Merge pull request #2738 from NginxProxyManager/develop

v2.9.22
Merge branch 'master' into develop
2025-06-18 02:06:25 +00:00 · 2023-03-24 08:48:45 +10:00 · 2023-03-24 08:19:54 +10:00 · 2023-03-24 08:15:27 +10:00 · 2023-03-18 17:45:31 +10:00 · 2023-03-18 16:10:27 +10:00
155 changed files with 3495 additions and 5655 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.9.9
+2.9.22
--- a/89
+++ b/89
@ -1,3 +1,9 @@
+import groovy.transform.Field
+
+@Field
+def shOutput = ""
+def buildxPushTags = ""
+
 pipeline {
 	agent {
 		label 'docker-multiarch'
@ -16,6 +22,8 @@ pipeline {
 		COMPOSE_FILE               = 'docker/docker-compose.ci.yml'
 		COMPOSE_INTERACTIVE_NO_CLI = 1
 		BUILDX_NAME                = "${COMPOSE_PROJECT_NAME}"
+		DOCS_BUCKET                = 'jc21-npm-site'
+		DOCS_CDN                   = 'EN1G6DEWZUTDT'
 	}
 	stages {
 		stage('Environment') {
@ -26,7 +34,7 @@ pipeline {
 					}
 					steps {
 						script {
-							env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
+							buildxPushTags = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
 						}
 					}
 				}
@ -39,7 +47,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
 						}
 					}
 				}
@ -54,34 +62,28 @@ pipeline {
 				}
 			}
 		}
-		stage('Frontend') {
+		stage('Build and Test') {
 			steps {
-				sh './scripts/frontend-build'
+				script {
+					// Frontend and Backend
+					def shStatusCode = sh(label: 'Checking and Building', returnStatus: true, script: '''
+						set -e
+						./scripts/ci/frontend-build > ${WORKSPACE}/tmp-sh-build 2>&1
+						./scripts/ci/test-and-build > ${WORKSPACE}/tmp-sh-build 2>&1
+					''')
+					shOutput = readFile "${env.WORKSPACE}/tmp-sh-build"
+					if (shStatusCode != 0) {
+						error "${shOutput}"
+					}
+				}
 			}
-		}
-		stage('Backend') {
-			steps {
-				echo 'Checking Syntax ...'
-				// See: https://github.com/yarnpkg/yarn/issues/3254
-				sh '''docker run --rm \\
-					-v "$(pwd)/backend:/app" \\
-					-v "$(pwd)/global:/app/global" \\
-					-w /app \\
-					node:latest \\
-					sh -c "yarn install && yarn eslint . && rm -rf node_modules"
-				'''
-
-				echo 'Docker Build ...'
-				sh '''docker build --pull --no-cache --squash --compress \\
-					-t "${IMAGE}:ci-${BUILD_NUMBER}" \\
-					-f docker/Dockerfile \\
-					--build-arg TARGETPLATFORM=linux/amd64 \\
-					--build-arg BUILDPLATFORM=linux/amd64 \\
-					--build-arg BUILD_VERSION="${BUILD_VERSION}" \\
-					--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \\
-					--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \\
-					.
-				'''
+			post {
+				always {
+					sh 'rm -f ${WORKSPACE}/tmp-sh-build'
+				}
+				failure {
+					npmGithubPrComment("CI Error:\n\n```\n${shOutput}\n```", true)
+				}
 			}
 		}
 		stage('Integration Tests Sqlite') {
@ -163,10 +165,8 @@ pipeline {
 			}
 			steps {
 				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
-					// Docker Login
-					sh "docker login -u '${duser}' -p '${dpass}'"
-					// Buildx with push from cache
-					sh "./scripts/buildx --push ${BUILDX_PUSH_TAGS}"
+					sh 'docker login -u "${duser}" -p "${dpass}"'
+					sh "./scripts/buildx --push ${buildxPushTags}"
 				}
 			}
 		}
@ -180,26 +180,7 @@ pipeline {
 				}
 			}
 			steps {
-				withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', accessKeyVariable: 'AWS_ACCESS_KEY_ID', credentialsId: 'npm-s3-docs', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) {
-					sh """docker run --rm \\
-						--name \${COMPOSE_PROJECT_NAME}-docs-upload \\
-						-e S3_BUCKET=jc21-npm-site \\
-						-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \\
-						-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \\
-						-v \$(pwd):/app \\
-						-w /app \\
-						jc21/ci-tools \\
-						scripts/docs-upload /app/docs/.vuepress/dist/
-					"""
-
-					sh """docker run --rm \\
-						--name \${COMPOSE_PROJECT_NAME}-docs-invalidate \\
-						-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \\
-						-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \\
-						jc21/ci-tools \\
-						aws cloudfront create-invalidation --distribution-id EN1G6DEWZUTDT --paths '/*'
-					"""
-				}
+				npmDocsRelease("$DOCS_BUCKET", "$DOCS_CDN")
 			}
 		}
 		stage('PR Comment') {
@ -213,14 +194,14 @@ pipeline {
 			}
 			steps {
 				script {
-					def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.")
+					npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
 				}
 			}
 		}
 	}
 	post {
 		always {
-			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
+			sh 'docker-compose down --remove-orphans --volumes -t 30'
 			sh 'echo Reverting ownership'
 			sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
 		}
--- a/README.md
+++ b/README.md
@ -1,22 +1,13 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.9-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.22-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
-	<a href="https://ci.nginxproxymanager.com/blue/organizations/jenkins/nginx-proxy-manager/branches/">
-		<img src="https://img.shields.io/jenkins/build?jobUrl=https%3A%2F%2Fci.nginxproxymanager.com%2Fjob%2Fnginx-proxy-manager%2Fjob%2Fmaster&style=for-the-badge">
-	</a>
-	<a href="https://gitter.im/nginx-proxy-manager/community">
-		<img alt="Gitter" src="https://img.shields.io/gitter/room/nginx-proxy-manager/community?style=for-the-badge">
-	</a>
-	<a href="https://reddit.com/r/nginxproxymanager">
-		<img alt="Reddit" src="https://img.shields.io/reddit/subreddit-subscribers/nginxproxymanager?label=Reddit%20Community&style=for-the-badge">
-	</a>
 </p>

 This project comes as a pre-built docker image that enables you to easily forward to your websites
@ -74,31 +65,19 @@ services:
      - '80:80'
      - '81:81'
      - '443:443'
-    environment:
-      DB_MYSQL_HOST: "db"
-      DB_MYSQL_PORT: 3306
-      DB_MYSQL_USER: "npm"
-      DB_MYSQL_PASSWORD: "npm"
-      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
-  db:
-    image: 'jc21/mariadb-aria:latest'
-    restart: unless-stopped
-    environment:
-      MYSQL_ROOT_PASSWORD: 'npm'
-      MYSQL_DATABASE: 'npm'
-      MYSQL_USER: 'npm'
-      MYSQL_PASSWORD: 'npm'
-    volumes:
-      - ./data/mysql:/var/lib/mysql
 ```

-3. Bring up your stack
+3. Bring up your stack by running

 ```bash
 docker-compose up -d
+
+# If using docker-compose-plugin
+docker compose up -d
+
 ```

 4. Log in to the Admin UI
@ -119,395 +98,12 @@ Immediately after logging in with this default user you will be asked to modify

 ## Contributors

-Special thanks to the following contributors:
+Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).

-<!-- prettier-ignore-start -->
-<!-- markdownlint-disable -->
-<table>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/Subv">
-				<img src="https://avatars1.githubusercontent.com/u/357072?s=460&u=d8adcdc91d749ae53e177973ed9b6bb6c4c894a3&v=4" width="80" alt=""/>
-				<br /><sub><b>Sebastian Valle</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Indemnity83">
-				<img src="https://avatars3.githubusercontent.com/u/35218?s=460&u=7082004ff35138157c868d7d9c683ccebfce5968&v=4" width="80" alt=""/>
-				<br /><sub><b>Kyle Klaus</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/theraw">
-				<img src="https://avatars1.githubusercontent.com/u/32969774?s=460&u=6b359971e15685fb0359e6a8c065a399b40dc228&v=4" width="80" alt=""/>
-				<br /><sub><b>ƬHE ЯAW</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/spalger">
-				<img src="https://avatars2.githubusercontent.com/u/1329312?s=400&u=565223e38f1c052afb4c5dcca3fcf1c63ba17ae7&v=4" width="80" alt=""/>
-				<br /><sub><b>Spencer</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Xantios">
-				<img src="https://avatars3.githubusercontent.com/u/1507836?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Xantios Krugor</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/dpanesso">
-				<img src="https://avatars2.githubusercontent.com/u/2687121?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>David Panesso</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/IronTooch">
-				<img src="https://avatars3.githubusercontent.com/u/27360514?s=460&u=69bf854a6647c55725f62ecb8d39249c6c0b2602&v=4" width="80" alt=""/>
-				<br /><sub><b>IronTooch</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/damianog">
-				<img src="https://avatars1.githubusercontent.com/u/2786682?s=460&u=76c6136fae797abb76b951cd8a246dcaecaf21af&v=4" width="80" alt=""/>
-				<br /><sub><b>Damiano</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/tfmm">
-				<img src="https://avatars3.githubusercontent.com/u/6880538?s=460&u=ce0160821cc4aa802df8395200f2d4956a5bc541&v=4" width="80" alt=""/>
-				<br /><sub><b>Russ</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/margaale">
-				<img src="https://avatars3.githubusercontent.com/u/20794934?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Marcelo Castagna</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Steven-Harris">
-				<img src="https://avatars2.githubusercontent.com/u/7720242?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Steven Harris</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/jlesage">
-				<img src="https://avatars0.githubusercontent.com/u/1791123?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Jocelyn Le Sage</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/cmer">
-				<img src="https://avatars0.githubusercontent.com/u/412?s=460&u=67dd8b2e3661bfd6f68ec1eaa5b9821bd8a321cd&v=4" width="80" alt=""/>
-				<br /><sub><b>Carl Mercier</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/the1ts">
-				<img src="https://avatars1.githubusercontent.com/u/84956?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Paul Mansfield</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/OhHeyAlan">
-				<img src="https://avatars0.githubusercontent.com/u/11955126?s=460&u=fbaa5a1a4f73ef8960132c703349bfd037fe2630&v=4" width="80" alt=""/>
-				<br /><sub><b>OhHeyAlan</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/dogmatic69">
-				<img src="https://avatars2.githubusercontent.com/u/94674?s=460&u=ca7647de53145c6283b6373ade5dc94ba99347db&v=4" width="80" alt=""/>
-				<br /><sub><b>Carl Sutton</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/tg44">
-				<img src="https://avatars0.githubusercontent.com/u/31839?s=460&u=ad32f4cadfef5e5fb09cdfa4b7b7b36a99ba6811&v=4" width="80" alt=""/>
-				<br /><sub><b>Gergő Törcsvári</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/vrenjith">
-				<img src="https://avatars3.githubusercontent.com/u/2093241?s=460&u=96ce93a9bebabdd0a60a2dc96cd093a41d5edaba&v=4" width="80" alt=""/>
-				<br /><sub><b>vrenjith</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/duhruh">
-				<img src="https://avatars2.githubusercontent.com/u/1133969?s=460&u=c0691e6131ec6d516416c1c6fcedb5034f877bbe&v=4" width="80" alt=""/>
-				<br /><sub><b>David Rivera</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/jipjan">
-				<img src="https://avatars2.githubusercontent.com/u/1384618?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Jaap-Jan de Wit</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/jmwebslave">
-				<img src="https://avatars2.githubusercontent.com/u/6118262?s=460&u=7db409c47135b1e141c366bbb03ed9fae6ac2638&v=4" width="80" alt=""/>
-				<br /><sub><b>James Morgan</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/chaptergy">
-				<img src="https://avatars2.githubusercontent.com/u/26956711?s=460&u=7d9adebabb6b4e7af7cb05d98d751087a372304b&v=4" width="80" alt=""/>
-				<br /><sub><b>chaptergy</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Philip-Mooney">
-				<img src="https://avatars0.githubusercontent.com/u/48624631?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Philip Mooney</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/WaterCalm">
-				<img src="https://avatars1.githubusercontent.com/u/23502129?s=400&v=4" width="80" alt=""/>
-				<br /><sub><b>WaterCalm</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/lebrou34">
-				<img src="https://avatars1.githubusercontent.com/u/16373103?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>lebrou34</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/lightglitch">
-				<img src="https://avatars0.githubusercontent.com/u/196953?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Mário Franco</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/klutchell">
-				<img src="https://avatars3.githubusercontent.com/u/20458272?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Kyle Harding</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/ahgraber">
-				<img src="https://avatars.githubusercontent.com/u/24922003?s=460&u=8376c9f00af9b6057ba4d2fb03b4f1b20a75277f&v=4" width="80" alt=""/>
-				<br /><sub><b>Alex Graber</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/MooBaloo">
-				<img src="https://avatars.githubusercontent.com/u/9493496?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>MooBaloo</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Shuro">
-				<img src="https://avatars.githubusercontent.com/u/944030?s=460&v=4" width="80" alt=""/>
-				<br /><sub><b>Shuro</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/lorisbergeron">
-				<img src="https://avatars.githubusercontent.com/u/51918567?s=460&u=778e4ff284b7d7304450f98421c99f79298371fb&v=4" width="80" alt=""/>
-				<br /><sub><b>Loris Bergeron</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/hepelayo">
-				<img src="https://avatars.githubusercontent.com/u/8243119?v=4" width="80" alt=""/>
-				<br /><sub><b>hepelayo</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/jonasled">
-				<img src="https://avatars.githubusercontent.com/u/46790650?v=4" width="80" alt=""/>
-				<br /><sub><b>Jonas Leder</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/stegmannb">
-				<img src="https://avatars.githubusercontent.com/u/12850482?v=4" width="80" alt=""/>
-				<br /><sub><b>Bastian Stegmann</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Stealthii">
-				<img src="https://avatars.githubusercontent.com/u/998920?v=4" width="80" alt=""/>
-				<br /><sub><b>Stealthii</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/thegamingninja">
-				<img src="https://avatars.githubusercontent.com/u/8020534?v=4" width="80" alt=""/>
-				<br /><sub><b>THEGamingninja</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/italobb">
-				<img src="https://avatars.githubusercontent.com/u/1801687?v=4" width="80" alt=""/>
-				<br /><sub><b>Italo Borssatto</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/GurjinderSingh">
-				<img src="https://avatars.githubusercontent.com/u/3470709?v=4" width="80" alt=""/>
-				<br /><sub><b>Gurjinder Singh</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/phantomski77">
-				<img src="https://avatars.githubusercontent.com/u/69464125?v=4" width="80" alt=""/>
-				<br /><sub><b>David Dosoudil</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/ijaron">
-				<img src="https://avatars.githubusercontent.com/u/5156472?v=4" width="80" alt=""/>
-				<br /><sub><b>ijaron</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/nielscil">
-				<img src="https://avatars.githubusercontent.com/u/9073152?v=4" width="80" alt=""/>
-				<br /><sub><b>Niels Bouma</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/ogarai">
-				<img src="https://avatars.githubusercontent.com/u/2949572?v=4" width="80" alt=""/>
-				<br /><sub><b>Orko Garai</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/baruffaldi">
-				<img src="https://avatars.githubusercontent.com/u/36949?v=4" width="80" alt=""/>
-				<br /><sub><b>Filippo Baruffaldi</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/bikram990">
-				<img src="https://avatars.githubusercontent.com/u/6782131?v=4" width="80" alt=""/>
-				<br /><sub><b>Bikramjeet Singh</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/razvanstoica89">
-				<img src="https://avatars.githubusercontent.com/u/28236583?v=4" width="80" alt=""/>
-				<br /><sub><b>Razvan Stoica</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/psharma04">
-				<img src="https://avatars.githubusercontent.com/u/22587474?v=4" width="80" alt=""/>
-				<br /><sub><b>RBXII3</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/demize">
-				<img src="https://avatars.githubusercontent.com/u/264914?v=4" width="80" alt=""/>
-				<br /><sub><b>demize</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/PUP-Loki">
-				<img src="https://avatars.githubusercontent.com/u/75944209?v=4" width="80" alt=""/>
-				<br /><sub><b>PUP-Loki</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/DSorlov">
-				<img src="https://avatars.githubusercontent.com/u/8133650?v=4" width="80" alt=""/>
-				<br /><sub><b>Daniel Sörlöv</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/Theyooo">
-				<img src="https://avatars.githubusercontent.com/u/58510131?v=4" width="80" alt=""/>
-				<br /><sub><b>Theyooo</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/mrdink">
-				<img src="https://avatars.githubusercontent.com/u/514751?v=4" width="80" alt=""/>
-				<br /><sub><b>Justin Peacock</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/ChrisTracy">
-				<img src="https://avatars.githubusercontent.com/u/58871574?v=4" width="80" alt=""/>
-				<br /><sub><b>Chris Tracy</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/Fuechslein">
-				<img src="https://avatars.githubusercontent.com/u/15112818?v=4" width="80" alt=""/>
-				<br /><sub><b>Fuechslein</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/nightah">
-				<img src="https://avatars.githubusercontent.com/u/3339418?v=4" width="80" alt=""/>
-				<br /><sub><b>Amir Zarrinkafsh</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/gabbe">
-				<img src="https://avatars.githubusercontent.com/u/156397?v=4" width="80" alt=""/>
-				<br /><sub><b>gabbe</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/bmbvenom">
-				<img src="https://avatars.githubusercontent.com/u/20530371?v=4" width="80" alt=""/>
-				<br /><sub><b>bmbvenom</b></sub>
-			</a>
-		</td>
-	</tr>
-	<tr>
-		<td align="center">
-			<a href="https://github.com/FMeinicke">
-				<img src="https://avatars.githubusercontent.com/u/42121639?v=4" width="80" alt=""/>
-				<br /><sub><b>Florian Meinicke</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/ssrahul96">
-				<img src="https://avatars.githubusercontent.com/u/15570570?v=4" width="80" alt=""/>
-				<br /><sub><b>Rahul Somasundaram</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/BjoernAkAManf">
-				<img src="https://avatars.githubusercontent.com/u/833043?v=4" width="80" alt=""/>
-				<br /><sub><b>Björn Heinrichs</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/realJoshByrnes">
-				<img src="https://avatars.githubusercontent.com/u/204185?v=4" width="80" alt=""/>
-				<br /><sub><b>Josh Byrnes</b></sub>
-			</a>
-		</td>
-		<td align="center">
-			<a href="https://github.com/bergi9">
-				<img src="https://avatars.githubusercontent.com/u/5556750?v=4" width="80" alt=""/>
-				<br /><sub><b>bergi9</b></sub>
-			</a>
-		</td>
-	</tr>
-</table>
-<!-- markdownlint-enable -->
-<!-- prettier-ignore-end -->
+
+## Getting Support
+
+1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
+2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
+3. [Development Gitter](https://gitter.im/nginx-proxy-manager/community)
+4. [Reddit](https://reddit.com/r/nginxproxymanager)
--- a/backend/app.js
+++ b/backend/app.js
@ -40,13 +40,12 @@ app.use(function (req, res, next) {
 	}

 	res.set({
-		'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
-		'X-XSS-Protection':          '1; mode=block',
-		'X-Content-Type-Options':    'nosniff',
-		'X-Frame-Options':           x_frame_options,
-		'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',
-		Pragma:                      'no-cache',
-		Expires:                     0
+		'X-XSS-Protection':       '1; mode=block',
+		'X-Content-Type-Options': 'nosniff',
+		'X-Frame-Options':        x_frame_options,
+		'Cache-Control':          'no-cache, no-store, max-age=0, must-revalidate',
+		Pragma:                   'no-cache',
+		Expires:                  0
 	});
 	next();
 });
@ -74,10 +73,12 @@ app.use(function (err, req, res, next) {
 	}

 	// Not every error is worth logging - but this is good for now until it gets annoying.
