Merge branch 'NginxProxyManager:develop' into pg-support

Merge branch 'develop' into pg-support
added postgresql support & added a postgres containers
2025-07-04 17:06:49 +00:00 · 2024-10-15 08:28:52 -03:00 · 2024-10-13 15:47:12 -03:00 · 2024-10-13 15:45:33 -03:00
119 changed files with 1588 additions and 3542 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.12.4
+2.12.0
--- a/58
+++ b/58
@ -43,7 +43,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
 						}
 					}
 				}
@ -127,11 +127,6 @@ pipeline {
 					junit 'test/results/junit/*'
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
 				unstable {
 					dir(path: 'test/results') {
 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}
 			}
 		}
 		stage('Test Mysql') {
@ -160,49 +155,6 @@ pipeline {
 					junit 'test/results/junit/*'
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
 				unstable {
 					dir(path: 'test/results') {
 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}
 			}
 		}
 		stage('Test Postgres') {
 			environment {
 				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_postgres"
 				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.postgres.yml'
 			}
 			when {
 				not {
 					equals expected: 'UNSTABLE', actual: currentBuild.result
 				}
 			}
 			steps {
 				sh 'rm -rf ./test/results/junit/*'
 				sh './scripts/ci/fulltest-cypress'
 			}
 			post {
 				always {
 					// Dumps to analyze later
 					sh 'mkdir -p debug/postgres'
 					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/postgres/docker_fullstack.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/postgres/docker_stepca.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/postgres/docker_pdns.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/postgres/docker_pdns-db.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/postgres/docker_dnsrouter.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q db-postgres) > debug/postgres/docker_db-postgres.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q authentik) > debug/postgres/docker_authentik.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q authentik-redis) > debug/postgres/docker_authentik-redis.log 2>&1'
 					sh 'docker logs $(docker-compose ps --all -q authentik-ldap) > debug/postgres/docker_authentik-ldap.log 2>&1'
 					junit 'test/results/junit/*'
 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
 				}
 				unstable {
 					dir(path: 'test/results') {
 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}
 			}
 		}
 		stage('MultiArch Build') {
@ -241,13 +193,7 @@ pipeline {
 					}
 					steps {
 						script {
-							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
+							npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
 [DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
 as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
 **Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
 **Note:** this is a different docker image namespace than the official image
 """, true)
 						}
 					}
 				}
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.4-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.0-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
--- a/backend/db.js
+++ b/backend/db.js
@ -9,6 +9,22 @@ function generateDbConfig() {
 	if (cfg.engine === 'knex-native') {
 		return cfg.knex;
 	}
 	if (cfg.engine === 'pg') {
 		return {
 			client:     cfg.engine,
 			connection: {
 				host:     cfg.host,
 				user:     cfg.user,
 				password: cfg.password,
 				database: cfg.name,
 				port:     cfg.port
 			},
 			migrations: {
 				tableName: 'migrations'
 			}
 		};
 	}
 	return {
 		client:     cfg.engine,
 		connection: {
--- a/backend/index.js
+++ b/backend/index.js
@ -3,8 +3,6 @@
 const schema = require('./schema');
 const logger = require('./logger').global;
 const IP_RANGES_FETCH_ENABLED = process.env.IP_RANGES_FETCH_ENABLED !== 'false';
 async function appStart () {
 	const migrate             = require('./migrate');
 	const setup               = require('./setup');
@ -15,16 +13,7 @@ async function appStart () {
 	return migrate.latest()
 		.then(setup)
 		.then(schema.getCompiledSchema)
-		.then(() => {
+		.then(internalIpRanges.fetch)
 			if (IP_RANGES_FETCH_ENABLED) {
 				logger.info('IP Ranges fetch is enabled');
 				return internalIpRanges.fetch().catch((err) => {
 					logger.error('IP Ranges fetch failed, continuing anyway:', err.message);
 				});
 			} else {
 				logger.info('IP Ranges fetch is disabled by environment variable');
 			}
 		})
 		.then(() => {
 			internalCertificate.initTimer();
 			internalIpRanges.initTimer();
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@ -81,7 +81,7 @@ const internalAccessList = {
 				return internalAccessList.build(row)
 					.then(() => {
-						if (parseInt(row.proxy_host_count, 10)) {
+						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					})
@ -223,7 +223,7 @@ const internalAccessList = {
 			.then((row) => {
 				return internalAccessList.build(row)
 					.then(() => {
-						if (parseInt(row.proxy_host_count, 10)) {
+						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					}).then(internalNginx.reload)
@ -252,13 +252,9 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.leftJoin('proxy_host', function() {
+					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 						this.on('proxy_host.access_list_id', '=', 'access_list.id')
 							.andOn('proxy_host.is_deleted', '=', 0);
 					})
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
 					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
 					.first();
@ -377,10 +373,7 @@ const internalAccessList = {
 				let query = accessListModel
 					.query()
 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
-					.leftJoin('proxy_host', function() {
+					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 						this.on('proxy_host.access_list_id', '=', 'access_list.id')
 							.andOn('proxy_host.is_deleted', '=', 0);
 					})
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
 					.allowGraph('[owner,items,clients]')
@ -508,13 +501,8 @@ const internalAccessList = {
 								if (typeof item.password !== 'undefined' && item.password.length) {
 									logger.info('Adding: ' + item.username);
-									utils.execFile('openssl', ['passwd', '-apr1', item.password])
+									utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
-										.then((res) => {
+										.then((/*result*/) => {
 											try {
 												fs.appendFileSync(htpasswd_file, item.username + ':' + res + '\n', {encoding: 'utf8'});
 											} catch (err) {
 												reject(err);
 											}
 											next();
 										})
 										.catch((err) => {
--- a/backend/internal/audit-log.js
+++ b/backend/internal/audit-log.js
@ -1,6 +1,5 @@
 const error         = require('../lib/error');
 const auditLogModel = require('../models/audit-log');
 const {castJsonIfNeed} = require('../lib/helpers');
 const internalAuditLog = {
@ -23,9 +22,9 @@ const internalAuditLog = {
 					.allowGraph('[user]');
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('meta'), 'like', '%' + search_query + '%');
+						this.where('meta', 'like', '%' + search_query + '%');
 					});
 				}
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -3,29 +3,27 @@ const fs               = require('fs');
 const https            = require('https');
 const tempWrite        = require('temp-write');
 const moment           = require('moment');
 const archiver         = require('archiver');
 const path             = require('path');
 const { isArray }      = require('lodash');
 const logger           = require('../logger').ssl;
 const config           = require('../lib/config');
 const error            = require('../lib/error');
 const utils            = require('../lib/utils');
 const certbot          = require('../lib/certbot');
 const certificateModel = require('../models/certificate');
 const tokenModel       = require('../models/token');
 const dnsPlugins       = require('../global/certbot-dns-plugins.json');
 const internalAuditLog = require('./audit-log');
 const internalNginx    = require('./nginx');
 const internalHost     = require('./host');
-
+const certbot          = require('../lib/certbot');
 const archiver         = require('archiver');
 const path             = require('path');
 const { isArray }      = require('lodash');
 const letsencryptStaging = config.useLetsencryptStaging();
 const letsencryptServer  = config.useLetsencryptServer();
 const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';
 function omissions() {
-	return ['is_deleted', 'owner.is_deleted'];
+	return ['is_deleted'];
 }
 const internalCertificate = {
@ -209,7 +207,6 @@ const internalCertificate = {
 										.patchAndFetchById(certificate.id, {
 											expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 										})
 										.then(utils.omitRow(omissions()))
 										.then((saved_row) => {
 											// Add cert data for audit log
 											saved_row.meta = _.assign({}, saved_row.meta, {
@ -313,9 +310,6 @@ const internalCertificate = {
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
 					.allowGraph('[owner]')
 					.allowGraph('[proxy_hosts]')
 					.allowGraph('[redirection_hosts]')
 					.allowGraph('[dead_hosts]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
@ -467,9 +461,6 @@ const internalCertificate = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner]')
 					.allowGraph('[proxy_hosts]')
 					.allowGraph('[redirection_hosts]')
 					.allowGraph('[dead_hosts]')
 					.orderBy('nice_name', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -739,29 +730,29 @@ const internalCertificate = {
 		return utils.exec('openssl x509 -in ' + certificate_file + ' -subject -noout')
 			.then((result) => {
 				// Examples:
 				// subject=CN = *.jc21.com
 				// subject=CN = something.example.com
 				const regex = /(?:subject=)?[^=]+=\s+(\S+)/gim;
 				const match = regex.exec(result);
-				if (match && typeof match[1] !== 'undefined') {
+
-					certData['cn'] = match[1];
+				if (typeof match[1] === 'undefined') {
 					throw new error.ValidationError('Could not determine subject from certificate: ' + result);
 				}
 				certData['cn'] = match[1];
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -issuer -noout');
 			})
 			.then((result) => {
 				// Examples:
 				// issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 				// issuer=C = US, O = Let's Encrypt, CN = E5
 				// issuer=O = NginxProxyManager, CN = NginxProxyManager Intermediate CA","O = NginxProxyManager, CN = NginxProxyManager Intermediate CA
 				const regex = /^(?:issuer=)?(.*)$/gim;
 				const match = regex.exec(result);
-				if (match && typeof match[1] !== 'undefined') {
+
-					certData['issuer'] = match[1];
+				if (typeof match[1] === 'undefined') {
 					throw new error.ValidationError('Could not determine issuer from certificate: ' + result);
 				}
 				certData['issuer'] = match[1];
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -dates -noout');
@ -836,18 +827,17 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const cmd = `${certbotCommand} certonly ` +
+		const cmd = certbotCommand + ' certonly ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name "npm-${certificate.id}" ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
 			'--authenticator webroot ' +
-			`--email '${certificate.meta.letsencrypt_email}' ` +
+			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
-			`--domains "${certificate.domain_names.join(',')}" ` +
+			'--domains "' + certificate.domain_names.join(',') + '" ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging ? '--staging' : '');
 			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 		logger.info('Command:', cmd);
@ -878,26 +868,25 @@ const internalCertificate = {
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
 		let mainCmd = certbotCommand + ' certonly ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name 'npm-${certificate.id}' ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
-			`--email '${certificate.meta.letsencrypt_email}' ` +
+			'--email "' + certificate.meta.letsencrypt_email + '" ' +
-			`--domains '${certificate.domain_names.join(',')}' ` +
+			'--domains "' + certificate.domain_names.join(',') + '" ' +
-			`--authenticator '${dnsPlugin.full_plugin_name}' ` +
+			'--authenticator ' + dnsPlugin.full_plugin_name + ' ' +
 			(
 				hasConfigArg
-					? `--${dnsPlugin.full_plugin_name}-credentials '${credentialsLocation}' `
+					? '--' + dnsPlugin.full_plugin_name + '-credentials "' + credentialsLocation + '"'
 					: ''
 			) +
 			(
 				certificate.meta.propagation_seconds !== undefined
-					? `--${dnsPlugin.full_plugin_name}-propagation-seconds '${certificate.meta.propagation_seconds}' `
+					? ' --' + dnsPlugin.full_plugin_name + '-propagation-seconds ' + certificate.meta.propagation_seconds
 					: ''
 			) +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging ? ' --staging' : '');
 			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@ -974,15 +963,14 @@ const internalCertificate = {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 		const cmd = certbotCommand + ' renew --force-renewal ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name 'npm-${certificate.id}' ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging ? '--staging' : '');
 			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 		logger.info('Command:', cmd);
@ -1007,14 +995,13 @@ const internalCertificate = {
 		logger.info(`Renewing Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
-			`--config "${letsencryptConfig}" ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-name 'npm-${certificate.id}' ` +
+			'--cert-name "npm-' + certificate.id + '" ' +
 			'--disable-hook-validation ' +
 			'--no-random-sleep-on-renew ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging ? ' --staging' : '');
 			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@ -1040,13 +1027,12 @@ const internalCertificate = {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 		const mainCmd = certbotCommand + ' revoke ' +
