Merge pull request #2703 from NginxProxyManager/develop

v2.9.21
Merge branch 'master' into develop
2025-06-18 02:06:25 +00:00 · 2023-03-18 16:10:27 +10:00 · 2023-03-18 14:20:42 +10:00 · 2023-03-18 14:17:41 +10:00 · 2023-03-18 14:15:37 +10:00 · 2023-03-18 03:37:23 +02:00
130 changed files with 3902 additions and 4560 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.9.8
+2.9.21
--- a/89
+++ b/89
@ -1,3 +1,9 @@
 import groovy.transform.Field
@Field
 def shOutput = ""
 def buildxPushTags = ""
 pipeline {
 	agent {
 		label 'docker-multiarch'
@ -16,6 +22,8 @@ pipeline {
 		COMPOSE_FILE               = 'docker/docker-compose.ci.yml'
 		COMPOSE_INTERACTIVE_NO_CLI = 1
 		BUILDX_NAME                = "${COMPOSE_PROJECT_NAME}"
 		DOCS_BUCKET                = 'jc21-npm-site'
 		DOCS_CDN                   = 'EN1G6DEWZUTDT'
 	}
 	stages {
 		stage('Environment') {
@ -26,7 +34,7 @@ pipeline {
 					}
 					steps {
 						script {
-							env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
+							buildxPushTags = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
 						}
 					}
 				}
@ -39,7 +47,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
 						}
 					}
 				}
@ -54,34 +62,28 @@ pipeline {
 				}
 			}
 		}
-		stage('Frontend') {
+		stage('Build and Test') {
 			steps {
-				sh './scripts/frontend-build'
+				script {
 					// Frontend and Backend
 					def shStatusCode = sh(label: 'Checking and Building', returnStatus: true, script: '''
 						set -e
 						./scripts/ci/frontend-build > ${WORKSPACE}/tmp-sh-build 2>&1
 						./scripts/ci/test-and-build > ${WORKSPACE}/tmp-sh-build 2>&1
 					''')
 					shOutput = readFile "${env.WORKSPACE}/tmp-sh-build"
 					if (shStatusCode != 0) {
 						error "${shOutput}"
 					}
 				}
 			}
-		}
+			post {
-		stage('Backend') {
+				always {
-			steps {
+					sh 'rm -f ${WORKSPACE}/tmp-sh-build'
-				echo 'Checking Syntax ...'
+				}
-				// See: https://github.com/yarnpkg/yarn/issues/3254
+				failure {
-				sh '''docker run --rm \\
+					npmGithubPrComment("CI Error:\n\n```\n${shOutput}\n```", true)
-					-v "$(pwd)/backend:/app" \\
+				}
 					-v "$(pwd)/global:/app/global" \\
 					-w /app \\
 					node:latest \\
 					sh -c "yarn install && yarn eslint . && rm -rf node_modules"
 				'''
 				echo 'Docker Build ...'
 				sh '''docker build --pull --no-cache --squash --compress \\
 					-t "${IMAGE}:ci-${BUILD_NUMBER}" \\
 					-f docker/Dockerfile \\
 					--build-arg TARGETPLATFORM=linux/amd64 \\
 					--build-arg BUILDPLATFORM=linux/amd64 \\
 					--build-arg BUILD_VERSION="${BUILD_VERSION}" \\
 					--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \\
 					--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \\
 					.
 				'''
 			}
 		}
 		stage('Integration Tests Sqlite') {
@ -163,10 +165,8 @@ pipeline {
 			}
 			steps {
 				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
-					// Docker Login
+					sh 'docker login -u "${duser}" -p "${dpass}"'
-					sh "docker login -u '${duser}' -p '${dpass}'"
+					sh "./scripts/buildx --push ${buildxPushTags}"
 					// Buildx with push from cache
 					sh "./scripts/buildx --push ${BUILDX_PUSH_TAGS}"
 				}
 			}
 		}
@ -180,26 +180,7 @@ pipeline {
 				}
 			}
 			steps {
-				withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', accessKeyVariable: 'AWS_ACCESS_KEY_ID', credentialsId: 'npm-s3-docs', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) {
+				npmDocsRelease("$DOCS_BUCKET", "$DOCS_CDN")
 					sh """docker run --rm \\
 						--name \${COMPOSE_PROJECT_NAME}-docs-upload \\
 						-e S3_BUCKET=jc21-npm-site \\
 						-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \\
 						-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \\
 						-v \$(pwd):/app \\
 						-w /app \\
 						jc21/ci-tools \\
 						scripts/docs-upload /app/docs/.vuepress/dist/
 					"""
 					sh """docker run --rm \\
 						--name \${COMPOSE_PROJECT_NAME}-docs-invalidate \\
 						-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \\
 						-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \\
 						jc21/ci-tools \\
 						aws cloudfront create-invalidation --distribution-id EN1G6DEWZUTDT --paths '/*'
 					"""
 				}
 			}
 		}
 		stage('PR Comment') {
@ -213,14 +194,14 @@ pipeline {
 			}
 			steps {
 				script {
-					def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.")
+					npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
 				}
 			}
 		}
 	}
 	post {
 		always {
-			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
+			sh 'docker-compose down --remove-orphans --volumes -t 30'
 			sh 'echo Reverting ownership'
 			sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
 		}
--- a/README.md
+++ b/README.md
@ -1,22 +1,13 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.8-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.19-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
 	<a href="https://ci.nginxproxymanager.com/blue/organizations/jenkins/nginx-proxy-manager/branches/">
 		<img src="https://img.shields.io/jenkins/build?jobUrl=https%3A%2F%2Fci.nginxproxymanager.com%2Fjob%2Fnginx-proxy-manager%2Fjob%2Fmaster&style=for-the-badge">
 	</a>
 	<a href="https://gitter.im/nginx-proxy-manager/community">
 		<img alt="Gitter" src="https://img.shields.io/gitter/room/nginx-proxy-manager/community?style=for-the-badge">
 	</a>
 	<a href="https://reddit.com/r/nginxproxymanager">
 		<img alt="Reddit" src="https://img.shields.io/reddit/subreddit-subscribers/nginxproxymanager?label=Reddit%20Community&style=for-the-badge">
 	</a>
 </p>
 This project comes as a pre-built docker image that enables you to easily forward to your websites
@ -74,31 +65,19 @@ services:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
 ```
-3. Bring up your stack
+3. Bring up your stack by running
 ```bash
 docker-compose up -d
 # If using docker-compose-plugin
 docker compose up -d
 ```
 4. Log in to the Admin UI
@ -119,371 +98,12 @@ Immediately after logging in with this default user you will be asked to modify
 ## Contributors
-Special thanks to the following contributors:
+Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).
-<!-- prettier-ignore-start -->
+
-<!-- markdownlint-disable -->
+## Getting Support
-<table>
+
-	<tr>
+1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
-		<td align="center">
+2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
-			<a href="https://github.com/Subv">
+3. [Development Gitter](https://gitter.im/nginx-proxy-manager/community)
-				<img src="https://avatars1.githubusercontent.com/u/357072?s=460&u=d8adcdc91d749ae53e177973ed9b6bb6c4c894a3&v=4" width="80" alt=""/>
+4. [Reddit](https://reddit.com/r/nginxproxymanager)
 				<br /><sub><b>Sebastian Valle</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Indemnity83">
 				<img src="https://avatars3.githubusercontent.com/u/35218?s=460&u=7082004ff35138157c868d7d9c683ccebfce5968&v=4" width="80" alt=""/>
 				<br /><sub><b>Kyle Klaus</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/theraw">
 				<img src="https://avatars1.githubusercontent.com/u/32969774?s=460&u=6b359971e15685fb0359e6a8c065a399b40dc228&v=4" width="80" alt=""/>
 				<br /><sub><b>ƬHE ЯAW</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/spalger">
 				<img src="https://avatars2.githubusercontent.com/u/1329312?s=400&u=565223e38f1c052afb4c5dcca3fcf1c63ba17ae7&v=4" width="80" alt=""/>
 				<br /><sub><b>Spencer</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Xantios">
 				<img src="https://avatars3.githubusercontent.com/u/1507836?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Xantios Krugor</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/dpanesso">
 				<img src="https://avatars2.githubusercontent.com/u/2687121?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>David Panesso</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/IronTooch">
 				<img src="https://avatars3.githubusercontent.com/u/27360514?s=460&u=69bf854a6647c55725f62ecb8d39249c6c0b2602&v=4" width="80" alt=""/>
 				<br /><sub><b>IronTooch</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/damianog">
 				<img src="https://avatars1.githubusercontent.com/u/2786682?s=460&u=76c6136fae797abb76b951cd8a246dcaecaf21af&v=4" width="80" alt=""/>
 				<br /><sub><b>Damiano</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/tfmm">
 				<img src="https://avatars3.githubusercontent.com/u/6880538?s=460&u=ce0160821cc4aa802df8395200f2d4956a5bc541&v=4" width="80" alt=""/>
 				<br /><sub><b>Russ</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/margaale">
 				<img src="https://avatars3.githubusercontent.com/u/20794934?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Marcelo Castagna</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Steven-Harris">
 				<img src="https://avatars2.githubusercontent.com/u/7720242?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Steven Harris</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/jlesage">
 				<img src="https://avatars0.githubusercontent.com/u/1791123?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Jocelyn Le Sage</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/cmer">
 				<img src="https://avatars0.githubusercontent.com/u/412?s=460&u=67dd8b2e3661bfd6f68ec1eaa5b9821bd8a321cd&v=4" width="80" alt=""/>
 				<br /><sub><b>Carl Mercier</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/the1ts">
 				<img src="https://avatars1.githubusercontent.com/u/84956?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Paul Mansfield</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/OhHeyAlan">
 				<img src="https://avatars0.githubusercontent.com/u/11955126?s=460&u=fbaa5a1a4f73ef8960132c703349bfd037fe2630&v=4" width="80" alt=""/>
 				<br /><sub><b>OhHeyAlan</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/dogmatic69">
 				<img src="https://avatars2.githubusercontent.com/u/94674?s=460&u=ca7647de53145c6283b6373ade5dc94ba99347db&v=4" width="80" alt=""/>
 				<br /><sub><b>Carl Sutton</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/tg44">
 				<img src="https://avatars0.githubusercontent.com/u/31839?s=460&u=ad32f4cadfef5e5fb09cdfa4b7b7b36a99ba6811&v=4" width="80" alt=""/>
 				<br /><sub><b>Gergő Törcsvári</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/vrenjith">
 				<img src="https://avatars3.githubusercontent.com/u/2093241?s=460&u=96ce93a9bebabdd0a60a2dc96cd093a41d5edaba&v=4" width="80" alt=""/>
 				<br /><sub><b>vrenjith</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/duhruh">
 				<img src="https://avatars2.githubusercontent.com/u/1133969?s=460&u=c0691e6131ec6d516416c1c6fcedb5034f877bbe&v=4" width="80" alt=""/>
 				<br /><sub><b>David Rivera</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/jipjan">
 				<img src="https://avatars2.githubusercontent.com/u/1384618?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Jaap-Jan de Wit</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/jmwebslave">
 				<img src="https://avatars2.githubusercontent.com/u/6118262?s=460&u=7db409c47135b1e141c366bbb03ed9fae6ac2638&v=4" width="80" alt=""/>
 				<br /><sub><b>James Morgan</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/chaptergy">
 				<img src="https://avatars2.githubusercontent.com/u/26956711?s=460&u=7d9adebabb6b4e7af7cb05d98d751087a372304b&v=4" width="80" alt=""/>
 				<br /><sub><b>chaptergy</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Philip-Mooney">
 				<img src="https://avatars0.githubusercontent.com/u/48624631?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Philip Mooney</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/WaterCalm">
 				<img src="https://avatars1.githubusercontent.com/u/23502129?s=400&v=4" width="80" alt=""/>
 				<br /><sub><b>WaterCalm</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/lebrou34">
 				<img src="https://avatars1.githubusercontent.com/u/16373103?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>lebrou34</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/lightglitch">
 				<img src="https://avatars0.githubusercontent.com/u/196953?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Mário Franco</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/klutchell">
 				<img src="https://avatars3.githubusercontent.com/u/20458272?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Kyle Harding</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/ahgraber">
 				<img src="https://avatars.githubusercontent.com/u/24922003?s=460&u=8376c9f00af9b6057ba4d2fb03b4f1b20a75277f&v=4" width="80" alt=""/>
 				<br /><sub><b>Alex Graber</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/MooBaloo">
 				<img src="https://avatars.githubusercontent.com/u/9493496?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>MooBaloo</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Shuro">
 				<img src="https://avatars.githubusercontent.com/u/944030?s=460&v=4" width="80" alt=""/>
 				<br /><sub><b>Shuro</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/lorisbergeron">
 				<img src="https://avatars.githubusercontent.com/u/51918567?s=460&u=778e4ff284b7d7304450f98421c99f79298371fb&v=4" width="80" alt=""/>
 				<br /><sub><b>Loris Bergeron</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/hepelayo">
 				<img src="https://avatars.githubusercontent.com/u/8243119?v=4" width="80" alt=""/>
 				<br /><sub><b>hepelayo</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/jonasled">
 				<img src="https://avatars.githubusercontent.com/u/46790650?v=4" width="80" alt=""/>
 				<br /><sub><b>Jonas Leder</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/stegmannb">
 				<img src="https://avatars.githubusercontent.com/u/12850482?v=4" width="80" alt=""/>
 				<br /><sub><b>Bastian Stegmann</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Stealthii">
 				<img src="https://avatars.githubusercontent.com/u/998920?v=4" width="80" alt=""/>
 				<br /><sub><b>Stealthii</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/thegamingninja">
 				<img src="https://avatars.githubusercontent.com/u/8020534?v=4" width="80" alt=""/>
 				<br /><sub><b>THEGamingninja</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/italobb">
 				<img src="https://avatars.githubusercontent.com/u/1801687?v=4" width="80" alt=""/>
 				<br /><sub><b>Italo Borssatto</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/GurjinderSingh">
 				<img src="https://avatars.githubusercontent.com/u/3470709?v=4" width="80" alt=""/>
 				<br /><sub><b>Gurjinder Singh</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/phantomski77">
 				<img src="https://avatars.githubusercontent.com/u/69464125?v=4" width="80" alt=""/>
 				<br /><sub><b>David Dosoudil</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/ijaron">
 				<img src="https://avatars.githubusercontent.com/u/5156472?v=4" width="80" alt=""/>
 				<br /><sub><b>ijaron</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/nielscil">
 				<img src="https://avatars.githubusercontent.com/u/9073152?v=4" width="80" alt=""/>
 				<br /><sub><b>Niels Bouma</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/ogarai">
 				<img src="https://avatars.githubusercontent.com/u/2949572?v=4" width="80" alt=""/>
 				<br /><sub><b>Orko Garai</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/baruffaldi">
 				<img src="https://avatars.githubusercontent.com/u/36949?v=4" width="80" alt=""/>
 				<br /><sub><b>Filippo Baruffaldi</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/bikram990">
 				<img src="https://avatars.githubusercontent.com/u/6782131?v=4" width="80" alt=""/>
 				<br /><sub><b>Bikramjeet Singh</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/razvanstoica89">
 				<img src="https://avatars.githubusercontent.com/u/28236583?v=4" width="80" alt=""/>
 				<br /><sub><b>Razvan Stoica</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/psharma04">
 				<img src="https://avatars.githubusercontent.com/u/22587474?v=4" width="80" alt=""/>
 				<br /><sub><b>RBXII3</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/demize">
 				<img src="https://avatars.githubusercontent.com/u/264914?v=4" width="80" alt=""/>
 				<br /><sub><b>demize</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/PUP-Loki">
 				<img src="https://avatars.githubusercontent.com/u/75944209?v=4" width="80" alt=""/>
 				<br /><sub><b>PUP-Loki</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/DSorlov">
 				<img src="https://avatars.githubusercontent.com/u/8133650?v=4" width="80" alt=""/>
 				<br /><sub><b>Daniel Sörlöv</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/Theyooo">
 				<img src="https://avatars.githubusercontent.com/u/58510131?v=4" width="80" alt=""/>
 				<br /><sub><b>Theyooo</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/mrdink">
 				<img src="https://avatars.githubusercontent.com/u/514751?v=4" width="80" alt=""/>
 				<br /><sub><b>Justin Peacock</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/ChrisTracy">
 				<img src="https://avatars.githubusercontent.com/u/58871574?v=4" width="80" alt=""/>
 				<br /><sub><b>Chris Tracy</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/Fuechslein">
 				<img src="https://avatars.githubusercontent.com/u/15112818?v=4" width="80" alt=""/>
 				<br /><sub><b>Fuechslein</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/nightah">
 				<img src="https://avatars.githubusercontent.com/u/3339418?v=4" width="80" alt=""/>
 				<br /><sub><b>Amir Zarrinkafsh</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/gabbe">
 				<img src="https://avatars.githubusercontent.com/u/156397?v=4" width="80" alt=""/>
 				<br /><sub><b>gabbe</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/bmbvenom">
 				<img src="https://avatars.githubusercontent.com/u/20530371?v=4" width="80" alt=""/>
 				<br /><sub><b>bmbvenom</b></sub>
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td align="center">
 			<a href="https://github.com/FMeinicke">
 				<img src="https://avatars.githubusercontent.com/u/42121639?v=4" width="80" alt=""/>
 				<br /><sub><b>Florian Meinicke</b></sub>
 			</a>
 		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->
 <!-- prettier-ignore-end -->
--- a/backend/app.js
+++ b/backend/app.js
@ -40,13 +40,12 @@ app.use(function (req, res, next) {
 	}
 	res.set({
-		'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
+		'X-XSS-Protection':       '1; mode=block',
-		'X-XSS-Protection':          '1; mode=block',
+		'X-Content-Type-Options': 'nosniff',
-		'X-Content-Type-Options':    'nosniff',
+		'X-Frame-Options':        x_frame_options,
-		'X-Frame-Options':           x_frame_options,
+		'Cache-Control':          'no-cache, no-store, max-age=0, must-revalidate',
-		'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',
+		Pragma:                   'no-cache',
-		Pragma:                      'no-cache',
+		Expires:                  0
 		Expires:                     0
 	});
 	next();
 });
@ -75,7 +74,7 @@ app.use(function (err, req, res, next) {
 	// Not every error is worth logging - but this is good for now until it gets annoying.