-	if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
-		log.debug(err);
-	} else if (typeof err.stack !== 'undefined' && err.stack && (typeof err.public == 'undefined' || !err.public)) {
-		log.warn(err.message);
+	if (typeof err.stack !== 'undefined' && err.stack) {
+		if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
+			log.debug(err.stack);
+		} else if (typeof err.public == 'undefined' || !err.public) {
+			log.warn(err.message);
+		}
 	}

 	res
--- a/backend/index.js
+++ b/backend/index.js
@ -44,84 +44,85 @@ async function appStart () {

 async function createDbConfigFromEnvironment() {
 	return new Promise((resolve, reject) => {
-		const envMysqlHost  = process.env.DB_MYSQL_HOST || null;
-		const envMysqlPort  = process.env.DB_MYSQL_PORT || null;
-		const envMysqlUser  = process.env.DB_MYSQL_USER || null;
-		const envMysqlName  = process.env.DB_MYSQL_NAME || null;
-		const envSqliteFile = process.env.DB_SQLITE_FILE || null;
+		const envMysqlHost = process.env.DB_MYSQL_HOST || null;
+		const envMysqlPort = process.env.DB_MYSQL_PORT || null;
+		const envMysqlUser = process.env.DB_MYSQL_USER || null;
+		const envMysqlName = process.env.DB_MYSQL_NAME || null;
+		let envSqliteFile  = process.env.DB_SQLITE_FILE || null;

-		if ((envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) || envSqliteFile) {
-			const fs       = require('fs');
-			const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
-			let configData = {};
+		const fs       = require('fs');
+		const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
+		let configData = {};

-			try {
-				configData = require(filename);
-			} catch (err) {
-				// do nothing
-			}
+		try {
+			configData = require(filename);
+		} catch (err) {
+			// do nothing
+		}

-			if (configData.database && configData.database.engine && !configData.database.fromEnv) {
-				logger.info('Manual db configuration already exists, skipping config creation from environment variables');
+		if (configData.database && configData.database.engine && !configData.database.fromEnv) {
+			logger.info('Manual db configuration already exists, skipping config creation from environment variables');
+			resolve();
+			return;
+		}
+
+		if ((!envMysqlHost || !envMysqlPort || !envMysqlUser || !envMysqlName) && !envSqliteFile){
+			envSqliteFile = '/data/database.sqlite';
+			logger.info(`No valid environment variables for database provided, using default SQLite file '${envSqliteFile}'`);
+		}
+
+		if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
+			const newConfig = {
+				fromEnv:  true,
+				engine:   'mysql',
+				host:     envMysqlHost,
+				port:     envMysqlPort,
+				user:     envMysqlUser,
+				password: process.env.DB_MYSQL_PASSWORD,
+				name:     envMysqlName,
+			};
+
+			if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+				// Config is unchanged, skip overwrite
 				resolve();
 				return;
 			}

-			if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
-				const newConfig = {
-					fromEnv:  true,
-					engine:   'mysql',
-					host:     envMysqlHost,
-					port:     envMysqlPort,
-					user:     envMysqlUser,
-					password: process.env.DB_MYSQL_PASSWORD,
-					name:     envMysqlName,
-				};
+			logger.info('Generating MySQL knex configuration from environment variables');
+			configData.database = newConfig;

-				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
-					// Config is unchanged, skip overwrite
-					resolve();
-					return;
+		} else {
+			const newConfig = {
+				fromEnv: true,
+				engine:  'knex-native',
+				knex:    {
+					client:     'sqlite3',
+					connection: {
+						filename: envSqliteFile
+					},
+					useNullAsDefault: true
 				}
-
-				logger.info('Generating MySQL db configuration from environment variables');
-				configData.database = newConfig;
-
-			} else {
-				const newConfig = {
-					fromEnv: true,
-					engine:  'knex-native',
-					knex:    {
-						client:     'sqlite3',
-						connection: {
-							filename: envSqliteFile
-						},
-						useNullAsDefault: true
-					}
-				};
-				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
-					// Config is unchanged, skip overwrite
-					resolve();
-					return;
-				}
-
-				logger.info('Generating Sqlite db configuration from environment variables');
-				configData.database = newConfig;
+			};
+			if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+				// Config is unchanged, skip overwrite
+				resolve();
+				return;
 			}

-			// Write config
-			fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
-				if (err) {
-					logger.error('Could not write db config to config file: ' + filename);
-					reject(err);
-				} else {
-					logger.info('Wrote db configuration to config file: ' + filename);
-					resolve();
-				}
-			});
-		} else {
-			resolve();
+			logger.info('Generating SQLite knex configuration');
+			configData.database = newConfig;
 		}
+
+		// Write config
+		fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
+			if (err) {
+				logger.error('Could not write db config to config file: ' + filename);
+				reject(err);
+			} else {
+				logger.debug('Wrote db configuration to config file: ' + filename);
+				resolve();
+			}
+		});
 	});
 }

--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@ -3,13 +3,13 @@ const fs                    = require('fs');
 const batchflow             = require('batchflow');
 const logger                = require('../logger').access;
 const error                 = require('../lib/error');
+const utils                 = require('../lib/utils');
 const accessListModel       = require('../models/access_list');
 const accessListAuthModel   = require('../models/access_list_auth');
 const accessListClientModel = require('../models/access_list_client');
 const proxyHostModel        = require('../models/proxy_host');
 const internalAuditLog      = require('./audit-log');
 const internalNginx         = require('./nginx');
-const utils                 = require('../lib/utils');

 function omissions () {
 	return ['is_deleted'];
@ -27,13 +27,13 @@ const internalAccessList = {
 			.then((/*access_data*/) => {
 				return accessListModel
 					.query()
-					.omit(omissions())
 					.insertAndFetch({
 						name:          data.name,
 						satisfy_any:   data.satisfy_any,
 						pass_auth:     data.pass_auth,
 						owner_user_id: access.token.getUserId(1)
-					});
+					})
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				data.id = row.id;
@ -218,7 +218,7 @@ const internalAccessList = {
 				// re-fetch with expansions
 				return internalAccessList.get(access, {
 					id:     data.id,
-					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
+					expand: ['owner', 'items', 'clients', 'proxy_hosts.[certificate,access_list.[clients,items]]']
 				}, true /* <- skip masking */);
 			})
 			.then((row) => {
@ -256,35 +256,31 @@ const internalAccessList = {
 					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
-					.allowEager('[owner,items,clients,proxy_hosts.[*, access_list.[clients,items]]]')
-					.omit(['access_list.is_deleted'])
+					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('access_list.owner_user_id', access.token.getUserId(1));
 				}

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
-						row = internalAccessList.maskItems(row);
-					}
-
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
+					row = internalAccessList.maskItems(row);
+				}
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -381,8 +377,7 @@ const internalAccessList = {
 					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
-					.omit(['access_list.is_deleted'])
-					.allowEager('[owner,items,clients]')
+					.allowGraph('[owner,items,clients]')
 					.orderBy('access_list.name', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
@ -397,10 +392,10 @@ const internalAccessList = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (rows) {
@ -507,7 +502,7 @@ const internalAccessList = {
 								if (typeof item.password !== 'undefined' && item.password.length) {
 									logger.info('Adding: ' + item.username);

-									utils.exec('/usr/bin/htpasswd -b "' + htpasswd_file + '" "' + item.username + '" "' + item.password + '"')
+									utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
 										.then((/*result*/) => {
 											next();
 										})
--- a/backend/internal/audit-log.js
+++ b/backend/internal/audit-log.js
@ -19,7 +19,7 @@ const internalAuditLog = {
 					.orderBy('created_on', 'DESC')
 					.orderBy('id', 'DESC')
 					.limit(100)
-					.allowEager('[user]');
+					.allowGraph('[user]');

 				// Query is used for searching
 				if (typeof search_query === 'string') {
@ -29,7 +29,7 @@ const internalAuditLog = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

 				return query;
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -1,5 +1,6 @@
 const _                  = require('lodash');
 const fs                 = require('fs');
+const https              = require('https');
 const tempWrite          = require('temp-write');
 const moment             = require('moment');
 const logger             = require('../logger').ssl;
@ -15,6 +16,7 @@ const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';
 const archiver           = require('archiver');
 const path               = require('path');
+const { isArray }        = require('lodash');

 function omissions() {
 	return ['is_deleted'];
@ -114,13 +116,13 @@ const internalCertificate = {
 				data.owner_user_id = access.token.getUserId(1);

 				if (data.provider === 'letsencrypt') {
-					data.nice_name = data.domain_names.sort().join(', ');
+					data.nice_name = data.domain_names.join(', ');
 				}

 				return certificateModel
 					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
+					.insertAndFetch(data)
+					.then(utils.omitRow(omissions()));
 			})
 			.then((certificate) => {
 				if (certificate.provider === 'letsencrypt') {
@ -169,6 +171,7 @@ const internalCertificate = {
 								// 3. Generate the LE config
 								return internalNginx.generateLetsEncryptRequestConfig(certificate)
 									.then(internalNginx.reload)
+									.then(async() => await new Promise((r) => setTimeout(r, 5000)))
 									.then(() => {
 										// 4. Request cert
 										return internalCertificate.requestLetsEncryptSsl(certificate);
@ -266,8 +269,8 @@ const internalCertificate = {

 				return certificateModel
 					.query()
-					.omit(omissions())
 					.patchAndFetchById(row.id, data)
+					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						saved_row.meta = internalCertificate.cleanMeta(saved_row.meta);
 						data.meta      = internalCertificate.cleanMeta(data.meta);
@ -285,7 +288,7 @@ const internalCertificate = {
 							meta:        _.omit(data, ['expires_on']) // this prevents json circular reference because expires_on might be raw
 						})
 							.then(() => {
-								return _.omit(saved_row, omissions());
+								return saved_row;
 							});
 					});
 			});
@ -310,30 +313,28 @@ const internalCertificate = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner]')
+					.allowGraph('[owner]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -385,7 +386,7 @@ const internalCertificate = {
 	zipFiles(source, out) {
 		const archive = archiver('zip', { zlib: { level: 9 } });
 		const stream  = fs.createWriteStream(out);
-	
+
 		return new Promise((resolve, reject) => {
 			source
 				.map((fl) => {
@ -396,7 +397,7 @@ const internalCertificate = {
 			archive
 				.on('error', (err) => reject(err))
 				.pipe(stream);
-	
+
 			stream.on('close', () => resolve());
 			archive.finalize();
 		});
@ -463,8 +464,7 @@ const internalCertificate = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[owner]')
+					.allowGraph('[owner]')
 					.orderBy('nice_name', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
@ -474,15 +474,15 @@ const internalCertificate = {
 				// Query is used for searching
 				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where('name', 'like', '%' + search_query + '%');
+						this.where('nice_name', 'like', '%' + search_query + '%');
 					});
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			});
 	},

@ -659,7 +659,6 @@ const internalCertificate = {
 							meta:         _.clone(row.meta) // Prevent the update method from changing this value that we'll use later
 						})
 							.then((certificate) => {
-								console.log('ROWMETA:', row.meta);
 								certificate.meta = row.meta;
 								return internalCertificate.writeCustomCert(certificate);
 							});
@ -832,7 +831,7 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

-		const cmd = certbotCommand + ' certonly --non-interactive ' +
+		const cmd = certbotCommand + ' certonly ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
@ -868,13 +867,17 @@ const internalCertificate = {
 		logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);

 		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
-		const credentialsCmd      = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
-		const prepareCmd          = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
+		// Escape single quotes and backslashes
+		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
+		const credentialsCmd     = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
+		// we call `. /opt/certbot/bin/activate` (`.` is alternative to `source` in dash) to access certbot venv
+		let prepareCmd = '. /opt/certbot/bin/activate && pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';

 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';

-		let mainCmd = certbotCommand + ' certonly --non-interactive ' +
+		let mainCmd = certbotCommand + ' certonly ' +
+			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
@ -969,10 +972,11 @@ const internalCertificate = {
 	renewLetsEncryptSsl: (certificate) => {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

-		const cmd = certbotCommand + ' renew --force-renewal --non-interactive ' +
+		const cmd = certbotCommand + ' renew --force-renewal ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
+			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
 			(letsencryptStaging ? '--staging' : '');

@ -998,9 +1002,11 @@ const internalCertificate = {

 		logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);

-		let mainCmd = certbotCommand + ' renew --non-interactive ' +
+		let mainCmd = certbotCommand + ' renew ' +
+			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
-			'--disable-hook-validation' +
+			'--disable-hook-validation ' +
+			'--no-random-sleep-on-renew ' +
 			(letsencryptStaging ? ' --staging' : '');

 		// Prepend the path to the credentials file as an environment variable
@ -1026,7 +1032,8 @@ const internalCertificate = {
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

-		const mainCmd = certbotCommand + ' revoke --non-interactive ' +
+		const mainCmd = certbotCommand + ' revoke ' +
+			'--config "' + letsencryptConfig + '" ' +
 			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
 			(letsencryptStaging ? '--staging' : '');
@ -1119,6 +1126,94 @@ const internalCertificate = {
 		} else {
 			return Promise.resolve();
 		}
+	},
+
+	testHttpsChallenge: async (access, domains) => {
+		await access.can('certificates:list');
+
+		if (!isArray(domains)) {
+			throw new error.InternalValidationError('Domains must be an array of strings');
+		}
+		if (domains.length === 0) {
+			throw new error.InternalValidationError('No domains provided');
+		}
+
+		// Create a test challenge file
+		const testChallengeDir  = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
+		const testChallengeFile = testChallengeDir + '/test-challenge';
+		fs.mkdirSync(testChallengeDir, {recursive: true});
+		fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});
+
+		async function performTestForDomain (domain) {
+			logger.info('Testing http challenge for ' + domain);
+			const url      = `http://${domain}/.well-known/acme-challenge/test-challenge`;
+			const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`;
+			const options  = {
+				method:  'POST',
+				headers: {
+					'Content-Type':   'application/x-www-form-urlencoded',
+					'Content-Length': Buffer.byteLength(formBody)
+				}
+			};
+
+			const result = await new Promise((resolve) => {
+
+				const req = https.request('https://www.site24x7.com/tools/restapi-tester', options, function (res) {
+					let responseBody = '';
+
+					res.on('data', (chunk) => responseBody = responseBody + chunk);
+					res.on('end', function () {
+						const parsedBody = JSON.parse(responseBody + '');
+						if (res.statusCode !== 200) {
+							logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
+							resolve(undefined);
+						}
+						resolve(parsedBody);
+					});
+				});
+
+				// Make sure to write the request body.
+				req.write(formBody);
+				req.end();
+				req.on('error', function (e) { logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e);
+					resolve(undefined); });
+			});
+
+			if (!result) {
+				// Some error occurred while trying to get the data
+				return 'failed';
+			} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
+				// Server exists and has responded with the correct data
+				return 'ok';
+			} else if (`${result.responsecode}` === '200') {
+				// Server exists but has responded with wrong data
+				logger.info(`HTTP challenge test failed for domain ${domain} because of invalid returned data:`, result.htmlresponse);
+				return 'wrong-data';
+			} else if (`${result.responsecode}` === '404') {
+				// Server exists but responded with a 404
+				logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`);
+				return '404';
+			} else if (`${result.responsecode}` === '0' || (typeof result.reason === 'string' && result.reason.toLowerCase() === 'host unavailable')) {
+				// Server does not exist at domain
+				logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`);
+				return 'no-host';
+			} else {
+				// Other errors
+				logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`);
+				return `other:${result.responsecode}`;
+			}
+		}
+
+		const results = {};
+
+		for (const domain of domains){
+			results[domain] = await performTestForDomain(domain);
+		}
+
+		// Remove the test challenge file
+		fs.unlinkSync(testChallengeFile);
+
+		return results;
 	}
 };

--- a/backend/internal/dead-host.js
+++ b/backend/internal/dead-host.js
@ -1,5 +1,6 @@
 const _                   = require('lodash');
 const error               = require('../lib/error');
+const utils               = require('../lib/utils');
 const deadHostModel       = require('../models/dead_host');
 const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
@ -49,8 +50,8 @@ const internalDeadHost = {

 				return deadHostModel
 					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
+					.insertAndFetch(data)
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
@ -218,31 +219,28 @@ const internalDeadHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,certificate]')
+					.allowGraph('[owner,certificate]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					row = internalHost.cleanRowCertificateMeta(row);
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -404,8 +402,7 @@ const internalDeadHost = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[owner,certificate]')
+					.allowGraph('[owner,certificate]')
 					.orderBy('domain_names', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
@ -420,10 +417,10 @@ const internalDeadHost = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
--- a/backend/internal/host.js
+++ b/backend/internal/host.js
@ -1,8 +1,7 @@
-const _                       = require('lodash');
-const proxyHostModel          = require('../models/proxy_host');
-const redirectionHostModel    = require('../models/redirection_host');
-const deadHostModel           = require('../models/dead_host');
-const sslPassthroughHostModel = require('../models/ssl_passthrough_host');
+const _                    = require('lodash');
+const proxyHostModel       = require('../models/proxy_host');
+const redirectionHostModel = require('../models/redirection_host');
+const deadHostModel        = require('../models/dead_host');

 const internalHost = {

@ -82,9 +81,6 @@ const internalHost = {
 				.query()
 				.where('is_deleted', 0),
 			deadHostModel
-				.query()
-				.where('is_deleted', 0),
-			sslPassthroughHostModel
 				.query()
 				.where('is_deleted', 0)
 		];
@ -116,12 +112,6 @@ const internalHost = {
 					response_object.total_count += response_object.dead_hosts.length;
 				}

-				if (promises_results[3]) {
-					// SSL Passthrough Hosts
-					response_object.ssl_passthrough_hosts = internalHost._getHostsWithDomains(promises_results[3], domain_names);
-					response_object.total_count          += response_object.ssl_passthrough_hosts.length;
-				}
-
 				return response_object;
 			});
 	},
@ -147,11 +137,7 @@ const internalHost = {
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere('domain_names', 'like', '%' + hostname + '%'),
-			sslPassthroughHostModel
-				.query()
-				.where('is_deleted', 0)
-				.andWhere('domain_name', '=', hostname),
+				.andWhere('domain_names', 'like', '%' + hostname + '%')
 		];

 		return Promise.all(promises)
@ -179,13 +165,6 @@ const internalHost = {
 					}
 				}

-				if (promises_results[3]) {
-					// SSL Passthrough Hosts
-					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[3], ignore_type === 'ssl_passthrough' && ignore_id ? ignore_id : 0)) {
-						is_taken = true;
-					}
-				}
-
 				return {
 					hostname: hostname,
 					is_taken: is_taken
@ -206,21 +185,14 @@ const internalHost = {

 		if (existing_rows && existing_rows.length) {
 			existing_rows.map(function (existing_row) {
-				
-				function checkHostname(existing_hostname) {
+				existing_row.domain_names.map(function (existing_hostname) {
 					// Does this domain match?
 					if (existing_hostname.toLowerCase() === hostname.toLowerCase()) {
 						if (!ignore_id || ignore_id !== existing_row.id) {
 							is_taken = true;
 						}
 					}
-				}
-
-				if (existing_row.domain_names) {
-					existing_row.domain_names.map(checkHostname);
-				} else if (existing_row.domain_name) {
-					checkHostname(existing_row.domain_name);
-				}
+				});
 			});
 		}

--- a/backend/internal/ip_ranges.js
+++ b/backend/internal/ip_ranges.js
@ -2,13 +2,16 @@ const https         = require('https');
 const fs            = require('fs');
 const logger        = require('../logger').ip_ranges;
 const error         = require('../lib/error');
+const utils         = require('../lib/utils');
 const internalNginx = require('./nginx');
-const { Liquid }    = require('liquidjs');

 const CLOUDFRONT_URL   = 'https://ip-ranges.amazonaws.com/ip-ranges.json';
 const CLOUDFARE_V4_URL = 'https://www.cloudflare.com/ips-v4';
 const CLOUDFARE_V6_URL = 'https://www.cloudflare.com/ips-v6';

+const regIpV4 = /^(\d+\.?){4}\/\d+/;
+const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/;
+
 const internalIpRanges = {

 	interval_timeout:    1000 * 60 * 60 * 6, // 6 hours
@ -74,14 +77,14 @@ const internalIpRanges = {
 					return internalIpRanges.fetchUrl(CLOUDFARE_V4_URL);
 				})
 				.then((cloudfare_data) => {
-					let items = cloudfare_data.split('\n');
+					let items = cloudfare_data.split('\n').filter((line) => regIpV4.test(line));
 					ip_ranges = [... ip_ranges, ... items];
 				})
 				.then(() => {
 					return internalIpRanges.fetchUrl(CLOUDFARE_V6_URL);
 				})
 				.then((cloudfare_data) => {
-					let items = cloudfare_data.split('\n');
+					let items = cloudfare_data.split('\n').filter((line) => regIpV6.test(line));
 					ip_ranges = [... ip_ranges, ... items];
 				})
 				.then(() => {
@ -116,10 +119,7 @@ const internalIpRanges = {
 	 * @returns {Promise}
 	 */
 	generateConfig: (ip_ranges) => {
-		let renderEngine = new Liquid({
-			root: __dirname + '/../templates/'
-		});
-
+		const renderEngine = utils.getRenderEngine();
 		return new Promise((resolve, reject) => {
 			let template = null;
 			let filename = '/etc/nginx/conf.d/include/ip_ranges.conf';
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -1,11 +1,9 @@
-const _                    = require('lodash');
-const fs                   = require('fs');
-const logger               = require('../logger').nginx;
-const utils                = require('../lib/utils');
-const error                = require('../lib/error');
-const { Liquid }           = require('liquidjs');
-const passthroughHostModel = require('../models/ssl_passthrough_host');
-const debug_mode           = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
+const _          = require('lodash');
+const fs         = require('fs');
+const logger     = require('../logger').nginx;
+const utils      = require('../lib/utils');
+const error      = require('../lib/error');
+const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;

 const internalNginx = {

@ -24,35 +22,18 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	configure: (model, host_type, host) => {
-		let combined_meta           = {};
-		const sslPassthroughEnabled = internalNginx.sslPassthroughEnabled();
+		let combined_meta = {};

 		return internalNginx.test()
 			.then(() => {
 				// Nginx is OK
 				// We're deleting this config regardless.
-				return internalNginx.deleteConfig(host_type, host); // Don't throw errors, as the file may not exist at all
+				// Don't throw errors, as the file may not exist at all
+				// Delete the .err file too
+				return internalNginx.deleteConfig(host_type, host, false, true);
 			})
 			.then(() => {
-				if (host_type === 'ssl_passthrough_host' && !sslPassthroughEnabled){
-					// ssl passthrough is disabled
-					const meta = {
-						nginx_online: false,
-						nginx_err:    'SSL passthrough is not enabled in environment'
-					};
-
-					return passthroughHostModel
-						.query()
-						.where('is_deleted', 0)
-						.andWhere('enabled', 1)
-						.patch({
-							meta
-						}).then(() => {
-							return internalNginx.deleteConfig('ssl_passthrough_host', host, false); 
-						});
-				} else {
-					return internalNginx.generateConfig(host_type, host);
-				}
+				return internalNginx.generateConfig(host_type, host);
 			})
 			.then(() => {
 				// Test nginx again and update meta with result
@ -64,27 +45,12 @@ const internalNginx = {
 							nginx_err:    null
 						});

-						if (host_type === 'ssl_passthrough_host'){
-							// If passthrough is disabled we have already marked the hosts as offline
-							if (sslPassthroughEnabled) {
-								return passthroughHostModel
-									.query()
-									.where('is_deleted', 0)
-									.andWhere('enabled', 1)
-									.patch({
-										meta: combined_meta
-									});
-							}
-							return Promise.resolve();
-						}
-
 						return model
 							.query()
 							.where('id', host.id)
 							.patch({
 								meta: combined_meta
 							});
-						
 					})
 					.catch((err) => {
 						// Remove the error_log line because it's a docker-ism false positive that doesn't need to be reported.
