Merge ff102f4107 into 498109addb

.version

@@ -1 +1 @@
-2.12.6
+2.12.2

Jenkinsfile

@@ -241,17 +241,12 @@ pipeline {
 					}
 					steps {
 						script {
-							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev):
+							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
-```
+[DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
-nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}
+as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
-```
 
-> [!NOTE]
+**Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
-> Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
+**Note:** this is a different docker image namespace than the official image
-> This is a different docker image namespace than the official image.
-
-> [!WARNING]
-> Changes and additions to DNS Providers require verification by at least 2 members of the community!
 """, true)
 						}
 					}

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.6-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.2-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

backend/index.js

@@ -3,8 +3,6 @@
 const schema = require('./schema');
 const logger = require('./logger').global;
 
-const IP_RANGES_FETCH_ENABLED = process.env.IP_RANGES_FETCH_ENABLED !== 'false';
-
 async function appStart () {
 	const migrate             = require('./migrate');
 	const setup               = require('./setup');
@@ -15,16 +13,7 @@ async function appStart () {
 	return migrate.latest()
 		.then(setup)
 		.then(schema.getCompiledSchema)
-		.then(() => {
+		.then(internalIpRanges.fetch)
-			if (IP_RANGES_FETCH_ENABLED) {
-				logger.info('IP Ranges fetch is enabled');
-				return internalIpRanges.fetch().catch((err) => {
-					logger.error('IP Ranges fetch failed, continuing anyway:', err.message);
-				});
-			} else {
-				logger.info('IP Ranges fetch is disabled by environment variable');
-			}
-		})
 		.then(() => {
 			internalCertificate.initTimer();
 			internalIpRanges.initTimer();

backend/internal/access-list.js

@@ -1,5 +1,5 @@
 const _                     = require('lodash');
-const fs                    = require('node:fs');
+const fs                    = require('fs');
 const batchflow             = require('batchflow');
 const logger                = require('../logger').access;
 const error                 = require('../lib/error');
@@ -38,7 +38,7 @@ const internalAccessList = {
 			.then((row) => {
 				data.id = row.id;
 
-				const promises = [];
+				let promises = [];
 
 				// Now add the items
 				data.items.map((item) => {
@@ -116,7 +116,7 @@ const internalAccessList = {
 			.then((row) => {
 				if (row.id !== data.id) {
 					// Sanity check that something crazy hasn't happened
-					throw new error.InternalValidationError(`Access List could not be updated, IDs do not match: ${row.id} !== ${data.id}`);
+					throw new error.InternalValidationError('Access List could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
 				}
 			})
 			.then(() => {
@@ -135,10 +135,10 @@ const internalAccessList = {
 			.then(() => {
 				// Check for items and add/update/remove them
 				if (typeof data.items !== 'undefined' && data.items) {
-					const promises      = [];
+					let promises      = [];
-					const items_to_keep = [];
+					let items_to_keep = [];
 
-					data.items.map((item) => {
+					data.items.map(function (item) {
 						if (item.password) {
 							promises.push(accessListAuthModel
 								.query()
@@ -154,7 +154,7 @@ const internalAccessList = {
 						}
 					});
 
-					const query = accessListAuthModel
+					let query = accessListAuthModel
 						.query()
 						.delete()
 						.where('access_list_id', data.id);
@@ -175,9 +175,9 @@ const internalAccessList = {
 			.then(() => {
 				// Check for clients and add/update/remove them
 				if (typeof data.clients !== 'undefined' && data.clients) {
-					const promises = [];
+					let promises = [];
 
-					data.clients.map((client) => {
+					data.clients.map(function (client) {
 						if (client.address) {
 							promises.push(accessListClientModel
 								.query()
@@ -190,7 +190,7 @@ const internalAccessList = {
 						}
 					});
 
-					const query = accessListClientModel
+					let query = accessListClientModel
 						.query()
 						.delete()
 						.where('access_list_id', data.id);
@@ -249,7 +249,7 @@ const internalAccessList = {
 
 		return access.can('access_lists:get', data.id)
 			.then((access_data) => {
-				const query = accessListModel
+				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
 					.leftJoin('proxy_host', function() {
@@ -267,7 +267,7 @@ const internalAccessList = {
 				}
 
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.withGraphFetched(`[${data.expand.join(', ')}]`);
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
 
 				return query.then(utils.omitRow(omissions()));
@@ -327,7 +327,7 @@ const internalAccessList = {
 									// 3. reconfigure those hosts, then reload nginx
 
 									// set the access_list_id to zero for these items
-									row.proxy_hosts.map((_val, idx) => {
+									row.proxy_hosts.map(function (val, idx) {
 										row.proxy_hosts[idx].access_list_id = 0;
 									});
 
@@ -340,11 +340,11 @@ const internalAccessList = {
 					})
 					.then(() => {
 						// delete the htpasswd file
-						const htpasswd_file = internalAccessList.getFilename(row);
+						let htpasswd_file = internalAccessList.getFilename(row);
 
 						try {
 							fs.unlinkSync(htpasswd_file);
-						} catch (_err) {
+						} catch (err) {
 							// do nothing
 						}
 					})
@@ -374,7 +374,7 @@ const internalAccessList = {
 	getAll: (access, expand, search_query) => {
 		return access.can('access_lists:list')
 			.then((access_data) => {
-				const query = accessListModel
+				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
 					.leftJoin('proxy_host', function() {
@@ -393,19 +393,19 @@ const internalAccessList = {
 				// Query is used for searching
 				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where('name', 'like', `%${search_query}%`);
+						this.where('name', 'like', '%' + search_query + '%');
 					});
 				}
 
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.withGraphFetched(`[${expand.join(', ')}]`);
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
 
 				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (rows) {
-					rows.map((row, idx) => {
+					rows.map(function (row, idx) {
 						if (typeof row.items !== 'undefined' && row.items) {
 							rows[idx] = internalAccessList.maskItems(row);
 						}
@@ -424,7 +424,7 @@ const internalAccessList = {
 	 * @returns {Promise}
 	 */
 	getCount: (user_id, visibility) => {
-		const query = accessListModel
+		let query = accessListModel
 			.query()
 			.count('id as count')
 			.where('is_deleted', 0);
@@ -445,7 +445,7 @@ const internalAccessList = {
 	 */
 	maskItems: (list) => {
 		if (list && typeof list.items !== 'undefined') {
-			list.items.map((val, idx) => {
+			list.items.map(function (val, idx) {
 				let repeat_for = 8;
 				let first_char = '*';
 
@@ -468,7 +468,7 @@ const internalAccessList = {
 	 * @returns {String}
 	 */
 	getFilename: (list) => {
-		return `/data/access/${list.id}`;
+		return '/data/access/' + list.id;
 	},
 
 	/**
@@ -479,15 +479,15 @@ const internalAccessList = {
 	 * @returns {Promise}
 	 */
 	build: (list) => {
-		logger.info(`Building Access file #${list.id} for: ${list.name}`);
+		logger.info('Building Access file #' + list.id + ' for: ' + list.name);
 
 		return new Promise((resolve, reject) => {
-			const htpasswd_file = internalAccessList.getFilename(list);
+			let htpasswd_file = internalAccessList.getFilename(list);
 
 			// 1. remove any existing access file
 			try {
 				fs.unlinkSync(htpasswd_file);
-			} catch (_err) {
+			} catch (err) {
 				// do nothing
 			}
 
@@ -504,17 +504,12 @@ const internalAccessList = {
 				if (list.items.length) {
 					return new Promise((resolve, reject) => {
 						batchflow(list.items).sequential()
-							.each((_i, item, next) => {
+							.each((i, item, next) => {
 								if (typeof item.password !== 'undefined' && item.password.length) {
-									logger.info(`Adding: ${item.username}`);
+									logger.info('Adding: ' + item.username);
 
-									utils.execFile('openssl', ['passwd', '-apr1', item.password])
+									utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
-										.then((res) => {
+										.then((/*result*/) => {
-											try {
-												fs.appendFileSync(htpasswd_file, `${item.username}:${res}\n`, {encoding: 'utf8'});
-											} catch (err) {
-												reject(err);
-											}
 											next();
 										})
 										.catch((err) => {
@@ -528,7 +523,7 @@ const internalAccessList = {
 								reject(err);
 							})
 							.end((results) => {
-								logger.success(`Built Access file #${list.id} for: ${list.name}`);
+								logger.success('Built Access file #' + list.id + ' for: ' + list.name);
 								resolve(results);
 							});
 					});

backend/internal/certificate.js

@@ -1,6 +1,6 @@
 const _                = require('lodash');
-const fs               = require('node:fs');
+const fs               = require('fs');
-const https            = require('node:https');
+const https            = require('https');
 const tempWrite        = require('temp-write');
 const moment           = require('moment');
 const archiver         = require('archiver');
@@ -49,7 +49,7 @@ const internalCertificate = {
 	processExpiringHosts: () => {
 		if (!internalCertificate.intervalProcessing) {
 			internalCertificate.intervalProcessing = true;
-			logger.info(`Renewing SSL certs expiring within ${internalCertificate.renewBeforeExpirationBy[0]} ${internalCertificate.renewBeforeExpirationBy[1]} ...`);
+			logger.info('Renewing SSL certs expiring within ' + internalCertificate.renewBeforeExpirationBy[0] + ' ' + internalCertificate.renewBeforeExpirationBy[1] + ' ...');
 
 			const expirationThreshold = moment().add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]).format('YYYY-MM-DD HH:mm:ss');
 
@@ -70,7 +70,7 @@ const internalCertificate = {
 					 */
 					let sequence = Promise.resolve();
 
-					certificates.forEach((certificate) => {
+					certificates.forEach(function (certificate) {
 						sequence = sequence.then(() =>
 							internalCertificate
 								.renew(
@@ -202,7 +202,7 @@ const internalCertificate = {
 						.then(() => {
 							// At this point, the letsencrypt cert should exist on disk.
 							// Lets get the expiry date from the file and update the row silently
-							return internalCertificate.getCertificateInfoFromFile(`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`)
+							return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
 								.then((cert_info) => {
 									return certificateModel
 										.query()
@@ -263,7 +263,7 @@ const internalCertificate = {
 			.then((row) => {
 				if (row.id !== data.id) {
 					// Sanity check that something crazy hasn't happened
-					throw new error.InternalValidationError(`Certificate could not be updated, IDs do not match: ${row.id} !== ${data.id}`);
+					throw new error.InternalValidationError('Certificate could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
 				}
 
 				return certificateModel
@@ -308,14 +308,11 @@ const internalCertificate = {
 
 		return access.can('certificates:get', data.id)
 			.then((access_data) => {
-				const query = certificateModel
+				let query = certificateModel
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
 					.allowGraph('[owner]')
-					.allowGraph('[proxy_hosts]')
-					.allowGraph('[redirection_hosts]')
-					.allowGraph('[dead_hosts]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -323,7 +320,7 @@ const internalCertificate = {
 				}
 
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.withGraphFetched(`[${data.expand.join(', ')}]`);
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}
 
 				return query.then(utils.omitRow(omissions()));
@@ -354,17 +351,17 @@ const internalCertificate = {
 				})
 				.then((certificate) => {
 					if (certificate.provider === 'letsencrypt') {
-						const zipDirectory = internalCertificate.getLiveCertPath(data.id);
+						const zipDirectory = '/etc/letsencrypt/live/npm-' + data.id;
 
 						if (!fs.existsSync(zipDirectory)) {
-							throw new error.ItemNotFoundError(`Certificate ${certificate.nice_name} does not exists`);
+							throw new error.ItemNotFoundError('Certificate ' + certificate.nice_name + ' does not exists');
 						}
 
-						const certFiles    = fs.readdirSync(zipDirectory)
+						let certFiles      = fs.readdirSync(zipDirectory)
 							.filter((fn) => fn.endsWith('.pem'))
 							.map((fn) => fs.realpathSync(path.join(zipDirectory, fn)));
-						const downloadName = `npm-${data.id}-${Date.now()}.zip`;
+						const downloadName = 'npm-' + data.id + '-' + `${Date.now()}.zip`;
-						const opName       = `/tmp/${downloadName}`;
+						const opName       = '/tmp/' + downloadName;
 						internalCertificate.zipFiles(certFiles, opName)
 							.then(() => {
 								logger.debug('zip completed : ', opName);
@@ -392,7 +389,7 @@ const internalCertificate = {
 		return new Promise((resolve, reject) => {
 			source
 				.map((fl) => {
-					const fileName = path.basename(fl);
+					let fileName = path.basename(fl);
 					logger.debug(fl, 'added to certificate zip');
 					archive.file(fl, { name: fileName });
 				});
@@ -462,14 +459,11 @@ const internalCertificate = {
 	getAll: (access, expand, search_query) => {
 		return access.can('certificates:list')
 			.then((access_data) => {
-				const query = certificateModel
+				let query = certificateModel
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner]')
-					.allowGraph('[proxy_hosts]')
-					.allowGraph('[redirection_hosts]')
-					.allowGraph('[dead_hosts]')
 					.orderBy('nice_name', 'ASC');
 
 				if (access_data.permission_visibility !== 'all') {
@@ -479,12 +473,12 @@ const internalCertificate = {
 				// Query is used for searching
 				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where('nice_name', 'like', `%${search_query}%`);
+						this.where('nice_name', 'like', '%' + search_query + '%');
 					});
 				}
 
 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.withGraphFetched(`[${expand.join(', ')}]`);
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}
 
 				return query.then(utils.omitRows(omissions()));
@@ -499,7 +493,7 @@ const internalCertificate = {
 	 * @returns {Promise}
 	 */
 	getCount: (user_id, visibility) => {
-		const query = certificateModel
+		let query = certificateModel
 			.query()
 			.count('id as count')
 			.where('is_deleted', 0);
@@ -521,7 +515,7 @@ const internalCertificate = {
 	writeCustomCert: (certificate) => {
 		logger.info('Writing Custom Certificate:', certificate);
 
-		const dir = `/data/custom_ssl/npm-${certificate.id}`;
+		const dir = '/data/custom_ssl/npm-' + certificate.id;
 
 		return new Promise((resolve, reject) => {
 			if (certificate.provider === 'letsencrypt') {
@@ -531,7 +525,7 @@ const internalCertificate = {
 
 			let certData = certificate.meta.certificate;
 			if (typeof certificate.meta.intermediate_certificate !== 'undefined') {
-				certData = `${certData}\n${certificate.meta.intermediate_certificate}`;
+				certData = certData + '\n' + certificate.meta.intermediate_certificate;
 			}
 
 			try {
@@ -543,7 +537,7 @@ const internalCertificate = {
 				return;
 			}
 
-			fs.writeFile(`${dir}/fullchain.pem`, certData, (err) => {
+			fs.writeFile(dir + '/fullchain.pem', certData, function (err) {
 				if (err) {
 					reject(err);
 				} else {
@@ -553,7 +547,7 @@ const internalCertificate = {
 		})
 			.then(() => {
 				return new Promise((resolve, reject) => {
-					fs.writeFile(`${dir}/privkey.pem`, certificate.meta.certificate_key, (err) => {
+					fs.writeFile(dir + '/privkey.pem', certificate.meta.certificate_key, function (err) {
 						if (err) {
 							reject(err);
 						} else {
@@ -591,7 +585,7 @@ const internalCertificate = {
 	validate: (data) => {
 		return new Promise((resolve) => {
 			// Put file contents into an object
-			const files = {};
+			let files = {};
 			_.map(data.files, (file, name) => {
 				if (internalCertificate.allowedSslFiles.indexOf(name) !== -1) {
 					files[name] = file.data.toString();
@@ -603,7 +597,7 @@ const internalCertificate = {
 			.then((files) => {
 				// For each file, create a temp file and write the contents to it
 				// Then test it depending on the file type
-				const promises = [];
+				let promises = [];
 				_.map(files, (content, type) => {
 					promises.push(new Promise((resolve) => {
 						if (type === 'certificate_key') {
@@ -688,11 +682,11 @@ const internalCertificate = {
 						reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
 					}, 10000);
 					utils
-						.exec(`openssl pkey -in ${filepath} -check -noout 2>&1 `)
+						.exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
 						.then((result) => {
 							clearTimeout(failTimeout);
 							if (!result.toLowerCase().includes('key is valid')) {
-								reject(new error.ValidationError(`Result Validation Error: ${result}`));
+								reject(new error.ValidationError('Result Validation Error: ' + result));
 							}
 							fs.unlinkSync(filepath);
 							resolve(true);
@@ -700,7 +694,7 @@ const internalCertificate = {
 						.catch((err) => {
 							clearTimeout(failTimeout);
 							fs.unlinkSync(filepath);
-							reject(new error.ValidationError(`Certificate Key is not valid (${err.message})`, err));
+							reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
 						});
 				});
 			});
@@ -735,9 +729,9 @@ const internalCertificate = {
 	 * @param {Boolean} [throw_expired]  Throw when the certificate is out of date
 	 */
 	getCertificateInfoFromFile: (certificate_file, throw_expired) => {
-		const certData = {};
+		let certData = {};
 
-		return utils.execFile('openssl', ['x509', '-in', certificate_file, '-subject', '-noout'])
+		return utils.exec('openssl x509 -in ' + certificate_file + ' -subject -noout')
 			.then((result) => {
 				// Examples:
 				// subject=CN = *.jc21.com
@@ -745,11 +739,11 @@ const internalCertificate = {
 				const regex = /(?:subject=)?[^=]+=\s+(\S+)/gim;
 				const match = regex.exec(result);
 				if (match && typeof match[1] !== 'undefined') {
-					certData.cn = match[1];
+					certData['cn'] = match[1];
 				}
 			})
 			.then(() => {
-				return utils.execFile('openssl', ['x509', '-in', certificate_file, '-issuer', '-noout']);
+				return utils.exec('openssl x509 -in ' + certificate_file + ' -issuer -noout');
 			})
 
 			.then((result) => {
@@ -760,11 +754,11 @@ const internalCertificate = {
 				const regex = /^(?:issuer=)?(.*)$/gim;
 				const match = regex.exec(result);
 				if (match && typeof match[1] !== 'undefined') {
-					certData.issuer = match[1];
+					certData['issuer'] = match[1];
 				}
 			})
 			.then(() => {
-				return utils.execFile('openssl', ['x509', '-in', certificate_file, '-dates', '-noout']);
+				return utils.exec('openssl x509 -in ' + certificate_file + ' -dates -noout');
 			})
 			.then((result) => {
 				// notBefore=Jul 14 04:04:29 2018 GMT
@@ -773,7 +767,7 @@ const internalCertificate = {
 				let validTo   = null;
 
 				const lines = result.split('\n');
-				lines.map((str) => {
+				lines.map(function (str) {
 					const regex = /^(\S+)=(.*)$/gim;
 					const match = regex.exec(str.trim());
 
@@ -789,21 +783,21 @@ const internalCertificate = {
 				});
 
 				if (!validFrom || !validTo) {
-					throw new error.ValidationError(`Could not determine dates from certificate: ${result}`);
+					throw new error.ValidationError('Could not determine dates from certificate: ' + result);
 				}
 
 				if (throw_expired && validTo < parseInt(moment().format('X'), 10)) {
 					throw new error.ValidationError('Certificate has expired');
 				}
 
-				certData.dates = {
+				certData['dates'] = {
 					from: validFrom,
 					to:   validTo
 				};
 
 				return certData;
 			}).catch((err) => {
-				throw new error.ValidationError(`Certificate is not valid (${err.message})`, err);
+				throw new error.ValidationError('Certificate is not valid (' + err.message + ')', err);
 			});
 	},
 
