi
+sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf; fi
 
-sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /app/templates/default.conf || sleep inf
-sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /app/templates/default.conf || sleep inf
-if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /app/templates/default.conf || sleep inf; fi
+sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /usr/local/nginx/conf/conf.d/npm.conf
+sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /usr/local/nginx/conf/conf.d/npm.conf
+if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /usr/local/nginx/conf/conf.d/npm.conf; fi
 
-if [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then
-    sed -i "s|listen 81|listen 127.0.0.1:81|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf
-    sed -i "s|listen \[::\]:81|listen \[::1\]:81|g" /usr/local/nginx/conf/conf.d/npm.conf || sleep inf
-    sed -i "s|listen 81|listen 127.0.0.1:81|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf
-    sed -i "s|listen \[::\]:81|listen \[::1\]:81|g" /usr/local/nginx/conf/conf.d/no-server-name.conf || sleep inf
+sed -i "s|#ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /app/templates/default.conf
+sed -i "s|#ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /app/templates/default.conf
+if [ -n "$NPM_CHAIN" ]; then sed -i "s|#ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /app/templates/default.conf; fi
+
+find /data/nginx -type f -name '*.conf' -exec sed -i "s|80 http2|80|g" {} \;
+
+if [ "$NIBEP" != "48693" ]; then
+    sed -i "s|48693|$NIBEP|g" /app/index.js
+    sed -i "s|48693|$NIBEP|g" /usr/local/nginx/conf/conf.d/npm.conf
+fi
+
+if [ -n "$IPV4_BINDING" ]; then
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\({{ incoming_port }}\)/listen $IPV4_BINDING:\2/g" /app/templates/stream.conf
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+    find /data/nginx -type f -name '*.conf' -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \;
+    find /app/templates -type f -name '*.conf' -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen $IPV4_BINDING:\2/g" {} \;
+else
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\({{ incoming_port }}\)/listen \2/g" /app/templates/stream.conf
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen \2/g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+    find /data/nginx -type f -name '*.conf' -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen \2/g" {} \;
+    find /app/templates -type f -name '*.conf' -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen \2/g" {} \;
+    find /usr/local/nginx/conf/conf.d -type f -name '*.conf' -exec sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\([0-9]\+\)/listen \2/g" {} \;
+fi
+
+if [ "$DISABLE_IPV6" = "true" ]; then
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/#listen \[\1\]:\2/g" /app/templates/stream.conf
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+    find /data/nginx -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
+    find /app/templates -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/#listen \[\1\]:\2/g" {} \;
+elif [ -n "$IPV6_BINDING" ]; then
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/listen $IPV6_BINDING:\2/g" /app/templates/stream.conf
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+    find /data/nginx -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" {} \;
+    find /app/templates -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen $IPV6_BINDING:\2/g" {} \;
+else
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\({{ incoming_port }}\)/listen \[::\]:\2/g" /app/templates/stream.conf
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen \[::\]:\2/g" /usr/local/nginx/conf/conf.d/no-server-name.conf
+    find /data/nginx -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen \[::\]:\2/g" {} \;
+    find /app/templates -type f -name '*.conf' -exec sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\([0-9]\+\)/listen \[::\]:\2/g" {} \;
+fi
+
+export NPM_PORT="${NPM_PORT:-81}"
+
+if [ -n "$NPM_IPV4_BINDING" ]; then
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\(bep\)/listen $NPM_IPV4_BINDING:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm.conf
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\(bep\)/listen $NPM_IPV4_BINDING:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+else
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\(bep\)/listen $NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm.conf
+    sed -i "s/#\?listen \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+:\)\?\(bep\)/listen $NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+fi
+
+if [ "$NPM_DISABLE_IPV6" = "true" ]; then
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\(bep\)/#listen \[\1\]:\2/g" /usr/local/nginx/conf/conf.d/npm.conf
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\(bep\)/#listen \[\1\]:\2/g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+elif [ -n "$NPM_IPV6_BINDING" ]; then
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\(bep\)/listen $NPM_IPV6_BINDING:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm.conf
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\(bep\)/listen $NPM_IPV6_BINDING:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
+else
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\(bep\)/listen \[::\]:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm.conf
+    sed -i "s/#\?listen \[\([0-9a-f:]\+\)\]:\(bep\)/listen \[::\]:$NPM_PORT/g" /usr/local/nginx/conf/conf.d/npm-no-server-name.conf
 fi
 
 if [ "$NGINX_LOG_NOT_FOUND" = "true" ]; then
-    sed -i "s|log_not_found off;|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf || sleep inf
+    sed -i "s|log_not_found off;|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf
 fi
 
 if [ -z "$NPM_CERT_ID" ]; then
     if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
-        openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem || sleep inf
+        openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem
     fi
-else 
+else
     rm -vrf /data/tls/dummycert.pem \
-            /data/tls/dummykey.pem || sleep inf
+            /data/tls/dummykey.pem
 fi
 
 if [ ! -f /data/nginx/default.conf ]; then
-    mv -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf || sleep inf
+    mv -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf
 fi
 
 if [ ! -f /data/tls/certbot/config.ini ]; then
-    mv -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini || sleep inf
+    mv -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini
 fi
 