-			`--config '${letsencryptConfig}' ` +
+			'--config "' + letsencryptConfig + '" ' +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
+			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
-			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging ? '--staging' : '');
 			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 		// Don't fail command if file does not exist
 		const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;
--- a/backend/internal/dead-host.js
+++ b/backend/internal/dead-host.js
@ -6,7 +6,6 @@ const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
 const {castJsonIfNeed}    = require('../lib/helpers');
 function omissions () {
 	return ['is_deleted'];
@ -410,16 +409,16 @@ const internalDeadHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', '%' + search_query + '%');
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
--- a/backend/internal/host.js
+++ b/backend/internal/host.js
@ -2,7 +2,6 @@ const _                    = require('lodash');
 const proxyHostModel       = require('../models/proxy_host');
 const redirectionHostModel = require('../models/redirection_host');
 const deadHostModel        = require('../models/dead_host');
 const {castJsonIfNeed}     = require('../lib/helpers');
 const internalHost = {
@ -18,7 +17,7 @@ const internalHost = {
 	cleanSslHstsData: function (data, existing_data) {
 		existing_data = existing_data === undefined ? {} : existing_data;
-		const combined_data = _.assign({}, existing_data, data);
+		let combined_data = _.assign({}, existing_data, data);
 		if (!combined_data.certificate_id) {
 			combined_data.ssl_forced    = false;
@ -74,7 +73,7 @@ const internalHost = {
 	 * @returns {Promise}
 	 */
 	getHostsWithDomains: function (domain_names) {
-		const promises = [
+		let promises = [
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0),
@ -126,19 +125,19 @@ const internalHost = {
 	 * @returns {Promise}
 	 */
 	isHostnameTaken: function (hostname, ignore_type, ignore_id) {
-		const promises = [
+		let promises = [
 			proxyHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'),
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
 			redirectionHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'),
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%')
+				.andWhere('domain_names', 'like', '%' + hostname + '%')
 		];
 		return Promise.all(promises)
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -181,9 +181,7 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host_row) => {
+	generateConfig: (host_type, host) => {
 		// Prevent modifying the original object:
 		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
 		if (config.debug()) {
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -6,7 +6,6 @@ const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
 const {castJsonIfNeed}    = require('../lib/helpers');
 function omissions () {
 	return ['is_deleted', 'owner.is_deleted'];
@ -417,16 +416,16 @@ const internalProxyHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,access_list,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`);
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
--- a/backend/internal/redirection-host.js
+++ b/backend/internal/redirection-host.js
@ -6,7 +6,6 @@ const internalHost         = require('./host');
 const internalNginx        = require('./nginx');
 const internalAuditLog     = require('./audit-log');
 const internalCertificate  = require('./certificate');
 const {castJsonIfNeed}     = require('../lib/helpers');
 function omissions () {
 	return ['is_deleted'];
@ -410,16 +409,16 @@ const internalRedirectionHost = {
 					.where('is_deleted', 0)
 					.groupBy('id')
 					.allowGraph('[owner,certificate]')
-					.orderBy(castJsonIfNeed('domain_names'), 'ASC');
+					.orderBy('domain_names', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
 					query.andWhere('owner_user_id', access.token.getUserId(1));
 				}
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`);
+						this.where('domain_names', 'like', '%' + search_query + '%');
 					});
 				}
--- a/backend/internal/stream.js
+++ b/backend/internal/stream.js
@ -4,12 +4,9 @@ const utils               = require('../lib/utils');
 const streamModel      = require('../models/stream');
 const internalNginx    = require('./nginx');
 const internalAuditLog = require('./audit-log');
 const internalCertificate = require('./certificate');
 const internalHost        = require('./host');
 const {castJsonIfNeed}    = require('../lib/helpers');
 function omissions () {
-	return ['is_deleted', 'owner.is_deleted', 'certificate.is_deleted'];
+	return ['is_deleted'];
 }
 const internalStream = {
@ -20,12 +17,6 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	create: (access, data) => {
 		const create_certificate = data.certificate_id === 'new';
 		if (create_certificate) {
 			delete data.certificate_id;
 		}
 		return access.can('streams:create', data)
 			.then((/*access_data*/) => {
 				// TODO: At this point the existing ports should have been checked
@ -35,44 +26,16 @@ const internalStream = {
 					data.meta = {};
 				}
 				// streams aren't routed by domain name so don't store domain names in the DB
 				let data_no_domains = structuredClone(data);
 				delete data_no_domains.domain_names;
 				return streamModel
 					.query()
-					.insertAndFetch(data_no_domains)
+					.insertAndFetch(data)
 					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, data)
 						.then((cert) => {
 							// update host with cert id
 							return internalStream.update(access, {
 								id:             row.id,
 								certificate_id: cert.id
 							});
 						})
 						.then(() => {
 							return row;
 						});
 				} else {
 					return row;
 				}
 			})
 			.then((row) => {
 				// re-fetch with cert
 				return internalStream.get(access, {
 					id:     row.id,
 					expand: ['certificate', 'owner']
 				});
 			})
 			.then((row) => {
 				// Configure nginx
 				return internalNginx.configure(streamModel, 'stream', row)
 					.then(() => {
-						return row;
+						return internalStream.get(access, {id: row.id, expand: ['owner']});
 					});
 			})
 			.then((row) => {
@ -96,12 +59,6 @@ const internalStream = {
 	 * @return {Promise}
 	 */
 	update: (access, data) => {
 		const create_certificate = data.certificate_id === 'new';
 		if (create_certificate) {
 			delete data.certificate_id;
 		}
 		return access.can('streams:update', data.id)
 			.then((/*access_data*/) => {
 				// TODO: at this point the existing streams should have been checked
@ -113,32 +70,16 @@ const internalStream = {
 					throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
 				}
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {
 							// update host with cert id
 							data.certificate_id = cert.id;
 						})
 						.then(() => {
 							return row;
 						});
 				} else {
 					return row;
 				}
 			})
 			.then((row) => {
 				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
 				data = _.assign({}, {
 					domain_names: row.domain_names
 				}, data);
 				return streamModel
 					.query()
 					.patchAndFetchById(row.id, data)
 					.then(utils.omitRow(omissions()))
 					.then((saved_row) => {
 						return internalNginx.configure(streamModel, 'stream', saved_row)
 							.then(() => {
 								return internalStream.get(access, {id: row.id, expand: ['owner']});
 							});
 					})
 					.then((saved_row) => {
 						// Add to audit log
 						return internalAuditLog.add(access, {
@ -151,17 +92,6 @@ const internalStream = {
 								return saved_row;
 							});
 					});
 			})
 			.then(() => {
 				return internalStream.get(access, {id: data.id, expand: ['owner', 'certificate']})
 					.then((row) => {
 						return internalNginx.configure(streamModel, 'stream', row)
 							.then((new_meta) => {
 								row.meta = new_meta;
 								row      = internalHost.cleanRowCertificateMeta(row);
 								return _.omit(row, omissions());
 							});
 					});
 			});
 	},
@ -184,7 +114,7 @@ const internalStream = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowGraph('[owner,certificate]')
+					.allowGraph('[owner]')
 					.first();
 				if (access_data.permission_visibility !== 'all') {
@ -201,7 +131,6 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
 				// Custom omissions
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
@ -267,14 +196,14 @@ const internalStream = {
 			.then(() => {
 				return internalStream.get(access, {
 					id:     data.id,
-					expand: ['certificate', 'owner']
+					expand: ['owner']
 				});
 			})
 			.then((row) => {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
-					throw new error.ValidationError('Stream is already enabled');
+					throw new error.ValidationError('Host is already enabled');
 				}
 				row.enabled = 1;
@ -320,7 +249,7 @@ const internalStream = {
 				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
-					throw new error.ValidationError('Stream is already disabled');
+					throw new error.ValidationError('Host is already disabled');
 				}
 				row.enabled = 0;
@ -364,11 +293,11 @@ const internalStream = {
 	getAll: (access, expand, search_query) => {
 		return access.can('streams:list')
 			.then((access_data) => {
-				const query = streamModel
+				let query = streamModel
 					.query()
 					.where('is_deleted', 0)
 					.groupBy('id')
-					.allowGraph('[owner,certificate]')
+					.allowGraph('[owner]')
 					.orderBy('incoming_port', 'ASC');
 				if (access_data.permission_visibility !== 'all') {
@ -376,9 +305,9 @@ const internalStream = {
 				}
 				// Query is used for searching
-				if (typeof search_query === 'string' && search_query.length > 0) {
+				if (typeof search_query === 'string') {
 					query.where(function () {
-						this.where(castJsonIfNeed('incoming_port'), 'like', `%${search_query}%`);
+						this.where('incoming_port', 'like', '%' + search_query + '%');
 					});
 				}
@ -387,13 +316,6 @@ const internalStream = {
 				}
 				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
 					return internalHost.cleanAllRowsCertificateMeta(rows);
 				}
 				return rows;
 			});
 	},
@ -405,9 +327,9 @@ const internalStream = {
 	 * @returns {Promise}
 	 */
 	getCount: (user_id, visibility) => {
-		const query = streamModel
+		let query = streamModel
 			.query()
-			.count('id AS count')
+			.count('id as count')
 			.where('is_deleted', 0);
 		if (visibility !== 'all') {
--- a/backend/internal/token.js
+++ b/backend/internal/token.js
@ -5,8 +5,6 @@ const authModel  = require('../models/auth');
 const helpers    = require('../lib/helpers');
 const TokenModel = require('../models/token');
 const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
 module.exports = {
 	/**
@ -71,15 +69,15 @@ module.exports = {
 													};
 												});
 										} else {
-											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+											throw new error.AuthError('Invalid password');
 										}
 									});
 							} else {
-								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+								throw new error.AuthError('No password auth for user');
 							}
 						});
 				} else {
-					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+					throw new error.AuthError('No relevant user found');
 				}
 			});
 	},
--- a/backend/lib/config.js
+++ b/backend/lib/config.js
@ -3,9 +3,6 @@ const NodeRSA = require('node-rsa');
 const logger  = require('../logger').global;
 const keysFile = '/data/keys.json';
 const mysqlEngine      = 'mysql2';
 const postgresEngine   = 'pg';
 const sqliteClientName = 'sqlite3';
 let instance = null;
@ -17,7 +14,7 @@ const configure = () => {
 		let configData;
 		try {
 			configData = require(filename);
-		} catch (_) {
+		} catch (err) {
 			// do nothing
 		}
@ -37,7 +34,7 @@ const configure = () => {
 		logger.info('Using MySQL configuration');
 		instance = {
 			database: {
-				engine:   mysqlEngine,
+				engine:   'mysql2',
 				host:     envMysqlHost,
 				port:     process.env.DB_MYSQL_PORT || 3306,
 				user:     envMysqlUser,
@ -48,21 +45,20 @@ const configure = () => {
 		};
 		return;
 	}
-
+	const envPostgresqlHost = process.env.DB_POSTGRESQL_HOST || null;
-	const envPostgresHost = process.env.DB_POSTGRES_HOST || null;
+	const envPostgresqlUser = process.env.DB_POSTGRESQL_USER || null;
-	const envPostgresUser = process.env.DB_POSTGRES_USER || null;
+	const envPostgresqlName = process.env.DB_POSTGRESQL_NAME || null;
-	const envPostgresName = process.env.DB_POSTGRES_NAME || null;
+	if (envPostgresqlHost && envPostgresqlUser && envPostgresqlName) {
-	if (envPostgresHost && envPostgresUser && envPostgresName) {
+		// we have enough mysql creds to go with mysql
-		// we have enough postgres creds to go with postgres
+		logger.info('Using POSTGRESQL configuration');
 		logger.info('Using Postgres configuration');
 		instance = {
 			database: {
-				engine:   postgresEngine,
+				engine:   'pg',
-				host:     envPostgresHost,
+				host:     envPostgresqlHost,
-				port:     process.env.DB_POSTGRES_PORT || 5432,
+				port:     process.env.DB_POSTGRESQL_PORT || 3306,
-				user:     envPostgresUser,
+				user:     envPostgresqlUser,
-				password: process.env.DB_POSTGRES_PASSWORD,
+				password: process.env.DB_POSTGRESQL_PASSWORD,
-				name:     envPostgresName,
+				name:     envPostgresqlName,
 			},
 			keys: getKeys(),
 		};
@ -75,7 +71,7 @@ const configure = () => {
 		database: {
 			engine: 'knex-native',
 			knex:   {
-				client:     sqliteClientName,
+				client:     'sqlite3',
 				connection: {
 					filename: envSqliteFile
 				},
@ -166,27 +162,7 @@ module.exports = {
 	 */
 	isSqlite: function () {
 		instance === null && configure();
-		return instance.database.knex && instance.database.knex.client === sqliteClientName;
+		return instance.database.knex && instance.database.knex.client === 'sqlite3';
 	},
 	/**
 	 * Is this a mysql configuration?