 	if (typeof err.stack !== 'undefined' && err.stack) {
-		if (process.env.NODE_ENV === 'development') {
+		if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
 			log.debug(err.stack);
 		} else if (typeof err.public == 'undefined' || !err.public) {
 			log.warn(err.message);
--- a/backend/index.js
+++ b/backend/index.js
@ -44,84 +44,85 @@ async function appStart () {
 async function createDbConfigFromEnvironment() {
 	return new Promise((resolve, reject) => {
-		const envMysqlHost  = process.env.DB_MYSQL_HOST || null;
+		const envMysqlHost = process.env.DB_MYSQL_HOST || null;
-		const envMysqlPort  = process.env.DB_MYSQL_PORT || null;
+		const envMysqlPort = process.env.DB_MYSQL_PORT || null;
-		const envMysqlUser  = process.env.DB_MYSQL_USER || null;
+		const envMysqlUser = process.env.DB_MYSQL_USER || null;
-		const envMysqlName  = process.env.DB_MYSQL_NAME || null;
+		const envMysqlName = process.env.DB_MYSQL_NAME || null;
-		const envSqliteFile = process.env.DB_SQLITE_FILE || null;
+		let envSqliteFile  = process.env.DB_SQLITE_FILE || null;
-		if ((envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) || envSqliteFile) {
+		const fs       = require('fs');
-			const fs       = require('fs');
+		const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
-			const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
+		let configData = {};
 			let configData = {};
-			try {
+		try {
-				configData = require(filename);
+			configData = require(filename);
-			} catch (err) {
+		} catch (err) {
-				// do nothing
+			// do nothing
-			}
+		}
-			if (configData.database && configData.database.engine && !configData.database.fromEnv) {
+		if (configData.database && configData.database.engine && !configData.database.fromEnv) {
-				logger.info('Manual db configuration already exists, skipping config creation from environment variables');
+			logger.info('Manual db configuration already exists, skipping config creation from environment variables');
 			resolve();
 			return;
 		}
 		if ((!envMysqlHost || !envMysqlPort || !envMysqlUser || !envMysqlName) && !envSqliteFile){
 			envSqliteFile = '/data/database.sqlite';
 			logger.info(`No valid environment variables for database provided, using default SQLite file '${envSqliteFile}'`);
 		}
 		if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
 			const newConfig = {
 				fromEnv:  true,
 				engine:   'mysql',
 				host:     envMysqlHost,
 				port:     envMysqlPort,
 				user:     envMysqlUser,
 				password: process.env.DB_MYSQL_PASSWORD,
 				name:     envMysqlName,
 			};
 			if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
 				// Config is unchanged, skip overwrite
 				resolve();
 				return;
 			}
-			if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
+			logger.info('Generating MySQL knex configuration from environment variables');
-				const newConfig = {
+			configData.database = newConfig;
 					fromEnv:  true,
 					engine:   'mysql',
 					host:     envMysqlHost,
 					port:     envMysqlPort,
 					user:     envMysqlUser,
 					password: process.env.DB_MYSQL_PASSWORD,
 					name:     envMysqlName,
 				};
-				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+		} else {
-					// Config is unchanged, skip overwrite
+			const newConfig = {
-					resolve();
+				fromEnv: true,
-					return;
+				engine:  'knex-native',
 				knex:    {
 					client:     'sqlite3',
 					connection: {
 						filename: envSqliteFile
 					},
 					useNullAsDefault: true
 				}
-
+			};
-				logger.info('Generating MySQL db configuration from environment variables');
+			if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
-				configData.database = newConfig;
+				// Config is unchanged, skip overwrite
-
+				resolve();
-			} else {
+				return;
 				const newConfig = {
 					fromEnv: true,
 					engine:  'knex-native',
 					knex:    {
 						client:     'sqlite3',
 						connection: {
 							filename: envSqliteFile
 						},
 						useNullAsDefault: true
 					}
 				};
 				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
 					// Config is unchanged, skip overwrite
 					resolve();
 					return;
 				}
 				logger.info('Generating Sqlite db configuration from environment variables');
 				configData.database = newConfig;
 			}
-			// Write config
+			logger.info('Generating SQLite knex configuration');
-			fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
+			configData.database = newConfig;
 				if (err) {
 					logger.error('Could not write db config to config file: ' + filename);
 					reject(err);
 				} else {
 					logger.info('Wrote db configuration to config file: ' + filename);
 					resolve();
 				}
 			});
 		} else {
 			resolve();
 		}
 		// Write config
 		fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
 			if (err) {
 				logger.error('Could not write db config to config file: ' + filename);
 				reject(err);
 			} else {
 				logger.debug('Wrote db configuration to config file: ' + filename);
 				resolve();
 			}
 		});
 	});
 }
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@ -3,13 +3,13 @@ const fs                    = require('fs');
 const batchflow             = require('batchflow');
 const logger                = require('../logger').access;
 const error                 = require('../lib/error');
 const utils                 = require('../lib/utils');
 const accessListModel       = require('../models/access_list');
 const accessListAuthModel   = require('../models/access_list_auth');
 const accessListClientModel = require('../models/access_list_client');
 const proxyHostModel        = require('../models/proxy_host');
 const internalAuditLog      = require('./audit-log');
 const internalNginx         = require('./nginx');
 const utils                 = require('../lib/utils');
 function omissions () {
 	return ['is_deleted'];
@ -27,13 +27,13 @@ const internalAccessList = {
 			.then((/*access_data*/) => {
 				return accessListModel
 					.query()
 					.omit(omissions())
 					.insertAndFetch({
 						name:          data.name,
 						satisfy_any:   data.satisfy_any,
 						pass_auth:     data.pass_auth,
 						owner_user_id: access.token.getUserId(1)
-					});
+					})
 					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				data.id = row.id;
@ -218,7 +218,7 @@ const internalAccessList = {
 				// re-fetch with expansions
 				return internalAccessList.get(access, {
 					id:     data.id,
-					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
+					expand: ['owner', 'items', 'clients', 'proxy_hosts.[certificate,access_list.[clients,items]]']
 				}, true /* <- skip masking */);
 			})
 			.then((row) => {
@ -256,35 +256,31 @@ const internalAccessList = {
 					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
-					.allowEager('[owner,items,clients,proxy_hosts.[*, access_list.[clients,items]]]')
+					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
 					.omit(['access_list.is_deleted'])
 					.first();
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('access_list.owner_user_id', access.token.getUserId(1));
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
 						row = internalAccessList.maskItems(row);
 					}
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
 					row = internalAccessList.maskItems(row);
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -381,8 +377,7 @@ const internalAccessList = {
 					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
-					.omit(['access_list.is_deleted'])
+					.allowGraph('[owner,items,clients]')
 					.allowEager('[owner,items,clients]')
 					.orderBy('access_list.name', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -397,10 +392,10 @@ const internalAccessList = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (rows) {
@ -507,7 +502,7 @@ const internalAccessList = {
 								if (typeof item.password !== 'undefined' && item.password.length) {
 									logger.info('Adding: ' + item.username);
-									utils.exec('/usr/bin/htpasswd -b "' + htpasswd_file + '" "' + item.username + '" "' + item.password + '"')
+									utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
 										.then((/*result*/) => {
 											next();
 										})
--- a/backend/internal/audit-log.js
+++ b/backend/internal/audit-log.js
@ -19,7 +19,7 @@ const internalAuditLog = {
 					.orderBy('created_on', 'DESC')
 					.orderBy('id', 'DESC')
 					.limit(100)
-					.allowEager('[user]');
+					.allowGraph('[user]');
 				// Query is used for searching
 				if (typeof search_query === 'string') {
@ -29,7 +29,7 @@ const internalAuditLog = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
 				return query;
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -1,5 +1,6 @@
 const _                  = require('lodash');
 const fs                 = require('fs');
 const https              = require('https');
 const tempWrite          = require('temp-write');
 const moment             = require('moment');
 const logger             = require('../logger').ssl;
@ -15,6 +16,7 @@ const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';
 const archiver           = require('archiver');
 const path               = require('path');
 const { isArray }        = require('lodash');
 function omissions() {
 	return ['is_deleted'];
@ -114,13 +116,13 @@ const internalCertificate = {
 				data.owner_user_id = access.token.getUserId(1);
 				if (data.provider === 'letsencrypt') {
-					data.nice_name = data.domain_names.sort().join(', ');
+					data.nice_name = data.domain_names.join(', ');
 				}
 				return certificateModel
 					.query()
-					.omit(omissions())
+					.insertAndFetch(data)
-					.insertAndFetch(data);
+					.then(utils.omitRow(omissions()));
 			})
 			.then((certificate) => {
 				if (certificate.provider === 'letsencrypt') {
@ -169,6 +171,7 @@ const internalCertificate = {
 								// 3. Generate the LE config
 								return internalNginx.generateLetsEncryptRequestConfig(certificate)
 									.then(internalNginx.reload)
 									.then(async() => await new Promise((r) => setTimeout(r, 5000)))
 									.then(() => {
 										// 4. Request cert
 										return internalCertificate.requestLetsEncryptSsl(certificate);
@ -266,8 +269,8 @@ const internalCertificate = {
 				return certificateModel
 					.query()
 					.omit(omissions())
 					.patchAndFetchById(row.id, data)
 					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						saved_row.meta = internalCertificate.cleanMeta(saved_row.meta);
 						data.meta      = internalCertificate.cleanMeta(data.meta);
@ -285,7 +288,7 @@ const internalCertificate = {
 							meta:        _.omit(data, ['expires_on']) // this prevents json circular reference because expires_on might be raw
 						})
 							.then(() => {
-								return _.omit(saved_row, omissions());
+								return saved_row;
 							});
 					});
 			});
@ -310,30 +313,28 @@ const internalCertificate = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner]')
+					.allowGraph('[owner]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -385,7 +386,7 @@ const internalCertificate = {
 	zipFiles(source, out) {
 		const archive = archiver('zip', { zlib: { level: 9 } });
 		const stream  = fs.createWriteStream(out);
-	
+
 		return new Promise((resolve, reject) => {
 			source
 				.map((fl) => {
@ -396,7 +397,7 @@ const internalCertificate = {
 			archive
 				.on('error', (err) => reject(err))
 				.pipe(stream);
-	
+
 			stream.on('close', () => resolve());
 			archive.finalize();
 		});
@ -463,8 +464,7 @@ const internalCertificate = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
+					.allowGraph('[owner]')
 					.allowEager('[owner]')
 					.orderBy('nice_name', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -474,15 +474,15 @@ const internalCertificate = {
 				// Query is used for searching
 				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where('name', 'like', '%' + search_query + '%');
+						this.where('nice_name', 'like', '%' + search_query + '%');
 					});
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			});
 	},
@ -659,7 +659,6 @@ const internalCertificate = {
 							meta:         _.clone(row.meta) // Prevent the update method from changing this value that we'll use later
 						})
 							.then((certificate) => {
 								console.log('ROWMETA:', row.meta);
 								certificate.meta = row.meta;
 								return internalCertificate.writeCustomCert(certificate);
 							});
@ -832,7 +831,7 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const cmd = certbotCommand + ' certonly --non-interactive ' +
+		const cmd = certbotCommand + ' certonly ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
@ -868,13 +867,17 @@ const internalCertificate = {
 		logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
-		const credentialsCmd      = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
+		// Escape single quotes and backslashes
-		const prepareCmd          = 'pip install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies;
+		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
 		const credentialsCmd     = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
 		// we call `. /opt/certbot/bin/activate` (`.` is alternative to `source` in dash) to access certbot venv
 		let prepareCmd = '. /opt/certbot/bin/activate && pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';
 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
-		let mainCmd = certbotCommand + ' certonly --non-interactive ' +
+		let mainCmd = certbotCommand + ' certonly ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
@ -969,10 +972,11 @@ const internalCertificate = {
 	renewLetsEncryptSsl: (certificate) => {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const cmd = certbotCommand + ' renew --force-renewal --non-interactive ' +
+		const cmd = certbotCommand + ' renew --force-renewal ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
 			(letsencryptStaging ? '--staging' : '');
@ -998,9 +1002,11 @@ const internalCertificate = {
 		logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
-		let mainCmd = certbotCommand + ' renew --non-interactive ' +
+		let mainCmd = certbotCommand + ' renew ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
-			'--disable-hook-validation' +
+			'--disable-hook-validation ' +
 			'--no-random-sleep-on-renew ' +
 			(letsencryptStaging ? ' --staging' : '');
 		// Prepend the path to the credentials file as an environment variable
@ -1026,7 +1032,8 @@ const internalCertificate = {
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const mainCmd = certbotCommand + ' revoke --non-interactive ' +
+		const mainCmd = certbotCommand + ' revoke ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
 			(letsencryptStaging ? '--staging' : '');
@ -1119,6 +1126,94 @@ const internalCertificate = {
 		} else {
 			return Promise.resolve();
 		}
 	},
 	testHttpsChallenge: async (access, domains) => {
 		await access.can('certificates:list');
 		if (!isArray(domains)) {
 			throw new error.InternalValidationError('Domains must be an array of strings');
 		}
 		if (domains.length === 0) {
 			throw new error.InternalValidationError('No domains provided');
 		}
 		// Create a test challenge file
 		const testChallengeDir  = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
 		const testChallengeFile = testChallengeDir + '/test-challenge';
 		fs.mkdirSync(testChallengeDir, {recursive: true});
 		fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});
 		async function performTestForDomain (domain) {
 			logger.info('Testing http challenge for ' + domain);
 			const url      = `http://${domain}/.well-known/acme-challenge/test-challenge`;
 			const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`;
 			const options  = {
 				method:  'POST',
 				headers: {
 					'Content-Type':   'application/x-www-form-urlencoded',
 					'Content-Length': Buffer.byteLength(formBody)
 				}
 			};
 			const result = await new Promise((resolve) => {
 				const req = https.request('https://www.site24x7.com/tools/restapi-tester', options, function (res) {
 					let responseBody = '';
 					res.on('data', (chunk) => responseBody = responseBody + chunk);
 					res.on('end', function () {
 						const parsedBody = JSON.parse(responseBody + '');
 						if (res.statusCode !== 200) {
 							logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
 							resolve(undefined);
 						}
 						resolve(parsedBody);
 					});
 				});
 				// Make sure to write the request body.
 				req.write(formBody);
 				req.end();
 				req.on('error', function (e) { logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e);
 					resolve(undefined); });
 			});
 			if (!result) {
 				// Some error occurred while trying to get the data
 				return 'failed';
 			} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
 				// Server exists and has responded with the correct data
 				return 'ok';
 			} else if (`${result.responsecode}` === '200') {
 				// Server exists but has responded with wrong data
 				logger.info(`HTTP challenge test failed for domain ${domain} because of invalid returned data:`, result.htmlresponse);
 				return 'wrong-data';
 			} else if (`${result.responsecode}` === '404') {
 				// Server exists but responded with a 404
 				logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`);
 				return '404';
 			} else if (`${result.responsecode}` === '0' || (typeof result.reason === 'string' && result.reason.toLowerCase() === 'host unavailable')) {
 				// Server does not exist at domain
 				logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`);
 				return 'no-host';
 			} else {
 				// Other errors
 				logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`);
 				return `other:${result.responsecode}`;
 			}
 		}
 		const results = {};
 		for (const domain of domains){
 			results[domain] = await performTestForDomain(domain);
 		}
 		// Remove the test challenge file
 		fs.unlinkSync(testChallengeFile);
 		return results;
 	}
 };
--- a/backend/internal/dead-host.js
+++ b/backend/internal/dead-host.js
@ -1,5 +1,6 @@
 const _                   = require('lodash');
 const error               = require('../lib/error');
 const utils               = require('../lib/utils');
 const deadHostModel       = require('../models/dead_host');
 const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
@ -49,8 +50,8 @@ const internalDeadHost = {
 				return deadHostModel
 					.query()
-					.omit(omissions())
+					.insertAndFetch(data)
-					.insertAndFetch(data);
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
@ -218,31 +219,28 @@ const internalDeadHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,certificate]')
+					.allowGraph('[owner,certificate]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					row = internalHost.cleanRowCertificateMeta(row);
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -404,8 +402,7 @@ const internalDeadHost = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
+					.allowGraph('[owner,certificate]')
 					.allowEager('[owner,certificate]')
 					.orderBy('domain_names', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -420,10 +417,10 @@ const internalDeadHost = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
--- a/backend/internal/ip_ranges.js
+++ b/backend/internal/ip_ranges.js
@ -2,13 +2,16 @@ const https         = require('https');
 const fs            = require('fs');
 const logger        = require('../logger').ip_ranges;
 const error         = require('../lib/error');
 const utils         = require('../lib/utils');
 const internalNginx = require('./nginx');
 const { Liquid }    = require('liquidjs');
 const CLOUDFRONT_URL   = 'https://ip-ranges.amazonaws.com/ip-ranges.json';
 const CLOUDFARE_V4_URL = 'https://www.cloudflare.com/ips-v4';
 const CLOUDFARE_V6_URL = 'https://www.cloudflare.com/ips-v6';
 const regIpV4 = /^(\d+\.?){4}\/\d+/;
 const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/;
 const internalIpRanges = {
 	interval_timeout:    1000 * 60 * 60 * 6, // 6 hours
@ -74,14 +77,14 @@ const internalIpRanges = {
 					return internalIpRanges.fetchUrl(CLOUDFARE_V4_URL);
 				})
 				.then((cloudfare_data) => {
-					let items = cloudfare_data.split('\n');
+					let items = cloudfare_data.split('\n').filter((line) => regIpV4.test(line));
 					ip_ranges = [... ip_ranges, ... items];
 				})
 				.then(() => {
 					return internalIpRanges.fetchUrl(CLOUDFARE_V6_URL);
 				})
 				.then((cloudfare_data) => {
-					let items = cloudfare_data.split('\n');
+					let items = cloudfare_data.split('\n').filter((line) => regIpV6.test(line));
 					ip_ranges = [... ip_ranges, ... items];
 				})
 				.then(() => {
@ -116,10 +119,7 @@ const internalIpRanges = {
 	 * @returns {Promise}
 	 */
 	generateConfig: (ip_ranges) => {
-		let renderEngine = new Liquid({
+		const renderEngine = utils.getRenderEngine();
 			root: __dirname + '/../templates/'
 		});
 		return new Promise((resolve, reject) => {
 			let template = null;
 			let filename = '/etc/nginx/conf.d/include/ip_ranges.conf';
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -3,7 +3,6 @@ const fs         = require('fs');
 const logger     = require('../logger').nginx;
 const utils      = require('../lib/utils');
 const error      = require('../lib/error');
 const { Liquid } = require('liquidjs');
 const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
 const internalNginx = {
@ -29,7 +28,9 @@ const internalNginx = {
 			.then(() => {
 				// Nginx is OK
 				// We're deleting this config regardless.