@@ -814,7 +808,7 @@ const internalCertificate = {
 	 * @param   {Boolean} [remove]
 	 * @returns {Object}
 	 */
-	cleanMeta: (meta, remove) => {
+	cleanMeta: function (meta, remove) {
 		internalCertificate.allowedSslFiles.map((key) => {
 			if (typeof meta[key] !== 'undefined' && meta[key]) {
 				if (remove) {
@@ -834,35 +828,24 @@ const internalCertificate = {
 	 * @returns {Promise}
 	 */
 	requestLetsEncryptSsl: (certificate) => {
-		logger.info(`Requesting LetsEncrypt certificates for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
-		const args = [
+		const cmd = `${certbotCommand} certonly ` +
-			'certonly',
+			`--config '${letsencryptConfig}' ` +
-			'--config',
+			'--work-dir "/tmp/letsencrypt-lib" ' +
-			letsencryptConfig,
+			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--work-dir',
+			`--cert-name "npm-${certificate.id}" ` +
-			'/tmp/letsencrypt-lib',
+			'--agree-tos ' +
-			'--logs-dir',
+			'--authenticator webroot ' +
-			'/tmp/letsencrypt-log',
+			`--email '${certificate.meta.letsencrypt_email}' ` +
-			'--cert-name',
+			'--preferred-challenges "dns,http" ' +
-			`npm-${certificate.id}`,
+			`--domains "${certificate.domain_names.join(',')}" ` +
-			'--agree-tos',
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			'--authenticator',
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
-			'webroot',
-			'--email',
-			certificate.meta.letsencrypt_email,
-			'--preferred-challenges',
-			'dns,http',
-			'--domains',
-			certificate.domain_names.join(','),
-		];
 
-		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id);
+		logger.info('Command:', cmd);
-		args.push(...adds.args);
 
-		logger.info(`Command: ${certbotCommand} ${args ? args.join(' ') : ''}`);
+		return utils.exec(cmd)
-
-		return utils.execFile(certbotCommand, args, adds.opts)
 			.then((result) => {
 				logger.success(result);
 				return result;
@@ -879,48 +862,50 @@ const internalCertificate = {
 	requestLetsEncryptSslWithDnsChallenge: async (certificate) => {
 		await certbot.installPlugin(certificate.meta.dns_provider);
 		const dnsPlugin = dnsPlugins[certificate.meta.dns_provider];
-		logger.info(`Requesting LetsEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info(`Requesting Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
-		const credentialsLocation = `/etc/letsencrypt/credentials/credentials-${certificate.id}`;
+		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
 		fs.mkdirSync('/etc/letsencrypt/credentials', { recursive: true });
 		fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, {mode: 0o600});
 
 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
 
-		const args = [
+		let mainCmd = certbotCommand + ' certonly ' +
-			'certonly',
+			`--config '${letsencryptConfig}' ` +
-			'--config',
+			'--work-dir "/tmp/letsencrypt-lib" ' +
-			letsencryptConfig,
+			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--work-dir',
+			`--cert-name 'npm-${certificate.id}' ` +
-			'/tmp/letsencrypt-lib',
+			'--agree-tos ' +
-			'--logs-dir',
+			`--email '${certificate.meta.letsencrypt_email}' ` +
-			'/tmp/letsencrypt-log',
+			`--domains '${certificate.domain_names.join(',')}' ` +
-			'--cert-name',
+			`--authenticator '${dnsPlugin.full_plugin_name}' ` +
-			`npm-${certificate.id}`,
+			(
-			'--agree-tos',
+				hasConfigArg
-			'--email',
+					? `--${dnsPlugin.full_plugin_name}-credentials '${credentialsLocation}' `
-			certificate.meta.letsencrypt_email,
+					: ''
-			'--domains',
+			) +
-			certificate.domain_names.join(','),
+			(
-			'--authenticator',
+				certificate.meta.propagation_seconds !== undefined
-			dnsPlugin.full_plugin_name,
+					? `--${dnsPlugin.full_plugin_name}-propagation-seconds '${certificate.meta.propagation_seconds}' `
-		];
+					: ''
+			) +
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 
-		if (hasConfigArg) {
+		// Prepend the path to the credentials file as an environment variable
-			args.push(`--${dnsPlugin.full_plugin_name}-credentials`, credentialsLocation);
+		if (certificate.meta.dns_provider === 'route53') {
-		}
+			mainCmd = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
-		if (certificate.meta.propagation_seconds !== undefined) {
-			args.push(`--${dnsPlugin.full_plugin_name}-propagation-seconds`, certificate.meta.propagation_seconds.toString());
 		}
 
-		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
+		if (certificate.meta.dns_provider === 'duckdns') {
-		args.push(...adds.args);
+			mainCmd = mainCmd + ' --dns-duckdns-no-txt-restore';
+		}
 
-		logger.info(`Command: ${certbotCommand} ${args ? args.join(' ') : ''}`);
+		logger.info('Command:', mainCmd);
 
 		try {
-			const result = await utils.execFile(certbotCommand, args, adds.opts);
+			const result = await utils.exec(mainCmd);
 			logger.info(result);
 			return result;
 		} catch (err) {
@@ -948,7 +933,7 @@ const internalCertificate = {
 
 					return renewMethod(certificate)
 						.then(() => {
-							return internalCertificate.getCertificateInfoFromFile(`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`);
+							return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
 						})
 						.then((cert_info) => {
 							return certificateModel
@@ -980,31 +965,22 @@ const internalCertificate = {
 	 * @returns {Promise}
 	 */
 	renewLetsEncryptSsl: (certificate) => {
-		logger.info(`Renewing LetsEncrypt certificates for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
-		const args = [
+		const cmd = certbotCommand + ' renew --force-renewal ' +
-			'renew',
+			`--config '${letsencryptConfig}' ` +
-			'--force-renewal',
+			'--work-dir "/tmp/letsencrypt-lib" ' +
-			'--config',
+			'--logs-dir "/tmp/letsencrypt-log" ' +
-			letsencryptConfig,
+			`--cert-name 'npm-${certificate.id}' ` +
-			'--work-dir',
+			'--preferred-challenges "dns,http" ' +
-			'/tmp/letsencrypt-lib',
+			'--no-random-sleep-on-renew ' +
-			'--logs-dir',
+			'--disable-hook-validation ' +
-			'/tmp/letsencrypt-log',
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			'--cert-name',
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
-			`npm-${certificate.id}`,
-			'--preferred-challenges',
-			'dns,http',
-			'--no-random-sleep-on-renew',
-			'--disable-hook-validation',
-		];
 
-		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
+		logger.info('Command:', cmd);
-		args.push(...adds.args);
 
-		logger.info(`Command: ${certbotCommand} ${args ? args.join(' ') : ''}`);
+		return utils.exec(cmd)
-
-		return utils.execFile(certbotCommand, args, adds.opts)
 			.then((result) => {
 				logger.info(result);
 				return result;
@@ -1022,29 +998,27 @@ const internalCertificate = {
 			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
 		}
 
-		logger.info(`Renewing LetsEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info(`Renewing Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
-		const args = [
+		let mainCmd = certbotCommand + ' renew --force-renewal ' +
-			'renew',
+			`--config "${letsencryptConfig}" ` +
-			'--force-renewal',
+			'--work-dir "/tmp/letsencrypt-lib" ' +
-			'--config',
+			'--logs-dir "/tmp/letsencrypt-log" ' +
-			letsencryptConfig,
+			`--cert-name 'npm-${certificate.id}' ` +
-			'--work-dir',
+			'--disable-hook-validation ' +
-			'/tmp/letsencrypt-lib',
+			'--no-random-sleep-on-renew ' +
-			'--logs-dir',
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			'/tmp/letsencrypt-log',
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
-			'--cert-name',
-			`npm-${certificate.id}`,
-			'--disable-hook-validation',
-			'--no-random-sleep-on-renew',
-		];
 
-		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
+		// Prepend the path to the credentials file as an environment variable
-		args.push(...adds.args);
+		if (certificate.meta.dns_provider === 'route53') {
+			const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+			mainCmd                   = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
+		}
 
-		logger.info(`Command: ${certbotCommand} ${args ? args.join(' ') : ''}`);
+		logger.info('Command:', mainCmd);
 
-		return utils.execFile(certbotCommand, args, adds.opts)
+		return utils.exec(mainCmd)
 			.then(async (result) => {
 				logger.info(result);
 				return result;
@@ -1057,29 +1031,25 @@ const internalCertificate = {
 	 * @returns {Promise}
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
-		logger.info(`Revoking LetsEncrypt certificates for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
-		const args = [
+		const mainCmd = certbotCommand + ' revoke ' +
-			'revoke',
+			`--config '${letsencryptConfig}' ` +
-			'--config',
+			'--work-dir "/tmp/letsencrypt-lib" ' +
-			letsencryptConfig,
+			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--work-dir',
+			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
-			'/tmp/letsencrypt-lib',
+			'--delete-after-revoke ' +
-			'--logs-dir',
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
-			'/tmp/letsencrypt-log',
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
-			'--cert-path',
-			`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`,
-			'--delete-after-revoke',
-		];
 
-		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id);
+		// Don't fail command if file does not exist
-		args.push(...adds.args);
+		const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;
 
-		logger.info(`Command: ${certbotCommand} ${args ? args.join(' ') : ''}`);
+		logger.info('Command:', mainCmd + '; ' + delete_credentialsCmd);
 
-		return utils.execFile(certbotCommand, args, adds.opts)
+		return utils.exec(mainCmd)
 			.then(async (result) => {
-				await utils.exec(`rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`);
+				await utils.exec(delete_credentialsCmd);
 				logger.info(result);
 				return result;
 			})
@@ -1097,8 +1067,9 @@ const internalCertificate = {
 	 * @returns {Boolean}
 	 */
 	hasLetsEncryptSslCerts: (certificate) => {
-		const letsencryptPath = internalCertificate.getLiveCertPath(certificate.id);
+		const letsencryptPath = '/etc/letsencrypt/live/npm-' + certificate.id;
-		return fs.existsSync(`${letsencryptPath}/fullchain.pem`) && fs.existsSync(`${letsencryptPath}/privkey.pem`);
+
+		return fs.existsSync(letsencryptPath + '/fullchain.pem') && fs.existsSync(letsencryptPath + '/privkey.pem');
 	},
 
 	/**
@@ -1110,7 +1081,7 @@ const internalCertificate = {
 	 */
 	disableInUseHosts: (in_use_result) => {
 		if (in_use_result.total_count) {
-			const promises = [];
+			let promises = [];
 
 			if (in_use_result.proxy_hosts.length) {
 				promises.push(internalNginx.bulkDeleteConfigs('proxy_host', in_use_result.proxy_hosts));
@@ -1140,7 +1111,7 @@ const internalCertificate = {
 	 */
 	enableInUseHosts: (in_use_result) => {
 		if (in_use_result.total_count) {
-			const promises = [];
+			let promises = [];
 
 			if (in_use_result.proxy_hosts.length) {
 				promises.push(internalNginx.bulkGenerateConfigs('proxy_host', in_use_result.proxy_hosts));
@@ -1173,12 +1144,12 @@ const internalCertificate = {
 
 		// Create a test challenge file
 		const testChallengeDir  = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
-		const testChallengeFile = `${testChallengeDir}/test-challenge`;
+		const testChallengeFile = testChallengeDir + '/test-challenge';
 		fs.mkdirSync(testChallengeDir, {recursive: true});
 		fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});
 
 		async function performTestForDomain (domain) {
-			logger.info(`Testing http challenge for ${domain}`);
+			logger.info('Testing http challenge for ' + domain);
 			const url      = `http://${domain}/.well-known/acme-challenge/test-challenge`;
 			const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`;
 			const options  = {
@@ -1192,16 +1163,13 @@ const internalCertificate = {
 
 			const result = await new Promise((resolve) => {
 
-				const req = https.request('https://www.site24x7.com/tools/restapi-tester', options, (res) => {
+				const req = https.request('https://www.site24x7.com/tools/restapi-tester', options, function (res) {
 					let responseBody = '';
 
-					res.on('data', (chunk) => {
+					res.on('data', (chunk) => responseBody = responseBody + chunk);
-						responseBody = responseBody + chunk;
+					res.on('end', function () {
-					});
-
-					res.on('end', () => {
 						try {
-							const parsedBody = JSON.parse(`${responseBody}`);
+							const parsedBody = JSON.parse(responseBody + '');
 							if (res.statusCode !== 200) {
 								logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`);
 								resolve(undefined);
@@ -1222,7 +1190,7 @@ const internalCertificate = {
 				// Make sure to write the request body.
 				req.write(formBody);
 				req.end();
-				req.on('error', (e) => { logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e);
+				req.on('error', function (e) { logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e);
 					resolve(undefined); });
 			});
 
@@ -1264,34 +1232,6 @@ const internalCertificate = {
 		fs.unlinkSync(testChallengeFile);
 
 		return results;
-	},
-
-	getAdditionalCertbotArgs: (certificate_id, dns_provider) => {
-		const args = [];
-		if (letsencryptServer !== null) {
-			args.push('--server', letsencryptServer);
-		}
-		if (letsencryptStaging && letsencryptServer === null) {
-			args.push('--staging');
-		}
-
-		// For route53, add the credentials file as an environment variable,
-		// inheriting the process env
-		const opts = {};
-		if (certificate_id && dns_provider === 'route53') {
-			opts.env                 = process.env;
-			opts.env.AWS_CONFIG_FILE = `/etc/letsencrypt/credentials/credentials-${certificate_id}`;
-		}
-
-		if (dns_provider === 'duckdns') {
-			args.push('--dns-duckdns-no-txt-restore');
-		}
-
-		return {args: args, opts: opts};
-	},
-
-	getLiveCertPath: (certificate_id) => {
-		return `/etc/letsencrypt/live/npm-${certificate_id}`;
 	}
 };
 

backend/internal/nginx.js

@@ -1,5 +1,5 @@
 const _      = require('lodash');
-const fs     = require('node:fs');
+const fs     = require('fs');
 const logger = require('../logger').nginx;
 const config = require('../lib/config');
 const utils  = require('../lib/utils');
@@ -57,9 +57,9 @@ const internalNginx = {
 						// It will always look like this:
 						//   nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (6: No such device or address)
 
-						const valid_lines = [];
+						let valid_lines = [];
-						const err_lines   = err.message.split('\n');
+						let err_lines   = err.message.split('\n');
-						err_lines.map((line) => {
+						err_lines.map(function (line) {
 							if (line.indexOf('/var/log/nginx/error.log') === -1) {
 								valid_lines.push(line);
 							}
@@ -105,7 +105,7 @@ const internalNginx = {
 			logger.info('Testing Nginx configuration');
 		}
 
-		return utils.execFile('/usr/sbin/nginx', ['-t', '-g', 'error_log off;']);
+		return utils.exec('/usr/sbin/nginx -t -g "error_log off;"');
 	},
 
 	/**
@@ -115,7 +115,7 @@ const internalNginx = {
 		return internalNginx.test()
 			.then(() => {
 				logger.info('Reloading Nginx');
-				return utils.execFile('/usr/sbin/nginx', ['-s', 'reload']);
+				return utils.exec('/usr/sbin/nginx -s reload');
 			});
 	},
 
@@ -128,7 +128,7 @@ const internalNginx = {
 		if (host_type === 'default') {
 			return '/data/nginx/default_host/site.conf';
 		}
-		return `/data/nginx/${internalNginx.getFileFriendlyHostType(host_type)}/${host_id}.conf`;
+		return '/data/nginx/' + internalNginx.getFileFriendlyHostType(host_type) + '/' + host_id + '.conf';
 	},
 
 	/**
@@ -141,7 +141,7 @@ const internalNginx = {
 			let template;
 
 			try {
-				template = fs.readFileSync(`${__dirname}/../templates/_location.conf`, {encoding: 'utf8'});
+				template = fs.readFileSync(__dirname + '/../templates/_location.conf', {encoding: 'utf8'});
 			} catch (err) {
 				reject(new error.ConfigurationError(err.message));
 				return;
@@ -152,7 +152,7 @@ const internalNginx = {
 
 			const locationRendering = async () => {
 				for (let i = 0; i < host.locations.length; i++) {
-					const locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
+					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
 						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
@@ -183,21 +183,21 @@ const internalNginx = {
 	 */
 	generateConfig: (host_type, host_row) => {
 		// Prevent modifying the original object:
-		const host           = JSON.parse(JSON.stringify(host_row));
+		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
 
 		if (config.debug()) {
-			logger.info(`Generating ${nice_host_type} Config:`, JSON.stringify(host, null, 2));
+			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}
 
 		const renderEngine = utils.getRenderEngine();
 
 		return new Promise((resolve, reject) => {
-			let template   = null;
+			let template = null;
-			const filename = internalNginx.getConfigName(nice_host_type, host.id);
+			let filename = internalNginx.getConfigName(nice_host_type, host.id);
 
 			try {
-				template = fs.readFileSync(`${__dirname}/../templates/${nice_host_type}.conf`, {encoding: 'utf8'});
+				template = fs.readFileSync(__dirname + '/../templates/' + nice_host_type + '.conf', {encoding: 'utf8'});
 			} catch (err) {
 				reject(new error.ConfigurationError(err.message));
 				return;
@@ -252,7 +252,7 @@ const internalNginx = {
 					})
 					.catch((err) => {
 						if (config.debug()) {
-							logger.warn(`Could not write ${filename}:`, err.message);
+							logger.warn('Could not write ' + filename + ':', err.message);
 						}
 
 						reject(new error.ConfigurationError(err.message));
@@ -277,11 +277,11 @@ const internalNginx = {
 		const renderEngine = utils.getRenderEngine();
 
 		return new Promise((resolve, reject) => {
-			let template   = null;
+			let template = null;
-			const filename = `/data/nginx/temp/letsencrypt_${certificate.id}.conf`;
+			let filename = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
 
 			try {
-				template = fs.readFileSync(`${__dirname}/../templates/letsencrypt-request.conf`, {encoding: 'utf8'});
+				template = fs.readFileSync(__dirname + '/../templates/letsencrypt-request.conf', {encoding: 'utf8'});
 			} catch (err) {
 				reject(new error.ConfigurationError(err.message));
 				return;
@@ -302,7 +302,7 @@ const internalNginx = {
 				})
 				.catch((err) => {
 					if (config.debug()) {
-						logger.warn(`Could not write ${filename}:`, err.message);
+						logger.warn('Could not write ' + filename + ':', err.message);
 					}
 
 					reject(new error.ConfigurationError(err.message));
@@ -316,7 +316,7 @@ const internalNginx = {
 	 * @param   {String}  filename
 	 */
 	deleteFile: (filename) => {
-		logger.debug(`Deleting file: ${filename}`);
+		logger.debug('Deleting file: ' + filename);
 		try {
 			fs.unlinkSync(filename);
 		} catch (err) {
@@ -330,7 +330,7 @@ const internalNginx = {
 	 * @returns String
 	 */
 	getFileFriendlyHostType: (host_type) => {
-		return host_type.replace(/-/g, '_');
+		return host_type.replace(new RegExp('-', 'g'), '_');
 	},
 
 	/**
@@ -340,7 +340,7 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	deleteLetsEncryptRequestConfig: (certificate) => {
-		const config_file = `/data/nginx/temp/letsencrypt_${certificate.id}.conf`;
+		const config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
 		return new Promise((resolve/*, reject*/) => {
 			internalNginx.deleteFile(config_file);
 			resolve();
@@ -355,7 +355,7 @@ const internalNginx = {
 	 */
 	deleteConfig: (host_type, host, delete_err_file) => {
 		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
-		const config_file_err = `${config_file}.err`;
+		const config_file_err = config_file + '.err';
 
 		return new Promise((resolve/*, reject*/) => {
 			internalNginx.deleteFile(config_file);
@@ -373,7 +373,7 @@ const internalNginx = {
 	 */
 	renameConfigAsError: (host_type, host) => {
 		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
-		const config_file_err = `${config_file}.err`;
+		const config_file_err = config_file + '.err';
 
 		return new Promise((resolve/*, reject*/) => {
 			fs.unlink(config_file, () => {
@@ -392,8 +392,8 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	bulkGenerateConfigs: (host_type, hosts) => {
-		const promises = [];
+		let promises = [];
-		hosts.map((host) => {
+		hosts.map(function (host) {
 			promises.push(internalNginx.generateConfig(host_type, host));
 		});
 