 	 *
 	 * @returns {boolean}
 	 */
 	isMysql: function () {
 		instance === null && configure();
 		return instance.database.engine === mysqlEngine;
 	},
 	/**
 		 * Is this a postgres configuration?
 		 *
 		 * @returns {boolean}
 		 */
 	isPostgres: function () {
 		instance === null && configure();
 		return instance.database.engine === postgresEngine;
 	},
 	/**
@ -223,15 +199,5 @@ module.exports = {
 	 */
 	useLetsencryptStaging: function () {
 		return !!process.env.LE_STAGING;
 	},
 	/**
 	 * @returns {string|null}
 	 */
 	useLetsencryptServer: function () {
 		if (process.env.LE_SERVER) {
 			return process.env.LE_SERVER;
 		}
 		return null;
 	}
 };
--- a/backend/lib/helpers.js
+++ b/backend/lib/helpers.js
@ -1,6 +1,4 @@
 const moment = require('moment');
 const {isPostgres} = require('./config');
 const {ref}        = require('objection');
 module.exports = {
@ -47,16 +45,6 @@ module.exports = {
 			}
 		});
 		return obj;
 	},
 	/**
 	 * Casts a column to json if using postgres
 	 *
 	 * @param {string} colName
 	 * @returns {string|Objection.ReferenceBuilder}
 	 */
 	castJsonIfNeed: function (colName) {
 		return isPostgres() ? ref(colName).castText() : colName;
 	}
 };
--- a/backend/migrations/20240427161436_stream_ssl.js
+++ b/backend/migrations/20240427161436_stream_ssl.js
@ -1,38 +0,0 @@
 const migrate_name = 'stream_ssl';
 const logger       = require('../logger').migrate;
 /**
 * Migrate
 *
 * @see http://knexjs.org/#Schema
 *
 * @param   {Object} knex
 * @returns {Promise}
 */
 exports.up = function (knex) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return knex.schema.table('stream', (table) => {
 		table.integer('certificate_id').notNull().unsigned().defaultTo(0);
 	})
 		.then(function () {
 			logger.info('[' + migrate_name + '] stream Table altered');
 		});
 };
 /**
 * Undo Migrate
 *
 * @param   {Object} knex
 * @returns {Promise}
 */
 exports.down = function (knex) {
 	logger.info('[' + migrate_name + '] Migrating Down...');
 	return knex.schema.table('stream', (table) => {
 		table.dropColumn('certificate_id');
 	})
 		.then(function () {
 			logger.info('[' + migrate_name + '] stream Table altered');
 		});
 };
--- a/backend/models/certificate.js
+++ b/backend/models/certificate.js
@ -4,6 +4,7 @@
 const db      = require('../db');
 const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
 const User    = require('./user');
 const now     = require('./now_helper');
 Model.knex(db);
@ -67,11 +68,6 @@ class Certificate extends Model {
 	}
 	static get relationMappings () {
 		const ProxyHost       = require('./proxy_host');
 		const DeadHost        = require('./dead_host');
 		const User            = require('./user');
 		const RedirectionHost = require('./redirection_host');
 		return {
 			owner: {
 				relation:   Model.HasOneRelation,
@ -83,39 +79,6 @@ class Certificate extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
 			},
 			proxy_hosts: {
 				relation:   Model.HasManyRelation,
 				modelClass: ProxyHost,
 				join:       {
 					from: 'certificate.id',
 					to:   'proxy_host.certificate_id'
 				},
 				modify: function (qb) {
 					qb.where('proxy_host.is_deleted', 0);
 				}
 			},
 			dead_hosts: {
 				relation:   Model.HasManyRelation,
 				modelClass: DeadHost,
 				join:       {
 					from: 'certificate.id',
 					to:   'dead_host.certificate_id'
 				},
 				modify: function (qb) {
 					qb.where('dead_host.is_deleted', 0);
 				}
 			},
 			redirection_hosts: {
 				relation:   Model.HasManyRelation,
 				modelClass: RedirectionHost,
 				join:       {
 					from: 'certificate.id',
 					to:   'redirection_host.certificate_id'
 				},
 				modify: function (qb) {
 					qb.where('redirection_host.is_deleted', 0);
 				}
 			}
 		};
 	}
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@ -12,11 +12,7 @@ Model.knex(db);
 const boolFields = [
 	'is_deleted',
 	'ssl_forced',
 	'http2_support',
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
 ];
 class DeadHost extends Model {
--- a/backend/models/redirection_host.js
+++ b/backend/models/redirection_host.js
@ -17,9 +17,6 @@ const boolFields = [
 	'preserve_path',
 	'ssl_forced',
 	'block_exploits',
 	'hsts_enabled',
 	'hsts_subdomains',
 	'http2_support',
 ];
 class RedirectionHost extends Model {
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@ -1,15 +1,16 @@
-const Model       = require('objection').Model;
+// Objection Docs:
 // http://vincit.github.io/objection.js/
 const db      = require('../db');
 const helpers = require('../lib/helpers');
 const Model   = require('objection').Model;
 const User    = require('./user');
 const Certificate = require('./certificate');
 const now     = require('./now_helper');
 Model.knex(db);
 const boolFields = [
 	'is_deleted',
 	'enabled',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];
@ -63,17 +64,6 @@ class Stream extends Model {
 				modify: function (qb) {
 					qb.where('user.is_deleted', 0);
 				}
 			},
 			certificate: {
 				relation:   Model.HasOneRelation,
 				modelClass: Certificate,
 				join:       {
 					from: 'stream.certificate_id',
 					to:   'certificate.id'
 				},
 				modify: function (qb) {
 					qb.where('certificate.is_deleted', 0);
 				}
 			}
 		};
 	}
--- a/backend/package.json
+++ b/backend/package.json
@ -23,7 +23,7 @@
 		"node-rsa": "^1.0.8",
 		"objection": "3.0.1",
 		"path": "^0.12.7",
-		"pg": "^8.13.1",
+		"pg": "^8.13.0",
 		"signale": "1.4.0",
 		"sqlite3": "5.1.6",
 		"temp-write": "^4.0.0"
--- a/backend/routes/users.js
+++ b/backend/routes/users.js
@ -181,7 +181,7 @@ router
 				return internalUser.setPassword(res.locals.access, payload);
 			})
 			.then((result) => {
-				res.status(200)
+				res.status(201)
 					.send(result);
 			})
 			.catch(next);
@ -212,7 +212,7 @@ router
 				return internalUser.setPermissions(res.locals.access, payload);
 			})
 			.then((result) => {
-				res.status(200)
+				res.status(201)
 					.send(result);
 			})
 			.catch(next);
@ -238,7 +238,7 @@ router
 	.post((req, res, next) => {
 		internalUser.loginAs(res.locals.access, {id: parseInt(req.params.user_id, 10)})
 			.then((result) => {
-				res.status(200)
+				res.status(201)
 					.send(result);
 			})
 			.catch(next);
--- a/backend/schema/components/certificate-object.json
+++ b/backend/schema/components/certificate-object.json
@ -24,34 +24,22 @@
 			"description": "Nice Name for the custom certificate"
 		},
 		"domain_names": {
-			"description": "Domain Names separated by a comma",
+			"$ref": "../common.json#/properties/domain_names"
 			"type": "array",
 			"maxItems": 100,
 			"uniqueItems": true,
 			"items": {
 				"type": "string",
 				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
 			}
 		},
 		"expires_on": {
 			"description": "Date and time of expiration",
 			"readOnly": true,
 			"type": "string"
 		},
 		"owner": {
 			"$ref": "./user-object.json"
 		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,
 			"properties": {
-				"certificate": {
+				"letsencrypt_email": {
-					"type": "string",
+					"type": "string"
 					"minLength": 1
 				},
-				"certificate_key": {
+				"letsencrypt_agree": {
-					"type": "string",
+					"type": "boolean"
 					"minLength": 1
 				},
 				"dns_challenge": {
 					"type": "boolean"
@ -62,19 +50,14 @@
 				"dns_provider_credentials": {
 					"type": "string"
 				},
 				"letsencrypt_agree": {
 					"type": "boolean"
 				},
 				"letsencrypt_certificate": {
 					"type": "object"
 				},
 				"letsencrypt_email": {
 					"type": "string"
 				},
 				"propagation_seconds": {
 					"anyOf": [
 						{
 							"type": "integer",
 							"minimum": 0
 						}
 					]
 				}
 			}
 		}
 	}
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@ -22,7 +22,10 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains"
+		"hsts_subdomains",
 		"certificate",
 		"use_default_location",
 		"ipv6"
 	],
 	"additionalProperties": false,
 	"properties": {
@ -148,6 +151,12 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
 		},
 		"use_default_location": {
 			"type": "boolean"
 		},
 		"ipv6": {
 			"type": "boolean"
 		}
 	}
 }
--- a/backend/schema/components/redirection-host-object.json
+++ b/backend/schema/components/redirection-host-object.json
@ -28,7 +28,7 @@
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["auto", "http", "https"]
+			"enum": ["http", "https"]
 		},
 		"forward_domain_name": {
 			"description": "Domain Name",
--- a/backend/schema/components/setting-object.json
+++ b/backend/schema/components/setting-object.json
@ -25,7 +25,7 @@
 		"value": {
 			"description": "Value in almost any form",
 			"example": "congratulations",
-			"anyOf": [
+			"oneOf": [
 				{
 					"type": "string",
 					"minLength": 1
@ -46,10 +46,7 @@
 		},
 		"meta": {
 			"description": "Extra metadata",
-			"example": {
+			"example": {},
 				"redirect": "http://example.com",
 				"html": "<h1>404</h1>"
 			},
 			"type": "object"
 		}
 	}
--- a/backend/schema/components/stream-list.json
+++ b/backend/schema/components/stream-list.json
@ -1,7 +1,7 @@
 {
 	"type": "array",
-	"description": "Streams list",
+	"description": "Proxy Hosts list",
 	"items": {
-		"$ref": "./stream-object.json"
+		"$ref": "./proxy-host-object.json"
 	}
 }
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@ -53,24 +53,8 @@
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
 		"certificate_id": {
 			"$ref": "../common.json#/properties/certificate_id"
 		},
 		"meta": {
 			"type": "object"
