Merge pull request #5318 from NginxProxyManager/develop

v2.14.0

.github/dependabot.yml

@@ -3,7 +3,7 @@ updates:
   - package-ecosystem: "npm"
     directory: "/backend"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     groups:
       dev-patch-updates:
         dependency-type: "development"
@@ -25,7 +25,7 @@ updates:
   - package-ecosystem: "npm"
     directory: "/frontend"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     groups:
       dev-patch-updates:
         dependency-type: "development"
@@ -47,7 +47,7 @@ updates:
   - package-ecosystem: "npm"
     directory: "/docs"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     groups:
       dev-patch-updates:
         dependency-type: "development"
@@ -69,7 +69,7 @@ updates:
   - package-ecosystem: "npm"
     directory: "/test"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     groups:
       dev-patch-updates:
         dependency-type: "development"
@@ -87,11 +87,11 @@ updates:
         dependency-type: "production"
         update-types:
           - "minor"
-          
+
   - package-ecosystem: "docker"
     directory: "/docker"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     groups:
       updates:
         update-types:

.github/workflows/stale.yml

@@ -8,7 +8,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           stale-issue-label: 'stale'
           stale-pr-label: 'stale'

.version

@@ -1 +1 @@
-2.13.6
+2.14.0

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.13.6-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.14.0-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -36,6 +36,10 @@ so that the barrier for entry here is low.
 - Advanced Nginx configuration available for super users
 - User management, permissions and audit log
 
+::: warning
+`armv7` is no longer supported in version 2.14+. This is due to Nodejs dropping support for armhf. Please
+use the `2.13.7` image tag if this applies to you.
+:::
 
 ## Hosting your home network
 
@@ -43,16 +47,15 @@ I won't go in to too much detail here but here are the basics for someone new to
 
 1. Your home router will have a Port Forwarding section somewhere. Log in and find it
 2. Add port forwarding for port 80 and 443 to the server hosting this project
-3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
+3. Configure your domain name details to point to your home, either with a static ip or a service like
+   - DuckDNS
+   - [Amazon Route53](https://github.com/jc21/route53-ddns)
+   - [Cloudflare](https://github.com/jc21/cloudflare-ddns)
 4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
 
 ## Quick Setup
 
-1. Install Docker and Docker-Compose
-
-- [Docker Install documentation](https://docs.docker.com/install/)
-- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
-
+1. [Install Docker](https://docs.docker.com/install/)
 2. Create a docker-compose.yml file similar to this:
 
 ```yml

backend/biome.json

@@ -1,5 +1,5 @@
 {
-    "$schema": "https://biomejs.dev/schemas/2.3.2/schema.json",
+    "$schema": "https://biomejs.dev/schemas/2.3.14/schema.json",
     "vcs": {
         "enabled": true,
         "clientKind": "git",

backend/certbot/dns-plugins.json

@@ -23,6 +23,14 @@
 		"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
 		"full_plugin_name": "dns-aliyun"
 	},
+	"arvan": {
+        "name": "ArvanCloud",
+        "package_name": "certbot-dns-arvan",
+        "version": ">=0.1.0",
+        "dependencies": "",
+        "credentials": "dns_arvan_key = Apikey xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+        "full_plugin_name": "dns-arvan"
+    },
 	"azure": {
 		"name": "Azure",
 		"package_name": "certbot-dns-azure",

backend/config/sqlite-test-db.json

@@ -2,7 +2,7 @@
   "database": {
       "engine": "knex-native",
       "knex": {
-        "client": "sqlite3",
+        "client": "better-sqlite3",
         "connection": {
           "filename": "/app/config/mydb.sqlite"
         },

backend/internal/2fa.js

@@ -1,6 +1,6 @@
 import crypto from "node:crypto";
 import bcrypt from "bcrypt";
-import { authenticator } from "otplib";
+import { createGuardrails, generateSecret, generateURI, verify } from "otplib";
 import errs from "../lib/error.js";
 import authModel from "../models/auth.js";
 import internalUser from "./user.js";
@@ -27,7 +27,6 @@ const generateBackupCodes = async () => {
 };
 
 const internal2fa = {
-
 	/**
 	 * Check if user has 2FA enabled
 	 * @param {number} userId
@@ -72,8 +71,12 @@ const internal2fa = {
 	startSetup: async (access, userId) => {
 		await access.can("users:password", userId);
 		const user = await internalUser.get(access, { id: userId });
-		const secret = authenticator.generateSecret();
-		const otpauth_url = authenticator.keyuri(user.email, APP_NAME, secret);
+		const secret = generateSecret();
+		const otpauth_url = generateURI({
+			issuer: APP_NAME,
+			label: user.email,
+			secret: secret,
+		});
 		const auth = await internal2fa.getUserPasswordAuth(userId);
 
 		// ensure user isn't already setup for 2fa
@@ -85,7 +88,8 @@ const internal2fa = {
 		const meta = auth.meta || {};
 		meta.totp_pending_secret = secret;
 
-		await authModel.query()
+		await authModel
+			.query()
 			.where("id", auth.id)
 			.andWhere("user_id", userId)
 			.andWhere("type", "password")
@@ -112,8 +116,8 @@ const internal2fa = {
 			throw new errs.ValidationError("No pending 2FA setup found");
 		}
 
-		const valid = authenticator.verify({ token: code, secret });
-		if (!valid) {
+		const result = await verify({ token: code, secret });
+		if (!result.valid) {
 			throw new errs.ValidationError("Invalid verification code");
 		}
 
@@ -156,12 +160,15 @@ const internal2fa = {
 			throw new errs.ValidationError("2FA is not enabled");
 		}
 
-		const valid = authenticator.verify({
-			token: code,
-			secret: auth.meta.totp_secret,
-		});
+		const result = await verify({
+            token: code,
+            secret: auth.meta.totp_secret,
+            guardrails: createGuardrails({
+                MIN_SECRET_BYTES: 10,
+            }),
+        });
 
-		if (!valid) {
+		if (!result.valid) {
 			throw new errs.AuthError("Invalid verification code");
 		}
 
@@ -194,20 +201,30 @@ const internal2fa = {
 			return false;
 		}
 
-		// Try TOTP code first
-		const valid = authenticator.verify({
-			token,
-			secret,
-		});
+		// Try TOTP code first, if it's 6 chars. it will throw errors if it's not 6 chars
+		// and the backup codes are 8 chars.
+		if (token.length === 6) {
+			const result = await verify({
+				token,
+				secret,
+				// These guardrails lower the minimum length requirement for secrets.
+				// In v12 of otplib the default minimum length is 10 and in v13 it is 16.
+				// Since there are 2fa secrets in the wild generated with v12 we need to allow shorter secrets
+				// so people won't be locked out when upgrading.
+				guardrails: createGuardrails({
+					MIN_SECRET_BYTES: 10,
+				}),
+			});
 
-		if (valid) {
-			return true;
+			if (result.valid) {
+				return true;
+			}
 		}
 
 		// Try backup codes
 		const backupCodes = auth?.meta?.backup_codes || [];
 		for (let i = 0; i < backupCodes.length; i++) {
-			const match = await bcrypt.compare(code.toUpperCase(), backupCodes[i]);
+			const match = await bcrypt.compare(token.toUpperCase(), backupCodes[i]);
 			if (match) {
 				// Remove used backup code
 				const updatedCodes = [...backupCodes];
@@ -248,12 +265,12 @@ const internal2fa = {
 			throw new errs.ValidationError("No 2FA secret found");
 		}
 
-		const valid = authenticator.verify({
+		const result = await verify({
 			token,
 			secret,
 		});
 
-		if (!valid) {
+		if (!result.valid) {
 			throw new errs.ValidationError("Invalid verification code");
 		}
 

backend/internal/certificate.js

@@ -630,7 +630,7 @@ const internalCertificate = {
 	 * @param {String}  privateKey    This is the entire key contents as a string
 	 */
 	checkPrivateKey: async (privateKey) => {
-		const filepath = await tempWrite(privateKey, "/tmp");
+		const filepath = await tempWrite(privateKey);
 		const failTimeout = setTimeout(() => {
 			throw new error.ValidationError(
 				"Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.",
@@ -660,8 +660,8 @@ const internalCertificate = {
 	 * @param {Boolean} [throwExpired]  Throw when the certificate is out of date
 	 */
 	getCertificateInfo: async (certificate, throwExpired) => {
+		const filepath = await tempWrite(certificate);
 		try {
-			const filepath = await tempWrite(certificate, "/tmp");
 			const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired);
 			fs.unlinkSync(filepath);
 			return certData;

backend/lib/config.js

@@ -5,7 +5,7 @@ import { global as logger } from "../logger.js";
 const keysFile         = '/data/keys.json';
 const mysqlEngine      = 'mysql2';
 const postgresEngine   = 'pg';
-const sqliteClientName = 'sqlite3';
+const sqliteClientName = 'better-sqlite3';
 
 let instance = null;
 
@@ -84,6 +84,7 @@ const configure = () => {
 	}
 
 	const envSqliteFile = process.env.DB_SQLITE_FILE || "/data/database.sqlite";
+
 	logger.info(`Using Sqlite: ${envSqliteFile}`);
 	instance = {
 		database: {

backend/migrations/20260131163528_trust_forwarded_proto.js

@@ -0,0 +1,43 @@
+import { migrate as logger } from "../logger.js";
+
+const migrateName = "trust_forwarded_proto";
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object} knex
+ * @returns {Promise}
+ */
+const up = function (knex) {
+    logger.info(`[${migrateName}] Migrating Up...`);
+
+    return knex.schema
+        .alterTable('proxy_host', (table) => {
+            table.tinyint('trust_forwarded_proto').notNullable().defaultTo(0);
+        })
+        .then(() => {
+            logger.info(`[${migrateName}] proxy_host Table altered`);
+        });
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object} knex
+ * @returns {Promise}
+ */
+const down = function (knex) {
+    logger.info(`[${migrateName}] Migrating Down...`);
+
+    return knex.schema
+        .alterTable('proxy_host', (table) => {
+            table.dropColumn('trust_forwarded_proto');
+        })
+        .then(() => {
+            logger.info(`[${migrateName}] proxy_host Table altered`);
+        });
+};
+
+export { up, down };

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	"enabled",
 	"hsts_enabled",
 	"hsts_subdomains",
+	"trust_forwarded_proto",
 ];
 
 class ProxyHost extends Model {

backend/package.json

@@ -12,37 +12,38 @@
 		"validate-schema": "node validate-schema.js"
 	},
 	"dependencies": {
-		"@apidevtools/json-schema-ref-parser": "^11.7.0",
-		"ajv": "^8.17.1",
-		"archiver": "^5.3.0",
+		"@apidevtools/json-schema-ref-parser": "^14.1.1",
+		"ajv": "^8.18.0",
+		"archiver": "^7.0.1",
 		"batchflow": "^0.4.0",
-		"bcrypt": "^5.0.0",
-		"body-parser": "^1.20.3",
+		"bcrypt": "^6.0.0",
+		"better-sqlite3": "^12.6.2",
+		"body-parser": "^2.2.2",
 		"compression": "^1.7.4",
-		"express": "^4.22.0",
+		"express": "^5.2.1",
 		"express-fileupload": "^1.5.2",
 		"gravatar": "^1.8.2",
-		"jsonwebtoken": "^9.0.2",
-		"knex": "2.4.2",
-		"liquidjs": "10.6.1",
+		"jsonwebtoken": "^9.0.3",
+		"knex": "3.1.0",
+		"liquidjs": "10.24.0",
 		"lodash": "^4.17.23",
 		"moment": "^2.30.1",
-		"mysql2": "^3.15.3",
+		"mysql2": "^3.17.1",
 		"node-rsa": "^1.1.1",
-		"objection": "3.0.1",
-		"otplib": "^12.0.1",
+		"objection": "3.1.5",
+		"otplib": "^13.3.0",
 		"path": "^0.12.7",
-		"pg": "^8.16.3",
+		"pg": "^8.18.0",
 		"proxy-agent": "^6.5.0",
 		"signale": "1.4.0",
 		"sqlite3": "^5.1.7",
 		"temp-write": "^4.0.0"
 	},
 	"devDependencies": {
-		"@apidevtools/swagger-parser": "^10.1.0",
-		"@biomejs/biome": "^2.3.2",
-		"chalk": "4.1.2",
-		"nodemon": "^2.0.2"
+		"@apidevtools/swagger-parser": "^12.1.0",
+		"@biomejs/biome": "^2.3.14",
+		"chalk": "5.6.2",
+		"nodemon": "^3.1.11"
 	},
 	"signale": {
 		"displayDate": true,

backend/schema/components/proxy-host-object.json

@@ -22,7 +22,8 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains"
+		"hsts_subdomains",
+		"trust_forwarded_proto"
 	],
 	"properties": {
 		"id": {
@@ -141,6 +142,11 @@
 		"hsts_subdomains": {
 			"$ref": "../common.json#/properties/hsts_subdomains"
 		},
+		"trust_forwarded_proto":{
+			"type": "boolean",
+			"description": "Trust the forwarded headers",
+			"example": false
+		},
 		"certificate": {
 			"oneOf": [
 				{

backend/schema/paths/nginx/proxy-hosts/get.json

@@ -58,7 +58,8 @@
 									"enabled": true,
 									"locations": [],
 									"hsts_enabled": false,
-									"hsts_subdomains": false
+									"hsts_subdomains": false,
+									"trust_forwarded_proto": false
 								}
 							]
 						}

backend/schema/paths/nginx/proxy-hosts/hostID/get.json

@@ -56,6 +56,7 @@
 								"locations": [],
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
+								"trust_forwarded_proto": false,
 								"owner": {
 									"id": 1,
 									"created_on": "2025-10-28T00:50:24.000Z",

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -56,6 +56,9 @@
 						"hsts_subdomains": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
 						},
