Fix credentials

Update version 'certbot-beget-plugin'
2025-06-18 10:06:26 +00:00 · 2024-11-10 19:23:28 +04:00 · 2024-11-10 18:31:07 +04:00 · 2024-11-10 16:16:45 +04:00 · 2024-11-10 15:09:41 +04:00 · 2024-11-08 02:29:38 +04:00
278 changed files with 11728 additions and 18497 deletions
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -0,0 +1,21 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+  workflow_dispatch:
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          stale-issue-label: 'stale'
+          stale-pr-label: 'stale'
+          stale-issue-message: 'Issue is now considered stale. If you want to keep it open, please comment :+1:'
+          stale-pr-message: 'PR is now considered stale. If you want to keep it open, please comment :+1:'
+          close-issue-message: 'Issue was closed due to inactivity.'
+          close-pr-message: 'PR was closed due to inactivity.'
+          days-before-stale: 182
+          days-before-close: 365
+          operations-per-run: 50
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,7 @@
 ._*
 .vscode
 certbot-help.txt
+test/node_modules
+*/node_modules
+docker/dev/dnsrouter-config.json.tmp
+docker/dev/resolv.conf
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.10.3
+2.12.1
--- a/187
+++ b/187
@ -17,13 +17,9 @@ pipeline {
 		IMAGE                      = 'nginx-proxy-manager'
 		BUILD_VERSION              = getVersion()
 		MAJOR_VERSION              = '2'
-		BRANCH_LOWER               = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
-		COMPOSE_PROJECT_NAME       = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}"
-		COMPOSE_FILE               = 'docker/docker-compose.ci.yml'
+		BRANCH_LOWER               = "${BRANCH_NAME.toLowerCase().replaceAll('\\\\', '-').replaceAll('/', '-').replaceAll('\\.', '-')}"
+		BUILDX_NAME                = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}"
 		COMPOSE_INTERACTIVE_NO_CLI = 1
-		BUILDX_NAME                = "${COMPOSE_PROJECT_NAME}"
-		DOCS_BUCKET                = 'jc21-npm-site'
-		DOCS_CDN                   = 'EN1G6DEWZUTDT'
 	}
 	stages {
 		stage('Environment') {
@ -47,7 +43,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}"
 						}
 					}
 				}
@ -60,9 +56,18 @@ pipeline {
 						sh 'sed -i -E "s/(version-)[0-9]+\\.[0-9]+\\.[0-9]+(-green)/\\1${BUILD_VERSION}\\2/" README.md'
 					}
 				}
+				stage('Docker Login') {
+					steps {
+						withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
+							sh 'docker login -u "${duser}" -p "${dpass}"'
 						}
 					}
-		stage('Build and Test') {
+				}
+			}
+		}
+		stage('Builds') {
+			parallel {
+				stage('Project') {
 					steps {
 						script {
 							// Frontend and Backend
@ -86,79 +91,80 @@ pipeline {
 						}
 					}
 				}
-		stage('Integration Tests Sqlite') {
-			steps {
-				// Bring up a stack
-				sh 'docker-compose up -d fullstack-sqlite'
-				sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-sqlite) 120'
-				// Stop and Start it, as this will test it's ability to restart with existing data
-				sh 'docker-compose stop fullstack-sqlite'
-				sh 'docker-compose start fullstack-sqlite'
-				sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-sqlite) 120'
-
-				// Run tests
-				sh 'rm -rf test/results'
-				sh 'docker-compose up cypress-sqlite'
-				// Get results
-				sh 'docker cp -L "$(docker-compose ps --all -q cypress-sqlite):/test/results" test/'
-			}
-			post {
-				always {
-					// Dumps to analyze later
-					sh 'mkdir -p debug'
-					sh 'docker-compose logs fullstack-sqlite > debug/docker_fullstack_sqlite.log'
-					sh 'docker-compose logs db > debug/docker_db.log'
-					// Cypress videos and screenshot artifacts
-					dir(path: 'test/results') {
-						archiveArtifacts allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml'
-					}
-					junit 'test/results/junit/*'
-				}
-			}
-		}
-		stage('Integration Tests Mysql') {
-			steps {
-				// Bring up a stack
-				sh 'docker-compose up -d fullstack-mysql'
-				sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-mysql) 120'
-
-				// Run tests
-				sh 'rm -rf test/results'
-				sh 'docker-compose up cypress-mysql'
-				// Get results
-				sh 'docker cp -L "$(docker-compose ps --all -q cypress-mysql):/test/results" test/'
-			}
-			post {
-				always {
-					// Dumps to analyze later
-					sh 'mkdir -p debug'
-					sh 'docker-compose logs fullstack-mysql > debug/docker_fullstack_mysql.log'
-					sh 'docker-compose logs db > debug/docker_db.log'
-					// Cypress videos and screenshot artifacts
-					dir(path: 'test/results') {
-						archiveArtifacts allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml'
-					}
-					junit 'test/results/junit/*'
-				}
-			}
-		}
 				stage('Docs') {
+					steps {
+						dir(path: 'docs') {
+							sh 'yarn install'
+							sh 'yarn build'
+						}
+					}
+				}
+			}
+		}
+		stage('Test Sqlite') {
+			environment {
+				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_sqlite"
+				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.sqlite.yml'
+			}
 			when {
 				not {
 					equals expected: 'UNSTABLE', actual: currentBuild.result
 				}
 			}
 			steps {
-				dir(path: 'docs') {
-					sh 'yarn install'
-					sh 'yarn build'
+				sh 'rm -rf ./test/results/junit/*'
+				sh './scripts/ci/fulltest-cypress'
+			}
+			post {
+				always {
+					// Dumps to analyze later
+					sh 'mkdir -p debug/sqlite'
+					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/sqlite/docker_fullstack.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/sqlite/docker_stepca.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/sqlite/docker_pdns.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/sqlite/docker_pdns-db.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/sqlite/docker_dnsrouter.log 2>&1'
+					junit 'test/results/junit/*'
+					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
+				}
+				unstable {
+					dir(path: 'testing/results') {
+						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
+					}
+				}
+			}
+		}
+		stage('Test Mysql') {
+			environment {
+				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_mysql"
+				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.mysql.yml'
+			}
+			when {
+				not {
+					equals expected: 'UNSTABLE', actual: currentBuild.result
+				}
+			}
+			steps {
+				sh 'rm -rf ./test/results/junit/*'
+				sh './scripts/ci/fulltest-cypress'
+			}
+			post {
+				always {
+					// Dumps to analyze later
+					sh 'mkdir -p debug/mysql'
+					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/mysql/docker_fullstack.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/mysql/docker_stepca.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/mysql/docker_pdns.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/mysql/docker_pdns-db.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/mysql/docker_dnsrouter.log 2>&1'
+					junit 'test/results/junit/*'
+					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
+				}
+				unstable {
+					dir(path: 'testing/results') {
+						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
-
-				dir(path: 'docs/.vuepress/dist') {
-					sh 'tar -czf ../../docs.tgz *'
 				}
-
-				archiveArtifacts(artifacts: 'docs/docs.tgz', allowEmptyArchive: false)
 			}
 		}
 		stage('MultiArch Build') {
@ -168,23 +174,22 @@ pipeline {
 				}
 			}
 			steps {
-				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
-					sh 'docker login -u "${duser}" -p "${dpass}"'
 				sh "./scripts/buildx --push ${buildxPushTags}"
 			}
 		}
-		}
-		stage('Docs Deploy') {
+		stage('Docs / Comment') {
+			parallel {
+				stage('Docs Job') {
 					when {
 						allOf {
-					branch 'master'
+							branch pattern: "^(develop|master)\$", comparator: "REGEXP"
 							not {
 								equals expected: 'UNSTABLE', actual: currentBuild.result
 							}
 						}
 					}
 					steps {
-				npmDocsRelease("$DOCS_BUCKET", "$DOCS_CDN")
+						build wait: false, job: 'nginx-proxy-manager-docs', parameters: [string(name: 'docs_branch', value: "$BRANCH_NAME")]
 					}
 				}
 				stage('PR Comment') {
@ -198,30 +203,30 @@ pipeline {
 					}
 					steps {
 						script {
-					npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
+							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
+[DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
+as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
+
+**Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
+**Note:** this is a different docker image namespace than the official image
+""", true)
+						}
+					}
 				}
 			}
 		}
 	}
 	post {
 		always {
-			sh 'docker-compose down --remove-orphans --volumes -t 30'
 			sh 'echo Reverting ownership'
-			sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
-		}
-		success {
-			juxtapose event: 'success'
-			sh 'figlet "SUCCESS"'
+			sh 'docker run --rm -v "$(pwd):/data" jc21/ci-tools chown -R "$(id -u):$(id -g)" /data'
+			printResult(true)
 		}
 		failure {
-			archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true)
-			juxtapose event: 'failure'
-			sh 'figlet "FAILURE"'
+			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
 		}
 		unstable {
-			archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true)
-			juxtapose event: 'unstable'
-			sh 'figlet "UNSTABLE"'
+			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
 		}
 	}
 }
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.10.3-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@ -19,7 +19,7 @@ running at home or otherwise, including free SSL, without having to know too muc

 ## Project Goal

-I created this project to fill a personal need to provide users with a easy way to accomplish reverse
+I created this project to fill a personal need to provide users with an easy way to accomplish reverse
 proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed.
 While there might be advanced options they are optional and the project should be as simple as possible
 so that the barrier for entry here is low.
@ -56,10 +56,9 @@ I won't go in to too much detail here but here are the basics for someone new to
 2. Create a docker-compose.yml file similar to this:

 ```yml
-version: '3.8'
 services:
  app:
-    image: 'jc21/nginx-proxy-manager:latest'
+    image: 'docker.io/jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
@ -98,7 +97,18 @@ Password: changeme
 Immediately after logging in with this default user you will be asked to modify your details and change your password.


-## Contributors
+## Contributing
+
+All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch.
+
+CI is used in this project. All PR's must pass before being considered. After passing,
+docker builds for PR's are available on dockerhub for manual verifications.
+
+Documentation within the `develop` branch is available for preview at
+[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com)
+
+
+### Contributors

 Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).

@ -107,5 +117,4 @@ Special thanks to [all of our contributors](https://github.com/NginxProxyManager

 1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
 2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
-3. [Development Gitter](https://gitter.im/nginx-proxy-manager/community)
-4. [Reddit](https://reddit.com/r/nginxproxymanager)
+3. [Reddit](https://reddit.com/r/nginxproxymanager)
--- a/backend/.vscode/settings.json
+++ b/backend/.vscode/settings.json
@ -1,8 +0,0 @@
-{
-	"editor.insertSpaces": false,
-	"editor.formatOnSave": true,
-	"files.trimTrailingWhitespace": true,
-	"editor.codeActionsOnSave": {
-		"source.fixAll.eslint": true
-	}
-}
--- a/backend/app.js
+++ b/backend/app.js
@ -52,7 +52,7 @@ app.use(function (req, res, next) {
 });

 app.use(require('./lib/express/jwt')());
-app.use('/', require('./routes/api/main'));
+app.use('/', require('./routes/main'));

 // production error handler
 // no stacktraces leaked to user
--- a/backend/config/default.json
+++ b/backend/config/default.json
@ -1,6 +1,6 @@
 {
  "database": {
-    "engine": "mysql",
+    "engine": "mysql2",
    "host": "db",
    "name": "npm",
    "user": "npm",
--- a/backend/doc/api.swagger.json
+++ b/backend/doc/api.swagger.json
--- a/backend/index.js
+++ b/backend/index.js
@ -1,23 +1,20 @@
 #!/usr/bin/env node

+const schema = require('./schema');
 const logger = require('./logger').global;

 async function appStart () {
 	const migrate             = require('./migrate');
 	const setup               = require('./setup');
 	const app                 = require('./app');
-	const apiValidator        = require('./lib/validator/api');
 	const internalCertificate = require('./internal/certificate');
 	const internalIpRanges    = require('./internal/ip_ranges');

 	return migrate.latest()
 		.then(setup)
-		.then(() => {
-			return apiValidator.loadSchemas;
-		})
+		.then(schema.getCompiledSchema)
 		.then(internalIpRanges.fetch)
 		.then(() => {
-
 			internalCertificate.initTimer();
 			internalIpRanges.initTimer();

@ -34,7 +31,7 @@ async function appStart () {
 			});
 		})
 		.catch((err) => {
-			logger.error(err.message);
+			logger.error(err.message, err);
 			setTimeout(appStart, 1000);
 		});
 }
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@ -204,7 +204,6 @@ const internalAccessList = {
 						});
 				}
 			})
-			.then(internalNginx.reload)
 			.then(() => {
 				// Add to audit log
 				return internalAuditLog.add(access, {
@ -227,7 +226,7 @@ const internalAccessList = {
 						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
-					})
+					}).then(internalNginx.reload)
 					.then(() => {
 						return internalAccessList.maskItems(row);
 					});
@ -270,7 +269,7 @@ const internalAccessList = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
@ -297,7 +296,7 @@ const internalAccessList = {
 				return internalAccessList.get(access, {id: data.id, expand: ['proxy_hosts', 'items', 'clients']});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}

--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -3,25 +3,29 @@ const fs               = require('fs');
 const https            = require('https');
 const tempWrite        = require('temp-write');
 const moment           = require('moment');
+const archiver         = require('archiver');
+const path             = require('path');
+const { isArray }      = require('lodash');
 const logger           = require('../logger').ssl;
 const config           = require('../lib/config');
 const error            = require('../lib/error');
 const utils            = require('../lib/utils');
+const certbot          = require('../lib/certbot');
 const certificateModel = require('../models/certificate');
-const dnsPlugins       = require('../global/certbot-dns-plugins');
+const tokenModel       = require('../models/token');
+const dnsPlugins       = require('../global/certbot-dns-plugins.json');
 const internalAuditLog = require('./audit-log');
 const internalNginx    = require('./nginx');
 const internalHost     = require('./host');
-const archiver         = require('archiver');
-const path             = require('path');
-const { isArray }      = require('lodash');
+

 const letsencryptStaging = config.useLetsencryptStaging();
+const letsencryptServer  = config.useLetsencryptServer();
 const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';

 function omissions() {
-	return ['is_deleted'];
+	return ['is_deleted', 'owner.is_deleted'];
 }

 const internalCertificate = {
@ -30,6 +34,7 @@ const internalCertificate = {
 	intervalTimeout:         1000 * 60 * 60, // 1 hour
 	interval:                null,
 	intervalProcessing:      false,
+	renewBeforeExpirationBy: [30, 'days'],

 	initTimer: () => {
 		logger.info('Let\'s Encrypt Renewal Timer initialized');
@ -44,62 +49,51 @@ const internalCertificate = {
 	processExpiringHosts: () => {
 		if (!internalCertificate.intervalProcessing) {
 			internalCertificate.intervalProcessing = true;
-			logger.info('Renewing SSL certs close to expiry...');
+			logger.info('Renewing SSL certs expiring within ' + internalCertificate.renewBeforeExpirationBy[0] + ' ' + internalCertificate.renewBeforeExpirationBy[1] + ' ...');

-			const cmd = certbotCommand + ' renew --non-interactive --quiet ' +
-				'--config "' + letsencryptConfig + '" ' +
-				'--work-dir "/tmp/letsencrypt-lib" ' +
-				'--logs-dir "/tmp/letsencrypt-log" ' +
-				'--preferred-challenges "dns,http" ' +
-				'--disable-hook-validation ' +
-				(letsencryptStaging ? '--staging' : '');
+			const expirationThreshold = moment().add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]).format('YYYY-MM-DD HH:mm:ss');

-			return utils.exec(cmd)
-				.then((result) => {
-					if (result) {
-						logger.info('Renew Result: ' + result);
-					}
-
-					return internalNginx.reload()
-						.then(() => {
-							logger.info('Renew Complete');
-							return result;
-						});
-				})
-				.then(() => {
-					// Now go and fetch all the letsencrypt certs from the db and query the files and update expiry times
-					return certificateModel
+			// Fetch all the letsencrypt certs from the db that will expire within the configured threshold
+			certificateModel
 				.query()
 				.where('is_deleted', 0)
 				.andWhere('provider', 'letsencrypt')
+				.andWhere('expires_on', '<', expirationThreshold)
 				.then((certificates) => {
-							if (certificates && certificates.length) {
-								let promises = [];
+					if (!certificates || !certificates.length) {
+						return null;
+					}

-								certificates.map(function (certificate) {
-									promises.push(
-										internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
-											.then((cert_info) => {
-												return certificateModel
-													.query()
-													.where('id', certificate.id)
-													.andWhere('provider', 'letsencrypt')
-													.patch({
-														expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
-													});
-											})
+					/**
+					 * Renews must be run sequentially or we'll get an error 'Another
+					 * instance of Certbot is already running.'