-				return internalNginx.deleteConfig(host_type, host); // Don't throw errors, as the file may not exist at all
+				// Don't throw errors, as the file may not exist at all
 				// Delete the .err file too
 				return internalNginx.deleteConfig(host_type, host, false, true);
 			})
 			.then(() => {
 				return internalNginx.generateConfig(host_type, host);
@ -80,6 +81,9 @@ const internalNginx = {
 							.patch({
 								meta: combined_meta
 							})
 							.then(() => {
 								internalNginx.renameConfigAsError(host_type, host);
 							})
 							.then(() => {
 								return internalNginx.deleteConfig(host_type, host, true);
 							});
@ -121,13 +125,10 @@ const internalNginx = {
 	 * @returns {String}
 	 */
 	getConfigName: (host_type, host_id) => {
 		host_type = host_type.replace(new RegExp('-', 'g'), '_');
 		if (host_type === 'default') {
 			return '/data/nginx/default_host/site.conf';
 		}
-
+		return '/data/nginx/' + internalNginx.getFileFriendlyHostType(host_type) + '/' + host_id + '.conf';
 		return '/data/nginx/' + host_type + '/' + host_id + '.conf';
 	},
 	/**
@ -136,8 +137,6 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	renderLocations: (host) => {
 		//logger.info('host = ' + JSON.stringify(host, null, 2));
 		return new Promise((resolve, reject) => {
 			let template;
@ -148,19 +147,17 @@ const internalNginx = {
 				return;
 			}
-			let renderer          = new Liquid({
+			const renderEngine    = utils.getRenderEngine();
 				root: __dirname + '/../templates/'
 			});
 			let renderedLocations = '';
 			const locationRendering = async () => {
 				for (let i = 0; i < host.locations.length; i++) {
-					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, 
+					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
 						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
 						{certificate: host.certificate}, host.locations[i]);
-			
+
 					if (locationCopy.forward_host.indexOf('/') > -1) {
 						const splitted = locationCopy.forward_host.split('/');
@ -168,16 +165,14 @@ const internalNginx = {
 						locationCopy.forward_path = `/${splitted.join('/')}`;
 					}
 					//logger.info('locationCopy = ' + JSON.stringify(locationCopy, null, 2));
 					// eslint-disable-next-line
-					renderedLocations += await renderer.parseAndRender(template, locationCopy);
+					renderedLocations += await renderEngine.parseAndRender(template, locationCopy);
 				}
 			};
 			locationRendering().then(() => resolve(renderedLocations));
-			
+
 		});
 	},
@ -187,24 +182,20 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	generateConfig: (host_type, host) => {
-		host_type = host_type.replace(new RegExp('-', 'g'), '_');
+		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
 		if (debug_mode) {
-			logger.info('Generating ' + host_type + ' Config:', host);
+			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}
-		// logger.info('host = ' + JSON.stringify(host, null, 2));
+		const renderEngine = utils.getRenderEngine();
 		let renderEngine = new Liquid({
 			root: __dirname + '/../templates/'
 		});
 		return new Promise((resolve, reject) => {
 			let template = null;
-			let filename = internalNginx.getConfigName(host_type, host.id);
+			let filename = internalNginx.getConfigName(nice_host_type, host.id);
 			try {
-				template = fs.readFileSync(__dirname + '/../templates/' + host_type + '.conf', {encoding: 'utf8'});
+				template = fs.readFileSync(__dirname + '/../templates/' + nice_host_type + '.conf', {encoding: 'utf8'});
 			} catch (err) {
 				reject(new error.ConfigurationError(err.message));
 				return;
@ -214,7 +205,7 @@ const internalNginx = {
 			let origLocations;
 			// Manipulate the data a bit before sending it to the template
-			if (host_type !== 'default') {
+			if (nice_host_type !== 'default') {
 				host.use_default_location = true;
 				if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
 					host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
@ -281,9 +272,7 @@ const internalNginx = {
 			logger.info('Generating LetsEncrypt Request Config:', certificate);
 		}
-		let renderEngine = new Liquid({
+		const renderEngine = utils.getRenderEngine();
 			root: __dirname + '/../templates/'
 		});
 		return new Promise((resolve, reject) => {
 			let template = null;
@ -319,33 +308,39 @@ const internalNginx = {
 		});
 	},
 	/**
 	 * A simple wrapper around unlinkSync that writes to the logger
 	 *
 	 * @param   {String}  filename
 	 */
 	deleteFile: (filename) => {
 		logger.debug('Deleting file: ' + filename);
 		try {
 			fs.unlinkSync(filename);
 		} catch (err) {
 			logger.debug('Could not delete file:', JSON.stringify(err, null, 2));
 		}
 	},
 	/**
 	 *
 	 * @param   {String} host_type
 	 * @returns String
 	 */
 	getFileFriendlyHostType: (host_type) => {
 		return host_type.replace(new RegExp('-', 'g'), '_');
 	},
 	/**
 	 * This removes the temporary nginx config file generated by `generateLetsEncryptRequestConfig`
 	 *
 	 * @param   {Object}  certificate
 	 * @param   {Boolean} [throw_errors]
 	 * @returns {Promise}
 	 */
-	deleteLetsEncryptRequestConfig: (certificate, throw_errors) => {
+	deleteLetsEncryptRequestConfig: (certificate) => {
-		return new Promise((resolve, reject) => {
+		const config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
-			try {
+		return new Promise((resolve/*, reject*/) => {
-				let config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
+			internalNginx.deleteFile(config_file);
 				if (debug_mode) {
 					logger.warn('Deleting nginx config: ' + config_file);
 				}
 				fs.unlinkSync(config_file);
 			} catch (err) {
 				if (debug_mode) {
 					logger.warn('Could not delete config:', err.message);
 				}
 				if (throw_errors) {
 					reject(err);
 				}
 			}
 			resolve();
 		});
 	},
@ -353,35 +348,42 @@ const internalNginx = {
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Object}  [host]
-	 * @param   {Boolean} [throw_errors]
+	 * @param   {Boolean} [delete_err_file]
 	 * @returns {Promise}
 	 */
-	deleteConfig: (host_type, host, throw_errors) => {
+	deleteConfig: (host_type, host, delete_err_file) => {
-		host_type = host_type.replace(new RegExp('-', 'g'), '_');
+		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
 		const config_file_err = config_file + '.err';
-		return new Promise((resolve, reject) => {
+		return new Promise((resolve/*, reject*/) => {
-			try {
+			internalNginx.deleteFile(config_file);
-				let config_file = internalNginx.getConfigName(host_type, typeof host === 'undefined' ? 0 : host.id);
+			if (delete_err_file) {
-
+				internalNginx.deleteFile(config_file_err);
 				if (debug_mode) {
 					logger.warn('Deleting nginx config: ' + config_file);
 				}
 				fs.unlinkSync(config_file);
 			} catch (err) {
 				if (debug_mode) {
 					logger.warn('Could not delete config:', err.message);
 				}
 				if (throw_errors) {
 					reject(err);
 				}
 			}
 			resolve();
 		});
 	},
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Object}  [host]
 	 * @returns {Promise}
 	 */
 	renameConfigAsError: (host_type, host) => {
 		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
 		const config_file_err = config_file + '.err';
 		return new Promise((resolve/*, reject*/) => {
 			fs.unlink(config_file, () => {
 				// ignore result, continue
 				fs.rename(config_file, config_file_err, () => {
 					// also ignore result, as this is a debugging informative file anyway
 					resolve();
 				});
 			});
 		});
 	},
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Array}   hosts
@ -399,13 +401,12 @@ const internalNginx = {
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Array}   hosts
 	 * @param   {Boolean} [throw_errors]
 	 * @returns {Promise}
 	 */
-	bulkDeleteConfigs: (host_type, hosts, throw_errors) => {
+	bulkDeleteConfigs: (host_type, hosts) => {
 		let promises = [];
 		hosts.map(function (host) {
-			promises.push(internalNginx.deleteConfig(host_type, host, throw_errors));
+			promises.push(internalNginx.deleteConfig(host_type, host, true));
 		});
 		return Promise.all(promises);
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -1,5 +1,6 @@
 const _                   = require('lodash');
 const error               = require('../lib/error');
 const utils               = require('../lib/utils');
 const proxyHostModel      = require('../models/proxy_host');
 const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
@ -49,8 +50,8 @@ const internalProxyHost = {
 				return proxyHostModel
 					.query()
-					.omit(omissions())
+					.insertAndFetch(data)
-					.insertAndFetch(data);
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
@ -170,6 +171,7 @@ const internalProxyHost = {
 					.query()
 					.where({id: data.id})
 					.patch(data)
 					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						// Add to audit log
 						return internalAuditLog.add(access, {
@ -179,7 +181,7 @@ const internalProxyHost = {
 							meta:        data
 						})
 							.then(() => {
-								return _.omit(saved_row, omissions());
+								return saved_row;
 							});
 					});
 			})
@ -223,31 +225,29 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,access_list,access_list.[clients,items],certificate]')
+					.allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					row = internalHost.cleanRowCertificateMeta(row);
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -409,8 +409,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
+					.allowGraph('[owner,access_list,certificate]')
 					.allowEager('[owner,access_list,certificate]')
 					.orderBy('domain_names', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -425,10 +424,10 @@ const internalProxyHost = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
--- a/backend/internal/redirection-host.js
+++ b/backend/internal/redirection-host.js
@ -1,5 +1,6 @@
 const _                    = require('lodash');
 const error                = require('../lib/error');
 const utils                = require('../lib/utils');
 const redirectionHostModel = require('../models/redirection_host');
 const internalHost         = require('./host');
 const internalNginx        = require('./nginx');
@ -49,8 +50,8 @@ const internalRedirectionHost = {
 				return redirectionHostModel
 					.query()
-					.omit(omissions())
+					.insertAndFetch(data)
-					.insertAndFetch(data);
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
@ -65,9 +66,8 @@ const internalRedirectionHost = {
 						.then(() => {
 							return row;
 						});
 				} else {
 					return row;
 				}
 				return row;
 			})
 			.then((row) => {
 				// re-fetch with cert
@ -218,31 +218,29 @@ const internalRedirectionHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,certificate]')
+					.allowGraph('[owner,certificate]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					row = internalHost.cleanRowCertificateMeta(row);
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -404,8 +402,7 @@ const internalRedirectionHost = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
+					.allowGraph('[owner,certificate]')
 					.allowEager('[owner,certificate]')
 					.orderBy('domain_names', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -420,10 +417,10 @@ const internalRedirectionHost = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
--- a/backend/internal/stream.js
+++ b/backend/internal/stream.js
@ -1,5 +1,6 @@
 const _                = require('lodash');
 const error            = require('../lib/error');
 const utils            = require('../lib/utils');
 const streamModel      = require('../models/stream');
 const internalNginx    = require('./nginx');
 const internalAuditLog = require('./audit-log');
@ -27,8 +28,8 @@ const internalStream = {
 				return streamModel
 					.query()
-					.omit(omissions())
+					.insertAndFetch(data)
-					.insertAndFetch(data);
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				// Configure nginx
@ -71,8 +72,8 @@ const internalStream = {
 				return streamModel
 					.query()
 					.omit(omissions())
 					.patchAndFetchById(row.id, data)
 					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						return internalNginx.configure(streamModel, 'stream', saved_row)
 							.then(() => {
@ -88,7 +89,7 @@ const internalStream = {
 							meta:        data
 						})
 							.then(() => {
-								return _.omit(saved_row, omissions());
+								return saved_row;
 							});
 					});
 			});
@ -113,30 +114,28 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner]')
+					.allowGraph('[owner]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -298,8 +297,7 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
+					.allowGraph('[owner]')
 					.allowEager('[owner]')
 					.orderBy('incoming_port', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -314,10 +312,10 @@ const internalStream = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			});
 	},
--- a/backend/internal/token.js
+++ b/backend/internal/token.js
@ -24,7 +24,7 @@ module.exports = {
 		return userModel
 			.query()
-			.where('email', data.identity)
+			.where('email', data.identity.toLowerCase().trim())
 			.andWhere('is_deleted', 0)
 			.andWhere('is_disabled', 0)
 			.first()
--- a/backend/internal/user.js
+++ b/backend/internal/user.js
@ -1,5 +1,6 @@
 const _                   = require('lodash');
 const error               = require('../lib/error');
 const utils               = require('../lib/utils');
 const userModel           = require('../models/user');
 const userPermissionModel = require('../models/user_permission');
 const authModel           = require('../models/auth');
@ -35,8 +36,8 @@ const internalUser = {
 				return userModel
 					.query()
-					.omit(omissions())
+					.insertAndFetch(data)
-					.insertAndFetch(data);
+					.then(utils.omitRow(omissions()));
 			})
 			.then((user) => {
 				if (auth) {
@ -140,11 +141,8 @@ const internalUser = {
 				return userModel
 					.query()
 					.omit(omissions())
 					.patchAndFetchById(user.id, data)
-					.then((saved_user) => {
+					.then(utils.omitRow(omissions()));
 						return _.omit(saved_user, omissions());
 					});
 			})
 			.then(() => {
 				return internalUser.get(access, {id: data.id});
@ -186,26 +184,24 @@ const internalUser = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[permissions]')
+					.allowGraph('[permissions]')
 					.first();
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					query.omit(data.omit);
 				}
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
+				if (!row) {
 					return _.omit(row, omissions());
 				} else {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
 				return row;
 			});
 	},
@ -322,8 +318,7 @@ const internalUser = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
+					.allowGraph('[permissions]')
 					.allowEager('[permissions]')
 					.orderBy('name', 'ASC');
 				// Query is used for searching
@ -335,10 +330,10 @@ const internalUser = {
 				}
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
-				return query;
+				return query.then(utils.omitRows(omissions()));
 			});
 	},
--- a/backend/lib/access.js
+++ b/backend/lib/access.js
@ -55,8 +55,8 @@ module.exports = function (token_string) {
 								.where('id', token_data.attrs.id)
 								.andWhere('is_deleted', 0)
 								.andWhere('is_disabled', 0)
-								.allowEager('[permissions]')
+								.allowGraph('[permissions]')
-								.eager('[permissions]')
+								.withGraphFetched('[permissions]')
 								.first()
 								.then((user) => {
 									if (user) {
--- a/backend/lib/utils.js
+++ b/backend/lib/utils.js
@ -1,4 +1,8 @@
-const exec = require('child_process').exec;
+const _          = require('lodash');
 const exec       = require('child_process').exec;
 const execFile   = require('child_process').execFile;
 const { Liquid } = require('liquidjs');
 const logger     = require('../logger').global;
 module.exports = {
@ -16,5 +20,82 @@ module.exports = {
 				}
 			});
 		});
 	},
 	/**
 	 * @param   {String} cmd
 	 * @param   {Array}  args
 	 * @returns {Promise}
 	 */
 	execFile: function (cmd, args) {
 		logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
 		return new Promise((resolve, reject) => {
 			execFile(cmd, args, function (err, stdout, /*stderr*/) {
 				if (err && typeof err === 'object') {
 					reject(err);
 				} else {
 					resolve(stdout.trim());
 				}
 			});
 		});
 	},
 	/**
 	 * Used in objection query builder
 	 *
 	 * @param   {Array}  omissions
 	 * @returns {Function}
 	 */
 	omitRow: function (omissions) {
 		/**
 		 * @param   {Object} row
 		 * @returns {Object}
 		 */
 		return (row) => {
 			return _.omit(row, omissions);
 		};
 	},
 	/**
 	 * Used in objection query builder
 	 *
 	 * @param   {Array}  omissions
 	 * @returns {Function}
 	 */
 	omitRows: function (omissions) {
 		/**
 		 * @param   {Array} rows
 		 * @returns {Object}
 		 */
 		return (rows) => {
 			rows.forEach((row, idx) => {
 				rows[idx] = _.omit(row, omissions);
 			});
 			return rows;
 		};
 	},
 	/**
 	 * @returns {Object} Liquid render engine
 	 */
 	getRenderEngine: function () {
 		const renderEngine = new Liquid({
 			root: __dirname + '/../templates/'
 		});
 		/**
 		 * nginxAccessRule expects the object given to have 2 properties:
 		 *
 		 * directive  string
 		 * address    string
 		 */
 		renderEngine.registerFilter('nginxAccessRule', (v) => {
 			if (typeof v.directive !== 'undefined' && typeof v.address !== 'undefined' && v.directive && v.address) {
 				return `${v.directive} ${v.address};`;
 			}
 			return '';
 		});
 		return renderEngine;
 	}
 };
--- a/backend/migrations/20200522113248_openid_connect.js
+++ b/backend/migrations/20200522113248_openid_connect.js
@ -1,48 +0,0 @@
 const migrate_name = 'openid_connect';
 const logger       = require('../logger').migrate;
 /**
 * Migrate
 *
 * @see http://knexjs.org/#Schema
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('openidc_enabled').notNull().unsigned().defaultTo(0);
 		proxy_host.text('openidc_redirect_uri').notNull().defaultTo('');
 		proxy_host.text('openidc_discovery').notNull().defaultTo('');
 		proxy_host.text('openidc_auth_method').notNull().defaultTo('');
 		proxy_host.text('openidc_client_id').notNull().defaultTo('');
 		proxy_host.text('openidc_client_secret').notNull().defaultTo('');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
 /**
 * Undo Migrate
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.down = function (knex/*, Promise*/) {
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.dropColumn('openidc_enabled');
 		proxy_host.dropColumn('openidc_redirect_uri');
 		proxy_host.dropColumn('openidc_discovery');
 		proxy_host.dropColumn('openidc_auth_method');
 		proxy_host.dropColumn('openidc_client_id');
 		proxy_host.dropColumn('openidc_client_secret');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
--- a/backend/migrations/20200522144240_openid_allowed_users.js
+++ b/backend/migrations/20200522144240_openid_allowed_users.js
@ -1,40 +0,0 @@
 const migrate_name = 'openid_allowed_users';
 const logger       = require('../logger').migrate;
 /**
 * Migrate
 *
 * @see http://knexjs.org/#Schema
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('openidc_restrict_users_enabled').notNull().unsigned().defaultTo(0);
 		proxy_host.json('openidc_allowed_users').notNull().defaultTo([]);
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
 /**
 * Undo Migrate
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.down = function (knex/*, Promise*/) {
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.dropColumn('openidc_restrict_users_enabled');
 		proxy_host.dropColumn('openidc_allowed_users');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
--- a/backend/migrations/20211108145214_regenerate_default_host.js
+++ b/backend/migrations/20211108145214_regenerate_default_host.js
@ -0,0 +1,50 @@
 const migrate_name  = 'stream_domain';
 const logger        = require('../logger').migrate;
 const internalNginx = require('../internal/nginx');
 async function regenerateDefaultHost(knex) {
 	const row = await knex('setting').select('*').where('id', 'default-site').first();
 	if (!row) {
 		return Promise.resolve();
 	}
 	return internalNginx.deleteConfig('default')
 		.then(() => {
 			return internalNginx.generateConfig('default', row);
 		})
 		.then(() => {
 			return internalNginx.test();
 		})
 		.then(() => {
 			return internalNginx.reload();
 		});
 }
 /**
 	* Migrate
 	*
 	* @see http://knexjs.org/#Schema
 	*
 	* @param   {Object} knex
 	* @param   {Promise} Promise
 	* @returns {Promise}
 	*/
 exports.up = function (knex) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return regenerateDefaultHost(knex);
 };
 /**
 	* Undo Migrate
 	*
 	* @param   {Object} knex
 	* @param   {Promise} Promise
 	* @returns {Promise}
 	*/
 exports.down = function (knex) {
 	logger.info('[' + migrate_name + '] Migrating Down...');
 	return regenerateDefaultHost(knex);
 };
--- a/backend/models/access_list.js
+++ b/backend/models/access_list.js
@ -50,7 +50,6 @@ class AccessList extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			items: {
@ -59,9 +58,6 @@ class AccessList extends Model {
 				join:       {
 					from: 'access_list.id',
 					to:   'access_list_auth.access_list_id'
 				},
 				modify: function (qb) {
 					qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
 				}
 			},
 			clients: {
@ -70,9 +66,6 @@ class AccessList extends Model {
 				join:       {
 					from: 'access_list.id',
 					to:   'access_list_client.access_list_id'
 				},
 				modify: function (qb) {
 					qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
 				}
 			},
 			proxy_hosts: {
@ -84,19 +77,10 @@ class AccessList extends Model {
 				},
 				modify: function (qb) {
 					qb.where('proxy_host.is_deleted', 0);
 					qb.omit(['is_deleted', 'meta']);
 				}
 			}
 		};
 	}
 	get satisfy() {
 		return this.satisfy_any ? 'satisfy any' : 'satisfy all';
 	}
 	get passauth() {
 		return this.pass_auth ? '' : 'proxy_set_header Authorization "";';
 	}
 }
 module.exports = AccessList;
--- a/backend/models/access_list_auth.js
+++ b/backend/models/access_list_auth.js
@ -45,7 +45,6 @@ class AccessListAuth extends Model {
 				},
 				modify: function (qb) {
 					qb.where('access_list.is_deleted', 0);
 					qb.omit(['created_on', 'modified_on', 'is_deleted', 'access_list_id']);
 				}
 			}
 		};
--- a/backend/models/access_list_client.js
+++ b/backend/models/access_list_client.js
@ -45,15 +45,10 @@ class AccessListClient extends Model {
 				},
 				modify: function (qb) {
 					qb.where('access_list.is_deleted', 0);
 					qb.omit(['created_on', 'modified_on', 'is_deleted', 'access_list_id']);
 				}
 			}
 		};
 	}
 	get rule() {
 		return `${this.directive} ${this.address}`;
 	}
 }
 module.exports = AccessListClient;
--- a/backend/models/audit-log.js
+++ b/backend/models/audit-log.js
@ -43,9 +43,6 @@ class AuditLog extends Model {
 				join:       {
 					from: 'audit_log.user_id',
 					to:   'user.id'
 				},
 				modify: function (qb) {
 					qb.omit(['id', 'created_on', 'modified_on', 'roles']);
 				}
 			}
 		};
--- a/backend/models/auth.js
+++ b/backend/models/auth.js
@ -74,9 +74,6 @@ class Auth extends Model {
 				},
 				filter: {
 					is_deleted: 0
 				},
 				modify: function (qb) {
 					qb.omit(['is_deleted']);
 				}
 			}
 		};
--- a/backend/models/certificate.js
+++ b/backend/models/certificate.js
@ -63,7 +63,6 @@ class Certificate extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			}
 		};
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@ -59,7 +59,6 @@ class DeadHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			certificate: {
@ -71,7 +70,6 @@ class DeadHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			}
 		};
--- a/backend/models/now_helper.js
+++ b/backend/models/now_helper.js
@ -6,8 +6,8 @@ Model.knex(db);
 module.exports = function () {
 	if (config.database.knex && config.database.knex.client === 'sqlite3') {
-		return Model.raw('datetime(\'now\',\'localtime\')');
+		// eslint-disable-next-line
-	} else {
+		return Model.raw("datetime('now','localtime')");
 		return Model.raw('NOW()');
 	}
 	return Model.raw('NOW()');
 };
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@ -20,23 +20,12 @@ class ProxyHost extends Model {
 			this.domain_names = [];
 		}
 		// Default for openidc_allowed_users
 		if (typeof this.openidc_allowed_users === 'undefined') {
 			this.openidc_allowed_users = [];
 		}
 		// Default for meta
 		if (typeof this.meta === 'undefined') {
 			this.meta = {};
 		}
 		// Openidc defaults
 		if (typeof this.openidc_auth_method === 'undefined') {
 			this.openidc_auth_method = 'client_secret_post';
 		}
 		this.domain_names.sort();
 		this.openidc_allowed_users.sort();
 	}
 	$beforeUpdate () {
@ -46,11 +35,6 @@ class ProxyHost extends Model {
 		if (typeof this.domain_names !== 'undefined') {
 			this.domain_names.sort();
 		}
 		// Sort openidc_allowed_users
 		if (typeof this.openidc_allowed_users !== 'undefined') {
 			this.openidc_allowed_users.sort();
 		}
 	}
 	static get name () {
@ -62,7 +46,7 @@ class ProxyHost extends Model {
 	}
 	static get jsonAttributes () {
-		return ['domain_names', 'meta', 'locations', 'openidc_allowed_users'];
+		return ['domain_names', 'meta', 'locations'];
 	}
 	static get relationMappings () {
@ -76,7 +60,6 @@ class ProxyHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			access_list: {
@ -88,7 +71,6 @@ class ProxyHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('access_list.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			},
 			certificate: {
@ -100,7 +82,6 @@ class ProxyHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			}
 		};
--- a/backend/models/redirection_host.js
+++ b/backend/models/redirection_host.js
@ -1,3 +1,4 @@
 // Objection Docs:
 // http://vincit.github.io/objection.js/
@ -59,7 +60,6 @@ class RedirectionHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			certificate: {
@ -71,7 +71,6 @@ class RedirectionHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			}
 		};
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@ -46,7 +46,6 @@ class Stream extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			}
 		};
--- a/backend/models/token.js
+++ b/backend/models/token.js
@ -83,8 +83,6 @@ module.exports = function () {
 								// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
 								// For 30 days at least, we need to replace 'all' with user.