@@ -406,8 +406,8 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	bulkDeleteConfigs: (host_type, hosts) => {
-		const promises = [];
+		let promises = [];
-		hosts.map((host) => {
+		hosts.map(function (host) {
 			promises.push(internalNginx.deleteConfig(host_type, host, true));
 		});
 
@@ -418,12 +418,14 @@ const internalNginx = {
 	 * @param   {string}  config
 	 * @returns {boolean}
 	 */
-	advancedConfigHasDefaultLocation: (cfg) => !!cfg.match(/^(?:.*;)?\s*?location\s*?\/\s*?{/im),
+	advancedConfigHasDefaultLocation: function (cfg) {
+		return !!cfg.match(/^(?:.*;)?\s*?location\s*?\/\s*?{/im);
+	},
 
 	/**
 	 * @returns {boolean}
 	 */
-	ipv6Enabled: () => {
+	ipv6Enabled: function () {
 		if (typeof process.env.DISABLE_IPV6 !== 'undefined') {
 			const disabled = process.env.DISABLE_IPV6.toLowerCase();
 			return !(disabled === 'on' || disabled === 'true' || disabled === '1' || disabled === 'yes');

backend/internal/stream.js

@@ -1,15 +1,13 @@
-const _                   = require('lodash');
+const _                = require('lodash');
-const error               = require('../lib/error');
+const error            = require('../lib/error');
-const utils               = require('../lib/utils');
+const utils            = require('../lib/utils');
-const streamModel         = require('../models/stream');
+const streamModel      = require('../models/stream');
-const internalNginx       = require('./nginx');
+const internalNginx    = require('./nginx');
-const internalAuditLog    = require('./audit-log');
+const internalAuditLog = require('./audit-log');
-const internalCertificate = require('./certificate');
+const {castJsonIfNeed} = require('../lib/helpers');
-const internalHost        = require('./host');
-const {castJsonIfNeed}    = require('../lib/helpers');
 
 function omissions () {
-	return ['is_deleted', 'owner.is_deleted', 'certificate.is_deleted'];
+	return ['is_deleted'];
 }
 
 const internalStream = {
@@ -20,12 +18,6 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	create: (access, data) => {
-		const create_certificate = data.certificate_id === 'new';
-
-		if (create_certificate) {
-			delete data.certificate_id;
-		}
-
 		return access.can('streams:create', data)
 			.then((/*access_data*/) => {
 				// TODO: At this point the existing ports should have been checked
@@ -35,44 +27,16 @@ const internalStream = {
 					data.meta = {};
 				}
 
-				// streams aren't routed by domain name so don't store domain names in the DB
-				let data_no_domains = structuredClone(data);
-				delete data_no_domains.domain_names;
-
 				return streamModel
 					.query()
-					.insertAndFetch(data_no_domains)
+					.insertAndFetch(data)
 					.then(utils.omitRow(omissions()));
 			})
-			.then((row) => {
-				if (create_certificate) {
-					return internalCertificate.createQuickCertificate(access, data)
-						.then((cert) => {
-							// update host with cert id
-							return internalStream.update(access, {
-								id:             row.id,
-								certificate_id: cert.id
-							});
-						})
-						.then(() => {
-							return row;
-						});
-				} else {
-					return row;
-				}
-			})
-			.then((row) => {
-				// re-fetch with cert
-				return internalStream.get(access, {
-					id:     row.id,
-					expand: ['certificate', 'owner']
-				});
-			})
 			.then((row) => {
 				// Configure nginx
 				return internalNginx.configure(streamModel, 'stream', row)
 					.then(() => {
-						return row;
+						return internalStream.get(access, {id: row.id, expand: ['owner']});
 					});
 			})
 			.then((row) => {
@@ -96,12 +60,6 @@ const internalStream = {
 	 * @return {Promise}
 	 */
 	update: (access, data) => {
-		const create_certificate = data.certificate_id === 'new';
-
-		if (create_certificate) {
-			delete data.certificate_id;
-		}
-
 		return access.can('streams:update', data.id)
 			.then((/*access_data*/) => {
 				// TODO: at this point the existing streams should have been checked
@@ -113,32 +71,16 @@ const internalStream = {
 					throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
 				}
 
-				if (create_certificate) {
-					return internalCertificate.createQuickCertificate(access, {
-						domain_names: data.domain_names || row.domain_names,
-						meta:         _.assign({}, row.meta, data.meta)
-					})
-						.then((cert) => {
-							// update host with cert id
-							data.certificate_id = cert.id;
-						})
-						.then(() => {
-							return row;
-						});
-				} else {
-					return row;
-				}
-			})
-			.then((row) => {
-				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
-				data = _.assign({}, {
-					domain_names: row.domain_names
-				}, data);
-
 				return streamModel
 					.query()
 					.patchAndFetchById(row.id, data)
 					.then(utils.omitRow(omissions()))
+					.then((saved_row) => {
+						return internalNginx.configure(streamModel, 'stream', saved_row)
+							.then(() => {
+								return internalStream.get(access, {id: row.id, expand: ['owner']});
+							});
+					})
 					.then((saved_row) => {
 						// Add to audit log
 						return internalAuditLog.add(access, {
@@ -151,17 +93,6 @@ const internalStream = {
 								return saved_row;
 							});
 					});
-			})
-			.then(() => {
-				return internalStream.get(access, {id: data.id, expand: ['owner', 'certificate']})
-					.then((row) => {
-						return internalNginx.configure(streamModel, 'stream', row)
-							.then((new_meta) => {
-								row.meta = new_meta;
-								row      = internalHost.cleanRowCertificateMeta(row);
-								return _.omit(row, omissions());
-							});
-					});
 			});
 	},
 
@@ -184,7 +115,7 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,certificate]')
+					.allowGraph('[owner]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {
@@ -201,7 +132,6 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
-				row = internalHost.cleanRowCertificateMeta(row);
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
@@ -267,14 +197,14 @@ const internalStream = {
 			.then(() => {
 				return internalStream.get(access, {
 					id:     data.id,
-					expand: ['certificate', 'owner']
+					expand: ['owner']
 				});
 			})
 			.then((row) => {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
-					throw new error.ValidationError('Stream is already enabled');
+					throw new error.ValidationError('Host is already enabled');
 				}
 
 				row.enabled = 1;
@@ -320,7 +250,7 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
-					throw new error.ValidationError('Stream is already disabled');
+					throw new error.ValidationError('Host is already disabled');
 				}
 
 				row.enabled = 0;
@@ -368,8 +298,8 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.allowGraph('[owner,certificate]')
+					.allowGraph('[owner]')
-					.orderBy('incoming_port', 'ASC');
+					.orderByRaw('CAST(incoming_port AS INTEGER) ASC');
 
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
@@ -387,13 +317,6 @@ const internalStream = {
 				}
 
 				return query.then(utils.omitRows(omissions()));
-			})
-			.then((rows) => {
-				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
-					return internalHost.cleanAllRowsCertificateMeta(rows);
-				}
-
-				return rows;
 			});
 	},
 

backend/lib/certbot.js

@@ -11,7 +11,7 @@ const certbot = {
 	/**
 	 * @param {array} pluginKeys
 	 */
-	installPlugins: async (pluginKeys) => {
+	installPlugins: async function (pluginKeys) {
 		let hasErrors = false;
 
 		return new Promise((resolve, reject) => {
@@ -21,7 +21,7 @@ const certbot = {
 			}
 
 			batchflow(pluginKeys).sequential()
-				.each((_i, pluginKey, next) => {
+				.each((i, pluginKey, next) => {
 					certbot.installPlugin(pluginKey)
 						.then(() => {
 							next();
@@ -51,7 +51,7 @@ const certbot = {
 	 * @param   {string}  pluginKey
 	 * @returns {Object}
 	 */
-	installPlugin: async (pluginKey) => {
+	installPlugin: async function (pluginKey) {
 		if (typeof dnsPlugins[pluginKey] === 'undefined') {
 			// throw Error(`Certbot plugin ${pluginKey} not found`);
 			throw new error.ItemNotFoundError(pluginKey);
@@ -63,15 +63,8 @@ const certbot = {
 		plugin.version      = plugin.version.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
 		plugin.dependencies = plugin.dependencies.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
 
-		// SETUPTOOLS_USE_DISTUTILS is required for certbot plugins to install correctly
+		const cmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir ' + plugin.dependencies + ' ' + plugin.package_name + plugin.version + ' ' + ' && deactivate';
-		// in new versions of Python
+		return utils.exec(cmd)
-		let env = Object.assign({}, process.env, {SETUPTOOLS_USE_DISTUTILS: 'stdlib'});
-		if (typeof plugin.env === 'object') {
-			env = Object.assign(env, plugin.env);
-		}
-
-		const cmd = `. /opt/certbot/bin/activate && pip install --no-cache-dir ${plugin.dependencies} ${plugin.package_name}${plugin.version}  && deactivate`;
-		return utils.exec(cmd, {env})
 			.then((result) => {
 				logger.complete(`Installed ${pluginKey}`);
 				return result;

backend/lib/utils.js

@@ -1,13 +1,13 @@
 const _          = require('lodash');
-const exec       = require('node:child_process').exec;
+const exec       = require('child_process').exec;
-const execFile   = require('node:child_process').execFile;
+const execFile   = require('child_process').execFile;
 const { Liquid } = require('liquidjs');
 const logger     = require('../logger').global;
 const error      = require('./error');
 
 module.exports = {
 
-	exec: async (cmd, options = {}) => {
+	exec: async function(cmd, options = {}) {
 		logger.debug('CMD:', cmd);
 
 		const { stdout, stderr } = await new Promise((resolve, reject) => {
@@ -29,19 +29,15 @@ module.exports = {
 	/**
 	 * @param   {String} cmd
 	 * @param   {Array}  args
-	 * @param   {Object|undefined}  options
 	 * @returns {Promise}
 	 */
-	execFile: (cmd, args, options) => {
+	execFile: function (cmd, args) {
-		logger.debug(`CMD: ${cmd} ${args ? args.join(' ') : ''}`);
+		// logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
-		if (typeof options === 'undefined') {
-			options = {};
-		}
 
 		return new Promise((resolve, reject) => {
-			execFile(cmd, args, options, (err, stdout, stderr) => {
+			execFile(cmd, args, function (err, stdout, /*stderr*/) {
 				if (err && typeof err === 'object') {
-					reject(new error.CommandError(stderr, 1, err));
+					reject(err);
 				} else {
 					resolve(stdout.trim());
 				}
@@ -55,7 +51,7 @@ module.exports = {
 	 * @param   {Array}  omissions
 	 * @returns {Function}
 	 */
-	omitRow: (omissions) => {
+	omitRow: function (omissions) {
 		/**
 		 * @param   {Object} row
 		 * @returns {Object}
@@ -71,7 +67,7 @@ module.exports = {
 	 * @param   {Array}  omissions
 	 * @returns {Function}
 	 */
-	omitRows: (omissions) => {
+	omitRows: function (omissions) {
 		/**
 		 * @param   {Array} rows
 		 * @returns {Object}
@@ -87,9 +83,9 @@ module.exports = {
 	/**
 	 * @returns {Object} Liquid render engine
 	 */
-	getRenderEngine: () => {
+	getRenderEngine: function () {
 		const renderEngine = new Liquid({
-			root: `${__dirname}/../templates/`
+			root: __dirname + '/../templates/'
 		});
 
 		/**

backend/migrations/20240427161436_stream_ssl.js

@@ -1,38 +0,0 @@
-const migrate_name = 'stream_ssl';
-const logger       = require('../logger').migrate;
-
-/**
- * Migrate
- *
- * @see http://knexjs.org/#Schema
- *
- * @param   {Object} knex
- * @returns {Promise}
- */
-exports.up = function (knex) {
-	logger.info('[' + migrate_name + '] Migrating Up...');
-
-	return knex.schema.table('stream', (table) => {
-		table.integer('certificate_id').notNull().unsigned().defaultTo(0);
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] stream Table altered');
-		});
-};
-
-/**
- * Undo Migrate
- *
- * @param   {Object} knex
- * @returns {Promise}
- */
-exports.down = function (knex) {
-	logger.info('[' + migrate_name + '] Migrating Down...');
-
-	return knex.schema.table('stream', (table) => {
-		table.dropColumn('certificate_id');
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] stream Table altered');
-		});
-};

backend/models/certificate.js

@@ -4,6 +4,7 @@
 const db      = require('../db');
 const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
+const User    = require('./user');
 const now     = require('./now_helper');
 
 Model.knex(db);
@@ -67,11 +68,6 @@ class Certificate extends Model {
 	}
 
 	static get relationMappings () {
-		const ProxyHost       = require('./proxy_host');
-		const DeadHost        = require('./dead_host');
-		const User            = require('./user');
-		const RedirectionHost = require('./redirection_host');
-
 		return {
 			owner: {
 				relation:   Model.HasOneRelation,
@@ -83,39 +79,6 @@ class Certificate extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
-			},
-			proxy_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: ProxyHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'proxy_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('proxy_host.is_deleted', 0);
-				}
-			},
-			dead_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: DeadHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'dead_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('dead_host.is_deleted', 0);
-				}
-			},
-			redirection_hosts: {
-				relation:   Model.HasManyRelation,
-				modelClass: RedirectionHost,
-				join:       {
-					from: 'certificate.id',
-					to:   'redirection_host.certificate_id'
-				},
-				modify: function (qb) {
-					qb.where('redirection_host.is_deleted', 0);
-				}
 			}
 		};
 	}

backend/models/dead_host.js

@@ -12,11 +12,7 @@ Model.knex(db);
 
 const boolFields = [
 	'is_deleted',
-	'ssl_forced',
-	'http2_support',
 	'enabled',
-	'hsts_enabled',
-	'hsts_subdomains',
 ];
 
 class DeadHost extends Model {

backend/models/stream.js

@@ -1,15 +1,16 @@
-const Model       = require('objection').Model;
+// Objection Docs:
-const db          = require('../db');
+// http://vincit.github.io/objection.js/
-const helpers     = require('../lib/helpers');
+
-const User        = require('./user');
+const db      = require('../db');
-const Certificate = require('./certificate');
+const helpers = require('../lib/helpers');
-const now         = require('./now_helper');
+const Model   = require('objection').Model;
+const User    = require('./user');
+const now     = require('./now_helper');
 
 Model.knex(db);
 
 const boolFields = [
 	'is_deleted',
-	'enabled',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];
@@ -63,17 +64,6 @@ class Stream extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
-			},
-			certificate: {
-				relation:   Model.HasOneRelation,
-				modelClass: Certificate,
-				join:       {
-					from: 'stream.certificate_id',
-					to:   'certificate.id'
-				},
-				modify: function (qb) {
-					qb.where('certificate.is_deleted', 0);
-				}
 			}
 		};
 	}

backend/routes/nginx/certificates.js

@@ -6,7 +6,7 @@ const apiValidator        = require('../../lib/validator/api');
 const internalCertificate = require('../../internal/certificate');
 const schema              = require('../../schema');
 
-const router = express.Router({
+let router = express.Router({
 	caseSensitive: true,
 	strict:        true,
 	mergeParams:   true
@@ -231,7 +231,7 @@ router
  */
 router
 	.route('/:certificate_id/download')
-	.options((_req, res) => {
+	.options((req, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

backend/routes/users.js

@@ -181,7 +181,7 @@ router
 				return internalUser.setPassword(res.locals.access, payload);
 			})
 			.then((result) => {
-				res.status(200)
+				res.status(201)
 					.send(result);
 			})
 			.catch(next);
@@ -212,7 +212,7 @@ router
 				return internalUser.setPermissions(res.locals.access, payload);
 			})
 			.then((result) => {
-				res.status(200)
+				res.status(201)
 					.send(result);
 			})
 			.catch(next);
@@ -238,7 +238,7 @@ router
 	.post((req, res, next) => {
 		internalUser.loginAs(res.locals.access, {id: parseInt(req.params.user_id, 10)})
 			.then((result) => {
-				res.status(200)
+				res.status(201)
 					.send(result);
 			})
 			.catch(next);

backend/schema/common.json

@@ -110,11 +110,6 @@
 		"caching_enabled": {
 			"description": "Should we cache assets",
 			"type": "boolean"
-		},
-		"email": {
-			"description": "Email address",
-			"type": "string",
-			"pattern": "^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$"
 		}
 	}
 }

backend/schema/components/certificate-object.json

@@ -69,7 +69,7 @@
 					"type": "object"
 				},
 				"letsencrypt_email": {
-					"$ref": "../common.json#/properties/email"
+					"type": "string"
 				},
 				"propagation_seconds": {
 					"type": "integer",

backend/schema/components/proxy-host-object.json

@@ -22,7 +22,8 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains"
+		"hsts_subdomains",
+		"certificate"
 	],
 	"additionalProperties": false,
 	"properties": {

backend/schema/components/stream-list.json

@@ -1,7 +1,7 @@
 {
 	"type": "array",
-	"description": "Streams list",
+	"description": "Proxy Hosts list",
 	"items": {
-		"$ref": "./stream-object.json"
+		"$ref": "./proxy-host-object.json"
 	}
 }

backend/schema/components/stream-object.json

@@ -19,7 +19,9 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"if": {"properties": {"tcp_forwarding": {"const": true}}},
+			"then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}}
 		},
 		"forwarding_host": {
 			"anyOf": [
@@ -53,24 +55,8 @@
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
-		"certificate_id": {
-			"$ref": "../common.json#/properties/certificate_id"
-		},
 		"meta": {
 			"type": "object"
-		},
-		"owner": {
-			"$ref": "./user-object.json"
-		},
-		"certificate": {
-			"oneOf": [
-				{
-					"type": "null"
-				},
-				{
-					"$ref": "./certificate-object.json"
-				}
-			]
 		}
 	}
 }

backend/schema/components/token-object.json

@@ -5,9 +5,10 @@
 	"additionalProperties": false,
 	"properties": {
 		"expires": {
-			"description": "Token Expiry ISO Time String",
+			"description": "Token Expiry Unix Time",
-			"example": "2025-02-04T20:40:46.340Z",
+			"example": 1566540249,
-			"type": "string"
+			"minimum": 1,
+			"type": "number"
 		},
 		"token": {
 			"description": "JWT Token",

backend/schema/paths/nginx/streams/get.json

@@ -14,7 +14,7 @@
 			"description": "Expansions",
 			"schema": {
 				"type": "string",
-				"enum": ["owner", "certificate"]
+				"enum": ["access_list", "owner", "certificate"]
 			}
 		}
 	],
@@ -40,8 +40,7 @@
 										"nginx_online": true,
 										"nginx_err": null
 									},
-									"enabled": true,
+									"enabled": true
-									"certificate_id": 0
 								}
 							]
 						}

backend/schema/paths/nginx/streams/post.json

@@ -32,9 +32,6 @@
 						"udp_forwarding": {
 							"$ref": "../../../components/stream-object.json#/properties/udp_forwarding"
 						},
-						"certificate_id": {
-							"$ref": "../../../components/stream-object.json#/properties/certificate_id"
-						},
 						"meta": {
 							"$ref": "../../../components/stream-object.json#/properties/meta"
 						}
@@ -76,8 +73,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
+								}
-								"certificate_id": 0
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/get.json