+					 */
+					let sequence = Promise.resolve();
+
+					certificates.forEach(function (certificate) {
+						sequence = sequence.then(() =>
+							internalCertificate
+								.renew(
+									{
+										can: () =>
+											Promise.resolve({
+												permission_visibility: 'all',
+											}),
+										token: new tokenModel(),
+									},
+									{ id: certificate.id },
+								)
 								.catch((err) => {
 									// Don't want to stop the train here, just log the error
 									logger.error(err.message);
-											})
+								}),
 						);
 					});

-								return Promise.all(promises);
-							}
-						});
+					return sequence;
 				})
 				.then(() => {
+					logger.info('Completed SSL cert renew process');
 					internalCertificate.intervalProcessing = false;
 				})
 				.catch((err) => {
@ -215,6 +209,7 @@ const internalCertificate = {
 										.patchAndFetchById(certificate.id, {
 											expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 										})
+										.then(utils.omitRow(omissions()))
 										.then((saved_row) => {
 											// Add cert data for audit log
 											saved_row.meta = _.assign({}, saved_row.meta, {
@ -331,7 +326,7 @@ const internalCertificate = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
@ -420,7 +415,7 @@ const internalCertificate = {
 				return internalCertificate.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}

@ -738,29 +733,29 @@ const internalCertificate = {

 		return utils.exec('openssl x509 -in ' + certificate_file + ' -subject -noout')
 			.then((result) => {
+				// Examples:
+				// subject=CN = *.jc21.com
 				// subject=CN = something.example.com
 				const regex = /(?:subject=)?[^=]+=\s+(\S+)/gim;
 				const match = regex.exec(result);
-
-				if (typeof match[1] === 'undefined') {
-					throw new error.ValidationError('Could not determine subject from certificate: ' + result);
-				}
-
+				if (match && typeof match[1] !== 'undefined') {
 					certData['cn'] = match[1];
+				}
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -issuer -noout');
 			})
+
 			.then((result) => {
+				// Examples:
 				// issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
+				// issuer=C = US, O = Let's Encrypt, CN = E5
+				// issuer=O = NginxProxyManager, CN = NginxProxyManager Intermediate CA","O = NginxProxyManager, CN = NginxProxyManager Intermediate CA
 				const regex = /^(?:issuer=)?(.*)$/gim;
 				const match = regex.exec(result);
-
-				if (typeof match[1] === 'undefined') {
-					throw new error.ValidationError('Could not determine issuer from certificate: ' + result);
-				}
-
+				if (match && typeof match[1] !== 'undefined') {
 					certData['issuer'] = match[1];
+				}
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -dates -noout');
@ -835,17 +830,18 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

-		const cmd = certbotCommand + ' certonly ' +
-			'--config "' + letsencryptConfig + '" ' +
+		const cmd = `${certbotCommand} certonly ` +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name "npm-${certificate.id}" ` +
 			'--agree-tos ' +
 			'--authenticator webroot ' +
-			'--email "' + certificate.meta.letsencrypt_email + '" ' +
+			`--email '${certificate.meta.letsencrypt_email}' ` +
 			'--preferred-challenges "dns,http" ' +
-			'--domains "' + certificate.domain_names.join(',') + '" ' +
-			(letsencryptStaging ? '--staging' : '');
+			`--domains "${certificate.domain_names.join(',')}" ` +
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');

 		logger.info('Command:', cmd);

@ -858,74 +854,65 @@ const internalCertificate = {

 	/**
 	 * @param   {Object}         certificate          the certificate row
-	 * @param   {String}         dns_provider         the dns provider name (key used in `certbot-dns-plugins.js`)
+	 * @param   {String}         dns_provider         the dns provider name (key used in `certbot-dns-plugins.json`)
 	 * @param   {String | null}  credentials          the content of this providers credentials file
-	 * @param   {String}         propagation_seconds  the cloudflare api token
+	 * @param   {String}         propagation_seconds
 	 * @returns {Promise}
 	 */
-	requestLetsEncryptSslWithDnsChallenge: (certificate) => {
-		const dns_plugin = dnsPlugins[certificate.meta.dns_provider];
-
-		if (!dns_plugin) {
-			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
-		}
-
-		logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+	requestLetsEncryptSslWithDnsChallenge: async (certificate) => {
+		await certbot.installPlugin(certificate.meta.dns_provider);
+		const dnsPlugin = dnsPlugins[certificate.meta.dns_provider];
+		logger.info(`Requesting Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);

 		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
-		// Escape single quotes and backslashes
-		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
-		const credentialsCmd     = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
-		// we call `. /opt/certbot/bin/activate` (`.` is alternative to `source` in dash) to access certbot venv
-		const prepareCmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir --user ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';
+		fs.mkdirSync('/etc/letsencrypt/credentials', { recursive: true });
+		fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, {mode: 0o600});

 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';

 		let mainCmd = certbotCommand + ' certonly ' +
-			'--config "' + letsencryptConfig + '" ' +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name 'npm-${certificate.id}' ` +
 			'--agree-tos ' +
-			'--email "' + certificate.meta.letsencrypt_email + '" ' +
-			'--domains "' + certificate.domain_names.join(',') + '" ' +
-			'--authenticator ' + dns_plugin.full_plugin_name + ' ' +
+			`--email '${certificate.meta.letsencrypt_email}' ` +
+			`--domains '${certificate.domain_names.join(',')}' ` +
+			`--authenticator '${dnsPlugin.full_plugin_name}' ` +
 			(
 				hasConfigArg
-					? '--' + dns_plugin.full_plugin_name + '-credentials "' + credentialsLocation + '"'
+					? `--${dnsPlugin.full_plugin_name}-credentials '${credentialsLocation}' `
 					: ''
 			) +
 			(
 				certificate.meta.propagation_seconds !== undefined
-					? ' --' + dns_plugin.full_plugin_name + '-propagation-seconds ' + certificate.meta.propagation_seconds
+					? `--${dnsPlugin.full_plugin_name}-propagation-seconds '${certificate.meta.propagation_seconds}' `
 					: ''
 			) +
-			(letsencryptStaging ? ' --staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');

 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
 			mainCmd = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
 		}

-		logger.info('Command:', `${credentialsCmd} && ${prepareCmd} && ${mainCmd}`);
+		if (certificate.meta.dns_provider === 'duckdns') {
+			mainCmd = mainCmd + ' --dns-duckdns-no-txt-restore';
+		}

-		return utils.exec(credentialsCmd)
-			.then(() => {
-				return utils.exec(prepareCmd)
-					.then(() => {
-						return utils.exec(mainCmd)
-							.then(async (result) => {
+		logger.info('Command:', mainCmd);
+
+		try {
+			const result = await utils.exec(mainCmd);
 			logger.info(result);
 			return result;
-							});
-					});
-			}).catch(async (err) => {
-				// Don't fail if file does not exist
-				const delete_credentialsCmd = `rm -f '${credentialsLocation}' || true`;
-				await utils.exec(delete_credentialsCmd);
+		} catch (err) {
+			// Don't fail if file does not exist, so no need for action in the callback
+			fs.unlink(credentialsLocation, () => {});
 			throw err;
-			});
+		}
 	},


@ -981,14 +968,15 @@ const internalCertificate = {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

 		const cmd = certbotCommand + ' renew --force-renewal ' +
-			'--config "' + letsencryptConfig + '" ' +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name 'npm-${certificate.id}' ` +
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
-			(letsencryptStaging ? '--staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');

 		logger.info('Command:', cmd);

@ -1004,22 +992,23 @@ const internalCertificate = {
 	 * @returns {Promise}
 	 */
 	renewLetsEncryptSslWithDnsChallenge: (certificate) => {
-		const dns_plugin = dnsPlugins[certificate.meta.dns_provider];
+		const dnsPlugin = dnsPlugins[certificate.meta.dns_provider];

-		if (!dns_plugin) {
+		if (!dnsPlugin) {
 			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
 		}

-		logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info(`Renewing Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);

-		let mainCmd = certbotCommand + ' renew ' +
-			'--config "' + letsencryptConfig + '" ' +
+		let mainCmd = certbotCommand + ' renew --force-renewal ' +
+			`--config "${letsencryptConfig}" ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name 'npm-${certificate.id}' ` +
 			'--disable-hook-validation ' +
 			'--no-random-sleep-on-renew ' +
-			(letsencryptStaging ? ' --staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');

 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@ -1045,10 +1034,13 @@ const internalCertificate = {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

 		const mainCmd = certbotCommand + ' revoke ' +
-			'--config "' + letsencryptConfig + '" ' +
-			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
+			`--config '${letsencryptConfig}' ` +
+			'--work-dir "/tmp/letsencrypt-lib" ' +
+			'--logs-dir "/tmp/letsencrypt-log" ' +
+			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
 			'--delete-after-revoke ' +
-			(letsencryptStaging ? '--staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');

 		// Don't fail command if file does not exist
 		const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;
@ -1163,6 +1155,7 @@ const internalCertificate = {
 			const options  = {
 				method:  'POST',
 				headers: {
+					'User-Agent':     'Mozilla/5.0',
 					'Content-Type':   'application/x-www-form-urlencoded',
 					'Content-Length': Buffer.byteLength(formBody)
 				}
@ -1175,12 +1168,22 @@ const internalCertificate = {

 					res.on('data', (chunk) => responseBody = responseBody + chunk);
 					res.on('end', function () {
+						try {
 							const parsedBody = JSON.parse(responseBody + '');
 							if (res.statusCode !== 200) {
-							logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
+								logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`);
+								resolve(undefined);
+							} else {
+								resolve(parsedBody);
+							}
+						} catch (err) {
+							if (res.statusCode !== 200) {
+								logger.warn(`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`);
+							} else {
+								logger.warn(`Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`);
+							}
 							resolve(undefined);
 						}
-						resolve(parsedBody);
 					});
 				});

@ -1194,6 +1197,9 @@ const internalCertificate = {
 			if (!result) {
 				// Some error occurred while trying to get the data
 				return 'failed';
+			} else if (result.error) {
+				logger.info(`HTTP challenge test failed for domain ${domain} because error was returned: ${result.error.msg}`);
+				return `other:${result.error.msg}`;
 			} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
 				// Server exists and has responded with the correct data
 				return 'ok';
--- a/backend/internal/dead-host.js
+++ b/backend/internal/dead-host.js
@ -48,6 +48,12 @@ const internalDeadHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);

+				// Fix for db field not having a default value
+				// for this optional field.
+				if (typeof data.advanced_config === 'undefined') {
+					data.advanced_config = '';
+				}
+
 				return deadHostModel
 					.query()
 					.insertAndFetch(data)
@ -233,7 +239,7 @@ const internalDeadHost = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
@ -257,7 +263,7 @@ const internalDeadHost = {
 				return internalDeadHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}

@ -305,7 +311,7 @@ const internalDeadHost = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@ -351,7 +357,7 @@ const internalDeadHost = {
 				return internalDeadHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -181,7 +181,9 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host) => {
+	generateConfig: (host_type, host_row) => {
+		// Prevent modifying the original object:
+		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);

 		if (config.debug()) {
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -8,7 +8,7 @@ const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');

 function omissions () {
-	return ['is_deleted'];
+	return ['is_deleted', 'owner.is_deleted'];
 }

 const internalProxyHost = {
@ -48,6 +48,12 @@ const internalProxyHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);

+				// Fix for db field not having a default value
+				// for this optional field.
+				if (typeof data.advanced_config === 'undefined') {
+					data.advanced_config = '';
+				}
+
 				return proxyHostModel
 					.query()
 					.insertAndFetch(data)
@ -225,7 +231,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
+					.allowGraph('[owner,access_list.[clients,items],certificate]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
@ -239,7 +245,7 @@ const internalProxyHost = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
@ -264,7 +270,7 @@ const internalProxyHost = {
 				return internalProxyHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}

@ -312,7 +318,7 @@ const internalProxyHost = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@ -358,7 +364,7 @@ const internalProxyHost = {
 				return internalProxyHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');
--- a/backend/internal/redirection-host.js
+++ b/backend/internal/redirection-host.js
@ -48,6 +48,12 @@ const internalRedirectionHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);

+				// Fix for db field not having a default value
+				// for this optional field.