 		},
 		"owner": {
 			"$ref": "./user-object.json"
 		},
 		"certificate": {
 			"oneOf": [
 				{
 					"type": "null"
 				},
 				{
 					"$ref": "./certificate-object.json"
 				}
 			]
 		}
 	}
 }
--- a/backend/schema/components/token-object.json
+++ b/backend/schema/components/token-object.json
@ -5,9 +5,10 @@
 	"additionalProperties": false,
 	"properties": {
 		"expires": {
-			"description": "Token Expiry ISO Time String",
+			"description": "Token Expiry Unix Time",
-			"example": "2025-02-04T20:40:46.340Z",
+			"example": 1566540249,
-			"type": "string"
+			"minimum": 1,
 			"type": "number"
 		},
 		"token": {
 			"description": "JWT Token",
--- a/backend/schema/paths/nginx/access-lists/listID/put.json
+++ b/backend/schema/paths/nginx/access-lists/listID/put.json
@ -49,7 +49,8 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string"
+										"type": "string",
 										"minLength": 1
 									}
 								}
 							}
--- a/backend/schema/paths/nginx/certificates/certID/upload/post.json
+++ b/backend/schema/paths/nginx/certificates/certID/upload/post.json
@ -55,25 +55,6 @@
 								"certificate_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1n9j9C5Bes1nd\nqACDckERauxXVNKCnUlUM1buGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2w\nrbmvZvLuPmXePOKbIKS+XXh+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHge\nYz6Cv/Si2/LJPCh/CoBfM4hUQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQ\noxRAHiOR9081Xn1WeoKr7kVBIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7Z\nEo+nS8Wr/4QWicatIWZXpVaEOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79X\nzGONeH1PAgMBAAECggEAANb3Wtwl07pCjRrMvc7WbC0xYIn82yu8/g2qtjkYUJcU\nia5lQbYN7RGCS85Oc/tkq48xQEG5JQWNH8b918jDEMTrFab0aUEyYcru1q9L8PL6\nYHaNgZSrMrDcHcS8h0QOXNRJT5jeGkiHJaTR0irvB526tqF3knbK9yW22KTfycUe\na0Z9voKn5xRk1DCbHi/nk2EpT7xnjeQeLFaTIRXbS68omkr4YGhwWm5OizoyEGZu\nW0Zum5BkQyMr6kor3wdxOTG97ske2rcyvvHi+ErnwL0xBv0qY0Dhe8DpuXpDezqw\no72yY8h31Fu84i7sAj24YuE5Df8DozItFXQpkgbQ6QKBgQDPrufhvIFm2S/MzBdW\nH8JxY7CJlJPyxOvc1NIl9RczQGAQR90kx52cgIcuIGEG6/wJ/xnGfMmW40F0DnQ+\nN+oLgB9SFxeLkRb7s9Z/8N3uIN8JJFYcerEOiRQeN2BXEEWJ7bUThNtsVrAcKoUh\nELsDmnHW/3V+GKwhd0vpk842+wKBgQDf4PGLG9PTE5tlAoyHFodJRd2RhTJQkwsU\nMDNjLJ+KecLv+Nl+QiJhoflG1ccqtSFlBSCG067CDQ5LV0xm3mLJ7pfJoMgjcq31\nqjEmX4Ls91GuVOPtbwst3yFKjsHaSoKB5fBvWRcKFpBUezM7Qcw2JP3+dQT+bQIq\ncMTkRWDSvQKBgQDOdCQFDjxg/lR7NQOZ1PaZe61aBz5P3pxNqa7ClvMaOsuEQ7w9\nvMYcdtRq8TsjA2JImbSI0TIg8gb2FQxPcYwTJKl+FICOeIwtaSg5hTtJZpnxX5LO\nutTaC0DZjNkTk5RdOdWA8tihyUdGqKoxJY2TVmwGe2rUEDjFB++J4inkEwKBgB6V\ng0nmtkxanFrzOzFlMXwgEEHF+Xaqb9QFNa/xs6XeNnREAapO7JV75Cr6H2hFMFe1\nmJjyqCgYUoCWX3iaHtLJRnEkBtNY4kzyQB6m46LtsnnnXO/dwKA2oDyoPfFNRoDq\nYatEd3JIXNU9s2T/+x7WdOBjKhh72dTkbPFmTPDdAoGAU6rlPBevqOFdObYxdPq8\nEQWu44xqky3Mf5sBpOwtu6rqCYuziLiN7K4sjN5GD5mb1cEU+oS92ZiNcUQ7MFXk\n8yTYZ7U0VcXyAcpYreWwE8thmb0BohJBr+Mp3wLTx32x0HKdO6vpUa0d35LUTUmM\nRrKmPK/msHKK/sVHiL+NFqo=\n-----END PRIVATE KEY-----\n"
 							}
 						}
 					},
 					"schema": {
 						"type": "object",
 						"additionalProperties": false,
 						"required": ["certificate", "certificate_key"],
 						"properties": {
 							"certificate": {
 								"type": "string",
 								"minLength": 1
 							},
 							"certificate_key": {
 								"type": "string",
 								"minLength": 1
 							},
 							"intermediate_certificate": {
 								"type": "string",
 								"minLength": 1
 							}
 						}
 					}
 				}
 			}
--- a/backend/schema/paths/nginx/dead-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/dead-hosts/hostID/put.json
@ -94,7 +94,9 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null
+								"certificate": null,
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/dead-hosts/post.json
+++ b/backend/schema/paths/nginx/dead-hosts/post.json
@ -79,7 +79,9 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								}
+								},
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
@ -129,7 +129,9 @@
 									"roles": ["admin"]
 								},
 								"certificate": null,
-								"access_list": null
+								"access_list": null,
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/proxy-hosts/post.json
+++ b/backend/schema/paths/nginx/proxy-hosts/post.json
@ -114,7 +114,9 @@
 									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"access_list": null
+								"access_list": null,
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/redirection-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/redirection-hosts/hostID/put.json
@ -114,7 +114,9 @@
 									"avatar": "",
 									"roles": ["admin"]
 								},
-								"certificate": null
+								"certificate": null,
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/redirection-hosts/post.json
+++ b/backend/schema/paths/nginx/redirection-hosts/post.json
@ -99,7 +99,9 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								}
+								},
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/streams/get.json
+++ b/backend/schema/paths/nginx/streams/get.json
@ -14,7 +14,7 @@
 			"description": "Expansions",
 			"schema": {
 				"type": "string",
-				"enum": ["owner", "certificate"]
+				"enum": ["access_list", "owner", "certificate"]
 			}
 		}
 	],
@ -40,8 +40,7 @@
 										"nginx_online": true,
 										"nginx_err": null
 									},
-									"enabled": true,
+									"enabled": true
 									"certificate_id": 0
 								}
 							]
 						}
--- a/backend/schema/paths/nginx/streams/post.json
+++ b/backend/schema/paths/nginx/streams/post.json
@ -32,9 +32,6 @@
 						"udp_forwarding": {
 							"$ref": "../../../components/stream-object.json#/properties/udp_forwarding"
 						},
 						"certificate_id": {
 							"$ref": "../../../components/stream-object.json#/properties/certificate_id"
 						},
 						"meta": {
 							"$ref": "../../../components/stream-object.json#/properties/meta"
 						}
@ -76,8 +73,7 @@
 									"nickname": "Admin",
 									"avatar": "",
 									"roles": ["admin"]
-								},
+								}
 								"certificate_id": 0
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/streams/streamID/get.json
+++ b/backend/schema/paths/nginx/streams/streamID/get.json
@ -40,8 +40,7 @@
 									"nginx_online": true,
 									"nginx_err": null
 								},
-								"enabled": true,
+								"enabled": true
 								"certificate_id": 0
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/streams/streamID/put.json
+++ b/backend/schema/paths/nginx/streams/streamID/put.json
@ -29,26 +29,56 @@
 					"additionalProperties": false,
 					"minProperties": 1,
 					"properties": {
-						"incoming_port": {
+						"domain_names": {
-							"$ref": "../../../../components/stream-object.json#/properties/incoming_port"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/domain_names"
 						},
-						"forwarding_host": {
+						"forward_scheme": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_host"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_scheme"
 						},
-						"forwarding_port": {
+						"forward_host": {
-							"$ref": "../../../../components/stream-object.json#/properties/forwarding_port"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_host"
 						},
-						"tcp_forwarding": {
+						"forward_port": {
-							"$ref": "../../../../components/stream-object.json#/properties/tcp_forwarding"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/forward_port"
 						},
 						"udp_forwarding": {
 							"$ref": "../../../../components/stream-object.json#/properties/udp_forwarding"
 						},
 						"certificate_id": {
-							"$ref": "../../../../components/stream-object.json#/properties/certificate_id"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/certificate_id"
 						},
 						"ssl_forced": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_forced"
 						},
 						"hsts_enabled": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_enabled"
 						},
 						"hsts_subdomains": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/hsts_subdomains"
 						},
 						"http2_support": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/http2_support"
 						},
 						"block_exploits": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/block_exploits"
 						},
 						"caching_enabled": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/caching_enabled"
 						},
 						"allow_websocket_upgrade": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/allow_websocket_upgrade"
 						},
 						"access_list_id": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/access_list_id"
 						},
 						"advanced_config": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/advanced_config"
 						},
 						"enabled": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/enabled"
 						},
 						"meta": {
-							"$ref": "../../../../components/stream-object.json#/properties/meta"
+							"$ref": "../../../../components/proxy-host-object.json#/properties/meta"
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
 						}
 					}
 				}
@ -64,32 +94,44 @@
 						"default": {
 							"value": {
 								"id": 1,
-								"created_on": "2024-10-09T02:33:45.000Z",
+								"created_on": "2024-10-08T23:23:03.000Z",
-								"modified_on": "2024-10-09T02:33:45.000Z",
+								"modified_on": "2024-10-08T23:26:37.000Z",
 								"owner_user_id": 1,
-								"incoming_port": 9090,
+								"domain_names": ["test.example.com"],
-								"forwarding_host": "router.internal",
+								"forward_host": "192.168.0.10",
-								"forwarding_port": 80,
+								"forward_port": 8989,