 								if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
 									//console.log('Warning! Replacing "all" scope with "user"');
 									token_data.scope = ['user'];
 								}
--- a/backend/models/user.js
+++ b/backend/models/user.js
@ -43,9 +43,6 @@ class User extends Model {
 				join:       {
 					from: 'user.id',
 					to:   'user_permission.user_id'
 				},
 				modify: function (qb) {
 					qb.omit(['id', 'created_on', 'modified_on', 'user_id']);
 				}
 			}
 		};
--- a/backend/package.json
+++ b/backend/package.json
@ -11,28 +11,23 @@
 		"body-parser": "^1.19.0",
 		"compression": "^1.7.4",
 		"config": "^3.3.1",
-		"diskdb": "^0.1.17",
+		"express": "^4.17.3",
 		"express": "^4.17.1",
 		"express-fileupload": "^1.1.9",
 		"gravatar": "^1.8.0",
 		"html-entities": "^1.2.1",
 		"json-schema-ref-parser": "^8.0.0",
-		"jsonwebtoken": "^8.5.1",
+		"jsonwebtoken": "^9.0.0",
-		"knex": "^0.20.13",
+		"knex": "2.4.2",
-		"liquidjs": "^9.11.10",
+		"liquidjs": "10.6.1",
 		"lodash": "^4.17.21",
-		"moment": "^2.24.0",
+		"moment": "^2.29.4",
 		"mysql": "^2.18.1",
 		"node-rsa": "^1.0.8",
 		"nodemon": "^2.0.2",
-		"objection": "^2.1.3",
+		"objection": "3.0.1",
 		"path": "^0.12.7",
-		"pg": "^7.12.1",
+		"signale": "1.4.0",
-		"restler": "^3.4.0",
+		"sqlite3": "5.1.6",
-		"signale": "^1.4.0",
+		"temp-write": "^4.0.0"
 		"sqlite3": "^4.1.1",
 		"temp-write": "^4.0.0",
 		"unix-timestamp": "^0.2.0"
 	},
 	"signale": {
 		"displayDate": true,
--- a/backend/routes/api/nginx/certificates.js
+++ b/backend/routes/api/nginx/certificates.js
@ -68,6 +68,32 @@ router
 			.catch(next);
 	});
 /**
 * Test HTTP challenge for domains
 *
 * /api/nginx/certificates/test-http
 */
 router
 	.route('/test-http')
 	.options((req, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
 /**
 * GET /api/nginx/certificates/test-http
 *
 * Test HTTP challenge for domains
 */
 	.get((req, res, next) => {
 		internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
 			.then((result) => {
 				res.status(200)
 					.send(result);
 			})
 			.catch(next);
 	});
 /**
 * Specific certificate
 *
@ -209,7 +235,6 @@ router
 			.catch(next);
 	});
 /**
 * Download LE Certs
 *
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@ -153,7 +153,7 @@
      "example": "john@example.com",
      "format": "email",
      "type": "string",
-      "minLength": 8,
+      "minLength": 6,
      "maxLength": 100
    },
    "password": {
@ -235,43 +235,6 @@
      "description": "Should we cache assets",
      "example": true,
      "type": "boolean"
    },
    "openidc_enabled": {
      "description": "Is OpenID Connect authentication enabled",
      "example": true,
      "type": "boolean"
    },
    "openidc_redirect_uri": {
      "type": "string"
    },
    "openidc_discovery": {
      "type": "string"
    },
    "openidc_auth_method": {
      "type": "string",
      "pattern": "^(client_secret_basic|client_secret_post)$"
    },
    "openidc_client_id": {
      "type": "string"
    },
    "openidc_client_secret": {
      "type": "string"
    },
    "openidc_restrict_users_enabled": {
      "description": "Only allow a specific set of OpenID Connect emails to access the resource",
      "example": true,
      "type": "boolean"
    },
    "openidc_allowed_users": {
      "type": "array",
      "minItems": 0,
      "items": {
        "type": "string",
        "description": "Email Address",
        "example": "john@example.com",
        "format": "email",
        "minLength": 1
      }
    }
  }
 }
--- a/backend/schema/endpoints/certificates.json
+++ b/backend/schema/endpoints/certificates.json
@ -157,6 +157,17 @@
      "targetSchema": {
        "type": "boolean"
      }
    },
    {
      "title": "Test HTTP Challenge",
      "description": "Tests whether the HTTP challenge should work",
      "href": "/nginx/certificates/{definitions.identity.example}/test-http",
      "access": "private",
      "method": "GET",
      "rel": "info",
      "http_header": {
        "$ref": "../examples.json#/definitions/auth_header"
      }
    }
  ]
 }
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@ -64,30 +64,6 @@
    "advanced_config": {
      "type": "string"
    },
    "openidc_enabled": {
      "$ref": "../definitions.json#/definitions/openidc_enabled"
    },
    "openidc_redirect_uri": {
      "$ref": "../definitions.json#/definitions/openidc_redirect_uri"
    },
    "openidc_discovery": {
      "$ref": "../definitions.json#/definitions/openidc_discovery"
    },
    "openidc_auth_method": {
      "$ref": "../definitions.json#/definitions/openidc_auth_method"
    },
    "openidc_client_id": {
      "$ref": "../definitions.json#/definitions/openidc_client_id"
    },
    "openidc_client_secret": {
      "$ref": "../definitions.json#/definitions/openidc_client_secret"
    },
    "openidc_restrict_users_enabled": {
      "$ref": "../definitions.json#/definitions/openidc_restrict_users_enabled"
    },
    "openidc_allowed_users": {
      "$ref": "../definitions.json#/definitions/openidc_allowed_users"
    },
    "enabled": {
      "$ref": "../definitions.json#/definitions/enabled"
    },
@ -185,30 +161,6 @@
    "advanced_config": {
      "$ref": "#/definitions/advanced_config"
    },
    "openidc_enabled": {
      "$ref": "#/definitions/openidc_enabled"
    },
    "openidc_redirect_uri": {
      "$ref": "#/definitions/openidc_redirect_uri"
    },
    "openidc_discovery": {
      "$ref": "#/definitions/openidc_discovery"
    },
    "openidc_auth_method": {
      "$ref": "#/definitions/openidc_auth_method"
    },
    "openidc_client_id": {
      "$ref": "#/definitions/openidc_client_id"
    },
    "openidc_client_secret": {
      "$ref": "#/definitions/openidc_client_secret"
    },
    "openidc_restrict_users_enabled": {
      "$ref": "#/definitions/openidc_restrict_users_enabled"
    },
    "openidc_allowed_users": {
      "$ref": "#/definitions/openidc_allowed_users"
    },
    "enabled": {
      "$ref": "#/definitions/enabled"
    },
@ -299,30 +251,6 @@
          "advanced_config": {
            "$ref": "#/definitions/advanced_config"
          },
          "openidc_enabled": {
            "$ref": "#/definitions/openidc_enabled"
          },
          "openidc_redirect_uri": {
            "$ref": "#/definitions/openidc_redirect_uri"
          },
          "openidc_discovery": {
            "$ref": "#/definitions/openidc_discovery"
          },
          "openidc_auth_method": {
            "$ref": "#/definitions/openidc_auth_method"
          },
          "openidc_client_id": {
            "$ref": "#/definitions/openidc_client_id"
          },
          "openidc_client_secret": {
            "$ref": "#/definitions/openidc_client_secret"
          },
          "openidc_restrict_users_enabled": {
            "$ref": "#/definitions/openidc_restrict_users_enabled"
          },
          "openidc_allowed_users": {
            "$ref": "#/definitions/openidc_allowed_users"
          },
          "enabled": {
            "$ref": "#/definitions/enabled"
          },
@ -396,30 +324,6 @@
          "advanced_config": {
            "$ref": "#/definitions/advanced_config"
          },
          "openidc_enabled": {
            "$ref": "#/definitions/openidc_enabled"
          },
          "openidc_redirect_uri": {
            "$ref": "#/definitions/openidc_redirect_uri"
          },
          "openidc_discovery": {
            "$ref": "#/definitions/openidc_discovery"
          },
          "openidc_auth_method": {
            "$ref": "#/definitions/openidc_auth_method"
          },
          "openidc_client_id": {
            "$ref": "#/definitions/openidc_client_id"
          },
          "openidc_client_secret": {
            "$ref": "#/definitions/openidc_client_secret"
          },
          "openidc_restrict_users_enabled": {
            "$ref": "#/definitions/openidc_restrict_users_enabled"
          },
          "openidc_allowed_users": {
            "$ref": "#/definitions/openidc_allowed_users"
          },
          "enabled": {
            "$ref": "#/definitions/enabled"
          },
--- a/backend/setup.js
+++ b/backend/setup.js
@ -174,27 +174,29 @@ const setupCertbotPlugins = () => {
 				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
-						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
+						const dns_plugin = dns_plugins[certificate.meta.dns_provider];
 						const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`;
 						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;
 						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);
 						// Make sure credentials file exists
-						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; 
+						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
-						const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
+						// Escape single quotes and backslashes
 						const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
 						const credentials_cmd    = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
 						promises.push(utils.exec(credentials_cmd));
 					}
 				});
 				if (plugins.length) {
-					const install_cmd = 'pip install ' + plugins.join(' ');
+					const install_cmd = '. /opt/certbot/bin/activate && pip install ' + plugins.join(' ') + ' && deactivate';
 					promises.push(utils.exec(install_cmd));
 				}
 				if (promises.length) {
 					return Promise.all(promises)
-						.then(() => { 
+						.then(() => {
-							logger.info('Added Certbot plugins ' + plugins.join(', ')); 
+							logger.info('Added Certbot plugins ' + plugins.join(', '));
 						});
 				}
 			}
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@ -0,0 +1,25 @@
 {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};
    {% if access_list.pass_auth == 0 %}
    proxy_set_header Authorization "";
    {% endif %}
    {% endif %}
    # Access Rules: {{ access_list.clients | size }} total
    {% for client in access_list.clients %}
    {{client | nginxAccessRule}}
    {% endfor %}
    deny all;
    # Access checks must...
    {% if access_list.satisfy_any == 1 %}
    satisfy any;
    {% else %}
    satisfy all;
    {% endif %}
 {% endif %}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -1,36 +1,14 @@
  location {{ path }} {
    set              $upstream {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       $upstream;
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
    {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};
    {{ access_list.passauth }}
    {% endif %}
    # Access Rules
    {% for client in access_list.clients %}
    {{- client.rule -}};
    {% endfor %}deny all;
    # Access checks must...
    {% if access_list.satisfy %}
    {{ access_list.satisfy }};
    {% endif %}
    {% endif %}
    {% include "_access.conf" %}
    {% include "_assets.conf" %}
    {% include "_exploits.conf" %}
    {% include "_forced_ssl.conf" %}
    {% include "_hsts.conf" %}
--- a/backend/templates/_openid_connect.conf
+++ b/backend/templates/_openid_connect.conf
@ -1,47 +0,0 @@
 {% if openidc_enabled == 1 or openidc_enabled == true -%}
    access_by_lua_block {
 	    local openidc = require("resty.openidc")
        local opts = {
            redirect_uri = "{{- openidc_redirect_uri -}}",
            discovery = "{{- openidc_discovery -}}",
            token_endpoint_auth_method = "{{- openidc_auth_method -}}",
            client_id = "{{- openidc_client_id -}}",
            client_secret = "{{- openidc_client_secret -}}",
            scope = "openid email profile"
        }
        local res, err = openidc.authenticate(opts)
        if err then
            ngx.status = 500
            ngx.say(err)
            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end
        {% if openidc_restrict_users_enabled == 1 or openidc_restrict_users_enabled == true -%}
        local function contains(table, val)
            for i=1,#table do
                if table[i] == val then 
                    return true
                end
            end
            return false
        end
        local allowed_users = {
            {% for user in openidc_allowed_users %}
                "{{ user }}",
            {% endfor %}
        }
        if not contains(allowed_users, res.id_token.email) then
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end
        {% endif -%}
        ngx.req.set_header("X-OIDC-SUB", res.id_token.sub)
        ngx.req.set_header("X-OIDC-EMAIL", res.id_token.email)
        ngx.req.set_header("X-OIDC-NAME", res.id_token.name)
    }
 {% endif %}
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@ -7,9 +7,9 @@
 server {
  listen 80 default;
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80 default;
 {% else -%}
-  #listen [::]:80;
+  #listen [::]:80 default;
 {% endif %}
  server_name default-host.localhost;
  access_log /data/logs/default-host_access.log combined;
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@ -30,29 +30,8 @@ proxy_http_version 1.1;
  location / {
-    {% if access_list_id > 0 %}
+{% include "_access.conf" %}
-    {% if access_list.items.length > 0 %}
+{% include "_hsts.conf" %}
    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};
    {{ access_list.passauth }}
    {% endif %}
    # Access Rules
    {% for client in access_list.clients %}
    {{- client.rule -}};
    {% endfor %}deny all;
    # Access checks must...
    {% if access_list.satisfy %}
    {{ access_list.satisfy }};
    {% endif %}
    {% endif %}
    {% include "_openid_connect.conf" %}
    {% include "_hsts.conf" %}
    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
    proxy_set_header Upgrade $http_upgrade;
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -3,7 +3,7 @@
 # This file assumes that the frontend has been built using ./scripts/frontend-build
-FROM nginxproxymanager/nginx-full:node
+FROM jc21/nginx-full:certbot-node
 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@ -25,7 +25,7 @@ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& rm -rf /var/lib/apt/lists/*
 # s6 overlay
-COPY scripts/install-s6 /tmp/install-s6
+COPY docker/scripts/install-s6 /tmp/install-s6
 RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
 EXPOSE 80 81 443
@ -46,6 +46,11 @@ RUN rm -rf /etc/services.d/frontend /etc/nginx/conf.d/dev.conf
 # Change permission of logrotate config file
 RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
 # fix for pip installs
 # https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1769
 RUN pip uninstall --yes setuptools \
 	&& pip install "setuptools==58.0.0"
 VOLUME [ "/data", "/etc/letsencrypt" ]
 ENTRYPOINT [ "/init" ]
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -1,4 +1,4 @@
-FROM nginxproxymanager/nginx-full:node
+FROM jc21/nginx-full:certbot-node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"
 ENV S6_LOGGING=0 \
@ -7,7 +7,7 @@ ENV S6_LOGGING=0 \
 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \
-	&& apt-get install -y certbot jq python3-pip logrotate \
+	&& apt-get install -y jq python3-pip logrotate \
 	&& apt-get clean \
 	&& rm -rf /var/lib/apt/lists/*
@ -21,9 +21,8 @@ RUN rm -f /etc/nginx/conf.d/production.conf
 RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
 # s6 overlay
-RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
+COPY scripts/install-s6 /tmp/install-s6
-	&& tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /
+RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
 EXPOSE 80 81 443
 ENTRYPOINT [ "/init" ]
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -37,6 +37,8 @@ services:
  db:
    image: jc21/mariadb-aria
    container_name: npm_db
    ports:
      - 33306:3306
    networks:
      - nginx_proxy_manager
    environment:
@ -47,19 +49,6 @@ services:
    volumes:
      - db_data:/var/lib/mysql
  swagger:
    image: "swaggerapi/swagger-ui:latest"
    container_name: npm_swagger
    ports:
      - 3001:80
    networks:
      - nginx_proxy_manager
    environment:
      URL: "http://127.0.0.1:3081/api/schema"
      PORT: "80"
    depends_on:
      - npm
 volumes:
  npm_data:
    name: npm_core_data
--- a/docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
+++ b/docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
@ -2,7 +2,7 @@
 # ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
 # in s6, environmental variables are written as text files for s6 to monitor
-# seach through full-path filenames for files ending in "__FILE"
+# search through full-path filenames for files ending in "__FILE"
 for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
    echo "[secret-init] Evaluating ${FILENAME##*/} ..."