@@ -40,8 +40,7 @@
 									"nginx_online": true,
 									"nginx_err": null
 								},
-								"enabled": true,
+								"enabled": true
-								"certificate_id": 0
 							}
 						}
 					},

backend/schema/paths/nginx/streams/streamID/put.json

@@ -29,26 +29,56 @@
 					"additionalProperties": false,
 					"minProperties": 1,
 					"properties": {
-						"incoming_port": {
+						"domain_names": {
-							"$ref": "../../../../components/stream-object.json#/properties/incoming_port"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/domain_names"
 						},
-						"forwarding_host": {
+						"forward_scheme": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_host"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_scheme"
 						},
-						"forwarding_port": {
+						"forward_host": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_port"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_host"
 						},
-						"tcp_forwarding": {
+						"forward_port": {
-							"$ref": "../../../../components/stream-object.json#/properties/tcp_forwarding"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_port"
-						},
-						"udp_forwarding": {
-							"$ref": "../../../../components/stream-object.json#/properties/udp_forwarding"
 						},
 						"certificate_id": {
-							"$ref": "../../../../components/stream-object.json#/properties/certificate_id"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/certificate_id"
+						},
+						"ssl_forced": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_forced"
+						},
+						"hsts_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_enabled"
+						},
+						"hsts_subdomains": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
+						},
+						"http2_support": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
+						},
+						"block_exploits": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/block_exploits"
+						},
+						"caching_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/caching_enabled"
+						},
+						"allow_websocket_upgrade": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/allow_websocket_upgrade"
+						},
+						"access_list_id": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/access_list_id"
+						},
+						"advanced_config": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/advanced_config"
+						},
+						"enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/enabled"
 						},
 						"meta": {
-							"$ref": "../../../../components/stream-object.json#/properties/meta"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/meta"
+						},
+						"locations": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
 						}
 					}
 				}
@@ -64,32 +94,42 @@
 						"default": {
 							"value": {
 								"id": 1,
-								"created_on": "2024-10-09T02:33:45.000Z",
+								"created_on": "2024-10-08T23:23:03.000Z",
-								"modified_on": "2024-10-09T02:33:45.000Z",
+								"modified_on": "2024-10-08T23:26:37.000Z",
 								"owner_user_id": 1,
-								"incoming_port": 9090,
+								"domain_names": ["test.example.com"],
-								"forwarding_host": "router.internal",
+								"forward_host": "192.168.0.10",
-								"forwarding_port": 80,
+								"forward_port": 8989,
-								"tcp_forwarding": true,
+								"access_list_id": 0,
-								"udp_forwarding": false,
+								"certificate_id": 0,
+								"ssl_forced": false,
+								"caching_enabled": false,
+								"block_exploits": false,
+								"advanced_config": "",
 								"meta": {
 									"nginx_online": true,
 									"nginx_err": null
 								},
+								"allow_websocket_upgrade": false,
+								"http2_support": false,
+								"forward_scheme": "http",
 								"enabled": true,
+								"hsts_enabled": false,
+								"hsts_subdomains": false,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-09T02:33:16.000Z",
+									"created_on": "2024-10-07T22:43:55.000Z",
-									"modified_on": "2024-10-09T02:33:16.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
 									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
-									"nickname": "Admin",
+									"nickname": "some guy",
-									"avatar": "",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"certificate_id": 0
+								"certificate": null,
+								"access_list": null
 							}
 						}
 					},

backend/schema/paths/tokens/get.json

@@ -15,7 +15,7 @@
 					"examples": {
 						"default": {
 							"value": {
-								"expires": "2025-02-04T20:40:46.340Z",
+								"expires": 1566540510,
 								"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 							}
 						}

backend/schema/paths/tokens/post.json

@@ -38,7 +38,7 @@
 						"default": {
 							"value": {
 								"result": {
-									"expires": "2025-02-04T20:40:46.340Z",
+									"expires": 1566540510,
 									"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 								}
 							}

backend/schema/swagger.json

@@ -9,15 +9,6 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
-	"components": {
-		"securitySchemes": {
-			"bearerAuth": {
-				"type": "http",
-				"scheme": "bearer",
-				"bearerFormat": "JWT"
-			}
-		}
-	},
 	"paths": {
 		"/": {
 			"get": {

backend/setup.js

@@ -21,10 +21,10 @@ const setupDefaultUser = () => {
 		.then((row) => {
 			if (!row || !row.id) {
 				// Create a new user and set password
-				const email    = (process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com').toLowerCase();
+				const email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
 				const password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
 
-				logger.info(`Creating a new user: ${email} with password: ${password}`);
+				logger.info('Creating a new user: ' + email + ' with password: ' + password);
 
 				const data = {
 					is_deleted: 0,
@@ -113,20 +113,20 @@ const setupCertbotPlugins = () => {
 		.andWhere('provider', 'letsencrypt')
 		.then((certificates) => {
 			if (certificates && certificates.length) {
-				const plugins  = [];
+				let plugins  = [];
-				const promises = [];
+				let promises = [];
 
-				certificates.map((certificate) => {
+				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
 						if (plugins.indexOf(certificate.meta.dns_provider) === -1) {
 							plugins.push(certificate.meta.dns_provider);
 						}
 
 						// Make sure credentials file exists
-						const credentials_loc = `/etc/letsencrypt/credentials/credentials-${certificate.id}`;
+						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
 						// Escape single quotes and backslashes
 						const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
-						const credentials_cmd    = `[ -f '${credentials_loc}' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo '${escapedCredentials}' > '${credentials_loc}' && chmod 600 '${credentials_loc}'; }`;
+						const credentials_cmd    = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
 						promises.push(utils.exec(credentials_cmd));
 					}
 				});
@@ -136,7 +136,7 @@ const setupCertbotPlugins = () => {
 						if (promises.length) {
 							return Promise.all(promises)
 								.then(() => {
-									logger.info(`Added Certbot plugins ${plugins.join(', ')}`);
+									logger.info('Added Certbot plugins ' + plugins.join(', '));
 								});
 						}
 					});
@@ -165,7 +165,9 @@ const setupLogrotation = () => {
 	return runLogrotate();
 };
 
-module.exports = () => setupDefaultUser()
+module.exports = function () {
-	.then(setupDefaultSettings)
+	return setupDefaultUser()
-	.then(setupCertbotPlugins)
+		.then(setupDefaultSettings)
-	.then(setupLogrotation);
+		.then(setupCertbotPlugins)
+		.then(setupLogrotation);
+};

backend/templates/_certificates.conf

@@ -2,7 +2,6 @@
 {% if certificate.provider == "letsencrypt" %}
   # Let's Encrypt SSL
   include conf.d/include/letsencrypt-acme-challenge.conf;
-  include conf.d/include/ssl-cache.conf;
   include conf.d/include/ssl-ciphers.conf;
   ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;

backend/templates/_certificates_stream.conf

@@ -1,13 +0,0 @@
-{% if certificate and certificate_id > 0 %}
-{% if certificate.provider == "letsencrypt" %}
-  # Let's Encrypt SSL
-  include conf.d/include/ssl-cache-stream.conf;
-  include conf.d/include/ssl-ciphers.conf;
-  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
-{%- else %}
-  # Custom SSL
-  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
-  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
-{%- endif -%}
-{%- endif -%}

backend/templates/stream.conf

@@ -5,10 +5,12 @@
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %};
+  listen {{ incoming_port }};
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %};
+{% if ipv6 -%}
-
+  listen [::]:{{ incoming_port }};
-  {%- include "_certificates_stream.conf" %}
+{% else -%}
+  #listen [::]:{{ incoming_port }};
+{% endif %}
 
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
@@ -17,12 +19,14 @@ server {
   include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
-
+{% if udp_forwarding == 1 or udp_forwarding == true %}
-{% if udp_forwarding == 1 or udp_forwarding == true -%}
 server {
   listen {{ incoming_port }} udp;
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} udp;
+{% if ipv6 -%}
-
+  listen [::]:{{ incoming_port }} udp;
+{% else -%}
+  #listen [::]:{{ incoming_port }} udp;
+{% endif %}
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
   # Custom

backend/yarn.lock

@@ -492,9 +492,9 @@ boxen@^4.2.0:
     widest-line "^3.1.0"
 
 brace-expansion@^1.1.7:
-  version "1.1.12"
+  version "1.1.11"
-  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843"
+  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
-  integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==
+  integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
   dependencies:
     balanced-match "^1.0.0"
     concat-map "0.0.1"

docker/docker-compose.ci.mysql.yml

@@ -18,7 +18,6 @@ services:
       MYSQL_DATABASE: 'npm'
       MYSQL_USER: 'npm'
       MYSQL_PASSWORD: 'npmpass'
-      MARIADB_AUTO_UPGRADE: '1'
     volumes:
       - mysql_vol:/var/lib/mysql
     networks:

docker/docker-compose.ci.yml

@@ -22,10 +22,6 @@ services:
       test: ["CMD", "/usr/bin/check-health"]
       interval: 10s
       timeout: 3s
-    expose:
-      - '80-81/tcp'
-      - '443/tcp'
-      - '1500-1503/tcp'
     networks:
       fulltest:
         aliases:
@@ -101,7 +97,7 @@ services:
       HTTP_PROXY: 'squid:3128'
       HTTPS_PROXY: 'squid:3128'
     volumes:
-      - 'cypress_logs:/test/results'
+      - 'cypress_logs:/results'
       - './dev/resolv.conf:/etc/resolv.conf:ro'
       - '/etc/localtime:/etc/localtime:ro'
     command: cypress run --browser chrome --config-file=cypress/config/ci.js

docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf

@@ -1,2 +0,0 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL_stream:50m;

docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf

@@ -1,2 +0,0 @@
-ssl_session_timeout 5m;
-ssl_session_cache shared:SSL:50m;

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -1,3 +1,6 @@
+ssl_session_timeout 5m;
+ssl_session_cache shared:SSL:50m;
+
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -8,53 +8,21 @@ log_info 'Setting ownership ...'
 # root
 chown root /tmp/nginx
 
-locations=(
+# npm user and group
-	"/data"
+chown -R "$PUID:$PGID" /data
-	"/etc/letsencrypt"
+chown -R "$PUID:$PGID" /etc/letsencrypt
-	"/run/nginx"
+chown -R "$PUID:$PGID" /run/nginx
-	"/tmp/nginx"
+chown -R "$PUID:$PGID" /tmp/nginx
-	"/var/cache/nginx"
+chown -R "$PUID:$PGID" /var/cache/nginx
-	"/var/lib/logrotate"
+chown -R "$PUID:$PGID" /var/lib/logrotate
-	"/var/lib/nginx"
+chown -R "$PUID:$PGID" /var/lib/nginx
-	"/var/log/nginx"
+chown -R "$PUID:$PGID" /var/log/nginx
-	"/etc/nginx/nginx"
-	"/etc/nginx/nginx.conf"
-	"/etc/nginx/conf.d"
-)
 
-chownit() {
+# Don't chown entire /etc/nginx folder as this causes crashes on some systems
-	local dir="$1"
+chown -R "$PUID:$PGID" /etc/nginx/nginx
-	local recursive="${2:-true}"
+chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+chown -R "$PUID:$PGID" /etc/nginx/conf.d
 
-	local have
+# Prevents errors when installing python certbot plugins when non-root
-	have="$(stat -c '%u:%g' "$dir")"
+chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
-	echo "- $dir ... "
+find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
-
-	if [ "$have" != "$PUID:$PGID" ]; then
-		if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
-			chown -R "$PUID:$PGID" "$dir"
-		else
-			chown "$PUID:$PGID" "$dir"
-		fi
-		echo "    DONE"
-	else
-		echo "    SKIPPED"
-	fi
-}
-
-for loc in "${locations[@]}"; do
-	chownit "$loc"
-done
-
-if [ "$(is_true "${SKIP_CERTBOT_OWNERSHIP:-}")" = '1' ]; then
-	log_info 'Skipping ownership change of certbot directories'
-else
-	log_info 'Changing ownership of certbot directories, this may take some time ...'
-	chownit "/opt/certbot" false
-	chownit "/opt/certbot/bin" false
-
-	# Handle all site-packages directories efficiently
-	find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
-		chownit "$SITE_PACKAGES_DIR"
-	done
-fi

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh

@@ -5,9 +5,12 @@ set -e
 
 log_info 'Dynamic resolvers ...'
 
+DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
+
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
-if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
+if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ];
+then
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
 else
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

@@ -8,11 +8,14 @@ set -e
 
 log_info 'IPv6 ...'
 
+# Lowercase
+DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
+
 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
 	SED_REGEX=
 
-	if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
+	if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ]; then
 		# IPV6 is disabled
 		echo "Disabling IPV6 in hosts in: $1"
 		SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'

docker/rootfs/usr/bin/common.sh

@@ -56,13 +56,3 @@ get_group_id () {
 		getent group "$1" | cut -d: -f3
 	fi
 }
-
-# param $1: value
-is_true () {
-	VAL=$(echo "${1:-}" | tr '[:upper:]' '[:lower:]')
-	if [ "$VAL" == 'true' ] || [ "$VAL" == 'on' ] || [ "$VAL" == '1' ] || [ "$VAL" == 'yes' ]; then
-		echo '1'
-	else
-		echo '0'
-	fi
-}