-								"tcp_forwarding": true,
+								"access_list_id": 0,
-								"udp_forwarding": false,
+								"certificate_id": 0,
 								"ssl_forced": false,
 								"caching_enabled": false,
 								"block_exploits": false,
 								"advanced_config": "",
 								"meta": {
 									"nginx_online": true,
 									"nginx_err": null
 								},
 								"allow_websocket_upgrade": false,
 								"http2_support": false,
 								"forward_scheme": "http",
 								"enabled": true,
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-09T02:33:16.000Z",
+									"created_on": "2024-10-07T22:43:55.000Z",
-									"modified_on": "2024-10-09T02:33:16.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
 									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
-									"nickname": "Admin",
+									"nickname": "some guy",
-									"avatar": "",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
 									"roles": ["admin"]
 								},
-								"certificate_id": 0
+								"certificate": null,
 								"access_list": null,
 								"use_default_location": true,
 								"ipv6": true
 							}
 						}
 					},
--- a/backend/schema/paths/settings/settingID/put.json
+++ b/backend/schema/paths/settings/settingID/put.json
@ -13,8 +13,7 @@
 			"name": "settingID",
 			"schema": {
 				"type": "string",
-				"minLength": 1,
+				"minLength": 1
 				"enum": ["default-site"]
 			},
 			"required": true,
 			"description": "Setting ID",
@ -32,21 +31,10 @@
 					"minProperties": 1,
 					"properties": {
 						"value": {
-							"type": "string",
+							"$ref": "../../../components/setting-object.json#/properties/value"
 							"minLength": 1,
 							"enum": ["congratulations", "404", "444", "redirect", "html"]
 						},
 						"meta": {
-							"type": "object",
+							"$ref": "../../../components/setting-object.json#/properties/meta"
 							"additionalProperties": false,
 							"properties": {
 								"redirect": {
 									"type": "string"
 								},
 								"html": {
 									"type": "string"
 								}
 							}
 						}
 					}
 				}
--- a/backend/schema/paths/tokens/get.json
+++ b/backend/schema/paths/tokens/get.json
@ -15,7 +15,7 @@
 					"examples": {
 						"default": {
 							"value": {
-								"expires": "2025-02-04T20:40:46.340Z",
+								"expires": 1566540510,
 								"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 							}
 						}
--- a/backend/schema/paths/tokens/post.json
+++ b/backend/schema/paths/tokens/post.json
@ -38,7 +38,7 @@
 						"default": {
 							"value": {
 								"result": {
-									"expires": "2025-02-04T20:40:46.340Z",
+									"expires": 1566540510,
 									"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 								}
 							}
--- a/backend/schema/swagger.json
+++ b/backend/schema/swagger.json
@ -9,15 +9,6 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
 	"components": {
 		"securitySchemes": {
 			"bearerAuth": {
 				"type": "http",
 				"scheme": "bearer",
 				"bearerFormat": "JWT"
 			}
 		}
 	},
 	"paths": {
 		"/": {
 			"get": {
--- a/backend/setup.js
+++ b/backend/setup.js
@ -15,18 +15,17 @@ const certbot             = require('./lib/certbot');
 const setupDefaultUser = () => {
 	return userModel
 		.query()
-		.select('id', )
+		.select('id')
 		.where('is_deleted', 0)
 		.first()
 		.then((row) => {
-			if (!row || !row.id) {
+			if (!row.length || !row[0].id) {
 				// Create a new user and set password
-				const email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
+				let email    = process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com';
-				const password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
+				let password = process.env.INITIAL_ADMIN_PASSWORD || 'changeme';
 				logger.info('Creating a new user: ' + email + ' with password: ' + password);
-				const data = {
+				let data = {
 					is_deleted: 0,
 					email:      email,
 					name:       'Administrator',
@ -79,9 +78,8 @@ const setupDefaultSettings = () => {
 		.query()
 		.select('id')
 		.where({id: 'default-site'})
 		.first()
 		.then((row) => {
-			if (!row || !row.id) {
+			if (!row.length || !row[0].id) {
 				settingModel
 					.query()
 					.insert({
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@ -4,7 +4,7 @@
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};
-    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
+    {% if access_list.pass_auth == 0 %}
    proxy_set_header Authorization "";
    {% endif %}
@ -17,7 +17,7 @@
    deny all;
    # Access checks must...
-    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
+    {% if access_list.satisfy_any == 1 %}
    satisfy any;
    {% else %}
    satisfy all;
--- a/backend/templates/_certificates.conf
+++ b/backend/templates/_certificates.conf
@ -2,7 +2,6 @@
 {% if certificate.provider == "letsencrypt" %}
  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-cache.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
--- a/backend/templates/_certificates_stream.conf
+++ b/backend/templates/_certificates_stream.conf
@ -1,13 +0,0 @@
 {% if certificate and certificate_id > 0 %}
 {% if certificate.provider == "letsencrypt" %}
  # Let's Encrypt SSL
  include conf.d/include/ssl-cache-stream.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
 {%- else %}
  # Custom SSL
  ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
  ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
 {%- endif -%}
 {%- endif -%}
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@ -5,16 +5,11 @@
  #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl;
+  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl;
+  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
 {% else -%}
  #listen [::]:443;
 {% endif %}
 {% endif %}
  server_name {{ domain_names | join: " " }};
 {% if http2_support == 1 or http2_support == true %}
  http2 on;
 {% else -%}
  http2 off;
 {% endif %}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -7,7 +7,11 @@
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    set $proxy_forward_scheme {{ forward_scheme }};
    set $proxy_server         "{{ forward_host }}";
    set $proxy_port           {{ forward_port }};
    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};
    {% include "_access.conf" %}
    {% include "_assets.conf" %}
--- a/backend/templates/dead_host.conf
+++ b/backend/templates/dead_host.conf
@ -22,7 +22,5 @@ server {
  }
 {% endif %}
  # Custom
  include /data/nginx/custom/server_dead[.]conf;
 }
 {% endif %}
--- a/backend/templates/stream.conf
+++ b/backend/templates/stream.conf
@ -5,10 +5,12 @@
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }} {%- if certificate %} ssl {%- endif %};
+  listen {{ incoming_port }};
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} {%- if certificate %} ssl {%- endif %};
+{% if ipv6 -%}
-
+  listen [::]:{{ incoming_port }};
-  {%- include "_certificates_stream.conf" %}
+{% else -%}
  #listen [::]:{{ incoming_port }};
 {% endif %}
  proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
@ -17,12 +19,14 @@ server {
  include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
-
+{% if udp_forwarding == 1 or udp_forwarding == true %}
 {% if udp_forwarding == 1 or udp_forwarding == true -%}
 server {
  listen {{ incoming_port }} udp;
-  {% unless ipv6 -%} # {%- endunless -%} listen [::]:{{ incoming_port }} udp;
+{% if ipv6 -%}
-
+  listen [::]:{{ incoming_port }} udp;
 {% else -%}
  #listen [::]:{{ incoming_port }} udp;
 {% endif %}
  proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
  # Custom
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -492,9 +492,9 @@ boxen@^4.2.0:
    widest-line "^3.1.0"
 brace-expansion@^1.1.7:
-  version "1.1.12"
+  version "1.1.11"
-  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843"
+  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
-  integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==
+  integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
  dependencies:
    balanced-match "^1.0.0"
    concat-map "0.0.1"
@ -830,9 +830,9 @@ crc32-stream@^4.0.2:
    readable-stream "^3.4.0"
 cross-spawn@^7.0.2:
-  version "7.0.6"
+  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
+  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
  dependencies:
    path-key "^3.1.0"
    shebang-command "^2.0.0"
@ -2776,10 +2776,10 @@ pg-types@^2.1.0:
    postgres-date "~1.0.4"
    postgres-interval "^1.1.0"
-pg@^8.13.1:
+pg@^8.13.0:
-  version "8.13.1"
+  version "8.13.0"
-  resolved "https://registry.yarnpkg.com/pg/-/pg-8.13.1.tgz#6498d8b0a87ff76c2df7a32160309d3168c0c080"
+  resolved "https://registry.yarnpkg.com/pg/-/pg-8.13.0.tgz#e3d245342eb0158112553fcc1890a60720ae2a3d"
-  integrity sha512-OUir1A0rPNZlX//c7ksiu7crsGZTKSOXJPgtNiHGIlC9H0lO+NC6ZDYksSgBYY/thSWhnSRBv8w1lieNNGATNQ==
+  integrity sha512-34wkUTh3SxTClfoHB3pQ7bIMvw9dpFU1audQQeZG837fmHfHpr14n/AELVDoOYVDW2h5RDWU78tFjkD+erSBsw==
  dependencies:
    pg-connection-string "^2.7.0"
    pg-pool "^3.7.0"
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -3,8 +3,6 @@
 # This file assumes that the frontend has been built using ./scripts/frontend-build
 FROM nginxproxymanager/testca AS testca
 FROM letsencrypt/pebble AS pebbleca
 FROM nginxproxymanager/nginx-full:certbot-node
 ARG TARGETPLATFORM
@ -47,8 +45,6 @@ RUN yarn install \
 # add late to limit cache-busting by modifications
 COPY docker/rootfs /
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
--- a/docker/ci.env
+++ b/docker/ci.env
@ -1,8 +0,0 @@