+				if (typeof data.advanced_config === 'undefined') {
+					data.advanced_config = '';
+				}
+
 				return redirectionHostModel
 					.query()
 					.insertAndFetch(data)
@ -232,7 +238,7 @@ const internalRedirectionHost = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
@ -257,7 +263,7 @@ const internalRedirectionHost = {
 				return internalRedirectionHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}

@ -305,7 +311,7 @@ const internalRedirectionHost = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@ -351,7 +357,7 @@ const internalRedirectionHost = {
 				return internalRedirectionHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');
--- a/backend/internal/stream.js
+++ b/backend/internal/stream.js
@ -128,7 +128,7 @@ const internalStream = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
@ -152,7 +152,7 @@ const internalStream = {
 				return internalStream.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}

@ -200,7 +200,7 @@ const internalStream = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@ -246,7 +246,7 @@ const internalStream = {
 				return internalStream.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');
--- a/backend/internal/user.js
+++ b/backend/internal/user.js
@ -194,7 +194,7 @@ const internalUser = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
--- a/backend/knexfile.js
+++ b/backend/knexfile.js
@ -1,6 +1,6 @@
 module.exports = {
 	development: {
-		client:     'mysql',
+		client:     'mysql2',
 		migrations: {
 			tableName: 'migrations',
 			stub:      'lib/migrate_template.js',
@ -9,7 +9,7 @@ module.exports = {
 	},

 	production: {
-		client:     'mysql',
+		client:     'mysql2',
 		migrations: {
 			tableName: 'migrations',
 			stub:      'lib/migrate_template.js',
--- a/backend/lib/access.js
+++ b/backend/lib/access.js
@ -10,7 +10,7 @@

 const _              = require('lodash');
 const logger         = require('../logger').access;
-const validator      = require('ajv');
+const Ajv            = require('ajv/dist/2020');
 const error          = require('./error');
 const userModel      = require('../models/user');
 const proxyHostModel = require('../models/proxy_host');
@ -174,7 +174,6 @@ module.exports = function (token_string) {

 		let schema = {
 			$id:                  'objects',
-			$schema:              'http://json-schema.org/draft-07/schema#',
 			description:          'Actor Properties',
 			type:                 'object',
 			additionalProperties: false,
@ -251,7 +250,7 @@ module.exports = function (token_string) {
 						// Initialised, token decoded ok
 						return this.getObjectSchema(permission)
 							.then((objectSchema) => {
-								let data_schema = {
+								const data_schema = {
 									[permission]: {
 										data:                         data,
 										scope:                        Token.get('scope'),
@ -267,24 +266,18 @@ module.exports = function (token_string) {
 								};

 								let permissionSchema = {
-									$schema:              'http://json-schema.org/draft-07/schema#',
 									$async:               true,
 									$id:                  'permissions',
+									type:                 'object',
 									additionalProperties: false,
 									properties:           {}
 								};

 								permissionSchema.properties[permission] = require('./access/' + permission.replace(/:/gim, '-') + '.json');

-								// logger.info('objectSchema', JSON.stringify(objectSchema, null, 2));
-								// logger.info('permissionSchema', JSON.stringify(permissionSchema, null, 2));
-								// logger.info('data_schema', JSON.stringify(data_schema, null, 2));
-
-								let ajv = validator({
+								const ajv = new Ajv({
 									verbose:      true,
 									allErrors:    true,
-									format:       'full',
-									missingRefs:  'fail',
 									breakOnError: true,
 									coerceTypes:  true,
 									schemas:      [
--- a/backend/lib/access/permissions.json
+++ b/backend/lib/access/permissions.json
@ -1,5 +1,4 @@
 {
-	"$schema": "http://json-schema.org/draft-07/schema#",
 	"$id": "perms",
 	"definitions": {
 		"view": {
--- a/backend/lib/access/roles.json
+++ b/backend/lib/access/roles.json
@ -1,5 +1,4 @@
 {
-	"$schema": "http://json-schema.org/draft-07/schema#",
 	"$id": "roles",
 	"definitions": {
 		"admin": {
--- a/backend/lib/certbot.js
+++ b/backend/lib/certbot.js
@ -0,0 +1,78 @@
+const dnsPlugins = require('../global/certbot-dns-plugins.json');
+const utils      = require('./utils');
+const error      = require('./error');
+const logger     = require('../logger').certbot;
+const batchflow  = require('batchflow');
+
+const CERTBOT_VERSION_REPLACEMENT = '$(certbot --version | grep -Eo \'[0-9](\\.[0-9]+)+\')';
+
+const certbot = {
+
+	/**
+	 * @param {array} pluginKeys
+	 */
+	installPlugins: async function (pluginKeys) {
+		let hasErrors = false;
+
+		return new Promise((resolve, reject) => {
+			if (pluginKeys.length === 0) {
+				resolve();
+				return;
+			}
+
+			batchflow(pluginKeys).sequential()
+				.each((i, pluginKey, next) => {
+					certbot.installPlugin(pluginKey)
+						.then(() => {
+							next();
+						})
+						.catch((err) => {
+							hasErrors = true;
+							next(err);
+						});
+				})
+				.error((err) => {
+					logger.error(err.message);
+				})
+				.end(() => {
+					if (hasErrors) {
+						reject(new error.CommandError('Some plugins failed to install. Please check the logs above', 1));
+					} else {
+						resolve();
+					}
+				});
+		});
+	},
+
+	/**
+	 * Installs a cerbot plugin given the key for the object from
+	 * ../global/certbot-dns-plugins.json
+	 *
+	 * @param   {string}  pluginKey
+	 * @returns {Object}
+	 */
+	installPlugin: async function (pluginKey) {
+		if (typeof dnsPlugins[pluginKey] === 'undefined') {
+			// throw Error(`Certbot plugin ${pluginKey} not found`);
+			throw new error.ItemNotFoundError(pluginKey);
+		}
+
+		const plugin = dnsPlugins[pluginKey];
+		logger.start(`Installing ${pluginKey}...`);
+
+		plugin.version      = plugin.version.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
+		plugin.dependencies = plugin.dependencies.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
+
+		const cmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir ' + plugin.dependencies + ' ' + plugin.package_name + plugin.version + ' ' + ' && deactivate';
+		return utils.exec(cmd)
+			.then((result) => {
+				logger.complete(`Installed ${pluginKey}`);
+				return result;
+			})
+			.catch((err) => {
+				throw err;
+			});
+	},
+};
+
+module.exports = certbot;
--- a/backend/lib/config.js
+++ b/backend/lib/config.js
@ -34,7 +34,7 @@ const configure = () => {
 		logger.info('Using MySQL configuration');
 		instance = {
 			database: {
-				engine:   'mysql',
+				engine:   'mysql2',
 				host:     envMysqlHost,
 				port:     process.env.DB_MYSQL_PORT || 3306,
 				user:     envMysqlUser,
@ -93,7 +93,7 @@ const generateKeys = () => {
 	try {
 		fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2));
 	} catch (err) {
-		logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' . err.message);
+		logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' + err.message);
 		process.exit(1);
 	}
 	logger.info('Wrote JWT key pair to config file: ' + keysFile);
@ -180,5 +180,15 @@ module.exports = {
 	 */
 	useLetsencryptStaging: function () {
 		return !!process.env.LE_STAGING;
+	},
+
+	/**
+	 * @returns {string|null}
+	 */
+	useLetsencryptServer: function () {
+		if (process.env.LE_SERVER) {
+			return process.env.LE_SERVER;
+		}
+		return null;
 	}
 };
--- a/backend/lib/error.js
+++ b/backend/lib/error.js
@ -82,7 +82,16 @@ module.exports = {
 		this.message  = message;
 		this.public   = false;
 		this.status   = 400;
-	}
+	},
+
+	CommandError: function (stdErr, code, previous) {
+		Error.captureStackTrace(this, this.constructor);
+		this.name     = this.constructor.name;
+		this.previous = previous;
+		this.message  = stdErr;
+		this.code     = code;
+		this.public   = false;
+	},
 };

 _.forEach(module.exports, function (error) {
--- a/backend/lib/express/cors.js
+++ b/backend/lib/express/cors.js
@ -1,25 +1,5 @@
-const validator = require('../validator');
-
 module.exports = function (req, res, next) {
-
 	if (req.headers.origin) {
-
-		const originSchema = {
-			oneOf: [
-				{
-					type:    'string',
-					pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$'
-				},
-				{
-					type:    'string',
-					pattern: '^[a-z\\-]+:\\/\\/(?:\\[([a-z0-9]{0,4}\\:?)+\\])?/?(:[0-9]+)?$'
-				}
-			]
-		};
-
-		// very relaxed validation....
-		validator(originSchema, req.headers.origin)
-			.then(function () {
 		res.set({
 			'Access-Control-Allow-Origin':      req.headers.origin,
 			'Access-Control-Allow-Credentials': true,
@ -29,12 +9,8 @@ module.exports = function (req, res, next) {
 			'Access-Control-Expose-Headers':    'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
 		});
 		next();
-			})
-			.catch(next);
-
 	} else {
 		// No origin
 		next();
 	}
-
 };
--- a/backend/lib/helpers.js
+++ b/backend/lib/helpers.js
@ -27,6 +27,24 @@ module.exports = {
 		}

 		return null;
+	},
+
+	convertIntFieldsToBool: function (obj, fields) {
+		fields.forEach(function (field) {
+			if (typeof obj[field] !== 'undefined') {
+				obj[field] = obj[field] === 1;
+			}
+		});
+		return obj;
+	},
+
+	convertBoolFieldsToInt: function (obj, fields) {
+		fields.forEach(function (field) {
+			if (typeof obj[field] !== 'undefined') {
+				obj[field] = obj[field] ? 1 : 0;
+			}
+		});
+		return obj;
 	}

 };
--- a/backend/lib/utils.js
+++ b/backend/lib/utils.js
@ -3,23 +3,27 @@ const exec       = require('child_process').exec;
 const execFile   = require('child_process').execFile;
 const { Liquid } = require('liquidjs');
 const logger     = require('../logger').global;
+const error      = require('./error');

 module.exports = {

-	/**
-	 * @param   {String} cmd
-	 * @returns {Promise}
-	 */
-	exec: function (cmd) {
-		return new Promise((resolve, reject) => {
-			exec(cmd, function (err, stdout, /*stderr*/) {
-				if (err && typeof err === 'object') {
-					reject(err);
+	exec: async function(cmd, options = {}) {
+		logger.debug('CMD:', cmd);
+
+		const { stdout, stderr } = await new Promise((resolve, reject) => {
+			const child = exec(cmd, options, (isError, stdout, stderr) => {
+				if (isError) {
+					reject(new error.CommandError(stderr, isError));
 				} else {
-					resolve(stdout.trim());
+					resolve({ stdout, stderr });
 				}
 			});
+
+			child.on('error', (e) => {
+				reject(new error.CommandError(stderr, 1, e));
 			});
+		});
+		return stdout;
 	},

 	/**
@ -28,7 +32,8 @@ module.exports = {
 	 * @returns {Promise}
 	 */
 	execFile: function (cmd, args) {
-		logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
+		// logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
+
 		return new Promise((resolve, reject) => {
 			execFile(cmd, args, function (err, stdout, /*stderr*/) {
 				if (err && typeof err === 'object') {
--- a/backend/lib/validator/api.js
+++ b/backend/lib/validator/api.js
@ -1,13 +1,12 @@
+const Ajv   = require('ajv/dist/2020');
 const error = require('../error');
-const path   = require('path');
-const parser = require('json-schema-ref-parser');

-const ajv = require('ajv')({
+const ajv = new Ajv({
 	verbose:         true,
-	validateSchema: true,
-	allErrors:      false,
-	format:         'full',
-	coerceTypes:    true
+	allErrors:       true,
+	allowUnionTypes: true,
+	strict:          false,
+	coerceTypes:     true,
 });

 /**
@ -17,12 +16,18 @@ const ajv = require('ajv')({
 */
 function apiValidator (schema, payload/*, description*/) {
 	return new Promise(function Promise_apiValidator (resolve, reject) {
-		if (typeof payload === 'undefined') {
-			reject(new error.ValidationError('Payload is undefined'));
+		if (schema === null) {
+			reject(new error.ValidationError('Schema is undefined'));
+			return;
 		}

-		let validate = ajv.compile(schema);
-		let valid    = validate(payload);
+		if (typeof payload === 'undefined') {
+			reject(new error.ValidationError('Payload is undefined'));
+			return;
+		}
+
+		const validate = ajv.compile(schema);
+		const valid    = validate(payload);

 		if (valid && !validate.errors) {
 			resolve(payload);
@ -35,11 +40,4 @@ function apiValidator (schema, payload/*, description*/) {
 	});
 }

-apiValidator.loadSchemas = parser
-	.dereference(path.resolve('schema/index.json'))
-	.then((schema) => {
-		ajv.addSchema(schema);
-		return schema;
-	});
-
 module.exports = apiValidator;
--- a/backend/lib/validator/index.js
+++ b/backend/lib/validator/index.js
@ -1,17 +1,17 @@
 const _                 = require('lodash');
+const Ajv               = require('ajv/dist/2020');
 const error             = require('../error');
-const definitions = require('../../schema/definitions.json');
+const commonDefinitions = require('../../schema/common.json');

 RegExp.prototype.toJSON = RegExp.prototype.toString;

-const ajv = require('ajv')({
+const ajv = new Ajv({
 	verbose:         true,
 	allErrors:       true,
-	format:      'full',  // strict regexes for format checks
+	allowUnionTypes: true,
 	coerceTypes:     true,
-	schemas:     [
-		definitions
-	]
+	strict:          false,
+	schemas:         [commonDefinitions]
 });

 /**
@ -27,23 +27,19 @@ function validator (schema, payload) {
 		} else {
 			try {
 				let validate = ajv.compile(schema);
-
 				let valid    = validate(payload);
+
 				if (valid && !validate.errors) {
 					resolve(_.cloneDeep(payload));
 				} else {
 					let message = ajv.errorsText(validate.errors);
 					reject(new error.InternalValidationError(message));
 				}
-
 			} catch (err) {
 				reject(err);
 			}
-
 		}
-
 	});
-
 }

 module.exports = validator;
--- a/backend/logger.js
+++ b/backend/logger.js
@ -7,6 +7,7 @@ module.exports = {
 	access:    new Signale({scope: 'Access   '}),
 	nginx:     new Signale({scope: 'Nginx    '}),
 	ssl:       new Signale({scope: 'SSL      '}),
+	certbot:   new Signale({scope: 'Certbot  '}),
 	import:    new Signale({scope: 'Importer '}),
 	setup:     new Signale({scope: 'Setup    '}),
 	ip_ranges: new Signale({scope: 'IP Ranges'})
--- a/backend/models/access_list.js
+++ b/backend/models/access_list.js
@ -2,6 +2,7 @@
 // http://vincit.github.io/objection.js/

 const db               = require('../db');
+const helpers          = require('../lib/helpers');
 const Model            = require('objection').Model;
 const User             = require('./user');
 const AccessListAuth   = require('./access_list_auth');
@ -10,6 +11,12 @@ const now              = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+	'satisfy_any',
+	'pass_auth',
+];
+
 class AccessList extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -25,6 +32,16 @@ class AccessList extends Model {
 		this.modified_on = now();
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'AccessList';
 	}
--- a/backend/models/auth.js
+++ b/backend/models/auth.js
@ -3,12 +3,17 @@

 const bcrypt  = require('bcrypt');
 const db      = require('../db');
+const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
 const User    = require('./user');
 const now     = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+];
+
 function encryptPassword () {
 	/* jshint -W040 */
 	let _this = this;
@ -41,6 +46,16 @@ class Auth extends Model {
 		return encryptPassword.apply(this, queryContext);
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	/**
 	 * Verify a plain password against the encrypted password
 	 *
--- a/backend/models/certificate.js
+++ b/backend/models/certificate.js
@ -2,12 +2,17 @@
 // http://vincit.github.io/objection.js/

 const db      = require('../db');
+const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
 const User    = require('./user');
 const now     = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+];
+
 class Certificate extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -40,6 +45,16 @@ class Certificate extends Model {
 		}
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'Certificate';
 	}
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@ -2,6 +2,7 @@
 // http://vincit.github.io/objection.js/

 const db          = require('../db');
+const helpers     = require('../lib/helpers');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const Certificate = require('./certificate');
@ -9,6 +10,11 @@ const now         = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+	'enabled',
+];
+
 class DeadHost extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -36,6 +42,16 @@ class DeadHost extends Model {
 		}
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'DeadHost';
 	}
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@ -2,6 +2,7 @@
 // http://vincit.github.io/objection.js/

 const db          = require('../db');
+const helpers     = require('../lib/helpers');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const AccessList  = require('./access_list');
@ -10,6 +11,18 @@ const now         = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+	'ssl_forced',
+	'caching_enabled',
+	'block_exploits',
+	'allow_websocket_upgrade',
+	'http2_support',
+	'enabled',
+	'hsts_enabled',
+	'hsts_subdomains',
+];
+
 class ProxyHost extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -37,6 +50,16 @@ class ProxyHost extends Model {
 		}
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'ProxyHost';
 	}
--- a/backend/models/redirection_host.js
+++ b/backend/models/redirection_host.js
@ -3,6 +3,7 @@
 // http://vincit.github.io/objection.js/

 const db          = require('../db');
+const helpers     = require('../lib/helpers');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const Certificate = require('./certificate');
@ -10,6 +11,14 @@ const now         = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+	'enabled',
+	'preserve_path',
+	'ssl_forced',
+	'block_exploits',
+];
+
 class RedirectionHost extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -37,6 +46,16 @@ class RedirectionHost extends Model {
 		}
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'RedirectionHost';
 	}
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@ -2,12 +2,19 @@
 // http://vincit.github.io/objection.js/

 const db      = require('../db');
+const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
 const User    = require('./user');
 const now     = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+	'tcp_forwarding',
+	'udp_forwarding',
+];
+
 class Stream extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -23,6 +30,16 @@ class Stream extends Model {
 		this.modified_on = now();
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'Stream';
 	}
--- a/backend/models/user.js
+++ b/backend/models/user.js
@ -2,12 +2,18 @@
 // http://vincit.github.io/objection.js/

 const db             = require('../db');