docker/scripts/install-s6

@@ -8,7 +8,7 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
 
-S6_OVERLAY_VERSION=3.2.1.0
+S6_OVERLAY_VERSION=3.1.5.0
 TARGETPLATFORM=${1:-linux/amd64}
 
 # Determine the correct binary file for the architecture given

docs/src/advanced-config/index.md

@@ -161,14 +161,6 @@ The easy fix is to add a Docker environment variable to the Nginx Proxy Manager
       DISABLE_IPV6: 'true'
 ```
 
-## Disabling IP Ranges Fetch
-
-By default, NPM fetches IP ranges from CloudFront and Cloudflare during application startup. In environments with limited internet access or to speed up container startup, this fetch can be disabled:
-
-```yml
-    environment:
-      IP_RANGES_FETCH_ENABLED: 'false'
-```
 
 ## Custom Nginx Configurations
 

docs/src/setup/index.md

@@ -21,7 +21,7 @@ services:
       # Add any other Stream port you want to expose
       # - '21:21' # FTP
 
-    #environment:
+    environment:
       # Uncomment this if you want to change the location of
       # the SQLite DB file within the container
       # DB_SQLITE_FILE: "/data/database.sqlite"

docs/yarn.lock

@@ -1065,9 +1065,9 @@ vfile@^6.0.0:
     vfile-message "^4.0.0"
 
 vite@^5.4.8:
-  version "5.4.20"
+  version "5.4.14"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.20.tgz#3267a5e03f21212f44edfd72758138e8fcecd76a"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.14.tgz#ff8255edb02134df180dcfca1916c37a6abe8408"
-  integrity sha512-j3lYzGC3P+B5Yfy/pfKNgVEg4+UtcIJcVRt2cDjIOmhLourAqPqf8P7acgxeiSgUB7E3p2P8/3gNIgDLpwzs4g==
+  integrity sha512-EK5cY7Q1D8JNhSaPKVK4pwBFvaTmZxEnoKXLG/U9gmdDcihQGNzFlgIvaxezFR4glP1LsuiedwMBqCXH3wZccA==
   dependencies:
     esbuild "^0.21.3"
     postcss "^8.4.43"

frontend/js/app/controller.js

@@ -4,438 +4,444 @@ const Tokens   = require('./tokens');
 
 module.exports = {
 
-	/**
+    /**
-	 * @param {String} route
+     * @param {String} route
-	 * @param {Object} [options]
+     * @param {Object} [options]
-	 * @returns {Boolean}
+     * @returns {Boolean}
-	 */
+     */
-	navigate: function (route, options) {
+    navigate: function (route, options) {
-		options = options || {};
+        options = options || {};
-		Backbone.history.navigate(route.toString(), options);
+        Backbone.history.navigate(route.toString(), options);
-		return true;
+        return true;
-	},
+    },
 
-	/**
+    /**
-	 * Login
+     * Login
-	 */
+     */
-	showLogin: function () {
+    showLogin: function () {
-		window.location = '/login';
+        window.location = '/login';
-	},
+    },
 
-	/**
+    /**
-	 * Users
+     * Users
-	 */
+     */
-	showUsers: function () {
+    showUsers: function () {
-		const controller = this;
+        let controller = this;
-		if (Cache.User.isAdmin()) {
+        if (Cache.User.isAdmin()) {
-			require(['./main', './users/main'], (App, View) => {
+            require(['./main', './users/main'], (App, View) => {
-				controller.navigate('/users');
+                controller.navigate('/users');
-				App.UI.showAppContent(new View());
+                App.UI.showAppContent(new View());
-			});
+            });
-		} else {
+        } else {
-			this.showDashboard();
+            this.showDashboard();
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * User Form
+     * User Form
-	 *
+     *
-	 * @param [model]
+     * @param [model]
-	 */
+     */
-	showUserForm: function (model) {
+    showUserForm: function (model) {
-		if (Cache.User.isAdmin()) {
+        if (Cache.User.isAdmin()) {
-			require(['./main', './user/form'], function (App, View) {
+            require(['./main', './user/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * User Permissions Form
+     * User Permissions Form
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showUserPermissions: function (model) {
+    showUserPermissions: function (model) {
-		if (Cache.User.isAdmin()) {
+        if (Cache.User.isAdmin()) {
-			require(['./main', './user/permissions'], function (App, View) {
+            require(['./main', './user/permissions'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * User Password Form
+     * User Password Form
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showUserPasswordForm: function (model) {
+    showUserPasswordForm: function (model) {
-		if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
+        if (Cache.User.isAdmin() || model.get('id') === Cache.User.get('id')) {
-			require(['./main', './user/password'], function (App, View) {
+            require(['./main', './user/password'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * User Delete Confirm
+     * User Delete Confirm
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showUserDeleteConfirm: function (model) {
+    showUserDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
+        if (Cache.User.isAdmin() && model.get('id') !== Cache.User.get('id')) {
-			require(['./main', './user/delete'], function (App, View) {
+            require(['./main', './user/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Dashboard
+     * Dashboard
-	 */
+     */
-	showDashboard: function () {
+    showDashboard: function () {
-		const controller = this;
+        let controller = this;
-		require(['./main', './dashboard/main'], (App, View) => {
-			controller.navigate('/');
-			App.UI.showAppContent(new View());
-		});
-	},
 
-	/**
+        require(['./main', './dashboard/main'], (App, View) => {
-	 * Nginx Proxy Hosts
+            controller.navigate('/');
-	 */
+            App.UI.showAppContent(new View());
-	showNginxProxy: function () {
+        });
-		if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
+    },
-			const controller = this;
 
-			require(['./main', './nginx/proxy/main'], (App, View) => {
+    /**
-				controller.navigate('/nginx/proxy');
+     * Nginx Proxy Hosts
-				App.UI.showAppContent(new View());
+     */
-			});
+    showNginxProxy: function () {
-		}
+        if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
-	},
+            let controller = this;
 
-	/**
+            require(['./main', './nginx/proxy/main'], (App, View) => {
-	 * Nginx Proxy Host Form
+                controller.navigate('/nginx/proxy');
-	 *
+                App.UI.showAppContent(new View());
-	 * @param [model]
+            });
-	 */
+        }
-	showNginxProxyForm: function (model) {
+    },
-		if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
-			require(['./main', './nginx/proxy/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+    /**
-	 * Proxy Host Delete Confirm
+     * Nginx Proxy Host Form
-	 *
+     *
-	 * @param model
+     * @param [model]
-	 */
+     */
-	showNginxProxyDeleteConfirm: function (model) {
+    showNginxProxyForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
-			require(['./main', './nginx/proxy/delete'], function (App, View) {
+            require(['./main', './nginx/proxy/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Nginx Redirection Hosts
+     * Proxy Host Delete Confirm
-	 */
+     *
-	showNginxRedirection: function () {
+     * @param model
-		if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
+     */
-			const controller = this;
+    showNginxProxyDeleteConfirm: function (model) {
-			require(['./main', './nginx/redirection/main'], (App, View) => {
+        if (Cache.User.isAdmin() || Cache.User.canManage('proxy_hosts')) {
-				controller.navigate('/nginx/redirection');
+            require(['./main', './nginx/proxy/delete'], function (App, View) {
-				App.UI.showAppContent(new View());
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Nginx Redirection Host Form
+     * Nginx Redirection Hosts
-	 *
+     */
-	 * @param [model]
+    showNginxRedirection: function () {
-	 */
+        if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
-	showNginxRedirectionForm: function (model) {
+            let controller = this;
-		if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
-			require(['./main', './nginx/redirection/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+            require(['./main', './nginx/redirection/main'], (App, View) => {
-	 * Proxy Redirection Delete Confirm
+                controller.navigate('/nginx/redirection');
-	 *
+                App.UI.showAppContent(new View());
-	 * @param model
+            });
-	 */
+        }
-	showNginxRedirectionDeleteConfirm: function (model) {
+    },
-		if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
-			require(['./main', './nginx/redirection/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+    /**
-	 * Nginx Stream Hosts
+     * Nginx Redirection Host Form
-	 */
+     *
-	showNginxStream: function () {
+     * @param [model]
-		if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
+     */
-			const controller = this;
+    showNginxRedirectionForm: function (model) {
-			require(['./main', './nginx/stream/main'], (App, View) => {
+        if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
-				controller.navigate('/nginx/stream');
+            require(['./main', './nginx/redirection/form'], function (App, View) {
-				App.UI.showAppContent(new View());
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Stream Form
+     * Proxy Redirection Delete Confirm
-	 *
+     *
-	 * @param [model]
+     * @param model
-	 */
+     */
-	showNginxStreamForm: function (model) {
+    showNginxRedirectionDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('redirection_hosts')) {
-			require(['./main', './nginx/stream/form'], function (App, View) {
+            require(['./main', './nginx/redirection/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Stream Delete Confirm
+     * Nginx Stream Hosts
-	 *
+     */
-	 * @param model
+    showNginxStream: function () {
-	 */
+        if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
-	showNginxStreamDeleteConfirm: function (model) {
+            let controller = this;
-		if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
-			require(['./main', './nginx/stream/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+            require(['./main', './nginx/stream/main'], (App, View) => {
-	 * Nginx Dead Hosts
+                controller.navigate('/nginx/stream');
-	 */
+                App.UI.showAppContent(new View());
-	showNginxDead: function () {
+            });
-		if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
+        }
-			const controller = this;
+    },
-			require(['./main', './nginx/dead/main'], (App, View) => {
-				controller.navigate('/nginx/404');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
 
-	/**
+    /**
-	 * Dead Host Form
+     * Stream Form
-	 *
+     *
-	 * @param [model]
+     * @param [model]
-	 */
+     */
-	showNginxDeadForm: function (model) {
+    showNginxStreamForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
-			require(['./main', './nginx/dead/form'], function (App, View) {
+            require(['./main', './nginx/stream/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Dead Host Delete Confirm
+     * Stream Delete Confirm
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showNginxDeadDeleteConfirm: function (model) {
+    showNginxStreamDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('streams')) {
-			require(['./main', './nginx/dead/delete'], function (App, View) {
+            require(['./main', './nginx/stream/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Help Dialog
+     * Nginx Dead Hosts
-	 *
+     */
-	 * @param {String}  title
+    showNginxDead: function () {
-	 * @param {String}  content
+        if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
-	 */
+            let controller = this;
-	showHelp: function (title, content) {
-		require(['./main', './help/main'], function (App, View) {
-			App.UI.showModalDialog(new View({title: title, content: content}));
-		});
-	},
 
-	/**
+            require(['./main', './nginx/dead/main'], (App, View) => {
-	 * Nginx Access
+                controller.navigate('/nginx/404');
-	 */
+                App.UI.showAppContent(new View());
-	showNginxAccess: function () {
+            });
-		if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
+        }
-			const controller = this;
+    },
-			require(['./main', './nginx/access/main'], (App, View) => {
-				controller.navigate('/nginx/access');
-				App.UI.showAppContent(new View());
-			});
-		}
-	},
 
-	/**
+    /**
-	 * Nginx Access List Form
+     * Dead Host Form
-	 *
+     *
-	 * @param [model]
+     * @param [model]
-	 */
+     */
-	showNginxAccessListForm: function (model) {
+    showNginxDeadForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
-			require(['./main', './nginx/access/form'], function (App, View) {
+            require(['./main', './nginx/dead/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Access List Delete Confirm
+     * Dead Host Delete Confirm
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showNginxAccessListDeleteConfirm: function (model) {
+    showNginxDeadDeleteConfirm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('dead_hosts')) {
-			require(['./main', './nginx/access/delete'], function (App, View) {
+            require(['./main', './nginx/dead/delete'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Nginx Certificates
+     * Help Dialog
-	 */
+     *
-	showNginxCertificates: function () {
+     * @param {String}  title
-		if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
+     * @param {String}  content
-			const controller = this;
+     */
-			require(['./main', './nginx/certificates/main'], (App, View) => {
+    showHelp: function (title, content) {
-				controller.navigate('/nginx/certificates');
+        require(['./main', './help/main'], function (App, View) {
-				App.UI.showAppContent(new View());
+            App.UI.showModalDialog(new View({title: title, content: content}));
-			});
+        });
-		}
+    },
-	},
 
-	/**
+    /**
-	 * Nginx Certificate Form
+     * Nginx Access
-	 *
+     */
-	 * @param [model]
+    showNginxAccess: function () {
-	 */
+        if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
-	showNginxCertificateForm: function (model) {
+            let controller = this;
-		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-			require(['./main', './nginx/certificates/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+            require(['./main', './nginx/access/main'], (App, View) => {
-	 * Certificate Renew
+                controller.navigate('/nginx/access');
-	 *
+                App.UI.showAppContent(new View());
-	 * @param model
+            });
-	 */
+        }
-	showNginxCertificateRenew: function (model) {
+    },
-		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-			require(['./main', './nginx/certificates/renew'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+    /**
-	 * Certificate Delete Confirm
+     * Nginx Access List Form
-	 *
+     *
-	 * @param model
+     * @param [model]
-	 */
+     */
-	showNginxCertificateDeleteConfirm: function (model) {
+    showNginxAccessListForm: function (model) {
-		if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
-			require(['./main', './nginx/certificates/delete'], function (App, View) {
+            require(['./main', './nginx/access/form'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		}
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Certificate Test Reachability
+     * Access List Delete Confirm
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showNginxCertificateTestReachability: function (model) {
+    showNginxAccessListDeleteConfirm: function (model) {
-	  if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('access_lists')) {
-		require(['./main', './nginx/certificates/test'], function (App, View) {
+            require(['./main', './nginx/access/delete'], function (App, View) {
-		  App.UI.showModalDialog(new View({model: model}));
+                App.UI.showModalDialog(new View({model: model}));
-		});
+            });
-	  }
+        }
-	},
+    },
 
-	/**
+    /**
-	 * Audit Log
+     * Nginx Certificates
-	 */
+     */
-	showAuditLog: function () {
+    showNginxCertificates: function () {
-		const controller = this;
+        if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
-		if (Cache.User.isAdmin()) {
+            let controller = this;
-			require(['./main', './audit-log/main'], (App, View) => {
-				controller.navigate('/audit-log');
-				App.UI.showAppContent(new View());
-			});
-		} else {
-			this.showDashboard();
-		}
-	},
 
-	/**
+            require(['./main', './nginx/certificates/main'], (App, View) => {
-	 * Audit Log Metadata
+                controller.navigate('/nginx/certificates');
-	 *
+                App.UI.showAppContent(new View());
-	 * @param model
+            });
-	 */
+        }
-	showAuditMeta: function (model) {
+    },
-		if (Cache.User.isAdmin()) {
-			require(['./main', './audit-log/meta'], function (App, View) {
-				App.UI.showModalDialog(new View({model: model}));
-			});
-		}
-	},
 
-	/**
+    /**
-	 * Settings
+     * Nginx Certificate Form
-	 */
+     *
-	showSettings: function () {
+     * @param [model]
-		const controller = this;
+     */
-		if (Cache.User.isAdmin()) {
+    showNginxCertificateForm: function (model) {
-			require(['./main', './settings/main'], (App, View) => {
+        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-				controller.navigate('/settings');
+            require(['./main', './nginx/certificates/form'], function (App, View) {
-				App.UI.showAppContent(new View());
+                App.UI.showModalDialog(new View({model: model}));
-			});
+            });
-		} else {
+        }
-			this.showDashboard();
+    },
-		}
-	},
 
-	/**
+    /**
-	 * Settings Item Form
+     * Certificate Renew
-	 *
+     *
-	 * @param model
+     * @param model
-	 */
+     */
-	showSettingForm: function (model) {
+    showNginxCertificateRenew: function (model) {
-		if (Cache.User.isAdmin()) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
-			if (model.get('id') === 'default-site') {
+            require(['./main', './nginx/certificates/renew'], function (App, View) {
-				require(['./main', './settings/default-site/main'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
-					App.UI.showModalDialog(new View({model: model}));
+            });
-				});
+        }
-			}
+    },
-		}
-	},
 
-	/**
+    /**
-	 * Logout
+     * Certificate Delete Confirm
-	 */
+     *
-	logout: function () {
+     * @param model
-		Tokens.dropTopToken();
+     */
-		this.showLogin();
+    showNginxCertificateDeleteConfirm: function (model) {
-	}
+        if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+            require(['./main', './nginx/certificates/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
+
+    /**
+     * Certificate Test Reachability
+     *
+     * @param model
+     */
+    showNginxCertificateTestReachability: function (model) {
+      if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+        require(['./main', './nginx/certificates/test'], function (App, View) {
+          App.UI.showModalDialog(new View({model: model}));
+        });
+      }
+    },
+
+    /**
+     * Audit Log
+     */
+    showAuditLog: function () {
+        let controller = this;
+        if (Cache.User.isAdmin()) {
+            require(['./main', './audit-log/main'], (App, View) => {
+                controller.navigate('/audit-log');
+                App.UI.showAppContent(new View());
+            });
+        } else {
+            this.showDashboard();
+        }
+    },
+
+    /**
+     * Audit Log Metadata
+     *
+     * @param model
+     */
+    showAuditMeta: function (model) {
+        if (Cache.User.isAdmin()) {
+            require(['./main', './audit-log/meta'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
+
+    /**
+     * Settings
+     */
+    showSettings: function () {
+        let controller = this;
+        if (Cache.User.isAdmin()) {
+            require(['./main', './settings/main'], (App, View) => {
+                controller.navigate('/settings');
+                App.UI.showAppContent(new View());
+            });
+        } else {
+            this.showDashboard();
+        }
+    },
+
+    /**
+     * Settings Item Form
+     *
+     * @param model
+     */
+    showSettingForm: function (model) {
+        if (Cache.User.isAdmin()) {
+            if (model.get('id') === 'default-site') {
+                require(['./main', './settings/default-site/main'], function (App, View) {
+                    App.UI.showModalDialog(new View({model: model}));
+                });
+            }
+        }
+    },
+
+    /**
+     * Logout
+     */
+    logout: function () {
+        Tokens.dropTopToken();
+        this.showLogin();
+    }
 };

frontend/js/app/dashboard/main.js

@@ -6,85 +6,87 @@ const Helpers    = require('../../lib/helpers');
 const template   = require('./main.ejs');
 
 module.exports = Mn.View.extend({
-	template: template,
+    template: template,
-	id:       'dashboard',
+    id:       'dashboard',
-	columns:  0,
+    columns:  0,
 
-	stats: {},
+    stats: {},
 
-	ui: {
+    ui: {
-		links: 'a'
+        links: 'a'
-	},
+    },
 
-	events: {
+    events: {
-		'click @ui.links': function (e) {
+        'click @ui.links': function (e) {
-			e.preventDefault();
+            e.preventDefault();
-			Controller.navigate($(e.currentTarget).attr('href'), true);
+            Controller.navigate($(e.currentTarget).attr('href'), true);
-		}
+        }
-	},
+    },
 
-	templateContext: function () {
+    templateContext: function () {
-		const view = this;
+        let view = this;
 
-		return {
+        return {
-			getUserName: function () {
+            getUserName: function () {
-				return Cache.User.get('nickname') || Cache.User.get('name');
+                return Cache.User.get('nickname') || Cache.User.get('name');
-			},
+            },
 
-			getHostStat: function (type) {
+            getHostStat: function (type) {
-				if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
+                if (view.stats && typeof view.stats.hosts !== 'undefined' && typeof view.stats.hosts[type] !== 'undefined') {
-					return Helpers.niceNumber(view.stats.hosts[type]);
+                    return Helpers.niceNumber(view.stats.hosts[type]);
-				}
+                }
 
-				return '-';
+                return '-';
-			},
+            },
 
-			canShow: function (perm) {
+            canShow: function (perm) {
-				return Cache.User.isAdmin() || Cache.User.canView(perm);
+                return Cache.User.isAdmin() || Cache.User.canView(perm);
-			},
+            },
 
-			columns: view.columns
+            columns: view.columns
-		};
+        };
-	},
+    },
 
-	onRender: function () {
+    onRender: function () {
-		const view = this;
+        let view = this;
-		if (typeof view.stats.hosts === 'undefined') {
-			Api.Reports.getHostStats()
-				.then(response => {
-					if (!view.isDestroyed()) {
-						view.stats.hosts = response;
-						view.render();
-					}
-				})
-				.catch(err => {
-					console.log(err);
-				});
-		}
-	},
 
-	/**
+        if (typeof view.stats.hosts === 'undefined') {
-	 * @param {Object}  [model]
+            Api.Reports.getHostStats()
-	 */