 AUTHENTIK_SECRET_KEY=gl8woZe8L6IIX8SC0c5Ocsj0xPkX5uJo5DVZCFl+L/QGbzuplfutYuua2ODNLEiDD3aFd9H2ylJmrke0
 AUTHENTIK_REDIS__HOST=authentik-redis
 AUTHENTIK_POSTGRESQL__HOST=db-postgres
 AUTHENTIK_POSTGRESQL__USER=authentik
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__PASSWORD=07EKS5NLI6Tpv68tbdvrxfvj
 AUTHENTIK_BOOTSTRAP_PASSWORD=admin
 AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
--- a/docker/ci/postgres/authentik.sql.gz
+++ b/docker/ci/postgres/authentik.sql.gz
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -1,10 +1,7 @@
 FROM nginxproxymanager/testca AS testca
 FROM letsencrypt/pebble AS pebbleca
 FROM nginxproxymanager/nginx-full:certbot-node
 LABEL maintainer="Jamie Curnow <jc@jc21.com>"
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# See: https://github.com/just-containers/s6-overlay/blob/master/README.md
 ENV SUPPRESS_NO_CONFIG_WARNING=1 \
 	S6_BEHAVIOUR_IF_STAGE2_FAILS=1 \
 	S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
@ -20,21 +17,18 @@ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& rm -rf /var/lib/apt/lists/*
 # Task
-WORKDIR /usr
+RUN cd /usr \
-RUN curl -sL https://taskfile.dev/install.sh | sh
+	&& curl -sL https://taskfile.dev/install.sh | sh \
-WORKDIR /root
+	&& cd /root
 COPY rootfs /
-COPY scripts/install-s6 /tmp/install-s6
+RUN rm -f /etc/nginx/conf.d/production.conf
-RUN rm -f /etc/nginx/conf.d/production.conf \
+RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \
 	&& /tmp/install-s6 "${TARGETPLATFORM}" \
 	&& rm -f /tmp/install-s6 \
 	&& chmod 644 -R /root/.cache
-# Certs for testing purposes
+# s6 overlay
-COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
+COPY scripts/install-s6 /tmp/install-s6
-COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt
+RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
 RUN chmod 644 -R /root/.cache
 EXPOSE 80 81 443
 ENTRYPOINT [ "/init" ]
--- a/docker/docker-compose.ci.mysql.yml
+++ b/docker/docker-compose.ci.mysql.yml
@ -18,7 +18,6 @@ services:
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npmpass'
      MARIADB_AUTO_UPGRADE: '1'
    volumes:
      - mysql_vol:/var/lib/mysql
    networks:
--- a/docker/docker-compose.ci.postgres.yml
+++ b/docker/docker-compose.ci.postgres.yml
@ -1,78 +0,0 @@
 # WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
 services:
  cypress:
    environment:
      CYPRESS_stack: 'postgres'
  fullstack:
    environment:
      DB_POSTGRES_HOST: 'db-postgres'
      DB_POSTGRES_PORT: '5432'
      DB_POSTGRES_USER: 'npm'
      DB_POSTGRES_PASSWORD: 'npmpass'
      DB_POSTGRES_NAME: 'npm'
    depends_on:
      - db-postgres
      - authentik
      - authentik-worker
      - authentik-ldap
  db-postgres:
    image: postgres:latest
    environment:
      POSTGRES_USER: 'npm'
      POSTGRES_PASSWORD: 'npmpass'
      POSTGRES_DB: 'npm'
    volumes:
      - psql_vol:/var/lib/postgresql/data
      - ./ci/postgres:/docker-entrypoint-initdb.d
    networks:
      - fulltest
  authentik-redis:
    image: 'redis:alpine'
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis_vol:/data
  authentik:
    image: ghcr.io/goauthentik/server:2024.10.1
    restart: unless-stopped
    command: server
    env_file:
      - ci.env
    depends_on:
      - authentik-redis
      - db-postgres
  authentik-worker:
    image: ghcr.io/goauthentik/server:2024.10.1
    restart: unless-stopped
    command: worker
    env_file:
      - ci.env
    depends_on:
      - authentik-redis
      - db-postgres
  authentik-ldap:
    image: ghcr.io/goauthentik/ldap:2024.10.1
    environment:
      AUTHENTIK_HOST: 'http://authentik:9000'
      AUTHENTIK_INSECURE: 'true'
      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
    restart: unless-stopped
    depends_on:
      - authentik
 volumes:
  psql_vol:
  redis_vol:
--- a/docker/docker-compose.ci.postgresql.yml
+++ b/docker/docker-compose.ci.postgresql.yml
@ -0,0 +1,29 @@
 # WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
 services:
  fullstack:
    environment:
      DB_POSTGRESQL_HOST: 'db'
      DB_POSTGRESQL_PORT: '5432'
      DB_POSTGRESQL_USER: 'npm'
      DB_POSTGRESQL_PASSWORD: 'npmpass'
      DB_POSTGRESQL_NAME: 'npm'
    depends_on:
      - db-postgresql
  db-postgresql:
    image: postgres:14.2-alpine
    environment:
      POSTGRES_PASSWORD: "npmpass"
      POSTGRES_USER: "npm"
      POSTGRES_DB: "npm"
    ports:
      - 5432:5432
    volumes:
      - postgres_vol:/var/lib/postgresql/data
    networks:
      - fulltest
 volumes:
  postgres_vol:
--- a/docker/docker-compose.ci.yml
+++ b/docker/docker-compose.ci.yml
@ -9,9 +9,6 @@ services:
    environment:
      DEBUG: 'true'
      FORCE_COLOR: 1
      # Required for DNS Certificate provisioning in CI
      LE_SERVER: 'https://ca.internal/acme/acme/directory'
      REQUESTS_CA_BUNDLE: '/etc/ssl/certs/NginxProxyManager.crt'
    volumes:
      - 'npm_data_ci:/data'
      - 'npm_le_ci:/etc/letsencrypt'
@ -22,10 +19,6 @@ services:
      test: ["CMD", "/usr/bin/check-health"]
      interval: 10s
      timeout: 3s
    expose:
      - '80-81/tcp'
      - '443/tcp'
      - '1500-1503/tcp'
    networks:
      fulltest:
        aliases:
@ -44,7 +37,7 @@ services:
          - ca.internal
  pdns:
-    image: pschiffe/pdns-mysql:4.8
+    image: pschiffe/pdns-mysql
    volumes:
      - '/etc/localtime:/etc/localtime:ro'
    environment:
@ -101,7 +94,7 @@ services:
      HTTP_PROXY: 'squid:3128'
      HTTPS_PROXY: 'squid:3128'
    volumes:
-      - 'cypress_logs:/test/results'
+      - 'cypress_logs:/results'
      - './dev/resolv.conf:/etc/resolv.conf:ro'
      - '/etc/localtime:/etc/localtime:ro'
    command: cypress run --browser chrome --config-file=cypress/config/ci.js
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -1,9 +1,9 @@
 # WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
 services:
-  fullstack:
+  npm:
-    image: npm2dev:core
+    image: nginxproxymanager:dev
-    container_name: npm2dev.core
+    container_name: npm_core
    build:
      context: ./
      dockerfile: ./dev/Dockerfile
@ -26,44 +26,26 @@ services:
      DEVELOPMENT: 'true'
      LE_STAGING: 'true'
      # db:
-      # DB_MYSQL_HOST: 'db'
+      DB_MYSQL_HOST: 'db'
-      # DB_MYSQL_PORT: '3306'
+      DB_MYSQL_PORT: '3306'
-      # DB_MYSQL_USER: 'npm'
+      DB_MYSQL_USER: 'npm'
-      # DB_MYSQL_PASSWORD: 'npm'
+      DB_MYSQL_PASSWORD: 'npm'
-      # DB_MYSQL_NAME: 'npm'
+      DB_MYSQL_NAME: 'npm'
      # db-postgres:
      DB_POSTGRES_HOST: 'db-postgres'
      DB_POSTGRES_PORT: '5432'
      DB_POSTGRES_USER: 'npm'
      DB_POSTGRES_PASSWORD: 'npmpass'
      DB_POSTGRES_NAME: 'npm'
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # DISABLE_IPV6: "true"
      # Required for DNS Certificate provisioning testing:
      LE_SERVER: 'https://ca.internal/acme/acme/directory'
      REQUESTS_CA_BUNDLE: '/etc/ssl/certs/NginxProxyManager.crt'
    volumes:
      - npm_data:/data
      - le_data:/etc/letsencrypt
      - './dev/resolv.conf:/etc/resolv.conf:ro'
      - ../backend:/app
      - ../frontend:/app/frontend
      - ../global:/app/global
    healthcheck:
      test: ["CMD", "/usr/bin/check-health"]
      interval: 10s
      timeout: 3s
    depends_on:
      - db
      - db-postgres
      - authentik
      - authentik-worker
      - authentik-ldap
    working_dir: /app
  db:
    image: jc21/mariadb-aria
-    container_name: npm2dev.db
+    container_name: npm_db
    ports:
      - 33306:3306
    networks:
@ -76,193 +58,36 @@ services:
    volumes:
      - db_data:/var/lib/mysql
  db-postgres:
    image: postgres:latest
    container_name: npm2dev.db-postgres
    networks:
      - nginx_proxy_manager
    environment:
      POSTGRES_USER: 'npm'
      POSTGRES_PASSWORD: 'npmpass'
      POSTGRES_DB: 'npm'
    volumes:
      - psql_data:/var/lib/postgresql/data
      - ./ci/postgres:/docker-entrypoint-initdb.d
  stepca:
    image: jc21/testca
    container_name: npm2dev.stepca
    volumes:
      - './dev/resolv.conf:/etc/resolv.conf:ro'
      - '/etc/localtime:/etc/localtime:ro'
    networks:
      nginx_proxy_manager:
        aliases:
          - ca.internal
  dnsrouter:
    image: jc21/dnsrouter
    container_name: npm2dev.dnsrouter
    volumes:
      - ./dev/dnsrouter-config.json.tmp:/dnsrouter-config.json:ro
    networks:
      - nginx_proxy_manager
  swagger:
    image: swaggerapi/swagger-ui:latest
-    container_name: npm2dev.swagger
+    container_name: npm_swagger
    ports:
      - 3082:80
    environment:
      URL: "http://npm:81/api/schema"
      PORT: '80'
    depends_on:
-      - fullstack
+      - npm
  squid:
    image: ubuntu/squid
-    container_name: npm2dev.squid
+    container_name: npm_squid
    volumes:
      - './dev/squid.conf:/etc/squid/squid.conf:ro'
      - './dev/resolv.conf:/etc/resolv.conf:ro'
      - '/etc/localtime:/etc/localtime:ro'
    networks:
      - nginx_proxy_manager
    ports:
      - 8128:3128
  pdns:
    image: pschiffe/pdns-mysql:4.8
    container_name: npm2dev.pdns
    volumes:
      - '/etc/localtime:/etc/localtime:ro'
    environment:
      PDNS_master: 'yes'
      PDNS_api: 'yes'
      PDNS_api_key: 'npm'
      PDNS_webserver: 'yes'
      PDNS_webserver_address: '0.0.0.0'
      PDNS_webserver_password: 'npm'
      PDNS_webserver-allow-from: '127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8'
      PDNS_version_string: 'anonymous'
      PDNS_default_ttl: 1500
      PDNS_allow_axfr_ips: '127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8'
      PDNS_gmysql_host: pdns-db