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@ -3,3 +3,4 @@ non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
 key-type = ecdsa
 elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
--- a/docker/rootfs/etc/nginx/conf.d/default.conf
+++ b/docker/rootfs/etc/nginx/conf.d/default.conf
@ -30,11 +30,9 @@ server {
 	set $port "443";
 	server_name localhost;
-	access_log /data/logs/fallback-access.log standard;
+	access_log /data/logs/fallback_access.log standard;
 	error_log /dev/null crit;
-	ssl_certificate /data/nginx/dummycert.pem;
+	ssl_reject_handshake on;
 	ssl_certificate_key /data/nginx/dummykey.pem;
 	include conf.d/include/ssl-ciphers.conf;
 	return 444;
 }
--- a/docker/rootfs/etc/nginx/conf.d/include/assets.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/assets.conf
@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;
 	# use the public cache
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@ -2,7 +2,7 @@ add_header       X-Served-By $host;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-Scheme $scheme;
 proxy_set_header X-Forwarded-Proto  $scheme;
-proxy_set_header X-Forwarded-For    $remote_addr;
+proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
-proxy_pass       $forward_scheme://$server:$port;
+proxy_pass       $forward_scheme://$server:$port$request_uri;
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -15,7 +15,7 @@ error_log /data/logs/fallback_error.log warn;
 include /etc/nginx/modules/*.conf;
 events {
-	worker_connections  1024;
+	include /data/nginx/custom/events[.]conf;
 }
 http {
@ -43,16 +43,6 @@ http {
 	proxy_cache_path              /var/lib/nginx/cache/public  levels=1:2 keys_zone=public-cache:30m max_size=192m;
 	proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;
 	lua_package_path '~/lua/?.lua;;';
 	lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 	lua_ssl_verify_depth 5;
 	# cache for discovery metadata documents
 	lua_shared_dict discovery 1m;
 	# cache for JWKs
 	lua_shared_dict jwks 1m;
 	log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
 	log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
@ -1,9 +1,9 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
-mkdir -p /data/letsencrypt-acme-challenge
+set -e
 cd /app || echo
 echo "❯ Starting backend ..."
 if [ "$DEVELOPMENT" == "true" ]; then
 	cd /app || exit 1
 	# If yarn install fails: add --verbose --network-concurrency 1
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type
@ -0,0 +1 @@
 longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
@ -1,4 +1,7 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 # shellcheck shell=bash
 set -e
 # This service is DEVELOPMENT only.
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type
@ -0,0 +1 @@
 longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
@ -0,0 +1,7 @@
 #!/command/with-contenv bash
 # shellcheck shell=bash
 set -e
 echo "❯ Starting nginx ..."
 exec nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type
@ -0,0 +1 @@
 longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh
@ -0,0 +1,63 @@
 #!/command/with-contenv bash
 # shellcheck shell=bash
 set -e
 DATA_PATH=/data
 # Ensure /data is mounted
 if [ ! -d "$DATA_PATH" ]; then
 	echo '--------------------------------------'
 	echo "ERROR: $DATA_PATH is not mounted! Check your docker configuration."
 	echo '--------------------------------------'
 	/run/s6/basedir/bin/halt
 	exit 1
 fi
 echo "❯ Checking folder structure ..."
 # Create required folders
 mkdir -p /tmp/nginx/body \
 	/run/nginx \
 	/var/log/nginx \
 	/data/nginx \
 	/data/custom_ssl \
 	/data/logs \
 	/data/access \
 	/data/nginx/default_host \
 	/data/nginx/default_www \
 	/data/nginx/proxy_host \
 	/data/nginx/redirection_host \
 	/data/nginx/stream \
 	/data/nginx/dead_host \
 	/data/nginx/temp \
 	/var/lib/nginx/cache/public \
 	/var/lib/nginx/cache/private \
 	/var/cache/nginx/proxy_temp \
 	/data/letsencrypt-acme-challenge
 touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
 chown root /tmp/nginx
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
 if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ];
 then
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
 else
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
 fi
 # Handle IPV6 settings
 /bin/handle-ipv6-setting /etc/nginx/conf.d
 /bin/handle-ipv6-setting /data/nginx
 echo
 echo "-------------------------------------
 _   _ ____  __  __
 | \ | |  _ \|  \/  |
 |  \| | |_) | |\/| |
 | |\  |  __/| |  | |
 |_| \_|_|   |_|  |_|
 -------------------------------------
 "
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type
@ -0,0 +1 @@
 oneshot
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up
@ -0,0 +1,2 @@
 # shellcheck shell=bash
 /etc/s6-overlay/s6-rc.d/prepare/script.sh
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare
--- a/docker/rootfs/etc/services.d/frontend/finish
+++ b/docker/rootfs/etc/services.d/frontend/finish
@ -1,6 +0,0 @@
 #!/usr/bin/execlineb -S1
 if { s6-test ${1} -ne 0 }
 if { s6-test ${1} -ne 256 }
 s6-svscanctl -t /var/run/s6/services
--- a/docker/rootfs/etc/services.d/manager/finish
+++ b/docker/rootfs/etc/services.d/manager/finish
@ -1,3 +0,0 @@
 #!/usr/bin/with-contenv bash
 s6-svscanctl -t /var/run/s6/services
--- a/docker/rootfs/etc/services.d/nginx/finish
+++ b/docker/rootfs/etc/services.d/nginx/finish
@ -1 +0,0 @@
 /bin/true
--- a/docker/rootfs/etc/services.d/nginx/run
+++ b/docker/rootfs/etc/services.d/nginx/run
@ -1,49 +0,0 @@
 #!/usr/bin/with-contenv bash
 # Create required folders
 mkdir -p /tmp/nginx/body \
 	/run/nginx \
 	/var/log/nginx \
 	/data/nginx \
 	/data/custom_ssl \
 	/data/logs \
 	/data/access \
 	/data/nginx/default_host \
 	/data/nginx/default_www \
 	/data/nginx/proxy_host \
 	/data/nginx/redirection_host \
 	/data/nginx/stream \
 	/data/nginx/dead_host \
 	/data/nginx/temp \
 	/var/lib/nginx/cache/public \
 	/var/lib/nginx/cache/private \
 	/var/cache/nginx/proxy_temp
 touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
 chown root /tmp/nginx
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
 echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf);" > /etc/nginx/conf.d/include/resolvers.conf
 # Generate dummy self-signed certificate.
 if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]
 then
 	echo "Generating dummy SSL certificate..."
 	openssl req \
 		-new \
 		-newkey rsa:2048 \
 		-days 3650 \
 		-nodes \
 		-x509 \
 		-subj '/O=localhost/OU=localhost/CN=localhost' \
 		-keyout /data/nginx/dummykey.pem \
 		-out /data/nginx/dummycert.pem
 	echo "Complete"
 fi
 # Handle IPV6 settings
 /bin/handle-ipv6-setting /etc/nginx/conf.d
 /bin/handle-ipv6-setting /data/nginx
 exec nginx
--- a/docker/scripts/install-s6
+++ b/docker/scripts/install-s6
@ -8,8 +8,8 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
-S6_OVERLAY_VERSION=1.22.1.0
+S6_OVERLAY_VERSION=3.1.4.1
-TARGETPLATFORM=$1
+TARGETPLATFORM=${1:unspecified}
 # Determine the correct binary file for the architecture given
 case $TARGETPLATFORM in
@ -22,13 +22,17 @@ case $TARGETPLATFORM in
 		;;
 	*)
-		S6_ARCH=amd64
+		S6_ARCH=x86_64
 		;;
 esac
 echo -e "${BLUE}❯ ${CYAN}Installing S6-overlay v${S6_OVERLAY_VERSION} for ${YELLOW}${TARGETPLATFORM} (${S6_ARCH})${RESET}"
-curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.gz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.gz" \
+curl -L -o '/tmp/s6-overlay-noarch.tar.xz' "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz"
-	&& tar -xzf "/tmp/s6-overlay-${S6_ARCH}.tar.gz" -C /
+curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.xz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz"
 tar -C / -Jxpf '/tmp/s6-overlay-noarch.tar.xz'
 tar -C / -Jxpf "/tmp/s6-overlay-${S6_ARCH}.tar.xz"
 rm -rf "/tmp/s6-overlay-${S6_ARCH}.tar.xz"
 echo -e "${BLUE}❯ ${GREEN}S6-overlay install Complete${RESET}"
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@ -18,8 +18,8 @@ services running on this Docker host:
 ```yml
 networks:
  default:
-    external:
+    external: true
-      name: scoobydoo
+    name: scoobydoo
 ```
 Let's look at a Portainer example:
@ -38,8 +38,8 @@ services:
 networks:
  default:
-    external:
+    external: true
-      name: scoobydoo
+    name: scoobydoo
 ```
 Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
@ -151,6 +151,7 @@ You can add your custom configuration snippet files at `/data/nginx/custom` as f
 - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
 - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block
 - `/data/nginx/custom/http.conf`: Included at the end of the main http block
 - `/data/nginx/custom/events.conf`: Included at the end of the events block
 - `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
 - `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
 - `/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
@ -172,26 +173,3 @@ value by specifying it as a Docker environment variable. The default if not spec
    X_FRAME_OPTIONS: "sameorigin"
  ...
 ```
 ## OpenID Connect SSO
 You can secure any of your proxy hosts with OpenID Connect authentication, providing SSO support from an identity provider like Azure AD or KeyCloak. OpenID Connect support is provided through the [`lua-resty-openidc`](https://github.com/zmartzone/lua-resty-openidc) library of [`OpenResty`](https://github.com/openresty/openresty).
 You will need a few things to get started with OpenID Connect:
 - A registered application with your identity provider, they will provide you with a `Client ID` and a `Client Secret`. Public OpenID Connect applications (without a client secret) are not yet supported.
 - A redirect URL to send the users to after they login with the identity provider, this can be any unused URL under the proxy host, like `https://<proxy host url>/private/callback`, the server will take care of capturing that URL and redirecting you to the proxy host root. You will need to add this URL to the list of allowed redirect URLs for the application you registered with your identity provider. 
 - The well-known discovery endpoint of the identity provider you want to use, this is an URL usually with the form `https://<provider URL>/.well-known/openid-configuration`.
 After you have all this you can proceed to configure the proxy host with OpenID Connect authentication.
 You can also add some rudimentary access control through a list of allowed emails in case your identity provider doesn't let you do that, if this option is enabled, any email not on that list will be denied access to the proxied host.
 The proxy adds some headers based on the authentication result from the identity provider:
 - `X-OIDC-SUB`: The subject identifier, according to the OpenID Coonect spec: `A locally unique and never reassigned identifier within the Issuer for the End-User`.
 - `X-OIDC-EMAIL`: The email of the user that logged in, as specified in the `id_token` returned from the identity provider. The same value that will be checked for the email whitelist.
 - `X-OIDC-NAME`: The user's name claim from the `id_token`, please note that not all id tokens necessarily contain this claim.
--- a/docs/faq/README.md
+++ b/docs/faq/README.md
@ -21,3 +21,6 @@ Your best bet is to ask the [Reddit community for support](https://www.reddit.co
 Gitter is best left for anyone contributing to the project to ask for help about internals, code reviews etc.
 ## When adding username and password access control to a proxy host, I can no longer login into the app.
 Having an Access Control List (ACL) with username and password requires the browser to always send this username and password in the `Authorization` header on each request. If your proxied app also requires authentication (like Nginx Proxy Manager itself), most likely the app will also use the `Authorization` header to transmit this information, as this is the standardized header meant for this kind of information. However having multiples of the same headers is not allowed in the [internet standard](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2) and almost all apps do not support multiple values in the `Authorization` header. Hence one of the two logins will be broken. This can only be fixed by either removing one of the logins or by changing the app to use other non-standard headers for authorization.
--- a/docs/package.json
+++ b/docs/package.json
@ -16,7 +16,7 @@
    "alphanum-sort": "^1.0.2",
    "ansi-colors": "^4.1.1",
    "ansi-escapes": "^4.3.1",
-    "ansi-html": "^0.0.7",
+    "ansi-html": "^0.0.8",
    "ansi-regex": "^5.0.0",
    "ansi-styles": "^4.2.1",
    "anymatch": "^3.1.1",
@ -213,7 +213,7 @@
    "etag": "^1.8.1",
    "eventemitter3": "^4.0.4",
    "events": "^3.2.0",
-    "eventsource": "^1.0.7",
+    "eventsource": "^2.0.2",
    "evp_bytestokey": "^1.0.3",
    "execa": "^4.0.3",
    "expand-brackets": "^4.0.0",
@ -357,7 +357,7 @@
    "jsbn": "^1.1.0",
    "jsesc": "^3.0.1",
    "json-parse-better-errors": "^1.0.2",
-    "json-schema": "^0.2.5",
+    "json-schema": "^0.4.0",
    "json-schema-traverse": "^0.4.1",
    "json-stringify-safe": "^5.0.1",
    "json3": "^3.3.3",
@ -394,7 +394,7 @@
    "map-age-cleaner": "^0.1.3",
    "map-cache": "^0.2.2",
    "map-visit": "^1.0.0",
-    "markdown-it": "^11.0.0",
+    "markdown-it": "^12.3.2",
    "markdown-it-anchor": "^5.3.0",
    "markdown-it-chain": "^1.3.0",
    "markdown-it-container": "^3.0.0",
@ -434,7 +434,7 @@
    "neo-async": "^2.6.2",
    "nice-try": "^2.0.1",
    "no-case": "^3.0.3",
-    "node-forge": "^0.10.0",
+    "node-forge": "^1.0.0",
    "node-libs-browser": "^2.2.1",
    "node-releases": "^1.1.60",
    "nopt": "^4.0.3",
@ -443,7 +443,7 @@
    "normalize-url": "^5.1.0",
    "npm-run-path": "^4.0.1",
    "nprogress": "^0.2.0",
-    "nth-check": "^1.0.2",
+    "nth-check": "^2.0.1",
    "num2fraction": "^1.2.2",
    "number-is-nan": "^2.0.0",
    "oauth-sign": "^0.9.0",
@ -612,7 +612,7 @@
    "serve-index": "^1.9.1",
    "serve-static": "^1.14.1",
    "set-blocking": "^2.0.0",
-    "set-value": "^3.0.2",
+    "set-value": "^4.0.1",
    "setimmediate": "^1.0.5",
    "setprototypeof": "^1.2.0",
    "sha.js": "^2.4.11",
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@ -1,6 +1,44 @@
 # Full Setup Instructions
-## MySQL Database
+## Running the App
 Create a `docker-compose.yml` file:
 ```yml
 version: "3"
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of 
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
 ```
 Then:
 ```bash
 docker-compose up -d
 ```
 ## Using MySQL / MariaDB Database
 If you opt for the MySQL configuration you will have to provide the database server yourself. You can also use MariaDB. Here are the minimum supported versions:
@ -10,15 +48,7 @@ If you opt for the MySQL configuration you will have to provide the database ser
 It's easy to use another docker container for your database also and link it as part of the docker stack, so that's what the following examples
 are going to use.
-::: warning
+Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:
 When using a `mariadb` database, the NPM configuration file should still use the `mysql` engine!
 :::
 ## Running the App
 Via `docker-compose`:
 ```yml
 version: "3"
@ -27,24 +57,18 @@ services:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
-      # Public HTTP Port:
+      # These ports are in format <host-port>:<container-port>
-      - '80:80'
+      - '80:80' # Public HTTP Port
-      # Public HTTPS Port:
+      - '443:443' # Public HTTPS Port
-      - '443:443'
+      - '81:81' # Admin Web Port
      # Admin Web Port:
      - '81:81'
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # These are the settings to access your db
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # If you would rather use Sqlite uncomment this
      # and remove all DB_MYSQL_* lines above
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
@ -52,6 +76,7 @@ services:
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
@ -64,13 +89,11 @@ services:
      - ./data/mysql:/var/lib/mysql
 ```
-_Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use Sqlite._
+::: warning
-Then:
+Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use SQLite.
-```bash
+:::
 docker-compose up -d
 ```
 ## Running on Raspberry PI / ARM devices
@ -84,62 +107,12 @@ you don't have to worry about doing anything special and you can follow the comm
 Check out the [dockerhub tags](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags)
 for a list of supported architectures and if you want one that doesn't exist,
-[create a feature request](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
+[create a feature request](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
 Also, if you don't know how to already, follow [this guide to install docker and docker-compose](https://manre-universe.net/how-to-run-docker-and-docker-compose-on-raspbian/)
 on Raspbian.
-Via `docker-compose`:
+Please note that the `jc21/mariadb-aria:latest` image might have some problems on some ARM devices, if you want a separate database container, use the `yobasystems/alpine-mariadb:latest` image.
 ```yml
 version: "3"
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:443'
      # Admin Web Port:
      - '81:81'
    environment:
      # These are the settings to access your db
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "changeuser"
      DB_MYSQL_PASSWORD: "changepass"
      DB_MYSQL_NAME: "npm"
      # If you would rather use Sqlite uncomment this
      # and remove all DB_MYSQL_* lines above
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data/nginx-proxy-manager:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: yobasystems/alpine-mariadb:latest
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: "changeme"
      MYSQL_DATABASE: "npm"
      MYSQL_USER: "changeuser"
      MYSQL_PASSWORD: "changepass"
    volumes:
      - ./data/mariadb:/var/lib/mysql
 ```
 _Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` var>
 Then:
 ```bash
 docker-compose up -d
 ```
 ## Initial Run
--- a/docs/third-party/README.md
+++ b/docs/third-party/README.md
@ -1,6 +1,6 @@
 # Third Party
-As this software gains popularity it's common to see it integrated with other platforms. Please be aware that unless specifically mentioned in the documenation of those
+As this software gains popularity it's common to see it integrated with other platforms. Please be aware that unless specifically mentioned in the documentation of those
 integrations, they are *not supported* by me.