+						"trust_forwarded_proto": {
+    						"$ref": "../../../../components/proxy-host-object.json#/properties/trust_forwarded_proto"
+						},
 						"http2_support": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
 						},
@@ -122,6 +125,7 @@
 								"locations": [],
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
+								"trust_forwarded_proto": false,
 								"owner": {
 									"id": 1,
 									"created_on": "2025-10-28T00:50:24.000Z",

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -48,6 +48,9 @@
 						"hsts_subdomains": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/hsts_subdomains"
 						},
+						"trust_forwarded_proto": {
+    						"$ref": "../../../components/proxy-host-object.json#/properties/trust_forwarded_proto"
+						},
 						"http2_support": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/http2_support"
 						},
@@ -119,6 +122,7 @@
 								"locations": [],
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
+								"trust_forwarded_proto": false,
 								"certificate": null,
 								"owner": {
 									"id": 1,

backend/schema/paths/tokens/2fa/post.json

@@ -17,7 +17,7 @@
 						},
 						"code": {
 							"minLength": 6,
-							"maxLength": 6,
+							"maxLength": 8,
 							"type": "string",
 							"example": "012345"
 						}

backend/schema/paths/users/userID/2fa/backup-codes/post.json

@@ -16,7 +16,7 @@
 		}
 	],
 	"requestBody": {
-		"description": "Verififcation Payload",
+		"description": "Verification Payload",
 		"required": true,
 		"content": {
 			"application/json": {
@@ -25,7 +25,7 @@
 					"properties": {
 						"code": {
 							"minLength": 6,
-							"maxLength": 6,
+							"maxLength": 8,
 							"type": "string",
 							"example": "123456"
 						}

backend/schema/paths/users/userID/2fa/enable/post.json

@@ -16,7 +16,7 @@
 		}
 	],
 	"requestBody": {
-		"description": "Verififcation Payload",
+		"description": "Verification Payload",
 		"required": true,
 		"content": {
 			"application/json": {
@@ -25,7 +25,7 @@
 					"properties": {
 						"code": {
 							"minLength": 6,
-							"maxLength": 6,
+							"maxLength": 8,
 							"type": "string",
 							"example": "123456"
 						}

backend/templates/_forced_ssl.conf

@@ -1,6 +1,11 @@
 {% if certificate and certificate_id > 0 -%}
 {% if ssl_forced == 1 or ssl_forced == true %}
     # Force SSL
+    {% if trust_forwarded_proto == true %}
+    set $trust_forwarded_proto "T";
+    {% else %}
+    set $trust_forwarded_proto "F";
+    {% endif %}
     include conf.d/include/force-ssl.conf;
 {% endif %}
 {% endif %}

docker/docker-compose.ci.yml

@@ -109,7 +109,7 @@ services:
       - "cypress_logs:/test/results"
       - "./dev/resolv.conf:/etc/resolv.conf:ro"
       - "/etc/localtime:/etc/localtime:ro"
-    command: cypress run --browser chrome --config-file=cypress/config/ci.js
+    command: cypress run --browser chrome --config-file=cypress/config/ci.mjs
     networks:
       - fulltest
 

docker/docker-compose.dev.yml

@@ -192,7 +192,7 @@ services:
       - "../test/results:/results"
       - "./dev/resolv.conf:/etc/resolv.conf:ro"
       - "/etc/localtime:/etc/localtime:ro"
-    command: cypress run --browser chrome --config-file=cypress/config/ci.js
+    command: cypress run --browser chrome --config-file=cypress/config/ci.mjs
     networks:
       - nginx_proxy_manager
 

docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf

@@ -5,6 +5,28 @@ if ($scheme = "http") {
 if ($request_uri = /.well-known/acme-challenge/test-challenge) {
 	set $test "${test}T";
 }
+
+# Check if the ssl staff has been handled
+set $test_ssl_handled "";
+if ($trust_forwarded_proto = "") {
+	set $trust_forwarded_proto "F";
+}
+if ($trust_forwarded_proto = "T") {
+	set $test_ssl_handled "${test_ssl_handled}T";
+}
+if ($http_x_forwarded_proto = "https") {
+	set $test_ssl_handled "${test_ssl_handled}S";
+}
+if ($http_x_forwarded_scheme = "https") {
+	set $test_ssl_handled "${test_ssl_handled}S";
+}
+if ($test_ssl_handled = "TSS") {
+	set $test_ssl_handled "TS";
+}
+if ($test_ssl_handled = "TS") {
+	set $test "${test}S";
+}
+
 if ($test = H) {
 	return 301 https://$host$request_uri;
 }

docker/rootfs/etc/nginx/conf.d/include/proxy.conf

@@ -1,7 +1,7 @@
 add_header       X-Served-By $host;
 proxy_set_header Host $host;
-proxy_set_header X-Forwarded-Scheme $scheme;
-proxy_set_header X-Forwarded-Proto  $scheme;
+proxy_set_header X-Forwarded-Scheme $x_forwarded_scheme;
+proxy_set_header X-Forwarded-Proto  $x_forwarded_proto;
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
 proxy_pass       $forward_scheme://$server:$port$request_uri;

docker/rootfs/etc/nginx/nginx.conf

@@ -57,6 +57,18 @@ http {
 		default http;
 	}
 
+	# Handle upstream X-Forwarded-Proto and X-Forwarded-Scheme header
+	map $http_x_forwarded_proto $x_forwarded_proto {
+		"http" "http";
+		"https" "https";
+		default $scheme;
+	}
+	map $http_x_forwarded_scheme $x_forwarded_scheme {
+		"http" "http";
+		"https" "https";
+		default $scheme;
+	} 
+
 	# Real IP Determination
 
 	# Local subnets:

docker/scripts/install-s6

@@ -17,10 +17,6 @@ case $TARGETPLATFORM in
 		S6_ARCH=aarch64
 		;;
 
-	linux/arm/v7)
-		S6_ARCH=armhf
-		;;
-
 	*)
 		S6_ARCH=x86_64
 		;;

docs/src/setup/index.md

@@ -169,7 +169,11 @@ Custom Postgres schema is not supported, as such `public` will be used.
 The docker images support the following architectures:
 - amd64
 - arm64
-- armv7
+
+::: warning
+`armv7` is no longer supported in version 2.14+. This is due to Nodejs dropping support for armhf. Please
+use the `2.13.7` image tag if this applies to you.
+:::
 
 The docker images are a manifest of all the architecture docker builds supported, so this means
 you don't have to worry about doing anything special and you can follow the common instructions above.

frontend/biome.json

@@ -1,5 +1,5 @@
 {
-    "$schema": "https://biomejs.dev/schemas/2.3.2/schema.json",
+    "$schema": "https://biomejs.dev/schemas/2.3.14/schema.json",
     "vcs": {
         "enabled": true,
         "clientKind": "git",

frontend/check-locales.cjs

@@ -9,6 +9,7 @@
 const allLocales = [
   ["en", "en-US"],
   ["de", "de-DE"],
+  ["pt", "pt-PT"],
   ["es", "es-ES"],
   ["fr", "fr-FR"],
   ["it", "it-IT"],
@@ -17,6 +18,7 @@ const allLocales = [
   ["pl", "pl-PL"],
   ["ru", "ru-RU"],
   ["sk", "sk-SK"],
+  ["cs", "cs-CZ"],
   ["vi", "vi-VN"],
   ["zh", "zh-CN"],
   ["ko", "ko-KR"],

frontend/package.json

@@ -17,50 +17,50 @@
 	},
 	"dependencies": {
 		"@tabler/core": "^1.4.0",
-		"@tabler/icons-react": "^3.35.0",
-		"@tanstack/react-query": "^5.90.6",
+		"@tabler/icons-react": "^3.36.1",
+		"@tanstack/react-query": "^5.90.21",
 		"@tanstack/react-table": "^8.21.3",
 		"@uiw/react-textarea-code-editor": "^3.1.1",
 		"classnames": "^2.5.1",
-		"country-flag-icons": "^1.5.21",
+		"country-flag-icons": "^1.6.13",
 		"date-fns": "^4.1.0",
 		"ez-modal-react": "^1.0.5",
-		"formik": "^2.4.6",
+		"formik": "^2.4.9",
 		"generate-password-browser": "^1.1.0",
 		"humps": "^2.0.1",
 		"query-string": "^9.3.1",
-		"react": "^19.2.3",
+		"react": "^19.2.4",
 		"react-bootstrap": "^2.10.10",
-		"react-dom": "^19.2.3",
-		"react-intl": "^7.1.14",
+		"react-dom": "^19.2.4",
+		"react-intl": "^8.1.3",
 		"react-markdown": "^10.1.0",
-		"react-router-dom": "^7.9.5",
+		"react-router-dom": "^7.13.0",
 		"react-select": "^5.10.2",
 		"react-toastify": "^11.0.5",
-		"rooks": "^9.3.0"
+		"rooks": "^9.5.0"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "^2.3.2",
-		"@formatjs/cli": "^6.7.4",
-		"@tanstack/react-query-devtools": "^5.90.2",
+		"@biomejs/biome": "^2.4.2",
+		"@formatjs/cli": "^6.12.2",
+		"@tanstack/react-query-devtools": "^5.91.3",
 		"@testing-library/dom": "^10.4.1",
 		"@testing-library/jest-dom": "^6.9.1",
-		"@testing-library/react": "^16.3.0",
+		"@testing-library/react": "^16.3.2",
 		"@types/country-flag-icons": "^1.2.2",
 		"@types/humps": "^2.0.6",
-		"@types/react": "^19.2.7",
+		"@types/react": "^19.2.14",
 		"@types/react-dom": "^19.2.3",
 		"@types/react-table": "^7.7.20",
-		"@vitejs/plugin-react": "^5.1.2",
-		"happy-dom": "^20.0.10",
+		"@vitejs/plugin-react": "^5.1.4",
+		"happy-dom": "^20.6.1",
 		"postcss": "^8.5.6",
 		"postcss-simple-vars": "^7.0.1",
-		"sass": "^1.93.3",
+		"sass": "^1.97.3",
 		"tmp": "^0.2.5",
 		"typescript": "5.9.3",
-		"vite": "^7.1.12",
-		"vite-plugin-checker": "^0.11.0",
-		"vite-tsconfig-paths": "^5.1.4",
-		"vitest": "^4.0.6"
+		"vite": "^7.3.1",
+		"vite-plugin-checker": "^0.12.0",
+		"vite-tsconfig-paths": "^6.1.1",
+		"vitest": "^4.0.18"
 	}
 }

frontend/src/api/backend/models.ts

@@ -127,6 +127,7 @@ export interface ProxyHost {
 	locations?: ProxyLocation[];
 	hstsEnabled: boolean;
 	hstsSubdomains: boolean;
+	trustForwardedProto: boolean;
 	// Expansions:
 	owner?: User;
 	accessList?: AccessList;

frontend/src/components/Form/SSLOptionsFields.tsx

@@ -5,17 +5,18 @@ import { T } from "src/locale";
 
 interface Props {
 	forHttp?: boolean; // the sslForced, http2Support, hstsEnabled, hstsSubdomains fields
+	forProxyHost?: boolean; // the advanced fields
 	forceDNSForNew?: boolean;
 	requireDomainNames?: boolean; // used for streams
 	color?: string;
 }
-export function SSLOptionsFields({ forHttp = true, forceDNSForNew, requireDomainNames, color = "bg-cyan" }: Props) {
+export function SSLOptionsFields({ forHttp = true, forProxyHost = false, forceDNSForNew, requireDomainNames, color = "bg-cyan" }: Props) {
 	const { values, setFieldValue } = useFormikContext();
 	const v: any = values || {};
 
 	const newCertificate = v?.certificateId === "new";
 	const hasCertificate = newCertificate || (v?.certificateId && v?.certificateId > 0);
-	const { sslForced, http2Support, hstsEnabled, hstsSubdomains, meta } = v;
+	const { sslForced, http2Support, hstsEnabled, hstsSubdomains, trustForwardedProto, meta } = v;
 	const { dnsChallenge } = meta || {};
 
 	if (forceDNSForNew && newCertificate && !dnsChallenge) {
@@ -115,6 +116,34 @@ export function SSLOptionsFields({ forHttp = true, forceDNSForNew, requireDomain
 		</div>
 	);
 
+	const getHttpAdvancedOptions = () =>(
+		<div>
+			<details>
+				<summary className="mb-1"><T id="domains.advanced" /></summary>
+				<div className="row">
+					<div className="col-12">
+						<Field name="trustForwardedProto">
+							{({ field }: any) => (
+								<label className="form-check form-switch mt-1">
+									<input
+										className={trustForwardedProto ? toggleEnabled : toggleClasses}
+										type="checkbox"
+										checked={!!trustForwardedProto}
+										onChange={(e) => handleToggleChange(e, field.name)}
+										disabled={!hasCertificate || !sslForced}
+									/>
+									<span className="form-check-label">
+										<T id="domains.trust-forwarded-proto" />
+									</span>
+								</label>
+							)}
+						</Field>
+					</div>
+				</div>
+			</details>
+		</div>
+	);
+
 	return (
 		<div>
 			{forHttp ? getHttpOptions() : null}
@@ -140,6 +169,7 @@ export function SSLOptionsFields({ forHttp = true, forceDNSForNew, requireDomain
 					{dnsChallenge ? <DNSProviderFields showBoundaryBox /> : null}
 				</>
 			) : null}
+			{forProxyHost && forHttp ? getHttpAdvancedOptions() : null}
 		</div>
 	);
 }

frontend/src/hooks/useProxyHost.ts

@@ -24,6 +24,7 @@ const fetchProxyHost = (id: number | "new") => {
 			enabled: true,
 			hstsEnabled: false,
 			hstsSubdomains: false,
+			trustForwardedProto: false,
 		} as ProxyHost);
 	}
 	return getProxyHost(id, ["owner"]);

frontend/src/locale/IntlProvider.tsx

@@ -1,6 +1,7 @@
 import { createIntl, createIntlCache } from "react-intl";
 import langBg from "./lang/bg.json";
 import langDe from "./lang/de.json";
+import langPt from "./lang/pt.json";
 import langEn from "./lang/en.json";
 import langEs from "./lang/es.json";
 import langFr from "./lang/fr.json";
@@ -13,6 +14,7 @@ import langNl from "./lang/nl.json";
 import langPl from "./lang/pl.json";
 import langRu from "./lang/ru.json";
 import langSk from "./lang/sk.json";
+import langCs from "./lang/cs.json";
 import langVi from "./lang/vi.json";
 import langZh from "./lang/zh.json";
 import langTr from "./lang/tr.json";
@@ -26,6 +28,7 @@ const localeOptions = [
   ["en", "en-US", langEn],
   ["de", "de-DE", langDe],
   ["es", "es-ES", langEs],
+  ["pt", "pt-PT", langPt],
   ["fr", "fr-FR", langFr],
   ["ga", "ga-IE", langGa],
   ["ja", "ja-JP", langJa],
@@ -34,6 +37,7 @@ const localeOptions = [
   ["pl", "pl-PL", langPl],
   ["ru", "ru-RU", langRu],
   ["sk", "sk-SK", langSk],
+  ["cs", "cs-CZ", langCs],
   ["vi", "vi-VN", langVi],
   ["zh", "zh-CN", langZh],
   ["ko", "ko-KR", langKo],
@@ -63,6 +67,7 @@ const getFlagCodeForLocale = (locale?: string) => {
     zh: "cn", // China
     vi: "vn", // Vietnam
     ko: "kr", // Korea
+    cs: "cz", // Czechia
   };
 
   if (specialCases[thisLocale]) {

frontend/src/locale/src/HelpDoc/cs/AccessLists.md

@@ -0,0 +1,7 @@
+## Co je seznam přístupů?
+
+Seznamy přístupů poskytují blacklist nebo whitelist konkrétních IP adres klientů spolu s ověřením pro proxy hostitele prostřednictvím základního ověřování HTTP.