+                .then(response => {
-	preRender: function (model) {
+                    if (!view.isDestroyed()) {
-		this.columns = 0;
+                        view.stats.hosts = response;
+                        view.render();
+                    }
+                })
+                .catch(err => {
+                    console.log(err);
+                });
+        }
+    },
 
-		// calculate the available columns based on permissions for the objects
+    /**
-		// and store as a variable
+     * @param {Object}  [model]
-		const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
+     */
+    preRender: function (model) {
+        this.columns = 0;
 
-		perms.map(perm => {
+        // calculate the available columns based on permissions for the objects
-			this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
+        // and store as a variable
-		});
+        //let view = this;
+        let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
 
-		// Prevent double rendering on initial calls
+        perms.map(perm => {
-		if (typeof model !== 'undefined') {
+            this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
-			this.render();
+        });
-		}
-	},
 
-	initialize: function () {
+        // Prevent double rendering on initial calls
-		this.preRender();
+        if (typeof model !== 'undefined') {
-		this.listenTo(Cache.User, 'change', this.preRender);
+            this.render();
-	}
+        }
+    },
+
+    initialize: function () {
+        this.preRender();
+        this.listenTo(Cache.User, 'change', this.preRender);
+    }
 });

frontend/js/app/nginx/certificates/list/item.ejs

@@ -33,13 +33,6 @@
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
     <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
 </td>
-<td>
-    <% if (active_domain_names().length > 0) { %>
-        <span class="status-icon bg-success"></span> <%- i18n('certificates', 'in-use') %>
-    <% } else { %>
-        <span class="status-icon bg-danger"></span> <%- i18n('certificates', 'inactive') %>
-    <% } %>
-</td>
 <% if (canManage) { %>
 <td class="text-right">
     <div class="item-action dropdown">
@@ -55,14 +48,7 @@
                 <div class="dropdown-divider"></div>
             <% } %>
             <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
-            <% if (active_domain_names().length > 0) { %>
-                <div class="dropdown-divider"></div>
-                <span class="dropdown-header"><%- i18n('certificates', 'active-domain_names') %></span>
-                <% active_domain_names().forEach(function(host) { %>
-                    <a href="https://<%- host %>" class="dropdown-item" target="_blank"><%- host %></a>
-                <% }); %>
-            <% } %>
         </div>
     </div>
 </td>
-<% } %>
+<% } %>

frontend/js/app/nginx/certificates/list/item.js

@@ -44,24 +44,14 @@ module.exports = Mn.View.extend({
         },
     },
 
-    templateContext: function () {
+    templateContext: {
-        return {
+        canManage: App.Cache.User.canManage('certificates'),
-            canManage: App.Cache.User.canManage('certificates'),
+        isExpired: function () {
-            isExpired: function () {
+            return moment(this.expires_on).isBefore(moment());
-                return moment(this.expires_on).isBefore(moment());
+        },
-            },
+        dns_providers: dns_providers
-            dns_providers: dns_providers,
-            active_domain_names: function () {
-                const { proxy_hosts = [], redirect_hosts = [], dead_hosts = [] } = this;
-                return [...proxy_hosts, ...redirect_hosts, ...dead_hosts].reduce((acc, host) => {
-                    acc.push(...(host.domain_names || []));
-                    return acc;
-                }, []);
-            }
-        };
     },
 
-
     initialize: function () {
         this.listenTo(this.model, 'change', this.render);
     }

frontend/js/app/nginx/certificates/list/main.ejs

@@ -3,7 +3,6 @@
     <th><%- i18n('str', 'name') %></th>
     <th><%- i18n('all-hosts', 'cert-provider') %></th>
     <th><%- i18n('str', 'expires') %></th>
-    <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>
     <% } %>

frontend/js/app/nginx/certificates/main.js

@@ -74,7 +74,7 @@ module.exports = Mn.View.extend({
             e.preventDefault();
             let query = this.ui.query.val();
 
-            this.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'], query)
+            this.fetch(['owner'], query)
                 .then(response => this.showData(response))
                 .catch(err => {
                     this.showError(err);
@@ -89,7 +89,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        view.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'])
+        view.fetch(['owner'])
             .then(response => {
                 if (!view.isDestroyed()) {
                     if (response && response.length) {

frontend/js/app/nginx/stream/form.ejs

@@ -3,187 +3,48 @@
         <h5 class="modal-title"><%- i18n('streams', 'form-title', {id: id}) %></h5>
         <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
     </div>
-    <div class="modal-body has-tabs">
+    <div class="modal-body">
-        <div class="alert alert-danger mb-0 rounded-0" id="le-error-info" role="alert"></div>
         <form>
-            <ul class="nav nav-tabs" role="tablist">
+            <div class="row">
-                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
+                <div class="col-sm-12 col-md-12">
-                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
+                    <div class="form-group">
-            </ul>
+                        <label class="form-label"><%- i18n('streams', 'incoming-port') %> <span class="form-required">*</span></label>
-            <div class="tab-content">
+                        <input name="incoming_port" type="number" class="form-control text-monospace" placeholder="eg: 8080" min="1" max="65535" value="<%- incoming_port %>" required>
-                <!-- Details -->
-                <div role="tabpanel" class="tab-pane active" id="details">
-                    <div class="row">
-                        <div class="col-sm-12 col-md-12">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'incoming-port') %> <span class="form-required">*</span></label>
-                                <input name="incoming_port" type="number" class="form-control text-monospace" placeholder="eg: 8080" min="1" max="65535" value="<%- incoming_port %>" required>
-                            </div>
-                        </div>
-                        <div class="col-sm-8 col-md-8">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'forwarding-host') %><span class="form-required">*</span></label>
-                                <input type="text" name="forwarding_host" class="form-control text-monospace" placeholder="example.com or 10.0.0.1 or 2001:db8:3333:4444:5555:6666:7777:8888" value="<%- forwarding_host %>" autocomplete="off" maxlength="255" required>
-                            </div>
-                        </div>
-                        <div class="col-sm-4 col-md-4">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'forwarding-port') %> <span class="form-required">*</span></label>
-                                <input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 80" min="1" max="65535" value="<%- forwarding_port %>" required>
-                            </div>
-                        </div>
-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="tcp_forwarding" value="1"<%- tcp_forwarding ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('streams', 'tcp-forwarding') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="udp_forwarding" value="1"<%- udp_forwarding ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('streams', 'udp-forwarding') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12">
-                            <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
-                        </div>
                     </div>
                 </div>
-
+                <div class="col-sm-8 col-md-8">
-                <!-- SSL -->
+                    <div class="form-group">
-                <div role="tabpanel" class="tab-pane" id="ssl-options">
+                        <label class="form-label"><%- i18n('streams', 'forwarding-host') %><span class="form-required">*</span></label>
-                    <div class="row">
+                        <input type="text" name="forwarding_host" class="form-control text-monospace" placeholder="example.com or 10.0.0.1 or 2001:db8:3333:4444:5555:6666:7777:8888" value="<%- forwarding_host %>" autocomplete="off" maxlength="255" required>
-                        <div class="col-sm-12 col-md-12">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('streams', 'ssl-certificate') %></label>
-                                <select name="certificate_id" class="form-control custom-select" placeholder="<%- i18n('all-hosts', 'none') %>">
-                                    <option selected value="0" data-data="{&quot;id&quot;:0}" <%- certificate_id ? '' : 'selected' %>><%- i18n('all-hosts', 'none') %></option>
-                                    <option selected value="new" data-data="{&quot;id&quot;:&quot;new&quot;}"><%- i18n('all-hosts', 'new-cert') %></option>
-                                </select>
-                            </div>
-                        </div>
-
-                        <!-- DNS challenge -->
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('all-hosts', 'domain-names') %> <span class="form-required">*</span></label>
-                                <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>">
-                            </div>
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input
-                                            type="checkbox"
-                                            class="custom-switch-input"
-                                            name="meta[dns_challenge]"
-                                            value="1"
-                                            checked
-                                            disabled
-                                    >
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%= i18n('ssl', 'dns-challenge') %></span>
-                                </label>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <fieldset class="form-fieldset dns-challenge">
-                                <div class="text-red mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'certbot-warning') %></div>
-
-                                <!-- Certbot DNS plugin selection -->
-                                <div class="row">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group">
-                                            <label class="form-label"><%- i18n('ssl', 'dns-provider') %> <span class="form-required">*</span></label>
-                                            <select
-                                                    name="meta[dns_provider]"
-                                                    id="dns_provider"
-                                                    class="form-control custom-select"
-                                            >
-                                                <option
-                                                        value=""
-                                                        disabled
-                                                        hidden
-                                                        <%- getDnsProvider() === null ? 'selected' : '' %>
-                                                >Please Choose...</option>
-                                                <% _.each(dns_plugins, function(plugin_info, plugin_name){ %>
-                                                    <option
-                                                            value="<%- plugin_name %>"
-                                                            <%- getDnsProvider() === plugin_name ? 'selected' : '' %>
-                                                    ><%- plugin_info.name %></option>
-                                                <% }); %>
-                                            </select>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <!-- Certbot credentials file content -->
-                                <div class="row credentials-file-content">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group">
-                                            <label class="form-label"><%- i18n('ssl', 'credentials-file-content') %> <span class="form-required">*</span></label>
-                                            <textarea
-                                                    name="meta[dns_provider_credentials]"
-                                                    class="form-control text-monospace"
-                                                    id="dns_provider_credentials"
-                                            ><%- getDnsProviderCredentials() %></textarea>
-                                            <div class="text-secondary small">
-                                                <i class="fe fe-info"></i>
-                                                <%= i18n('ssl', 'credentials-file-content-info') %>
-                                            </div>
-                                            <div class="text-red small">
-                                                <i class="fe fe-alert-triangle"></i>
-                                                <%= i18n('ssl', 'stored-as-plaintext-info') %>
-                                            </div>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <!-- DNS propagation delay -->
-                                <div class="row">
-                                    <div class="col-sm-12 col-md-12">
-                                        <div class="form-group mb-0">
-                                            <label class="form-label"><%- i18n('ssl', 'propagation-seconds') %></label>
-                                            <input
-                                                    type="number"
-                                                    min="0"
-                                                    name="meta[propagation_seconds]"
-                                                    class="form-control"
-                                                    id="propagation_seconds"
-                                                    value="<%- getPropagationSeconds() %>"
-                                            >
-                                            <div class="text-secondary small">
-                                                <i class="fe fe-info"></i>
-                                                <%= i18n('ssl', 'propagation-seconds-info') %>
-                                            </div>
-                                        </div>
-                                    </div>
-                                </div>
-                            </fieldset>
-                        </div>
-
-                        <!-- Lets encrypt -->
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('ssl', 'letsencrypt-email') %> <span class="form-required">*</span></label>
-                                <input name="meta[letsencrypt_email]" type="email" class="form-control" placeholder="" value="<%- getLetsencryptEmail() %>" required disabled>
-                            </div>
-                        </div>
-                        <div class="col-sm-12 col-md-12 letsencrypt">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="meta[letsencrypt_agree]" value="1" required disabled>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%= i18n('ssl', 'letsencrypt-agree', {url: 'https://letsencrypt.org/repository/'}) %> <span class="form-required">*</span></span>
-                                </label>
-                            </div>
-                        </div>
                     </div>
                 </div>
+                <div class="col-sm-4 col-md-4">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('streams', 'forwarding-port') %> <span class="form-required">*</span></label>
+                        <input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 80" min="1" max="65535" value="<%- forwarding_port %>" required>
+                    </div>
+                </div>
+                <div class="col-sm-6 col-md-6">
+                    <div class="form-group">
+                        <label class="custom-switch">
+                            <input type="checkbox" class="custom-switch-input" name="tcp_forwarding" value="1"<%- tcp_forwarding ? ' checked' : '' %>>
+                            <span class="custom-switch-indicator"></span>
+                            <span class="custom-switch-description"><%- i18n('streams', 'tcp-forwarding') %></span>
+                        </label>
+                    </div>
+                </div>
+                <div class="col-sm-6 col-md-6">
+                    <div class="form-group">
+                        <label class="custom-switch">
+                            <input type="checkbox" class="custom-switch-input" name="udp_forwarding" value="1"<%- udp_forwarding ? ' checked' : '' %>>
+                            <span class="custom-switch-indicator"></span>
+                            <span class="custom-switch-description"><%- i18n('streams', 'udp-forwarding') %></span>
+                        </label>
+                    </div>
+                </div>
+                <div class="col-sm-12 col-md-12">
+                    <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
+                </div>
             </div>
         </form>
     </div>

frontend/js/app/nginx/stream/form.js

@@ -1,38 +1,24 @@
-const Mn            = require('backbone.marionette');
+const Mn          = require('backbone.marionette');
-const App           = require('../../main');
+const App         = require('../../main');
-const StreamModel   = require('../../../models/stream');
+const StreamModel = require('../../../models/stream');
-const template      = require('./form.ejs');
+const template    = require('./form.ejs');
-const dns_providers = require('../../../../../global/certbot-dns-plugins');
 
 require('jquery-serializejson');
 require('jquery-mask-plugin');
 require('selectize');
-const Helpers = require("../../../lib/helpers");
-const certListItemTemplate = require("../certificates-list-item.ejs");
-const i18n = require("../../i18n");
 
 module.exports = Mn.View.extend({
     template:  template,
     className: 'modal-dialog',
 
     ui: {
-        form:                     'form',
+        form:       'form',
-        forwarding_host:          'input[name="forwarding_host"]',
+        forwarding_host: 'input[name="forwarding_host"]',
-        type_error:               '.forward-type-error',
+        type_error: '.forward-type-error',
-        buttons:                  '.modal-footer button',
+        buttons:    '.modal-footer button',
-        switches:                 '.custom-switch-input',
+        switches:   '.custom-switch-input',
-        cancel:                   'button.cancel',
+        cancel:     'button.cancel',
-        save:                     'button.save',
+        save:       'button.save'
-        le_error_info:            '#le-error-info',
-        certificate_select:       'select[name="certificate_id"]',
-        domain_names:             'input[name="domain_names"]',
-        dns_challenge_switch:     'input[name="meta[dns_challenge]"]',
-        dns_challenge_content:    '.dns-challenge',
-        dns_provider:             'select[name="meta[dns_provider]"]',
-        credentials_file_content: '.credentials-file-content',
-        dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
-        propagation_seconds:      'input[name="meta[propagation_seconds]"]',
-        letsencrypt:              '.letsencrypt'
     },
 
     events: {
@@ -62,35 +48,6 @@ module.exports = Mn.View.extend({
             data.tcp_forwarding  = !!data.tcp_forwarding;
             data.udp_forwarding  = !!data.udp_forwarding;
 
-            if (typeof data.meta === 'undefined') data.meta = {};
-            data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
-            data.meta.dns_challenge = true;
-
-            if (data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined;
-
-            if (typeof data.domain_names === 'string' && data.domain_names) {
-                data.domain_names = data.domain_names.split(',');
-            }
-
-            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
-                let domain_err = false;
-                if (!data.meta.dns_challenge) {
-                    data.domain_names.map(function (name) {
-                        if (name.match(/\*/im)) {
-                            domain_err = true;
-                        }
-                    });
-                }
-
-                if (domain_err) {
-                    alert(i18n('ssl', 'no-wildcard-without-dns'));
-                    return;
-                }
-            } else {
-                data.certificate_id = parseInt(data.certificate_id, 10);
-            }
-
             let method = App.Api.Nginx.Streams.create;
             let is_new = true;
 
@@ -113,108 +70,10 @@ module.exports = Mn.View.extend({
                     });
                 })
                 .catch(err => {
-                    let more_info = '';
+                    alert(err.message);
-                    if (err.code === 500 && err.debug) {
-                        try {
-                            more_info = JSON.parse(err.debug).debug.stack.join("\n");
-                        } catch (e) {
-                        }
-                    }
-                    this.ui.le_error_info[0].innerHTML = `${err.message}${more_info !== '' ? `<pre class="mt-3">${more_info}</pre>` : ''}`;
-                    this.ui.le_error_info.show();
-                    this.ui.le_error_info[0].scrollIntoView();
                     this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
-                    this.ui.save.removeClass('btn-loading');
                 });
-        },
+        }
-
-        'change @ui.certificate_select': function () {
-            let id = this.ui.certificate_select.val();
-            if (id === 'new') {
-                this.ui.letsencrypt.show().find('input').prop('disabled', false);
-                this.ui.domain_names.prop('required', 'required');
-
-                this.ui.dns_challenge_switch
-                    .prop('disabled', true)
-                    .parents('.form-group')
-                    .css('opacity', 0.5);
-
-                this.ui.dns_provider.prop('required', 'required');
-                const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
-                if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
-                    this.ui.dns_provider_credentials.prop('required', 'required');
-                }