 Known integrations:
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -967,6 +967,51 @@
    lodash "^4.17.19"
    to-fast-properties "^2.0.0"
 "@jridgewell/gen-mapping@^0.3.0":
  version "0.3.2"
  resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz#c1aedc61e853f2bb9f5dfe6d4442d3b565b253b9"
  integrity sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==
  dependencies:
    "@jridgewell/set-array" "^1.0.1"
    "@jridgewell/sourcemap-codec" "^1.4.10"
    "@jridgewell/trace-mapping" "^0.3.9"
 "@jridgewell/resolve-uri@^3.0.3":
  version "3.1.0"
  resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78"
  integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==
 "@jridgewell/set-array@^1.0.1":
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/@jridgewell/set-array/-/set-array-1.1.2.tgz#7c6cf998d6d20b914c0a55a91ae928ff25965e72"
  integrity sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==
 "@jridgewell/source-map@^0.3.2":
  version "0.3.2"
  resolved "https://registry.yarnpkg.com/@jridgewell/source-map/-/source-map-0.3.2.tgz#f45351aaed4527a298512ec72f81040c998580fb"
  integrity sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==
  dependencies:
    "@jridgewell/gen-mapping" "^0.3.0"
    "@jridgewell/trace-mapping" "^0.3.9"
 "@jridgewell/sourcemap-codec@^1.4.10":
  version "1.4.14"
  resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24"
  integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==
 "@jridgewell/trace-mapping@^0.3.9":
  version "0.3.14"
  resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz#b231a081d8f66796e475ad588a1ef473112701ed"
  integrity sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==
  dependencies:
    "@jridgewell/resolve-uri" "^3.0.3"
    "@jridgewell/sourcemap-codec" "^1.4.10"
 "@leichtgewicht/ip-codec@^2.0.1":
  version "2.0.4"
  resolved "https://registry.yarnpkg.com/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz#b2ac626d6cb9c8718ab459166d4bb405b8ffa78b"
  integrity sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A==
 "@mrmlnc/readdir-enhanced@^2.2.1":
  version "2.2.1"
  resolved "https://registry.yarnpkg.com/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz#524af240d1a360527b730475ecfa1344aa540dde"
@ -1478,13 +1523,13 @@ abbrev@1, abbrev@^1.1.1:
  resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
  integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
-accepts@^1.3.7, accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
+accepts@^1.3.7, accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8:
-  version "1.3.7"
+  version "1.3.8"
-  resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
+  resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e"
-  integrity sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==
+  integrity sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==
  dependencies:
-    mime-types "~2.1.24"
+    mime-types "~2.1.34"
-    negotiator "0.6.2"
+    negotiator "0.6.3"
 acorn@^6.4.1:
  version "6.4.1"
@ -1496,6 +1541,11 @@ acorn@^7.4.0:
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c"
  integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==
 acorn@^8.5.0:
  version "8.7.1"
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30"
  integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==
 agentkeepalive@^2.2.0:
  version "2.2.0"
  resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-2.2.0.tgz#c5d1bd4b129008f1163f236f86e5faea2026e2ef"
@ -1608,11 +1658,16 @@ ansi-escapes@^4.1.0, ansi-escapes@^4.2.1, ansi-escapes@^4.3.1:
  dependencies:
    type-fest "^0.11.0"
-ansi-html@0.0.7, ansi-html@^0.0.7:
+ansi-html@0.0.7:
  version "0.0.7"
  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.7.tgz#813584021962a9e9e6fd039f940d12f56ca7859e"
  integrity sha1-gTWEAhliqenm/QOflA0S9WynhZ4=
 ansi-html@^0.0.8:
  version "0.0.8"
  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.8.tgz#e969db193b12bcdfa6727b29ffd8882dc13cc501"
  integrity sha512-QROYz1I1Kj+8bTYgx0IlMBpRSCIU+7GjbE0oH+KF7QKc+qSF8YAlIutN59Db17tXN70Ono9upT9Ht0iG93W7ug==
 ansi-regex@^2.0.0:
  version "2.1.1"
  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
@ -1624,9 +1679,9 @@ ansi-regex@^4.1.0:
  integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==
 ansi-regex@^5.0.0:
-  version "5.0.0"
+  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
-  integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
+  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
 ansi-styles@^2.2.1:
  version "2.2.1"
@ -1686,6 +1741,11 @@ argparse@^1.0.10, argparse@^1.0.7:
  dependencies:
    sprintf-js "~1.0.2"
 argparse@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
 arr-diff@^4.0.0:
  version "4.0.0"
  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
@ -1830,9 +1890,9 @@ async@^2.6.2:
    lodash "^4.17.14"
 async@^3.2.0:
-  version "3.2.0"
+  version "3.2.2"
-  resolved "https://registry.yarnpkg.com/async/-/async-3.2.0.tgz#b3a2685c5ebb641d3de02d161002c60fc9f85720"
+  resolved "https://registry.yarnpkg.com/async/-/async-3.2.2.tgz#2eb7671034bb2194d45d30e31e24ec7e7f9670cd"
-  integrity sha512-TR2mEZFVOj2pLStYxLht7TyfuRzaydfpxr3k9RpHIzMgw7A64dzsdqCxH1WJyQdoe8T10nDXd9wnEigmiuHIZw==
+  integrity sha512-H0E+qZaDEfx/FY4t7iLRv1W2fFI6+pyCeTw1uN20AQPiwqwM6ojPxHxdLv4z8hi2DtnW9BOckSspLucW7pIE5g==
 asynckit@^0.4.0:
  version "0.4.0"
@ -2010,21 +2070,21 @@ bn.js@^5.1.1, bn.js@^5.1.2:
  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.1.2.tgz#c9686902d3c9a27729f43ab10f9d79c2004da7b0"
  integrity sha512-40rZaf3bUNKTVYu9sIeeEGOg7g14Yvnj9kH7b50EiwX0Q7A6umbvfI5tvHaOERH0XigqKkfLkFQxzb4e6CIXnA==
-body-parser@1.19.0, body-parser@^1.19.0:
+body-parser@1.19.2, body-parser@^1.19.0:
-  version "1.19.0"
+  version "1.19.2"
-  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.2.tgz#4714ccd9c157d44797b8b5607d72c0b89952f26e"
-  integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==
+  integrity sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.2"
    content-type "~1.0.4"
    debug "2.6.9"
    depd "~1.1.2"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    on-finished "~2.3.0"
-    qs "6.7.0"
+    qs "6.9.7"
-    raw-body "2.4.0"
+    raw-body "2.4.3"
-    type-is "~1.6.17"
+    type-is "~1.6.18"
 bonjour@^3.5.0:
  version "3.5.0"
@ -2224,6 +2284,11 @@ bytes@3.1.0, bytes@^3.1.0:
  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
  integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==
 bytes@3.1.2:
  version "3.1.2"
  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5"
  integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==
 cac@^6.5.6, cac@^6.6.1:
  version "6.6.1"
  resolved "https://registry.yarnpkg.com/cac/-/cac-6.6.1.tgz#3dde3f6943f45d42a56729ea3573c08b3e7b6a6d"
@ -2339,6 +2404,14 @@ cacheable-request@^6.0.0:
    normalize-url "^4.1.0"
    responselike "^1.0.2"
 call-bind@^1.0.0:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c"
  integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==
  dependencies:
    function-bind "^1.1.1"
    get-intrinsic "^1.0.2"
 call-me-maybe@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.1.tgz#26d208ea89e37b5cbde60250a15f031c16a4d66b"
@ -2791,12 +2864,12 @@ constants-browserify@^1.0.0:
  resolved "https://registry.yarnpkg.com/constants-browserify/-/constants-browserify-1.0.0.tgz#c20b96d8c617748aaf1c16021760cd27fcb8cb75"
  integrity sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=
-content-disposition@0.5.3, content-disposition@^0.5.3:
+content-disposition@0.5.4, content-disposition@^0.5.3:
-  version "0.5.3"
+  version "0.5.4"
-  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.3.tgz#e130caf7e7279087c5616c2007d0485698984fbd"
+  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe"
-  integrity sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==
+  integrity sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==
  dependencies:
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"
 content-type@^1.0.4, content-type@~1.0.4:
  version "1.0.4"
@ -2820,15 +2893,10 @@ cookie-signature@^1.1.0:
  resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.1.0.tgz#cc94974f91fb9a9c1bb485e95fc2b7f4b120aff2"
  integrity sha512-Alvs19Vgq07eunykd3Xy2jF0/qSNv2u7KDbAek9H5liV1UMijbqFs5cycZvv5dVsvseT/U4H8/7/w8Koh35C4A==
-cookie@0.4.0:
+cookie@0.4.2, cookie@^0.4.1:
-  version "0.4.0"
+  version "0.4.2"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432"
-  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
+  integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==
 cookie@^0.4.1:
  version "0.4.1"
  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
  integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
 copy-concurrently@^1.0.0, copy-concurrently@^1.0.5:
  version "1.0.5"
@ -3279,9 +3347,9 @@ decamelize@^4.0.0:
  integrity sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==
 decode-uri-component@^0.2.0:
-  version "0.2.0"
+  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.1.tgz#e9d7afd716fc1a7ec6ae7cc0aa3e540a1eac2e9d"
-  integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=
+  integrity sha512-XZHyaFJ6QMWhYmlz+UcmtaLeecNiXwkTGzCqG5WByt+1P1HnU6Siwf0TeP3OsZmlnGqQRSEMIxue0LLCaGY3dw==
 decompress-response@^3.3.0:
  version "3.3.0"
@ -3501,11 +3569,11 @@ dns-packet@^4.0.0:
    safe-buffer "^5.1.1"
 dns-packet@^5.2.1:
-  version "5.2.2"
+  version "5.4.0"
-  resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.2.2.tgz#e4c7d12974cc320b0c0d4b9bbbf68ac151cfe81e"
+  resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.4.0.tgz#1f88477cf9f27e78a213fb6d118ae38e759a879b"
-  integrity sha512-sQN+vLwC3PvOXiCH/oHcdzML2opFeIdVh8gjjMZrM45n4dR80QF6o3AzInQy6F9Eoc0VJYog4JpQTilt4RFLYQ==
+  integrity sha512-EgqGeaBB8hLiHLZtp/IbaDQTL8pZ0+IvwzSHA6d7VyMDM+B9hgddEMa9xjK5oYnw0ci0JQ6g2XCD7/f6cafU6g==
  dependencies:
-    ip "^1.1.5"
+    "@leichtgewicht/ip-codec" "^2.0.1"
 dns-txt@^2.0.2:
  version "2.0.2"
@ -3744,10 +3812,10 @@ entities@^1.1.1, entities@~1.1.1:
  resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56"
  integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w==
-entities@^2.0.0, entities@^2.0.3, entities@~2.0.0:
+entities@^2.0.0, entities@^2.0.3, entities@~2.1.0:
-  version "2.0.3"
+  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/entities/-/entities-2.0.3.tgz#5c487e5742ab93c15abb5da22759b8590ec03b7f"
+  resolved "https://registry.yarnpkg.com/entities/-/entities-2.1.0.tgz#992d3129cf7df6870b96c57858c249a120f8b8b5"
-  integrity sha512-MyoZ0jgnLvB2X3Lg5HqpFmn1kybDiIfEQmKzTb5apr51Rb+T3KdmMiqa70T+bhGnyv7bQ6WMj2QMHpGMmlrUYQ==
+  integrity sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==
 envify@^4.0.0, envify@^4.1.0:
  version "4.1.0"
@ -3925,6 +3993,11 @@ eventsource@^1.0.7:
  dependencies:
    original "^1.0.0"
 eventsource@^2.0.2:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-2.0.2.tgz#76dfcc02930fb2ff339520b6d290da573a9e8508"
  integrity sha512-IzUmBGPR3+oUG9dUeXynyNmf91/3zUSJg1lCktzKw47OXuhco54U3r9B7O4XX+Rb1Itm9OZ2b0RkTs10bICOxA==
 evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02"
@ -3985,16 +4058,16 @@ expand-brackets@^4.0.0:
    to-regex "^3.0.1"
 express@^4.17.1:
-  version "4.17.1"
+  version "4.17.3"
-  resolved "https://registry.yarnpkg.com/express/-/express-4.17.1.tgz#4491fc38605cf51f8629d39c2b5d026f98a4c134"
+  resolved "https://registry.yarnpkg.com/express/-/express-4.17.3.tgz#f6c7302194a4fb54271b73a1fe7a06478c8f85a1"
-  integrity sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==
+  integrity sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==
  dependencies:
-    accepts "~1.3.7"
+    accepts "~1.3.8"
    array-flatten "1.1.1"
-    body-parser "1.19.0"
+    body-parser "1.19.2"
-    content-disposition "0.5.3"
+    content-disposition "0.5.4"
    content-type "~1.0.4"
-    cookie "0.4.0"
+    cookie "0.4.2"
    cookie-signature "1.0.6"
    debug "2.6.9"
    depd "~1.1.2"
@ -4008,13 +4081,13 @@ express@^4.17.1:
    on-finished "~2.3.0"
    parseurl "~1.3.3"
    path-to-regexp "0.1.7"
-    proxy-addr "~2.0.5"
+    proxy-addr "~2.0.7"
-    qs "6.7.0"
+    qs "6.9.7"
    range-parser "~1.2.1"
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"
-    send "0.17.1"
+    send "0.17.2"
-    serve-static "1.14.1"
+    serve-static "1.14.2"
-    setprototypeof "1.1.1"
+    setprototypeof "1.2.0"
    statuses "~1.5.0"
    type-is "~1.6.18"
    utils-merge "1.0.1"
@ -4112,6 +4185,13 @@ fast-json-stable-stringify@^2.0.0, fast-json-stable-stringify@^2.1.0:
  resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
  integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==
 fast-xml-parser@^3.19.0:
  version "3.21.1"
  resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz#152a1d51d445380f7046b304672dd55d15c9e736"
  integrity sha512-FTFVjYoBOZTJekiUsawGsSYV9QL0A+zDYCRj7y34IO6Jg+2IMYEtQa+bbictpdpV8dHxXywqU7C0gRDEOFtBFg==
  dependencies:
    strnum "^1.0.4"
 fastq@^1.6.0:
  version "1.8.0"
  resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.8.0.tgz#550e1f9f59bbc65fe185cb6a9b4d95357107f481"
@ -4254,9 +4334,9 @@ flush-write-stream@^2.0.0:
    readable-stream "^3.1.1"
 follow-redirects@^1.0.0, follow-redirects@^1.12.1:
-  version "1.12.1"
+  version "1.14.8"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.12.1.tgz#de54a6205311b93d60398ebc01cf7015682312b6"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.8.tgz#016996fb9a11a100566398b1c6839337d7bfa8fc"
-  integrity sha512-tmRv0AVuR7ZyouUHLeNSiO6pqulF7dYa3s19c6t+wz9LD69/uSzdMxJ2S91nTI9U3rt/IldxpzMOFejp6f0hjg==
+  integrity sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==
 for-in@^1.0.2:
  version "1.0.2"
@ -4291,7 +4371,12 @@ form-data@~2.3.2:
    combined-stream "^1.0.6"
    mime-types "^2.1.12"
-forwarded@^0.1.2, forwarded@~0.1.2:
+forwarded@0.2.0:
  version "0.2.0"
  resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811"
  integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==
 forwarded@^0.1.2:
  version "0.1.2"
  resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.1.2.tgz#98c23dab1175657b8c0573e8ceccd91b0ff18c84"
  integrity sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=
@ -4385,6 +4470,15 @@ get-caller-file@^2.0.1, get-caller-file@^2.0.5:
  resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
  integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
 get-intrinsic@^1.0.2:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.0.tgz#7ad1dc0535f3a2904bba075772763e5051f6d05f"
  integrity sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==
  dependencies:
    function-bind "^1.1.1"
    has "^1.0.3"
    has-symbols "^1.0.3"
 get-stream@^4.0.0, get-stream@^4.1.0:
  version "4.1.0"
  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-4.1.0.tgz#c1b255575f3dc21d59bfc79cd3d2b46b1c3a54b5"
@ -4638,6 +4732,11 @@ has-symbols@^1.0.0, has-symbols@^1.0.1:
  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8"
  integrity sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==
 has-symbols@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
  integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==
 has-value@^0.3.1:
  version "0.3.1"
  resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f"
@ -4839,27 +4938,16 @@ htmlparser2@^4.1.0:
    entities "^2.0.0"
 http-cache-semantics@^4.0.0:
-  version "4.1.0"
+  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz#49e91c5cbf36c9b94bcfcd71c23d5249ec74e390"
+  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz#abe02fcb2985460bf0323be664436ec3476a6d5a"
-  integrity sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==
+  integrity sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==
 http-deceiver@^1.2.7:
  version "1.2.7"
  resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
  integrity sha1-+nFolEq5pRnTN8sL7HKE3D5yPYc=
-http-errors@1.7.2:
+http-errors@1.7.3:
  version "1.7.2"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
  integrity sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==
  dependencies:
    depd "~1.1.2"
    inherits "2.0.3"
    setprototypeof "1.1.1"
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.0"
 http-errors@1.7.3, http-errors@~1.7.2:
  version "1.7.3"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06"
  integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==
@ -4870,6 +4958,17 @@ http-errors@1.7.3, http-errors@~1.7.2:
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.0"
 http-errors@1.8.1:
  version "1.8.1"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c"
  integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==
  dependencies:
    depd "~1.1.2"
    inherits "2.0.4"
    setprototypeof "1.2.0"
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.1"
 http-errors@^1.8.0:
  version "1.8.0"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.0.tgz#75d1bbe497e1044f51e4ee9e704a62f28d336507"
@ -5530,11 +5629,11 @@ is-svg@^3.0.0:
    html-comment-regex "^1.1.0"
 is-svg@^4.2.1:
-  version "4.2.2"
+  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/is-svg/-/is-svg-4.2.2.tgz#a4ea0f3f78dada7085db88f1e85b6f845626cfae"
+  resolved "https://registry.yarnpkg.com/is-svg/-/is-svg-4.3.0.tgz#3e46a45dcdb2780e42a3c8538154d7f7bfc07216"
-  integrity sha512-JlA7Mc7mfWjdxxTkJ094oUK9amGD7gQaj5xA/NCY0vlVvZ1stmj4VX+bRuwOMN93IHRZ2ctpPH/0FO6DqvQ5Rw==
+  integrity sha512-Np3TOGLVr0J27VDaS/gVE7bT45ZcSmX4pMmMTsPjqO8JY383fuPIcWmZr3QsHVWhqhZWxSdmW+tkkl3PWOB0Nw==
  dependencies:
-    html-comment-regex "^1.1.2"
+    fast-xml-parser "^3.19.0"
 is-symbol@^1.0.2, is-symbol@^1.0.3:
  version "1.0.3"
@ -5714,10 +5813,10 @@ json-schema@0.2.3:
  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
  integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=
-json-schema@^0.2.5:
+json-schema@^0.4.0:
-  version "0.2.5"
+  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.5.tgz#97997f50972dd0500214e208c407efa4b5d7063b"
+  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5"
-  integrity sha512-gWJOWYFrhQ8j7pVm0EM8Slr+EPVq1Phf6lvzvD/WCeqkrx/f2xBI0xOsRRS9xCn3I4vKtP519dvs3TP09r24wQ==
+  integrity sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==
 json-stringify-safe@^5.0.1, json-stringify-safe@~5.0.1:
  version "5.0.1"
@ -5742,11 +5841,9 @@ json5@^1.0.1:
    minimist "^1.2.0"
 json5@^2.1.2, json5@^2.1.3:
-  version "2.1.3"
+  version "2.2.2"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.1.3.tgz#c9b0f7fa9233bfe5807fe66fcf3a5617ed597d43"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.2.tgz#64471c5bdcc564c18f7c1d4df2e2297f2457c5ab"
-  integrity sha512-KXPvOm8K9IJKFM0bmdn8QXh7udDh1g/giieX0NLCaMnb4hEiVFqnop2ImTXCc5e0/oHz3LTqmHGtExn5hfMkOA==
+  integrity sha512-46Tk9JiOL2z7ytNQWFLpj99RZkVgeHf87yGQKsIkaPz1qSH9UczKH1rO7K3wgRselo0tYMUNfecYpm/p1vC7tQ==
  dependencies:
    minimist "^1.2.5"
 jsonfile@^4.0.0:
  version "4.0.0"
@ -5915,9 +6012,9 @@ loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^1.4
    json5 "^1.0.1"
 loader-utils@^2.0.0:
-  version "2.0.0"
+  version "2.0.4"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.0.tgz#e4cace5b816d425a166b5f097e10cd12b36064b0"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c"
-  integrity sha512-rP4F0h2RaWSvPEkD7BLDFQnvSf+nK+wr3ESUjNTyAGobqrijmW92zc+SO6d4p4B1wh7+B/Jg1mkQe5NYUEHtHQ==
+  integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==
  dependencies:
    big.js "^5.2.2"
    emojis-list "^3.0.0"
@ -6135,13 +6232,13 @@ markdown-it-table-of-contents@^0.4.0, markdown-it-table-of-contents@^0.4.4:
  resolved "https://registry.yarnpkg.com/markdown-it-table-of-contents/-/markdown-it-table-of-contents-0.4.4.tgz#3dc7ce8b8fc17e5981c77cc398d1782319f37fbc"
  integrity sha512-TAIHTHPwa9+ltKvKPWulm/beozQU41Ab+FIefRaQV1NRnpzwcV9QOe6wXQS5WLivm5Q/nlo0rl6laGkMDZE7Gw==
-markdown-it@^11.0.0:
+markdown-it@^12.3.2:
-  version "11.0.0"
+  version "12.3.2"
-  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-11.0.0.tgz#dbfc30363e43d756ebc52c38586b91b90046b876"
+  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-12.3.2.tgz#bf92ac92283fe983fe4de8ff8abfb5ad72cd0c90"
-  integrity sha512-+CvOnmbSubmQFSA9dKz1BRiaSMV7rhexl3sngKqFyXSagoA3fBdJQ8oZWtRy2knXdpDXaBw44euz37DeJQ9asg==
+  integrity sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==
  dependencies:
-    argparse "^1.0.7"
+    argparse "^2.0.1"
-    entities "~2.0.0"
+    entities "~2.1.0"
    linkify-it "^3.0.1"
    mdurl "^1.0.1"
    uc.micro "^1.0.5"
@ -6296,6 +6393,11 @@ mime-db@1.44.0, "mime-db@>= 1.43.0 < 2", mime-db@^1.44.0:
  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.44.0.tgz#fa11c5eb0aca1334b4233cb4d52f10c5a6272f92"
  integrity sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==
 mime-db@1.52.0:
  version "1.52.0"
  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
  integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
 mime-types@^2.1.12, mime-types@^2.1.26, mime-types@^2.1.27, mime-types@~2.1.17, mime-types@~2.1.19, mime-types@~2.1.24:
  version "2.1.27"
  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.27.tgz#47949f98e279ea53119f5722e0f34e529bec009f"
@ -6303,6 +6405,13 @@ mime-types@^2.1.12, mime-types@^2.1.26, mime-types@^2.1.27, mime-types@~2.1.17,
  dependencies:
    mime-db "1.44.0"
 mime-types@~2.1.34:
  version "2.1.35"
  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a"
  integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
  dependencies:
    mime-db "1.52.0"