+
+Můžete nakonfigurovat více pravidel pro klienty, uživatelská jména a hesla pro jeden seznam přístupu a poté ho použít na jednoho nebo více proxy hostitelů.
+
+Toto je nejužitečnější pro přesměrované webové služby, které nemají vestavěné ověřovací mechanismy, nebo pokud se chcete chránit před neznámými klienty.

frontend/src/locale/src/HelpDoc/cs/Certificates.md

@@ -0,0 +1,32 @@
+## Pomoc s certifikáty
+
+### Certifikát HTTP
+
+Certifikát ověřený prostřednictvím protokolu HTTP znamená, že servery Let's Encrypt se
+pokusí připojit k vašim doménám přes protokol HTTP (nikoli HTTPS!) a v případě úspěchu
+vydají váš certifikát.
+
+Pro tuto metodu budete muset mít pro své domény vytvořeného _Proxy Host_, který
+je přístupný přes HTTP a směruje na tuto instalaci Nginx. Po vydání certifikátu
+můžete změnit _Proxy Host_ tak, aby tento certifikát používal i pro HTTPS
+připojení. _Proxy Host_ však bude stále potřeba nakonfigurovat pro přístup přes HTTP,
+aby se certifikát mohl obnovit.
+
+Tento proces _nepodporuje_ domény se zástupnými znaky.
+
+### Certifikát DNS
+
+Certifikát ověřený DNS vyžaduje použití pluginu DNS Provider. Tento DNS
+Provider se použije na vytvoření dočasných záznamů ve vaší doméně a poté Let's
+Encrypt ověří tyto záznamy, aby se ujistil, že jste vlastníkem, a pokud bude úspěšný,
+vydá váš certifikát.
+
+Před požádáním o tento typ certifikátu není potřeba vytvořit _Proxy Host_.
+Není také potřeba mít _Proxy Host_ nakonfigurovaný pro přístup HTTP.
+
+Tento proces _podporuje_ domény se zástupnými znaky.
+
+### Vlastní certifikát
+
+Tuto možnost použijte na nahrání vlastního SSL certifikátu, který vám poskytla vaše
+certifikační autorita.

frontend/src/locale/src/HelpDoc/cs/DeadHosts.md

@@ -0,0 +1,10 @@
+## Co je to 404 Host?
+
+404 Host je jednoduše nastavení hostitele, které zobrazuje stránku 404.
+
+To může být užitečné, pokud je vaše doména uvedena ve vyhledávačích a chcete
+poskytnout hezčí chybovou stránku nebo konkrétně oznámit vyhledávačům, že
+stránky domény již neexistují.
+
+Další výhodou tohoto hostitele je sledování protokolů o návštěvách a
+zobrazení odkazů.

frontend/src/locale/src/HelpDoc/cs/ProxyHosts.md

@@ -0,0 +1,7 @@
+## Co je proxy hostitel?
+
+Proxy hostitel je příchozí koncový bod pro webovou službu, kterou chcete přesměrovat.
+
+Poskytuje volitelné ukončení SSL pro vaši službu, která nemusí mít zabudovanou podporu SSL.
+
+Proxy hostitelé jsou nejběžnějším použitím pro Nginx Proxy Manager.

frontend/src/locale/src/HelpDoc/cs/RedirectionHosts.md

@@ -0,0 +1,7 @@
+## Co je přesměrovací hostitel?
+
+Přesměrovací hostitel přesměruje požadavky z příchozí domény a přesměruje
+návštěvníka na jinou doménu.
+
+Nejčastějším důvodem pro použití tohoto typu hostitele je situace, kdy vaše webová stránka změní
+doménu, ale stále máte odkazy ve vyhledávačích nebo referenční odkazy směřující na starou doménu.

frontend/src/locale/src/HelpDoc/cs/Streams.md

@@ -0,0 +1,6 @@
+## Co je stream?
+
+Stream je relativně nová funkce pro Nginx, která slouží na přesměrování TCP/UDP
+datového toku přímo do jiného počítače v síti.
+
+Pokud provozujete herní servery, FTP nebo SSH servery, tato funkce se vám může hodit.

frontend/src/locale/src/HelpDoc/cs/index.ts

@@ -0,0 +1,6 @@
+export * as AccessLists from "./AccessLists.md";
+export * as Certificates from "./Certificates.md";
+export * as DeadHosts from "./DeadHosts.md";
+export * as ProxyHosts from "./ProxyHosts.md";
+export * as RedirectionHosts from "./RedirectionHosts.md";
+export * as Streams from "./Streams.md";

frontend/src/locale/src/HelpDoc/index.ts

@@ -1,5 +1,6 @@
 import * as bg from "./bg/index";
 import * as de from "./de/index";
+import * as pt from "./pt/index";
 import * as en from "./en/index";
 import * as es from "./es/index";
 import * as fr from "./fr/index";
@@ -12,12 +13,14 @@ import * as nl from "./nl/index";
 import * as pl from "./pl/index";
 import * as ru from "./ru/index";
 import * as sk from "./sk/index";
+import * as cs from "./cs/index";
 import * as vi from "./vi/index";
 import * as zh from "./zh/index";
 import * as tr from "./tr/index";
 import * as hu from "./hu/index";
 
-const items: any = { en, de, es, ja, sk, zh, pl, ru, it, vi, nl, bg, ko, ga, id, fr, tr, hu };
+const items: any = { en, de, pt, es, ja, sk, cs, zh, pl, ru, it, vi, nl, bg, ko, ga, id, fr, tr, hu };
+
 
 const fallbackLang = "en";
 

frontend/src/locale/src/HelpDoc/pt/AccessLists.md

@@ -0,0 +1,11 @@
+## O que é uma Access List?
+
+As *Access Lists* fornecem uma lista de permissões (whitelist) ou bloqueios (blacklist)
+de endereços IP específicos de clientes, juntamente com autenticação para os *Proxy Hosts*
+via Autenticação HTTP Básica (*Basic Auth*).
+
+Podes configurar múltiplas regras de cliente, nomes de utilizador e palavras-passe
+para uma única *Access List*, e depois aplicá-la a um ou mais *Proxy Hosts*.
+
+Isto é especialmente útil para serviços web encaminhados que não têm mecanismos
+de autenticação integrados ou quando pretendes proteger o acesso contra clientes desconhecidos.

frontend/src/locale/src/HelpDoc/pt/Certificates.md

@@ -0,0 +1,31 @@
+## Ajuda de Certificados
+
+### Certificado HTTP
+
+Um certificado validado por HTTP significa que os servidores do Let's Encrypt irão
+tentar aceder aos teus domínios via HTTP (não HTTPS!) e, se a ligação for bem-sucedida,
+emitirão o certificado.
+
+Para este método, é necessário ter um *Proxy Host* criado para o(s) teu(s) domínio(s),
+acessível via HTTP e a apontar para esta instalação do Nginx. Depois de o certificado ser
+emitido, podes modificar o *Proxy Host* para também utilizar esse certificado em ligações HTTPS.
+No entanto, o *Proxy Host* deve continuar configurado para acesso HTTP para que a renovação
+funcione corretamente.
+
+Este processo **não** suporta domínios wildcard.
+
+### Certificado DNS
+
+Um certificado validado por DNS requer que uses um plugin de fornecedor DNS (*DNS Provider*).
+Este fornecedor será usado para criar registos temporários no teu domínio, que serão consultados
+pelo Let's Encrypt para confirmar que és o proprietário. Se tudo correr bem, o certificado será emitido.
+
+Não é necessário ter um *Proxy Host* criado antes de pedir este tipo de certificado.
+Também não é necessário que o *Proxy Host* tenha acesso HTTP configurado.
+
+Este processo **suporta** domínios wildcard.
+
+### Certificado Personalizado
+
+Usa esta opção para carregar o teu próprio Certificado SSL, fornecido pela
+tua Autoridade Certificadora.

frontend/src/locale/src/HelpDoc/pt/DeadHosts.md

@@ -0,0 +1,9 @@
+## O que é um 404 Host?
+
+Um *404 Host* é simplesmente um host configurado para apresentar uma página 404.
+
+Isto pode ser útil quando o teu domínio aparece em motores de busca e queres fornecer
+uma página de erro mais agradável ou indicar especificamente aos indexadores de pesquisa
+que as páginas desse domínio já não existem.
+
+Outra vantagem é permitir consultar os registos de acessos a este host e ver os referenciadores.

frontend/src/locale/src/HelpDoc/pt/ProxyHosts.md

@@ -0,0 +1,7 @@
+## O que é um Proxy Host?
+
+Um *Proxy Host* é o ponto de entrada para um serviço web que pretendes encaminhar.
+
+Permite, opcionalmente, fazer terminação SSL para um serviço que possa não ter suporte SSL nativo.
+
+Os *Proxy Hosts* são a utilização mais comum do Nginx Proxy Manager.

frontend/src/locale/src/HelpDoc/pt/RedirectionHosts.md

@@ -0,0 +1,7 @@
+## O que é um Redirection Host?
+
+Um *Redirection Host* redireciona pedidos recebidos no domínio de entrada e envia
+o utilizador para outro domínio.
+
+A razão mais comum para usar este tipo de host é quando o teu site muda de domínio
+mas ainda tens motores de busca ou links de referência a apontar para o domínio antigo.

frontend/src/locale/src/HelpDoc/pt/Streams.md

@@ -0,0 +1,6 @@
+## O que é um Stream?
+
+Uma funcionalidade relativamente recente no Nginx, um *Stream* serve para encaminhar
+tráfego TCP/UDP diretamente para outro computador na rede.
+
+Se estiveres a executar servidores de jogos, FTP ou SSH, isto pode ser bastante útil.

frontend/src/locale/src/HelpDoc/pt/index.ts

@@ -0,0 +1,6 @@
+export * as AccessLists from "./AccessLists.md";
+export * as Certificates from "./Certificates.md";
+export * as DeadHosts from "./DeadHosts.md";
+export * as ProxyHosts from "./ProxyHosts.md";
+export * as RedirectionHosts from "./RedirectionHosts.md";
+export * as Streams from "./Streams.md";

frontend/src/locale/src/cs.json

@@ -0,0 +1,770 @@
+{
+	"2fa.backup-codes-remaining": {
+		"defaultMessage": "Počet zbývajících záložních kódů: {count}"
+	},
+	"2fa.backup-warning": {
+		"defaultMessage": "Tyto záložní kódy si uložte na bezpečném místě. Každý kód lze použít pouze jednou."
+	},
+	"2fa.disable": {
+		"defaultMessage": "Vypnout dvoufaktorové ověřování"
+	},
+	"2fa.disable-confirm": {
+		"defaultMessage": "Vypnout 2FA"
+	},
+	"2fa.disable-warning": {
+		"defaultMessage": "Vypnutím dvoufaktorového ověřování snížíte bezpečnost svého účtu."
+	},
+	"2fa.disabled": {
+		"defaultMessage": "Vypnuto"
+	},
+	"2fa.done": {
+		"defaultMessage": "Uložil jsem si své záložní kódy."
+	},
+	"2fa.enable": {
+		"defaultMessage": "Zapnout dvoufaktorové ověřování"
+	},
+	"2fa.enabled": {
+		"defaultMessage": "Zapnuto"
+	},
+	"2fa.enter-code": {
+		"defaultMessage": "Zadejte ověřovací kód"
+	},
+	"2fa.enter-code-disable": {
+		"defaultMessage": "Zadejte ověřovací kód pro vypnutí"
+	},
+	"2fa.regenerate": {
+		"defaultMessage": "Znovu vytvořit"
+	},
+	"2fa.regenerate-backup": {
+		"defaultMessage": "Znovu vytvořit záložní kódy"
+	},
+	"2fa.regenerate-instructions": {
+		"defaultMessage": "Zadejte ověřovací kód pro vytvoření nových záložních kódů. Vaše staré kódy budou neplatné."
+	},
+	"2fa.secret-key": {
+		"defaultMessage": "Tajný klíč"
+	},
+	"2fa.setup-instructions": {
+		"defaultMessage": "Naskenujte tento QR kód pomocí své ověřovací aplikace nebo zadejte tajný klíč ručně."
+	},
+	"2fa.status": {
+		"defaultMessage": "Stav"
+	},
+	"2fa.title": {
+		"defaultMessage": "Dvoufaktorové ověření"
+	},
+	"2fa.verify-enable": {
+		"defaultMessage": "Ověřit a zapnout"
+	},
+	"access-list": {
+		"defaultMessage": "seznam přístupů"
+	},
+	"access-list.access-count": {
+		"defaultMessage": "{count} {count, plural, one {pravidlo} few {pravidla} other {pravidel}}"
+	},
+	"access-list.auth-count": {
+		"defaultMessage": "{count} {count, plural, one {uživatel} few {uživatelé} other {uživatelů}}"
+	},
+	"access-list.help-rules-last": {
+		"defaultMessage": "Když existuje alespoň jedno pravidlo, toto pravidlo „zamítnout vše“ bude přidáno jako poslední"
+	},
+	"access-list.help.rules-order": {
+		"defaultMessage": "Upozornění: pravidla povolit a zamítnout budou uplatňována v pořadí, v jakém jsou definována."