+const helpers        = require('../lib/helpers');
 const Model          = require('objection').Model;
 const UserPermission = require('./user_permission');
 const now            = require('./now_helper');

 Model.knex(db);

+const boolFields = [
+	'is_deleted',
+	'is_disabled',
+];
+
 class User extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@ -23,6 +29,16 @@ class User extends Model {
 		this.modified_on = now();
 	}

+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'User';
 	}
--- a/backend/package.json
+++ b/backend/package.json
@ -2,24 +2,24 @@
 	"name": "nginx-proxy-manager",
 	"version": "0.0.0",
 	"description": "A beautiful interface for creating Nginx endpoints",
-	"main": "js/index.js",
+	"main": "index.js",
 	"dependencies": {
-		"ajv": "^6.12.0",
+		"@apidevtools/json-schema-ref-parser": "^11.7.0",
+		"ajv": "^8.17.1",
 		"archiver": "^5.3.0",
 		"batchflow": "^0.4.0",
 		"bcrypt": "^5.0.0",
-		"body-parser": "^1.19.0",
+		"body-parser": "^1.20.3",
 		"compression": "^1.7.4",
-		"express": "^4.17.3",
+		"express": "^4.20.0",
 		"express-fileupload": "^1.1.9",
 		"gravatar": "^1.8.0",
-		"json-schema-ref-parser": "^8.0.0",
 		"jsonwebtoken": "^9.0.0",
 		"knex": "2.4.2",
 		"liquidjs": "10.6.1",
 		"lodash": "^4.17.21",
 		"moment": "^2.29.4",
-		"mysql": "^2.18.1",
+		"mysql2": "^3.11.1",
 		"node-rsa": "^1.0.8",
 		"objection": "3.0.1",
 		"path": "^0.12.7",
@ -34,9 +34,14 @@
 	"author": "Jamie Curnow <jc@jc21.com>",
 	"license": "MIT",
 	"devDependencies": {
+		"@apidevtools/swagger-parser": "^10.1.0",
+		"chalk": "4.1.2",
 		"eslint": "^8.36.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
 		"nodemon": "^2.0.2",
 		"prettier": "^2.0.4"
+	},
+	"scripts": {
+		"validate-schema": "node validate-schema.js"
 	}
 }
--- a/backend/routes/api/audit-log.js
+++ b/backend/routes/api/audit-log.js
@ -1,7 +1,7 @@
 const express          = require('express');
-const validator        = require('../../lib/validator');
-const jwtdecode        = require('../../lib/express/jwt-decode');
-const internalAuditLog = require('../../internal/audit-log');
+const validator        = require('../lib/validator');
+const jwtdecode        = require('../lib/express/jwt-decode');
+const internalAuditLog = require('../internal/audit-log');

 let router = express.Router({
 	caseSensitive: true,
@ -14,7 +14,7 @@ let router = express.Router({
 */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -29,10 +29,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
--- a/backend/routes/api/main.js
+++ b/backend/routes/api/main.js
@ -1,6 +1,6 @@
 const express = require('express');
-const pjson   = require('../../package.json');
-const error   = require('../../lib/error');
+const pjson   = require('../package.json');
+const error   = require('../lib/error');

 let router = express.Router({
 	caseSensitive: true,
@ -43,7 +43,7 @@ router.use('/nginx/certificates', require('./nginx/certificates'));
 *
 * ALL /api/*
 */
-router.all(/(.+)/, function (req, res, next) {
+router.all(/(.+)/, function (req, _, next) {
 	req.params.page = req.params['0'];
 	next(new error.ItemNotFoundError(req.params.page));
 });
--- a/backend/routes/api/nginx/access_lists.js
+++ b/backend/routes/api/nginx/access_lists.js
@ -1,8 +1,9 @@
 const express            = require('express');
-const validator          = require('../../../lib/validator');
-const jwtdecode          = require('../../../lib/express/jwt-decode');
-const internalAccessList = require('../../../internal/access-list');
-const apiValidator       = require('../../../lib/validator/api');
+const validator          = require('../../lib/validator');
+const jwtdecode          = require('../../lib/express/jwt-decode');
+const apiValidator       = require('../../lib/validator/api');
+const internalAccessList = require('../../internal/access-list');
+const schema             = require('../../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -56,7 +57,7 @@ router
 	 * Create a new access-list
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/access-lists#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/access-lists', 'post'), req.body)
 			.then((payload) => {
 				return internalAccessList.create(res.locals.access, payload);
 			})
@ -74,7 +75,7 @@ router
 */
 router
 	.route('/:list_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				list_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -119,7 +120,7 @@ router
 	 * Update and existing access-list
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/access-lists#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/access-lists/{listID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.list_id, 10);
 				return internalAccessList.update(res.locals.access, payload);
--- a/backend/routes/api/nginx/certificates.js
+++ b/backend/routes/api/nginx/certificates.js
@ -1,8 +1,10 @@
 const express             = require('express');
-const validator           = require('../../../lib/validator');
-const jwtdecode           = require('../../../lib/express/jwt-decode');
-const internalCertificate = require('../../../internal/certificate');
-const apiValidator        = require('../../../lib/validator/api');
+const error               = require('../../lib/error');
+const validator           = require('../../lib/validator');
+const jwtdecode           = require('../../lib/express/jwt-decode');
+const apiValidator        = require('../../lib/validator/api');
+const internalCertificate = require('../../internal/certificate');
+const schema              = require('../../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -15,7 +17,7 @@ let router = express.Router({
 */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -30,10 +32,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -56,7 +58,7 @@ router
 	 * Create a new certificate
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/certificates#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/certificates', 'post'), req.body)
 			.then((payload) => {
 				req.setTimeout(900000); // 15 minutes timeout
 				return internalCertificate.create(res.locals.access, payload);
@ -75,17 +77,22 @@ router
 */
 router
 	.route('/test-http')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

-/**
+	/**
 	 * GET /api/nginx/certificates/test-http
 	 *
 	 * Test HTTP challenge for domains
 	 */
 	.get((req, res, next) => {
+		if (req.query.domains === undefined) {
+			next(new error.ValidationError('Domains are required as query parameters'));
+			return;
+		}
+
 		internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
 			.then((result) => {
 				res.status(200)
@ -101,7 +108,7 @@ router
 */
 router
 	.route('/:certificate_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -117,10 +124,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				certificate_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -140,24 +147,6 @@ router
 			.catch(next);
 	})

-	/**
-	 * PUT /api/nginx/certificates/123
-	 *
-	 * Update and existing certificate
-	 */
-	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/certificates#/links/2/schema'}, req.body)
-			.then((payload) => {
-				payload.id = parseInt(req.params.certificate_id, 10);
-				return internalCertificate.update(res.locals.access, payload);
-			})
-			.then((result) => {
-				res.status(200)
-					.send(result);
-			})
-			.catch(next);
-	})
-
 	/**
 	 * DELETE /api/nginx/certificates/123
 	 *
@ -179,7 +168,7 @@ router
 */
 router
 	.route('/:certificate_id/upload')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -213,7 +202,7 @@ router
 */
 router
 	.route('/:certificate_id/renew')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -270,7 +259,7 @@ router
 */
 router
 	.route('/validate')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
--- a/backend/routes/api/nginx/dead_hosts.js
+++ b/backend/routes/api/nginx/dead_hosts.js
@ -1,8 +1,9 @@
 const express          = require('express');
-const validator        = require('../../../lib/validator');
-const jwtdecode        = require('../../../lib/express/jwt-decode');
-const internalDeadHost = require('../../../internal/dead-host');
-const apiValidator     = require('../../../lib/validator/api');
+const validator        = require('../../lib/validator');
+const jwtdecode        = require('../../lib/express/jwt-decode');
+const apiValidator     = require('../../lib/validator/api');
+const internalDeadHost = require('../../internal/dead-host');
+const schema           = require('../../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -15,7 +16,7 @@ let router = express.Router({
 */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -56,7 +57,7 @@ router
 	 * Create a new dead-host
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/dead-hosts#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/dead-hosts', 'post'), req.body)
 			.then((payload) => {
 				return internalDeadHost.create(res.locals.access, payload);
 			})
@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				host_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -119,7 +120,7 @@ router
 	 * Update and existing dead-host
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/dead-hosts#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/dead-hosts/{hostID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.host_id, 10);
 				return internalDeadHost.update(res.locals.access, payload);
@ -152,7 +153,7 @@ router
 */
 router
 	.route('/:host_id/enable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -176,7 +177,7 @@ router
 */
 router
 	.route('/:host_id/disable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
--- a/backend/routes/api/nginx/proxy_hosts.js
+++ b/backend/routes/api/nginx/proxy_hosts.js
@ -1,8 +1,9 @@
 const express           = require('express');
-const validator         = require('../../../lib/validator');
-const jwtdecode         = require('../../../lib/express/jwt-decode');
-const internalProxyHost = require('../../../internal/proxy-host');
-const apiValidator      = require('../../../lib/validator/api');
+const validator         = require('../../lib/validator');
+const jwtdecode         = require('../../lib/express/jwt-decode');
+const apiValidator      = require('../../lib/validator/api');
+const internalProxyHost = require('../../internal/proxy-host');
+const schema            = require('../../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -56,7 +57,7 @@ router
 	 * Create a new proxy-host
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/proxy-hosts#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/proxy-hosts', 'post'), req.body)
 			.then((payload) => {
 				return internalProxyHost.create(res.locals.access, payload);
 			})
@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				host_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -119,7 +120,7 @@ router
 	 * Update and existing proxy-host
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/proxy-hosts#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/proxy-hosts/{hostID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.host_id, 10);
 				return internalProxyHost.update(res.locals.access, payload);
@ -152,7 +153,7 @@ router
 */
 router
 	.route('/:host_id/enable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -176,7 +177,7 @@ router
 */
 router
 	.route('/:host_id/disable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
--- a/backend/routes/api/nginx/redirection_hosts.js
+++ b/backend/routes/api/nginx/redirection_hosts.js
@ -1,8 +1,9 @@
 const express                 = require('express');
-const validator               = require('../../../lib/validator');
-const jwtdecode               = require('../../../lib/express/jwt-decode');
-const internalRedirectionHost = require('../../../internal/redirection-host');
-const apiValidator            = require('../../../lib/validator/api');
+const validator               = require('../../lib/validator');
+const jwtdecode               = require('../../lib/express/jwt-decode');
+const apiValidator            = require('../../lib/validator/api');
+const internalRedirectionHost = require('../../internal/redirection-host');
+const schema                  = require('../../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -56,7 +57,7 @@ router
 	 * Create a new redirection-host
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/redirection-hosts#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/redirection-hosts', 'post'), req.body)
 			.then((payload) => {
 				return internalRedirectionHost.create(res.locals.access, payload);
 			})
@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				host_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -119,7 +120,7 @@ router
 	 * Update and existing redirection-host
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/redirection-hosts#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/redirection-hosts/{hostID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.host_id, 10);
 				return internalRedirectionHost.update(res.locals.access, payload);
--- a/backend/routes/api/nginx/streams.js
+++ b/backend/routes/api/nginx/streams.js
@ -1,8 +1,9 @@
 const express        = require('express');
-const validator      = require('../../../lib/validator');
-const jwtdecode      = require('../../../lib/express/jwt-decode');
-const internalStream = require('../../../internal/stream');
-const apiValidator   = require('../../../lib/validator/api');
+const validator      = require('../../lib/validator');
+const jwtdecode      = require('../../lib/express/jwt-decode');
+const apiValidator   = require('../../lib/validator/api');
+const internalStream = require('../../internal/stream');
+const schema         = require('../../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -56,7 +57,7 @@ router
 	 * Create a new stream
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/streams#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/streams', 'post'), req.body)
 			.then((payload) => {
 				return internalStream.create(res.locals.access, payload);
 			})
@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				stream_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -119,7 +120,7 @@ router
 	 * Update and existing stream
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/streams#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/streams/{streamID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.stream_id, 10);
 				return internalStream.update(res.locals.access, payload);
@ -152,7 +153,7 @@ router
 */
 router
 	.route('/:host_id/enable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -176,7 +177,7 @@ router
 */
 router
 	.route('/:host_id/disable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
--- a/backend/routes/api/reports.js
+++ b/backend/routes/api/reports.js
@ -1,6 +1,6 @@
 const express        = require('express');
-const jwtdecode      = require('../../lib/express/jwt-decode');
-const internalReport = require('../../internal/report');
+const jwtdecode      = require('../lib/express/jwt-decode');
+const internalReport = require('../internal/report');

 let router = express.Router({
 	caseSensitive: true,
@ -10,14 +10,14 @@ let router = express.Router({

 router
 	.route('/hosts')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})

 	/**
 	 * GET /reports/hosts
 	 */
-	.get(jwtdecode(), (req, res, next) => {
+	.get(jwtdecode(), (_, res, next) => {
 		internalReport.getHostsReport(res.locals.access)
 			.then((data) => {
 				res.status(200)
--- a/backend/routes/api/schema.js
+++ b/backend/routes/api/schema.js
@ -1,8 +1,8 @@
 const express = require('express');
-const swaggerJSON = require('../../doc/api.swagger.json');
-const PACKAGE     = require('../../package.json');
+const schema  = require('../schema');
+const PACKAGE = require('../package.json');

-let router = express.Router({
+const router = express.Router({
 	caseSensitive: true,
 	strict:        true,
 	mergeParams:   true
@ -10,14 +10,16 @@ let router = express.Router({

 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})

 	/**
 	 * GET /schema
 	 */
-	.get((req, res/*, next*/) => {
+	.get(async (req, res) => {
+		let swaggerJSON = await schema.getCompiledSchema();
+
 		let proto = req.protocol;
 		if (typeof req.headers['x-forwarded-proto'] !== 'undefined' && req.headers['x-forwarded-proto']) {
 			proto = req.headers['x-forwarded-proto'];
--- a/backend/routes/api/settings.js
+++ b/backend/routes/api/settings.js
@ -1,8 +1,9 @@
 const express         = require('express');
-const validator       = require('../../lib/validator');
-const jwtdecode       = require('../../lib/express/jwt-decode');
-const internalSetting = require('../../internal/setting');
-const apiValidator    = require('../../lib/validator/api');
+const validator       = require('../lib/validator');
+const jwtdecode       = require('../lib/express/jwt-decode');
+const apiValidator    = require('../lib/validator/api');
+const internalSetting = require('../internal/setting');
+const schema          = require('../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -15,7 +16,7 @@ let router = express.Router({
 */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -25,7 +26,7 @@ router
 	 *
 	 * Retrieve all settings
 	 */
-	.get((req, res, next) => {
+	.get((_, res, next) => {
 		internalSetting.getAll(res.locals.access)
 			.then((rows) => {
 				res.status(200)
@ -41,7 +42,7 @@ router
 */
 router
 	.route('/:setting_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -57,7 +58,8 @@ router
 			additionalProperties: false,
 			properties:           {
 				setting_id: {
-					$ref: 'definitions#/definitions/setting_id'
+					type:      'string',
+					minLength: 1
 				}
 			}
 		}, {
@ -81,7 +83,7 @@ router
 	 * Update and existing setting
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/settings#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/settings/{settingID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.setting_id;
 				return internalSetting.update(res.locals.access, payload);
--- a/backend/routes/api/tokens.js
+++ b/backend/routes/api/tokens.js
@ -1,7 +1,8 @@
 const express       = require('express');
-const jwtdecode     = require('../../lib/express/jwt-decode');
-const internalToken = require('../../internal/token');
-const apiValidator  = require('../../lib/validator/api');
+const jwtdecode     = require('../lib/express/jwt-decode');
+const apiValidator  = require('../lib/validator/api');
+const internalToken = require('../internal/token');
+const schema        = require('../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -11,7 +12,7 @@ let router = express.Router({

 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})

@ -39,11 +40,9 @@ router
 	 *
 	 * Create a new Token
 	 */
-	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/tokens#/links/0/schema'}, req.body)