@ -109,24 +75,15 @@ const internalNginx = {
 							nginx_err:    valid_lines.join('\n')
 						});

-						if (host_type === 'ssl_passthrough_host'){
-							return passthroughHostModel
-								.query()
-								.where('is_deleted', 0)
-								.andWhere('enabled', 1)
-								.patch({
-									meta: combined_meta
-								}).then(() => {
-									return internalNginx.deleteConfig('ssl_passthrough_host', host, true);
-								});
-						}
-
 						return model
 							.query()
 							.where('id', host.id)
 							.patch({
 								meta: combined_meta
 							})
+							.then(() => {
+								internalNginx.renameConfigAsError(host_type, host);
+							})
 							.then(() => {
 								return internalNginx.deleteConfig(host_type, host, true);
 							});
@ -168,15 +125,10 @@ const internalNginx = {
 	 * @returns {String}
 	 */
 	getConfigName: (host_type, host_id) => {
-		host_type = host_type.replace(new RegExp('-', 'g'), '_');
-
 		if (host_type === 'default') {
 			return '/data/nginx/default_host/site.conf';
-		} else if (host_type === 'ssl_passthrough_host') {
-			return '/data/nginx/ssl_passthrough_host/hosts.conf';
 		}
-
-		return '/data/nginx/' + host_type + '/' + host_id + '.conf';
+		return '/data/nginx/' + internalNginx.getFileFriendlyHostType(host_type) + '/' + host_id + '.conf';
 	},

 	/**
@ -185,8 +137,6 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	renderLocations: (host) => {
-
-		//logger.info('host = ' + JSON.stringify(host, null, 2));
 		return new Promise((resolve, reject) => {
 			let template;

@ -197,19 +147,17 @@ const internalNginx = {
 				return;
 			}

-			let renderer          = new Liquid({
-				root: __dirname + '/../templates/'
-			});
+			const renderEngine    = utils.getRenderEngine();
 			let renderedLocations = '';

 			const locationRendering = async () => {
 				for (let i = 0; i < host.locations.length; i++) {
-					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, 
+					let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
 						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
 						{certificate: host.certificate}, host.locations[i]);
-			
+
 					if (locationCopy.forward_host.indexOf('/') > -1) {
 						const splitted = locationCopy.forward_host.split('/');

@ -217,16 +165,14 @@ const internalNginx = {
 						locationCopy.forward_path = `/${splitted.join('/')}`;
 					}

-					//logger.info('locationCopy = ' + JSON.stringify(locationCopy, null, 2));
-
 					// eslint-disable-next-line
-					renderedLocations += await renderer.parseAndRender(template, locationCopy);
+					renderedLocations += await renderEngine.parseAndRender(template, locationCopy);
 				}

 			};

 			locationRendering().then(() => resolve(renderedLocations));
-			
+
 		});
 	},

@ -235,100 +181,81 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: async (host_type, host) => {
-		host_type = host_type.replace(new RegExp('-', 'g'), '_');
+	generateConfig: (host_type, host) => {
+		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);

 		if (debug_mode) {
-			logger.info('Generating ' + host_type + ' Config:', host);
+			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}

-		// logger.info('host = ' + JSON.stringify(host, null, 2));
+		const renderEngine = utils.getRenderEngine();

-		let renderEngine = new Liquid({
-			root: __dirname + '/../templates/'
-		});
+		return new Promise((resolve, reject) => {
+			let template = null;
+			let filename = internalNginx.getConfigName(nice_host_type, host.id);

-		let template = null;
-		let filename = internalNginx.getConfigName(host_type, host.id);
-
-		try {
-			template = fs.readFileSync(__dirname + '/../templates/' + host_type + '.conf', {encoding: 'utf8'});
-		} catch (err) {
-			throw new error.ConfigurationError(err.message);
-		}
-
-		let locationsPromise;
-		let origLocations;
-
-		// Manipulate the data a bit before sending it to the template
-		if (host_type === 'ssl_passthrough_host') {
-			if (internalNginx.sslPassthroughEnabled()){
-				const allHosts = await passthroughHostModel
-					.query()
-					.where('is_deleted', 0)
-					.groupBy('id')
-					.omit(['is_deleted']);
-				host           = {
-					all_passthrough_hosts: allHosts.map((host) => {
-						// Replace dots in domain
-						host.forwarding_host = internalNginx.addIpv6Brackets(host.forwarding_host);
-						return host;
-					}),
-				};
-			} else {
-				internalNginx.deleteConfig(host_type, host, false);
+			try {
+				template = fs.readFileSync(__dirname + '/../templates/' + nice_host_type + '.conf', {encoding: 'utf8'});
+			} catch (err) {
+				reject(new error.ConfigurationError(err.message));
+				return;
 			}
-			
-		} else if (host_type !== 'default') {
-			host.use_default_location = true;
-			if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
-				host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
-			}
-		}

-		if (host.locations) {
-			//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2));
-			origLocations    = [].concat(host.locations);
-			locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => {
-				host.locations = renderedLocations;
-			});
+			let locationsPromise;
+			let origLocations;

-			// Allow someone who is using / custom location path to use it, and skip the default / location
-			_.map(host.locations, (location) => {
-				if (location.path === '/') {
-					host.use_default_location = false;
+			// Manipulate the data a bit before sending it to the template
+			if (nice_host_type !== 'default') {
+				host.use_default_location = true;
+				if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
+					host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
 				}
-			});
+			}

-		} else {
-			locationsPromise = Promise.resolve();
-		}
-
-		// Set the IPv6 setting for the host
-		host.ipv6 = internalNginx.ipv6Enabled();
-
-		return locationsPromise.then(() => {
-			renderEngine
-				.parseAndRender(template, host)
-				.then((config_text) => {
-					fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
-
-					if (debug_mode) {
-						logger.success('Wrote config:', filename, config_text);
-					}
-
-					// Restore locations array
-					host.locations = origLocations;
-
-					return true;
-				})
-				.catch((err) => {
-					if (debug_mode) {
-						logger.warn('Could not write ' + filename + ':', err.message);
-					}
-
-					throw new error.ConfigurationError(err.message);
+			if (host.locations) {
+				//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2));
+				origLocations    = [].concat(host.locations);
+				locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => {
+					host.locations = renderedLocations;
 				});
+
+				// Allow someone who is using / custom location path to use it, and skip the default / location
+				_.map(host.locations, (location) => {
+					if (location.path === '/') {
+						host.use_default_location = false;
+					}
+				});
+
+			} else {
+				locationsPromise = Promise.resolve();
+			}
+
+			// Set the IPv6 setting for the host
+			host.ipv6 = internalNginx.ipv6Enabled();
+
+			locationsPromise.then(() => {
+				renderEngine
+					.parseAndRender(template, host)
+					.then((config_text) => {
+						fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
+
+						if (debug_mode) {
+							logger.success('Wrote config:', filename, config_text);
+						}
+
+						// Restore locations array
+						host.locations = origLocations;
+
+						resolve(true);
+					})
+					.catch((err) => {
+						if (debug_mode) {
+							logger.warn('Could not write ' + filename + ':', err.message);
+						}
+
+						reject(new error.ConfigurationError(err.message));
+					});
+			});
 		});
 	},

@ -345,9 +272,7 @@ const internalNginx = {
 			logger.info('Generating LetsEncrypt Request Config:', certificate);
 		}

-		let renderEngine = new Liquid({
-			root: __dirname + '/../templates/'
-		});
+		const renderEngine = utils.getRenderEngine();

 		return new Promise((resolve, reject) => {
 			let template = null;
@ -383,33 +308,39 @@ const internalNginx = {
 		});
 	},

+	/**
+	 * A simple wrapper around unlinkSync that writes to the logger
+	 *
+	 * @param   {String}  filename
+	 */
+	deleteFile: (filename) => {
+		logger.debug('Deleting file: ' + filename);
+		try {
+			fs.unlinkSync(filename);
+		} catch (err) {
+			logger.debug('Could not delete file:', JSON.stringify(err, null, 2));
+		}
+	},
+
+	/**
+	 *
+	 * @param   {String} host_type
+	 * @returns String
+	 */
+	getFileFriendlyHostType: (host_type) => {
+		return host_type.replace(new RegExp('-', 'g'), '_');
+	},
+
 	/**
 	 * This removes the temporary nginx config file generated by `generateLetsEncryptRequestConfig`
 	 *
 	 * @param   {Object}  certificate
-	 * @param   {Boolean} [throw_errors]
 	 * @returns {Promise}
 	 */
-	deleteLetsEncryptRequestConfig: (certificate, throw_errors) => {
-		return new Promise((resolve, reject) => {
-			try {
-				let config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
-
-				if (debug_mode) {
-					logger.warn('Deleting nginx config: ' + config_file);
-				}
-
-				fs.unlinkSync(config_file);
-			} catch (err) {
-				if (debug_mode) {
-					logger.warn('Could not delete config:', err.message);
-				}
-
-				if (throw_errors) {
-					reject(err);
-				}
-			}
-
+	deleteLetsEncryptRequestConfig: (certificate) => {
+		const config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
+		return new Promise((resolve/*, reject*/) => {
+			internalNginx.deleteFile(config_file);
 			resolve();
 		});
 	},
@ -417,35 +348,42 @@ const internalNginx = {
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Object}  [host]
-	 * @param   {Boolean} [throw_errors]
+	 * @param   {Boolean} [delete_err_file]
 	 * @returns {Promise}
 	 */
-	deleteConfig: (host_type, host, throw_errors) => {
-		host_type = host_type.replace(new RegExp('-', 'g'), '_');
+	deleteConfig: (host_type, host, delete_err_file) => {
+		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
+		const config_file_err = config_file + '.err';

-		return new Promise((resolve, reject) => {
-			try {
-				let config_file = internalNginx.getConfigName(host_type, typeof host === 'undefined' ? 0 : host.id);
-
-				if (debug_mode) {
-					logger.warn('Deleting nginx config: ' + config_file);
-				}
-
-				fs.unlinkSync(config_file);
-			} catch (err) {
-				if (debug_mode) {
-					logger.warn('Could not delete config:', err.message);
-				}
-
-				if (throw_errors) {
-					reject(err);
-				}
+		return new Promise((resolve/*, reject*/) => {
+			internalNginx.deleteFile(config_file);
+			if (delete_err_file) {
+				internalNginx.deleteFile(config_file_err);
 			}
-
 			resolve();
 		});
 	},

+	/**
+	 * @param   {String}  host_type
+	 * @param   {Object}  [host]
+	 * @returns {Promise}
+	 */
+	renameConfigAsError: (host_type, host) => {
+		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
+		const config_file_err = config_file + '.err';
+
+		return new Promise((resolve/*, reject*/) => {
+			fs.unlink(config_file, () => {
+				// ignore result, continue
+				fs.rename(config_file, config_file_err, () => {
+					// also ignore result, as this is a debugging informative file anyway
+					resolve();
+				});
+			});
+		});
+	},
+
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Array}   hosts
@ -463,13 +401,12 @@ const internalNginx = {
 	/**
 	 * @param   {String}  host_type
 	 * @param   {Array}   hosts
-	 * @param   {Boolean} [throw_errors]
 	 * @returns {Promise}
 	 */
-	bulkDeleteConfigs: (host_type, hosts, throw_errors) => {
+	bulkDeleteConfigs: (host_type, hosts) => {
 		let promises = [];
 		hosts.map(function (host) {
-			promises.push(internalNginx.deleteConfig(host_type, host, throw_errors));
+			promises.push(internalNginx.deleteConfig(host_type, host, true));
 		});

 		return Promise.all(promises);
@ -493,33 +430,6 @@ const internalNginx = {
 		}

 		return true;
-	},
-
-	/**
-	 * @returns {boolean}
-	 */
-	sslPassthroughEnabled: function () {
-		if (typeof process.env.ENABLE_SSL_PASSTHROUGH !== 'undefined') {
-			const enabled = process.env.ENABLE_SSL_PASSTHROUGH.toLowerCase();
-			return (enabled === 'on' || enabled === 'true' || enabled === '1' || enabled === 'yes');
-		}
-
-		return false;
-	},
-
-	/**
-	 * Helper function to add brackets to an IP if it is IPv6
-	 * @returns {string}
-	 */
-	addIpv6Brackets: function (ip) {
-		// Only run check if ipv6 is enabled
-		if (internalNginx.ipv6Enabled()) {
-			const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/gi;
-			if (ipv6Regex.test(ip)){
-				return `[${ip}]`;
-			}
-		}
-		return ip;
 	}
 };

--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -1,5 +1,6 @@
 const _                   = require('lodash');
 const error               = require('../lib/error');
+const utils               = require('../lib/utils');
 const proxyHostModel      = require('../models/proxy_host');
 const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
@ -49,8 +50,8 @@ const internalProxyHost = {

 				return proxyHostModel
 					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
+					.insertAndFetch(data)
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
@ -170,6 +171,7 @@ const internalProxyHost = {
 					.query()
 					.where({id: data.id})
 					.patch(data)
+					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						// Add to audit log
 						return internalAuditLog.add(access, {
@ -179,7 +181,7 @@ const internalProxyHost = {
 							meta:        data
 						})
 							.then(() => {
-								return _.omit(saved_row, omissions());
+								return saved_row;
 							});
 					});
 			})
@ -223,31 +225,29 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,access_list,access_list.[clients,items],certificate]')
+					.allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					row = internalHost.cleanRowCertificateMeta(row);
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				row = internalHost.cleanRowCertificateMeta(row);
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -409,8 +409,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[owner,access_list,certificate]')
+					.allowGraph('[owner,access_list,certificate]')
 					.orderBy('domain_names', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
@ -425,10 +424,10 @@ const internalProxyHost = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
--- a/backend/internal/redirection-host.js
+++ b/backend/internal/redirection-host.js
@ -1,5 +1,6 @@
 const _                    = require('lodash');
 const error                = require('../lib/error');
+const utils                = require('../lib/utils');
 const redirectionHostModel = require('../models/redirection_host');
 const internalHost         = require('./host');
 const internalNginx        = require('./nginx');
@ -49,8 +50,8 @@ const internalRedirectionHost = {

 				return redirectionHostModel
 					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
+					.insertAndFetch(data)
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
@ -65,9 +66,8 @@ const internalRedirectionHost = {
 						.then(() => {
 							return row;
 						});
-				} else {
-					return row;
 				}
+				return row;
 			})
 			.then((row) => {
 				// re-fetch with cert
@ -218,31 +218,29 @@ const internalRedirectionHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,certificate]')
+					.allowGraph('[owner,certificate]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					row = internalHost.cleanRowCertificateMeta(row);
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				row = internalHost.cleanRowCertificateMeta(row);
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -404,8 +402,7 @@ const internalRedirectionHost = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[owner,certificate]')
+					.allowGraph('[owner,certificate]')
 					.orderBy('domain_names', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
@ -420,10 +417,10 @@ const internalRedirectionHost = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
--- a/backend/internal/ssl-passthrough-host.js
+++ b/backend/internal/ssl-passthrough-host.js
@ -1,365 +0,0 @@
-const _                    = require('lodash');
-const error                = require('../lib/error');
-const passthroughHostModel = require('../models/ssl_passthrough_host');
-const internalHost         = require('./host');
-const internalNginx        = require('./nginx');
-const internalAuditLog     = require('./audit-log');
-
-function omissions () {
-	return ['is_deleted'];
-}
-
-const internalPassthroughHost = {
-
-	/**
-	 * @param   {Access}  access
-	 * @param   {Object}  data
-	 * @returns {Promise}
-	 */
-	create: (access, data) => {
-		return access.can('ssl_passthrough_hosts:create', data)
-			.then(() => {
-				// Get the domain name and check it against existing records
-				return internalHost.isHostnameTaken(data.domain_name)
-					.then((result) => {
-						if (result.is_taken) {
-							throw new error.ValidationError(result.hostname + ' is already in use');
-						}
-					});
-			}).then((/*access_data*/) => {
-				data.owner_user_id = access.token.getUserId(1);
-
-				if (typeof data.meta === 'undefined') {
-					data.meta = {};
-				}
-
-				return passthroughHostModel
-					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
-			})
-			.then((row) => {
-				// Configure nginx
-				return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
-					.then(() => {
-						return internalPassthroughHost.get(access, {id: row.id, expand: ['owner']});
-					});
-			})
-			.then((row) => {
-				// Add to audit log
-				return internalAuditLog.add(access, {
-					action:      'created',
-					object_type: 'ssl-passthrough-host',
-					object_id:   row.id,
-					meta:        data
-				})
-					.then(() => {
-						return row;
-					});
-			});
-	},
-
-	/**
-	 * @param  {Access}  access
-	 * @param  {Object}  data
-	 * @param  {Number}  data.id
-	 * @return {Promise}
-	 */
-	update: (access, data) => {
-		return access.can('ssl_passthrough_hosts:update', data.id)
-			.then((/*access_data*/) => {
-				// Get the domain name and check it against existing records
-				if (typeof data.domain_name !== 'undefined') {
-					return internalHost.isHostnameTaken(data.domain_name, 'ssl_passthrough', data.id)
-						.then((result) => {
-							if (result.is_taken) {
-								throw new error.ValidationError(result.hostname + ' is already in use');
-							}
-						});
-				}
-			}).then((/*access_data*/) => {
-				return internalPassthroughHost.get(access, {id: data.id});
-			})
-			.then((row) => {
-				if (row.id !== data.id) {
-					// Sanity check that something crazy hasn't happened
-					throw new error.InternalValidationError('SSL Passthrough Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
-				}
-
-				return passthroughHostModel
-					.query()
-					.omit(omissions())
-					.patchAndFetchById(row.id, data)
-					.then(() => {
-						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
-							.then(() => {
-								return internalPassthroughHost.get(access, {id: row.id, expand: ['owner']});
-							});
-					})
-					.then((saved_row) => {
-						// Add to audit log
-						return internalAuditLog.add(access, {
-							action:      'updated',
-							object_type: 'ssl-passthrough-host',
-							object_id:   row.id,
-							meta:        data
-						})
-							.then(() => {
-								return _.omit(saved_row, omissions());
-							});
-					});
-			});
-	},
-
-	/**
-	 * @param  {Access}   access
-	 * @param  {Object}   data
-	 * @param  {Number}   data.id
-	 * @param  {Array}    [data.expand]
-	 * @param  {Array}    [data.omit]
-	 * @return {Promise}
-	 */
-	get: (access, data) => {
-		if (typeof data === 'undefined') {
-			data = {};
-		}
-
-		return access.can('ssl_passthrough_hosts:get', data.id)
-			.then((access_data) => {
-				let query = passthroughHostModel
-					.query()
-					.where('is_deleted', 0)
-					.andWhere('id', data.id)
-					.allowEager('[owner]')
-					.first();
-
-				if (access_data.permission_visibility !== 'all') {
-					query.andWhere('owner_user_id', access.token.getUserId(1));
-				}
-
-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
-				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
-				}
-
-				return query;
-			})
-			.then((row) => {
-				if (row) {
-					return _.omit(row, omissions());
-				} else {
-					throw new error.ItemNotFoundError(data.id);
-				}
-			});
-	},
-
-	/**
-	 * @param {Access}  access
-	 * @param {Object}  data
-	 * @param {Number}  data.id
-	 * @param {String}  [data.reason]
-	 * @returns {Promise}
-	 */
-	delete: (access, data) => {
-		return access.can('ssl_passthrough_hosts:delete', data.id)
-			.then(() => {
-				return internalPassthroughHost.get(access, {id: data.id});
-			})
-			.then((row) => {
-				if (!row) {
-					throw new error.ItemNotFoundError(data.id);
-				}
-
-				return passthroughHostModel
-					.query()
-					.where('id', row.id)
-					.patch({
-						is_deleted: 1
-					})
-					.then(() => {
-						// Update Nginx Config
-						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
-							.then(() => {
-								return internalNginx.reload();
-							});
-					})
-					.then(() => {
-						// Add to audit log
-						return internalAuditLog.add(access, {
-							action:      'deleted',
-							object_type: 'ssl-passthrough-host',
-							object_id:   row.id,
-							meta:        _.omit(row, omissions())
-						});
-					});
-			})
-			.then(() => {
-				return true;
-			});
-	},
-
-	/**
-	 * @param {Access}  access
-	 * @param {Object}  data
-	 * @param {Number}  data.id
-	 * @param {String}  [data.reason]
-	 * @returns {Promise}
-	 */
-	enable: (access, data) => {
-		return access.can('ssl_passthrough_hosts:update', data.id)
-			.then(() => {
-				return internalPassthroughHost.get(access, {
-					id:     data.id,
-					expand: ['owner']
-				});
-			})
-			.then((row) => {
-				if (!row) {
-					throw new error.ItemNotFoundError(data.id);
-				} else if (row.enabled) {
-					throw new error.ValidationError('Host is already enabled');
-				}
-
-				row.enabled = 1;
-
-				return passthroughHostModel
-					.query()
-					.where('id', row.id)
-					.patch({
-						enabled: 1
-					})
-					.then(() => {
-						// Configure nginx
-						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {});
-					})
-					.then(() => {
-						// Add to audit log
-						return internalAuditLog.add(access, {
-							action:      'enabled',
-							object_type: 'ssl-passthrough-host',
-							object_id:   row.id,
-							meta:        _.omit(row, omissions())
-						});
-					});
-			})
-			.then(() => {
-				return true;
-			});
-	},
-
-	/**
-	 * @param {Access}  access
-	 * @param {Object}  data
-	 * @param {Number}  data.id
-	 * @param {String}  [data.reason]