+	},
+	"access-list.pass-auth": {
+		"defaultMessage": "Odeslat ověření na Upstream"
+	},
+	"access-list.public": {
+		"defaultMessage": "Veřejně přístupné"
+	},
+	"access-list.public.subtitle": {
+		"defaultMessage": "Není potřeba základní ověření"
+	},
+	"access-list.rule-source.placeholder": {
+		"defaultMessage": "192.168.1.100 nebo 192.168.1.0/24 nebo 2001:0db8::/32"
+	},
+	"access-list.satisfy-any": {
+		"defaultMessage": "Splnit kterékoliv"
+	},
+	"access-list.subtitle": {
+		"defaultMessage": "{users} {users, plural, one {uživatel} few {uživatelé} other {uživatelů}}, {rules} {rules, plural, one {pravidlo} few {pravidla} other {pravidel}} - Vytvořeno: {date}"
+	},
+	"access-lists": {
+		"defaultMessage": "Seznamy přístupů"
+	},
+	"action.add": {
+		"defaultMessage": "Přidat"
+	},
+	"action.add-location": {
+		"defaultMessage": "Přidat umístění"
+	},
+	"action.allow": {
+		"defaultMessage": "Povolit"
+	},
+	"action.close": {
+		"defaultMessage": "Zavřít"
+	},
+	"action.delete": {
+		"defaultMessage": "Smazat"
+	},
+	"action.deny": {
+		"defaultMessage": "Zamítnout"
+	},
+	"action.disable": {
+		"defaultMessage": "Deaktivovat"
+	},
+	"action.download": {
+		"defaultMessage": "Stáhnout"
+	},
+	"action.edit": {
+		"defaultMessage": "Upravit"
+	},
+	"action.enable": {
+		"defaultMessage": "Aktivovat"
+	},
+	"action.permissions": {
+		"defaultMessage": "Oprávnění"
+	},
+	"action.renew": {
+		"defaultMessage": "Obnovit"
+	},
+	"action.view-details": {
+		"defaultMessage": "Zobrazit podrobnosti"
+	},
+	"auditlogs": {
+		"defaultMessage": "Záznamy auditu"
+	},
+	"auto": {
+		"defaultMessage": "Automaticky"
+	},
+	"cancel": {
+		"defaultMessage": "Zrušit"
+	},
+	"certificate": {
+		"defaultMessage": "certifikát"
+	},
+	"certificate.custom-certificate": {
+		"defaultMessage": "Certifikát"
+	},
+	"certificate.custom-certificate-key": {
+		"defaultMessage": "Klíč certifikátu"
+	},
+	"certificate.custom-intermediate": {
+		"defaultMessage": "Zprostředkovatelský certifikát"
+	},
+	"certificate.in-use": {
+		"defaultMessage": "Používá se"
+	},
+	"certificate.none.subtitle": {
+		"defaultMessage": "Není přiřazen žádný certifikát"
+	},
+	"certificate.none.subtitle.for-http": {
+		"defaultMessage": "Tento hostitel nebude používat HTTPS"
+	},
+	"certificate.none.title": {
+		"defaultMessage": "Žádný"
+	},
+	"certificate.not-in-use": {
+		"defaultMessage": "Nepoužívá se"
+	},
+	"certificate.renew": {
+		"defaultMessage": "Obnovit certifikát"
+	},
+	"certificates": {
+		"defaultMessage": "Certifikáty"
+	},
+	"certificates.custom": {
+		"defaultMessage": "Vlastní certifikát"
+	},
+	"certificates.custom.warning": {
+		"defaultMessage": "Soubory klíčů chráněné heslem nejsou podporovány."
+	},
+	"certificates.dns.credentials": {
+		"defaultMessage": "Obsah souboru s přihlašovacími údaji"
+	},
+	"certificates.dns.credentials-note": {
+		"defaultMessage": "Tento doplněk vyžaduje konfigurační soubor obsahující API token nebo jiné přihlašovací údaje vašeho poskytovatele"
+	},
+	"certificates.dns.credentials-warning": {
+		"defaultMessage": "Tyto údaje budou uloženy v databázi a v souboru jako obyčejný text!"
+	},
+	"certificates.dns.propagation-seconds": {
+		"defaultMessage": "Propagace v sekundách"
+	},
+	"certificates.dns.propagation-seconds-note": {
+		"defaultMessage": "Nechte prázdné pro výchozí hodnotu doplňku. Počet sekund, po které se čeká na propagaci DNS."
+	},
+	"certificates.dns.provider": {
+		"defaultMessage": "DNS poskytovatel"
+	},
+	"certificates.dns.provider.placeholder": {
+		"defaultMessage": "Vyberte poskytovatele..."
+	},
+	"certificates.dns.warning": {
+		"defaultMessage": "Tato sekce vyžaduje znalost Certbotu a jeho DNS doplňků. Prosím, podívejte se do dokumentace příslušného doplňku."
+	},
+	"certificates.http.reachability-404": {
+		"defaultMessage": "Na této doméně byl nalezen server, ale nezdá se, že jde o Nginx Proxy Manager. Ujistěte se, že vaše doména směřuje na IP, kde běží vaše instance NPM."
+	},
+	"certificates.http.reachability-failed-to-check": {
+		"defaultMessage": "Nepodařilo se ověřit dostupnost kvůli chybě komunikace se službou site24x7.com."
+	},
+	"certificates.http.reachability-not-resolved": {
+		"defaultMessage": "Na této doméně není dostupný žádný server. Ujistěte se, že doména existuje a směřuje na IP adresu s NPM a pokud je to potřeba, port 80 je přesměrován ve vašem routeru."
+	},
+	"certificates.http.reachability-ok": {
+		"defaultMessage": "Váš server je dostupný a vytvoření certifikátu by mělo být možné."
+	},
+	"certificates.http.reachability-other": {
+		"defaultMessage": "Na této doméně byl nalezen server, ale vrátil neočekávaný stavový kód {code}. Je to NPM server? Ujistěte se prosím, že doména směřuje na IP, kde běží vaše instance NPM."
+	},
+	"certificates.http.reachability-wrong-data": {
+		"defaultMessage": "Na této doméně byl nalezen server, ale vrátil neočekávaná data. Je to NPM server? Ujistěte se, že doména směřuje na IP, kde běží vaše instance NPM."
+	},
+	"certificates.http.test-results": {
+		"defaultMessage": "Výsledky testu"
+	},
+	"certificates.http.warning": {
+		"defaultMessage": "Tyto domény musí být již nakonfigurovány tak, aby směřovaly na tuto instalaci."
+	},
+	"certificates.key-type": {
+		"defaultMessage": "Typ klíče"
+	},
+	"certificates.key-type-description": {
+		"defaultMessage": "RSA je široce kompatibilní, ECDSA je rychlejší a bezpečnější, ale nemusí být podporován staršími systémy"
+	},
+	"certificates.key-type-ecdsa": {
+		"defaultMessage": "ECDSA 256"
+	},
+	"certificates.key-type-rsa": {
+		"defaultMessage": "RSA 2048"
+	},
+	"certificates.request.subtitle": {
+		"defaultMessage": "pomocí Let's Encrypt"
+	},
+	"certificates.request.title": {
+		"defaultMessage": "Vyžádat nový certifikát"
+	},
+	"column.access": {
+		"defaultMessage": "Přístup"
+	},
+	"column.authorization": {
+		"defaultMessage": "Autorizace"
+	},
+	"column.authorizations": {
+		"defaultMessage": "Autorizace"
+	},
+	"column.custom-locations": {
+		"defaultMessage": "Vlastní umístění"
+	},
+	"column.destination": {
+		"defaultMessage": "Cíl"
+	},
+	"column.details": {
+		"defaultMessage": "Podrobnosti"
+	},
+	"column.email": {
+		"defaultMessage": "Email"
+	},
+	"column.event": {
+		"defaultMessage": "Událost"
+	},
+	"column.expires": {
+		"defaultMessage": "Platnost do"
+	},
+	"column.http-code": {
+		"defaultMessage": "Přístup"
+	},
+	"column.incoming-port": {
+		"defaultMessage": "Vstupní port"
+	},
+	"column.name": {
+		"defaultMessage": "Název"
+	},
+	"column.protocol": {
+		"defaultMessage": "Protokol"
+	},
+	"column.provider": {
+		"defaultMessage": "Poskytovatel"
+	},
+	"column.roles": {
+		"defaultMessage": "Role"
+	},
+	"column.rules": {
+		"defaultMessage": "Pravidla"
+	},
+	"column.satisfy": {
+		"defaultMessage": "Splnit"
+	},
+	"column.satisfy-all": {
+		"defaultMessage": "Všechny"
+	},
+	"column.satisfy-any": {
+		"defaultMessage": "Kterékoliv"
+	},
+	"column.scheme": {
+		"defaultMessage": "Schéma"
+	},
+	"column.source": {
+		"defaultMessage": "Zdroj"
+	},
+	"column.ssl": {
+		"defaultMessage": "SSL"
+	},
+	"column.status": {
+		"defaultMessage": "Stav"
+	},
+	"created-on": {
+		"defaultMessage": "Vytvořeno: {date}"
+	},
+	"dashboard": {
+		"defaultMessage": "Panel"
+	},
+	"dead-host": {
+		"defaultMessage": "404 hostitel"
+	},
+	"dead-hosts": {
+		"defaultMessage": "404 Hostitelé"
+	},
+	"dead-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {404 hostitel} few {404 hostitelé} other {404 hostitelů}}"
+	},
+	"disabled": {
+		"defaultMessage": "Deaktivováno"
+	},
+	"domain-names": {
+		"defaultMessage": "Doménová jména"
+	},
+	"domain-names.max": {
+		"defaultMessage": "Maximálně {count} doménových jmen"
+	},
+	"domain-names.placeholder": {
+		"defaultMessage": "Začněte psát pro přidání domény..."
+	},
+	"domain-names.wildcards-not-permitted": {
+		"defaultMessage": "Wildcards nejsou pro tento typ povoleny"
+	},
+	"domain-names.wildcards-not-supported": {
+		"defaultMessage": "Wildcards nejsou podporovány pro tuto certifikační autoritu"
+	},
+	"domains.force-ssl": {
+		"defaultMessage": "Vynutit SSL"
+	},
+	"domains.hsts-enabled": {
+		"defaultMessage": "HSTS povoleno"
+	},
+	"domains.hsts-subdomains": {
+		"defaultMessage": "HSTS pro subdomény"
+	},
+	"domains.http2-support": {
+		"defaultMessage": "Podpora HTTP/2"
+	},
+	"domains.use-dns": {
+		"defaultMessage": "Použít DNS výzvu"
+	},
+	"email-address": {
+		"defaultMessage": "Emailová adresa"
+	},
+	"empty-search": {
+		"defaultMessage": "Nebyly nalezeny žádné výsledky"
+	},
+	"empty-subtitle": {
+		"defaultMessage": "Proč nevytvoříte nějaký?"
+	},
+	"enabled": {
+		"defaultMessage": "Aktivováno"
+	},
+	"error.access.at-least-one": {
+		"defaultMessage": "Je vyžadována alespoň jedna autorizace nebo jedno přístupové pravidlo"
+	},
+	"error.access.duplicate-usernames": {
+		"defaultMessage": "Uživatelská jména pro autorizaci musí být jedinečná"
+	},
+	"error.invalid-auth": {
+		"defaultMessage": "Neplatný email nebo heslo"
+	},
+	"error.invalid-domain": {
+		"defaultMessage": "Neplatná doména: {domain}"
+	},
+	"error.invalid-email": {
+		"defaultMessage": "Neplatná emailová adresa"
+	},
+	"error.max-character-length": {
+		"defaultMessage": "Maximální délka je {max} znak{max, plural, one {} few {y} other {ů}}"
+	},
+	"error.max-domains": {
+		"defaultMessage": "Příliš mnoho domén, maximum je {max}"
+	},
+	"error.maximum": {
+		"defaultMessage": "Maximum je {max}"
+	},
+	"error.min-character-length": {
+		"defaultMessage": "Minimální délka je {min} znak{min, plural, one {} few {y} other {ů}}"
+	},
+	"error.minimum": {
+		"defaultMessage": "Minimum je {min}"
+	},
+	"error.passwords-must-match": {
+		"defaultMessage": "Hesla se musí shodovat"
+	},
+	"error.required": {
+		"defaultMessage": "Toto pole je povinné"
+	},
+	"expires.on": {
+		"defaultMessage": "Platnost do: {date}"
+	},
+	"footer.github-fork": {
+		"defaultMessage": "Forkněte mě na GitHubu"
+	},
+	"host.flags.block-exploits": {
+		"defaultMessage": "Blokovat běžné exploity"
+	},
+	"host.flags.cache-assets": {
+		"defaultMessage": "Uložit zdroje do mezipaměti"
+	},
+	"host.flags.preserve-path": {
+		"defaultMessage": "Zachovat cestu"
+	},
+	"host.flags.protocols": {
+		"defaultMessage": "Protokoly"
+	},
+	"host.flags.websockets-upgrade": {
+		"defaultMessage": "Podpora WebSockets"
+	},
+	"host.forward-port": {
+		"defaultMessage": "Port přesměrování"
+	},
+	"host.forward-scheme": {
+		"defaultMessage": "Schéma"
+	},
+	"hosts": {
+		"defaultMessage": "Hostitelé"
+	},
+	"http-only": {
+		"defaultMessage": "Pouze HTTP"
+	},
+	"lets-encrypt": {
+		"defaultMessage": "Let's Encrypt"
+	},
+	"lets-encrypt-via-dns": {
+		"defaultMessage": "Let's Encrypt přes DNS"
+	},
+	"lets-encrypt-via-http": {
+		"defaultMessage": "Let's Encrypt přes HTTP"
+	},
+	"loading": {
+		"defaultMessage": "Načítá se…"
+	},
+	"login.2fa-code": {
+		"defaultMessage": "Ověřovací kód"
+	},
+	"login.2fa-code-placeholder": {
+		"defaultMessage": "Vložit kód"
+	},
+	"login.2fa-description": {
+		"defaultMessage": "Vložte kód z vaší ověřovací aplikace"
+	},
+	"login.2fa-title": {
+		"defaultMessage": "Dvoufaktorové ověření"
+	},
+	"login.2fa-verify": {
+		"defaultMessage": "Ověřit"
+	},
+	"login.title": {
+		"defaultMessage": "Přihlaste se ke svému účtu"
+	},
+	"nginx-config.label": {
+		"defaultMessage": "Vlastní Nginx konfigurace"
+	},
+	"nginx-config.placeholder": {
+		"defaultMessage": "# Zadejte vlastní Nginx konfiguraci na vlastní riziko!"
+	},
+	"no-permission-error": {
+		"defaultMessage": "Nemáte oprávnění k zobrazení tohoto obsahu."
+	},
+	"notfound.action": {
+		"defaultMessage": "Zpět na hlavní stránku"
+	},
+	"notfound.content": {
+		"defaultMessage": "Omlouváme se, stránka, kterou hledáte, nebyla nalezena"
+	},
+	"notfound.title": {
+		"defaultMessage": "Ups… Našli jste chybovou stránku"
+	},
+	"notification.error": {
+		"defaultMessage": "Chyba"
+	},
+	"notification.object-deleted": {
+		"defaultMessage": "{object} byl odstraněn"
+	},
+	"notification.object-disabled": {
+		"defaultMessage": "{object} byl deaktivován"
+	},
+	"notification.object-enabled": {
+		"defaultMessage": "{object} byl aktivován"
+	},
+	"notification.object-renewed": {
+		"defaultMessage": "{object} byl obnoven"
+	},
+	"notification.object-saved": {
+		"defaultMessage": "{object} byl uložen"
+	},
+	"notification.success": {
+		"defaultMessage": "Úspěch"
+	},
+	"object.actions-title": {
+		"defaultMessage": "{object} #{id}"
+	},
+	"object.add": {
+		"defaultMessage": "Přidat {object}"
+	},
+	"object.delete": {
+		"defaultMessage": "Smazat {object}"
+	},
+	"object.delete.content": {
+		"defaultMessage": "Opravdu chcete smazat tento {object}?"