-			.then((payload) => {
-				return internalToken.getTokenFromEmail(payload);
-			})
+	.post(async (req, res, next) => {
+		apiValidator(schema.getValidationSchema('/tokens', 'post'), req.body)
+			.then(internalToken.getTokenFromEmail)
 			.then((data) => {
 				res.status(200)
 					.send(data);
--- a/backend/routes/api/users.js
+++ b/backend/routes/api/users.js
@ -1,9 +1,10 @@
 const express      = require('express');
-const validator    = require('../../lib/validator');
-const jwtdecode    = require('../../lib/express/jwt-decode');
-const userIdFromMe = require('../../lib/express/user-id-from-me');
-const internalUser = require('../../internal/user');
-const apiValidator = require('../../lib/validator/api');
+const validator    = require('../lib/validator');
+const jwtdecode    = require('../lib/express/jwt-decode');
+const userIdFromMe = require('../lib/express/user-id-from-me');
+const internalUser = require('../internal/user');
+const apiValidator = require('../lib/validator/api');
+const schema       = require('../schema');

 let router = express.Router({
 	caseSensitive: true,
@ -16,7 +17,7 @@ let router = express.Router({
 */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -31,10 +32,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@ -48,7 +49,11 @@ router
 				res.status(200)
 					.send(users);
 			})
-			.catch(next);
+			.catch((err) => {
+				console.log(err);
+				next(err);
+			});
+		//.catch(next);
 	})

 	/**
@ -57,7 +62,7 @@ router
 	 * Create a new User
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users', 'post'), req.body)
 			.then((payload) => {
 				return internalUser.create(res.locals.access, payload);
 			})
@ -75,7 +80,7 @@ router
 */
 router
 	.route('/:user_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@ -92,10 +97,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				user_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@ -113,7 +118,10 @@ router
 				res.status(200)
 					.send(user);
 			})
-			.catch(next);
+			.catch((err) => {
+				console.log(err);
+				next(err);
+			});
 	})

 	/**
@ -122,7 +130,7 @@ router
 	 * Update and existing user
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users/{userID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.user_id;
 				return internalUser.update(res.locals.access, payload);
@ -167,7 +175,7 @@ router
 	 * Update password for a user
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/4/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users/{userID}/auth', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.user_id;
 				return internalUser.setPassword(res.locals.access, payload);
@ -198,7 +206,7 @@ router
 	 * Set some or all permissions for a user
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/5/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users/{userID}/permissions', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.user_id;
 				return internalUser.setPermissions(res.locals.access, payload);
@ -217,7 +225,7 @@ router
 */
 router
 	.route('/:user_id/login')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
--- a/backend/schema/common.json
+++ b/backend/schema/common.json
@ -0,0 +1,115 @@
+{
+	"$schema": "https://json-schema.org/draft/2020-12/schema",
+	"$id": "common",
+	"type": "object",
+	"properties": {
+		"id": {
+			"description": "Unique identifier",
+			"readOnly": true,
+			"type": "integer",
+			"minimum": 1
+		},
+		"expand": {
+			"anyOf": [
+				{
+					"type": "null"
+				},
+				{
+					"type": "array",
+					"minItems": 1,
+					"items": {
+						"type": "string"
+					}
+				}
+			]
+		},
+		"query": {
+			"anyOf": [
+				{
+					"type": "null"
+				},
+				{
+					"type": "string",
+					"minLength": 1,
+					"maxLength": 255
+				}
+			]
+		},
+		"created_on": {
+			"description": "Date and time of creation",
+			"readOnly": true,
+			"type": "string"
+		},
+		"modified_on": {
+			"description": "Date and time of last update",
+			"readOnly": true,
+			"type": "string"
+		},
+		"user_id": {
+			"description": "User ID",
+			"type": "integer",
+			"minimum": 1
+		},
+		"certificate_id": {
+			"description": "Certificate ID",
+			"anyOf": [
+				{
+					"type": "integer",
+					"minimum": 0
+				},
+				{
+					"type": "string",
+					"pattern": "^new$"
+				}
+			]
+		},
+		"access_list_id": {
+			"description": "Access List ID",
+			"type": "integer",
+			"minimum": 0
+		},
+		"domain_names": {
+			"description": "Domain Names separated by a comma",
+			"type": "array",
+			"minItems": 1,
+			"maxItems": 100,
+			"uniqueItems": true,
+			"items": {
+				"type": "string",
+				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
+			}
+		},
+		"enabled": {
+			"description": "Is Enabled",
+			"type": "boolean"
+		},
+		"ssl_forced": {
+			"description": "Is SSL Forced",
+			"type": "boolean"
+		},
+		"hsts_enabled": {
+			"description": "Is HSTS Enabled",
+			"type": "boolean"
+		},
+		"hsts_subdomains": {
+			"description": "Is HSTS applicable to all subdomains",
+			"type": "boolean"
+		},
+		"ssl_provider": {
+			"type": "string",
+			"pattern": "^(letsencrypt|other)$"
+		},
+		"http2_support": {
+			"description": "HTTP2 Protocol Support",
+			"type": "boolean"
+		},
+		"block_exploits": {
+			"description": "Should we block common exploits",
+			"type": "boolean"
+		},
+		"caching_enabled": {
+			"description": "Should we cache assets",
+			"type": "boolean"
+		}
+	}
+}
--- a/backend/schema/components/access-list-object.json
+++ b/backend/schema/components/access-list-object.json
@ -0,0 +1,53 @@
+{
+	"type": "object",
+	"description": "Access List object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "name", "directive", "address", "satisfy_any", "pass_auth", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"name": {
+			"type": "string",
+			"minLength": 1
+		},
+		"directive": {
+			"type": "string",
+			"enum": ["allow", "deny"]
+		},
+		"address": {
+			"oneOf": [
+				{
+					"type": "string",
+					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^all$"
+				}
+			]
+		},
+		"satisfy_any": {
+			"type": "boolean"
+		},
+		"pass_auth": {
+			"type": "boolean"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}
--- a/backend/schema/components/audit-log-object.json
+++ b/backend/schema/components/audit-log-object.json
@ -0,0 +1,32 @@
+{
+	"type": "object",
+	"description": "Audit Log object",
+	"required": ["id", "created_on", "modified_on", "user_id", "object_type", "object_id", "action", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"object_type": {
+			"type": "string"
+		},
+		"object_id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"action": {
+			"type": "string"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}
--- a/backend/schema/components/certificate-list.json
+++ b/backend/schema/components/certificate-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Certificates list",
+	"items": {
+		"$ref": "./certificate-object.json"
+	}
+}
--- a/backend/schema/components/certificate-object.json
+++ b/backend/schema/components/certificate-object.json
@ -0,0 +1,81 @@
+{
+	"type": "object",
+	"description": "Certificate object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "provider", "nice_name", "domain_names", "expires_on", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"provider": {
+			"$ref": "../common.json#/properties/ssl_provider"
+		},
+		"nice_name": {
+			"type": "string",
+			"description": "Nice Name for the custom certificate"
+		},
+		"domain_names": {
+			"description": "Domain Names separated by a comma",
+			"type": "array",
+			"maxItems": 100,
+			"uniqueItems": true,
+			"items": {
+				"type": "string",
+				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
+			}
+		},
+		"expires_on": {
+			"description": "Date and time of expiration",
+			"readOnly": true,
+			"type": "string"
+		},
+		"owner": {
+			"$ref": "./user-object.json"
+		},
+		"meta": {
+			"type": "object",
+			"additionalProperties": false,
+			"properties": {
+				"certificate": {
+					"type": "string",
+					"minLength": 1
+				},
+				"certificate_key": {
+					"type": "string",
+					"minLength": 1
+				},
+				"dns_challenge": {
+					"type": "boolean"
+				},
+				"dns_provider": {
+					"type": "string"
+				},
+				"dns_provider_credentials": {
+					"type": "string"
+				},
+				"letsencrypt_agree": {
+					"type": "boolean"
+				},
+				"letsencrypt_certificate": {
+					"type": "object"
+				},
+				"letsencrypt_email": {
+					"type": "string"
+				},
+				"propagation_seconds": {
+					"type": "integer",
+					"minimum": 0
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/components/dead-host-list.json
+++ b/backend/schema/components/dead-host-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "404 Hosts list",
+	"items": {
+		"$ref": "./dead-host-object.json"
+	}
+}
--- a/backend/schema/components/dead-host-object.json
+++ b/backend/schema/components/dead-host-object.json
@ -0,0 +1,47 @@
+{
+	"type": "object",
+	"description": "404 Host object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "domain_names", "certificate_id", "ssl_forced", "hsts_enabled", "hsts_subdomains", "http2_support", "advanced_config", "enabled", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"domain_names": {
+			"$ref": "../common.json#/properties/domain_names"
+		},
+		"certificate_id": {
+			"$ref": "../common.json#/properties/certificate_id"
+		},
+		"ssl_forced": {
+			"$ref": "../common.json#/properties/ssl_forced"
+		},
+		"hsts_enabled": {
+			"$ref": "../common.json#/properties/hsts_enabled"
+		},
+		"hsts_subdomains": {
+			"$ref": "../common.json#/properties/hsts_subdomains"
+		},
+		"http2_support": {
+			"$ref": "../common.json#/properties/http2_support"
+		},
+		"advanced_config": {
+			"type": "string"
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}
--- a/backend/schema/components/error-object.json
+++ b/backend/schema/components/error-object.json
@ -0,0 +1,14 @@
+{
+	"type": "object",
+	"description": "Error object",
+	"additionalProperties": false,
+	"required": ["code", "message"],
+	"properties": {
+		"code": {
+			"type": "integer"
+		},
+		"message": {
+			"type": "string"
+		}
+	}
+}
--- a/backend/schema/components/error.json
+++ b/backend/schema/components/error.json
@ -0,0 +1,9 @@
+{
+	"type": "object",
+	"description": "Error",
+	"properties": {
+		"error": {
+			"$ref": "./error-object.json"
+		}
+	}
+}
--- a/backend/schema/components/health-object.json
+++ b/backend/schema/components/health-object.json
@ -0,0 +1,38 @@
+{
+	"type": "object",
+	"description": "Health object",
+	"additionalProperties": false,
+	"required": ["status", "version"],
+	"properties": {
+		"status": {
+			"type": "string",
+			"description": "Healthy",
+			"example": "OK"
+		},
+		"version": {
+			"type": "object",
+			"description": "The version object",
+			"example": {
+				"major": 2,
+				"minor": 0,
+				"revision": 0
+			},
+			"additionalProperties": false,
+			"required": ["major", "minor", "revision"],
+			"properties": {
+				"major": {
+					"type": "integer",
+					"minimum": 0
+				},
+				"minor": {
+					"type": "integer",
+					"minimum": 0
+				},
+				"revision": {
+					"type": "integer",
+					"minimum": 0
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/components/permission-object.json
+++ b/backend/schema/components/permission-object.json
@ -0,0 +1,41 @@
+{
+	"type": "object",
+	"minProperties": 1,
+	"properties": {
+		"visibility": {
+			"type": "string",
+			"description": "Visibility Type",
+			"enum": ["all", "user"]
+		},
+		"access_lists": {
+			"type": "string",
+			"description": "Access Lists Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"dead_hosts": {
+			"type": "string",
+			"description": "404 Hosts Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"proxy_hosts": {
+			"type": "string",
+			"description": "Proxy Hosts Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"redirection_hosts": {
+			"type": "string",
+			"description": "Redirection Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"streams": {
+			"type": "string",
+			"description": "Streams Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"certificates": {
+			"type": "string",
+			"description": "Certificates Permissions",
+			"enum": ["hidden", "view", "manage"]
+		}
+	}
+}
--- a/backend/schema/components/proxy-host-list.json
+++ b/backend/schema/components/proxy-host-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Proxy Hosts list",
+	"items": {
+		"$ref": "./proxy-host-object.json"
+	}
+}
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@ -0,0 +1,154 @@
+{
+	"type": "object",
+	"description": "Proxy Host object",
+	"required": [
+		"id",
+		"created_on",
+		"modified_on",
+		"owner_user_id",
+		"domain_names",
+		"forward_host",
+		"forward_port",
+		"access_list_id",
+		"certificate_id",
+		"ssl_forced",
+		"caching_enabled",
+		"block_exploits",
+		"advanced_config",
+		"meta",
+		"allow_websocket_upgrade",
+		"http2_support",
+		"forward_scheme",
+		"enabled",
+		"locations",
+		"hsts_enabled",
+		"hsts_subdomains",
+		"certificate"
+	],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"domain_names": {
+			"$ref": "../common.json#/properties/domain_names"
+		},
+		"forward_host": {
+			"type": "string",
+			"minLength": 1,
+			"maxLength": 255
+		},
+		"forward_port": {
+			"type": "integer",
+			"minimum": 1,
+			"maximum": 65535
+		},
+		"access_list_id": {
+			"$ref": "../common.json#/properties/access_list_id"
+		},
+		"certificate_id": {
+			"$ref": "../common.json#/properties/certificate_id"
+		},
+		"ssl_forced": {
+			"$ref": "../common.json#/properties/ssl_forced"
+		},
+		"caching_enabled": {
+			"$ref": "../common.json#/properties/caching_enabled"
+		},
+		"block_exploits": {
+			"$ref": "../common.json#/properties/block_exploits"
+		},
+		"advanced_config": {
+			"type": "string"
+		},
+		"meta": {
+			"type": "object"
+		},
+		"allow_websocket_upgrade": {
+			"description": "Allow Websocket Upgrade for all paths",
+			"example": true,
+			"type": "boolean"
+		},
+		"http2_support": {
+			"$ref": "../common.json#/properties/http2_support"
+		},
+		"forward_scheme": {
+			"type": "string",
+			"enum": ["http", "https"]
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"locations": {
+			"type": "array",
+			"minItems": 0,
+			"items": {
+				"type": "object",
+				"required": ["forward_scheme", "forward_host", "forward_port", "path"],
+				"additionalProperties": false,
+				"properties": {
+					"id": {
+						"type": ["integer", "null"]
+					},
+					"path": {
+						"type": "string",
+						"minLength": 1
+					},
+					"forward_scheme": {
+						"$ref": "#/properties/forward_scheme"
+					},
+					"forward_host": {
+						"$ref": "#/properties/forward_host"
+					},
+					"forward_port": {
+						"$ref": "#/properties/forward_port"
+					},
+					"forward_path": {
+						"type": "string"
+					},
+					"advanced_config": {
+						"type": "string"
+					}
+				}
+			}
+		},
+		"hsts_enabled": {
+			"$ref": "../common.json#/properties/hsts_enabled"
+		},
+		"hsts_subdomains": {
+			"$ref": "../common.json#/properties/hsts_subdomains"
+		},
+		"certificate": {
+			"oneOf": [
+				{
+					"type": "null"
+				},
+				{
+					"$ref": "./certificate-object.json"
+				}
+			]
+		},
+		"owner": {
+			"$ref": "./user-object.json"
+		},
+		"access_list": {
+			"oneOf": [
+				{
+					"type": "null"
+				},
+				{
+					"$ref": "./access-list-object.json"
+				}
+			]
+		}
+	}
+}
--- a/backend/schema/components/redirection-host-list.json
+++ b/backend/schema/components/redirection-host-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Redirection Hosts list",
+	"items": {
+		"$ref": "./redirection-host-object.json"
+	}
+}
--- a/backend/schema/components/redirection-host-object.json
+++ b/backend/schema/components/redirection-host-object.json
@ -0,0 +1,72 @@
+{
+	"type": "object",
+	"description": "Redirection Host object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "domain_names", "forward_http_code", "forward_scheme", "forward_domain_name", "preserve_path", "certificate_id", "ssl_forced", "hsts_enabled", "hsts_subdomains", "http2_support", "block_exploits", "advanced_config", "enabled", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"domain_names": {
+			"$ref": "../common.json#/properties/domain_names"
+		},
+		"forward_http_code": {
+			"description": "Redirect HTTP Status Code",
+			"example": 302,
+			"type": "integer",
+			"minimum": 300,
+			"maximum": 308
+		},
+		"forward_scheme": {
+			"type": "string",
+			"enum": ["auto", "http", "https"]
+		},
+		"forward_domain_name": {
+			"description": "Domain Name",
+			"example": "jc21.com",
+			"type": "string",
+			"pattern": "^(?:[^.*]+\\.?)+[^.]$"
+		},
+		"preserve_path": {
+			"description": "Should the path be preserved",
+			"example": true,
+			"type": "boolean"
+		},
+		"certificate_id": {
+			"$ref": "../common.json#/properties/certificate_id"
+		},
+		"ssl_forced": {
+			"$ref": "../common.json#/properties/ssl_forced"
+		},
+		"hsts_enabled": {
+			"$ref": "../common.json#/properties/hsts_enabled"
+		},
+		"hsts_subdomains": {
+			"$ref": "../common.json#/properties/hsts_subdomains"
+		},
+		"http2_support": {
+			"$ref": "../common.json#/properties/http2_support"
+		},
+		"block_exploits": {
+			"$ref": "../common.json#/properties/block_exploits"
+		},
+		"advanced_config": {
+			"type": "string"
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}
--- a/backend/schema/components/security-schemes.json
+++ b/backend/schema/components/security-schemes.json
@ -0,0 +1,6 @@
+{
+	"BearerAuth": {
+		"type": "http",
+		"scheme": "bearer"
+	}
+}
--- a/backend/schema/components/setting-list.json
+++ b/backend/schema/components/setting-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Setting list",
+	"items": {
+		"$ref": "./setting-object.json"
+	}
+}
--- a/backend/schema/components/setting-object.json
+++ b/backend/schema/components/setting-object.json
@ -0,0 +1,56 @@
+{
+	"type": "object",
+	"description": "Setting object",
+	"required": ["id", "name", "description", "value", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"type": "string",
+			"description": "Setting ID",
+			"minLength": 1,
+			"example": "default-site"
+		},
+		"name": {
+			"type": "string",
+			"description": "Setting Display Name",
+			"minLength": 1,
+			"example": "Default Site"
+		},
+		"description": {
+			"type": "string",
+			"description": "Meaningful description",
+			"minLength": 1,
+			"example": "What to show when Nginx is hit with an unknown Host"
+		},
+		"value": {
+			"description": "Value in almost any form",
+			"example": "congratulations",
+			"anyOf": [
+				{
+					"type": "string",
+					"minLength": 1
+				},
+				{
+					"type": "integer"
+				},