-	 * @returns {Promise}
-	 */
-	disable: (access, data) => {
-		return access.can('ssl_passthrough_hosts:update', data.id)
-			.then(() => {
-				return internalPassthroughHost.get(access, {id: data.id});
-			})
-			.then((row) => {
-				if (!row) {
-					throw new error.ItemNotFoundError(data.id);
-				} else if (!row.enabled) {
-					throw new error.ValidationError('Host is already disabled');
-				}
-
-				row.enabled = 0;
-
-				return passthroughHostModel
-					.query()
-					.where('id', row.id)
-					.patch({
-						enabled: 0
-					})
-					.then(() => {
-						// Update Nginx Config
-						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
-							.then(() => {
-								return internalNginx.reload();
-							});
-					})
-					.then(() => {
-						// Add to audit log
-						return internalAuditLog.add(access, {
-							action:      'disabled',
-							object_type: 'ssl-passthrough-host',
-							object_id:   row.id,
-							meta:        _.omit(row, omissions())
-						});
-					});
-			})
-			.then(() => {
-				return true;
-			});
-	},
-
-	/**
-	 * All SSL Passthrough Hosts
-	 *
-	 * @param   {Access}  access
-	 * @param   {Array}   [expand]
-	 * @param   {String}  [search_query]
-	 * @returns {Promise}
-	 */
-	getAll: (access, expand, search_query) => {
-		return access.can('ssl_passthrough_hosts:list')
-			.then((access_data) => {
-				let query = passthroughHostModel
-					.query()
-					.where('is_deleted', 0)
-					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[owner]')
-					.orderBy('domain_name', 'ASC');
-
-				if (access_data.permission_visibility !== 'all') {
-					query.andWhere('owner_user_id', access.token.getUserId(1));
-				}
-
-				// Query is used for searching
-				if (typeof search_query === 'string') {
-					query.where(function () {
-						this.where('domain_name', 'like', '%' + search_query + '%');
-					});
-				}
-
-				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
-				}
-
-				return query;
-			});
-	},
-
-	/**
-	 * Report use
-	 *
-	 * @param   {Number}  user_id
-	 * @param   {String}  visibility
-	 * @returns {Promise}
-	 */
-	getCount: (user_id, visibility) => {
-		let query = passthroughHostModel
-			.query()
-			.count('id as count')
-			.where('is_deleted', 0);
-
-		if (visibility !== 'all') {
-			query.andWhere('owner_user_id', user_id);
-		}
-
-		return query.first()
-			.then((row) => {
-				return parseInt(row.count, 10);
-			});
-	}
-};
-
-module.exports = internalPassthroughHost;
--- a/backend/internal/stream.js
+++ b/backend/internal/stream.js
@ -1,5 +1,6 @@
 const _                = require('lodash');
 const error            = require('../lib/error');
+const utils            = require('../lib/utils');
 const streamModel      = require('../models/stream');
 const internalNginx    = require('./nginx');
 const internalAuditLog = require('./audit-log');
@ -27,8 +28,8 @@ const internalStream = {

 				return streamModel
 					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
+					.insertAndFetch(data)
+					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				// Configure nginx
@ -71,8 +72,8 @@ const internalStream = {

 				return streamModel
 					.query()
-					.omit(omissions())
 					.patchAndFetchById(row.id, data)
+					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						return internalNginx.configure(streamModel, 'stream', saved_row)
 							.then(() => {
@ -88,7 +89,7 @@ const internalStream = {
 							meta:        data
 						})
 							.then(() => {
-								return _.omit(saved_row, omissions());
+								return saved_row;
 							});
 					});
 			});
@ -113,30 +114,28 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner]')
+					.allowGraph('[owner]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -298,8 +297,7 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[owner]')
+					.allowGraph('[owner]')
 					.orderBy('incoming_port', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
@ -314,10 +312,10 @@ const internalStream = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			});
 	},

--- a/backend/internal/token.js
+++ b/backend/internal/token.js
@ -24,7 +24,7 @@ module.exports = {

 		return userModel
 			.query()
-			.where('email', data.identity)
+			.where('email', data.identity.toLowerCase().trim())
 			.andWhere('is_deleted', 0)
 			.andWhere('is_disabled', 0)
 			.first()
--- a/backend/internal/user.js
+++ b/backend/internal/user.js
@ -1,5 +1,6 @@
 const _                   = require('lodash');
 const error               = require('../lib/error');
+const utils               = require('../lib/utils');
 const userModel           = require('../models/user');
 const userPermissionModel = require('../models/user_permission');
 const authModel           = require('../models/auth');
@ -35,8 +36,8 @@ const internalUser = {

 				return userModel
 					.query()
-					.omit(omissions())
-					.insertAndFetch(data);
+					.insertAndFetch(data)
+					.then(utils.omitRow(omissions()));
 			})
 			.then((user) => {
 				if (auth) {
@ -62,15 +63,14 @@ const internalUser = {
 				return userPermissionModel
 					.query()
 					.insert({
-						user_id:               user.id,
-						visibility:            is_admin ? 'all' : 'user',
-						proxy_hosts:           'manage',
-						redirection_hosts:     'manage',
-						dead_hosts:            'manage',
-						ssl_passthrough_hosts: 'manage',
-						streams:               'manage',
-						access_lists:          'manage',
-						certificates:          'manage'
+						user_id:           user.id,
+						visibility:        is_admin ? 'all' : 'user',
+						proxy_hosts:       'manage',
+						redirection_hosts: 'manage',
+						dead_hosts:        'manage',
+						streams:           'manage',
+						access_lists:      'manage',
+						certificates:      'manage'
 					})
 					.then(() => {
 						return internalUser.get(access, {id: user.id, expand: ['permissions']});
@ -141,11 +141,8 @@ const internalUser = {

 				return userModel
 					.query()
-					.omit(omissions())
 					.patchAndFetchById(user.id, data)
-					.then((saved_user) => {
-						return _.omit(saved_user, omissions());
-					});
+					.then(utils.omitRow(omissions()));
 			})
 			.then(() => {
 				return internalUser.get(access, {id: data.id});
@ -187,26 +184,24 @@ const internalUser = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[permissions]')
+					.allowGraph('[permissions]')
 					.first();

-				// Custom omissions
-				if (typeof data.omit !== 'undefined' && data.omit !== null) {
-					query.omit(data.omit);
-				}
-
 				if (typeof data.expand !== 'undefined' && data.expand !== null) {
-					query.eager('[' + data.expand.join(', ') + ']');
+					query.withGraphFetched('[' + data.expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (row) {
-					return _.omit(row, omissions());
-				} else {
+				if (!row) {
 					throw new error.ItemNotFoundError(data.id);
 				}
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					row = _.omit(row, data.omit);
+				}
+				return row;
 			});
 	},

@ -323,8 +318,7 @@ const internalUser = {
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.omit(['is_deleted'])
-					.allowEager('[permissions]')
+					.allowGraph('[permissions]')
 					.orderBy('name', 'ASC');

 				// Query is used for searching
@ -336,10 +330,10 @@ const internalUser = {
 				}

 				if (typeof expand !== 'undefined' && expand !== null) {
-					query.eager('[' + expand.join(', ') + ']');
+					query.withGraphFetched('[' + expand.join(', ') + ']');
 				}

-				return query;
+				return query.then(utils.omitRows(omissions()));
 			});
 	},

--- a/backend/lib/access.js
+++ b/backend/lib/access.js
@ -55,8 +55,8 @@ module.exports = function (token_string) {
 								.where('id', token_data.attrs.id)
 								.andWhere('is_deleted', 0)
 								.andWhere('is_disabled', 0)
-								.allowEager('[permissions]')
-								.eager('[permissions]')
+								.allowGraph('[permissions]')
+								.withGraphFetched('[permissions]')
 								.first()
 								.then((user) => {
 									if (user) {
--- a/backend/lib/access/ssl_passthrough_hosts-create.json
+++ b/backend/lib/access/ssl_passthrough_hosts-create.json
@ -1,23 +0,0 @@
-{
-	"anyOf": [
-		{
-			"$ref": "roles#/definitions/admin"
-		},
-		{
-			"type": "object",
-			"required": ["permission_ssl_passthrough_hosts", "roles"],
-			"properties": {
-				"permission_ssl_passthrough_hosts": {
-					"$ref": "perms#/definitions/manage"
-				},
-				"roles": {
-					"type": "array",
-					"items": {
-						"type": "string",
-						"enum": ["user"]
-					}
-				}
-			}
-		}
-	]
-}
--- a/backend/lib/access/ssl_passthrough_hosts-delete.json
+++ b/backend/lib/access/ssl_passthrough_hosts-delete.json
@ -1,23 +0,0 @@
-{
-	"anyOf": [
-		{
-			"$ref": "roles#/definitions/admin"
-		},
-		{
-			"type": "object",
-			"required": ["permission_ssl_passthrough_hosts", "roles"],
-			"properties": {
-				"permission_ssl_passthrough_hosts": {
-					"$ref": "perms#/definitions/manage"
-				},
-				"roles": {
-					"type": "array",
-					"items": {
-						"type": "string",
-						"enum": ["user"]
-					}
-				}
-			}
-		}
-	]
-}
--- a/backend/lib/access/ssl_passthrough_hosts-get.json
+++ b/backend/lib/access/ssl_passthrough_hosts-get.json
@ -1,23 +0,0 @@
-{
-	"anyOf": [
-		{
-			"$ref": "roles#/definitions/admin"
-		},
-		{
-			"type": "object",
-			"required": ["permission_ssl_passthrough_hosts", "roles"],
-			"properties": {
-				"permission_ssl_passthrough_hosts": {
-					"$ref": "perms#/definitions/view"
-				},
-				"roles": {
-					"type": "array",
-					"items": {
-						"type": "string",
-						"enum": ["user"]
-					}
-				}
-			}
-		}
-	]
-}
--- a/backend/lib/access/ssl_passthrough_hosts-list.json
+++ b/backend/lib/access/ssl_passthrough_hosts-list.json
@ -1,23 +0,0 @@
-{
-	"anyOf": [
-		{
-			"$ref": "roles#/definitions/admin"
-		},
-		{
-			"type": "object",
-			"required": ["permission_ssl_passthrough_hosts", "roles"],
-			"properties": {
-				"permission_ssl_passthrough_hosts": {
-					"$ref": "perms#/definitions/view"
-				},
-				"roles": {
-					"type": "array",
-					"items": {
-						"type": "string",
-						"enum": ["user"]
-					}
-				}
-			}
-		}
-	]
-}
--- a/backend/lib/access/ssl_passthrough_hosts-update.json
+++ b/backend/lib/access/ssl_passthrough_hosts-update.json
@ -1,23 +0,0 @@
-{
-	"anyOf": [
-		{
-			"$ref": "roles#/definitions/admin"
-		},
-		{
-			"type": "object",
-			"required": ["permission_ssl_passthrough_hosts", "roles"],
-			"properties": {
-				"permission_ssl_passthrough_hosts": {
-					"$ref": "perms#/definitions/manage"
-				},
-				"roles": {
-					"type": "array",
-					"items": {
-						"type": "string",
-						"enum": ["user"]
-					}
-				}
-			}
-		}
-	]
-}
--- a/backend/lib/utils.js
+++ b/backend/lib/utils.js
@ -1,4 +1,8 @@
-const exec = require('child_process').exec;
+const _          = require('lodash');
+const exec       = require('child_process').exec;
+const execFile   = require('child_process').execFile;
+const { Liquid } = require('liquidjs');
+const logger     = require('../logger').global;

 module.exports = {

@ -16,5 +20,82 @@ module.exports = {
 				}
 			});
 		});
+	},
+
+	/**
+	 * @param   {String} cmd
+	 * @param   {Array}  args
+	 * @returns {Promise}
+	 */
+	execFile: function (cmd, args) {
+		logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
+		return new Promise((resolve, reject) => {
+			execFile(cmd, args, function (err, stdout, /*stderr*/) {
+				if (err && typeof err === 'object') {
+					reject(err);
+				} else {
+					resolve(stdout.trim());
+				}
+			});
+		});
+	},
+
+	/**
+	 * Used in objection query builder
+	 *
+	 * @param   {Array}  omissions
+	 * @returns {Function}
+	 */
+	omitRow: function (omissions) {
+		/**
+		 * @param   {Object} row
+		 * @returns {Object}
+		 */
+		return (row) => {
+			return _.omit(row, omissions);
+		};
+	},
+
+	/**
+	 * Used in objection query builder
+	 *
+	 * @param   {Array}  omissions
+	 * @returns {Function}
+	 */
+	omitRows: function (omissions) {
+		/**
+		 * @param   {Array} rows
+		 * @returns {Object}
+		 */
+		return (rows) => {
+			rows.forEach((row, idx) => {
+				rows[idx] = _.omit(row, omissions);
+			});
+			return rows;
+		};
+	},
+
+	/**
+	 * @returns {Object} Liquid render engine
+	 */
+	getRenderEngine: function () {
+		const renderEngine = new Liquid({
+			root: __dirname + '/../templates/'
+		});
+
+		/**
+		 * nginxAccessRule expects the object given to have 2 properties:
+		 *
+		 * directive  string
+		 * address    string
+		 */
+		renderEngine.registerFilter('nginxAccessRule', (v) => {
+			if (typeof v.directive !== 'undefined' && typeof v.address !== 'undefined' && v.directive && v.address) {
+				return `${v.directive} ${v.address};`;
+			}
+			return '';
+		});
+
+		return renderEngine;
 	}
 };
--- a/backend/migrations/20211010141200_ssl_passthrough_host.js
+++ b/backend/migrations/20211010141200_ssl_passthrough_host.js
@ -1,85 +0,0 @@
-const migrate_name = 'ssl_passthrough_host';
-const logger       = require('../logger').migrate;
-
-/**
-	* Migrate
-	*
-	* @see http://knexjs.org/#Schema
-	*
-	* @param   {Object} knex
-	* @param   {Promise} Promise
-	* @returns {Promise}
-	*/
-exports.up = async function (knex/*, Promise*/) {
-	logger.info('[' + migrate_name + '] Migrating Up...');
-
-	await knex.schema.createTable('ssl_passthrough_host', (table) => {
-		table.increments().primary();
-		table.dateTime('created_on').notNull();
-		table.dateTime('modified_on').notNull();
-		table.integer('owner_user_id').notNull().unsigned();
-		table.integer('is_deleted').notNull().unsigned().defaultTo(0);
-		table.string('domain_name').notNull();
-		table.string('forwarding_host').notNull();
-		table.integer('forwarding_port').notNull().unsigned();
-		table.integer('enabled').notNull().unsigned().defaultTo(1);
-		table.json('meta').notNull();
-	});
-
-	logger.info('[' + migrate_name + '] Table created');
-
-	// Remove unique constraint so name can be used for new table
-	await knex.schema.alterTable('user_permission', (table) => {
-		table.dropUnique('user_id');
-	});
-
-	await knex.schema.renameTable('user_permission', 'user_permission_old');
-
-	// We need to recreate the table since sqlite does not support altering columns
-	await knex.schema.createTable('user_permission', (table) => {
-		table.increments().primary();
-		table.dateTime('created_on').notNull();
-		table.dateTime('modified_on').notNull();
-		table.integer('user_id').notNull().unsigned();
-		table.string('visibility').notNull();
-		table.string('proxy_hosts').notNull();
-		table.string('redirection_hosts').notNull();
-		table.string('dead_hosts').notNull();
-		table.string('streams').notNull();
-		table.string('ssl_passthrough_hosts').notNull();
-		table.string('access_lists').notNull();
-		table.string('certificates').notNull();
-		table.unique('user_id');
-	});
-
-	await knex('user_permission_old').select('*', 'streams as ssl_passthrough_hosts').then((data) => {
-		if (data.length) {
-			return knex('user_permission').insert(data);
-		}
-		return Promise.resolve();
-	});
-
-	await knex.schema.dropTableIfExists('user_permission_old');
-
-	logger.info('[' + migrate_name + '] permissions updated');
-};
-
-/**
-	* Undo Migrate
-	*
-	* @param   {Object} knex
-	* @param   {Promise} Promise
-	* @returns {Promise}
-	*/
-exports.down = function (knex/*, Promise*/) {
-	logger.info('[' + migrate_name + '] Migrating Down...');
-
-	return knex.schema.dropTable('stream').then(() => {
-		return knex.schema.table('user_permission', (table) => {
-			table.dropColumn('ssl_passthrough_hosts');
-		});
-	})
-		.then(function () {
-			logger.info('[' + migrate_name + '] Table altered and permissions updated');
-		});
-};
--- a/backend/migrations/20211108145214_regenerate_default_host.js
+++ b/backend/migrations/20211108145214_regenerate_default_host.js
@ -0,0 +1,50 @@
+const migrate_name  = 'stream_domain';
+const logger        = require('../logger').migrate;
+const internalNginx = require('../internal/nginx');
+
+async function regenerateDefaultHost(knex) {
+	const row = await knex('setting').select('*').where('id', 'default-site').first();
+
+	if (!row) {
+		return Promise.resolve();
+	}
+
+	return internalNginx.deleteConfig('default')
+		.then(() => {
+			return internalNginx.generateConfig('default', row);
+		})
+		.then(() => {
+			return internalNginx.test();
+		})
+		.then(() => {
+			return internalNginx.reload();
+		});
+}
+
+/**
+	* Migrate
+	*
+	* @see http://knexjs.org/#Schema
+	*
+	* @param   {Object} knex
+	* @param   {Promise} Promise
+	* @returns {Promise}
+	*/
+exports.up = function (knex) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return regenerateDefaultHost(knex);
+};
+
+/**
+	* Undo Migrate
+	*
+	* @param   {Object} knex
+	* @param   {Promise} Promise
+	* @returns {Promise}
+	*/
+exports.down = function (knex) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return regenerateDefaultHost(knex);
+};
--- a/backend/models/access_list.js
+++ b/backend/models/access_list.js
@ -50,7 +50,6 @@ class AccessList extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			items: {
@ -59,9 +58,6 @@ class AccessList extends Model {
 				join:       {
 					from: 'access_list.id',
 					to:   'access_list_auth.access_list_id'
-				},
-				modify: function (qb) {
-					qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
 				}
 			},
 			clients: {
@ -70,9 +66,6 @@ class AccessList extends Model {
 				join:       {
 					from: 'access_list.id',
 					to:   'access_list_client.access_list_id'
-				},
-				modify: function (qb) {
-					qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
 				}
 			},
 			proxy_hosts: {
@ -84,19 +77,10 @@ class AccessList extends Model {
 				},
 				modify: function (qb) {
 					qb.where('proxy_host.is_deleted', 0);
-					qb.omit(['is_deleted', 'meta']);
 				}
 			}
 		};
 	}
-
-	get satisfy() {
-		return this.satisfy_any ? 'satisfy any' : 'satisfy all';
-	}
-
-	get passauth() {
-		return this.pass_auth ? '' : 'proxy_set_header Authorization "";';
-	}
 }

 module.exports = AccessList;
--- a/backend/models/access_list_auth.js
+++ b/backend/models/access_list_auth.js
@ -45,7 +45,6 @@ class AccessListAuth extends Model {
 				},
 				modify: function (qb) {
 					qb.where('access_list.is_deleted', 0);
-					qb.omit(['created_on', 'modified_on', 'is_deleted', 'access_list_id']);
 				}
 			}
 		};
--- a/backend/models/access_list_client.js
+++ b/backend/models/access_list_client.js
@ -45,15 +45,10 @@ class AccessListClient extends Model {
 				},
 				modify: function (qb) {
 					qb.where('access_list.is_deleted', 0);
-					qb.omit(['created_on', 'modified_on', 'is_deleted', 'access_list_id']);
 				}
 			}
 		};
 	}
-
-	get rule() {
-		return `${this.directive} ${this.address}`;
-	}
 }

 module.exports = AccessListClient;
--- a/backend/models/audit-log.js
+++ b/backend/models/audit-log.js
@ -43,9 +43,6 @@ class AuditLog extends Model {
 				join:       {
 					from: 'audit_log.user_id',
 					to:   'user.id'
-				},
-				modify: function (qb) {
-					qb.omit(['id', 'created_on', 'modified_on', 'roles']);
 				}
 			}
 		};
--- a/backend/models/auth.js
+++ b/backend/models/auth.js
@ -74,9 +74,6 @@ class Auth extends Model {
 				},
 				filter: {
 					is_deleted: 0
-				},
-				modify: function (qb) {
-					qb.omit(['is_deleted']);
 				}
 			}
 		};
--- a/backend/models/certificate.js
+++ b/backend/models/certificate.js
@ -63,7 +63,6 @@ class Certificate extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			}
 		};
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@ -59,7 +59,6 @@ class DeadHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			certificate: {
@ -71,7 +70,6 @@ class DeadHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			}
 		};
--- a/backend/models/now_helper.js
+++ b/backend/models/now_helper.js
@ -6,8 +6,8 @@ Model.knex(db);

 module.exports = function () {
 	if (config.database.knex && config.database.knex.client === 'sqlite3') {
-		return Model.raw('datetime(\'now\',\'localtime\')');
-	} else {
-		return Model.raw('NOW()');
+		// eslint-disable-next-line
+		return Model.raw("datetime('now','localtime')");
 	}
+	return Model.raw('NOW()');
 };
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@ -60,7 +60,6 @@ class ProxyHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			access_list: {
@ -72,7 +71,6 @@ class ProxyHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('access_list.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			},
 			certificate: {
@ -84,7 +82,6 @@ class ProxyHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			}
 		};
--- a/backend/models/redirection_host.js
+++ b/backend/models/redirection_host.js
@ -1,3 +1,4 @@
+
 // Objection Docs:
 // http://vincit.github.io/objection.js/

@ -59,7 +60,6 @@ class RedirectionHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			},
 			certificate: {
@ -71,7 +71,6 @@ class RedirectionHost extends Model {
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
 				}
 			}
 		};
--- a/backend/models/ssl_passthrough_host.js
+++ b/backend/models/ssl_passthrough_host.js
@ -1,56 +0,0 @@
-// Objection Docs:
-// http://vincit.github.io/objection.js/
-
-const db    = require('../db');
-const Model = require('objection').Model;
-const User  = require('./user');
-const now   = require('./now_helper');
-
-Model.knex(db);
-
-class SslPassthrougHost extends Model {
-	$beforeInsert () {
-		this.created_on  = now();
-		this.modified_on = now();
-
-		// Default for meta
-		if (typeof this.meta === 'undefined') {
-			this.meta = {};
-		}
-	}
-
-	$beforeUpdate () {
-		this.modified_on = now();
-	}
-
-	static get name () {
-		return 'SslPassthrougHost';
-	}
-
-	static get tableName () {
-		return 'ssl_passthrough_host';
-	}
-
-	static get jsonAttributes () {
-		return ['meta'];
-	}
-
-	static get relationMappings () {
-		return {
-			owner: {
-				relation:   Model.HasOneRelation,
-				modelClass: User,
-				join:       {
-					from: 'ssl_passthrough_host.owner_user_id',
-					to:   'user.id'
-				},
-				modify: function (qb) {
-					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
-				}
-			}
-		};
-	}
-}
-
-module.exports = SslPassthrougHost;
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@ -46,7 +46,6 @@ class Stream extends Model {
 				},
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
-					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
 				}
 			}
 		};
--- a/backend/models/token.js
+++ b/backend/models/token.js
@ -83,8 +83,6 @@ module.exports = function () {
 								// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
 								// For 30 days at least, we need to replace 'all' with user.