      PDNS_gmysql_port: 3306
      PDNS_gmysql_user: pdns
      PDNS_gmysql_password: pdns
      PDNS_gmysql_dbname: pdns
    depends_on:
      - pdns-db
    networks:
      nginx_proxy_manager:
        aliases:
          - ns1.pdns
          - ns2.pdns
  pdns-db:
    image: mariadb
    container_name: npm2dev.pdns-db
    environment:
      MYSQL_ROOT_PASSWORD: 'pdns'
      MYSQL_DATABASE: 'pdns'
      MYSQL_USER: 'pdns'
      MYSQL_PASSWORD: 'pdns'
    volumes:
      - 'pdns_mysql:/var/lib/mysql'
      - '/etc/localtime:/etc/localtime:ro'
      - './dev/pdns-db.sql:/docker-entrypoint-initdb.d/01_init.sql:ro'
    networks:
      - nginx_proxy_manager
  cypress:
    image: npm2dev:cypress
    container_name: npm2dev.cypress
    build:
      context: ../
      dockerfile: test/cypress/Dockerfile
    environment:
      HTTP_PROXY: 'squid:3128'
      HTTPS_PROXY: 'squid:3128'
    volumes:
      - '../test/results:/results'
      - './dev/resolv.conf:/etc/resolv.conf:ro'
      - '/etc/localtime:/etc/localtime:ro'
    command: cypress run --browser chrome --config-file=cypress/config/ci.js
    networks:
      - nginx_proxy_manager
  authentik-redis:
    image: 'redis:alpine'
    container_name: npm2dev.authentik-redis
    command: --save 60 1 --loglevel warning
    networks:
      - nginx_proxy_manager
    restart: unless-stopped
    healthcheck:
      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis_data:/data
  authentik:
    image: ghcr.io/goauthentik/server:2024.10.1
    container_name: npm2dev.authentik
    restart: unless-stopped
    command: server
    networks:
      - nginx_proxy_manager
    env_file:
      - ci.env
    ports:
      - 9000:9000
    depends_on:
      - authentik-redis
      - db-postgres
  authentik-worker:
    image: ghcr.io/goauthentik/server:2024.10.1
    container_name: npm2dev.authentik-worker
    restart: unless-stopped
    command: worker
    networks:
      - nginx_proxy_manager
    env_file:
      - ci.env
    depends_on:
      - authentik-redis
      - db-postgres
  authentik-ldap:
    image: ghcr.io/goauthentik/ldap:2024.10.1
    container_name: npm2dev.authentik-ldap
    networks:
      - nginx_proxy_manager
    environment:
      AUTHENTIK_HOST: 'http://authentik:9000'
      AUTHENTIK_INSECURE: 'true'
      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
    restart: unless-stopped
    depends_on:
      - authentik
 volumes:
  npm_data:
-    name: npm2dev_core_data
+    name: npm_core_data
  le_data:
-    name: npm2dev_le_data
+    name: npm_le_data
  db_data:
-    name: npm2dev_db_data
+    name: npm_db_data
  pdns_mysql:
    name: npnpm2dev_pdns_mysql
  psql_data:
    name: npm2dev_psql_data
  redis_data:
    name: npm2dev_redis_data
 networks:
  nginx_proxy_manager:
-    name: npm2dev_network
+    name: npm_network
--- a/docker/docker-compose.dev2.yml
+++ b/docker/docker-compose.dev2.yml
@ -0,0 +1,91 @@
 # WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
 services:
  npm:
    image: nginxproxymanager:dev
    container_name: npm_core
    build:
      context: ./
      dockerfile: ./dev/Dockerfile
    ports:
      - 3080:80
      - 3081:81
      - 3443:443
    networks:
      - nginx_proxy_manager
    environment:
      PUID: 1000
      PGID: 1000
      FORCE_COLOR: 1
      # specifically for dev:
      DEBUG: 'true'
      DEVELOPMENT: 'true'
      LE_STAGING: 'true'
      # db:
      DB_POSTGRESQL_HOST: 'db'
      DB_POSTGRESQL_PORT: '5432'
      DB_POSTGRESQL_USER: 'npm'
      DB_POSTGRESQL_PASSWORD: 'npmpass'
      DB_POSTGRESQL_NAME: 'npm'
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # DISABLE_IPV6: "true"
    volumes:
      - npm_data:/data
      - le_data:/etc/letsencrypt
      - ../backend:/app
      - ../frontend:/app/frontend
      - ../global:/app/global
    depends_on:
      - db
    working_dir: /app
  db:
    image: postgres:14.2-alpine
    container_name: npm_db
    ports:
      - 5432:5432
    networks:
      - nginx_proxy_manager
    environment:
      POSTGRES_PASSWORD: "npmpass"
      POSTGRES_USER: "npm"
      POSTGRES_DB: "npm"
    volumes:
      - db_data:/var/lib/postgresql/data
  pgadmin:
    image: dpage/pgadmin4
    environment:
      PGADMIN_DEFAULT_EMAIL: "admin@example.com"
      PGADMIN_DEFAULT_PASSWORD: "changeme"
    ports:
        - 5080:80
    networks:
        - nginx_proxy_manager
    depends_on:
      - db
  swagger:
    image: swaggerapi/swagger-ui:latest
    container_name: npm_swagger
    ports:
      - 3082:80
    environment:
      URL: "http://npm:81/api/schema"
      PORT: '80'
    depends_on:
      - npm
 volumes:
  npm_data:
    name: npm_core_data
  le_data:
    name: npm_le_data
  db_data:
    name: npm_db_data
  db_data1:
    name: npm_db_data1
 networks:
  nginx_proxy_manager:
    name: npm_network
--- a/docker/rootfs/etc/nginx/conf.d/include/assets.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/assets.conf
@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;
 	# use the public cache
--- a/docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-cache-stream.conf
@ -1,2 +0,0 @@
 ssl_session_timeout 5m;
 ssl_session_cache shared:SSL_stream:50m;
--- a/docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-cache.conf
@ -1,2 +0,0 @@
 ssl_session_timeout 5m;
 ssl_session_cache shared:SSL:50m;
--- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
@ -1,3 +1,6 @@
 ssl_session_timeout 5m;
 ssl_session_cache shared:SSL:50m;
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@ -23,19 +23,6 @@ chown -R "$PUID:$PGID" /etc/nginx/nginx
 chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
 chown -R "$PUID:$PGID" /etc/nginx/conf.d
 # Certbot directories - optimized approach
 CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
 if [ ! -f "$CERT_INIT_FLAG" ]; then
 # Prevents errors when installing python certbot plugins when non-root
 chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
-
+find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
    # Handle all site-packages directories efficiently
    find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
        chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
    done
    # Create a flag file to skip this step on subsequent runs
    touch "$CERT_INIT_FLAG"
    chown "$PUID:$PGID" "$CERT_INIT_FLAG"
 fi
--- a/docker/scripts/install-s6
+++ b/docker/scripts/install-s6
@ -8,7 +8,7 @@ BLUE='\E[1;34m'
 GREEN='\E[1;32m'
 RESET='\E[0m'
-S6_OVERLAY_VERSION=3.2.0.2
+S6_OVERLAY_VERSION=3.1.5.0
 TARGETPLATFORM=${1:-linux/amd64}
 # Determine the correct binary file for the architecture given
--- a/docs/src/advanced-config/index.md
+++ b/docs/src/advanced-config/index.md
@ -50,6 +50,7 @@ networks:
 Let's look at a Portainer example:
 ```yml
 version: '3.8'
 services:
  portainer:
@ -91,6 +92,8 @@ This image supports the use of Docker secrets to import from files and keep sens
 You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.
 ```yml
 version: '3.8'
 secrets:
  # Secrets are single-line text files where the sole content is the secret
  # Paths in this example assume that secrets are kept in local folder called ".secrets"
@ -161,14 +164,6 @@ The easy fix is to add a Docker environment variable to the Nginx Proxy Manager
      DISABLE_IPV6: 'true'
 ```
 ## Disabling IP Ranges Fetch
 By default, NPM fetches IP ranges from CloudFront and Cloudflare during application startup. In environments with limited internet access or to speed up container startup, this fetch can be disabled:
 ```yml
    environment:
      IP_RANGES_FETCH_ENABLED: 'false'
 ```
 ## Custom Nginx Configurations
@ -189,7 +184,6 @@ You can add your custom configuration snippet files at `/data/nginx/custom` as f
 - `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
 - `/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
 - `/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
 - `/data/nginx/custom/server_dead.conf`: Included at the end of every 404 server block
 Every file is optional.
--- a/docs/src/setup/index.md
+++ b/docs/src/setup/index.md
@ -9,6 +9,7 @@ outline: deep
 Create a `docker-compose.yml` file:
 ```yml
 version: '3.8'
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
@ -21,6 +22,7 @@ services:
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
@ -53,6 +55,7 @@ are going to use.
 Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:
 ```yml
 version: '3.8'
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
@ -98,53 +101,6 @@ Please note, that `DB_MYSQL_*` environment variables will take precedent over `D
 :::
 ## Using Postgres database
 Similar to the MySQL server setup:
 ```yml
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # Postgres parameters:
      DB_POSTGRES_HOST: 'db'
      DB_POSTGRES_PORT: '5432'
      DB_POSTGRES_USER: 'npm'
      DB_POSTGRES_PASSWORD: 'npmpass'
      DB_POSTGRES_NAME: 'npm'
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: postgres:latest
    environment:
      POSTGRES_USER: 'npm'
      POSTGRES_PASSWORD: 'npmpass'
      POSTGRES_DB: 'npm'
    volumes:
      - ./postgres:/var/lib/postgresql/data
 ```
 ::: warning
 Custom Postgres schema is not supported, as such `public` will be used.
 :::
 ## Running on Raspberry PI / ARM devices
 The docker images support the following architectures:
@ -181,13 +137,5 @@ Email:    admin@example.com
 Password: changeme
 ```
-Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
+Immediately after logging in with this default user you will be asked to modify your details and change your password.