+				{
+					"type": "object"
+				},
+				{
+					"type": "number"
+				},
+				{
+					"type": "array"
+				}
+			]
+		},
+		"meta": {
+			"description": "Extra metadata",
+			"example": {
+				"redirect": "http://example.com",
+				"html": "<h1>404</h1>"
+			},
+			"type": "object"
+		}
+	}
+}
--- a/backend/schema/components/stream-list.json
+++ b/backend/schema/components/stream-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Proxy Hosts list",
+	"items": {
+		"$ref": "./proxy-host-object.json"
+	}
+}
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@ -0,0 +1,60 @@
+{
+	"type": "object",
+	"description": "Stream object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "incoming_port", "forwarding_host", "forwarding_port", "tcp_forwarding", "udp_forwarding", "enabled", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"incoming_port": {
+			"type": "integer",
+			"minimum": 1,
+			"maximum": 65535
+		},
+		"forwarding_host": {
+			"anyOf": [
+				{
+					"description": "Domain Name",
+					"example": "jc21.com",
+					"type": "string",
+					"pattern": "^(?:[^.*]+\\.?)+[^.]$"
+				},
+				{
+					"type": "string",
+					"format": "ipv4"
+				},
+				{
+					"type": "string",
+					"format": "ipv6"
+				}
+			]
+		},
+		"forwarding_port": {
+			"type": "integer",
+			"minimum": 1,
+			"maximum": 65535
+		},
+		"tcp_forwarding": {
+			"type": "boolean"
+		},
+		"udp_forwarding": {
+			"type": "boolean"
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}
--- a/backend/schema/components/token-object.json
+++ b/backend/schema/components/token-object.json
@ -0,0 +1,19 @@
+{
+	"type": "object",
+	"description": "Token object",
+	"required": ["expires", "token"],
+	"additionalProperties": false,
+	"properties": {
+		"expires": {
+			"description": "Token Expiry Unix Time",
+			"example": 1566540249,
+			"minimum": 1,
+			"type": "number"
+		},
+		"token": {
+			"description": "JWT Token",
+			"example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4",
+			"type": "string"
+		}
+	}
+}
--- a/backend/schema/components/user-list.json
+++ b/backend/schema/components/user-list.json
@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "User list",
+	"items": {
+		"$ref": "./user-object.json"
+	}
+}
--- a/backend/schema/components/user-object.json
+++ b/backend/schema/components/user-object.json
@ -0,0 +1,59 @@
+{
+	"type": "object",
+	"description": "User object",
+	"required": ["id", "created_on", "modified_on", "is_disabled", "email", "name", "nickname", "avatar", "roles"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"type": "integer",
+			"description": "User ID",
+			"minimum": 1,
+			"example": 1
+		},
+		"created_on": {
+			"type": "string",
+			"description": "Created Date",
+			"example": "2020-01-30T09:36:08.000Z"
+		},
+		"modified_on": {
+			"type": "string",
+			"description": "Modified Date",
+			"example": "2020-01-30T09:41:04.000Z"
+		},
+		"is_disabled": {
+			"type": "boolean",
+			"description": "Is user Disabled",
+			"example": true
+		},
+		"email": {
+			"type": "string",
+			"description": "Email",
+			"minLength": 3,
+			"example": "jc@jc21.com"
+		},
+		"name": {
+			"type": "string",
+			"description": "Name",
+			"minLength": 1,
+			"example": "Jamie Curnow"
+		},
+		"nickname": {
+			"type": "string",
+			"description": "Nickname",
+			"example": "James"
+		},
+		"avatar": {
+			"type": "string",
+			"description": "Gravatar URL based on email, without scheme",
+			"example": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm"
+		},
+		"roles": {
+			"description": "Roles applied",
+			"example": ["admin"],
+			"type": "array",
+			"items": {
+				"type": "string"
+			}
+		}
+	}
+}
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@ -1,240 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "definitions",
-  "definitions": {
-    "id": {
-      "description": "Unique identifier",
-      "example": 123456,
-      "readOnly": true,
-      "type": "integer",
-      "minimum": 1
-    },
-    "setting_id": {
-      "description": "Unique identifier for a Setting",
-      "example": "default-site",
-      "readOnly": true,
-      "type": "string",
-      "minLength": 2
-    },
-    "token": {
-      "type": "string",
-      "minLength": 10
-    },
-    "expand": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "type": "string"
-          }
-        }
-      ]
-    },
-    "sort": {
-      "type": "array",
-      "minItems": 1,
-      "items": {
-        "type": "object",
-        "required": [
-          "field",
-          "dir"
-        ],
-        "additionalProperties": false,
-        "properties": {
-          "field": {
-            "type": "string"
-          },
-          "dir": {
-            "type": "string",
-            "pattern": "^(asc|desc)$"
-          }
-        }
-      }
-    },
-    "query": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "string",
-          "minLength": 1,
-          "maxLength": 255
-        }
-      ]
-    },
-    "criteria": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "object"
-        }
-      ]
-    },
-    "fields": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "type": "string"
-          }
-        }
-      ]
-    },
-    "omit": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "type": "string"
-          }
-        }
-      ]
-    },
-    "created_on": {
-      "description": "Date and time of creation",
-      "format": "date-time",
-      "readOnly": true,
-      "type": "string"
-    },
-    "modified_on": {
-      "description": "Date and time of last update",
-      "format": "date-time",
-      "readOnly": true,
-      "type": "string"
-    },
-    "user_id": {
-      "description": "User ID",
-      "example": 1234,
-      "type": "integer",
-      "minimum": 1
-    },
-    "certificate_id": {
-      "description": "Certificate ID",
-      "example": 1234,
-      "anyOf": [
-        {
-          "type": "integer",
-          "minimum": 0
-        },
-        {
-          "type": "string",
-          "pattern": "^new$"
-        }
-      ]
-    },
-    "access_list_id": {
-      "description": "Access List ID",
-      "example": 1234,
-      "type": "integer",
-      "minimum": 0
-    },
-    "name": {
-      "type": "string",
-      "minLength": 1,
-      "maxLength": 255
-    },
-    "email": {
-      "description": "Email Address",
-      "example": "john@example.com",
-      "format": "email",
-      "type": "string",
-      "minLength": 6,
-      "maxLength": 100
-    },
-    "password": {
-      "description": "Password",
-      "type": "string",
-      "minLength": 8,
-      "maxLength": 255
-    },
-    "domain_name": {
-      "description": "Domain Name",
-      "example": "jc21.com",
-      "type": "string",
-      "pattern": "^(?:[^.*]+\\.?)+[^.]$"
-    },
-    "domain_names": {
-      "description": "Domain Names separated by a comma",
-      "example": "*.jc21.com,blog.jc21.com",
-      "type": "array",
-      "maxItems": 15,
-      "uniqueItems": true,
-      "items": {
-        "type": "string",
-        "pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$"
-      }
-    },
-    "http_code": {
-      "description": "Redirect HTTP Status Code",
-      "example": 302,
-      "type": "integer",
-      "minimum": 300,
-      "maximum": 308
-    },
-    "scheme": {
-      "description": "RFC Protocol",
-      "example": "HTTPS or $scheme",
-      "type": "string",
-      "minLength": 4
-    },
-    "enabled": {
-      "description": "Is Enabled",
-      "example": true,
-      "type": "boolean"
-    },
-    "ssl_enabled": {
-      "description": "Is SSL Enabled",
-      "example": true,
-      "type": "boolean"
-    },
-    "ssl_forced": {
-      "description": "Is SSL Forced",
-      "example": false,
-      "type": "boolean"
-    },
-    "hsts_enabled": {
-      "description": "Is HSTS Enabled",
-      "example": false,
-      "type": "boolean"
-    },
-    "hsts_subdomains": {
-      "description": "Is HSTS applicable to all subdomains",
-      "example": false,
-      "type": "boolean"
-    },
-    "ssl_provider": {
-      "type": "string",
-      "pattern": "^(letsencrypt|other)$"
-    },
-    "http2_support": {
-      "description": "HTTP2 Protocol Support",
-      "example": false,
-      "type": "boolean"
-    },
-    "block_exploits": {
-      "description": "Should we block common exploits",
-      "example": true,
-      "type": "boolean"
-    },
-    "caching_enabled": {
-      "description": "Should we cache assets",
-      "example": true,
-      "type": "boolean"
-    }
-  }
-}
--- a/backend/schema/endpoints/access-lists.json
+++ b/backend/schema/endpoints/access-lists.json
@ -1,236 +0,0 @@
-{
-	"$schema": "http://json-schema.org/draft-07/schema#",
-	"$id": "endpoints/access-lists",
-	"title": "Access Lists",
-	"description": "Endpoints relating to Access Lists",
-	"stability": "stable",
-	"type": "object",
-	"definitions": {
-		"id": {
-			"$ref": "../definitions.json#/definitions/id"
-		},
-		"created_on": {
-			"$ref": "../definitions.json#/definitions/created_on"
-		},
-		"modified_on": {
-			"$ref": "../definitions.json#/definitions/modified_on"
-		},
-		"name": {
-			"type": "string",
-			"description": "Name of the Access List"
-		},
-		"directive": {
-			"type": "string",
-			"enum": ["allow", "deny"]
-		},
-		"address": {
-			"oneOf": [
-				{
-					"type": "string",
-					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
-				},
-				{
-					"type": "string",
-					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
-				},
-				{
-					"type": "string",
-					"pattern": "^all$"
-				}
-			]
-		},
-		"satisfy_any": {
-			"type": "boolean"
-		},
-		"pass_auth": {
-			"type": "boolean"
-		},
-		"meta": {
-			"type": "object"
-		}
-	},
-	"properties": {
-		"id": {
-			"$ref": "#/definitions/id"
-		},
-		"created_on": {
-			"$ref": "#/definitions/created_on"
-		},
-		"modified_on": {
-			"$ref": "#/definitions/modified_on"
-		},
-		"name": {
-			"$ref": "#/definitions/name"
-		},
-		"meta": {
-			"$ref": "#/definitions/meta"
-		}
-	},
-	"links": [
-		{
-			"title": "List",
-			"description": "Returns a list of Access Lists",
-			"href": "/nginx/access-lists",
-			"access": "private",
-			"method": "GET",
-			"rel": "self",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"targetSchema": {
-				"type": "array",
-				"items": {
-					"$ref": "#/properties"
-				}
-			}
-		},
-		{
-			"title": "Create",
-			"description": "Creates a new Access List",
-			"href": "/nginx/access-list",
-			"access": "private",
-			"method": "POST",
-			"rel": "create",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"schema": {
-				"type": "object",
-				"additionalProperties": false,
-				"required": ["name"],
-				"properties": {
-					"name": {
-						"$ref": "#/definitions/name"
-					},
-					"satisfy_any": {
-						"$ref": "#/definitions/satisfy_any"
-					},
-					"pass_auth": {
-						"$ref": "#/definitions/pass_auth"
-					},
-					"items": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"username": {
-									"type": "string",
-									"minLength": 1
-								},
-								"password": {
-									"type": "string",
-									"minLength": 1
-								}
-							}
-						}
-					},
-					"clients": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"address": {
-									"$ref": "#/definitions/address"
-								},
-								"directive": {
-									"$ref": "#/definitions/directive"
-								}
-							}
-						}
-					},
-					"meta": {
-						"$ref": "#/definitions/meta"
-					}
-				}
-			},
-			"targetSchema": {
-				"properties": {
-					"$ref": "#/properties"
-				}
-			}
-		},
-		{
-			"title": "Update",
-			"description": "Updates a existing Access List",
-			"href": "/nginx/access-list/{definitions.identity.example}",
-			"access": "private",
-			"method": "PUT",
-			"rel": "update",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"schema": {
-				"type": "object",
-				"additionalProperties": false,
-				"properties": {
-					"name": {
-						"$ref": "#/definitions/name"
-					},
-					"satisfy_any": {
-						"$ref": "#/definitions/satisfy_any"
-					},
-					"pass_auth": {
-						"$ref": "#/definitions/pass_auth"
-					},
-					"items": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"username": {
-									"type": "string",
-									"minLength": 1
-								},
-								"password": {
-									"type": "string",
-									"minLength": 0
-								}
-							}
-						}
-					},
-					"clients": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"address": {
-									"$ref": "#/definitions/address"
-								},
-								"directive": {
-									"$ref": "#/definitions/directive"
-								}
-							}
-						}
-					}
-				}
-			},
-			"targetSchema": {
-				"properties": {
-					"$ref": "#/properties"
-				}
-			}
-		},
-		{
-			"title": "Delete",
-			"description": "Deletes a existing Access List",
-			"href": "/nginx/access-list/{definitions.identity.example}",
-			"access": "private",
-			"method": "DELETE",
-			"rel": "delete",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"targetSchema": {
-				"type": "boolean"
-			}
-		}
-	]
-}
--- a/backend/schema/endpoints/certificates.json
+++ b/backend/schema/endpoints/certificates.json
@ -1,173 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/certificates",
-  "title": "Certificates",
-  "description": "Endpoints relating to Certificates",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "provider": {
-      "$ref": "../definitions.json#/definitions/ssl_provider"
-    },
-    "nice_name": {
-      "type": "string",
-      "description": "Nice Name for the custom certificate"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "expires_on": {
-      "description": "Date and time of expiration",
-      "format": "date-time",
-      "readOnly": true,
-      "type": "string"
-    },
-    "meta": {
-      "type": "object",
-      "additionalProperties": false,
-      "properties": {
-        "letsencrypt_email": {
-          "type": "string",
-          "format": "email"
-        },
-        "letsencrypt_agree": {
-          "type": "boolean"
-        },
-        "dns_challenge": {
-          "type": "boolean"
-        },
-        "dns_provider": {
-          "type": "string"
-        },
-        "dns_provider_credentials": {
-          "type": "string"
-        },
-        "propagation_seconds": {
-          "anyOf": [
-            { 
-              "type": "integer",
-              "minimum": 0 
-            }
-          ]
-          
-        }
-      }
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "provider": {
-      "$ref": "#/definitions/provider"
-    },
-    "nice_name": {
-      "$ref": "#/definitions/nice_name"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "expires_on": {
-      "$ref": "#/definitions/expires_on"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Certificates",
-      "href": "/nginx/certificates",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Certificate",
-      "href": "/nginx/certificates",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "provider"
-        ],
-        "properties": {
-          "provider": {
-            "$ref": "#/definitions/provider"
-          },
-          "nice_name": {
-            "$ref": "#/definitions/nice_name"
-          },
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Certificate",
-      "href": "/nginx/certificates/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Test HTTP Challenge",
-      "description": "Tests whether the HTTP challenge should work",
-      "href": "/nginx/certificates/{definitions.identity.example}/test-http",
-      "access": "private",
-      "method": "GET",
-      "rel": "info",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      }
-    }
-  ]
-}
--- a/backend/schema/endpoints/dead-hosts.json
+++ b/backend/schema/endpoints/dead-hosts.json
@ -1,240 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/dead-hosts",
-  "title": "404 Hosts",
-  "description": "Endpoints relating to 404 Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "certificate_id": {
-      "$ref": "../definitions.json#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "../definitions.json#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "../definitions.json#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "../definitions.json#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "../definitions.json#/definitions/http2_support"
-    },
-    "advanced_config": {
-      "type": "string"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "certificate_id": {
-      "$ref": "#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "#/definitions/http2_support"
-    },
-    "advanced_config": {
-      "$ref": "#/definitions/advanced_config"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of 404 Hosts",
-      "href": "/nginx/dead-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new 404 Host",
-      "href": "/nginx/dead-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_names"
-        ],
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@ -1,387 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/proxy-hosts",
-  "title": "Proxy Hosts",
-  "description": "Endpoints relating to Proxy Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "forward_scheme": {
-      "type": "string",
-      "enum": ["http", "https"]
-    },
-    "forward_host": {
-      "type": "string",
-      "minLength": 1,
-      "maxLength": 255
-    },
-    "forward_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "certificate_id": {
-      "$ref": "../definitions.json#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "../definitions.json#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "../definitions.json#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "../definitions.json#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "../definitions.json#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "../definitions.json#/definitions/block_exploits"
-    },
-    "caching_enabled": {
-      "$ref": "../definitions.json#/definitions/caching_enabled"
-    },
-    "allow_websocket_upgrade": {
-      "description": "Allow Websocket Upgrade for all paths",
-      "example": true,
-      "type": "boolean"
-    },
-    "access_list_id": {
-      "$ref": "../definitions.json#/definitions/access_list_id"
-    },
-    "advanced_config": {
-      "type": "string"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    },
-    "locations": {
-      "type": "array",
-      "minItems": 0,
-      "items": {
-        "type": "object",
-        "required": [
-          "forward_scheme",
-          "forward_host",
-          "forward_port",
-          "path"
-        ],
-        "additionalProperties": false,
-        "properties": {
-          "id": {
-            "type": ["integer", "null"]