 mime@1.6.0:
  version "1.6.0"
  resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
@ -6373,9 +6482,9 @@ minimatch@^3.0.4:
    brace-expansion "^1.1.7"
 minimist@^1.2.0, minimist@^1.2.5:
-  version "1.2.5"
+  version "1.2.6"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 minipass-collect@^1.0.2:
  version "1.0.2"
@ -6492,10 +6601,10 @@ ms@2.0.0:
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
  integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
-ms@2.1.1:
+ms@2.1.3:
-  version "2.1.1"
+  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
-  integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
 ms@^2.0.0, ms@^2.1.1, ms@^2.1.2:
  version "2.1.2"
@ -6555,7 +6664,12 @@ nanomatch@^1.2.13, nanomatch@^1.2.9:
    snapdragon "^0.8.1"
    to-regex "^3.0.1"
-negotiator@0.6.2, negotiator@^0.6.2:
+negotiator@0.6.3:
  version "0.6.3"
  resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd"
  integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
 negotiator@^0.6.2:
  version "0.6.2"
  resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.2.tgz#feacf7ccf525a77ae9634436a64883ffeca346fb"
  integrity sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==
@ -6595,10 +6709,10 @@ node-forge@0.9.0:
  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.9.0.tgz#d624050edbb44874adca12bb9a52ec63cb782579"
  integrity sha512-7ASaDa3pD+lJ3WvXFsxekJQelBKRpne+GOVbLbtHYdd7pFspyeuJHnWfLplGf3SwKGbfs/aYl5V/JCIaHVUKKQ==
-node-forge@^0.10.0:
+node-forge@^1.0.0:
-  version "0.10.0"
+  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.0.tgz#37a874ea723855f37db091e6c186e5b67a01d4b2"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+  integrity sha512-08ARB91bUi6zNKzVmaj3QO7cr397uiDT2nJ63cHjyNtCTWIgvS47j3eT0WfzUwS9+6Z5YshRaoasFkXCKrIYbA==
 node-libs-browser@^2.2.1:
  version "2.2.1"
@ -6726,6 +6840,13 @@ nth-check@^1.0.2, nth-check@~1.0.1:
  dependencies:
    boolbase "~1.0.0"
 nth-check@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-2.0.1.tgz#2efe162f5c3da06a28959fbd3db75dbeea9f0fc2"
  integrity sha512-it1vE95zF6dTT9lBsYbxvqh0Soy4SPowchj0UBGj/V6cTPnXXtQOPUbhZ6CmGzAD/rW22LQK6E96pcdJXk4A4w==
  dependencies:
    boolbase "^1.0.0"
 num2fraction@^1.2.2:
  version "1.2.2"
  resolved "https://registry.yarnpkg.com/num2fraction/-/num2fraction-1.2.2.tgz#6f682b6a027a4e9ddfa4564cd2589d1d4e669ede"
@ -6769,6 +6890,11 @@ object-inspect@^1.7.0, object-inspect@^1.8.0:
  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.8.0.tgz#df807e5ecf53a609cc6bfe93eac3cc7be5b3a9d0"
  integrity sha512-jLdtEOB112fORuypAyl/50VRVIBIdVQOSUUGQHzJ4xBSbit81zRarz7GThkEFZy1RceYrWYcPcBFPQwHyAc1gA==
 object-inspect@^1.9.0:
  version "1.12.3"
  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9"
  integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==
 object-is@^1.0.1, object-is@^1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.2.tgz#c5d2e87ff9e119f78b7a088441519e2eec1573b6"
@ -7652,9 +7778,9 @@ postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.14, postcss@^7.0.26, postcss@^7.0.2
    supports-color "^6.1.0"
 postcss@^8.2.10:
-  version "8.2.10"
+  version "8.2.13"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.2.10.tgz#ca7a042aa8aff494b334d0ff3e9e77079f6f702b"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.2.13.tgz#dbe043e26e3c068e45113b1ed6375d2d37e2129f"
-  integrity sha512-b/h7CPV7QEdrqIxtAf2j31U5ef05uBDuvoXv6L51Q4rcS1jdlXAVKJv+atCFdUXYl9dyTHGyoMzIepwowRJjFw==
+  integrity sha512-FCE5xLH+hjbzRdpbRb1IMCvPv9yZx2QnDarBEYSN0N0HYk+TcXsEhwdFcFb+SRWOKzKGErhIEbBK2ogyLdTtfQ==
  dependencies:
    colorette "^1.2.2"
    nanoid "^3.1.22"
@ -7699,9 +7825,9 @@ pretty-time@^1.1.0:
  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.24.0"
+  version "1.27.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.27.0.tgz#bb6ee3138a0b438a3653dd4d6ce0cc6510a45057"
-  integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ==
+  integrity sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==
 private@^0.1.8:
  version "0.1.8"
@ -7723,12 +7849,12 @@ promise-inflight@^1.0.1:
  resolved "https://registry.yarnpkg.com/promise-inflight/-/promise-inflight-1.0.1.tgz#98472870bf228132fcbdd868129bad12c3c029e3"
  integrity sha1-mEcocL8igTL8vdhoEputEsPAKeM=
-proxy-addr@^2.0.6, proxy-addr@~2.0.5:
+proxy-addr@^2.0.6, proxy-addr@~2.0.7:
-  version "2.0.6"
+  version "2.0.7"
-  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.6.tgz#fdc2336505447d3f2f2c638ed272caf614bbb2bf"
+  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"
-  integrity sha512-dh/frvCBVmSsDYzw6n926jv974gddhkFPfiN8hPOi30Wax25QZyZEGveluCgliBnqmuM+UJmBErbAUFIoDbjOw==
+  integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
  dependencies:
-    forwarded "~0.1.2"
+    forwarded "0.2.0"
    ipaddr.js "1.9.1"
 prr@^1.0.1, prr@~1.0.1:
@ -7819,15 +7945,17 @@ q@^1.1.2, q@^1.5.1:
  resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7"
  integrity sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=
-qs@6.7.0:
+qs@6.9.7:
-  version "6.7.0"
+  version "6.9.7"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"
-  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
+  integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==
 qs@^6.9.4:
-  version "6.9.4"
+  version "6.10.3"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.4.tgz#9090b290d1f91728d3c22e54843ca44aea5ab687"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.3.tgz#d6cde1b2ffca87b5aa57889816c5f81535e22e8e"
-  integrity sha512-A1kFqHekCTM7cz0udomYUoYNWjBebHm/5wzU/XqrBRBNWectVH0QIiN+NEcZ0Dte5hvzHwbr8+XQmguPhJ6WdQ==
+  integrity sha512-wr7M2E0OFRfIfJZjKGieI8lBKb7fRCH4Fv5KNPEs7gJ8jadvotdsS08PzOKR7opXhZ/Xkjtt3WF9g38drmyRqQ==
  dependencies:
    side-channel "^1.0.4"
 qs@~6.5.2:
  version "6.5.2"
@ -7895,13 +8023,13 @@ range-parser@^1.2.1, range-parser@~1.2.1:
  resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
  integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
-raw-body@2.4.0:
+raw-body@2.4.3:
-  version "2.4.0"
+  version "2.4.3"
-  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.0.tgz#a1ce6fb9c9bc356ca52e89256ab59059e13d0332"
+  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.3.tgz#8f80305d11c2a0a545c2d9d89d7a0286fcead43c"
-  integrity sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==
+  integrity sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.2"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    unpipe "1.0.0"
@ -8254,7 +8382,7 @@ safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
-safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@^5.2.1, safe-buffer@~5.2.0:
+safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@^5.2.1, safe-buffer@~5.2.0:
  version "5.2.1"
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
  integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
@ -8353,10 +8481,10 @@ semver@^7.3.2:
  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.2.tgz#604962b052b81ed0786aae84389ffba70ffd3938"
  integrity sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==
-send@0.17.1, send@^0.17.1:
+send@0.17.2, send@^0.17.1:
-  version "0.17.1"
+  version "0.17.2"
-  resolved "https://registry.yarnpkg.com/send/-/send-0.17.1.tgz#c1d8b059f7900f7466dd4938bdc44e11ddb376c8"
+  resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820"
-  integrity sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==
+  integrity sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==
  dependencies:
    debug "2.6.9"
    depd "~1.1.2"
@ -8365,9 +8493,9 @@ send@0.17.1, send@^0.17.1:
    escape-html "~1.0.3"
    etag "~1.8.1"
    fresh "0.5.2"
-    http-errors "~1.7.2"
+    http-errors "1.8.1"
    mime "1.6.0"
-    ms "2.1.1"
+    ms "2.1.3"
    on-finished "~2.3.0"
    range-parser "~1.2.1"
    statuses "~1.5.0"
@ -8404,15 +8532,15 @@ serve-index@^1.9.1:
    mime-types "~2.1.17"
    parseurl "~1.3.2"
-serve-static@1.14.1, serve-static@^1.14.1:
+serve-static@1.14.2, serve-static@^1.14.1:
-  version "1.14.1"
+  version "1.14.2"
-  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.1.tgz#666e636dc4f010f7ef29970a88a674320898b2f9"
+  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.2.tgz#722d6294b1d62626d41b43a013ece4598d292bfa"
-  integrity sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==
+  integrity sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==
  dependencies:
    encodeurl "~1.0.2"
    escape-html "~1.0.3"
    parseurl "~1.3.3"
-    send "0.17.1"
+    send "0.17.2"
 set-blocking@^2.0.0:
  version "2.0.0"
@ -8436,13 +8564,20 @@ set-value@^2.0.0, set-value@^2.0.1:
    is-plain-object "^2.0.3"
    split-string "^3.0.1"
-set-value@^3.0.0, set-value@^3.0.2:
+set-value@^3.0.0:
  version "3.0.2"
  resolved "https://registry.yarnpkg.com/set-value/-/set-value-3.0.2.tgz#74e8ecd023c33d0f77199d415409a40f21e61b90"
  integrity sha512-npjkVoz+ank0zjlV9F47Fdbjfj/PfXyVhZvGALWsyIYU/qrMzpi6avjKW3/7KeSU2Df3I46BrN1xOI1+6vW0hA==
  dependencies:
    is-plain-object "^2.0.4"
 set-value@^4.0.1:
  version "4.0.1"
  resolved "https://registry.yarnpkg.com/set-value/-/set-value-4.0.1.tgz#bc23522ade2d52314ec3b5d6fb140f5cd3a88acf"
  integrity sha512-ayATicCYPVnlNpFmjq2/VmVwhoCQA9+13j8qWp044fmFE3IFphosPtRM+0CJ5xoIx5Uy52fCcwg3XeH2pHbbPQ==
  dependencies:
    is-plain-object "^2.0.4"
 setimmediate@^1.0.4, setimmediate@^1.0.5:
  version "1.0.5"
  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
@ -8502,13 +8637,14 @@ shebang-regex@^3.0.0:
  resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172"
  integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==
-side-channel@^1.0.2:
+side-channel@^1.0.2, side-channel@^1.0.4:
-  version "1.0.2"
+  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.2.tgz#df5d1abadb4e4bf4af1cd8852bf132d2f7876947"
+  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.4.tgz#efce5c8fdc104ee751b25c58d4290011fa5ea2cf"
-  integrity sha512-7rL9YlPHg7Ancea1S96Pa8/QWb4BtXL/TZvS6B8XFetGBeuhAsfmUspK6DokBeZ64+Kj9TCNRD/30pVz1BvQNA==
+  integrity sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==
  dependencies:
-    es-abstract "^1.17.0-next.1"
+    call-bind "^1.0.0"
-    object-inspect "^1.7.0"
+    get-intrinsic "^1.0.2"
    object-inspect "^1.9.0"
 signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3:
  version "3.0.3"
@ -8740,10 +8876,10 @@ source-map-resolve@^0.6.0:
    atob "^2.1.2"
    decode-uri-component "^0.2.0"
-source-map-support@^0.5.19, source-map-support@~0.5.12:
+source-map-support@^0.5.19, source-map-support@~0.5.12, source-map-support@~0.5.20:
-  version "0.5.19"
+  version "0.5.21"
-  resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.19.tgz#a98b62f86dcaf4f67399648c085291ab9e8fed61"
+  resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f"
-  integrity sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==
+  integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==
  dependencies:
    buffer-from "^1.0.0"
    source-map "^0.6.0"
@ -9066,6 +9202,11 @@ strip-json-comments@~2.0.1:
  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
  integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=
 strnum@^1.0.4:
  version "1.0.5"
  resolved "https://registry.yarnpkg.com/strnum/-/strnum-1.0.5.tgz#5c4e829fe15ad4ff0d20c3db5ac97b73c9b072db"
  integrity sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==
 stylehacks@^4.0.0, stylehacks@^4.0.3:
  version "4.0.3"
  resolved "https://registry.yarnpkg.com/stylehacks/-/stylehacks-4.0.3.tgz#6718fcaf4d1e07d8a1318690881e8d96726a71d5"
@ -9210,13 +9351,14 @@ terser@^4.1.2:
    source-map-support "~0.5.12"
 terser@^5.0.0:
-  version "5.0.0"
+  version "5.14.2"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-5.0.0.tgz#269640e4e92f15d628de1e5f01c4c61e1ba3d765"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.14.2.tgz#9ac9f22b06994d736174f4091aa368db896f1c10"
-  integrity sha512-olH2DwGINoSuEpSGd+BsPuAQaA3OrHnHnFL/rDB2TVNc3srUbz/rq/j2BlF4zDXI+JqAvGr86bIm1R2cJgZ3FA==
+  integrity sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==
  dependencies:
    "@jridgewell/source-map" "^0.3.2"
    acorn "^8.5.0"
    commander "^2.20.0"
-    source-map "~0.6.1"
+    source-map-support "~0.5.20"
    source-map-support "~0.5.12"
 text-table@^0.2.0:
  version "0.2.0"
@ -9335,6 +9477,11 @@ toidentifier@1.0.0, toidentifier@^1.0.0:
  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==
 toidentifier@1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
  integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
 toml@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/toml/-/toml-3.0.0.tgz#342160f1af1904ec9d204d03a5d61222d762c5ee"
@ -9433,7 +9580,7 @@ type-fest@^0.8.1:
  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.8.1.tgz#09e249ebde851d3b1e48d27c105444667f17b83d"
  integrity sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==
-type-is@^1.6.18, type-is@~1.6.17, type-is@~1.6.18:
+type-is@^1.6.18, type-is@~1.6.18:
  version "1.6.18"
  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131"
  integrity sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
@ -9650,9 +9797,9 @@ url-parse-lax@^3.0.0:
    prepend-http "^2.0.0"
 url-parse@^1.4.3, url-parse@^1.4.7:
-  version "1.5.2"
+  version "1.5.9"
-  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.2.tgz#a4eff6fd5ff9fe6ab98ac1f79641819d13247cda"
+  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.9.tgz#05ff26484a0b5e4040ac64dcee4177223d74675e"
-  integrity sha512-6bTUPERy1muxxYClbzoRo5qtQuyoGEbzbQvi0SW4/8U8UyVkAQhWFBlnigqJkRm4su4x1zDQfNbEzWkt+vchcg==
+  integrity sha512-HpOvhKBvre8wYez+QhHcYiVvVmeF6DVnuSOOPhe3cTum3BnqHhvKaZm8FU5yTiOu/Jut2ZpB2rA/SbBA1JIGlQ==
  dependencies:
    querystringify "^2.1.1"
    requires-port "^1.0.0"
--- a/frontend/js/app/api.js
+++ b/frontend/js/app/api.js
@ -685,6 +685,16 @@ module.exports = {
                return fetch('post', 'nginx/certificates/' + id + '/renew', undefined, {timeout});
            },
            /**
             * @param  {Number}  id
             * @returns {Promise}
             */
            testHttpChallenge: function (domains) {
                return fetch('get', 'nginx/certificates/test-http?' + new URLSearchParams({
                    domains: JSON.stringify(domains),
                }));
            },
            /**
             * @param   {Number}  id
             * @returns {Promise}
--- a/frontend/js/app/audit-log/main.ejs
+++ b/frontend/js/app/audit-log/main.ejs
@ -2,6 +2,16 @@
    <div class="card-status bg-teal"></div>
    <div class="card-header">
        <h3 class="card-title"><%- i18n('audit-log', 'title') %></h3>
        <div class="card-options">
            <form class="search-form" role="search">
                <div class="input-icon">
                    <span class="input-icon-addon">
                      <i class="fe fe-search"></i>
                    </span>
                    <input name="source-query" type="text" value="" class="form-control form-control-sm" placeholder="<%- i18n('audit-log', 'search') %>" aria-label="<%- i18n('audit-log', 'search') %>">
                </div>
            </form>
        </div>
    </div>
    <div class="card-body no-padding min-100">
        <div class="dimmer active">
--- a/frontend/js/app/audit-log/main.js
+++ b/frontend/js/app/audit-log/main.js
@ -12,39 +12,68 @@ module.exports = Mn.View.extend({
    ui: {
        list_region: '.list-region',
-        dimmer:      '.dimmer'
+        dimmer:      '.dimmer',
        search:      '.search-form',
        query:       'input[name="source-query"]'
    },
    fetch: App.Api.AuditLog.getAll,
    showData: function(response) {
        this.showChildView('list_region', new ListView({
            collection: new AuditLogModel.Collection(response)
        }));
    },
    showError: function(err) {
        this.showChildView('list_region', new ErrorView({
            code:    err.code,
            message: err.message,
            retry:   function () {
                App.Controller.showAuditLog();
            }
        }));
        console.error(err);
    },
    showEmpty: function() {
        this.showChildView('list_region', new EmptyView({
            title:    App.i18n('audit-log', 'empty'),
            subtitle: App.i18n('audit-log', 'empty-subtitle')
        }));
    },
    regions: {
        list_region: '@ui.list_region'
    },
    events: {
        'submit @ui.search': function (e) {
            e.preventDefault();
            let query = this.ui.query.val();
            this.fetch(['user'], query)
                .then(response => this.showData(response))
                .catch(err => {
                    this.showError(err);
                });
        }
    },
    onRender: function () {
        let view = this;
-        App.Api.AuditLog.getAll(['user'])
+        view.fetch(['user'])
            .then(response => {
                if (!view.isDestroyed() && response && response.length) {
-                    view.showChildView('list_region', new ListView({
+                    view.showData(response);
                        collection: new AuditLogModel.Collection(response)
                    }));
                } else {
-                    view.showChildView('list_region', new EmptyView({
+                    view.showEmpty();
                        title:    App.i18n('audit-log', 'empty'),
                        subtitle: App.i18n('audit-log', 'empty-subtitle')
                    }));
                }
            })
            .catch(err => {
-                view.showChildView('list_region', new ErrorView({
+                view.showError(err);
                    code:    err.code,
                    message: err.message,
                    retry:   function () {
                        App.Controller.showAuditLog();
                    }
                }));
                console.error(err);
            })
            .then(() => {
                view.ui.dimmer.removeClass('active');
--- a/frontend/js/app/controller.js
+++ b/frontend/js/app/controller.js
@ -366,6 +366,19 @@ module.exports = {
        }
    },
    /**
     * Certificate Test Reachability
     *
     * @param model
     */
    showNginxCertificateTestReachability: function (model) {
      if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
        require(['./main', './nginx/certificates/test'], function (App, View) {
          App.UI.showModalDialog(new View({model: model}));
        });
      }
    },
    /**
     * Audit Log
     */
--- a/frontend/js/app/nginx/access/main.ejs
+++ b/frontend/js/app/nginx/access/main.ejs
@ -3,6 +3,14 @@
    <div class="card-header">
        <h3 class="card-title"><%- i18n('access-lists', 'title') %></h3>
        <div class="card-options">
            <form class="search-form" role="search">
                <div class="input-icon">
                    <span class="input-icon-addon">
                      <i class="fe fe-search"></i>
                    </span>
                    <input name="source-query" type="text" value="" class="form-control form-control-sm" placeholder="<%- i18n('access-lists', 'search') %>" aria-label="<%- i18n('access-lists', 'search') %>">
                </div>
            </form>
            <a href="#" class="btn btn-outline-secondary btn-sm ml-2 help"><i class="fe fe-help-circle"></i></a>
            <% if (showAddButton) { %>
            <a href="#" class="btn btn-outline-teal btn-sm ml-2 add-item"><%- i18n('access-lists', 'add') %></a>
--- a/frontend/js/app/nginx/access/main.js
+++ b/frontend/js/app/nginx/access/main.js
@ -14,7 +14,44 @@ module.exports = Mn.View.extend({
        list_region: '.list-region',
        add:         '.add-item',
        help:        '.help',
-        dimmer:      '.dimmer'
+        dimmer:      '.dimmer',
        search:      '.search-form',
        query:       'input[name="source-query"]'
    },
    fetch: App.Api.Nginx.AccessLists.getAll,
    showData: function(response) {
        this.showChildView('list_region', new ListView({
            collection: new AccessListModel.Collection(response)
        }));
    },
    showError: function(err) {
        this.showChildView('list_region', new ErrorView({
            code:    err.code,
            message: err.message,
            retry:   function () {
                App.Controller.showNginxAccess();
            }
        }));
        console.error(err);
    },
    showEmpty: function() {
        let manage = App.Cache.User.canManage('access_lists');
        this.showChildView('list_region', new EmptyView({
            title:      App.i18n('access-lists', 'empty'),
            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
            link:       manage ? App.i18n('access-lists', 'add') : null,
            btn_color:  'teal',
            permission: 'access_lists',
            action:     function () {
                App.Controller.showNginxAccessListForm();
            }
        }));
    },
    regions: {
@ -30,6 +67,17 @@ module.exports = Mn.View.extend({
        'click @ui.help': function (e) {
            e.preventDefault();
            App.Controller.showHelp(App.i18n('access-lists', 'help-title'), App.i18n('access-lists', 'help-content'));
        },
        'submit @ui.search': function (e) {
            e.preventDefault();
            let query = this.ui.query.val();
            this.fetch(['owner', 'items', 'clients'], query)