-                this.ui.dns_challenge_content.show();
-            } else {
-                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
-            }
-        },
-
-        'change @ui.dns_provider': function () {
-            const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
-            if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
-                this.ui.dns_provider_credentials.prop('required', 'required');
-                this.ui.dns_provider_credentials[0].value = dns_providers[selected_provider].credentials;
-                this.ui.credentials_file_content.show();
-            } else {
-                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.credentials_file_content.hide();
-            }
-        },
-    },
-
-    templateContext: {
-        getLetsencryptEmail: function () {
-            return App.Cache.User.get('email');
-        },
-        getDnsProvider: function () {
-            return typeof this.meta.dns_provider !== 'undefined' && this.meta.dns_provider != '' ? this.meta.dns_provider : null;
-        },
-        getDnsProviderCredentials: function () {
-            return typeof this.meta.dns_provider_credentials !== 'undefined' ? this.meta.dns_provider_credentials : '';
-        },
-        getPropagationSeconds: function () {
-            return typeof this.meta.propagation_seconds !== 'undefined' ? this.meta.propagation_seconds : '';
-        },
-        dns_plugins: dns_providers,
-    },
-
-    onRender: function () {
-        let view = this;
-
-        // Certificates
-        this.ui.le_error_info.hide();
-        this.ui.dns_challenge_content.hide();
-        this.ui.credentials_file_content.hide();
-        this.ui.letsencrypt.hide();
-        this.ui.certificate_select.selectize({
-            valueField:       'id',
-            labelField:       'nice_name',
-            searchField:      ['nice_name', 'domain_names'],
-            create:           false,
-            preload:          true,
-            allowEmptyOption: true,
-            render:           {
-                option: function (item) {
-                    item.i18n         = App.i18n;
-                    item.formatDbDate = Helpers.formatDbDate;
-                    return certListItemTemplate(item);
-                }
-            },
-            load:             function (query, callback) {
-                App.Api.Nginx.Certificates.getAll()
-                    .then(rows => {
-                        callback(rows);
-                    })
-                    .catch(err => {
-                        console.error(err);
-                        callback();
-                    });
-            },
-            onLoad:           function () {
-                view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
-            }
-        });
     },
 
     initialize: function (options) {

frontend/js/app/nginx/stream/list/item.ejs

@@ -16,10 +16,7 @@
 </td>
 <td>
     <div>
-        <% if (certificate) { %>
+        <% if (tcp_forwarding) { %>
-            <span class="tag"><%- i18n('streams', 'tcp+ssl') %></span>
-        <% }
-        else if (tcp_forwarding) { %>
             <span class="tag"><%- i18n('streams', 'tcp') %></span>
         <% }
         if (udp_forwarding) { %>
@@ -27,9 +24,6 @@
         <% } %>
     </div>
 </td>
-<td>
-    <div><%- certificate && certificate_id ? i18n('ssl', certificate.provider) : i18n('all-hosts', 'none') %></div>
-</td>
 <td>
     <%
     var o = isOnline();

frontend/js/app/nginx/stream/list/main.ejs

@@ -3,7 +3,6 @@
     <th><%- i18n('streams', 'incoming-port') %></th>
     <th><%- i18n('str', 'destination') %></th>
     <th><%- i18n('streams', 'protocol') %></th>
-    <th><%- i18n('str', 'ssl') %></th>
     <th><%- i18n('str', 'status') %></th>
     <% if (canManage) { %>
     <th>&nbsp;</th>

frontend/js/app/nginx/stream/main.js

@@ -88,7 +88,7 @@ module.exports = Mn.View.extend({
     onRender: function () {
         let view = this;
 
-        view.fetch(['owner', 'certificate'])
+        view.fetch(['owner'])
             .then(response => {
                 if (!view.isDestroyed()) {
                     if (response && response.length) {

frontend/js/i18n/messages.json

@@ -60,7 +60,7 @@
     },
     "footer": {
       "fork-me": "Fork me on Github",
-      "copy": "&copy; 2025 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
+      "copy": "&copy; 2024 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
       "theme": "Theme by <a href=\"{url}\" target=\"_blank\">Tabler</a>"
     },
     "dashboard": {
@@ -179,9 +179,7 @@
       "delete-confirm": "Are you sure you want to delete this Stream?",
       "help-title": "What is a Stream?",
       "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
-      "search": "Search Incoming Port…",
+      "search": "Search Incoming Port…"
-      "ssl-certificate": "SSL Certificate for TCP Forwarding",
-      "tcp+ssl": "TCP+SSL"
     },
     "certificates": {
       "title": "SSL Certificates",
@@ -208,10 +206,7 @@
       "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
       "download": "Download",
       "renew-title": "Renew Let's Encrypt Certificate",
-      "search": "Search Certificate…",
+      "search": "Search Certificate…"
-      "in-use"  : "In use",
-      "inactive": "Inactive",
-      "active-domain_names": "Active domain names"
     },
     "access-lists": {
       "title": "Access Lists",
@@ -297,5 +292,297 @@
       "default-site-html": "Custom Page",
       "default-site-redirect": "Redirect"
     }
+  },
+  "es": {
+    "str": {
+      "email-address": "Dirección de correo electrónico",
+      "username": "Nombre de usuario",
+      "password": "Contraseña",
+      "sign-in": "Registrarse",
+      "sign-out": "Cerrar sesión",
+      "try-again": "Intentar otra vez",
+      "name": "Nombre",
+      "email": "Correo electrónico",
+      "roles": "Roles",
+      "created-on": "Creado: {date}",
+      "save": "Guardar",
+      "cancel": "Cancelar",
+      "close": "Cerrar",
+      "enable": "Habilitar",
+      "disable": "Inhabilitar",
+      "sure": "Si, estoy seguro",
+      "disabled": "Inhabilitado",
+      "choose-file": "Elija el archivo",
+      "source": "Fuente",
+      "destination": "Destino",
+      "ssl": "SSL",
+      "access": "Acceso",
+      "public": "Público",
+      "edit": "Editar",
+      "delete": "Borrar",
+      "logs": "Registros",
+      "status": "Estatus",
+      "online": "En línea",
+      "offline": "Desconectado",
+      "unknown": "Desconocido",
+      "expires": "Caduca",
+      "value": "Valor",
+      "please-wait": "Por favor, espere...",
+      "all": "Todo",
+      "any": "Ninguno"
+    },
+    "login": {
+      "title": "Ingrese a su cuenta"
+    },
+    "main": {
+      "app": "Nginx Proxy Manager",
+      "version": "v{version}",
+      "welcome": "Bienvenidos a Nginx Proxy Manager",
+      "logged-in": "Has iniciado sesión como {name}",
+      "unknown-error": "Error al cargar cosas. Vuelva a cargar la aplicación.",
+      "unknown-user": "Usuario desconocido",
+      "sign-in-as": "Vuelve a iniciar sesión como {name}"
+    },
+    "roles": {
+      "title": "Roles",
+      "admin": "Administrador",
+      "user": "Helicóptero Apache"
+    },
+    "menu": {
+      "dashboard": "Panel",
+      "hosts": "Servidores"
+    },
+    "footer": {
+      "fork-me": "Bifurcame en Github",
+      "copy": "&copy; 2022 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
+      "theme": "Tema por <a href=\"{url}\" target=\"_blank\">Tabler</a>"
+    },
+    "dashboard": {
+      "title": "Hola {name}"
+    },
+    "all-hosts": {
+      "empty-subtitle": "{manage, select, true{¿Por qué no creas uno?} other{Y no tienes permiso para crear uno.}}",
+      "details": "Detalles",
+      "enable-ssl": "Habilitar SSL",
+      "force-ssl": "Forzar SSL",
+      "http2-support": "Soporte HTTP/2",
+      "domain-names": "Nombres de Dominios",
+      "cert-provider": "Proveedor de certificados",
+      "block-exploits": "Bloquear exploits comunes",
+      "caching-enabled": "Caché de Activos",
+      "ssl-certificate": "Certificado SSL",
+      "none": "Ninguno",
+      "new-cert": "Solicitar un nuevo Certificado SSL",
+      "with-le": "con Let's Encrypt",
+      "no-ssl": "Este servidor no usará HTTPS",
+      "advanced": "Avanzado",
+      "advanced-warning": "¡Ingrese su configuración Nginx personalizada aquí bajo su propio riesgo!",
+      "advanced-config": "Configuración Nginx personalizada",
+      "advanced-config-var-headline": "Estos detalles del proxy están disponibles como variables Nginx:",
+      "advanced-config-header-info": "Tenga en cuenta que cualquier directiva add_header o set_header agregada aquí no será utilizada por Nginx. Deberá agregar una ubicación personalizada '/' y agregar el encabezado en la configuración personalizada allí.",
+      "hsts-enabled": "HSTS habilitado",
+      "hsts-subdomains": "Subdominios HSTS",
+      "locations": "Ubicaciones personalizadas"
+    },
+    "locations": {
+      "new_location": "Agregar ubicación",
+      "path": "/ruta",
+      "location_label": "Definir ubicación",
+      "delete": "Borrar"
+    },
+    "ssl": {
+      "letsencrypt": "Let's Encrypt",
+      "other": "Personalizada",
+      "none": "solo HTTP",
+      "letsencrypt-email": "Dirección de correo electrónico para Let's Encrypt",
+      "letsencrypt-agree": "Acepto los <a href=\"{url}\" target=\"_blank\">Términos de servicio de Let's Encrypt</a>",
+      "delete-ssl": "Los certificados SSL adjuntos NO se eliminarán, deberán eliminarse manualmente.",
+      "hosts-warning": "Estos dominios ya deben estar configurados para apuntar a esta instalación",
+      "no-wildcard-without-dns": "No se puede solicitar el certificado de Let's Encrypt para dominios comodín cuando no se usa el desafío de DNS",
+      "dns-challenge": "Utilice un desafío de DNS",
+      "certbot-warning": "Esta sección requiere algunos conocimientos sobre Certbot y sus complementos de DNS. Consulte la documentación de los complementos respectivos.",
+      "dns-provider": "Proveedor de DNS",
+      "please-choose": "Por favor, elige...",
+      "credentials-file-content": "Contenido del archivo de credenciales",
+      "credentials-file-content-info": "Este complemento requiere un archivo de configuración que contenga un token API u otras credenciales para su proveedor",
+      "stored-as-plaintext-info": "¡Estos datos se almacenarán como texto sin formato en la base de datos y en un archivo!",
+      "propagation-seconds": "Segundos de propagación",
+      "propagation-seconds-info": "Deje vacío para usar el valor predeterminado de los complementos. Número de segundos de espera para la propagación de DNS.",
+      "processing-info": "Procesando... Esto puede tardar unos minutos.",
+      "passphrase-protection-support-info": "Los archivos clave protegidos con una frase de contraseña no son compatibles."
+    },
+    "proxy-hosts": {
+      "title": "Servidores proxy",
+      "empty": "No hay Servidores proxy",
+      "add": "Agregar Servidor proxy",
+      "form-title": "{id, select, undefined{Nuevo} other{Editar}} Servidor proxy",
+      "forward-scheme": "Esquema",
+      "forward-host": "Reenviar nombre de servidor / IP",
+      "forward-port": "Reenviar Puerto",
+      "delete": "Borrar Servidor Proxy",
+      "delete-confirm": "¿Está seguro de que desea eliminar el Servidor Proxy para: <strong>{domains}</strong>?",
+      "help-title": "¿Qué es un Servidor proxy?",
+      "help-content": "Un servidor proxy es el punto final entrante para un servicio web que desea reenviar.\nProporciona una terminación SSL opcional para su servicio que podría no tener soporte SSL integrado.\nLos servidores proxy son el uso más común para Nginx Proxy Manager.",
+      "access-list": "Lista de acceso",
+      "allow-websocket-upgrade": "Soporte WebSockets",
+      "ignore-invalid-upstream-ssl": "Ignorar SSL no válido",
+      "custom-forward-host-help": "Agregue una ruta para el reenvío de subcarpetas.\nEjemplo: 203.0.113.25/ruta",
+      "search": "Buscar Servidor..."
+    },
+    "redirection-hosts": {
+      "title": "Servidores de redirección",
+      "empty": "No hay Servidores de redirección",
+      "add": "Agregar Servidor de redirección",
+      "form-title": "{id, select, undefined{Nuevo} other{Editar}} Servidor de redirección",
+      "forward-scheme": "Esquema",
+      "forward-http-status-code": "Código HTTP",
+      "forward-domain": "Reenviar dominio",
+      "preserve-path": "Conservar ruta",
+      "delete": "Borrar Servidor de redirección",
+      "delete-confirm": "¿Está seguro de que desea eliminar el servidor de redirección para: <strong>{domains}</strong>?",
+      "help-title": "¿Qué es un Servidor de redirección?",
+      "help-content": "Un servidor de redirección redirigirá las solicitudes del dominio entrante y empujará al espectador a otro dominio.\nLa razón más común para usar este tipo de servidor es cuando su sitio web cambia de dominio pero aún tiene un motor de búsqueda o enlaces de referencia que apuntan al dominio anterior.",
+      "search": "Buscar Servidor..."
+    },
+    "dead-hosts": {
+      "title": "",
+      "empty": "No hay Servidores 404",
+      "add": "Agregar Servidor 404",
+      "form-title": "{id, select, undefined{Nuevo} other{Editar}} Servidor 404",
+      "delete": "Borrar Servidor 404",
+      "delete-confirm": "¿Está seguro de que desea eliminar este Servidor 404?",
+      "help-title": "¿Qué es un Servidor 404?",
+      "help-content": "Un servidor 404 es simplemente una configuración de servidor que muestra una página 404.\nEsto puede ser útil cuando su dominio aparece en los motores de búsqueda y desea proporcionar una página de error más agradable o específicamente para decirles a los indexadores de búsqueda que las páginas del dominio ya no existen.\nOtro beneficio de tener este servidor es rastrear los registros de visitas y ver las referencias.",
+      "search": "Buscar Servidor..."
+    },
+    "streams": {
+      "title": "Streams",
+      "empty": "No hay Streams",
+      "add": "Agregar Stream",
+      "form-title": "{id, select, undefined{Nuevo} other{Editar}} Stream",
+      "incoming-port": "Puerto entrante",
+      "forwarding-host": "Servidor de reenvío",
+      "forwarding-port": "Puerto de reenvío",
+      "tcp-forwarding": "Reenvío TCP",
+      "udp-forwarding": "Reenvío UDP",
+      "forward-type-error": "Al menos un tipo de protocolo debe estar habilitado",
+      "protocol": "Protocol",
+      "tcp": "TCP",
+      "udp": "UDP",
+      "delete": "Borrar Stream",
+      "delete-confirm": "¿Está seguro de que desea eliminar esta Stream?",
+      "help-title": "¿Qué es un Stream?",
+      "help-content": "Una característica relativamente nueva para Nginx, un Stream servirá para reenviar el tráfico TCP/UDP directamente a otra computadora en la red.\nSi está ejecutando servidores de juegos, servidores FTP o SSH, esto puede ser útil.",
+      "search": "Buscar Puerto entrante..."
+    },
+    "certificates": {
+      "title": "Certificados SSL",
+      "empty": "No hay Certificados SSL",
+      "add": "Agregar Certificado SSL",
+      "form-title": "Agregar {provider, select, letsencrypt Certificado {Let's Encrypt} other{personalizado}}",
+      "delete": "Borrar Certificado SSL",
+      "delete-confirm": "¿Está seguro de que desea eliminar este certificado SSL? Cualquier servidor que lo use deberá actualizarse más tarde.",
+      "help-title": "Certificados SSL",
+      "help-content": "Los certificados SSL (correctamente conocidos como Certificados TLS) son una forma de clave de encriptación que permite que su sitio sea encriptado para el usuario final.\nNginx Proxy Manager usa un servicio llamado Let's Encrypt para emitir certificados SSL gratis.\nSi tiene algún tipo de información personal, contraseñas o datos confidenciales detrás de Nginx Proxy Manager, probablemente sea una buena idea usar un certificado.\nNginx Proxy Manager también es compatible con la autenticación DNS si no está ejecutando su sitio frente a Internet, o si solo desea un certificado comodín.",
+      "other-certificate": "Certificado",
+      "other-certificate-key": "Clave de Certificado",
+      "other-intermediate-certificate": "Certificado Intermedio",
+      "force-renew": "Renovar Ahora",
+      "test-reachability": "Accesibilidad del servidor de prueba",
+      "reachability-title": "Accesibilidad del servidor de prueba",
+      "reachability-info": "Pruebe si se puede acceder a los dominios desde la Internet pública utilizando Site24x7. Esto no es necesario cuando se utiliza el Desafío DNS.",
+      "reachability-failed-to-reach-api": "La comunicación con la API falló, ¿Nginx Proxy Manager se está ejecutando correctamente?",
+      "reachability-failed-to-check": "No se pudo verificar la accesibilidad debido a un error de comunicación con site24x7.com.",
+      "reachability-ok": "Su servidor es accesible y la creación de certificados debería ser posible.",
+      "reachability-404": "Hay un servidor encontrado en este dominio, pero no parece ser Nginx Proxy Manager. Asegúrese de que su dominio apunte a la IP donde se ejecuta su instancia de Nginx Proxy Manager.",
+      "reachability-not-resolved": "No hay servidor disponible en este dominio. Asegúrese de que su dominio exista y apunte a la IP donde se ejecuta su instancia de Nginx Proxy Manager y, si es necesario, se reenvía el puerto 80 en su enrutador.",
+      "reachability-wrong-data": "Se encontró un servidor en este dominio pero devolvió datos inesperados. ¿Es el servidor Nginx Proxy Manager? Asegúrese de que su dominio apunte a la IP donde se ejecuta su instancia de Nginx Proxy Manager.",
+      "reachability-other": "Se encontró un servidor en este dominio pero devolvió un código de estado inesperado {code}. ¿Es el servidor Nginx Proxy Manager? Asegúrese de que su dominio apunte a la IP donde se ejecuta su instancia de Nginx Proxy Manager.",
+      "download": "Descargar",
+      "renew-title": "Renovar Certificado Let's Encrypt",
+      "search": "Buscar Certificado..."
+    },
+    "access-lists": {
+      "title": "Listas de acceso",
+      "empty": "No hay Listas de acceso",
+      "add": "Agregar Listas de acceso",
+      "form-title": "{id, select, undefined{Nueva} other{Editar}} Lista de acceso",
+      "delete": "Borrar Lista de acceso",
+      "delete-confirm": "¿Está seguro de que desea eliminar esta lista de acceso?",
+      "public": "Públicamente Accesible",
+      "public-sub": "Sin restricciones de acceso",
+      "help-title": "¿Qué es una lista de acceso?",
+      "help-content": "Las listas de acceso proporcionan una lista negra o una lista blanca de direcciones IP de clientes específicos junto con la autenticación para los servidores proxy a través de la autenticación HTTP básica.\nPuede configurar varias reglas de cliente, nombres de usuario y contraseñas para una sola lista de acceso y luego aplicarla a un servidor proxy.\nEsto es más útil para los servicios web reenviados que no tienen mecanismos de autenticación integrados o que desea proteger del acceso de clientes desconocidos.",
+      "item-count": "{count} {count, select, 1{Usuario} other{Usuarios}}",
+      "client-count": "{count} {count, select, 1{Regla} other{Reglas}}",
+      "proxy-host-count": "{count} {count, select, 1{Servidor Proxy} other{Servidores Proxy}}",
+      "delete-has-hosts": "Esta lista de acceso está asociada con {count} Servidores Proxy. Estarán disponibles públicamente al eliminarlos.",
+      "details": "Detalles",
+      "authorization": "Autorización",
+      "access": "Acceso",
+      "satisfy": "Satisfacer",
+      "satisfy-any": "Satisfacer cualquiera",
+      "pass-auth": "Pasar autenticación al servidor",
+      "access-add": "Agregar",
+      "auth-add": "Agregar",
+      "search": "Buscar Acceso..."
+    },
+    "users": {
+      "title": "Usuarios",
+      "default_error": "Se debe cambiar la dirección de correo electrónico predeterminada",
+      "add": "Agregar Usuario",
+      "nickname": "Apodo",
+      "full-name": "Nombre completo",
+      "edit-details": "Editar Detalles",
+      "change-password": "Cambia contraseña",
+      "edit-permissions": "Editar Permisos",
+      "sign-in-as": "Iniciar sesión como usuario",
+      "form-title": "{id, select, undefined{Nuevo} other{Editar}} Usuario",
+      "delete": "Borrar {name, select, undefined{Usuario} other{{name}}}",
+      "delete-confirm": "¿Está seguro de que desea eliminar <strong>{name}</strong>?",
+      "password-title": "Cambia la contraseña{self, select, false{ for {name}} other{}}",
+      "current-password": "Contraseña actual",
+      "new-password": "Nueva contraseña",
+      "confirm-password": "Confirmar contraseña",
+      "permissions-title": "Permisos para {name}",
+      "admin-perms": "Este usuario es un administrador y algunos elementos no se pueden modificar",
+      "perms-visibility": "Visibilidad del elemento",
+      "perms-visibility-user": "Solo elementos creados",
+      "perms-visibility-all": "Todos los elementos",
+      "perm-manage": "Administrar",
+      "perm-view": "Sólo vista",
+      "perm-hidden": "Oculto",
+      "search": "Buscar Usuario..."
+    },
+    "audit-log": {
+      "title": "Registro de Auditoría",
+      "empty": "No hay Registros.",
+      "empty-subtitle": "Tan pronto como usted u otro usuario cambien algo, el historial de esos eventos aparecerá aquí.",
+      "proxy-host": "Servidor Proxy",
+      "redirection-host": "Servidor de redirección",
+      "dead-host": "Servidor 404",
+      "stream": "Stream",
+      "user": "Usuario",
+      "certificate": "Certificado",
+      "access-list": "Lista de acceso",
+      "created": "Creado {name}",
+      "updated": "Actualizado {name}",
+      "deleted": "Eliminado {name}",
+      "enabled": "Activado {name}",
+      "disabled": "Desactivado {name}",
+      "renewed": "Renovado {name}",
+      "meta-title": "Detalles del evento",
+      "view-meta": "Ver Detalles",
+      "date": "Fecha",
+      "search": "Buscar Registro..."
+    },
+    "settings": {
+      "title": "Ajustes",
+      "default-site": "Sitio por defecto",
+      "default-site-congratulations": "Página de felicitaciones",
+      "default-site-404": "Página de 404",
+      "default-site-html": "Pagina personalizada",
+      "default-site-redirect": "Redirigir"
+    }
   }
 }

frontend/js/models/stream.js

@@ -15,11 +15,8 @@ const model = Backbone.Model.extend({
             udp_forwarding:  false,
             enabled:         true,
             meta:            {},
-            certificate_id:  0,
-            domain_names:    [],
             // The following are expansions:
-            owner:           null,
+            owner:           null
-            certificate:     null
         };
     }
 });

frontend/package.json

@@ -26,8 +26,8 @@
     "messageformat": "^2.3.0",
     "messageformat-loader": "^0.8.1",
     "mini-css-extract-plugin": "^0.9.0",
-    "moment": "^2.30.1",
+    "moment": "^2.29.4",
-    "sass": "^1.92.1",
+    "node-sass": "^9.0.0",