-          },
-          "path": {
-            "type": "string",
-            "minLength": 1
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_host": {
-            "$ref": "#/definitions/forward_host"
-          },
-          "forward_port": {
-            "$ref": "#/definitions/forward_port"
-          },
-          "forward_path": {
-            "type": "string"
-          },
-          "advanced_config": {
-            "type": "string"
-          }
-        }
-      }
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "forward_scheme": {
-      "$ref": "#/definitions/forward_scheme"
-    },
-    "forward_host": {
-      "$ref": "#/definitions/forward_host"
-    },
-    "forward_port": {
-      "$ref": "#/definitions/forward_port"
-    },
-    "certificate_id": {
-      "$ref": "#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "#/definitions/block_exploits"
-    },
-    "caching_enabled": {
-      "$ref": "#/definitions/caching_enabled"
-    },
-    "allow_websocket_upgrade": {
-      "$ref": "#/definitions/allow_websocket_upgrade"
-    },
-    "access_list_id": {
-      "$ref": "#/definitions/access_list_id"
-    },
-    "advanced_config": {
-      "$ref": "#/definitions/advanced_config"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    },
-    "locations": {
-      "$ref": "#/definitions/locations"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Proxy Hosts",
-      "href": "/nginx/proxy-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Proxy Host",
-      "href": "/nginx/proxy-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_names",
-          "forward_scheme",
-          "forward_host",
-          "forward_port"
-        ],
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_host": {
-            "$ref": "#/definitions/forward_host"
-          },
-          "forward_port": {
-            "$ref": "#/definitions/forward_port"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "caching_enabled": {
-            "$ref": "#/definitions/caching_enabled"
-          },
-          "allow_websocket_upgrade": {
-            "$ref": "#/definitions/allow_websocket_upgrade"
-          },
-          "access_list_id": {
-            "$ref": "#/definitions/access_list_id"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "enabled": {
-            "$ref": "#/definitions/enabled"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          },
-          "locations": {
-            "$ref": "#/definitions/locations"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_host": {
-            "$ref": "#/definitions/forward_host"
-          },
-          "forward_port": {
-            "$ref": "#/definitions/forward_port"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "caching_enabled": {
-            "$ref": "#/definitions/caching_enabled"
-          },
-          "allow_websocket_upgrade": {
-            "$ref": "#/definitions/allow_websocket_upgrade"
-          },
-          "access_list_id": {
-            "$ref": "#/definitions/access_list_id"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "enabled": {
-            "$ref": "#/definitions/enabled"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          },
-          "locations": {
-            "$ref": "#/definitions/locations"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}
--- a/backend/schema/endpoints/redirection-hosts.json
+++ b/backend/schema/endpoints/redirection-hosts.json
@ -1,305 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/redirection-hosts",
-  "title": "Redirection Hosts",
-  "description": "Endpoints relating to Redirection Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "forward_http_code": {
-      "$ref": "../definitions.json#/definitions/http_code"
-    },
-    "forward_scheme": {
-      "$ref": "../definitions.json#/definitions/scheme"
-    },
-    "forward_domain_name": {
-      "$ref": "../definitions.json#/definitions/domain_name"
-    },
-    "preserve_path": {
-      "description": "Should the path be preserved",
-      "example": true,
-      "type": "boolean"
-    },
-    "certificate_id": {
-      "$ref": "../definitions.json#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "../definitions.json#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "../definitions.json#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "../definitions.json#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "../definitions.json#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "../definitions.json#/definitions/block_exploits"
-    },
-    "advanced_config": {
-      "type": "string"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "forward_http_code": {
-      "$ref": "#/definitions/forward_http_code"
-    },
-    "forward_scheme": {
-      "$ref": "#/definitions/forward_scheme"
-    },
-    "forward_domain_name": {
-      "$ref": "#/definitions/forward_domain_name"
-    },
-    "preserve_path": {
-      "$ref": "#/definitions/preserve_path"
-    },
-    "certificate_id": {
-      "$ref": "#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "#/definitions/block_exploits"
-    },
-    "advanced_config": {
-      "$ref": "#/definitions/advanced_config"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Redirection Hosts",
-      "href": "/nginx/redirection-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Redirection Host",
-      "href": "/nginx/redirection-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_names",
-          "forward_scheme",
-          "forward_http_code",
-          "forward_domain_name"
-        ],
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_http_code": {
-            "$ref": "#/definitions/forward_http_code"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_domain_name": {
-            "$ref": "#/definitions/forward_domain_name"
-          },
-          "preserve_path": {
-            "$ref": "#/definitions/preserve_path"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_http_code": {
-            "$ref": "#/definitions/forward_http_code"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_domain_name": {
-            "$ref": "#/definitions/forward_domain_name"
-          },
-          "preserve_path": {
-            "$ref": "#/definitions/preserve_path"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}
--- a/backend/schema/endpoints/settings.json
+++ b/backend/schema/endpoints/settings.json
@ -1,99 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/settings",
-  "title": "Settings",
-  "description": "Endpoints relating to Settings",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/setting_id"
-    },
-    "name": {
-      "description": "Name",
-      "example": "Default Site",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 100
-    },
-    "description": {
-      "description": "Description",
-      "example": "Default Site",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 255
-    },
-    "value": {
-      "description": "Value",
-      "example": "404",
-      "type": "string",
-      "maxLength": 255
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Settings",
-      "href": "/settings",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Setting",
-      "href": "/settings/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "properties": {
-          "value": {
-            "$ref": "#/definitions/value"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    }
-  ],
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "name": {
-      "$ref": "#/definitions/description"
-    },
-    "description": {
-      "$ref": "#/definitions/description"
-    },
-    "value": {
-      "$ref": "#/definitions/value"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  }
-}
--- a/backend/schema/endpoints/streams.json
+++ b/backend/schema/endpoints/streams.json
@ -1,234 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/streams",
-  "title": "Streams",
-  "description": "Endpoints relating to Streams",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "incoming_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "forwarding_host": {
-      "anyOf": [
-        {
-          "$ref": "../definitions.json#/definitions/domain_name"
-        },
-        {
-          "type": "string",
-          "format": "ipv4"
-        },
-        {
-          "type": "string",
-          "format": "ipv6"
-        }
-      ]
-    },
-    "forwarding_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "tcp_forwarding": {
-      "type": "boolean"
-    },
-    "udp_forwarding": {
-      "type": "boolean"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "incoming_port": {
-      "$ref": "#/definitions/incoming_port"
-    },
-    "forwarding_host": {
-      "$ref": "#/definitions/forwarding_host"
-    },
-    "forwarding_port": {
-      "$ref": "#/definitions/forwarding_port"
-    },
-    "tcp_forwarding": {
-      "$ref": "#/definitions/tcp_forwarding"
-    },
-    "udp_forwarding": {
-      "$ref": "#/definitions/udp_forwarding"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Steams",
-      "href": "/nginx/streams",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Stream",
-      "href": "/nginx/streams",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "incoming_port",
-          "forwarding_host",
-          "forwarding_port"
-        ],
-        "properties": {
-          "incoming_port": {
-            "$ref": "#/definitions/incoming_port"
-          },
-          "forwarding_host": {
-            "$ref": "#/definitions/forwarding_host"
-          },
-          "forwarding_port": {
-            "$ref": "#/definitions/forwarding_port"
-          },
-          "tcp_forwarding": {
-            "$ref": "#/definitions/tcp_forwarding"
-          },
-          "udp_forwarding": {
-            "$ref": "#/definitions/udp_forwarding"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "incoming_port": {
-            "$ref": "#/definitions/incoming_port"
-          },
-          "forwarding_host": {
-            "$ref": "#/definitions/forwarding_host"
-          },
-          "forwarding_port": {
-            "$ref": "#/definitions/forwarding_port"
-          },
-          "tcp_forwarding": {
-            "$ref": "#/definitions/tcp_forwarding"
-          },
-          "udp_forwarding": {
-            "$ref": "#/definitions/udp_forwarding"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}
--- a/backend/schema/endpoints/tokens.json
+++ b/backend/schema/endpoints/tokens.json
@ -1,100 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/tokens",
-  "title": "Token",
-  "description": "Tokens are required to authenticate against the API",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "identity": {
-      "description": "Email Address or other 3rd party providers identifier",
-      "example": "john@example.com",
-      "type": "string"
-    },
-    "secret": {
-      "description": "A password or key",
-      "example": "correct horse battery staple",
-      "type": "string"
-    },
-    "token": {
-      "description": "JWT",
-      "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.O_frfYM8RzmRsUNigHtu0_jZ_utSejyr1axMGa8rlsk",
-      "type": "string"
-    },
-    "expires": {
-      "description": "Token expiry time",
-      "format": "date-time",
-      "type": "string"
-    },
-    "scope": {
-      "description": "Scope of the Token, defaults to 'user'",
-      "example": "user",
-      "type": "string"
-    }
-  },
-  "links": [
-    {
-      "title": "Create",
-      "description": "Creates a new token.",
-      "href": "/tokens",
-      "access": "public",
-      "method": "POST",
-      "rel": "create",
-      "schema": {
-        "type": "object",
-        "required": [
-          "identity",
-          "secret"
-        ],
-        "properties": {
-          "identity": {
-            "$ref": "#/definitions/identity"
-          },
-          "secret": {
-            "$ref": "#/definitions/secret"
-          },
-          "scope": {
-            "$ref": "#/definitions/scope"
-          }
-        }
-      },
-      "targetSchema": {
-        "type": "object",
-        "properties": {
-          "token": {
-            "$ref": "#/definitions/token"
-          },
-          "expires": {
-            "$ref": "#/definitions/expires"
-          }
-        }
-      }
-    },
-    {
-      "title": "Refresh",
-      "description": "Returns a new token.",
-      "href": "/tokens",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {},
-      "targetSchema": {
-        "type": "object",
-        "properties": {
-          "token": {
-            "$ref": "#/definitions/token"
-          },
-          "expires": {
-            "$ref": "#/definitions/expires"
-          },
-          "scope": {
-            "$ref": "#/definitions/scope"
-          }
-        }
-      }
-    }
-  ]
-}
--- a/backend/schema/endpoints/users.json
+++ b/backend/schema/endpoints/users.json
@ -1,287 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/users",
-  "title": "Users",
-  "description": "Endpoints relating to Users",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "name": {
-      "description": "Name",
-      "example": "Jamie Curnow",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 100
-    },
-    "nickname": {
-      "description": "Nickname",
-      "example": "Jamie",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 50
-    },
-    "email": {
-      "$ref": "../definitions.json#/definitions/email"
-    },
-    "avatar": {
-      "description": "Avatar",
-      "example": "http://somewhere.jpg",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 150,
-      "readOnly": true
-    },
-    "roles": {
-      "description": "Roles",
-      "example": [
-        "admin"
-      ],
-      "type": "array"
-    },
-    "is_disabled": {
-      "description": "Is Disabled",
-      "example": false,
-      "type": "boolean"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Users",
-      "href": "/users",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new User",
-      "href": "/users",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "required": [
-          "name",
-          "nickname",
-          "email"
-        ],
-        "properties": {
-          "name": {
-            "$ref": "#/definitions/name"
-          },
-          "nickname": {
-            "$ref": "#/definitions/nickname"
-          },
-          "email": {
-            "$ref": "#/definitions/email"
-          },
-          "roles": {
-            "$ref": "#/definitions/roles"
-          },
-          "is_disabled": {
-            "$ref": "#/definitions/is_disabled"
-          },
-          "auth": {
-            "type": "object",
-            "description": "Auth Credentials",
-            "example": {
-              "type": "password",
-              "secret": "bigredhorsebanana"
-            }
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing User",
-      "href": "/users/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "properties": {
-          "name": {
-            "$ref": "#/definitions/name"
-          },
-          "nickname": {
-            "$ref": "#/definitions/nickname"
-          },
-          "email": {
-            "$ref": "#/definitions/email"
-          },
-          "roles": {
-            "$ref": "#/definitions/roles"
-          },
-          "is_disabled": {
-            "$ref": "#/definitions/is_disabled"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing User",
-      "href": "/users/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Set Password",
-      "description": "Sets a password for an existing User",
-      "href": "/users/{definitions.identity.example}/auth",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "required": [
-          "type",
-          "secret"
-        ],
-        "properties": {
-          "type": {
-            "type": "string",
-            "pattern": "^password$"
-          },
-          "current": {
-            "type": "string",
-            "minLength": 1,
-            "maxLength": 64
-          },
-          "secret": {
-            "type": "string",
-            "minLength": 8,
-            "maxLength": 64
-          }
-        }
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Set Permissions",
-      "description": "Sets Permissions for a User",
-      "href": "/users/{definitions.identity.example}/permissions",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "properties": {
-          "visibility": {
-            "type": "string",
-            "pattern": "^(all|user)$"
-          },
-          "access_lists": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "dead_hosts": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "proxy_hosts": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "redirection_hosts": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "streams": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "certificates": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          }
-        }
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ],
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "name": {
-      "$ref": "#/definitions/name"
-    },
-    "nickname": {
-      "$ref": "#/definitions/nickname"
-    },
-    "email": {
-      "$ref": "#/definitions/email"
-    },
-    "avatar": {
-      "$ref": "#/definitions/avatar"
-    },
-    "roles": {
-      "$ref": "#/definitions/roles"
-    },
-    "is_disabled": {
-      "$ref": "#/definitions/is_disabled"
-    }
-  }
-}
--- a/backend/schema/examples.json
+++ b/backend/schema/examples.json
@ -1,23 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "examples",
-  "type": "object",
-  "definitions": {
-    "name": {
-      "description": "Name",
-      "example": "John Smith",
-      "type": "string",
-      "minLength": 1,
-      "maxLength": 255
-    },
-    "auth_header": {
-      "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.O_frfYM8RzmRsUNigHtu0_jZ_utSejyr1axMGa8rlsk",
-      "X-API-Version": "next"
-    },
-    "token": {
-      "type": "string",
-      "description": "JWT",
-      "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.O_frfYM8RzmRsUNigHtu0_jZ_utSejyr1axMGa8rlsk"
-    }
-  }
-}
--- a/backend/schema/index.js
+++ b/backend/schema/index.js
@ -0,0 +1,41 @@
+const refParser = require('@apidevtools/json-schema-ref-parser');
+
+let compiledSchema = null;
+
+module.exports = {
+
+	/**
+	 * Compiles the schema, by dereferencing it, only once
+	 * and returns the memory cached value
+	 */
+	getCompiledSchema: async () => {
+		if (compiledSchema === null) {
+			compiledSchema = await refParser.dereference(__dirname + '/swagger.json', {
+				mutateInputSchema: false,
+			});
+		}
+		return compiledSchema;
+	},
+
+	/**
+	 * Scans the schema for the validation schema for the given path and method
+	 * and returns it.