 								if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
-									//console.log('Warning! Replacing "all" scope with "user"');
-
 									token_data.scope = ['user'];
 								}

--- a/backend/models/user.js
+++ b/backend/models/user.js
@ -43,9 +43,6 @@ class User extends Model {
 				join:       {
 					from: 'user.id',
 					to:   'user_permission.user_id'
-				},
-				modify: function (qb) {
-					qb.omit(['id', 'created_on', 'modified_on', 'user_id']);
 				}
 			}
 		};
--- a/backend/package.json
+++ b/backend/package.json
@ -11,28 +11,23 @@
 		"body-parser": "^1.19.0",
 		"compression": "^1.7.4",
 		"config": "^3.3.1",
-		"diskdb": "^0.1.17",
-		"express": "^4.17.1",
+		"express": "^4.17.3",
 		"express-fileupload": "^1.1.9",
 		"gravatar": "^1.8.0",
-		"html-entities": "^1.2.1",
 		"json-schema-ref-parser": "^8.0.0",
-		"jsonwebtoken": "^8.5.1",
-		"knex": "^0.20.13",
-		"liquidjs": "^9.11.10",
+		"jsonwebtoken": "^9.0.0",
+		"knex": "2.4.2",
+		"liquidjs": "10.6.1",
 		"lodash": "^4.17.21",
-		"moment": "^2.24.0",
+		"moment": "^2.29.4",
 		"mysql": "^2.18.1",
 		"node-rsa": "^1.0.8",
 		"nodemon": "^2.0.2",
-		"objection": "^2.2.16",
+		"objection": "3.0.1",
 		"path": "^0.12.7",
-		"pg": "^7.12.1",
-		"restler": "^3.4.0",
-		"signale": "^1.4.0",
-		"sqlite3": "^4.1.1",
-		"temp-write": "^4.0.0",
-		"unix-timestamp": "^0.2.0"
+		"signale": "1.4.0",
+		"sqlite3": "5.1.6",
+		"temp-write": "^4.0.0"
 	},
 	"signale": {
 		"displayDate": true,
--- a/backend/routes/api/main.js
+++ b/backend/routes/api/main.js
@ -1,7 +1,6 @@
-const express       = require('express');
-const pjson         = require('../../package.json');
-const error         = require('../../lib/error');
-const internalNginx = require('../../internal/nginx');
+const express = require('express');
+const pjson   = require('../../package.json');
+const error   = require('../../lib/error');

 let router = express.Router({
 	caseSensitive: true,
@ -35,18 +34,10 @@ router.use('/settings', require('./settings'));
 router.use('/nginx/proxy-hosts', require('./nginx/proxy_hosts'));
 router.use('/nginx/redirection-hosts', require('./nginx/redirection_hosts'));
 router.use('/nginx/dead-hosts', require('./nginx/dead_hosts'));
-router.use('/nginx/ssl-passthrough-hosts', require('./nginx/ssl_passthrough_hosts'));
 router.use('/nginx/streams', require('./nginx/streams'));
 router.use('/nginx/access-lists', require('./nginx/access_lists'));
 router.use('/nginx/certificates', require('./nginx/certificates'));

-router.get('/ssl-passthrough-enabled', (req, res/*, next*/) => {
-	res.status(200).send({
-		status:                  'OK',
-		ssl_passthrough_enabled: internalNginx.sslPassthroughEnabled()
-	});
-});
-
 /**
 * API 404 for all other routes
 *
--- a/backend/routes/api/nginx/certificates.js
+++ b/backend/routes/api/nginx/certificates.js
@ -68,6 +68,32 @@ router
 			.catch(next);
 	});

+/**
+ * Test HTTP challenge for domains
+ *
+ * /api/nginx/certificates/test-http
+ */
+router
+	.route('/test-http')
+	.options((req, res) => {
+		res.sendStatus(204);
+	})
+	.all(jwtdecode())
+
+/**
+ * GET /api/nginx/certificates/test-http
+ *
+ * Test HTTP challenge for domains
+ */
+	.get((req, res, next) => {
+		internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
+			.then((result) => {
+				res.status(200)
+					.send(result);
+			})
+			.catch(next);
+	});
+
 /**
 * Specific certificate
 *
@ -209,7 +235,6 @@ router
 			.catch(next);
 	});

-
 /**
 * Download LE Certs
 *
--- a/backend/routes/api/nginx/ssl_passthrough_hosts.js
+++ b/backend/routes/api/nginx/ssl_passthrough_hosts.js
@ -1,196 +0,0 @@
-const express                = require('express');
-const validator              = require('../../../lib/validator');
-const jwtdecode              = require('../../../lib/express/jwt-decode');
-const internalSslPassthrough = require('../../../internal/ssl-passthrough-host'); 
-const apiValidator           = require('../../../lib/validator/api');
-
-let router = express.Router({
-	caseSensitive: true,
-	strict:        true,
-	mergeParams:   true
-});
-
-/**
- * /api/nginx/ssl-passthrough-hosts
- */
-router
-	.route('/')
-	.options((req, res) => {
-		res.sendStatus(204);
-	})
-	.all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes
-
-	/**
-	 * GET /api/nginx/ssl-passthrough-hosts
-	 *
-	 * Retrieve all ssl passthrough hosts
-	 */
-	.get((req, res, next) => {
-		validator({
-			additionalProperties: false,
-			properties:           {
-				expand: {
-					$ref: 'definitions#/definitions/expand'
-				},
-				query: {
-					$ref: 'definitions#/definitions/query'
-				}
-			}
-		}, {
-			expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
-			query:  (typeof req.query.query === 'string' ? req.query.query : null)
-		})
-			.then((data) => {
-				return internalSslPassthrough.getAll(res.locals.access, data.expand, data.query);
-			})
-			.then((rows) => {
-				res.status(200)
-					.send(rows);
-			})
-			.catch(next);
-	})
-
-	/**
-	 * POST /api/nginx/ssl-passthrough-hosts
-	 *
-	 * Create a new ssl passthrough host
-	 */
-	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/ssl-passthrough-hosts#/links/1/schema'}, req.body)
-			.then((payload) => {
-				return internalSslPassthrough.create(res.locals.access, payload);
-			})
-			.then((result) => {
-				res.status(201)
-					.send(result);
-			})
-			.catch(next);
-	});
-
-/**
- * Specific ssl passthrough host
- *
- * /api/nginx/ssl-passthrough-hosts/123
- */
-router
-	.route('/:host_id')
-	.options((req, res) => {
-		res.sendStatus(204);
-	})
-	.all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes
-
-	/**
-	 * GET /api/nginx/ssl-passthrough-hosts/123
-	 *
-	 * Retrieve a specific ssl passthrough host
-	 */
-	.get((req, res, next) => {
-		validator({
-			required:             ['host_id'],
-			additionalProperties: false,
-			properties:           {
-				host_id: {
-					$ref: 'definitions#/definitions/id'
-				},
-				expand: {
-					$ref: 'definitions#/definitions/expand'
-				}
-			}
-		}, {
-			host_id: req.params.host_id,
-			expand:  (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
-		})
-			.then((data) => {
-				return internalSslPassthrough.get(res.locals.access, {
-					id:     parseInt(data.host_id, 10),
-					expand: data.expand
-				});
-			})
-			.then((row) => {
-				res.status(200)
-					.send(row);
-			})
-			.catch(next);
-	})
-
-	/**
-	 * PUT /api/nginx/ssl-passthrough-hosts/123
-	 *
-	 * Update an existing ssl passthrough host
-	 */
-	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/ssl-passthrough-hosts#/links/2/schema'}, req.body)
-			.then((payload) => {
-				payload.id = parseInt(req.params.host_id, 10);
-				return internalSslPassthrough.update(res.locals.access, payload);
-			})
-			.then((result) => {
-				res.status(200)
-					.send(result);
-			})
-			.catch(next);
-	})
-
-	/**
-	 * DELETE /api/nginx/ssl-passthrough-hosts/123
-	 *
-	 * Delete an ssl passthrough host
-	 */
-	.delete((req, res, next) => {
-		internalSslPassthrough.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
-			.then((result) => {
-				res.status(200)
-					.send(result);
-			})
-			.catch(next);
-	});
-
-/**
- * Enable ssl passthrough host
- *
- * /api/nginx/ssl-passthrough-hosts/123/enable
- */
-router
-	.route('/:host_id/enable')
-	.options((req, res) => {
-		res.sendStatus(204);
-	})
-	.all(jwtdecode())
-
-	/**
-	 * POST /api/nginx/ssl-passthrough-hosts/123/enable
-	 */
-	.post((req, res, next) => {
-		internalSslPassthrough.enable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
-			.then((result) => {
-				res.status(200)
-					.send(result);
-			})
-			.catch(next);
-	});
-
-/**
- * Disable ssl passthrough host
- *
- * /api/nginx/ssl-passthrough-hosts/123/disable
- */
-router
-	.route('/:host_id/disable')
-	.options((req, res) => {
-		res.sendStatus(204);
-	})
-	.all(jwtdecode())
-
-	/**
-	 * POST /api/nginx/ssl-passthrough-hosts/123/disable
-	 */
-	.post((req, res, next) => {
-		internalSslPassthrough.disable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
-			.then((result) => {
-				res.status(200)
-					.send(result);
-			})
-			.catch(next);
-	});
-
-module.exports = router;
--- a/backend/schema/endpoints/certificates.json
+++ b/backend/schema/endpoints/certificates.json
@ -157,6 +157,17 @@
      "targetSchema": {
        "type": "boolean"
      }
+    },
+    {
+      "title": "Test HTTP Challenge",
+      "description": "Tests whether the HTTP challenge should work",
+      "href": "/nginx/certificates/{definitions.identity.example}/test-http",
+      "access": "private",
+      "method": "GET",
+      "rel": "info",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      }
    }
  ]
 }
--- a/backend/schema/endpoints/ssl-passthrough-hosts.json
+++ b/backend/schema/endpoints/ssl-passthrough-hosts.json
@ -1,208 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/ssl-passthrough-hosts",
-  "title": "SSL Passthrough Hosts",
-  "description": "Endpoints relating to SSL Passthrough Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_name": {
-      "$ref": "../definitions.json#/definitions/domain_name"
-    },
-    "forwarding_host": {
-      "anyOf": [
-        {
-          "$ref": "../definitions.json#/definitions/domain_name"
-        },
-        {
-          "type": "string",
-          "format": "ipv4"
-        },
-        {
-          "type": "string",
-          "format": "ipv6"
-        }
-      ]
-    },
-    "forwarding_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_name": {
-      "$ref": "#/definitions/domain_name"
-    },
-    "forwarding_host": {
-      "$ref": "#/definitions/forwarding_host"
-    },
-    "forwarding_port": {
-      "$ref": "#/definitions/forwarding_port"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of SSL Passthrough Hosts",
-      "href": "/nginx/ssl-passthrough-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new SSL Passthrough Host",
-      "href": "/nginx/ssl-passthrough-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_name",
-          "forwarding_host",
-          "forwarding_port"
-        ],
-        "properties": {
-          "domain_name": {
-            "$ref": "#/definitions/domain_name"
-          },
-          "forwarding_host": {
-            "$ref": "#/definitions/forwarding_host"
-          },
-          "forwarding_port": {
-            "$ref": "#/definitions/forwarding_port"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing SSL Passthrough Host",
-      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_name": {
-            "$ref": "#/definitions/domain_name"
-          },
-          "forwarding_host": {
-            "$ref": "#/definitions/forwarding_host"
-          },
-          "forwarding_port": {
-            "$ref": "#/definitions/forwarding_port"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing SSL Passthrough Host",
-      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing SSL Passthrough Host",
-      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing SSL Passthrough Host",
-      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}
--- a/backend/schema/index.json
+++ b/backend/schema/index.json
@ -26,9 +26,6 @@
    "dead-hosts": {
      "$ref": "endpoints/dead-hosts.json"
    },
-    "ssl-passthrough-hosts": {
-      "$ref": "endpoints/ssl-passthrough-hosts.json"
-    },
    "streams": {
      "$ref": "endpoints/streams.json"
    },
--- a/backend/setup.js
+++ b/backend/setup.js
@ -1,17 +1,15 @@
-const fs                   = require('fs');
-const NodeRSA              = require('node-rsa');
-const config               = require('config');
-const logger               = require('./logger').setup;
-const certificateModel     = require('./models/certificate');
-const userModel            = require('./models/user');
-const userPermissionModel  = require('./models/user_permission');
-const utils                = require('./lib/utils');
-const authModel            = require('./models/auth');
-const settingModel         = require('./models/setting');
-const passthroughHostModel = require('./models/ssl_passthrough_host');
-const dns_plugins          = require('./global/certbot-dns-plugins');
-const internalNginx        = require('./internal/nginx');
-const debug_mode           = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
+const fs                  = require('fs');
+const NodeRSA             = require('node-rsa');
+const config              = require('config');
+const logger              = require('./logger').setup;
+const certificateModel    = require('./models/certificate');
+const userModel           = require('./models/user');
+const userPermissionModel = require('./models/user_permission');
+const utils               = require('./lib/utils');
+const authModel           = require('./models/auth');
+const settingModel        = require('./models/setting');
+const dns_plugins         = require('./global/certbot-dns-plugins');
+const debug_mode          = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;

 /**
 * Creates a new JWT RSA Keypair if not alread set on the config
@ -107,15 +105,14 @@ const setupDefaultUser = () => {
 							})
 							.then(() => {
 								return userPermissionModel.query().insert({
-									user_id:               user.id,
-									visibility:            'all',
-									proxy_hosts:           'manage',
-									redirection_hosts:     'manage',
-									dead_hosts:            'manage',
-									ssl_passthrough_hosts: 'manage',
-									streams:               'manage',
-									access_lists:          'manage',
-									certificates:          'manage',
+									user_id:           user.id,
+									visibility:        'all',
+									proxy_hosts:       'manage',
+									redirection_hosts: 'manage',
+									dead_hosts:        'manage',
+									streams:           'manage',
+									access_lists:      'manage',
+									certificates:      'manage',
 								});
 							});
 					})
@ -177,27 +174,29 @@ const setupCertbotPlugins = () => {

 				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
-						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
-						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;
+						const dns_plugin = dns_plugins[certificate.meta.dns_provider];

+						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;
 						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);

 						// Make sure credentials file exists
-						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; 
-						const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
+						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+						// Escape single quotes and backslashes
+						const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
+						const credentials_cmd    = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
 						promises.push(utils.exec(credentials_cmd));
 					}
 				});

 				if (plugins.length) {
-					const install_cmd = 'pip install ' + plugins.join(' ');
+					const install_cmd = '. /opt/certbot/bin/activate && pip install ' + plugins.join(' ') + ' && deactivate';
 					promises.push(utils.exec(install_cmd));
 				}

 				if (promises.length) {
 					return Promise.all(promises)
-						.then(() => { 
-							logger.info('Added Certbot plugins ' + plugins.join(', ')); 
+						.then(() => {
+							logger.info('Added Certbot plugins ' + plugins.join(', '));
 						});
 				}
 			}
@ -225,19 +224,10 @@ const setupLogrotation = () => {
 	return runLogrotate();
 };

-/**
- * Makes sure the ssl passthrough option is reflected in the nginx config
- * @returns {Promise}
- */
-const setupSslPassthrough = () => {
-	return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {});
-};
-
 module.exports = function () {
 	return setupJwt()
 		.then(setupDefaultUser)
 		.then(setupDefaultSettings)
 		.then(setupCertbotPlugins)
-		.then(setupLogrotation)
-		.then(setupSslPassthrough);
+		.then(setupLogrotation);
 };
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@ -0,0 +1,25 @@
+{% if access_list_id > 0 %}
+    {% if access_list.items.length > 0 %}
+    # Authorization
+    auth_basic            "Authorization required";
+    auth_basic_user_file  /data/access/{{ access_list_id }};
+
+    {% if access_list.pass_auth == 0 %}
+    proxy_set_header Authorization "";
+    {% endif %}
+
+    {% endif %}
+
+    # Access Rules: {{ access_list.clients | size }} total
+    {% for client in access_list.clients %}
+    {{client | nginxAccessRule}}
+    {% endfor %}
+    deny all;
+
+    # Access checks must...
+    {% if access_list.satisfy_any == 1 %}
+    satisfy any;
+    {% else %}
+    satisfy all;
+    {% endif %}
+{% endif %}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -1,36 +1,14 @@
  location {{ path }} {
-    set              $upstream {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       $upstream;
-
-    {% if access_list_id > 0 %}
-    {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
- 
-    {{ access_list.passauth }}
-    {% endif %}
- 
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
- 
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
- 
-    {% endif %}
+    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};

+    {% include "_access.conf" %}
    {% include "_assets.conf" %}
    {% include "_exploits.conf" %}
-
    {% include "_forced_ssl.conf" %}
    {% include "_hsts.conf" %}

--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@ -7,9 +7,9 @@
 server {
  listen 80 default;
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80 default;
 {% else -%}
-  #listen [::]:80;
+  #listen [::]:80 default;
 {% endif %}
  server_name default-host.localhost;
  access_log /data/logs/default-host_access.log combined;
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@ -30,27 +30,7 @@ proxy_http_version 1.1;

  location / {

-    {% if access_list_id > 0 %}
-    {% if access_list.items.length > 0 %}
-    # Authorization
-    auth_basic            "Authorization required";
-    auth_basic_user_file  /data/access/{{ access_list_id }};
-
-    {{ access_list.passauth }}
-    {% endif %}
-
-    # Access Rules
-    {% for client in access_list.clients %}
-    {{- client.rule -}};
-    {% endfor %}deny all;
-
-    # Access checks must...
-    {% if access_list.satisfy %}
-    {{ access_list.satisfy }};
-    {% endif %}
-
-    {% endif %}
-
+{% include "_access.conf" %}
 {% include "_hsts.conf" %}

    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
--- a/backend/templates/ssl_passthrough_host.conf
+++ b/backend/templates/ssl_passthrough_host.conf
@ -1,41 +0,0 @@
-# ------------------------------------------------------------
-# SSL Passthrough hosts
-# ------------------------------------------------------------
-
-map $ssl_preread_server_name $name {
-{% for host in all_passthrough_hosts %}
-{% if host.enabled %}
-  {{ host.domain_name }} ssl_passthrough_{{ host.domain_name }};
-{% endif %}
-{% endfor %}
-  default https_default_backend;
-}
-
-{% for host in all_passthrough_hosts %}
-{% if host.enabled %}
-upstream ssl_passthrough_{{ host.domain_name }} {
-  server {{host.forwarding_host}}:{{host.forwarding_port}};
-}
-{% endif %}
-{% endfor %}
-
-upstream https_default_backend {
-    server 127.0.0.1:443;
-}
-
-server {
-  listen 444;
-{% if ipv6 -%}
-  listen [::]:444;
-{% else -%}
-  #listen [::]:444;
-{% endif %}
-
-  proxy_pass $name;
-  ssl_preread on;
-
-  error_log /data/logs/ssl-passthrough-hosts_error.log warn;
-
-  # Custom
-  include /data/nginx/custom/server_ssl_passthrough[.]conf;
-}
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -3,7 +3,7 @@

 # This file assumes that the frontend has been built using ./scripts/frontend-build

-FROM nginxproxymanager/nginx-full:node
+FROM jc21/nginx-full:certbot-node

 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@ -25,7 +25,7 @@ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& rm -rf /var/lib/apt/lists/*

 # s6 overlay
-COPY scripts/install-s6 /tmp/install-s6
+COPY docker/scripts/install-s6 /tmp/install-s6
 RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6

 EXPOSE 80 81 443
@ -46,6 +46,11 @@ RUN rm -rf /etc/services.d/frontend /etc/nginx/conf.d/dev.conf
 # Change permission of logrotate config file
 RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager

+# fix for pip installs
+# https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1769
+RUN pip uninstall --yes setuptools \
+	&& pip install "setuptools==58.0.0"
+
 VOLUME [ "/data", "/etc/letsencrypt" ]
 ENTRYPOINT [ "/init" ]

--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -1,4 +1,4 @@
-FROM nginxproxymanager/nginx-full:node
+FROM jc21/nginx-full:certbot-node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"

 ENV S6_LOGGING=0 \
@ -7,7 +7,7 @@ ENV S6_LOGGING=0 \

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \
-	&& apt-get install -y certbot jq python3-pip logrotate \
+	&& apt-get install -y jq python3-pip logrotate \
 	&& apt-get clean \
 	&& rm -rf /var/lib/apt/lists/*

@ -21,9 +21,8 @@ RUN rm -f /etc/nginx/conf.d/production.conf
 RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager

 # s6 overlay
-RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
-	&& tar -xzf /tmp/s6-overlay-amd64.tar.gz -C /
+COPY scripts/install-s6 /tmp/install-s6
+RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6

 EXPOSE 80 81 443
 ENTRYPOINT [ "/init" ]
-
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -10,8 +10,7 @@ services:
    ports:
      - 3080:80
      - 3081:81
-      - 3443:443 # Ususally you would only have this one
-      - 3444:444 # This is to test ssl passthrough
+      - 3443:443
    networks:
      - nginx_proxy_manager
    environment:
@ -23,7 +22,6 @@ services:
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
-      # ENABLE_SSL_PASSTHROUGH: "true"
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # DISABLE_IPV6: "true"
    volumes:
@ -39,10 +37,10 @@ services:
  db:
    image: jc21/mariadb-aria
    container_name: npm_db
-    networks:
-      - nginx_proxy_manager
    ports:
      - 33306:3306
+    networks:
+      - nginx_proxy_manager
    environment:
      MYSQL_ROOT_PASSWORD: "npm"
      MYSQL_DATABASE: "npm"
@ -51,19 +49,6 @@ services:
    volumes:
      - db_data:/var/lib/mysql

-  swagger:
-    image: "swaggerapi/swagger-ui:latest"
-    container_name: npm_swagger
-    ports:
-      - 3001:80
-    networks:
-      - nginx_proxy_manager
-    environment:
-      URL: "http://127.0.0.1:3081/api/schema"
-      PORT: "80"
-    depends_on:
-      - npm
-
 volumes:
  npm_data:
    name: npm_core_data
--- a/docker/rootfs/etc/cont-finish.d/.gitignore
+++ b/docker/rootfs/etc/cont-finish.d/.gitignore
@ -1,2 +0,0 @@
-*
-!.gitignore
--- a/docker/rootfs/etc/cont-init.d/.gitignore
+++ b/docker/rootfs/etc/cont-init.d/.gitignore
@ -1,3 +0,0 @@
-*
-!.gitignore
-!*.sh
--- a/docker/rootfs/etc/cont-init.d/01_perms.sh
+++ b/docker/rootfs/etc/cont-init.d/01_perms.sh
@ -1,7 +0,0 @@
-#!/usr/bin/with-contenv bash
-set -e
-
-mkdir -p /data/logs
-echo "Changing ownership of /data/logs to $(id -u):$(id -g)"
-chown -R "$(id -u):$(id -g)" /data/logs
-
--- a/docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
+++ b/docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
@ -1,29 +0,0 @@
-#!/usr/bin/with-contenv bash
-# ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
-
-# in s6, environmental variables are written as text files for s6 to monitor
-# seach through full-path filenames for files ending in "__FILE"
-for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
-    echo "[secret-init] Evaluating ${FILENAME##*/} ..."