+	},
+	"object.edit": {
+		"defaultMessage": "Upravit {object}"
+	},
+	"object.empty": {
+		"defaultMessage": "Nejsou {objects}"
+	},
+	"object.event.created": {
+		"defaultMessage": "Vytvořen {object}"
+	},
+	"object.event.deleted": {
+		"defaultMessage": "Smazán {object}"
+	},
+	"object.event.disabled": {
+		"defaultMessage": "Deaktivován {object}"
+	},
+	"object.event.enabled": {
+		"defaultMessage": "Aktivován {object}"
+	},
+	"object.event.renewed": {
+		"defaultMessage": "Obnoven {object}"
+	},
+	"object.event.updated": {
+		"defaultMessage": "Aktualizován {object}"
+	},
+	"offline": {
+		"defaultMessage": "Offline"
+	},
+	"online": {
+		"defaultMessage": "Online"
+	},
+	"options": {
+		"defaultMessage": "Možnosti"
+	},
+	"password": {
+		"defaultMessage": "Heslo"
+	},
+	"password.generate": {
+		"defaultMessage": "Vygenerovat náhodné heslo"
+	},
+	"password.hide": {
+		"defaultMessage": "Skrýt heslo"
+	},
+	"password.show": {
+		"defaultMessage": "Zobrazit heslo"
+	},
+	"permissions.hidden": {
+		"defaultMessage": "Skryté"
+	},
+	"permissions.manage": {
+		"defaultMessage": "Spravovat"
+	},
+	"permissions.view": {
+		"defaultMessage": "Pouze pro zobrazení"
+	},
+	"permissions.visibility.all": {
+		"defaultMessage": "Všechny položky"
+	},
+	"permissions.visibility.title": {
+		"defaultMessage": "Viditelnost položky"
+	},
+	"permissions.visibility.user": {
+		"defaultMessage": "Pouze vytvořené položky"
+	},
+	"proxy-host": {
+		"defaultMessage": "proxy hostitele"
+	},
+	"proxy-host.forward-host": {
+		"defaultMessage": "Cílový název hostitele / IP"
+	},
+	"proxy-hosts": {
+		"defaultMessage": "Proxy hostitelé"
+	},
+	"proxy-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {proxy hostitel} few {proxy hostitelé} other {proxy hostitelů}}"
+	},
+	"public": {
+		"defaultMessage": "Veřejné"
+	},
+	"redirection-host": {
+		"defaultMessage": "přesměrovacího hostitele"
+	},
+	"redirection-host.forward-domain": {
+		"defaultMessage": "Cílová doména"
+	},
+	"redirection-host.forward-http-code": {
+		"defaultMessage": "HTTP kód"
+	},
+	"redirection-hosts": {
+		"defaultMessage": "Přesměrovací hostitelé"
+	},
+	"redirection-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {přesměrovací hostitel} few {přesměrovací hostitelé} other {přesměrovacích hostitelů}}"
+	},
+	"redirection-hosts.http-code.300": {
+		"defaultMessage": "300 Více možností"
+	},
+	"redirection-hosts.http-code.301": {
+		"defaultMessage": "301 Trvale přesunuto"
+	},
+	"redirection-hosts.http-code.302": {
+		"defaultMessage": "302 Dočasně přesunuto"
+	},
+	"redirection-hosts.http-code.303": {
+		"defaultMessage": "303 Podívat se na jiné"
+	},
+	"redirection-hosts.http-code.307": {
+		"defaultMessage": "307 Dočasné přesměrování"
+	},
+	"redirection-hosts.http-code.308": {
+		"defaultMessage": "308 Trvalé přesměrování"
+	},
+	"role.admin": {
+		"defaultMessage": "Administrátor"
+	},
+	"role.standard-user": {
+		"defaultMessage": "Běžný uživatel"
+	},
+	"save": {
+		"defaultMessage": "Uložit"
+	},
+	"setting": {
+		"defaultMessage": "Nastavení"
+	},
+	"settings": {
+		"defaultMessage": "Nastavení"
+	},
+	"settings.default-site": {
+		"defaultMessage": "Výchozí stránka"
+	},
+	"settings.default-site.404": {
+		"defaultMessage": "Stránka 404"
+	},
+	"settings.default-site.444": {
+		"defaultMessage": "Bez odpovědi (444)"
+	},
+	"settings.default-site.congratulations": {
+		"defaultMessage": "Gratulační stránka"
+	},
+	"settings.default-site.description": {
+		"defaultMessage": "Co zobrazit, když Nginx zachytí neznámého hostitele"
+	},
+	"settings.default-site.html": {
+		"defaultMessage": "Vlastní HTML"
+	},
+	"settings.default-site.html.placeholder": {
+		"defaultMessage": "<!-- Sem zadejte vlastní HTML obsah -->"
+	},
+	"settings.default-site.redirect": {
+		"defaultMessage": "Přesměrovat"
+	},
+	"setup.preamble": {
+		"defaultMessage": "Začněte vytvořením administrátorského účtu."
+	},
+	"setup.title": {
+		"defaultMessage": "Vítejte!"
+	},
+	"sign-in": {
+		"defaultMessage": "Přihlásit se"
+	},
+	"ssl-certificate": {
+		"defaultMessage": "SSL certifikát"
+	},
+	"stream": {
+		"defaultMessage": "stream"
+	},
+	"stream.forward-host": {
+		"defaultMessage": "Cílový hostitel"
+	},
+	"stream.forward-host.placeholder": {
+		"defaultMessage": "napriklad.cz nebo 10.0.0.1 nebo 2001:db8:3333:4444:5555:6666:7777:8888"
+	},
+	"stream.incoming-port": {
+		"defaultMessage": "Vstupní port"
+	},
+	"streams": {
+		"defaultMessage": "Streamy"
+	},
+	"streams.count": {
+		"defaultMessage": "{count} {count, plural, one {stream} few {streamy} other {streamů}}"
+	},
+	"streams.tcp": {
+		"defaultMessage": "TCP"
+	},
+	"streams.udp": {
+		"defaultMessage": "UDP"
+	},
+	"test": {
+		"defaultMessage": "Test"
+	},
+	"update-available": {
+		"defaultMessage": "Dostupná aktualizace: {latestVersion}"
+	},
+	"user": {
+		"defaultMessage": "uživatele"
+	},
+	"user.change-password": {
+		"defaultMessage": "Změnit heslo"
+	},
+	"user.confirm-password": {
+		"defaultMessage": "Potvrdit heslo"
+	},
+	"user.current-password": {
+		"defaultMessage": "Aktuální heslo"
+	},
+	"user.edit-profile": {
+		"defaultMessage": "Upravit profil"
+	},
+	"user.full-name": {
+		"defaultMessage": "Celé jméno"
+	},
+	"user.login-as": {
+		"defaultMessage": "Přihlásit se jako {name}"
+	},
+	"user.logout": {
+		"defaultMessage": "Odhlásit se"
+	},
+	"user.new-password": {
+		"defaultMessage": "Nové heslo"
+	},
+	"user.nickname": {
+		"defaultMessage": "Přezdívka"
+	},
+	"user.set-password": {
+		"defaultMessage": "Nastavit heslo"
+	},
+	"user.set-permissions": {
+		"defaultMessage": "Nastavit oprávnění pro {name}"
+	},
+	"user.switch-dark": {
+		"defaultMessage": "Přepnout na tmavý režim"
+	},
+	"user.switch-light": {
+		"defaultMessage": "Přepnout na světlý režim"
+	},
+	"user.two-factor": {
+		"defaultMessage": "Dvoufaktorové ověření"
+	},
+	"username": {
+		"defaultMessage": "Uživatelské jméno"
+	},
+	"users": {
+		"defaultMessage": "Uživatelé"
+	}
+}

frontend/src/locale/src/en.json

@@ -347,6 +347,9 @@
 	"domain-names.wildcards-not-supported": {
 		"defaultMessage": "Wildcards not supported for this CA"
 	},
+	"domains.advanced": {
+		"defaultMessage": "Advanced"
+	},
 	"domains.force-ssl": {
 		"defaultMessage": "Force SSL"
 	},
@@ -359,6 +362,9 @@
 	"domains.http2-support": {
 		"defaultMessage": "HTTP/2 Support"
 	},
+	"domains.trust-forwarded-proto": {
+		"defaultMessage": "Trust Upstream Forwarded Proto Headers"
+	},
 	"domains.use-dns": {
 		"defaultMessage": "Use DNS Challenge"
 	},

frontend/src/locale/src/lang-list.json

@@ -11,6 +11,9 @@
   "locale-de-DE": {
     "defaultMessage": "German"
   },
+  "locale-pt-PT": {
+	"defaultMessage": "Português (Europeu)"
+  },
   "locale-fr-FR": {
     "defaultMessage": "Français"
   },
@@ -26,6 +29,9 @@
   "locale-sk-SK": {
     "defaultMessage": "Slovenčina"
   },
+  "locale-cs-CZ": {
+    "defaultMessage": "Čeština"
+  },
   "locale-zh-CN": {
     "defaultMessage": "中文"
   },

frontend/src/locale/src/pt.json

@@ -0,0 +1,683 @@
+{
+	"access-list": {
+		"defaultMessage": "Lista de Controlo de Acesso (ACL)"
+	},
+	"access-list.access-count": {
+		"defaultMessage": "{count} {count, plural, one {Regra} other {Regras}}"
+	},
+	"access-list.auth-count": {
+		"defaultMessage": "{count} {count, plural, one {Utilizador} other {Utilizadores}}"
+	},
+	"access-list.help-rules-last": {
+		"defaultMessage": "Quando existir pelo menos 1 regra, esta regra de negação geral será aplicada em último lugar"
+	},
+	"access-list.help.rules-order": {
+		"defaultMessage": "Nota: as diretivas allow e deny são aplicadas pela ordem em que forem definidas."
+	},
+	"access-list.pass-auth": {
+		"defaultMessage": "Passar Autenticação para o Upstream"
+	},
+	"access-list.public": {
+		"defaultMessage": "Acesso Público"
+	},
+	"access-list.public.subtitle": {
+		"defaultMessage": "Sem autenticação básica"
+	},
+	"access-list.rule-source.placeholder": {
+		"defaultMessage": "192.168.1.100 ou 192.168.1.0/24 ou 2001:0db8::/32"
+	},
+	"access-list.satisfy-any": {
+		"defaultMessage": "Satisfazer Qualquer"
+	},
+	"access-list.subtitle": {
+		"defaultMessage": "{users} {users, plural, one {Utilizador} other {Utilizadores}}, {rules} {rules, plural, one {Regra} other {Regras}} – Criado em: {date}"
+	},
+	"access-lists": {
+		"defaultMessage": "Listas de Controlo de Acesso (ACL)"
+	},
+	"action.add": {
+		"defaultMessage": "Adicionar"
+	},
+	"action.add-location": {
+		"defaultMessage": "Adicionar Location"
+	},
+	"action.allow": {
+		"defaultMessage": "Permitir"
+	},
+	"action.close": {
+		"defaultMessage": "Fechar"
+	},
+	"action.delete": {
+		"defaultMessage": "Eliminar"
+	},
+	"action.deny": {
+		"defaultMessage": "Negar"
+	},
+	"action.disable": {
+		"defaultMessage": "Desativar"
+	},
+	"action.download": {
+		"defaultMessage": "Descarregar"
+	},
+	"action.edit": {
+		"defaultMessage": "Editar"
+	},
+	"action.enable": {
+		"defaultMessage": "Ativar"
+	},
+	"action.permissions": {
+		"defaultMessage": "Permissões"
+	},
+	"action.renew": {
+		"defaultMessage": "Renovar"
+	},
+	"action.view-details": {
+		"defaultMessage": "Ver Detalhes"
+	},
+	"auditlogs": {
+		"defaultMessage": "Registos de Auditoria"
+	},
+	"auto": {
+		"defaultMessage": "Automático"
+	},
+	"cancel": {
+		"defaultMessage": "Cancelar"
+	},
+	"certificate": {
+		"defaultMessage": "Certificado"
+	},
+	"certificate.custom-certificate": {
+		"defaultMessage": "Certificado Personalizado"
+	},
+	"certificate.custom-certificate-key": {
+		"defaultMessage": "Chave do Certificado"
+	},
+	"certificate.custom-intermediate": {
+		"defaultMessage": "Certificado Intermédio"
+	},
+	"certificate.in-use": {
+		"defaultMessage": "Em Utilização"
+	},
+	"certificate.none.subtitle": {
+		"defaultMessage": "Nenhum certificado atribuído"
+	},
+	"certificate.none.subtitle.for-http": {
+		"defaultMessage": "Este host não irá utilizar HTTPS"
+	},
+	"certificate.none.title": {
+		"defaultMessage": "Nenhum"
+	},
+	"certificate.not-in-use": {
+		"defaultMessage": "Não Utilizado"
+	},
+	"certificate.renew": {
+		"defaultMessage": "Renovar Certificado"
+	},
+	"certificates": {
+		"defaultMessage": "Certificados"
+	},
+	"certificates.custom": {
+		"defaultMessage": "Certificado Personalizado"
+	},
+	"certificates.custom.warning": {
+		"defaultMessage": "Ficheiros de chave protegidos por palavra-passe não são suportados."
+	},
+	"certificates.dns.credentials": {
+		"defaultMessage": "Conteúdo do Ficheiro de Credenciais"
+	},
+	"certificates.dns.credentials-note": {
+		"defaultMessage": "Este plugin requer um ficheiro de configuração contendo um token API ou outras credenciais do fornecedor DNS."
+	},
+	"certificates.dns.credentials-warning": {
+		"defaultMessage": "Estes dados serão guardados em texto simples na base de dados e num ficheiro!"
+	},
+	"certificates.dns.propagation-seconds": {
+		"defaultMessage": "Segundos de Propagação"
+	},
+	"certificates.dns.propagation-seconds-note": {
+		"defaultMessage": "Deixe em branco para usar o valor predefinido do plugin. Número de segundos a aguardar pela propagação DNS."
+	},
+	"certificates.dns.provider": {
+		"defaultMessage": "Fornecedor DNS"
+	},
+	"certificates.dns.provider.placeholder": {
+		"defaultMessage": "Selecionar fornecedor..."
+	},
+	"certificates.dns.warning": {
+		"defaultMessage": "Esta secção requer conhecimentos sobre o Certbot e os seus plugins DNS. Consulte a documentação dos plugins."
+	},
+	"certificates.http.reachability-404": {
+		"defaultMessage": "Foi encontrado um servidor neste domínio, mas não parece ser o Nginx Proxy Manager. Certifique-se de que o domínio aponta para o IP onde a sua instância está a correr."
+	},
+	"certificates.http.reachability-failed-to-check": {
+		"defaultMessage": "Falha ao verificar acessibilidade devido a um erro de comunicação com site24x7.com."
+	},
+	"certificates.http.reachability-not-resolved": {
+		"defaultMessage": "Não existe nenhum servidor acessível neste domínio. Certifique-se de que o domínio existe, aponta para o IP correto e que a porta 80 está encaminhada no seu router."
+	},
+	"certificates.http.reachability-ok": {
+		"defaultMessage": "O servidor está acessível e a criação de certificados deverá ser possível."
+	},
+	"certificates.http.reachability-other": {
+		"defaultMessage": "Foi encontrado um servidor neste domínio, mas devolveu um código inesperado ({code}). Será o servidor NPM? Confirme que o domínio aponta para o IP correto."