+	 *
+	 * @param {string} path
+	 * @param {string} method
+	 * @returns string|null
+	 */
+	getValidationSchema: (path, method) => {
+		if (compiledSchema !== null &&
+			typeof compiledSchema.paths[path] !== 'undefined' &&
+			typeof compiledSchema.paths[path][method] !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody.content !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody.content['application/json'] !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody.content['application/json'].schema !== 'undefined'
+		) {
+			return compiledSchema.paths[path][method].requestBody.content['application/json'].schema;
+		}
+		return null;
+	}
+};
--- a/backend/schema/index.json
+++ b/backend/schema/index.json
@ -1,42 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "root",
-  "title": "Nginx Proxy Manager REST API",
-  "description": "This is the Nginx Proxy Manager REST API",
-  "version": "2.0.0",
-  "links": [
-    {
-      "href": "http://npm.example.com/api",
-      "rel": "self"
-    }
-  ],
-  "properties": {
-    "tokens": {
-      "$ref": "endpoints/tokens.json"
-    },
-    "users": {
-      "$ref": "endpoints/users.json"
-    },
-    "proxy-hosts": {
-      "$ref": "endpoints/proxy-hosts.json"
-    },
-    "redirection-hosts": {
-      "$ref": "endpoints/redirection-hosts.json"
-    },
-    "dead-hosts": {
-      "$ref": "endpoints/dead-hosts.json"
-    },
-    "streams": {
-      "$ref": "endpoints/streams.json"
-    },
-    "certificates": {
-      "$ref": "endpoints/certificates.json"
-    },
-    "access-lists": {
-      "$ref": "endpoints/access-lists.json"
-    },
-    "settings": {
-      "$ref": "endpoints/settings.json"
-    }
-  }
-}
--- a/backend/schema/paths/audit-log/get.json
+++ b/backend/schema/paths/audit-log/get.json
@ -0,0 +1,53 @@
+{
+	"operationId": "getAuditLog",
+	"summary": "Get Audit Log",
+	"tags": ["Audit Log"],
+	"security": [
+		{
+			"BearerAuth": ["audit-log"]
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": [
+								{
+									"id": 7,
+									"created_on": "2024-10-08T13:09:54.000Z",
+									"modified_on": "2024-10-08T13:09:54.000Z",
+									"user_id": 1,
+									"object_type": "user",
+									"object_id": 3,
+									"action": "updated",
+									"meta": {
+										"name": "John Doe",
+										"permissions": {
+											"user_id": 3,
+											"visibility": "all",
+											"access_lists": "manage",
+											"dead_hosts": "hidden",
+											"proxy_hosts": "manage",
+											"redirection_hosts": "view",
+											"streams": "hidden",
+											"certificates": "manage",
+											"id": 3,
+											"modified_on": "2024-10-08T13:09:54.000Z",
+											"created_on": "2024-10-08T13:09:51.000Z"
+										}
+									}
+								}
+							]
+						}
+					},
+					"schema": {
+						"$ref": "../../components/audit-log-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/get.json
+++ b/backend/schema/paths/get.json
@ -0,0 +1,29 @@
+{
+	"operationId": "health",
+	"summary": "Returns the API health status",
+	"tags": ["Public"],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"status": "OK",
+								"version": {
+									"major": 2,
+									"minor": 1,
+									"revision": 0
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../components/health-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/access-lists/get.json
+++ b/backend/schema/paths/nginx/access-lists/get.json
@ -0,0 +1,50 @@
+{
+	"operationId": "getAccessLists",
+	"summary": "Get all access lists",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "query",
+			"name": "expand",
+			"description": "Expansions",
+			"schema": {
+				"type": "string",
+				"enum": ["owner", "items", "clients", "proxy_hosts"]
+			}
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": [
+								{
+									"id": 1,
+									"created_on": "2024-10-08T22:15:40.000Z",
+									"modified_on": "2024-10-08T22:15:40.000Z",
+									"owner_user_id": 1,
+									"name": "test1234",
+									"meta": {},
+									"satisfy_any": true,
+									"pass_auth": false,
+									"proxy_host_count": 0
+								}
+							]
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/access-lists/listID/delete.json
+++ b/backend/schema/paths/nginx/access-lists/listID/delete.json
@ -0,0 +1,39 @@
+{
+	"operationId": "deleteAccessList",
+	"summary": "Delete a Access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "listID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 2
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": true
+						}
+					},
+					"schema": {
+						"type": "boolean"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/access-lists/listID/get.json
+++ b/backend/schema/paths/nginx/access-lists/listID/get.json
@ -0,0 +1,49 @@
+{
+	"operationId": "getAccessList",
+	"summary": "Get a access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "listID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 1,
+								"created_on": "2020-01-30T09:36:08.000Z",
+								"modified_on": "2020-01-30T09:41:04.000Z",
+								"is_disabled": false,
+								"email": "jc@jc21.com",
+								"name": "Jamie Curnow",
+								"nickname": "James",
+								"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
+								"roles": ["admin"]
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/access-lists/listID/put.json
+++ b/backend/schema/paths/nginx/access-lists/listID/put.json
@ -0,0 +1,163 @@
+{
+	"operationId": "updateAccessList",
+	"summary": "Update a Access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "listID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 2
+		}
+	],
+	"requestBody": {
+		"description": "Access List Payload",
+		"required": true,
+		"content": {
+			"application/json": {
+				"schema": {
+					"type": "object",
+					"additionalProperties": false,
+					"minProperties": 1,
+					"properties": {
+						"name": {
+							"$ref": "../../../../components/access-list-object.json#/properties/name"
+						},
+						"satisfy_any": {
+							"$ref": "../../../../components/access-list-object.json#/properties/satisfy_any"
+						},
+						"pass_auth": {
+							"$ref": "../../../../components/access-list-object.json#/properties/pass_auth"
+						},
+						"items": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"username": {
+										"type": "string",
+										"minLength": 1
+									},
+									"password": {
+										"type": "string"
+									}
+								}
+							}
+						},
+						"clients": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"address": {
+										"oneOf": [
+											{
+												"type": "string",
+												"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^all$"
+											}
+										]
+									},
+									"directive": {
+										"$ref": "../../../../components/access-list-object.json#/properties/directive"
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	},
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 1,
+								"created_on": "2024-10-08T22:15:40.000Z",
+								"modified_on": "2024-10-08T22:34:34.000Z",
+								"owner_user_id": 1,
+								"name": "test123!!",
+								"meta": {},
+								"satisfy_any": true,
+								"pass_auth": false,
+								"proxy_host_count": 0,
+								"owner": {
+									"id": 1,
+									"created_on": "2024-10-07T22:43:55.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
+									"is_deleted": false,
+									"is_disabled": false,
+									"email": "admin@example.com",
+									"name": "Administrator",
+									"nickname": "some guy",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
+									"roles": ["admin"]
+								},
+								"items": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "admin",
+										"password": "",
+										"meta": {},
+										"hint": "a****"
+									},
+									{
+										"id": 2,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "asdad",
+										"password": "",
+										"meta": {},
+										"hint": "a*****"
+									}
+								],
+								"clients": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"address": "127.0.0.1",
+										"directive": "allow",
+										"meta": {}
+									}
+								],
+								"proxy_hosts": []
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/access-lists/post.json
+++ b/backend/schema/paths/nginx/access-lists/post.json
@ -0,0 +1,155 @@
+{
+	"operationId": "createAccessList",
+	"summary": "Create a Access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"requestBody": {
+		"description": "Access List Payload",
+		"required": true,
+		"content": {
+			"application/json": {
+				"schema": {
+					"type": "object",
+					"additionalProperties": false,
+					"required": ["name"],
+					"properties": {
+						"name": {
+							"$ref": "../../../components/access-list-object.json#/properties/name"
+						},
+						"satisfy_any": {
+							"$ref": "../../../components/access-list-object.json#/properties/satisfy_any"
+						},
+						"pass_auth": {
+							"$ref": "../../../components/access-list-object.json#/properties/pass_auth"
+						},
+						"items": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"username": {
+										"type": "string",
+										"minLength": 1
+									},
+									"password": {
+										"type": "string",
+										"minLength": 1
+									}
+								}
+							}
+						},
+						"clients": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"address": {
+										"oneOf": [
+											{
+												"type": "string",
+												"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^all$"
+											}
+										]
+									},
+									"directive": {
+										"$ref": "../../../components/access-list-object.json#/properties/directive"
+									}
+								}
+							}
+						},
+						"meta": {
+							"$ref": "../../../components/access-list-object.json#/properties/meta"
+						}
+					}
+				}
+			}
+		}
+	},
+	"responses": {
+		"201": {
+			"description": "201 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 1,
+								"created_on": "2024-10-08T22:15:40.000Z",
+								"modified_on": "2024-10-08T22:15:40.000Z",
+								"owner_user_id": 1,
+								"name": "test1234",
+								"meta": {},
+								"satisfy_any": true,
+								"pass_auth": false,
+								"proxy_host_count": 0,
+								"owner": {
+									"id": 1,
+									"created_on": "2024-10-07T22:43:55.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
+									"is_deleted": false,
+									"is_disabled": false,
+									"email": "admin@example.com",
+									"name": "Administrator",
+									"nickname": "some guy",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
+									"roles": ["admin"]
+								},
+								"items": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "admin",
+										"password": "",
+										"meta": {},
+										"hint": "a****"
+									},
+									{
+										"id": 2,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "asdad",
+										"password": "",
+										"meta": {},
+										"hint": "a*****"
+									}
+								],
+								"proxy_hosts": [],
+								"clients": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"address": "127.0.0.1",
+										"directive": "allow",
+										"meta": {}
+									}
+								]
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/certificates/certID/delete.json
+++ b/backend/schema/paths/nginx/certificates/certID/delete.json
@ -0,0 +1,39 @@
+{
+	"operationId": "deleteCertificate",
+	"summary": "Delete a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 2
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": true
+						}
+					},
+					"schema": {
+						"type": "boolean"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/certificates/certID/download/get.json
+++ b/backend/schema/paths/nginx/certificates/certID/download/get.json
@ -0,0 +1,35 @@
+{
+	"operationId": "downloadCertificate",
+	"summary": "Downloads a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/zip": {
+					"schema": {
+						"type": "string",
+						"format": "binary"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/certificates/certID/get.json
+++ b/backend/schema/paths/nginx/certificates/certID/get.json
@ -0,0 +1,53 @@
+{
+	"operationId": "getCertificate",
+	"summary": "Get a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 4,
+								"created_on": "2024-10-09T05:31:58.000Z",
+								"modified_on": "2024-10-09T05:32:11.000Z",
+								"owner_user_id": 1,
+								"provider": "letsencrypt",
+								"nice_name": "test.example.com",
+								"domain_names": ["test.example.com"],
+								"expires_on": "2025-01-07T04:34:18.000Z",
+								"meta": {
+									"letsencrypt_email": "jc@jc21.com",
+									"letsencrypt_agree": true,
+									"dns_challenge": false
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../components/certificate-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/backend/schema/paths/nginx/certificates/certID/renew/post.json
+++ b/backend/schema/paths/nginx/certificates/certID/renew/post.json
@ -0,0 +1,54 @@
+{
+	"operationId": "renewCertificate",
+	"summary": "Renews a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"expires_on": "2025-01-07T06:41:58.000Z",
+								"modified_on": "2024-10-09T07:39:51.000Z",
+								"id": 4,
+								"created_on": "2024-10-09T05:31:58.000Z",
+								"owner_user_id": 1,
+								"is_deleted": false,
+								"provider": "letsencrypt",
+								"nice_name": "My Test Cert",
+								"domain_names": ["test.jc21.supernerd.pro"],
+								"meta": {
+									"letsencrypt_email": "jc@jc21.com",
+									"letsencrypt_agree": true,
+									"dns_challenge": false
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../../components/certificate-object.json"
+					}
+				}
+			}
+		}
+	}
+}
--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 .10.3
 .12.1