-
-    # set SECRETFILE to the contents of the full-path textfile
-    SECRETFILE=$(cat ${FILENAME})
-    # SECRETFILE=${FILENAME}
-    # echo "[secret-init] Set SECRETFILE to ${SECRETFILE}"  # DEBUG - rm for prod!
-
-    # if SECRETFILE exists / is not null
-    if [[ -f ${SECRETFILE} ]]; then
-        # strip the appended "__FILE" from environmental variable name ...
-        STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g") 
-        # echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
-        
-        # ... and set value to contents of secretfile
-        # since s6 uses text files, this is effectively "export ..."
-        printf $(cat ${SECRETFILE}) > ${STRIPFILE}
-        # echo "[secret-init] Set ${STRIPFILE##*/} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
-        echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
-
-    else
-        echo "[secret-init] cannot find secret in ${FILENAME}"
-    fi
-done
--- a/docker/rootfs/etc/fix-attrs.d/.gitignore
+++ b/docker/rootfs/etc/fix-attrs.d/.gitignore
@ -1,2 +0,0 @@
-*
-!.gitignore
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@ -3,3 +3,4 @@ non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
 key-type = ecdsa
 elliptic-curve = secp384r1
+preferred-chain = ISRG Root X1
--- a/docker/rootfs/etc/nginx/conf.d/default.conf
+++ b/docker/rootfs/etc/nginx/conf.d/default.conf
@ -30,11 +30,9 @@ server {
 	set $port "443";

 	server_name localhost;
-	access_log /data/logs/fallback-access.log standard;
+	access_log /data/logs/fallback_access.log standard;
 	error_log /dev/null crit;
-	ssl_certificate /data/nginx/dummycert.pem;
-	ssl_certificate_key /data/nginx/dummykey.pem;
-	include conf.d/include/ssl-ciphers.conf;
+	ssl_reject_handshake on;

 	return 444;
 }
--- a/docker/rootfs/etc/nginx/conf.d/include/assets.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/assets.conf
@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;

 	# use the public cache
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@ -2,7 +2,7 @@ add_header       X-Served-By $host;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-Scheme $scheme;
 proxy_set_header X-Forwarded-Proto  $scheme;
-proxy_set_header X-Forwarded-For    $remote_addr;
+proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
-proxy_pass       $forward_scheme://$server:$port;
+proxy_pass       $forward_scheme://$server:$port$request_uri;

--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -15,7 +15,7 @@ error_log /data/logs/fallback_error.log warn;
 include /etc/nginx/modules/*.conf;

 events {
-	worker_connections  1024;
+	include /data/nginx/custom/events[.]conf;
 }

 http {
@ -85,7 +85,6 @@ http {

 stream {
 	# Files generated by NPM
-	include /data/nginx/ssl_passthrough_host/hosts[.]conf;
 	include /data/nginx/stream/*.conf;

 	# Custom
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
@ -1,9 +1,9 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
+# shellcheck shell=bash

-mkdir -p /data/letsencrypt-acme-challenge
-
-cd /app || echo
+set -e

+echo "❯ Starting backend ..."
 if [ "$DEVELOPMENT" == "true" ]; then
 	cd /app || exit 1
 	# If yarn install fails: add --verbose --network-concurrency 1
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type
@ -0,0 +1 @@
+longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
@ -1,4 +1,7 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+set -e

 # This service is DEVELOPMENT only.

--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type
@ -0,0 +1 @@
+longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
@ -0,0 +1,7 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+set -e
+
+echo "❯ Starting nginx ..."
+exec nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type
@ -0,0 +1 @@
+longrun
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh
@ -0,0 +1,93 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+set -e
+
+DATA_PATH=/data
+
+# Ensure /data is mounted
+if [ ! -d "$DATA_PATH" ]; then
+	echo '--------------------------------------'
+	echo "ERROR: $DATA_PATH is not mounted! Check your docker configuration."
+	echo '--------------------------------------'
+	/run/s6/basedir/bin/halt
+	exit 1
+fi
+
+echo "❯ Checking folder structure ..."
+
+# Create required folders
+mkdir -p /tmp/nginx/body \
+	/run/nginx \
+	/var/log/nginx \
+	/data/nginx \
+	/data/custom_ssl \
+	/data/logs \
+	/data/access \
+	/data/nginx/default_host \
+	/data/nginx/default_www \
+	/data/nginx/proxy_host \
+	/data/nginx/redirection_host \
+	/data/nginx/stream \
+	/data/nginx/dead_host \
+	/data/nginx/temp \
+	/var/lib/nginx/cache/public \
+	/var/lib/nginx/cache/private \
+	/var/cache/nginx/proxy_temp \
+	/data/letsencrypt-acme-challenge
+
+touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
+chown root /tmp/nginx
+
+# Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
+# thanks @tfmm
+if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ];
+then
+	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+else
+	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+fi
+
+echo "Changing ownership of /data/logs to $(id -u):$(id -g)"
+chown -R "$(id -u):$(id -g)" /data/logs
+
+# Handle IPV6 settings
+/bin/handle-ipv6-setting /etc/nginx/conf.d
+/bin/handle-ipv6-setting /data/nginx
+
+# ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
+
+# in s6, environmental variables are written as text files for s6 to monitor
+# search through full-path filenames for files ending in "__FILE"
+echo "❯ Secrets-init ..."
+for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
+	echo "[secret-init] Evaluating ${FILENAME##*/} ..."
+
+	# set SECRETFILE to the contents of the full-path textfile
+	SECRETFILE=$(cat "${FILENAME}")
+	# if SECRETFILE exists / is not null
+	if [[ -f "${SECRETFILE}" ]]; then
+		# strip the appended "__FILE" from environmental variable name ...
+		STRIPFILE=$(echo "${FILENAME}" | sed "s/__FILE//g")
+		# echo "[secret-init] Set STRIPFILE to ${STRIPFILE}"  # DEBUG - rm for prod!
+
+		# ... and set value to contents of secretfile
+		# since s6 uses text files, this is effectively "export ..."
+		printf $(cat "${SECRETFILE}") > "${STRIPFILE}"
+		# echo "[secret-init] Set ${STRIPFILE##*/} to $(cat ${STRIPFILE})"  # DEBUG - rm for prod!"
+		echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
+
+	else
+		echo "[secret-init] cannot find secret in ${FILENAME}"
+	fi
+done
+
+echo
+echo "-------------------------------------
+ _   _ ____  __  __
+| \ | |  _ \|  \/  |
+|  \| | |_) | |\/| |
+| |\  |  __/| |  | |
+|_| \_|_|   |_|  |_|
+-------------------------------------
+"
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type
@ -0,0 +1 @@
+oneshot
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up
@ -0,0 +1,2 @@
+# shellcheck shell=bash
+/etc/s6-overlay/s6-rc.d/prepare/script.sh
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare
--- a/docker/rootfs/etc/services.d/frontend/finish
+++ b/docker/rootfs/etc/services.d/frontend/finish
@ -1,6 +0,0 @@
-#!/usr/bin/execlineb -S1
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }
-
-s6-svscanctl -t /var/run/s6/services
-
--- a/docker/rootfs/etc/services.d/manager/finish
+++ b/docker/rootfs/etc/services.d/manager/finish
@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-svscanctl -t /var/run/s6/services
--- a/docker/rootfs/etc/services.d/nginx/finish
+++ b/docker/rootfs/etc/services.d/nginx/finish
@ -1 +0,0 @@
-/bin/true
--- a/docker/rootfs/etc/services.d/nginx/run
+++ b/docker/rootfs/etc/services.d/nginx/run
@ -1,50 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Create required folders
-mkdir -p /tmp/nginx/body \
-	/run/nginx \
-	/var/log/nginx \
-	/data/nginx \
-	/data/custom_ssl \
-	/data/logs \
-	/data/access \
-	/data/nginx/default_host \
-	/data/nginx/default_www \
-	/data/nginx/proxy_host \
-	/data/nginx/redirection_host \
-	/data/nginx/ssl_passthrough_host \
-	/data/nginx/stream \
-	/data/nginx/dead_host \
-	/data/nginx/temp \
-	/var/lib/nginx/cache/public \
-	/var/lib/nginx/cache/private \
-	/var/cache/nginx/proxy_temp
-
-touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
-chown root /tmp/nginx
-
-# Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
-# thanks @tfmm
-echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf);" > /etc/nginx/conf.d/include/resolvers.conf
-
-# Generate dummy self-signed certificate.
-if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]
-then
-	echo "Generating dummy SSL certificate..."
-	openssl req \
-		-new \
-		-newkey rsa:2048 \
-		-days 3650 \
-		-nodes \
-		-x509 \
-		-subj '/O=localhost/OU=localhost/CN=localhost' \
-		-keyout /data/nginx/dummykey.pem \
-		-out /data/nginx/dummycert.pem
-	echo "Complete"
-fi
-
-# Handle IPV6 settings
-/bin/handle-ipv6-setting /etc/nginx/conf.d
-/bin/handle-ipv6-setting /data/nginx
-
-exec nginx
--- a/docker/scripts/install-s6
+++ b/docker/scripts/install-s6
@ -8,8 +8,8 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'

-S6_OVERLAY_VERSION=1.22.1.0
-TARGETPLATFORM=$1
+S6_OVERLAY_VERSION=3.1.4.1
+TARGETPLATFORM=${1:unspecified}

 # Determine the correct binary file for the architecture given
 case $TARGETPLATFORM in
@ -22,13 +22,17 @@ case $TARGETPLATFORM in
 		;;

 	*)
-		S6_ARCH=amd64
+		S6_ARCH=x86_64
 		;;
 esac

 echo -e "${BLUE}❯ ${CYAN}Installing S6-overlay v${S6_OVERLAY_VERSION} for ${YELLOW}${TARGETPLATFORM} (${S6_ARCH})${RESET}"

-curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.gz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.gz" \
-	&& tar -xzf "/tmp/s6-overlay-${S6_ARCH}.tar.gz" -C /
+curl -L -o '/tmp/s6-overlay-noarch.tar.xz' "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz"
+curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.xz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz"
+tar -C / -Jxpf '/tmp/s6-overlay-noarch.tar.xz'
+tar -C / -Jxpf "/tmp/s6-overlay-${S6_ARCH}.tar.xz"
+
+rm -rf "/tmp/s6-overlay-${S6_ARCH}.tar.xz"

 echo -e "${BLUE}❯ ${GREEN}S6-overlay install Complete${RESET}"
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@ -18,8 +18,8 @@ services running on this Docker host:
 ```yml
 networks:
  default:
-    external:
-      name: scoobydoo
+    external: true
+    name: scoobydoo
 ```

 Let's look at a Portainer example:
@ -38,8 +38,8 @@ services:

 networks:
  default:
-    external:
-      name: scoobydoo
+    external: true
+    name: scoobydoo
 ```

 Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
@ -151,6 +151,7 @@ You can add your custom configuration snippet files at `/data/nginx/custom` as f
 - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
 - `/data/nginx/custom/http_top.conf`: Included at the top of the main http block
 - `/data/nginx/custom/http.conf`: Included at the end of the main http block
+ - `/data/nginx/custom/events.conf`: Included at the end of the events block
 - `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
 - `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
 - `/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
@ -172,28 +173,3 @@ value by specifying it as a Docker environment variable. The default if not spec
    X_FRAME_OPTIONS: "sameorigin"
  ...
 ```
-
-## SSL Passthrough
-
-SSL Passthrough will allow you to proxy a server without [SSL termination](https://en.wikipedia.org/wiki/TLS_termination_proxy). This means the SSL encryption of the server will be passed right through the proxy, retaining the original certificate.  
-
-Because of the SSL encryption the proxy does not know anything about the traffic and it just relies on an SSL feature called [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication) to know where to send this network packet. This also means if the client does not provide this additional information, accessing the site through the proxy won't be possible. But most modern browsers include this information a HTTPS requests.
-
-Due to nginx constraints using SSL Passthrough comes with **a performance penalty for other hosts**, since all hosts (including normal proxy hosts) now have to pass through this additional step and basically being proxied twice. If you want to retain the upstream SSL certificate but do not need your service to be available on port 443, it is recommended to use a stream host instead.
-
-To enable SSL Passthrough on your npm instance you need to do two things: add the environment variable `ENABLE_SSL_PASSTHROUGH` with the value `"true"`, and expose port 444 instead of 443 to the outside as port 443.
-
-```yml
-version: '3'
-services:
-  app:
-    ...
-    ports:
-      - '80:80'
-      - '81:81'
-      - '443:444' # Expose internal port 444 instead of 443 as SSL port
-    environment:
-      ...
-      ENABLE_SSL_PASSTHROUGH: "true" # Enable SSL Passthrough
-    ...
-```
--- a/docs/faq/README.md
+++ b/docs/faq/README.md
@ -21,3 +21,6 @@ Your best bet is to ask the [Reddit community for support](https://www.reddit.co

 Gitter is best left for anyone contributing to the project to ask for help about internals, code reviews etc.

+## When adding username and password access control to a proxy host, I can no longer login into the app.
+
+Having an Access Control List (ACL) with username and password requires the browser to always send this username and password in the `Authorization` header on each request. If your proxied app also requires authentication (like Nginx Proxy Manager itself), most likely the app will also use the `Authorization` header to transmit this information, as this is the standardized header meant for this kind of information. However having multiples of the same headers is not allowed in the [internet standard](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2) and almost all apps do not support multiple values in the `Authorization` header. Hence one of the two logins will be broken. This can only be fixed by either removing one of the logins or by changing the app to use other non-standard headers for authorization.
--- a/docs/package.json
+++ b/docs/package.json
@ -16,7 +16,7 @@
    "alphanum-sort": "^1.0.2",
    "ansi-colors": "^4.1.1",
    "ansi-escapes": "^4.3.1",
-    "ansi-html": "^0.0.7",
+    "ansi-html": "^0.0.8",
    "ansi-regex": "^5.0.0",
    "ansi-styles": "^4.2.1",
    "anymatch": "^3.1.1",
@ -213,7 +213,7 @@
    "etag": "^1.8.1",
    "eventemitter3": "^4.0.4",
    "events": "^3.2.0",
-    "eventsource": "^1.0.7",
+    "eventsource": "^2.0.2",
    "evp_bytestokey": "^1.0.3",
    "execa": "^4.0.3",
    "expand-brackets": "^4.0.0",
@ -357,7 +357,7 @@
    "jsbn": "^1.1.0",
    "jsesc": "^3.0.1",
    "json-parse-better-errors": "^1.0.2",
-    "json-schema": "^0.2.5",
+    "json-schema": "^0.4.0",
    "json-schema-traverse": "^0.4.1",
    "json-stringify-safe": "^5.0.1",
    "json3": "^3.3.3",
@ -394,7 +394,7 @@
    "map-age-cleaner": "^0.1.3",
    "map-cache": "^0.2.2",
    "map-visit": "^1.0.0",
-    "markdown-it": "^11.0.0",
+    "markdown-it": "^12.3.2",
    "markdown-it-anchor": "^5.3.0",
    "markdown-it-chain": "^1.3.0",
    "markdown-it-container": "^3.0.0",
@ -434,7 +434,7 @@
    "neo-async": "^2.6.2",
    "nice-try": "^2.0.1",
    "no-case": "^3.0.3",
-    "node-forge": "^0.10.0",
+    "node-forge": "^1.0.0",
    "node-libs-browser": "^2.2.1",
    "node-releases": "^1.1.60",
    "nopt": "^4.0.3",
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@ -1,6 +1,44 @@
 # Full Setup Instructions

-## MySQL Database
+## Running the App
+
+Create a `docker-compose.yml` file:
+
+```yml
+version: "3"
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      # These ports are in format <host-port>:<container-port>
+      - '80:80' # Public HTTP Port
+      - '443:443' # Public HTTPS Port
+      - '81:81' # Admin Web Port
+      # Add any other Stream port you want to expose
+      # - '21:21' # FTP
+
+    # Uncomment the next line if you uncomment anything in the section
+    # environment:
+      # Uncomment this if you want to change the location of 
+      # the SQLite DB file within the container
+      # DB_SQLITE_FILE: "/data/database.sqlite"
+
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
+
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+```
+
+Then:
+
+```bash
+docker-compose up -d
+```
+
+## Using MySQL / MariaDB Database

 If you opt for the MySQL configuration you will have to provide the database server yourself. You can also use MariaDB. Here are the minimum supported versions:

@ -10,15 +48,7 @@ If you opt for the MySQL configuration you will have to provide the database ser
 It's easy to use another docker container for your database also and link it as part of the docker stack, so that's what the following examples
 are going to use.

-::: warning
-
-When using a `mariadb` database, the NPM configuration file should still use the `mysql` engine!
-
-:::
-
-## Running the App
-
-Via `docker-compose`:
+Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:

 ```yml
 version: "3"
@ -27,24 +57,18 @@ services:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
-      # Public HTTP Port:
-      - '80:80'
-      # Public HTTPS Port:
-      - '443:443'
-      # Admin Web Port:
-      - '81:81'
+      # These ports are in format <host-port>:<container-port>
+      - '80:80' # Public HTTP Port
+      - '443:443' # Public HTTPS Port
+      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
-      # These are the settings to access your db
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
-      # If you would rather use Sqlite uncomment this
-      # and remove all DB_MYSQL_* lines above
-      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
@ -52,6 +76,7 @@ services:
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
+
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
@ -64,13 +89,11 @@ services:
      - ./data/mysql:/var/lib/mysql
 ```

-_Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use Sqlite._
+::: warning

-Then:
+Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use SQLite.

-```bash
-docker-compose up -d
-```
+:::

 ## Running on Raspberry PI / ARM devices

@ -84,62 +107,12 @@ you don't have to worry about doing anything special and you can follow the comm

 Check out the [dockerhub tags](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags)
 for a list of supported architectures and if you want one that doesn't exist,
-[create a feature request](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
+[create a feature request](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).

 Also, if you don't know how to already, follow [this guide to install docker and docker-compose](https://manre-universe.net/how-to-run-docker-and-docker-compose-on-raspbian/)
 on Raspbian.

-Via `docker-compose`:
-
-```yml
-version: "3"
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    ports:
-      # Public HTTP Port:
-      - '80:80'
-      # Public HTTPS Port:
-      - '443:443'
-      # Admin Web Port:
-      - '81:81'
-    environment:
-      # These are the settings to access your db
-      DB_MYSQL_HOST: "db"
-      DB_MYSQL_PORT: 3306
-      DB_MYSQL_USER: "changeuser"
-      DB_MYSQL_PASSWORD: "changepass"
-      DB_MYSQL_NAME: "npm"
-      # If you would rather use Sqlite uncomment this
-      # and remove all DB_MYSQL_* lines above
-      # DB_SQLITE_FILE: "/data/database.sqlite"
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-    volumes:
-      - ./data/nginx-proxy-manager:/data
-      - ./letsencrypt:/etc/letsencrypt
-    depends_on:
-      - db
-  db:
-    image: yobasystems/alpine-mariadb:latest
-    restart: unless-stopped
-    environment:
-      MYSQL_ROOT_PASSWORD: "changeme"
-      MYSQL_DATABASE: "npm"
-      MYSQL_USER: "changeuser"
-      MYSQL_PASSWORD: "changepass"
-    volumes:
-      - ./data/mariadb:/var/lib/mysql
-```
-
-_Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` var>
-
-Then:
-
-```bash
-docker-compose up -d
-```
+Please note that the `jc21/mariadb-aria:latest` image might have some problems on some ARM devices, if you want a separate database container, use the `yobasystems/alpine-mariadb:latest` image.

 ## Initial Run

--- a/docs/third-party/README.md
+++ b/docs/third-party/README.md
@ -1,6 +1,6 @@
 # Third Party

-As this software gains popularity it's common to see it integrated with other platforms. Please be aware that unless specifically mentioned in the documenation of those
+As this software gains popularity it's common to see it integrated with other platforms. Please be aware that unless specifically mentioned in the documentation of those
 integrations, they are *not supported* by me.