+	},
+	"certificates.http.reachability-wrong-data": {
+		"defaultMessage": "Foi encontrado um servidor neste domínio, mas devolveu dados inesperados. Será o servidor NPM? Confirme que o domínio aponta para o IP correto."
+	},
+	"certificates.http.test-results": {
+		"defaultMessage": "Resultados do Teste"
+	},
+	"certificates.http.warning": {
+		"defaultMessage": "Estes domínios devem já estar configurados para apontar para esta instalação."
+	},
+	"certificates.request.subtitle": {
+		"defaultMessage": "com o Let's Encrypt"
+	},
+	"certificates.request.title": {
+		"defaultMessage": "Pedir Novo Certificado"
+	},
+	"column.access": {
+		"defaultMessage": "Acesso"
+	},
+	"column.authorization": {
+		"defaultMessage": "Autorização"
+	},
+	"column.authorizations": {
+		"defaultMessage": "Autorizações"
+	},
+	"column.custom-locations": {
+		"defaultMessage": "Locations Personalizados"
+	},
+	"column.destination": {
+		"defaultMessage": "Destino"
+	},
+	"column.details": {
+		"defaultMessage": "Detalhes"
+	},
+	"column.email": {
+		"defaultMessage": "Email"
+	},
+	"column.event": {
+		"defaultMessage": "Evento"
+	},
+	"column.expires": {
+		"defaultMessage": "Expira"
+	},
+	"column.http-code": {
+		"defaultMessage": "Código HTTP"
+	},
+	"column.incoming-port": {
+		"defaultMessage": "Porta de Entrada"
+	},
+	"column.name": {
+		"defaultMessage": "Nome"
+	},
+	"column.protocol": {
+		"defaultMessage": "Protocolo"
+	},
+	"column.provider": {
+		"defaultMessage": "Fornecedor"
+	},
+	"column.roles": {
+		"defaultMessage": "Funções"
+	},
+	"column.rules": {
+		"defaultMessage": "Regras"
+	},
+	"column.satisfy": {
+		"defaultMessage": "Satisfazer"
+	},
+	"column.satisfy-all": {
+		"defaultMessage": "Todos"
+	},
+	"column.satisfy-any": {
+		"defaultMessage": "Qualquer"
+	},
+	"column.scheme": {
+		"defaultMessage": "Esquema"
+	},
+	"column.source": {
+		"defaultMessage": "Origem"
+	},
+	"column.ssl": {
+		"defaultMessage": "SSL"
+	},
+	"column.status": {
+		"defaultMessage": "Estado"
+	},
+	"created-on": {
+		"defaultMessage": "Criado em: {date}"
+	},
+	"dashboard": {
+		"defaultMessage": "Painel"
+	},
+	"dead-host": {
+		"defaultMessage": "Host 404"
+	},
+	"dead-hosts": {
+		"defaultMessage": "Hosts 404"
+	},
+	"dead-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {Host 404} other {Hosts 404}}"
+	},
+	"disabled": {
+		"defaultMessage": "Desativado"
+	},
+	"domain-names": {
+		"defaultMessage": "Nomes de Domínio"
+	},
+	"domain-names.max": {
+		"defaultMessage": "Máximo de {count} domínios"
+	},
+	"domain-names.placeholder": {
+		"defaultMessage": "Comece a escrever para adicionar um domínio..."
+	},
+	"domain-names.wildcards-not-permitted": {
+		"defaultMessage": "Wildcards não permitidos para este tipo"
+	},
+	"domain-names.wildcards-not-supported": {
+		"defaultMessage": "Wildcards não suportados por esta AC"
+	},
+	"domains.force-ssl": {
+		"defaultMessage": "Forçar SSL"
+	},
+	"domains.hsts-enabled": {
+		"defaultMessage": "HSTS Ativado"
+	},
+	"domains.hsts-subdomains": {
+		"defaultMessage": "HSTS para Subdomínios"
+	},
+	"domains.http2-support": {
+		"defaultMessage": "Suporte HTTP/2"
+	},
+	"domains.use-dns": {
+		"defaultMessage": "Utilizar DNS Challenge"
+	},
+	"email-address": {
+		"defaultMessage": "Endereço de Email"
+	},
+	"empty-search": {
+		"defaultMessage": "Nenhum resultado encontrado"
+	},
+	"empty-subtitle": {
+		"defaultMessage": "Porque não cria um?"
+	},
+	"enabled": {
+		"defaultMessage": "Ativado"
+	},
+	"error.access.at-least-one": {
+		"defaultMessage": "É necessária pelo menos uma Autorização ou uma Regra de Acesso"
+	},
+	"error.access.duplicate-usernames": {
+		"defaultMessage": "Os nomes de utilizador de autorização devem ser únicos"
+	},
+	"error.invalid-auth": {
+		"defaultMessage": "Email ou palavra-passe inválidos"
+	},
+	"error.invalid-domain": {
+		"defaultMessage": "Domínio inválido: {domain}"
+	},
+	"error.invalid-email": {
+		"defaultMessage": "Endereço de email inválido"
+	},
+	"error.max-character-length": {
+		"defaultMessage": "Tamanho máximo: {max} caractere{max, plural, one {} other {s}}"
+	},
+	"error.max-domains": {
+		"defaultMessage": "Demasiados domínios; o máximo é {max}"
+	},
+	"error.maximum": {
+		"defaultMessage": "Máximo permitido: {max}"
+	},
+	"error.min-character-length": {
+		"defaultMessage": "Tamanho mínimo: {min} caractere{min, plural, one {} other {s}}"
+	},
+	"error.minimum": {
+		"defaultMessage": "Mínimo permitido: {min}"
+	},
+	"error.passwords-must-match": {
+		"defaultMessage": "As palavras-passe têm de coincidir"
+	},
+	"error.required": {
+		"defaultMessage": "Campo obrigatório"
+	},
+	"expires.on": {
+		"defaultMessage": "Expira em: {date}"
+	},
+	"footer.github-fork": {
+		"defaultMessage": "Faz fork no GitHub"
+	},
+	"host.flags.block-exploits": {
+		"defaultMessage": "Bloquear Exploits Comuns"
+	},
+	"host.flags.cache-assets": {
+		"defaultMessage": "Cache de Conteúdos Estáticos"
+	},
+	"host.flags.preserve-path": {
+		"defaultMessage": "Preservar Caminho"
+	},
+	"host.flags.protocols": {
+		"defaultMessage": "Protocolos"
+	},
+	"host.flags.websockets-upgrade": {
+		"defaultMessage": "Suporte para WebSockets"
+	},
+	"host.forward-port": {
+		"defaultMessage": "Porta de Encaminhamento"
+	},
+	"host.forward-scheme": {
+		"defaultMessage": "Esquema"
+	},
+	"hosts": {
+		"defaultMessage": "Hosts"
+	},
+	"http-only": {
+		"defaultMessage": "Apenas HTTP"
+	},
+	"lets-encrypt": {
+		"defaultMessage": "Let's Encrypt"
+	},
+	"lets-encrypt-via-dns": {
+		"defaultMessage": "Let's Encrypt via DNS"
+	},
+	"lets-encrypt-via-http": {
+		"defaultMessage": "Let's Encrypt via HTTP"
+	},
+	"loading": {
+		"defaultMessage": "A carregar…"
+	},
+	"login.title": {
+		"defaultMessage": "Iniciar sessão na sua conta"
+	},
+	"nginx-config.label": {
+		"defaultMessage": "Configuração Nginx Personalizada"
+	},
+	"nginx-config.placeholder": {
+		"defaultMessage": "# Insira aqui a sua configuração Nginx personalizada (utilize por sua conta e risco!)"
+	},
+	"no-permission-error": {
+		"defaultMessage": "Não tem permissões para ver esta página."
+	},
+	"notfound.action": {
+		"defaultMessage": "Voltar à página inicial"
+	},
+	"notfound.content": {
+		"defaultMessage": "A página que procura não foi encontrada."
+	},
+	"notfound.title": {
+		"defaultMessage": "Oops… Encontrou uma página de erro"
+	},
+	"notification.error": {
+		"defaultMessage": "Erro"
+	},
+	"notification.object-deleted": {
+		"defaultMessage": "{object} foi eliminado"
+	},
+	"notification.object-disabled": {
+		"defaultMessage": "{object} foi desativado"
+	},
+	"notification.object-enabled": {
+		"defaultMessage": "{object} foi ativado"
+	},
+	"notification.object-renewed": {
+		"defaultMessage": "{object} foi renovado"
+	},
+	"notification.object-saved": {
+		"defaultMessage": "{object} foi guardado"
+	},
+	"notification.success": {
+		"defaultMessage": "Sucesso"
+	},
+	"object.actions-title": {
+		"defaultMessage": "{object} #{id}"
+	},
+	"object.add": {
+		"defaultMessage": "Adicionar {object}"
+	},
+	"object.delete": {
+		"defaultMessage": "Eliminar {object}"
+	},
+	"object.delete.content": {
+		"defaultMessage": "Tem a certeza de que deseja eliminar este {object}?"
+	},
+	"object.edit": {
+		"defaultMessage": "Editar {object}"
+	},
+	"object.empty": {
+		"defaultMessage": "Não existem {objects}"
+	},
+	"object.event.created": {
+		"defaultMessage": "{object} criado"
+	},
+	"object.event.deleted": {
+		"defaultMessage": "{object} eliminado"
+	},
+	"object.event.disabled": {
+		"defaultMessage": "{object} desativado"
+	},
+	"object.event.enabled": {
+		"defaultMessage": "{object} ativado"
+	},
+	"object.event.renewed": {
+		"defaultMessage": "{object} renovado"
+	},
+	"object.event.updated": {
+		"defaultMessage": "{object} atualizado"
+	},
+	"offline": {
+		"defaultMessage": "Offline"
+	},
+	"online": {
+		"defaultMessage": "Online"
+	},
+	"options": {
+		"defaultMessage": "Opções"
+	},
+	"password": {
+		"defaultMessage": "Palavra-passe"
+	},
+	"password.generate": {
+		"defaultMessage": "Gerar palavra-passe aleatória"
+	},
+	"password.hide": {
+		"defaultMessage": "Esconder Palavra-passe"
+	},
+	"password.show": {
+		"defaultMessage": "Mostrar Palavra-passe"
+	},
+	"permissions.hidden": {
+		"defaultMessage": "Oculto"
+	},
+	"permissions.manage": {
+		"defaultMessage": "Gerir"
+	},
+	"permissions.view": {
+		"defaultMessage": "Apenas Visualização"
+	},
+	"permissions.visibility.all": {
+		"defaultMessage": "Todos os Itens"
+	},
+	"permissions.visibility.title": {
+		"defaultMessage": "Visibilidade do Item"
+	},
+	"permissions.visibility.user": {
+		"defaultMessage": "Apenas Itens Criados"
+	},
+	"proxy-host": {
+		"defaultMessage": "Proxy Host"
+	},
+	"proxy-host.forward-host": {
+		"defaultMessage": "Hostname/IP de Encaminhamento"
+	},
+	"proxy-hosts": {
+		"defaultMessage": "Proxy Hosts"
+	},
+	"proxy-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {Proxy Host} other {Proxy Hosts}}"
+	},
+	"public": {
+		"defaultMessage": "Público"
+	},
+	"redirection-host": {
+		"defaultMessage": "Host de Redirecionamento"
+	},
+	"redirection-host.forward-domain": {
+		"defaultMessage": "Domínio de Destino"
+	},
+	"redirection-host.forward-http-code": {
+		"defaultMessage": "Código HTTP"
+	},
+	"redirection-hosts": {
+		"defaultMessage": "Hosts de Redirecionamento"
+	},
+	"redirection-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {Host de Redirecionamento} other {Hosts de Redirecionamento}}"
+	},
+	"redirection-hosts.http-code.300": {
+		"defaultMessage": "300 Múltiplas Escolhas"
+	},
+	"redirection-hosts.http-code.301": {
+		"defaultMessage": "301 Movido Permanentemente"
+	},
+	"redirection-hosts.http-code.302": {
+		"defaultMessage": "302 Movido Temporariamente"
+	},
+	"redirection-hosts.http-code.303": {
+		"defaultMessage": "303 Ver Outro"
+	},
+	"redirection-hosts.http-code.307": {
+		"defaultMessage": "307 Redirecionamento Temporário"
+	},
+	"redirection-hosts.http-code.308": {
+		"defaultMessage": "308 Redirecionamento Permanente"
+	},
+	"role.admin": {
+		"defaultMessage": "Administrador"
+	},
+	"role.standard-user": {
+		"defaultMessage": "Utilizador Comum"
+	},
+	"save": {
+		"defaultMessage": "Guardar"
+	},
+	"setting": {
+		"defaultMessage": "Definição"
+	},
+	"settings": {
+		"defaultMessage": "Definições"
+	},
+	"settings.default-site": {
+		"defaultMessage": "Site Predefinido"
+	},
+	"settings.default-site.404": {
+		"defaultMessage": "Página 404"
+	},
+	"settings.default-site.444": {
+		"defaultMessage": "Sem Resposta (444)"
+	},
+	"settings.default-site.congratulations": {
+		"defaultMessage": "Página de Boas-vindas"
+	},
+	"settings.default-site.description": {
+		"defaultMessage": "O que apresentar quando o Nginx recebe um Host desconhecido"
+	},
+	"settings.default-site.html": {
+		"defaultMessage": "HTML Personalizado"
+	},
+	"settings.default-site.html.placeholder": {
+		"defaultMessage": "<!-- Insira aqui o seu conteúdo HTML personalizado -->"
+	},
+	"settings.default-site.redirect": {
+		"defaultMessage": "Redirecionar"
+	},
+	"setup.preamble": {
+		"defaultMessage": "Comece por criar a sua conta de administrador."
+	},
+	"setup.title": {
+		"defaultMessage": "Bem-vindo!"