                .then(response => this.showData(response))
                .catch(err => {
                    this.showError(err);
                });
        }
    },
@ -40,39 +88,18 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;
-        App.Api.Nginx.AccessLists.getAll(['owner', 'items', 'clients'])
+        view.fetch(['owner', 'items', 'clients'])
            .then(response => {
                if (!view.isDestroyed()) {
                    if (response && response.length) {
-                        view.showChildView('list_region', new ListView({
+                        view.showData(response);
                            collection: new AccessListModel.Collection(response)
                        }));
                    } else {
-                        let manage = App.Cache.User.canManage('access_lists');
+                        view.showEmpty();
                        view.showChildView('list_region', new EmptyView({
                            title:      App.i18n('access-lists', 'empty'),
                            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
                            link:       manage ? App.i18n('access-lists', 'add') : null,
                            btn_color:  'teal',
                            permission: 'access_lists',
                            action:     function () {
                                App.Controller.showNginxAccessListForm();
                            }
                        }));
                    }
                }
            })
            .catch(err => {
-                view.showChildView('list_region', new ErrorView({
+                view.showError(err);
                    code:    err.code,
                    message: err.message,
                    retry:   function () {
                        App.Controller.showNginxAccess();
                    }
                }));
                console.error(err);
            })
            .then(() => {
                view.ui.dimmer.removeClass('active');
--- a/frontend/js/app/nginx/certificates/form.ejs
+++ b/frontend/js/app/nginx/certificates/form.ejs
@ -18,6 +18,14 @@
                            <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>" required>
                            <div class="text-blue"><i class="fe fe-alert-triangle"></i> <%- i18n('ssl', 'hosts-warning') %></div>
                        </div>
                        <div class="mb-3 test-domains-container">
                            <button type="button" class="btn btn-secondary test-domains col-sm-12"><%- i18n('certificates', 'test-reachability') %></button>
                            <div class="text-secondary small">
                                <i class="fe fe-info"></i> 
                                <%- i18n('certificates', 'reachability-info') %>
                            </div>
                        </div>
                    </div>
                    <div class="col-sm-12 col-md-12">
                        <div class="form-group">
--- a/frontend/js/app/nginx/certificates/form.js
+++ b/frontend/js/app/nginx/certificates/form.js
@ -29,6 +29,8 @@ module.exports = Mn.View.extend({
        non_loader_content:                   '.non-loader-content',
        le_error_info:                        '#le-error-info',
        domain_names:                         'input[name="domain_names"]',
        test_domains_container:               '.test-domains-container',
        test_domains_button:                  '.test-domains',
        buttons:                              '.modal-footer button',
        cancel:                               'button.cancel',
        save:                                 'button.save',
@ -56,10 +58,12 @@ module.exports = Mn.View.extend({
                    this.ui.dns_provider_credentials.prop('required', 'required');
                }
                this.ui.dns_challenge_content.show();
                this.ui.test_domains_container.hide();
            } else {
                this.ui.dns_provider.prop('required', false);
                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.dns_challenge_content.hide();                
+                this.ui.dns_challenge_content.hide();
                this.ui.test_domains_container.show();            
            }
        },
@ -205,6 +209,23 @@ module.exports = Mn.View.extend({
                    this.ui.non_loader_content.show();
                });
        },
        'click @ui.test_domains_button': function (e) {
            e.preventDefault();
            const domainNames = this.ui.domain_names[0].value.split(',');
            if (domainNames && domainNames.length > 0) {
                this.model.set('domain_names', domainNames);
                this.model.set('back_to_add', true);
                App.Controller.showNginxCertificateTestReachability(this.model);
            }
        },
        'change @ui.domain_names': function(e){
            const domainNames = e.target.value.split(',');
            if (domainNames && domainNames.length > 0) {
                this.ui.test_domains_button.prop('disabled', false);
            } else {
                this.ui.test_domains_button.prop('disabled', true);
            }
        },
        'change @ui.other_certificate_key': function(e){
            this.setFileName("other_certificate_key_label", e)
        },
@ -257,6 +278,12 @@ module.exports = Mn.View.extend({
        this.ui.credentials_file_content.hide(); 
        this.ui.loader_content.hide();
        this.ui.le_error_info.hide();
        if (this.ui.domain_names[0]) {
            const domainNames = this.ui.domain_names[0].value.split(',');
            if (!domainNames || domainNames.length === 0 || (domainNames.length === 1 && domainNames[0] === "")) {
                this.ui.test_domains_button.prop('disabled', true);
            }
        }
    },
    initialize: function (options) {
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -42,6 +42,9 @@
            <% if (provider === 'letsencrypt') { %>
                <a href="#" class="renew dropdown-item"><i class="dropdown-icon fe fe-refresh-cw"></i> <%- i18n('certificates', 'force-renew') %></a>
                <a href="#" class="download dropdown-item"><i class="dropdown-icon fe fe-download"></i> <%- i18n('certificates', 'download') %></a>
                <% if (meta.dns_challenge === false) { %>
                    <a href="#" class="test dropdown-item"><i class="dropdown-icon fe fe-globe"></i> <%- i18n('certificates', 'test-reachability') %></a>
                <% } %>
                <div class="dropdown-divider"></div>
            <% } %>
            <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
--- a/frontend/js/app/nginx/certificates/list/item.js
+++ b/frontend/js/app/nginx/certificates/list/item.js
@ -2,7 +2,7 @@ const Mn            = require('backbone.marionette');
 const moment        = require('moment');
 const App           = require('../../../main');
 const template      = require('./item.ejs');
-const dns_providers = require('../../../../../../global/certbot-dns-plugins')
+const dns_providers = require('../../../../../../global/certbot-dns-plugins');
 module.exports = Mn.View.extend({
    template: template,
@ -12,7 +12,8 @@ module.exports = Mn.View.extend({
        host_link: '.host-link',
        renew:     'a.renew',
        delete:    'a.delete',
-        download:  'a.download'
+        download:  'a.download',
        test:      'a.test'
    },
    events: {
@ -31,11 +32,16 @@ module.exports = Mn.View.extend({
            let win = window.open($(e.currentTarget).attr('rel'), '_blank');
            win.focus();
        },
-        
+                
        'click @ui.download': function (e) {
            e.preventDefault();
-            App.Api.Nginx.Certificates.download(this.model.get('id'))
+            App.Api.Nginx.Certificates.download(this.model.get('id'));
-        }
+        },
        'click @ui.test': function (e) {
            e.preventDefault();
            App.Controller.showNginxCertificateTestReachability(this.model);
        },
    },
    templateContext: {
--- a/frontend/js/app/nginx/certificates/main.ejs
+++ b/frontend/js/app/nginx/certificates/main.ejs
@ -3,6 +3,14 @@
    <div class="card-header">
        <h3 class="card-title"><%- i18n('certificates', 'title') %></h3>
        <div class="card-options">
            <form class="search-form" role="search">
                <div class="input-icon">
                    <span class="input-icon-addon">
                      <i class="fe fe-search"></i>
                    </span>
                    <input name="source-query" type="text" value="" class="form-control form-control-sm" placeholder="<%- i18n('certificates', 'search') %>" aria-label="<%- i18n('certificates', 'search') %>">
                </div>
            </form>
            <a href="#" class="btn btn-outline-secondary btn-sm ml-2 help"><i class="fe fe-help-circle"></i></a>
            <% if (showAddButton) { %>
            <div class="dropdown">
--- a/frontend/js/app/nginx/certificates/main.js
+++ b/frontend/js/app/nginx/certificates/main.js
@ -14,7 +14,44 @@ module.exports = Mn.View.extend({
        list_region: '.list-region',
        add:         '.add-item',
        help:        '.help',
-        dimmer:      '.dimmer'
+        dimmer:      '.dimmer',
        search:      '.search-form',
        query:       'input[name="source-query"]'
    },
    fetch: App.Api.Nginx.Certificates.getAll,
    showData: function(response) {
        this.showChildView('list_region', new ListView({
            collection: new CertificateModel.Collection(response)
        }));
    },
    showError: function(err) {
        this.showChildView('list_region', new ErrorView({
            code:    err.code,
            message: err.message,
            retry:   function () {
                App.Controller.showNginxCertificates();
            }
        }));
        console.error(err);
    },
    showEmpty: function() {
        let manage = App.Cache.User.canManage('certificates');
        this.showChildView('list_region', new EmptyView({
            title:      App.i18n('certificates', 'empty'),
            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
            link:       manage ? App.i18n('certificates', 'add') : null,
            btn_color:  'pink',
            permission: 'certificates',
            action:     function () {
                App.Controller.showNginxCertificateForm();
            }
        }));
    },
    regions: {
@ -31,6 +68,17 @@ module.exports = Mn.View.extend({
        'click @ui.help': function (e) {
            e.preventDefault();
            App.Controller.showHelp(App.i18n('certificates', 'help-title'), App.i18n('certificates', 'help-content'));
        },
        'submit @ui.search': function (e) {
            e.preventDefault();
            let query = this.ui.query.val();
            this.fetch(['owner'], query)
                .then(response => this.showData(response))
                .catch(err => {
                    this.showError(err);
                });
        }
    },
@ -41,39 +89,18 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;
-        App.Api.Nginx.Certificates.getAll(['owner'])
+        view.fetch(['owner'])
            .then(response => {
                if (!view.isDestroyed()) {
                    if (response && response.length) {
-                        view.showChildView('list_region', new ListView({
+                        view.showData(response);
                            collection: new CertificateModel.Collection(response)
                        }));
                    } else {
-                        let manage = App.Cache.User.canManage('certificates');
+                        view.showEmpty();
                        view.showChildView('list_region', new EmptyView({
                            title:      App.i18n('certificates', 'empty'),
                            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
                            link:       manage ? App.i18n('certificates', 'add') : null,
                            btn_color:  'pink',
                            permission: 'certificates',
                            action:     function () {
                                App.Controller.showNginxCertificateForm();
                            }
                        }));
                    }
                }
            })
            .catch(err => {
-                view.showChildView('list_region', new ErrorView({
+                view.showError(err);
                    code:    err.code,
                    message: err.message,
                    retry:   function () {
                        App.Controller.showNginxCertificates();
                    }
                }));
                console.error(err);
            })
            .then(() => {
                view.ui.dimmer.removeClass('active');
--- a/frontend/js/app/nginx/certificates/test.ejs
+++ b/frontend/js/app/nginx/certificates/test.ejs
@ -0,0 +1,15 @@
 <div class="modal-content">
    <div class="modal-header">
        <h5 class="modal-title"><%- i18n('certificates', 'reachability-title') %></h5>
    </div>
    <div class="modal-body">
        <div class="waiting text-center">
            <%= i18n('str', 'please-wait') %>
        </div>
        <div class="alert alert-danger error" role="alert"></div>
        <div class="alert alert-success success" role="alert"></div>
    </div>
    <div class="modal-footer">
        <button type="button" class="btn btn-secondary cancel" disabled><%- i18n('str', 'close') %></button>
    </div>
 </div>
--- a/frontend/js/app/nginx/certificates/test.js
+++ b/frontend/js/app/nginx/certificates/test.js
@ -0,0 +1,75 @@
 const Mn       = require('backbone.marionette');
 const App      = require('../../main');
 const template = require('./test.ejs');
 module.exports = Mn.View.extend({
 	template:  template,
 	className: 'modal-dialog',
 	ui: {
 		waiting: '.waiting',
 		error:   '.error',
 		success: '.success',
 		close:   'button.cancel'
 	},
    events: {
        'click @ui.close': function (e) {
            e.preventDefault();
            if (this.model.get('back_to_add')) {
                App.Controller.showNginxCertificateForm(this.model);
            } else {
                App.UI.closeModal();
            }
        },
    },
 	onRender: function () {
 		this.ui.error.hide();
 		this.ui.success.hide();
 		App.Api.Nginx.Certificates.testHttpChallenge(this.model.get('domain_names'))
 			.then((result) => {
 				let allOk = true;
 				let text  = '';
 				for (const domain in result) {
 					const status = result[domain];
 					if (status === 'ok') {
 						text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-ok')}</p>`;
 					} else {
 						allOk = false;
 						if (status === 'no-host') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-not-resolved')}</p>`;
 						} else if (status === 'failed') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-failed-to-check')}</p>`;
 						} else if (status === '404') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-404')}</p>`;
 						} else if (status === 'wrong-data') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-wrong-data')}</p>`;
 						} else if (status.startsWith('other:')) {
 							const code = status.substring(6);
 							text      += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-other', {code})}</p>`;
 						} else {
 							// This should never happen
 							text += `<p><strong>${domain}:</strong> ?</p>`;
 						}
 					}
 				}
 				this.ui.waiting.hide();
 				if (allOk) {
 					this.ui.success.html(text).show();
 				} else {
 					this.ui.error.html(text).show();
 				}
 				this.ui.close.prop('disabled', false);
 			})
 			.catch((e) => {
 				console.error(e);
 				this.ui.waiting.hide();
 				this.ui.error.text(App.i18n('certificates', 'reachability-failed-to-reach-api')).show();
 				this.ui.close.prop('disabled', false);
 			});
 	}
 });
--- a/frontend/js/app/nginx/dead/delete.ejs
+++ b/frontend/js/app/nginx/dead/delete.ejs
@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
--- a/frontend/js/app/nginx/dead/main.ejs
+++ b/frontend/js/app/nginx/dead/main.ejs
@ -3,6 +3,14 @@
    <div class="card-header">
        <h3 class="card-title"><%- i18n('dead-hosts', 'title') %></h3>
        <div class="card-options">
            <form class="search-form" role="search">
                <div class="input-icon">
                    <span class="input-icon-addon">
                      <i class="fe fe-search"></i>
                    </span>
                    <input name="source-query" type="text" value="" class="form-control form-control-sm" placeholder="<%- i18n('dead-hosts', 'search') %>" aria-label="<%- i18n('dead-hosts', 'search') %>">
                </div>
            </form>
            <a href="#" class="btn btn-outline-secondary btn-sm ml-2 help"><i class="fe fe-help-circle"></i></a>
            <% if (showAddButton) { %>
            <a href="#" class="btn btn-outline-danger btn-sm ml-2 add-item"><%- i18n('dead-hosts', 'add') %></a>
--- a/frontend/js/app/nginx/dead/main.js
+++ b/frontend/js/app/nginx/dead/main.js
@ -14,7 +14,44 @@ module.exports = Mn.View.extend({
        list_region: '.list-region',
        add:         '.add-item',
        help:        '.help',
-        dimmer:      '.dimmer'
+        dimmer:      '.dimmer',
        search:      '.search-form',
        query:       'input[name="source-query"]'
    },
    fetch: App.Api.Nginx.DeadHosts.getAll,
    showData: function(response) {
        this.showChildView('list_region', new ListView({
            collection: new DeadHostModel.Collection(response)
        }));
    },
    showError: function(err) {
        this.showChildView('list_region', new ErrorView({
            code:    err.code,
            message: err.message,
            retry:   function () {
                App.Controller.showNginxDead();
            }
        }));
        console.error(err);
    },
    showEmpty: function() {
        let manage = App.Cache.User.canManage('dead_hosts');
        this.showChildView('list_region', new EmptyView({
            title:      App.i18n('dead-hosts', 'empty'),
            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
            link:       manage ? App.i18n('dead-hosts', 'add') : null,
            btn_color:  'danger',
            permission: 'dead_hosts',
            action:     function () {
                App.Controller.showNginxDeadForm();
            }
        }));
    },
    regions: {
@ -30,6 +67,17 @@ module.exports = Mn.View.extend({
        'click @ui.help': function (e) {
            e.preventDefault();
            App.Controller.showHelp(App.i18n('dead-hosts', 'help-title'), App.i18n('dead-hosts', 'help-content'));
        },
        'submit @ui.search': function (e) {
            e.preventDefault();
            let query = this.ui.query.val();
            this.fetch(['owner', 'certificate'], query)
                .then(response => this.showData(response))
                .catch(err => {
                    this.showError(err);
                });
        }
    },
@ -40,39 +88,18 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;
-        App.Api.Nginx.DeadHosts.getAll(['owner', 'certificate'])
+        view.fetch(['owner', 'certificate'])
            .then(response => {
                if (!view.isDestroyed()) {
                    if (response && response.length) {
-                        view.showChildView('list_region', new ListView({
+                        view.showData(response);
                            collection: new DeadHostModel.Collection(response)
                        }));
                    } else {
-                        let manage = App.Cache.User.canManage('dead_hosts');
+                        view.showEmpty();
                        view.showChildView('list_region', new EmptyView({
                            title:      App.i18n('dead-hosts', 'empty'),
                            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
                            link:       manage ? App.i18n('dead-hosts', 'add') : null,
                            btn_color:  'danger',
                            permission: 'dead_hosts',
                            action:     function () {
                                App.Controller.showNginxDeadForm();
                            }
                        }));
                    }
                }
            })
            .catch(err => {
-                view.showChildView('list_region', new ErrorView({
+                view.showError(err);
                    code:    err.code,
                    message: err.message,
                    retry:   function () {
                        App.Controller.showNginxDead();
                    }
                }));
                console.error(err);
            })
            .then(() => {
                view.ui.dimmer.removeClass('active');
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,2 @@`
							`# shellcheck shell=bash`
							`/etc/s6-overlay/s6-rc.d/prepare/script.sh`
		`@ -1,3 +0,0 @@`
			`#!/usr/bin/with-contenv bash`

			`s6-svscanctl -t /var/run/s6/services`