 Known integrations:
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -967,6 +967,51 @@
    lodash "^4.17.19"
    to-fast-properties "^2.0.0"

+"@jridgewell/gen-mapping@^0.3.0":
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz#c1aedc61e853f2bb9f5dfe6d4442d3b565b253b9"
+  integrity sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==
+  dependencies:
+    "@jridgewell/set-array" "^1.0.1"
+    "@jridgewell/sourcemap-codec" "^1.4.10"
+    "@jridgewell/trace-mapping" "^0.3.9"
+
+"@jridgewell/resolve-uri@^3.0.3":
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78"
+  integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==
+
+"@jridgewell/set-array@^1.0.1":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@jridgewell/set-array/-/set-array-1.1.2.tgz#7c6cf998d6d20b914c0a55a91ae928ff25965e72"
+  integrity sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==
+
+"@jridgewell/source-map@^0.3.2":
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/@jridgewell/source-map/-/source-map-0.3.2.tgz#f45351aaed4527a298512ec72f81040c998580fb"
+  integrity sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==
+  dependencies:
+    "@jridgewell/gen-mapping" "^0.3.0"
+    "@jridgewell/trace-mapping" "^0.3.9"
+
+"@jridgewell/sourcemap-codec@^1.4.10":
+  version "1.4.14"
+  resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24"
+  integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==
+
+"@jridgewell/trace-mapping@^0.3.9":
+  version "0.3.14"
+  resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz#b231a081d8f66796e475ad588a1ef473112701ed"
+  integrity sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==
+  dependencies:
+    "@jridgewell/resolve-uri" "^3.0.3"
+    "@jridgewell/sourcemap-codec" "^1.4.10"
+
+"@leichtgewicht/ip-codec@^2.0.1":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz#b2ac626d6cb9c8718ab459166d4bb405b8ffa78b"
+  integrity sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A==
+
 "@mrmlnc/readdir-enhanced@^2.2.1":
  version "2.2.1"
  resolved "https://registry.yarnpkg.com/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz#524af240d1a360527b730475ecfa1344aa540dde"
@ -1478,13 +1523,13 @@ abbrev@1, abbrev@^1.1.1:
  resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
  integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==

-accepts@^1.3.7, accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
-  version "1.3.7"
-  resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
-  integrity sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==
+accepts@^1.3.7, accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8:
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e"
+  integrity sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==
  dependencies:
-    mime-types "~2.1.24"
-    negotiator "0.6.2"
+    mime-types "~2.1.34"
+    negotiator "0.6.3"

 acorn@^6.4.1:
  version "6.4.1"
@ -1496,6 +1541,11 @@ acorn@^7.4.0:
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c"
  integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==

+acorn@^8.5.0:
+  version "8.7.1"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30"
+  integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==
+
 agentkeepalive@^2.2.0:
  version "2.2.0"
  resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-2.2.0.tgz#c5d1bd4b129008f1163f236f86e5faea2026e2ef"
@ -1608,11 +1658,16 @@ ansi-escapes@^4.1.0, ansi-escapes@^4.2.1, ansi-escapes@^4.3.1:
  dependencies:
    type-fest "^0.11.0"

-ansi-html@0.0.7, ansi-html@^0.0.7:
+ansi-html@0.0.7:
  version "0.0.7"
  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.7.tgz#813584021962a9e9e6fd039f940d12f56ca7859e"
  integrity sha1-gTWEAhliqenm/QOflA0S9WynhZ4=

+ansi-html@^0.0.8:
+  version "0.0.8"
+  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.8.tgz#e969db193b12bcdfa6727b29ffd8882dc13cc501"
+  integrity sha512-QROYz1I1Kj+8bTYgx0IlMBpRSCIU+7GjbE0oH+KF7QKc+qSF8YAlIutN59Db17tXN70Ono9upT9Ht0iG93W7ug==
+
 ansi-regex@^2.0.0:
  version "2.1.1"
  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
@ -1686,6 +1741,11 @@ argparse@^1.0.10, argparse@^1.0.7:
  dependencies:
    sprintf-js "~1.0.2"

+argparse@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
+  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
+
 arr-diff@^4.0.0:
  version "4.0.0"
  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
@ -1830,9 +1890,9 @@ async@^2.6.2:
    lodash "^4.17.14"

 async@^3.2.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/async/-/async-3.2.0.tgz#b3a2685c5ebb641d3de02d161002c60fc9f85720"
-  integrity sha512-TR2mEZFVOj2pLStYxLht7TyfuRzaydfpxr3k9RpHIzMgw7A64dzsdqCxH1WJyQdoe8T10nDXd9wnEigmiuHIZw==
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/async/-/async-3.2.2.tgz#2eb7671034bb2194d45d30e31e24ec7e7f9670cd"
+  integrity sha512-H0E+qZaDEfx/FY4t7iLRv1W2fFI6+pyCeTw1uN20AQPiwqwM6ojPxHxdLv4z8hi2DtnW9BOckSspLucW7pIE5g==

 asynckit@^0.4.0:
  version "0.4.0"
@ -2010,21 +2070,21 @@ bn.js@^5.1.1, bn.js@^5.1.2:
  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.1.2.tgz#c9686902d3c9a27729f43ab10f9d79c2004da7b0"
  integrity sha512-40rZaf3bUNKTVYu9sIeeEGOg7g14Yvnj9kH7b50EiwX0Q7A6umbvfI5tvHaOERH0XigqKkfLkFQxzb4e6CIXnA==

-body-parser@1.19.0, body-parser@^1.19.0:
-  version "1.19.0"
-  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
-  integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==
+body-parser@1.19.2, body-parser@^1.19.0:
+  version "1.19.2"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.2.tgz#4714ccd9c157d44797b8b5607d72c0b89952f26e"
+  integrity sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.2"
    content-type "~1.0.4"
    debug "2.6.9"
    depd "~1.1.2"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    on-finished "~2.3.0"
-    qs "6.7.0"
-    raw-body "2.4.0"
-    type-is "~1.6.17"
+    qs "6.9.7"
+    raw-body "2.4.3"
+    type-is "~1.6.18"

 bonjour@^3.5.0:
  version "3.5.0"
@ -2224,6 +2284,11 @@ bytes@3.1.0, bytes@^3.1.0:
  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
  integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==

+bytes@3.1.2:
+  version "3.1.2"
+  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5"
+  integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==
+
 cac@^6.5.6, cac@^6.6.1:
  version "6.6.1"
  resolved "https://registry.yarnpkg.com/cac/-/cac-6.6.1.tgz#3dde3f6943f45d42a56729ea3573c08b3e7b6a6d"
@ -2339,6 +2404,14 @@ cacheable-request@^6.0.0:
    normalize-url "^4.1.0"
    responselike "^1.0.2"

+call-bind@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c"
+  integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==
+  dependencies:
+    function-bind "^1.1.1"
+    get-intrinsic "^1.0.2"
+
 call-me-maybe@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.1.tgz#26d208ea89e37b5cbde60250a15f031c16a4d66b"
@ -2791,12 +2864,12 @@ constants-browserify@^1.0.0:
  resolved "https://registry.yarnpkg.com/constants-browserify/-/constants-browserify-1.0.0.tgz#c20b96d8c617748aaf1c16021760cd27fcb8cb75"
  integrity sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U=

-content-disposition@0.5.3, content-disposition@^0.5.3:
-  version "0.5.3"
-  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.3.tgz#e130caf7e7279087c5616c2007d0485698984fbd"
-  integrity sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==
+content-disposition@0.5.4, content-disposition@^0.5.3:
+  version "0.5.4"
+  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe"
+  integrity sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==
  dependencies:
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"

 content-type@^1.0.4, content-type@~1.0.4:
  version "1.0.4"
@ -2820,15 +2893,10 @@ cookie-signature@^1.1.0:
  resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.1.0.tgz#cc94974f91fb9a9c1bb485e95fc2b7f4b120aff2"
  integrity sha512-Alvs19Vgq07eunykd3Xy2jF0/qSNv2u7KDbAek9H5liV1UMijbqFs5cycZvv5dVsvseT/U4H8/7/w8Koh35C4A==

-cookie@0.4.0:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
-  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
-
-cookie@^0.4.1:
-  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
-  integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
+cookie@0.4.2, cookie@^0.4.1:
+  version "0.4.2"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432"
+  integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==

 copy-concurrently@^1.0.0, copy-concurrently@^1.0.5:
  version "1.0.5"
@ -3279,9 +3347,9 @@ decamelize@^4.0.0:
  integrity sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==

 decode-uri-component@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
-  integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.1.tgz#e9d7afd716fc1a7ec6ae7cc0aa3e540a1eac2e9d"
+  integrity sha512-XZHyaFJ6QMWhYmlz+UcmtaLeecNiXwkTGzCqG5WByt+1P1HnU6Siwf0TeP3OsZmlnGqQRSEMIxue0LLCaGY3dw==

 decompress-response@^3.3.0:
  version "3.3.0"
@ -3501,11 +3569,11 @@ dns-packet@^4.0.0:
    safe-buffer "^5.1.1"

 dns-packet@^5.2.1:
-  version "5.2.2"
-  resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.2.2.tgz#e4c7d12974cc320b0c0d4b9bbbf68ac151cfe81e"
-  integrity sha512-sQN+vLwC3PvOXiCH/oHcdzML2opFeIdVh8gjjMZrM45n4dR80QF6o3AzInQy6F9Eoc0VJYog4JpQTilt4RFLYQ==
+  version "5.4.0"
+  resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.4.0.tgz#1f88477cf9f27e78a213fb6d118ae38e759a879b"
+  integrity sha512-EgqGeaBB8hLiHLZtp/IbaDQTL8pZ0+IvwzSHA6d7VyMDM+B9hgddEMa9xjK5oYnw0ci0JQ6g2XCD7/f6cafU6g==
  dependencies:
-    ip "^1.1.5"
+    "@leichtgewicht/ip-codec" "^2.0.1"

 dns-txt@^2.0.2:
  version "2.0.2"
@ -3744,10 +3812,10 @@ entities@^1.1.1, entities@~1.1.1:
  resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56"
  integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w==

-entities@^2.0.0, entities@^2.0.3, entities@~2.0.0:
-  version "2.0.3"
-  resolved "https://registry.yarnpkg.com/entities/-/entities-2.0.3.tgz#5c487e5742ab93c15abb5da22759b8590ec03b7f"
-  integrity sha512-MyoZ0jgnLvB2X3Lg5HqpFmn1kybDiIfEQmKzTb5apr51Rb+T3KdmMiqa70T+bhGnyv7bQ6WMj2QMHpGMmlrUYQ==
+entities@^2.0.0, entities@^2.0.3, entities@~2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/entities/-/entities-2.1.0.tgz#992d3129cf7df6870b96c57858c249a120f8b8b5"
+  integrity sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==

 envify@^4.0.0, envify@^4.1.0:
  version "4.1.0"
@ -3925,6 +3993,11 @@ eventsource@^1.0.7:
  dependencies:
    original "^1.0.0"

+eventsource@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-2.0.2.tgz#76dfcc02930fb2ff339520b6d290da573a9e8508"
+  integrity sha512-IzUmBGPR3+oUG9dUeXynyNmf91/3zUSJg1lCktzKw47OXuhco54U3r9B7O4XX+Rb1Itm9OZ2b0RkTs10bICOxA==
+
 evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02"
@ -3985,16 +4058,16 @@ expand-brackets@^4.0.0:
    to-regex "^3.0.1"

 express@^4.17.1:
-  version "4.17.1"
-  resolved "https://registry.yarnpkg.com/express/-/express-4.17.1.tgz#4491fc38605cf51f8629d39c2b5d026f98a4c134"
-  integrity sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==
+  version "4.17.3"
+  resolved "https://registry.yarnpkg.com/express/-/express-4.17.3.tgz#f6c7302194a4fb54271b73a1fe7a06478c8f85a1"
+  integrity sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==
  dependencies:
-    accepts "~1.3.7"
+    accepts "~1.3.8"
    array-flatten "1.1.1"
-    body-parser "1.19.0"
-    content-disposition "0.5.3"
+    body-parser "1.19.2"
+    content-disposition "0.5.4"
    content-type "~1.0.4"
-    cookie "0.4.0"
+    cookie "0.4.2"
    cookie-signature "1.0.6"
    debug "2.6.9"
    depd "~1.1.2"
@ -4008,13 +4081,13 @@ express@^4.17.1:
    on-finished "~2.3.0"
    parseurl "~1.3.3"
    path-to-regexp "0.1.7"
-    proxy-addr "~2.0.5"
-    qs "6.7.0"
+    proxy-addr "~2.0.7"
+    qs "6.9.7"
    range-parser "~1.2.1"
-    safe-buffer "5.1.2"
-    send "0.17.1"
-    serve-static "1.14.1"
-    setprototypeof "1.1.1"
+    safe-buffer "5.2.1"
+    send "0.17.2"
+    serve-static "1.14.2"
+    setprototypeof "1.2.0"
    statuses "~1.5.0"
    type-is "~1.6.18"
    utils-merge "1.0.1"
@ -4112,6 +4185,13 @@ fast-json-stable-stringify@^2.0.0, fast-json-stable-stringify@^2.1.0:
  resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
  integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==

+fast-xml-parser@^3.19.0:
+  version "3.21.1"
+  resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz#152a1d51d445380f7046b304672dd55d15c9e736"
+  integrity sha512-FTFVjYoBOZTJekiUsawGsSYV9QL0A+zDYCRj7y34IO6Jg+2IMYEtQa+bbictpdpV8dHxXywqU7C0gRDEOFtBFg==
+  dependencies:
+    strnum "^1.0.4"
+
 fastq@^1.6.0:
  version "1.8.0"
  resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.8.0.tgz#550e1f9f59bbc65fe185cb6a9b4d95357107f481"
@ -4254,9 +4334,9 @@ flush-write-stream@^2.0.0:
    readable-stream "^3.1.1"

 follow-redirects@^1.0.0, follow-redirects@^1.12.1:
-  version "1.12.1"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.12.1.tgz#de54a6205311b93d60398ebc01cf7015682312b6"
-  integrity sha512-tmRv0AVuR7ZyouUHLeNSiO6pqulF7dYa3s19c6t+wz9LD69/uSzdMxJ2S91nTI9U3rt/IldxpzMOFejp6f0hjg==
+  version "1.14.8"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.8.tgz#016996fb9a11a100566398b1c6839337d7bfa8fc"
+  integrity sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==

 for-in@^1.0.2:
  version "1.0.2"
@ -4291,7 +4371,12 @@ form-data@~2.3.2:
    combined-stream "^1.0.6"
    mime-types "^2.1.12"

-forwarded@^0.1.2, forwarded@~0.1.2:
+forwarded@0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811"
+  integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==
+
+forwarded@^0.1.2:
  version "0.1.2"
  resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.1.2.tgz#98c23dab1175657b8c0573e8ceccd91b0ff18c84"
  integrity sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=
@ -4385,6 +4470,15 @@ get-caller-file@^2.0.1, get-caller-file@^2.0.5:
  resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
  integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==

+get-intrinsic@^1.0.2:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.0.tgz#7ad1dc0535f3a2904bba075772763e5051f6d05f"
+  integrity sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==
+  dependencies:
+    function-bind "^1.1.1"
+    has "^1.0.3"
+    has-symbols "^1.0.3"
+
 get-stream@^4.0.0, get-stream@^4.1.0:
  version "4.1.0"
  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-4.1.0.tgz#c1b255575f3dc21d59bfc79cd3d2b46b1c3a54b5"
@ -4638,6 +4732,11 @@ has-symbols@^1.0.0, has-symbols@^1.0.1:
  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8"
  integrity sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==

+has-symbols@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
+  integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==
+
 has-value@^0.3.1:
  version "0.3.1"
  resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f"
@ -4839,27 +4938,16 @@ htmlparser2@^4.1.0:
    entities "^2.0.0"

 http-cache-semantics@^4.0.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz#49e91c5cbf36c9b94bcfcd71c23d5249ec74e390"
-  integrity sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz#abe02fcb2985460bf0323be664436ec3476a6d5a"
+  integrity sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==

 http-deceiver@^1.2.7:
  version "1.2.7"
  resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87"
  integrity sha1-+nFolEq5pRnTN8sL7HKE3D5yPYc=

-http-errors@1.7.2:
-  version "1.7.2"
-  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
-  integrity sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==
-  dependencies:
-    depd "~1.1.2"
-    inherits "2.0.3"
-    setprototypeof "1.1.1"
-    statuses ">= 1.5.0 < 2"
-    toidentifier "1.0.0"
-
-http-errors@1.7.3, http-errors@~1.7.2:
+http-errors@1.7.3:
  version "1.7.3"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06"
  integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==
@ -4870,6 +4958,17 @@ http-errors@1.7.3, http-errors@~1.7.2:
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.0"

+http-errors@1.8.1:
+  version "1.8.1"
+  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c"
+  integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==
+  dependencies:
+    depd "~1.1.2"
+    inherits "2.0.4"
+    setprototypeof "1.2.0"
+    statuses ">= 1.5.0 < 2"
+    toidentifier "1.0.1"
+
 http-errors@^1.8.0:
  version "1.8.0"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.0.tgz#75d1bbe497e1044f51e4ee9e704a62f28d336507"
@ -5530,11 +5629,11 @@ is-svg@^3.0.0:
    html-comment-regex "^1.1.0"

 is-svg@^4.2.1:
-  version "4.2.2"
-  resolved "https://registry.yarnpkg.com/is-svg/-/is-svg-4.2.2.tgz#a4ea0f3f78dada7085db88f1e85b6f845626cfae"
-  integrity sha512-JlA7Mc7mfWjdxxTkJ094oUK9amGD7gQaj5xA/NCY0vlVvZ1stmj4VX+bRuwOMN93IHRZ2ctpPH/0FO6DqvQ5Rw==
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/is-svg/-/is-svg-4.3.0.tgz#3e46a45dcdb2780e42a3c8538154d7f7bfc07216"
+  integrity sha512-Np3TOGLVr0J27VDaS/gVE7bT45ZcSmX4pMmMTsPjqO8JY383fuPIcWmZr3QsHVWhqhZWxSdmW+tkkl3PWOB0Nw==
  dependencies:
-    html-comment-regex "^1.1.2"
+    fast-xml-parser "^3.19.0"

 is-symbol@^1.0.2, is-symbol@^1.0.3:
  version "1.0.3"
@ -5714,10 +5813,10 @@ json-schema@0.2.3:
  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
  integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=

-json-schema@^0.2.5:
-  version "0.2.5"
-  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.5.tgz#97997f50972dd0500214e208c407efa4b5d7063b"
-  integrity sha512-gWJOWYFrhQ8j7pVm0EM8Slr+EPVq1Phf6lvzvD/WCeqkrx/f2xBI0xOsRRS9xCn3I4vKtP519dvs3TP09r24wQ==
+json-schema@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5"
+  integrity sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==

 json-stringify-safe@^5.0.1, json-stringify-safe@~5.0.1:
  version "5.0.1"
@ -5742,11 +5841,9 @@ json5@^1.0.1:
    minimist "^1.2.0"

 json5@^2.1.2, json5@^2.1.3:
-  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-2.1.3.tgz#c9b0f7fa9233bfe5807fe66fcf3a5617ed597d43"
-  integrity sha512-KXPvOm8K9IJKFM0bmdn8QXh7udDh1g/giieX0NLCaMnb4hEiVFqnop2ImTXCc5e0/oHz3LTqmHGtExn5hfMkOA==
-  dependencies:
-    minimist "^1.2.5"
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.2.tgz#64471c5bdcc564c18f7c1d4df2e2297f2457c5ab"
+  integrity sha512-46Tk9JiOL2z7ytNQWFLpj99RZkVgeHf87yGQKsIkaPz1qSH9UczKH1rO7K3wgRselo0tYMUNfecYpm/p1vC7tQ==

 jsonfile@^4.0.0:
  version "4.0.0"
@ -5915,9 +6012,9 @@ loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^1.4
    json5 "^1.0.1"

 loader-utils@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.0.tgz#e4cace5b816d425a166b5f097e10cd12b36064b0"
-  integrity sha512-rP4F0h2RaWSvPEkD7BLDFQnvSf+nK+wr3ESUjNTyAGobqrijmW92zc+SO6d4p4B1wh7+B/Jg1mkQe5NYUEHtHQ==
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c"
+  integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==
  dependencies:
    big.js "^5.2.2"
    emojis-list "^3.0.0"
@ -6135,13 +6232,13 @@ markdown-it-table-of-contents@^0.4.0, markdown-it-table-of-contents@^0.4.4:
  resolved "https://registry.yarnpkg.com/markdown-it-table-of-contents/-/markdown-it-table-of-contents-0.4.4.tgz#3dc7ce8b8fc17e5981c77cc398d1782319f37fbc"
  integrity sha512-TAIHTHPwa9+ltKvKPWulm/beozQU41Ab+FIefRaQV1NRnpzwcV9QOe6wXQS5WLivm5Q/nlo0rl6laGkMDZE7Gw==

-markdown-it@^11.0.0:
-  version "11.0.0"
-  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-11.0.0.tgz#dbfc30363e43d756ebc52c38586b91b90046b876"
-  integrity sha512-+CvOnmbSubmQFSA9dKz1BRiaSMV7rhexl3sngKqFyXSagoA3fBdJQ8oZWtRy2knXdpDXaBw44euz37DeJQ9asg==
+markdown-it@^12.3.2:
+  version "12.3.2"
+  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-12.3.2.tgz#bf92ac92283fe983fe4de8ff8abfb5ad72cd0c90"
+  integrity sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==
  dependencies:
-    argparse "^1.0.7"
-    entities "~2.0.0"
+    argparse "^2.0.1"
+    entities "~2.1.0"
    linkify-it "^3.0.1"
    mdurl "^1.0.1"
    uc.micro "^1.0.5"
@ -6296,6 +6393,11 @@ mime-db@1.44.0, "mime-db@>= 1.43.0 < 2", mime-db@^1.44.0:
  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.44.0.tgz#fa11c5eb0aca1334b4233cb4d52f10c5a6272f92"
  integrity sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==

+mime-db@1.52.0:
+  version "1.52.0"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
+  integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
+
 mime-types@^2.1.12, mime-types@^2.1.26, mime-types@^2.1.27, mime-types@~2.1.17, mime-types@~2.1.19, mime-types@~2.1.24:
  version "2.1.27"
  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.27.tgz#47949f98e279ea53119f5722e0f34e529bec009f"
@ -6303,6 +6405,13 @@ mime-types@^2.1.12, mime-types@^2.1.26, mime-types@^2.1.27, mime-types@~2.1.17,
  dependencies:
    mime-db "1.44.0"

+mime-types@~2.1.34:
+  version "2.1.35"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a"
+  integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
+  dependencies:
+    mime-db "1.52.0"
+
 mime@1.6.0:
  version "1.6.0"
  resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
@ -6373,9 +6482,9 @@ minimatch@^3.0.4:
    brace-expansion "^1.1.7"