+	},
+	"sign-in": {
+		"defaultMessage": "Iniciar Sessão"
+	},
+	"ssl-certificate": {
+		"defaultMessage": "Certificado SSL"
+	},
+	"stream": {
+		"defaultMessage": "Stream"
+	},
+	"stream.forward-host": {
+		"defaultMessage": "Host de Destino"
+	},
+	"stream.forward-host.placeholder": {
+		"defaultMessage": "example.com ou 10.0.0.1 ou 2001:db8:3333:4444:5555:6666:7777:8888"
+	},
+	"stream.incoming-port": {
+		"defaultMessage": "Porta de Entrada"
+	},
+	"streams": {
+		"defaultMessage": "Streams"
+	},
+	"streams.count": {
+		"defaultMessage": "{count} {count, plural, one {Stream} other {Streams}}"
+	},
+	"streams.tcp": {
+		"defaultMessage": "TCP"
+	},
+	"streams.udp": {
+		"defaultMessage": "UDP"
+	},
+	"test": {
+		"defaultMessage": "Testar"
+	},
+	"update-available": {
+		"defaultMessage": "Atualização Disponível: {latestVersion}"
+	},
+	"user": {
+		"defaultMessage": "Utilizador"
+	},
+	"user.change-password": {
+		"defaultMessage": "Alterar Palavra-passe"
+	},
+	"user.confirm-password": {
+		"defaultMessage": "Confirmar Palavra-passe"
+	},
+	"user.current-password": {
+		"defaultMessage": "Palavra-passe Atual"
+	},
+	"user.edit-profile": {
+		"defaultMessage": "Editar Perfil"
+	},
+	"user.full-name": {
+		"defaultMessage": "Nome Completo"
+	},
+	"user.login-as": {
+		"defaultMessage": "Iniciar sessão como {name}"
+	},
+	"user.logout": {
+		"defaultMessage": "Terminar Sessão"
+	},
+	"user.new-password": {
+		"defaultMessage": "Nova Palavra-passe"
+	},
+	"user.nickname": {
+		"defaultMessage": "Alcunha"
+	},
+	"user.set-password": {
+		"defaultMessage": "Definir Palavra-passe"
+	},
+	"user.set-permissions": {
+		"defaultMessage": "Definir Permissões para {name}"
+	},
+	"user.switch-dark": {
+		"defaultMessage": "Ativar Modo Escuro"
+	},
+	"user.switch-light": {
+		"defaultMessage": "Ativar Modo Claro"
+	},
+	"username": {
+		"defaultMessage": "Nome de Utilizador"
+	},
+	"users": {
+		"defaultMessage": "Utilizadores"
+	}
+}

frontend/src/locale/src/sk.json

@@ -1,4 +1,61 @@
 {
+	"2fa.backup-codes-remaining": {
+		"defaultMessage": "Počet zostávajúcich záložných kódov: {count}"
+	},
+	"2fa.backup-warning": {
+		"defaultMessage": "Tieto záložné kódy si uložte na bezpečnom mieste. Každý kód je možné použiť len raz."
+	},
+	"2fa.disable": {
+		"defaultMessage": "Vypnúť dvojfaktorové overovanie"
+	},
+	"2fa.disable-confirm": {
+		"defaultMessage": "Vypnúť 2FA"
+	},
+	"2fa.disable-warning": {
+		"defaultMessage": "Vypnutím dvojfaktorového overovania sa zníži bezpečnosť vášho účtu."
+	},
+	"2fa.disabled": {
+		"defaultMessage": "Vypnuté"
+	},
+	"2fa.done": {
+		"defaultMessage": "Uložil som si svoje záložné kódy."
+	},
+	"2fa.enable": {
+		"defaultMessage": "Zapnúť dvojfaktorové overovanie"
+	},
+	"2fa.enabled": {
+		"defaultMessage": "Zapnuté"
+	},
+	"2fa.enter-code": {
+		"defaultMessage": "Zadajte overovací kód"
+	},
+	"2fa.enter-code-disable": {
+		"defaultMessage": "Zadajte overovací kód na vypnutie"
+	},
+	"2fa.regenerate": {
+		"defaultMessage": "Znova vytvoriť"
+	},
+	"2fa.regenerate-backup": {
+		"defaultMessage": "Znova vytvoriť záložné kódy"
+	},
+	"2fa.regenerate-instructions": {
+		"defaultMessage": "Zadajte overovací kód, aby sa vytvorili nové záložné kódy. Vaše staré kódy budú neplatné."
+	},
+	"2fa.secret-key": {
+		"defaultMessage": "Tajný kľúč"
+	},
+	"2fa.setup-instructions": {
+		"defaultMessage": "Naskenujte tento QR kód pomocou svojej overovacej aplikácie alebo zadajte tajný kľúč ručne."
+	},
+	"2fa.status": {
+		"defaultMessage": "Stav"
+	},
+	"2fa.title": {
+		"defaultMessage": "Dvojfaktorové overenie"
+	},
+	"2fa.verify-enable": {
+		"defaultMessage": "Overiť a zapnúť"
+	},
 	"access-list": {
 		"defaultMessage": "zoznam prístupov"
 	},
@@ -23,6 +80,9 @@
 	"access-list.public.subtitle": {
 		"defaultMessage": "Nie je potrebné základné overenie"
 	},
+	"access-list.rule-source.placeholder": {
+		"defaultMessage": "192.168.1.100 alebo 192.168.1.0/24 alebo 2001:0db8::/32"
+	},
 	"access-list.satisfy-any": {
 		"defaultMessage": "Splniť ktorékoľvek"
 	},
@@ -38,12 +98,18 @@
 	"action.add-location": {
 		"defaultMessage": "Pridať umiestnenie"
 	},
+	"action.allow": {
+		"defaultMessage": "Povoliť"
+	},
 	"action.close": {
 		"defaultMessage": "Zavrieť"
 	},
 	"action.delete": {
 		"defaultMessage": "Vymazať"
 	},
+	"action.deny": {
+		"defaultMessage": "Zamietnuť"
+	},
 	"action.disable": {
 		"defaultMessage": "Deaktivovať"
 	},
@@ -68,11 +134,14 @@
 	"auditlogs": {
 		"defaultMessage": "Záznamy auditu"
 	},
+	"auto": {
+		"defaultMessage": "Automaticky"
+	},
 	"cancel": {
 		"defaultMessage": "Zrušiť"
 	},
 	"certificate": {
-		"defaultMessage": "Certifikát"
+		"defaultMessage": "certifikát"
 	},
 	"certificate.custom-certificate": {
 		"defaultMessage": "Certifikát"
@@ -128,6 +197,9 @@
 	"certificates.dns.provider": {
 		"defaultMessage": "DNS poskytovateľ"
 	},
+	"certificates.dns.provider.placeholder": {
+		"defaultMessage": "Vyberte poskytovateľa..."
+	},
 	"certificates.dns.warning": {
 		"defaultMessage": "Táto sekcia vyžaduje znalosť Certbotu a jeho DNS doplnkov. Prosím, pozrite si dokumentáciu príslušného doplnku."
 	},
@@ -249,7 +321,7 @@
 		"defaultMessage": "Panel"
 	},
 	"dead-host": {
-		"defaultMessage": "404 Hostiteľ"
+		"defaultMessage": "404 hostiteľa"
 	},
 	"dead-hosts": {
 		"defaultMessage": "404 Hostitelia"
@@ -383,6 +455,21 @@
 	"loading": {
 		"defaultMessage": "Načítava sa…"
 	},
+	"login.2fa-code": {
+		"defaultMessage": "Overovací kód"
+	},
+	"login.2fa-code-placeholder": {
+		"defaultMessage": "Vložiť kód"
+	},
+	"login.2fa-description": {
+		"defaultMessage": "Vložte kód z vašej overovacej aplikácie"
+	},
+	"login.2fa-title": {
+		"defaultMessage": "Dvoj-faktorové overenie"
+	},
+	"login.2fa-verify": {
+		"defaultMessage": "Overiť"
+	},
 	"login.title": {
 		"defaultMessage": "Prihláste sa do svojho účtu"
 	},
@@ -420,7 +507,7 @@
 		"defaultMessage": "{object} bol obnovený"
 	},
 	"notification.object-saved": {
-		"defaultMessage": "{object} bol uložené"
+		"defaultMessage": "{object} bol uložený"
 	},
 	"notification.success": {
 		"defaultMessage": "Úspech"
@@ -441,7 +528,7 @@
 		"defaultMessage": "Upraviť {object}"
 	},
 	"object.empty": {
-		"defaultMessage": "Nie sú žiadne/y {objects}"
+		"defaultMessage": "Nie sú {objects}"
 	},
 	"object.event.created": {
 		"defaultMessage": "Vytvorený {object}"
@@ -501,7 +588,7 @@
 		"defaultMessage": "Len vytvorené položky"
 	},
 	"proxy-host": {
-		"defaultMessage": "Proxy hostiteľa"
+		"defaultMessage": "proxy hostiteľa"
 	},
 	"proxy-host.forward-host": {
 		"defaultMessage": "Cieľový názov hostiteľa / IP"
@@ -530,6 +617,24 @@
 	"redirection-hosts.count": {
 		"defaultMessage": "{count} {count, plural, one {presmerovací hostiteľ} few {presmerovací hostitelia} other {presmerovacích hostiteľov}}"
 	},
+	"redirection-hosts.http-code.300": {
+		"defaultMessage": "300 Viacero možností"
+	},
+	"redirection-hosts.http-code.301": {
+		"defaultMessage": "301 Trvalo presunuté"
+	},
+	"redirection-hosts.http-code.302": {
+		"defaultMessage": "302 Dočasne presunuté"
+	},
+	"redirection-hosts.http-code.303": {
+		"defaultMessage": "303 Pozrieť iné"
+	},
+	"redirection-hosts.http-code.307": {
+		"defaultMessage": "307 Dočasné presmerovanie"
+	},
+	"redirection-hosts.http-code.308": {
+		"defaultMessage": "308 Trvalé presmerovanie"
+	},
 	"role.admin": {
 		"defaultMessage": "Administrátor"
 	},
@@ -582,11 +687,14 @@
 		"defaultMessage": "SSL certifikát"
 	},
 	"stream": {
-		"defaultMessage": "Stream"
+		"defaultMessage": "stream"
 	},
 	"stream.forward-host": {
 		"defaultMessage": "Cieľový hostiteľ"
 	},
+	"stream.forward-host.placeholder": {
+		"defaultMessage": "napriklad.sk alebo 10.0.0.1 alebo 2001:db8:3333:4444:5555:6666:7777:8888"
+	},
 	"stream.incoming-port": {
 		"defaultMessage": "Vstupný port"
 	},
@@ -605,6 +713,9 @@
 	"test": {
 		"defaultMessage": "Test"
 	},
+	"update-available": {
+		"defaultMessage": "Dostupná aktualizácia: {latestVersion}"
+	},
 	"user": {
 		"defaultMessage": "používateľa"
 	},
@@ -647,6 +758,9 @@
 	"user.switch-light": {
 		"defaultMessage": "Prepnúť na svetlý režim"
 	},
+	"user.two-factor": {
+		"defaultMessage": "Dvojfakt. overenie"
+	},
 	"username": {
 		"defaultMessage": "Používateľské meno"
 	},

frontend/src/locale/src/zh.json

@@ -275,6 +275,9 @@
 	"domain-names.wildcards-not-supported": {
 		"defaultMessage": "此 CA 不支持通配符"
 	},
+	"domains.advanced": {
+		"defaultMessage": "高级选项"
+	},
 	"domains.force-ssl": {
 		"defaultMessage": "强制 SSL"
 	},
@@ -287,6 +290,9 @@
 	"domains.http2-support": {
 		"defaultMessage": "HTTP/2 支持"
 	},
+	"domains.trust-forwarded-proto": {
+		"defaultMessage": "信任上游代理传递的协议类型头"
+	},
 	"domains.use-dns": {
 		"defaultMessage": "使用DNS验证"
 	},

frontend/src/modals/ProxyHostModal.tsx

@@ -88,6 +88,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 							http2Support: data?.http2Support || false,
 							hstsEnabled: data?.hstsEnabled || false,
 							hstsSubdomains: data?.hstsSubdomains || false,
+							trustForwardedProto: data?.trustForwardedProto || false,
 							// Advanced tab
 							advancedConfig: data?.advancedConfig || "",
 							meta: data?.meta || {},
@@ -339,7 +340,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 													label="ssl-certificate"
 													allowNew
 												/>
-												<SSLOptionsFields color="bg-lime" />
+												<SSLOptionsFields color="bg-lime" forProxyHost={true} />
 											</div>
 											<div className="tab-pane" id="tab-advanced" role="tabpanel">
 												<NginxConfigField />

frontend/src/modals/RenewCertificateModal.tsx

@@ -41,7 +41,7 @@ const RenewCertificateModal = EasyModal.create(({ id, visible, remove }: Props)
 			.finally(() => {
 				setIsSubmitting(false);
 			});
-	}, [id, data, isFresh, isSubmitting, remove, queryClient.invalidateQueries]);
+	}, [id, data, isFresh, isSubmitting, remove, queryClient]);
 
 	return (
 		<Modal show={visible} onHide={isSubmitting ? undefined : remove}>

scripts/buildx

@@ -22,7 +22,7 @@ docker buildx build \
 	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
 	--build-arg GOPROXY="${GOPROXY:-}" \
 	--build-arg GOPRIVATE="${GOPRIVATE:-}" \
-	--platform linux/amd64,linux/arm64,linux/arm/7 \
+	--platform linux/amd64,linux/arm64 \
 	--progress plain \
 	--pull \
 	-f docker/Dockerfile \

test/cypress/Dockerfile

@@ -1,4 +1,4 @@
-FROM cypress/included:14.0.1
+FROM cypress/included:15.9.0
 
 # Disable Cypress CLI colors
 ENV FORCE_COLOR=0

test/cypress/config/ci.js

@@ -1,22 +0,0 @@
-const { defineConfig } = require('cypress');
-
-module.exports = defineConfig({
-	requestTimeout: 30000,
-	defaultCommandTimeout: 20000,
-	reporter: 'cypress-multi-reporters',
-	reporterOptions: {
-		configFile: 'multi-reporter.json'
-	},
-	video: true,
-	videosFolder: 'results/videos',
-	screenshotsFolder: 'results/screenshots',
-	e2e: {
-		setupNodeEvents(on, config) {
-			return require("../plugins/index.js")(on, config);
-		},
-		env: {
-			swaggerBase: '{{baseUrl}}/api/schema?ts=' + Date.now(),
-		},
-		baseUrl: 'http://fullstack:81',
-	}
-});

test/cypress/config/ci.mjs

@@ -0,0 +1,23 @@
+import { defineConfig } from 'cypress';
+import pluginSetup from '../plugins/index.mjs';
+
+export default defineConfig({
+	requestTimeout: 30000,
+	defaultCommandTimeout: 20000,
+	reporter: "cypress-multi-reporters",
+	reporterOptions: {
+		configFile: "multi-reporter.json"
+	},
+	video: true,
+	videosFolder: "results/videos",
+	screenshotsFolder: "results/screenshots",
+	e2e: {
+		setupNodeEvents(on, config) {
+			return pluginSetup(on, config);
+		},
+		env: {
+			swaggerBase: `{{baseUrl}}/api/schema?ts=${Date.now()}`,
+		},
+		baseUrl: "http://fullstack:81",
+	}
+});

test/cypress/config/dev.js

@@ -1,22 +0,0 @@
-const { defineConfig } = require('cypress');
-
-module.exports = defineConfig({
-	requestTimeout: 30000,
-	defaultCommandTimeout: 20000,
-	reporter: 'cypress-multi-reporters',
-	reporterOptions: {
-		configFile: 'multi-reporter.json'
-	},
-	video: true,
-	videosFolder: 'results/videos',
-	screenshotsFolder: 'results/screenshots',
-	e2e: {
-		setupNodeEvents(on, config) {
-			return require("../plugins/index.js")(on, config);
-		},
-		env: {
-			swaggerBase: '{{baseUrl}}/api/schema?ts=' + Date.now(),
-		},
-		baseUrl: 'http://127.0.0.1:3081',
-	}
-});

test/cypress/config/dev.mjs

@@ -0,0 +1,23 @@
+import { defineConfig } from 'cypress';
+import pluginSetup from '../plugins/index.mjs';
+
+export default defineConfig({
+	requestTimeout: 30000,
+	defaultCommandTimeout: 20000,
+	reporter: "cypress-multi-reporters",
+	reporterOptions: {
+		configFile: "multi-reporter.json"
+	},
+	video: true,