     "nodemon": "^2.0.2",
     "numeral": "^2.0.6",
     "sass-loader": "^10.0.0",

frontend/scss/tabler-extra.scss

@@ -167,5 +167,4 @@ $pink: #f66d9b;
 
 textarea.form-control.text-monospace {
     font-size: 12px;
-    font-family: monospace;
 }

global/certbot-dns-plugins.json

@@ -10,9 +10,9 @@
 	"active24": {
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
-		"version": "~=2.0.0",
+		"version": "~=1.5.1",
 		"dependencies": "",
-		"credentials": "dns_active24_api_key = <identifier>\ndns_active24_secret = <secret>",
+		"credentials": "dns_active24_token=\"TOKEN\"",
 		"full_plugin_name": "dns-active24"
 	},
 	"aliyun": {
@@ -31,14 +31,6 @@
 		"credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2",
 		"full_plugin_name": "dns-azure"
 	},
-	"baidu": {
-		"name": "baidu",
-		"package_name": "certbot-dns-baidu",
-		"version": "~=0.1.1",
-		"dependencies": "",
-		"credentials": "dns_baidu_access_key = 12345678\ndns_baidu_secret_key = 1234567890abcdef1234567890abcdef",
-		"full_plugin_name": "dns-baidu"
-	},
 	"beget": {
 		"name":"Beget",
 		"package_name": "certbot-beget-plugin",
@@ -55,19 +47,11 @@
 		"credentials": "# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)\ndns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
 		"full_plugin_name": "dns-bunny"
 	},
-	"cdmon": {
-		"name": "cdmon",
-		"package_name": "certbot-dns-cdmon",
-		"version": "~=0.4.1",
-		"dependencies": "",
-		"credentials": "dns_cdmon_api_key=your-cdmon-api-token\ndns_cdmon_domain=your_domain_is_optional",
-		"full_plugin_name": "dns-cdmon"
-	},
 	"cloudflare": {
 		"name": "Cloudflare",
 		"package_name": "certbot-dns-cloudflare",
 		"version": "=={{certbot-version}}",
-		"dependencies": "acme=={{certbot-version}}",
+		"dependencies": "cloudflare==2.19.* acme=={{certbot-version}}",
 		"credentials": "# Cloudflare API token\ndns_cloudflare_api_token=0123456789abcdef0123456789abcdef01234567",
 		"full_plugin_name": "dns-cloudflare"
 	},
@@ -106,19 +90,11 @@
 	"cpanel": {
 		"name": "cPanel",
 		"package_name": "certbot-dns-cpanel",
-		"version": "~=0.4.0",
+		"version": "~=0.2.2",
 		"dependencies": "",
-		"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = your_username\ncpanel_password = your_password\ncpanel_token = your_api_token",
+		"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2",
 		"full_plugin_name": "cpanel"
 	},
-	"ddnss": {
-		"name": "DDNSS",
-		"package_name": "certbot-dns-ddnss",
-		"version": "~=1.1.0",
-		"dependencies": "",
-		"credentials": "dns_ddnss_token = YOUR_DDNSS_API_TOKEN",
-		"full_plugin_name": "dns-ddnss"
-	},
 	"desec": {
 		"name": "deSEC",
 		"package_name": "certbot-dns-desec",
@@ -185,11 +161,11 @@
 	},
 	"domainoffensive": {
 		"name": "DomainOffensive (do.de)",
-		"package_name": "certbot-dns-domainoffensive",
+		"package_name": "certbot-dns-do",
-		"version": "~=2.0.0",
+		"version": "~=0.31.0",
 		"dependencies": "",
-		"credentials": "dns_domainoffensive_api_token = YOUR_DO_DE_AUTH_TOKEN",
+		"credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN",
-		"full_plugin_name": "dns-domainoffensive"
+		"full_plugin_name": "dns-do"
 	},
 	"domeneshop": {
 		"name": "Domeneshop",
@@ -223,14 +199,6 @@
 		"credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy",
 		"full_plugin_name": "dns-eurodns"
 	},
-	"firstdomains": {
-                "name": "First Domains",
-                "package_name": "certbot-dns-firstdomains",
-                "version": ">=1.0",
-                "dependencies": "",
-                "credentials": "dns_firstdomains_username = myremoteuser\ndns_firstdomains_password = verysecureremoteuserpassword",
-                "full_plugin_name": "dns-firstdomains"
-        },
 	"freedns": {
 		"name": "FreeDNS",
 		"package_name": "certbot-dns-freedns",
@@ -241,8 +209,8 @@
 	},
 	"gandi": {
 		"name": "Gandi Live DNS",
-		"package_name": "certbot-dns-gandi",
+		"package_name": "certbot_plugin_gandi",
-		"version": "~=1.6.1",
+		"version": "~=1.5.0",
 		"dependencies": "",
 		"credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN",
 		"full_plugin_name": "dns-gandi"
@@ -396,7 +364,7 @@
 		"package_name": "certbot-dns-mijn-host",
 		"version": "~=0.0.4",
 		"dependencies": "",
-		"credentials": "dns_mijn_host_api_key=0123456789abcdef0123456789abcdef",
+		"credentials": "dns-mijn-host-credentials = /etc/letsencrypt/mijnhost-credentials.ini",
 		"full_plugin_name": "dns-mijn-host"
 	},
 	"namecheap": {
@@ -415,14 +383,6 @@
 		"credentials": "dns_netcup_customer_id  = 123456\ndns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123",
 		"full_plugin_name": "dns-netcup"
 	},
-	"nicru": {
-		"name": "nic.ru",
-		"package_name": "certbot-dns-nicru",
-		"version": "~=1.0.3",
-		"dependencies": "",
-		"credentials": "dns_nicru_client_id = application-id\ndns_nicru_client_secret = application-token\ndns_nicru_username = 0001110/NIC-D\ndns_nicru_password = password\ndns_nicru_scope = .+:.+/zones/example.com(/.+)?\ndns_nicru_service = DNS_SERVICE_NAME\ndns_nicru_zone = example.com",
-		"full_plugin_name": "dns-nicru"
-	},
 	"njalla": {
 		"name": "Njalla",
 		"package_name": "certbot-dns-njalla",
@@ -511,30 +471,14 @@
 		"credentials": "[default]\naws_access_key_id=AKIAIOSFODNN7EXAMPLE\naws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
 		"full_plugin_name": "dns-route53"
 	},
-	"spaceship": {
-		"name": "Spaceship",
-		"package_name": "certbot-dns-spaceship",
-		"version": "~=1.0.4",
-		"dependencies": "",
-		"credentials": "[spaceship]\napi_key=your_api_key\napi_secret=your_api_secret",
-		"full_plugin_name": "dns-spaceship"
-	},
 	"strato": {
 		"name": "Strato",
 		"package_name": "certbot-dns-strato",
-		"version": "~=0.2.2",
+		"version": "~=0.2.1",
 		"dependencies": "",
 		"credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
 		"full_plugin_name": "dns-strato"
 	},
-	        "selectelv2": {
-                "name": "Selectel api v2",
-                "package_name": "certbot-dns-selectel-api-v2",
-                "version": "~=0.3.0",
-                "dependencies": "",
-                "credentials": "dns_selectel_api_v2_account_id = your_account_id\ndns_selectel_api_v2_project_name = your_project\ndns_selectel_api_v2_username = your_username\ndns_selectel_api_v2_password = your_password",
-                "full_plugin_name": "dns-selectel-api-v2"
-        },
 	"timeweb": {
 		"name": "Timeweb Cloud",
 		"package_name": "certbot-dns-timeweb",
@@ -590,13 +534,5 @@
 		"dependencies": "",
 		"credentials": "edgedns_client_secret = as3d1asd5d1a32sdfsdfs2d1asd5=\nedgedns_host = sdflskjdf-dfsdfsdf-sdfsdfsdf.luna.akamaiapis.net\nedgedns_access_token = kjdsi3-34rfsdfsdf-234234fsdfsdf\nedgedns_client_token = dkfjdf-342fsdfsd-23fsdfsdfsdf",
 		"full_plugin_name": "edgedns"
-	},
+	}
-	"zoneedit": {
+}
-		"name": "ZoneEdit",
-		"package_name": "certbot-dns-zoneedit",
-		"version": "~=0.3.2",
-		"dependencies": "--no-deps dnspython",
-		"credentials": "dns_zoneedit_user = <login-user-id>\ndns_zoneedit_token = <dyn-authentication-token>",
-		"full_plugin_name": "dns-zoneedit"
- 	}
-}

test/cypress/Dockerfile

@@ -1,22 +1,11 @@
-FROM cypress/included:14.0.1
+FROM cypress/included:13.9.0
+
+COPY --chown=1000 ./test /test
 
 # Disable Cypress CLI colors
 ENV FORCE_COLOR=0
 ENV NO_COLOR=1
 
-# testssl.sh and mkcert
-RUN wget "https://github.com/testssl/testssl.sh/archive/refs/tags/v3.2rc4.tar.gz" -O /tmp/testssl.tgz -q \
-	&& tar -xzf /tmp/testssl.tgz -C /tmp \
-	&& mv /tmp/testssl.sh-3.2rc4 /testssl \
-	&& rm /tmp/testssl.tgz \
-	&& apt-get update \
-	&& apt-get install -y bsdmainutils curl dnsutils \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& wget "https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64" -O /bin/mkcert \
-	&& chmod +x /bin/mkcert
-
-COPY --chown=1000 ./test /test
 WORKDIR /test
 RUN yarn install && yarn cache clean
 ENTRYPOINT []

test/cypress/e2e/api/Certificates.cy.js

@@ -10,7 +10,7 @@ describe('Certificates endpoints', () => {
 		});
 	});
 
-	it('Validate custom certificate', () => {
+	it('Validate custom certificate', function() {
 		cy.task('backendApiPostFiles', {
 			token: token,
 			path:  '/api/nginx/certificates/validate',
@@ -25,7 +25,7 @@ describe('Certificates endpoints', () => {
 		});
 	});
 
-	it('Custom certificate lifecycle', () => {
+	it('Custom certificate lifecycle', function() {
 		// Create custom cert
 		cy.task('backendApiPost', {
 			token: token,
@@ -73,7 +73,7 @@ describe('Certificates endpoints', () => {
 		});
 	});
 
-	it('Request Certificate - CVE-2024-46256/CVE-2024-46257', () => {
+	it('Request Certificate - CVE-2024-46256/CVE-2024-46257', function() {
 		cy.task('backendApiPost', {
 			token: token,
 			path:  '/api/nginx/certificates',
@@ -96,28 +96,4 @@ describe('Certificates endpoints', () => {
 			expect(data.error.message).to.contain('data/domain_names/0 must match pattern');
 		});
 	});
-
-	it('Request Certificate - LE Email Escaped', () => {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/certificates',
-			data:  {
-				domain_names: ['test.com"||echo hello-world||\\\\n test.com"'],
-				meta:         {
-					dns_challenge:     false,
-					letsencrypt_agree: true,
-					letsencrypt_email: "admin@example.com' --version;echo hello-world",
-				},
-				provider: 'letsencrypt',
-			},
-			returnOnError: true,
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 400, '/nginx/certificates', data);
-			expect(data).to.have.property('error');
-			expect(data.error).to.have.property('message');
-			expect(data.error).to.have.property('code');
-			expect(data.error.code).to.equal(400);
-			expect(data.error.message).to.contain('data/meta/letsencrypt_email must match pattern');
-		});
-	});
 });

test/cypress/e2e/api/Dashboard.cy.js

@@ -1,25 +0,0 @@
-/// <reference types="cypress" />
-
-describe('Dashboard endpoints', () => {
-	let token;
-
-	before(() => {
-		cy.getToken().then((tok) => {
-			token = tok;
-		});
-	});
-
-	it('Should be able to get host counts', () => {
-		cy.task('backendApiGet', {
-			token: token,
-			path:  '/api/reports/hosts'
-		}).then((data) => {
-			cy.validateSwaggerSchema('get', 200, '/reports/hosts', data);
-			expect(data).to.have.property('dead');
-			expect(data).to.have.property('proxy');
-			expect(data).to.have.property('redirection');
-			expect(data).to.have.property('stream');
-		});
-	});
-
-});

test/cypress/e2e/api/FullCertProvision.cy.js

@@ -9,7 +9,7 @@ describe('Full Certificate Provisions', () => {
 		});
 	});
 
-	it('Should be able to create new http certificate', () => {
+	it('Should be able to create new http certificate', function() {
 		cy.task('backendApiPost', {
 			token: token,
 			path:  '/api/nginx/certificates',
@@ -32,7 +32,7 @@ describe('Full Certificate Provisions', () => {
 		});
 	});
 
-	it('Should be able to create new DNS certificate with Powerdns', () => {
+	it('Should be able to create new DNS certificate with Powerdns', function() {
 		cy.task('backendApiPost', {
 			token: token,
 			path:  '/api/nginx/certificates',

test/cypress/e2e/api/Health.cy.js

@@ -1,7 +1,7 @@
 /// <reference types="cypress" />
 
 describe('Basic API checks', () => {
-	it('Should return a valid health payload', () => {
+	it('Should return a valid health payload', function () {
 		cy.task('backendApiGet', {
 			path: '/api/',
 		}).then((data) => {
@@ -10,9 +10,9 @@ describe('Basic API checks', () => {
 		});
 	});
 
-	it('Should return a valid schema payload', () => {
+	it('Should return a valid schema payload', function () {
 		cy.task('backendApiGet', {
-			path: `/api/schema?ts=${Date.now()}`,
+			path: '/api/schema?ts=' + Date.now(),
 		}).then((data) => {
 			expect(data.openapi).to.be.equal('3.1.0');
 		});

test/cypress/e2e/api/Ldap.cy.js

@@ -1,12 +1,12 @@
 /// <reference types="cypress" />
 
 describe('LDAP with Authentik', () => {
-	let _token;
+	let token;
 	if (Cypress.env('skipStackCheck') === 'true' || Cypress.env('stack') === 'postgres') {
 
 		before(() => {
 			cy.getToken().then((tok) => {
-				_token = tok;
+				token = tok;
 
 				// cy.task('backendApiPut', {
 				// 	token: token,
@@ -45,7 +45,7 @@ describe('LDAP with Authentik', () => {
 			});
 		});
 
-		it.skip('Should log in with LDAP', () => {
+		it.skip('Should log in with LDAP', function() {
 			// cy.task('backendApiPost', {
 			// 	token: token,
 			// 	path:  '/api/auth',

test/cypress/e2e/api/OAuth.cy.js

@@ -1,12 +1,12 @@
 /// <reference types="cypress" />
 
 describe('OAuth with Authentik', () => {
-	let _token;
+	let token;
 	if (Cypress.env('skipStackCheck') === 'true' || Cypress.env('stack') === 'postgres') {
 
 		before(() => {
 			cy.getToken().then((tok) => {
-				_token = tok;
+				token = tok;
 
 				// cy.task('backendApiPut', {
 				// 	token: token,
@@ -47,7 +47,7 @@ describe('OAuth with Authentik', () => {
 			});
 		});
 
-		it.skip('Should log in with OAuth', () => {
+		it.skip('Should log in with OAuth', function() {
 			// cy.task('backendApiGet', {
 			// 	path:  '/oauth/login?redirect_base=' + encodeURI(Cypress.config('baseUrl')),
 			// }).then((data) => {

test/cypress/e2e/api/ProxyHosts.cy.js

@@ -9,7 +9,7 @@ describe('Proxy Hosts endpoints', () => {
 		});
 	});
 
-	it('Should be able to create a http host', () => {
+	it('Should be able to create a http host', function() {
 		cy.task('backendApiPost', {
 			token: token,
 			path:  '/api/nginx/proxy-hosts',

test/cypress/e2e/api/Settings.cy.js

@@ -9,7 +9,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Get all settings', () => {
+	it('Get all settings', function() {
 		cy.task('backendApiGet', {
 			token: token,
 			path:  '/api/settings',
@@ -19,7 +19,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Get default-site setting', () => {
+	it('Get default-site setting', function() {
 		cy.task('backendApiGet', {
 			token: token,
 			path:  '/api/settings/default-site',
@@ -30,7 +30,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Default Site congratulations', () => {
+	it('Default Site congratulations', function() {
 		cy.task('backendApiPut', {
 			token: token,
 			path:  '/api/settings/default-site',
@@ -46,7 +46,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Default Site 404', () => {
+	it('Default Site 404', function() {
 		cy.task('backendApiPut', {
 			token: token,
 			path:  '/api/settings/default-site',
@@ -62,7 +62,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Default Site 444', () => {
+	it('Default Site 444', function() {
 		cy.task('backendApiPut', {
 			token: token,
 			path:  '/api/settings/default-site',
@@ -78,7 +78,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Default Site redirect', () => {
+	it('Default Site redirect', function() {
 		cy.task('backendApiPut', {
 			token: token,
 			path:  '/api/settings/default-site',
@@ -100,7 +100,7 @@ describe('Settings endpoints', () => {
 		});
 	});
 
-	it('Default Site html', () => {
+	it('Default Site html', function() {
 		cy.task('backendApiPut', {
 			token: token,
 			path:  '/api/settings/default-site',

test/cypress/e2e/api/Streams.cy.js

@@ -1,225 +0,0 @@
-/// <reference types="cypress" />
-
-describe('Streams', () => {
-	let token;
-
-	before(() => {
-		cy.getToken().then((tok) => {
-			token = tok;
-			// Set default site content
-			cy.task('backendApiPut', {
-				token: token,
-				path:  '/api/settings/default-site',
-				data: {
-					value: 'html',
-					meta: {
-						html: '<p>yay it works</p>'
-					},
-				},
-			}).then((data) => {
-				cy.validateSwaggerSchema('put', 200, '/settings/{settingID}', data);
-			});
-		});
-
-		// Create a custom cert pair
-		cy.exec('mkcert -cert-file=/test/cypress/fixtures/website1.pem -key-file=/test/cypress/fixtures/website1.key.pem website1.example.com').then((result) => {
-			expect(result.code).to.eq(0);
-			// Install CA
-			cy.exec('mkcert -install').then((result) => {
-				expect(result.code).to.eq(0);
-			});
-		});
-
-		cy.exec('rm -f /test/results/testssl.json');
-	});
-
-	it('Should be able to create TCP Stream', () => {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/streams',
-			data:  {
-				incoming_port: 1500,
-				forwarding_host: '127.0.0.1',
-				forwarding_port: 80,
-				certificate_id: 0,
-				meta: {
-					dns_provider_credentials: "",
-					letsencrypt_agree: false,
-					dns_challenge: true
-				},
-				tcp_forwarding: true,
-				udp_forwarding: false
-			}
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-			expect(data).to.have.property('id');
-			expect(data.id).to.be.greaterThan(0);
-			expect(data).to.have.property('enabled', true);
-			expect(data).to.have.property('tcp_forwarding', true);
-			expect(data).to.have.property('udp_forwarding', false);
-
-			cy.exec('curl --noproxy -- http://website1.example.com:1500').then((result) => {
-				expect(result.code).to.eq(0);
-				expect(result.stdout).to.contain('yay it works');
-			});
-		});
-	});
-
-	it('Should be able to create UDP Stream', () => {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/streams',
-			data:  {
-				incoming_port: 1501,
-				forwarding_host: '127.0.0.1',
-				forwarding_port: 80,
-				certificate_id: 0,
-				meta: {
-					dns_provider_credentials: "",
-					letsencrypt_agree: false,
-					dns_challenge: true
-				},
-				tcp_forwarding: false,
-				udp_forwarding: true
-			}
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-			expect(data).to.have.property('id');
-			expect(data.id).to.be.greaterThan(0);
-			expect(data).to.have.property('enabled', true);
-			expect(data).to.have.property('tcp_forwarding', false);
-			expect(data).to.have.property('udp_forwarding', true);
-		});
-	});
-
-	it('Should be able to create TCP/UDP Stream', () => {
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/streams',
-			data:  {
-				incoming_port: 1502,
-				forwarding_host: '127.0.0.1',
-				forwarding_port: 80,
-				certificate_id: 0,
-				meta: {
-					dns_provider_credentials: "",
-					letsencrypt_agree: false,
-					dns_challenge: true
-				},
-				tcp_forwarding: true,
-				udp_forwarding: true
-			}
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-			expect(data).to.have.property('id');
-			expect(data.id).to.be.greaterThan(0);
-			expect(data).to.have.property('enabled', true);
-			expect(data).to.have.property('tcp_forwarding', true);
-			expect(data).to.have.property('udp_forwarding', true);
-
-			cy.exec('curl --noproxy -- http://website1.example.com:1502').then((result) => {
-				expect(result.code).to.eq(0);
-				expect(result.stdout).to.contain('yay it works');
-			});
-		});
-	});
-
-	it('Should be able to create SSL TCP Stream', () => {
-		let certID = 0;
-
-		// Create custom cert
-		cy.task('backendApiPost', {
-			token: token,
-			path:  '/api/nginx/certificates',
-			data:  {
-				provider: "other",
-				nice_name: "Custom Certificate for SSL Stream",
-			},
-		}).then((data) => {
-			cy.validateSwaggerSchema('post', 201, '/nginx/certificates', data);
-			expect(data).to.have.property('id');
-			certID = data.id;
-
-			// Upload files
-			cy.task('backendApiPostFiles', {
-				token: token,
-				path:  `/api/nginx/certificates/${certID}/upload`,
-				files:  {
-					certificate: 'website1.pem',
-					certificate_key: 'website1.key.pem',
-				},
-			}).then((data) => {
-				cy.validateSwaggerSchema('post', 200, '/nginx/certificates/{certID}/upload', data);
-				expect(data).to.have.property('certificate');
-				expect(data).to.have.property('certificate_key');
-
-				// Create the stream
-				cy.task('backendApiPost', {
-					token: token,
-					path:  '/api/nginx/streams',
-					data:  {
-						incoming_port: 1503,
-						forwarding_host: '127.0.0.1',
-						forwarding_port: 80,
-						certificate_id: certID,
-						meta: {
-							dns_provider_credentials: "",
-							letsencrypt_agree: false,
-							dns_challenge: true
-						},
-						tcp_forwarding: true,
-						udp_forwarding: false
-					}
-				}).then((data) => {
-					cy.validateSwaggerSchema('post', 201, '/nginx/streams', data);
-					expect(data).to.have.property('id');
-					expect(data.id).to.be.greaterThan(0);
-					expect(data).to.have.property("enabled", true);
-					expect(data).to.have.property('tcp_forwarding', true);
-					expect(data).to.have.property('udp_forwarding', false);
-					expect(data).to.have.property('certificate_id', certID);
-
-					// Check the ssl termination
-					cy.task('log', '[testssl.sh] Running ...');
-					cy.exec('/testssl/testssl.sh --quiet --add-ca="$(/bin/mkcert -CAROOT)/rootCA.pem" --jsonfile=/test/results/testssl.json website1.example.com:1503', {
-						timeout: 120000, // 2 minutes
-					}).then((result) => {
-						cy.task('log', `[testssl.sh] ${result.stdout}`);
-
-						const allowedSeverities = ["INFO", "OK", "LOW", "MEDIUM"];
-						const ignoredIDs = [
-							'cert_chain_of_trust',
-							'cert_extlifeSpan',
-							'cert_revocation',
-							'overall_grade',
-						];
-
-						cy.readFile('/test/results/testssl.json').then((data) => {
-							// Parse each array item
-							for (let i = 0; i < data.length; i++) {
-								const item = data[i];
-								if (ignoredIDs.includes(item.id)) {
-									continue;
-								}
-								expect(item.severity).to.be.oneOf(allowedSeverities);
-							}
-						});
-					});
-				});
-			});
-		});
-	});
-
-	it('Should be able to List Streams', () => {
-		cy.task('backendApiGet', {
-			token: token,
-			path:  '/api/nginx/streams?expand=owner,certificate',
-		}).then((data) => {
-			cy.validateSwaggerSchema('get', 200, '/nginx/streams', data);
-			expect(data.length).to.be.greaterThan(0);
-			expect(data[0]).to.have.property('id');
-			expect(data[0]).to.have.property('enabled');
-		});
-	});
-
-});

test/cypress/e2e/api/Users.cy.js

@@ -9,7 +9,7 @@ describe('Users endpoints', () => {
 		});
 	});
 
-	it('Should be able to get yourself', () => {
+	it('Should be able to get yourself', function() {
 		cy.task('backendApiGet', {
 			token: token,
 			path:  '/api/users/me'
@@ -20,7 +20,7 @@ describe('Users endpoints', () => {
 		});
 	});
 
-	it('Should be able to get all users', () => {
+	it('Should be able to get all users', function() {
 		cy.task('backendApiGet', {
 			token: token,
 			path:  '/api/users'
@@ -30,7 +30,7 @@ describe('Users endpoints', () => {
 		});
 	});
 
-	it('Should be able to update yourself', () => {
+	it('Should be able to update yourself', function() {
 		cy.task('backendApiPut', {
 			token: token,
 			path:  '/api/users/me',

test/package.json

@@ -4,18 +4,18 @@
 	"description": "",
 	"main": "index.js",
 	"dependencies": {
-		"@jc21/cypress-swagger-validation": "^0.3.2",
+		"@jc21/cypress-swagger-validation": "^0.3.1",
-		"axios": "^1.7.9",
+		"axios": "^1.7.7",
-		"cypress": "^14.0.1",
+		"cypress": "^13.15.0",
-		"cypress-multi-reporters": "^2.0.5",
+		"cypress-multi-reporters": "^1.6.4",
 		"cypress-wait-until": "^3.0.2",
-		"eslint": "^9.19.0",
+		"eslint": "^9.12.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
 		"eslint-plugin-chai-friendly": "^1.0.1",
-		"eslint-plugin-cypress": "^4.1.0",
+		"eslint-plugin-cypress": "^3.5.0",
 		"form-data": "^4.0.1",
 		"lodash": "^4.17.21",
-		"mocha": "^11.1.0",
+		"mocha": "^10.7.3",
 		"mocha-junit-reporter": "^2.2.1"
 	},
 	"scripts": {