 minimist@^1.2.0, minimist@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
+  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==

 minipass-collect@^1.0.2:
  version "1.0.2"
@ -6492,10 +6601,10 @@ ms@2.0.0:
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
  integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=

-ms@2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
-  integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==
+ms@2.1.3:
+  version "2.1.3"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==

 ms@^2.0.0, ms@^2.1.1, ms@^2.1.2:
  version "2.1.2"
@ -6555,7 +6664,12 @@ nanomatch@^1.2.13, nanomatch@^1.2.9:
    snapdragon "^0.8.1"
    to-regex "^3.0.1"

-negotiator@0.6.2, negotiator@^0.6.2:
+negotiator@0.6.3:
+  version "0.6.3"
+  resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd"
+  integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
+
+negotiator@^0.6.2:
  version "0.6.2"
  resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.2.tgz#feacf7ccf525a77ae9634436a64883ffeca346fb"
  integrity sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==
@ -6595,10 +6709,10 @@ node-forge@0.9.0:
  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.9.0.tgz#d624050edbb44874adca12bb9a52ec63cb782579"
  integrity sha512-7ASaDa3pD+lJ3WvXFsxekJQelBKRpne+GOVbLbtHYdd7pFspyeuJHnWfLplGf3SwKGbfs/aYl5V/JCIaHVUKKQ==

-node-forge@^0.10.0:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+node-forge@^1.0.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.0.tgz#37a874ea723855f37db091e6c186e5b67a01d4b2"
+  integrity sha512-08ARB91bUi6zNKzVmaj3QO7cr397uiDT2nJ63cHjyNtCTWIgvS47j3eT0WfzUwS9+6Z5YshRaoasFkXCKrIYbA==

 node-libs-browser@^2.2.1:
  version "2.2.1"
@ -6776,6 +6890,11 @@ object-inspect@^1.7.0, object-inspect@^1.8.0:
  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.8.0.tgz#df807e5ecf53a609cc6bfe93eac3cc7be5b3a9d0"
  integrity sha512-jLdtEOB112fORuypAyl/50VRVIBIdVQOSUUGQHzJ4xBSbit81zRarz7GThkEFZy1RceYrWYcPcBFPQwHyAc1gA==

+object-inspect@^1.9.0:
+  version "1.12.3"
+  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9"
+  integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==
+
 object-is@^1.0.1, object-is@^1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.2.tgz#c5d2e87ff9e119f78b7a088441519e2eec1573b6"
@ -7659,9 +7778,9 @@ postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.14, postcss@^7.0.26, postcss@^7.0.2
    supports-color "^6.1.0"

 postcss@^8.2.10:
-  version "8.2.10"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.2.10.tgz#ca7a042aa8aff494b334d0ff3e9e77079f6f702b"
-  integrity sha512-b/h7CPV7QEdrqIxtAf2j31U5ef05uBDuvoXv6L51Q4rcS1jdlXAVKJv+atCFdUXYl9dyTHGyoMzIepwowRJjFw==
+  version "8.2.13"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.2.13.tgz#dbe043e26e3c068e45113b1ed6375d2d37e2129f"
+  integrity sha512-FCE5xLH+hjbzRdpbRb1IMCvPv9yZx2QnDarBEYSN0N0HYk+TcXsEhwdFcFb+SRWOKzKGErhIEbBK2ogyLdTtfQ==
  dependencies:
    colorette "^1.2.2"
    nanoid "^3.1.22"
@ -7706,9 +7825,9 @@ pretty-time@^1.1.0:
  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==

 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.25.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.25.0.tgz#6f822df1bdad965734b310b315a23315cf999756"
-  integrity sha512-WCjJHl1KEWbnkQom1+SzftbtXMKQoezOCYs5rECqMN+jP+apI7ftoflyqigqzopSO3hMhTEb0mFClA8lkolgEg==
+  version "1.27.0"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.27.0.tgz#bb6ee3138a0b438a3653dd4d6ce0cc6510a45057"
+  integrity sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==

 private@^0.1.8:
  version "0.1.8"
@ -7730,12 +7849,12 @@ promise-inflight@^1.0.1:
  resolved "https://registry.yarnpkg.com/promise-inflight/-/promise-inflight-1.0.1.tgz#98472870bf228132fcbdd868129bad12c3c029e3"
  integrity sha1-mEcocL8igTL8vdhoEputEsPAKeM=

-proxy-addr@^2.0.6, proxy-addr@~2.0.5:
-  version "2.0.6"
-  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.6.tgz#fdc2336505447d3f2f2c638ed272caf614bbb2bf"
-  integrity sha512-dh/frvCBVmSsDYzw6n926jv974gddhkFPfiN8hPOi30Wax25QZyZEGveluCgliBnqmuM+UJmBErbAUFIoDbjOw==
+proxy-addr@^2.0.6, proxy-addr@~2.0.7:
+  version "2.0.7"
+  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"
+  integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
  dependencies:
-    forwarded "~0.1.2"
+    forwarded "0.2.0"
    ipaddr.js "1.9.1"

 prr@^1.0.1, prr@~1.0.1:
@ -7826,15 +7945,17 @@ q@^1.1.2, q@^1.5.1:
  resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7"
  integrity sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=

-qs@6.7.0:
-  version "6.7.0"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
-  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
+qs@6.9.7:
+  version "6.9.7"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"
+  integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==

 qs@^6.9.4:
-  version "6.9.4"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.4.tgz#9090b290d1f91728d3c22e54843ca44aea5ab687"
-  integrity sha512-A1kFqHekCTM7cz0udomYUoYNWjBebHm/5wzU/XqrBRBNWectVH0QIiN+NEcZ0Dte5hvzHwbr8+XQmguPhJ6WdQ==
+  version "6.10.3"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.3.tgz#d6cde1b2ffca87b5aa57889816c5f81535e22e8e"
+  integrity sha512-wr7M2E0OFRfIfJZjKGieI8lBKb7fRCH4Fv5KNPEs7gJ8jadvotdsS08PzOKR7opXhZ/Xkjtt3WF9g38drmyRqQ==
+  dependencies:
+    side-channel "^1.0.4"

 qs@~6.5.2:
  version "6.5.2"
@ -7902,13 +8023,13 @@ range-parser@^1.2.1, range-parser@~1.2.1:
  resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
  integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==

-raw-body@2.4.0:
-  version "2.4.0"
-  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.0.tgz#a1ce6fb9c9bc356ca52e89256ab59059e13d0332"
-  integrity sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==
+raw-body@2.4.3:
+  version "2.4.3"
+  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.3.tgz#8f80305d11c2a0a545c2d9d89d7a0286fcead43c"
+  integrity sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==
  dependencies:
-    bytes "3.1.0"
-    http-errors "1.7.2"
+    bytes "3.1.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    unpipe "1.0.0"

@ -8261,7 +8382,7 @@ safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==

-safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@^5.2.1, safe-buffer@~5.2.0:
+safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@^5.2.1, safe-buffer@~5.2.0:
  version "5.2.1"
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
  integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
@ -8360,10 +8481,10 @@ semver@^7.3.2:
  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.2.tgz#604962b052b81ed0786aae84389ffba70ffd3938"
  integrity sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==

-send@0.17.1, send@^0.17.1:
-  version "0.17.1"
-  resolved "https://registry.yarnpkg.com/send/-/send-0.17.1.tgz#c1d8b059f7900f7466dd4938bdc44e11ddb376c8"
-  integrity sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==
+send@0.17.2, send@^0.17.1:
+  version "0.17.2"
+  resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820"
+  integrity sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==
  dependencies:
    debug "2.6.9"
    depd "~1.1.2"
@ -8372,9 +8493,9 @@ send@0.17.1, send@^0.17.1:
    escape-html "~1.0.3"
    etag "~1.8.1"
    fresh "0.5.2"
-    http-errors "~1.7.2"
+    http-errors "1.8.1"
    mime "1.6.0"
-    ms "2.1.1"
+    ms "2.1.3"
    on-finished "~2.3.0"
    range-parser "~1.2.1"
    statuses "~1.5.0"
@ -8411,15 +8532,15 @@ serve-index@^1.9.1:
    mime-types "~2.1.17"
    parseurl "~1.3.2"

-serve-static@1.14.1, serve-static@^1.14.1:
-  version "1.14.1"
-  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.1.tgz#666e636dc4f010f7ef29970a88a674320898b2f9"
-  integrity sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==
+serve-static@1.14.2, serve-static@^1.14.1:
+  version "1.14.2"
+  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.2.tgz#722d6294b1d62626d41b43a013ece4598d292bfa"
+  integrity sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==
  dependencies:
    encodeurl "~1.0.2"
    escape-html "~1.0.3"
    parseurl "~1.3.3"
-    send "0.17.1"
+    send "0.17.2"

 set-blocking@^2.0.0:
  version "2.0.0"
@ -8516,13 +8637,14 @@ shebang-regex@^3.0.0:
  resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172"
  integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==

-side-channel@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.2.tgz#df5d1abadb4e4bf4af1cd8852bf132d2f7876947"
-  integrity sha512-7rL9YlPHg7Ancea1S96Pa8/QWb4BtXL/TZvS6B8XFetGBeuhAsfmUspK6DokBeZ64+Kj9TCNRD/30pVz1BvQNA==
+side-channel@^1.0.2, side-channel@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.4.tgz#efce5c8fdc104ee751b25c58d4290011fa5ea2cf"
+  integrity sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==
  dependencies:
-    es-abstract "^1.17.0-next.1"
-    object-inspect "^1.7.0"
+    call-bind "^1.0.0"
+    get-intrinsic "^1.0.2"
+    object-inspect "^1.9.0"

 signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3:
  version "3.0.3"
@ -8754,10 +8876,10 @@ source-map-resolve@^0.6.0:
    atob "^2.1.2"
    decode-uri-component "^0.2.0"

-source-map-support@^0.5.19, source-map-support@~0.5.12:
-  version "0.5.19"
-  resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.19.tgz#a98b62f86dcaf4f67399648c085291ab9e8fed61"
-  integrity sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==
+source-map-support@^0.5.19, source-map-support@~0.5.12, source-map-support@~0.5.20:
+  version "0.5.21"
+  resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f"
+  integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==
  dependencies:
    buffer-from "^1.0.0"
    source-map "^0.6.0"
@ -9080,6 +9202,11 @@ strip-json-comments@~2.0.1:
  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
  integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=

+strnum@^1.0.4:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/strnum/-/strnum-1.0.5.tgz#5c4e829fe15ad4ff0d20c3db5ac97b73c9b072db"
+  integrity sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==
+
 stylehacks@^4.0.0, stylehacks@^4.0.3:
  version "4.0.3"
  resolved "https://registry.yarnpkg.com/stylehacks/-/stylehacks-4.0.3.tgz#6718fcaf4d1e07d8a1318690881e8d96726a71d5"
@ -9224,13 +9351,14 @@ terser@^4.1.2:
    source-map-support "~0.5.12"

 terser@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-5.0.0.tgz#269640e4e92f15d628de1e5f01c4c61e1ba3d765"
-  integrity sha512-olH2DwGINoSuEpSGd+BsPuAQaA3OrHnHnFL/rDB2TVNc3srUbz/rq/j2BlF4zDXI+JqAvGr86bIm1R2cJgZ3FA==
+  version "5.14.2"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.14.2.tgz#9ac9f22b06994d736174f4091aa368db896f1c10"
+  integrity sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==
  dependencies:
+    "@jridgewell/source-map" "^0.3.2"
+    acorn "^8.5.0"
    commander "^2.20.0"
-    source-map "~0.6.1"
-    source-map-support "~0.5.12"
+    source-map-support "~0.5.20"

 text-table@^0.2.0:
  version "0.2.0"
@ -9349,6 +9477,11 @@ toidentifier@1.0.0, toidentifier@^1.0.0:
  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==

+toidentifier@1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
+  integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
+
 toml@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/toml/-/toml-3.0.0.tgz#342160f1af1904ec9d204d03a5d61222d762c5ee"
@ -9447,7 +9580,7 @@ type-fest@^0.8.1:
  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.8.1.tgz#09e249ebde851d3b1e48d27c105444667f17b83d"
  integrity sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==

-type-is@^1.6.18, type-is@~1.6.17, type-is@~1.6.18:
+type-is@^1.6.18, type-is@~1.6.18:
  version "1.6.18"
  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131"
  integrity sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
@ -9664,9 +9797,9 @@ url-parse-lax@^3.0.0:
    prepend-http "^2.0.0"

 url-parse@^1.4.3, url-parse@^1.4.7:
-  version "1.5.2"
-  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.2.tgz#a4eff6fd5ff9fe6ab98ac1f79641819d13247cda"
-  integrity sha512-6bTUPERy1muxxYClbzoRo5qtQuyoGEbzbQvi0SW4/8U8UyVkAQhWFBlnigqJkRm4su4x1zDQfNbEzWkt+vchcg==
+  version "1.5.9"
+  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.9.tgz#05ff26484a0b5e4040ac64dcee4177223d74675e"
+  integrity sha512-HpOvhKBvre8wYez+QhHcYiVvVmeF6DVnuSOOPhe3cTum3BnqHhvKaZm8FU5yTiOu/Jut2ZpB2rA/SbBA1JIGlQ==
  dependencies:
    querystringify "^2.1.1"
    requires-port "^1.0.0"
--- a/frontend/js/app/api.js
+++ b/frontend/js/app/api.js
@ -515,76 +515,6 @@ module.exports = {
            }
        },

-        SslPassthroughHosts: {
-            /**
-             * @param   {Array}    [expand]
-             * @param   {String}   [query]
-             * @returns {Promise}
-             */
-            getFeatureEnabled: function () {
-                return fetch('get', 'ssl-passthrough-enabled');
-            },
-
-            /**
-             * @param   {Array}    [expand]
-             * @param   {String}   [query]
-             * @returns {Promise}
-             */
-            getAll: function (expand, query) {
-                return getAllObjects('nginx/ssl-passthrough-hosts', expand, query);
-            },
-
-            /**
-             * @param {Object}  data
-             */
-            create: function (data) {
-                return fetch('post', 'nginx/ssl-passthrough-hosts', data);
-            },
-
-            /**
-             * @param   {Object}   data
-             * @param   {Number}   data.id
-             * @returns {Promise}
-             */
-            update: function (data) {
-                let id = data.id;
-                delete data.id;
-                return fetch('put', 'nginx/ssl-passthrough-hosts/' + id, data);
-            },
-
-            /**
-             * @param   {Number}  id
-             * @returns {Promise}
-             */
-            delete: function (id) {
-                return fetch('delete', 'nginx/ssl-passthrough-hosts/' + id);
-            },
-
-            /**
-             * @param   {Number}  id
-             * @returns {Promise}
-             */
-            get: function (id) {
-                return fetch('get', 'nginx/ssl-passthrough-hosts/' + id);
-            },
-
-            /**
-             * @param   {Number}  id
-             * @returns {Promise}
-             */
-            enable: function (id) {
-                return fetch('post', 'nginx/ssl-passthrough-hosts/' + id + '/enable');
-            },
-
-            /**
-             * @param   {Number}  id
-             * @returns {Promise}
-             */
-            disable: function (id) {
-                return fetch('post', 'nginx/ssl-passthrough-hosts/' + id + '/disable');
-            }
-        },
-
        DeadHosts: {
            /**
             * @param   {Array}    [expand]
@ -755,6 +685,16 @@ module.exports = {
                return fetch('post', 'nginx/certificates/' + id + '/renew', undefined, {timeout});
            },

+            /**
+             * @param  {Number}  id
+             * @returns {Promise}
+             */
+            testHttpChallenge: function (domains) {
+                return fetch('get', 'nginx/certificates/test-http?' + new URLSearchParams({
+                    domains: JSON.stringify(domains),
+                }));
+            },
+
            /**
             * @param   {Number}  id
             * @returns {Promise}
--- a/frontend/js/app/audit-log/main.ejs
+++ b/frontend/js/app/audit-log/main.ejs
@ -2,6 +2,16 @@
    <div class="card-status bg-teal"></div>
    <div class="card-header">
        <h3 class="card-title"><%- i18n('audit-log', 'title') %></h3>
+        <div class="card-options">
+            <form class="search-form" role="search">
+                <div class="input-icon">
+                    <span class="input-icon-addon">
+                      <i class="fe fe-search"></i>
+                    </span>
+                    <input name="source-query" type="text" value="" class="form-control form-control-sm" placeholder="<%- i18n('audit-log', 'search') %>" aria-label="<%- i18n('audit-log', 'search') %>">
+                </div>
+            </form>
+        </div>
    </div>
    <div class="card-body no-padding min-100">
        <div class="dimmer active">
--- a/frontend/js/app/audit-log/main.js
+++ b/frontend/js/app/audit-log/main.js
@ -12,39 +12,68 @@ module.exports = Mn.View.extend({

    ui: {
        list_region: '.list-region',
-        dimmer:      '.dimmer'
+        dimmer:      '.dimmer',
+        search:      '.search-form',
+        query:       'input[name="source-query"]'
+    },
+
+    fetch: App.Api.AuditLog.getAll,
+
+    showData: function(response) {
+        this.showChildView('list_region', new ListView({
+            collection: new AuditLogModel.Collection(response)
+        }));
+    },
+
+    showError: function(err) {
+        this.showChildView('list_region', new ErrorView({
+            code:    err.code,
+            message: err.message,
+            retry:   function () {
+                App.Controller.showAuditLog();
+            }
+        }));
+
+        console.error(err);
+    },
+
+    showEmpty: function() {
+        this.showChildView('list_region', new EmptyView({
+            title:    App.i18n('audit-log', 'empty'),
+            subtitle: App.i18n('audit-log', 'empty-subtitle')
+        }));
    },

    regions: {
        list_region: '@ui.list_region'
    },

+    events: {
+        'submit @ui.search': function (e) {
+            e.preventDefault();
+            let query = this.ui.query.val();
+
+            this.fetch(['user'], query)
+                .then(response => this.showData(response))
+                .catch(err => {
+                    this.showError(err);
+                });
+        }
+    },
+
    onRender: function () {
        let view = this;

-        App.Api.AuditLog.getAll(['user'])
+        view.fetch(['user'])
            .then(response => {
                if (!view.isDestroyed() && response && response.length) {
-                    view.showChildView('list_region', new ListView({
-                        collection: new AuditLogModel.Collection(response)
-                    }));
+                    view.showData(response);
                } else {
-                    view.showChildView('list_region', new EmptyView({
-                        title:    App.i18n('audit-log', 'empty'),
-                        subtitle: App.i18n('audit-log', 'empty-subtitle')
-                    }));
+                    view.showEmpty();
                }
            })
            .catch(err => {
-                view.showChildView('list_region', new ErrorView({
-                    code:    err.code,
-                    message: err.message,
-                    retry:   function () {
-                        App.Controller.showAuditLog();
-                    }
-                }));
-
-                console.error(err);
+                view.showError(err);
            })
            .then(() => {
                view.ui.dimmer.removeClass('active');
--- a/frontend/js/app/controller.js
+++ b/frontend/js/app/controller.js
@ -221,46 +221,6 @@ module.exports = {
        }
    },

-     /**
-     * Nginx SSL Passthrough Hosts
-     */
-      showNginxSslPassthrough: function () {
-        if (Cache.User.isAdmin() || Cache.User.canView('ssl_passthrough_hosts')) {
-            let controller = this;
-
-            require(['./main', './nginx/ssl-passthrough/main'], (App, View) => {
-                controller.navigate('/nginx/ssl-passthrough');
-                App.UI.showAppContent(new View());
-            });
-        }
-    },
-
-    /**
-     * SSL Passthrough Hosts Form
-     *
-     * @param [model]
-     */
-     showNginxSslPassthroughForm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('ssl_passthrough_hosts')) {
-            require(['./main', './nginx/ssl-passthrough/form'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
-            });
-        }
-    },
-
-    /**
-     * SSL Passthrough Hosts Delete Confirm
-     *
-     * @param model
-     */
-     showNginxSslPassthroughDeleteConfirm: function (model) {
-        if (Cache.User.isAdmin() || Cache.User.canManage('ssl_passthrough_hosts')) {
-            require(['./main', './nginx/ssl-passthrough/delete'], function (App, View) {
-                App.UI.showModalDialog(new View({model: model}));
-            });
-        }
-    },
-
    /**
     * Nginx Dead Hosts
     */
@ -406,6 +366,19 @@ module.exports = {
        }
    },

+    /**
+     * Certificate Test Reachability
+     *
+     * @param model
+     */
+    showNginxCertificateTestReachability: function (model) {
+      if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
+        require(['./main', './nginx/certificates/test'], function (App, View) {
+          App.UI.showModalDialog(new View({model: model}));
+        });
+      }
+    },
+
    /**
     * Audit Log
     */
--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 .9.9
 .9.22