+	videosFolder: "results/videos",
+	screenshotsFolder: "results/screenshots",
+	e2e: {
+		setupNodeEvents(on, config) {
+			return pluginSetup(on, config);
+		},
+		env: {
+			swaggerBase: `{{baseUrl}}/api/schema?ts=${Date.now()}`,
+		},
+		baseUrl: "http://127.0.0.1:3081",
+	}
+});

test/cypress/e2e/api/Streams.cy.js

@@ -24,10 +24,10 @@ describe('Streams', () => {
 
 		// Create a custom cert pair
 		cy.exec('mkcert -cert-file=/test/cypress/fixtures/website1.pem -key-file=/test/cypress/fixtures/website1.key.pem website1.example.com').then((result) => {
-			expect(result.code).to.eq(0);
+			expect(result.exitCode).to.eq(0);
 			// Install CA
 			cy.exec('mkcert -install').then((result) => {
-				expect(result.code).to.eq(0);
+				expect(result.exitCode).to.eq(0);
 			});
 		});
 
@@ -56,7 +56,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('udp_forwarding', false);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => {
-				expect(result.code).to.eq(0);
+				expect(result.exitCode).to.eq(0);
 				expect(result.stdout).to.contain('yay it works');
 			});
 		});
@@ -107,7 +107,7 @@ describe('Streams', () => {
 			expect(data).to.have.property('udp_forwarding', true);
 
 			cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => {
-				expect(result.code).to.eq(0);
+				expect(result.exitCode).to.eq(0);
 				expect(result.stdout).to.contain('yay it works');
 			});
 		});
@@ -176,6 +176,7 @@ describe('Streams', () => {
 							'cert_chain_of_trust',
 							'cert_extlifeSpan',
 							'cert_revocation',
+							'engine_problem',
 							'overall_grade',
 						];
 

test/cypress/plugins/backendApi/client.mjs

@@ -1,9 +1,9 @@
-const logger  = require('./logger');
-const axios = require('axios').default;
+import axios from "axios";
+import logger from "./logger.mjs";
 
-const BackendApi = function(config, token) {
+const BackendApi = function (config, token) {
 	this.config = config;
-	this.token  = token;
+	this.token = token;
 
 	this.axios = axios.create({
 		baseURL: config.baseUrl,
@@ -14,26 +14,24 @@ const BackendApi = function(config, token) {
 /**
  * @param {string} token
  */
-BackendApi.prototype.setToken = function(token) {
+BackendApi.prototype.setToken = function (token) {
 	this.token = token;
 };
 
 /**
  * @param {bool} returnOnError
  */
-BackendApi.prototype._prepareOptions = function(returnOnError) {
-	let options = {
+BackendApi.prototype._prepareOptions = function (returnOnError) {
+	const options = {
 		headers: {
-			Accept: 'application/json'
-		}
-	}
+			Accept: "application/json",
+		},
+	};
 	if (this.token) {
-		options.headers.Authorization = 'Bearer ' + this.token;
+		options.headers.Authorization = `Bearer ${this.token}`;
 	}
 	if (returnOnError) {
-		options.validateStatus = function () {
-			return true;
-		}
+		options.validateStatus = () => true;
 	}
 	return options;
 };
@@ -44,13 +42,30 @@ BackendApi.prototype._prepareOptions = function(returnOnError) {
  * @param {function} reject
  * @param {bool} returnOnError
  */
-BackendApi.prototype._handleResponse = function(response, resolve, reject, returnOnError) {
-	logger('Response data:', response.data);
-	if (!returnOnError && typeof response.data === 'object' && typeof response.data.error === 'object') {
-		if (typeof response.data === 'object' && typeof response.data.error === 'object' && typeof response.data.error.message !== 'undefined') {
-			reject(new Error(response.data.error.code + ': ' + response.data.error.message));
+BackendApi.prototype._handleResponse = (
+	response,
+	resolve,
+	reject,
+	returnOnError,
+) => {
+	logger("Response data:", response.data);
+	if (
+		!returnOnError &&
+		typeof response.data === "object" &&
+		typeof response.data.error === "object"
+	) {
+		if (
+			typeof response.data === "object" &&
+			typeof response.data.error === "object" &&
+			typeof response.data.error.message !== "undefined"
+		) {
+			reject(
+				new Error(
+					`${response.data.error.code}: ${response.data.error.message}`,
+				),
+			);
 		} else {
-			reject(new Error('Error ' + response.status));
+			reject(new Error(`Error ${response.status}`));
 		}
 	} else {
 		resolve(response.data);
@@ -63,10 +78,10 @@ BackendApi.prototype._handleResponse = function(response, resolve, reject, retur
  * @param {function} reject
  * @param {bool} returnOnError
  */
-BackendApi.prototype._handleError = function(err, resolve, reject, returnOnError) {
-	logger('Axios Error:', err);
+BackendApi.prototype._handleError = (err, resolve, reject, returnOnError) => {
+	logger("Axios Error:", err);
 	if (returnOnError) {
-		resolve(typeof err.response.data !== 'undefined' ? err.response.data : err);
+		resolve(typeof err.response.data !== "undefined" ? err.response.data : err);
 	} else {
 		reject(err);
 	}
@@ -84,11 +99,11 @@ BackendApi.prototype.request = function (method, path, returnOnError, data) {
 	const options = this._prepareOptions(returnOnError);
 
 	return new Promise((resolve, reject) => {
-		let opts = {
+		const opts = {
 			method: method,
 			url: path,
-			...options
-		}
+			...options,
+		};
 		if (data !== undefined && data !== null) {
 			opts.data = data;
 		}
@@ -110,16 +125,17 @@ BackendApi.prototype.request = function (method, path, returnOnError, data) {
  * @returns {Promise<object>}
  */
 BackendApi.prototype.postForm = function (path, form, returnOnError) {
-	logger('POST', this.config.baseUrl + path);
+	logger("POST", this.config.baseUrl + path);
 	const options = this._prepareOptions(returnOnError);
 
 	return new Promise((resolve, reject) => {
 		const opts = {
 			...options,
 			...form.getHeaders(),
-		}
+		};
 
-		this.axios.post(path, form, opts)
+		this.axios
+			.post(path, form, opts)
 			.then((response) => {
 				this._handleResponse(response, resolve, reject, returnOnError);
 			})
@@ -129,4 +145,4 @@ BackendApi.prototype.postForm = function (path, form, returnOnError) {
 	});
 };
 
-module.exports = BackendApi;
+export default BackendApi;

test/cypress/plugins/backendApi/logger.js

@@ -1,7 +0,0 @@
-const _ = require("lodash");
-
-module.exports = function() {
-	let arr = _.values(arguments);
-	arr.unshift('[Backend API]');
-	console.log.apply(null, arr);
-};

test/cypress/plugins/backendApi/logger.mjs

@@ -0,0 +1,7 @@
+const log = (...args) => {
+	const arr = args;
+	arr.unshift("[Backend API]");
+	console.log(...arr);
+};
+
+export default log;

test/cypress/plugins/backendApi/task.mjs

@@ -1,13 +1,12 @@
-const fs     = require('fs');
-const FormData = require('form-data');
-const logger = require('./logger');
-const Client = require('./client');
+import fs from "node:fs";
+import FormData from "form-data";
+import Client from "./client.mjs";
+import logger from "./logger.mjs";
 
-module.exports = function (config) {
-	logger('Client Ready using', config.baseUrl);
+export default (config) => {
+	logger("Client Ready using", config.baseUrl);
 
 	return {
-
 		/**
 		 * @param   {object}    options
 		 * @param   {string}    options.path         API path
@@ -18,7 +17,7 @@ module.exports = function (config) {
 		backendApiGet: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.request('get', options.path, options.returnOnError || false);
+			return api.request("get", options.path, options.returnOnError || false);
 		},
 
 		/**
@@ -32,7 +31,12 @@ module.exports = function (config) {
 		backendApiPost: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.request('post', options.path, options.returnOnError || false, options.data);
+			return api.request(
+				"post",
+				options.path,
+				options.returnOnError || false,
+				options.data,
+			);
 		},
 
 		/**
@@ -48,8 +52,11 @@ module.exports = function (config) {
 			api.setToken(options.token);
 
 			const form = new FormData();
-			for (let [key, value] of Object.entries(options.files)) {
-				form.append(key, fs.createReadStream(config.fixturesFolder + '/' + value));
+			for (const [key, value] of Object.entries(options.files)) {
+				form.append(
+					key,
+					fs.createReadStream(`${config.fixturesFolder}/${value}`),
+				);
 			}
 			return api.postForm(options.path, form, options.returnOnError || false);
 		},
@@ -65,7 +72,12 @@ module.exports = function (config) {
 		backendApiPut: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.request('put', options.path, options.returnOnError || false, options.data);
+			return api.request(
+				"put",
+				options.path,
+				options.returnOnError || false,
+				options.data,
+			);
 		},
 
 		/**
@@ -78,7 +90,11 @@ module.exports = function (config) {
 		backendApiDelete: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.request('delete', options.path, options.returnOnError || false);
-		}
+			return api.request(
+				"delete",
+				options.path,
+				options.returnOnError || false,
+			);
+		},
 	};
 };

test/cypress/plugins/index.js

@@ -1,21 +0,0 @@
-const { SwaggerValidation } = require('@jc21/cypress-swagger-validation');
-const chalk = require('chalk');
-
-module.exports = (on, config) => {
-	// Replace swaggerBase config var wildcard
-	if (typeof config.env.swaggerBase !== 'undefined') {
-		config.env.swaggerBase = config.env.swaggerBase.replace('{{baseUrl}}', config.baseUrl);
-	}
-
-	// Plugin Events
-	on('task', SwaggerValidation(config));
-	on('task', require('./backendApi/task')(config));
-	on('task', {
-		log(message) {
-			console.log(`${chalk.cyan.bold('[')}${chalk.blue.bold('LOG')}${chalk.cyan.bold(']')} ${chalk.red.bold(message)}`);
-			return null;
-		}
-	});
-
-	return config;
-};

test/cypress/plugins/index.mjs

@@ -0,0 +1,27 @@
+import { SwaggerValidation } from "@jc21/cypress-swagger-validation";
+import chalk from "chalk";
+import backendTask from "./backendApi/task.mjs";
+
+export default (on, config) => {
+	// Replace swaggerBase config var wildcard
+	if (typeof config.env.swaggerBase !== "undefined") {
+		config.env.swaggerBase = config.env.swaggerBase.replace(
+			"{{baseUrl}}",
+			config.baseUrl,
+		);
+	}
+
+	// Plugin Events
+	on("task", SwaggerValidation(config));
+	on("task", backendTask(config));
+	on("task", {
+		log(message) {
+			console.log(
+				`${chalk.cyan.bold("[")}${chalk.blue.bold("LOG")}${chalk.cyan.bold("]")} ${chalk.red.bold(message)}`,
+			);
+			return null;
+		},
+	});
+
+	return config;
+};

test/cypress/support/commands.mjs

@@ -35,7 +35,7 @@ Cypress.Commands.add("validateSwaggerFile", (url, savePath) => {
 				.then((response) => cy.writeFile(savePath, response.body, { log: false }))
 				.then(() => cy.exec(`yarn swagger-lint '${savePath}'`, { failOnNonZeroExit: false }))
 				.then((result) => cy.task('log', `Swagger Vacuum Results:\n${result.stdout || ''}`)
-					.then(() => expect(result.code).to.eq(0)));
+					.then(() => expect(result.exitCode).to.eq(0)));
 		});
 });
 

test/cypress/support/e2e.js

@@ -1,4 +1,4 @@
-import './commands';
+import './commands.mjs';
 
 Cypress.on('uncaught:exception', (/*err, runnable*/) => {
 	// returning false here prevents Cypress from

test/jsconfig.json

@@ -1,6 +1,13 @@
 {
 	"include": [
 		"./node_modules/cypress",
-		"cypress/**/*.js"
+		"cypress/**/*.js",
+		"cypress/config/dev.mjs",
+		"cypress/config/ci.mjs",
+		"cypress/plugins/index.mjs",
+		"cypress/plugins/backendApi/task.mjs",
+		"cypress/plugins/backendApi/logger.mjs",
+		"cypress/plugins/backendApi/client.mjs",
+		"cypress/support/commands.mjs"
 	]
 }

test/package.json

@@ -5,13 +5,13 @@
 	"main": "index.js",
 	"dependencies": {
 		"@jc21/cypress-swagger-validation": "^0.3.2",
-		"@quobix/vacuum": "^0.19.4",
+		"@quobix/vacuum": "^0.23.4",
 		"axios": "^1.13.1",
-		"chalk": "^4.1.0",
-		"cypress": "^14.0.1",
+		"chalk": "^5.6.2",
+		"cypress": "^15.9.0",
 		"cypress-multi-reporters": "^2.0.5",
 		"cypress-wait-until": "^3.0.2",
-		"eslint": "^9.39.0",
+		"eslint": "^10.0.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
 		"eslint-plugin-chai-friendly": "^1.1.0",
 		"eslint-plugin-cypress": "^5.2.0",
@@ -21,9 +21,9 @@
 		"mocha-junit-reporter": "^2.2.1"
 	},
 	"scripts": {
-		"cypress": "HTTP_PROXY=127.0.0.1:8128 HTTPS_PROXY=127.0.0.1:8128 cypress open --config-file=cypress/config/ci.js",
-		"cypress:headless": "HTTP_PROXY=127.0.0.1:8128 HTTPS_PROXY=127.0.0.1:8128 cypress run --config-file=cypress/config/ci.js",
-		"cypress:dev": "cypress run --config-file=cypress/config/dev.js",
+		"cypress": "HTTP_PROXY=127.0.0.1:8128 HTTPS_PROXY=127.0.0.1:8128 cypress open --config-file=cypress/config/ci.mjs",
+		"cypress:headless": "HTTP_PROXY=127.0.0.1:8128 HTTPS_PROXY=127.0.0.1:8128 cypress run --config-file=cypress/config/ci.mjs",
+		"cypress:dev": "cypress run --config-file=cypress/config/dev.mjs",
 		"swagger-lint": "vacuum lint -b -q -d -a --no-clip -n=warn"
 	},
 	"author": "",