-sed -i "s|ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /data/nginx/default.conf || sleep inf
-sed -i "s|ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /data/nginx/default.conf || sleep inf
-if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /data/nginx/default.conf || sleep inf; fi
+sed -i "s|ssl_certificate .*|ssl_certificate $NPM_CERT;|g" /data/nginx/default.conf
+sed -i "s|ssl_certificate_key .*|ssl_certificate_key $NPM_KEY;|g" /data/nginx/default.conf
+if [ -n "$NPM_CHAIN" ]; then sed -i "s|ssl_trusted_certificate .*|ssl_trusted_certificate $NPM_CHAIN;|g" /data/nginx/default.conf; fi
 
 
 chmod -R o-rwx /data/tls \
                /data/etc/npm \
-               /data/etc/access || exit 1
+               /data/etc/access
 
 if [ "$PUID" != "0" ]; then
     if id -u npmuser > /dev/null 2>&1; then
-        usermod -u "$PUID" npmuser || exit 1
+        usermod -u "$PUID" npmuser
     else
-        useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
+        useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser
     fi
-    usermod -G "$PGID" npmuser || exit 1
-    groupmod -o -g "$PGID" npmuser || exit 1
+    usermod -G "$PGID" npmuser
+    groupmod -o -g "$PGID" npmuser
     chown -R "$PUID:$PGID" /usr/local/certbot \
                            /usr/local/nginx \
                            /data \
                            /tmp/acme-challenge \
                            /tmp/certbot-work \
-                           /tmp/certbot-log || exit 1
-    sed -i "s|user root;|#user root;|g"  /usr/local/nginx/conf/nginx.conf || sleep inf
-    sudo -Eu npmuser launch.sh || exit 1
+                           /tmp/certbot-log
+    sed -i "s|user root;|#user root;|g"  /usr/local/nginx/conf/nginx.conf
+    sudo -Eu npmuser launch.sh
 else
     chown -R 0:0 /usr/local/certbot \
                  /usr/local/nginx \
                  /data \
                  /tmp/acme-challenge \
                  /tmp/certbot-work \
-                 /tmp/certbot-log || exit 1
-    sed -i "s|#user root;|user root;|g"  /usr/local/nginx/conf/nginx.conf || sleep inf
-    launch.sh || exit 1
+                 /tmp/certbot-log
+    sed -i "s|#user root;|user root;|g"  /usr/local/nginx/conf/nginx.conf
+    launch.sh
 fi
diff --git a/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf b/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
index 98337b93..42f36a0a 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
@@ -1,10 +1,4 @@
 server {
-    listen 81 ssl http2;
-    listen 81 quic;
-
-    listen [::]:81 ssl http2;
-    listen [::]:81 quic;
-
     listen 80;
     listen [::]:80;
 
diff --git a/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf b/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
new file mode 100644
index 00000000..bd14b4c2
--- /dev/null
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm-no-server-name.conf
@@ -0,0 +1,21 @@
+server {
+    listen bep ssl http2;
+    listen bep quic;
+
+    listen [::]:bep ssl http2;
+    listen [::]:bep quic;
+
+    server_name "";
+    return 444;
+
+    include conf.d/include/brotli.conf;
+    include conf.d/include/force-tls.conf;
+    include conf.d/include/tls-ciphers.conf;
+    include conf.d/include/block-exploits.conf;
+    add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
+    http3 on;
+
+    #ssl_certificate ;
+    #ssl_certificate_key ;
+    #ssl_trusted_certificate ;
+}
diff --git a/rootfs/usr/local/nginx/conf/conf.d/npm.conf b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
index 5a2bb8dc..2f2854b8 100644
--- a/rootfs/usr/local/nginx/conf/conf.d/npm.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
@@ -1,9 +1,9 @@
 server {
-    listen 81 ssl http2 default_server;
-    listen 81 quic default_server;
+    listen bep ssl http2 default_server;
+    listen bep quic default_server;
     
-    listen [::]:81 ssl http2 default_server;
-    listen [::]:81 quic default_server;
+    listen [::]:bep ssl http2 default_server;
+    listen [::]:bep quic default_server;
     add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
     http3 on;