 ```
    environment:
      INITIAL_ADMIN_EMAIL: my@example.com
      INITIAL_ADMIN_PASSWORD: mypassword1
 ```
--- a/docs/src/third-party/index.md
+++ b/docs/src/third-party/index.md
@ -12,7 +12,6 @@ Known integrations:
 - [HomeAssistant Hass.io plugin](https://github.com/hassio-addons/addon-nginx-proxy-manager)
 - [UnRaid / Synology](https://github.com/jlesage/docker-nginx-proxy-manager)
 - [Proxmox Scripts](https://github.com/ej52/proxmox-scripts/tree/main/apps/nginx-proxy-manager)
 - [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager)
 - [nginxproxymanagerGraf](https://github.com/ma-karai/nginxproxymanagerGraf)
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -873,9 +873,9 @@ mitt@^3.0.1:
  integrity sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==
 nanoid@^3.3.7:
-  version "3.3.8"
+  version "3.3.7"
-  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8"
-  integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==
+  integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==
 oniguruma-to-js@0.4.3:
  version "0.4.3"
@ -1065,9 +1065,9 @@ vfile@^6.0.0:
    vfile-message "^4.0.0"
 vite@^5.4.8:
-  version "5.4.19"
+  version "5.4.8"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.19.tgz#20efd060410044b3ed555049418a5e7d1998f959"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-5.4.8.tgz#af548ce1c211b2785478d3ba3e8da51e39a287e8"
-  integrity sha512-qO3aKv3HoQC8QKiNSTuUM1l9o/XX3+c+VTgLHbJWHZGeTPVAg2XwazI9UWzoxjIJCGCV2zU60uqMzjeLZuULqA==
+  integrity sha512-FqrItQ4DT1NC4zCUqMB4c4AZORMKIa0m8/URVCZ77OZ/QSNeJ54bU1vrFADbDsuwfIPcgknRkmqakQcgnL4GiQ==
  dependencies:
    esbuild "^0.21.3"
    postcss "^8.4.43"
--- a/frontend/js/app/controller.js
+++ b/frontend/js/app/controller.js
@ -26,7 +26,7 @@ module.exports = {
     * Users
     */
    showUsers: function () {
-		const controller = this;
+        let controller = this;
        if (Cache.User.isAdmin()) {
            require(['./main', './users/main'], (App, View) => {
                controller.navigate('/users');
@ -93,7 +93,8 @@ module.exports = {
     * Dashboard
     */
    showDashboard: function () {
-		const controller = this;
+        let controller = this;
        require(['./main', './dashboard/main'], (App, View) => {
            controller.navigate('/');
            App.UI.showAppContent(new View());
@ -105,7 +106,7 @@ module.exports = {
     */
    showNginxProxy: function () {
        if (Cache.User.isAdmin() || Cache.User.canView('proxy_hosts')) {
-			const controller = this;
+            let controller = this;
            require(['./main', './nginx/proxy/main'], (App, View) => {
                controller.navigate('/nginx/proxy');
@ -145,7 +146,8 @@ module.exports = {
     */
    showNginxRedirection: function () {
        if (Cache.User.isAdmin() || Cache.User.canView('redirection_hosts')) {
-			const controller = this;
+            let controller = this;
            require(['./main', './nginx/redirection/main'], (App, View) => {
                controller.navigate('/nginx/redirection');
                App.UI.showAppContent(new View());
@ -184,7 +186,8 @@ module.exports = {
     */
    showNginxStream: function () {
        if (Cache.User.isAdmin() || Cache.User.canView('streams')) {
-			const controller = this;
+            let controller = this;
            require(['./main', './nginx/stream/main'], (App, View) => {
                controller.navigate('/nginx/stream');
                App.UI.showAppContent(new View());
@ -223,7 +226,8 @@ module.exports = {
     */
    showNginxDead: function () {
        if (Cache.User.isAdmin() || Cache.User.canView('dead_hosts')) {
-			const controller = this;
+            let controller = this;
            require(['./main', './nginx/dead/main'], (App, View) => {
                controller.navigate('/nginx/404');
                App.UI.showAppContent(new View());
@ -274,7 +278,8 @@ module.exports = {
     */
    showNginxAccess: function () {
        if (Cache.User.isAdmin() || Cache.User.canView('access_lists')) {
-			const controller = this;
+            let controller = this;
            require(['./main', './nginx/access/main'], (App, View) => {
                controller.navigate('/nginx/access');
                App.UI.showAppContent(new View());
@ -313,7 +318,8 @@ module.exports = {
     */
    showNginxCertificates: function () {
        if (Cache.User.isAdmin() || Cache.User.canView('certificates')) {
-			const controller = this;
+            let controller = this;
            require(['./main', './nginx/certificates/main'], (App, View) => {
                controller.navigate('/nginx/certificates');
                App.UI.showAppContent(new View());
@ -377,7 +383,7 @@ module.exports = {
     * Audit Log
     */
    showAuditLog: function () {
-		const controller = this;
+        let controller = this;
        if (Cache.User.isAdmin()) {
            require(['./main', './audit-log/main'], (App, View) => {
                controller.navigate('/audit-log');
@ -405,7 +411,7 @@ module.exports = {
     * Settings
     */
    showSettings: function () {
-		const controller = this;
+        let controller = this;
        if (Cache.User.isAdmin()) {
            require(['./main', './settings/main'], (App, View) => {
                controller.navigate('/settings');
--- a/frontend/js/app/dashboard/main.js
+++ b/frontend/js/app/dashboard/main.js
@ -24,7 +24,7 @@ module.exports = Mn.View.extend({
    },
    templateContext: function () {
-		const view = this;
+        let view = this;
        return {
            getUserName: function () {
@ -48,7 +48,8 @@ module.exports = Mn.View.extend({
    },
    onRender: function () {
-		const view = this;
+        let view = this;
        if (typeof view.stats.hosts === 'undefined') {
            Api.Reports.getHostStats()
                .then(response => {
@ -71,7 +72,8 @@ module.exports = Mn.View.extend({
        // calculate the available columns based on permissions for the objects
        // and store as a variable
-		const perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
+        //let view = this;
        let perms = ['proxy_hosts', 'redirection_hosts', 'streams', 'dead_hosts'];
        perms.map(perm => {
            this.columns += Cache.User.isAdmin() || Cache.User.canView(perm) ? 1 : 0;
--- a/frontend/js/app/nginx/access/list/item.ejs
+++ b/frontend/js/app/nginx/access/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
@ -33,13 +33,6 @@
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
    <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
 </td>
 <td>
    <% if (active_domain_names().length > 0) { %>
        <span class="status-icon bg-success"></span> <%- i18n('certificates', 'in-use') %>
    <% } else { %>
        <span class="status-icon bg-danger"></span> <%- i18n('certificates', 'inactive') %>
    <% } %>
 </td>
 <% if (canManage) { %>
 <td class="text-right">
    <div class="item-action dropdown">
@ -55,13 +48,6 @@
                <div class="dropdown-divider"></div>
            <% } %>
            <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
            <% if (active_domain_names().length > 0) { %>
                <div class="dropdown-divider"></div>
                <span class="dropdown-header"><%- i18n('certificates', 'active-domain_names') %></span>
                <% active_domain_names().forEach(function(host) { %>
                    <a href="https://<%- host %>" class="dropdown-item" target="_blank"><%- host %></a>
                <% }); %>
            <% } %>
        </div>
    </div>
 </td>
--- a/frontend/js/app/nginx/certificates/list/item.js
+++ b/frontend/js/app/nginx/certificates/list/item.js
@ -44,24 +44,14 @@ module.exports = Mn.View.extend({
        },
    },
-    templateContext: function () {
+    templateContext: {
        return {
        canManage: App.Cache.User.canManage('certificates'),
        isExpired: function () {
            return moment(this.expires_on).isBefore(moment());
        },
-            dns_providers: dns_providers,
+        dns_providers: dns_providers
            active_domain_names: function () {
                const { proxy_hosts = [], redirect_hosts = [], dead_hosts = [] } = this;
                return [...proxy_hosts, ...redirect_hosts, ...dead_hosts].reduce((acc, host) => {
                    acc.push(...(host.domain_names || []));
                    return acc;
                }, []);
            }
        };
    },
    initialize: function () {
        this.listenTo(this.model, 'change', this.render);
    }
--- a/frontend/js/app/nginx/certificates/list/main.ejs
+++ b/frontend/js/app/nginx/certificates/list/main.ejs
@ -3,7 +3,6 @@
    <th><%- i18n('str', 'name') %></th>
    <th><%- i18n('all-hosts', 'cert-provider') %></th>
    <th><%- i18n('str', 'expires') %></th>
    <th><%- i18n('str', 'status') %></th>
    <% if (canManage) { %>
    <th>&nbsp;</th>
    <% } %>
--- a/frontend/js/app/nginx/certificates/main.js
+++ b/frontend/js/app/nginx/certificates/main.js
@ -74,7 +74,7 @@ module.exports = Mn.View.extend({
            e.preventDefault();
            let query = this.ui.query.val();
-            this.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'], query)
+            this.fetch(['owner'], query)
                .then(response => this.showData(response))
                .catch(err => {
                    this.showError(err);
@ -89,7 +89,7 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;
-        view.fetch(['owner','proxy_hosts', 'dead_hosts', 'redirection_hosts'])
+        view.fetch(['owner'])
            .then(response => {
                if (!view.isDestroyed()) {
                    if (response && response.length) {
--- a/frontend/js/app/nginx/dead/list/item.ejs
+++ b/frontend/js/app/nginx/dead/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/proxy/list/item.ejs
+++ b/frontend/js/app/nginx/proxy/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/redirection/list/item.ejs
+++ b/frontend/js/app/nginx/redirection/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/stream/form.ejs
+++ b/frontend/js/app/nginx/stream/form.ejs
@ -3,16 +3,8 @@
        <h5 class="modal-title"><%- i18n('streams', 'form-title', {id: id}) %></h5>
        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
    </div>
-    <div class="modal-body has-tabs">
+    <div class="modal-body">
        <div class="alert alert-danger mb-0 rounded-0" id="le-error-info" role="alert"></div>
        <form>
            <ul class="nav nav-tabs" role="tablist">
                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active"><i class="fe fe-zap"></i> <%- i18n('all-hosts', 'details') %></a></li>
                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
            </ul>
            <div class="tab-content">
                <!-- Details -->
                <div role="tabpanel" class="tab-pane active" id="details">
            <div class="row">
                <div class="col-sm-12 col-md-12">
                    <div class="form-group">
@ -54,137 +46,6 @@
                    <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
                </div>
            </div>
                </div>
                <!-- SSL -->
                <div role="tabpanel" class="tab-pane" id="ssl-options">
                    <div class="row">
                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('streams', 'ssl-certificate') %></label>
                                <select name="certificate_id" class="form-control custom-select" placeholder="<%- i18n('all-hosts', 'none') %>">
                                    <option selected value="0" data-data="{&quot;id&quot;:0}" <%- certificate_id ? '' : 'selected' %>><%- i18n('all-hosts', 'none') %></option>
                                    <option selected value="new" data-data="{&quot;id&quot;:&quot;new&quot;}"><%- i18n('all-hosts', 'new-cert') %></option>
                                </select>
                            </div>
                        </div>
                        <!-- DNS challenge -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('all-hosts', 'domain-names') %> <span class="form-required">*</span></label>
                                <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>">
                            </div>
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input
                                            type="checkbox"
                                            class="custom-switch-input"
                                            name="meta[dns_challenge]"
                                            value="1"
                                            checked
                                            disabled
                                    >
                                    <span class="custom-switch-indicator"></span>
                                    <span class="custom-switch-description"><%= i18n('ssl', 'dns-challenge') %></span>
                                </label>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <fieldset class="form-fieldset dns-challenge">
                                <div class="text-red mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'certbot-warning') %></div>
                                <!-- Certbot DNS plugin selection -->
                                <div class="row">
                                    <div class="col-sm-12 col-md-12">
                                        <div class="form-group">
                                            <label class="form-label"><%- i18n('ssl', 'dns-provider') %> <span class="form-required">*</span></label>
                                            <select
                                                    name="meta[dns_provider]"
                                                    id="dns_provider"
                                                    class="form-control custom-select"
                                            >
                                                <option
                                                        value=""
                                                        disabled
                                                        hidden
                                                        <%- getDnsProvider() === null ? 'selected' : '' %>
                                                >Please Choose...</option>
                                                <% _.each(dns_plugins, function(plugin_info, plugin_name){ %>
                                                    <option
                                                            value="<%- plugin_name %>"
                                                            <%- getDnsProvider() === plugin_name ? 'selected' : '' %>
                                                    ><%- plugin_info.name %></option>
                                                <% }); %>
                                            </select>
                                        </div>
                                    </div>
                                </div>
                                <!-- Certbot credentials file content -->
                                <div class="row credentials-file-content">
                                    <div class="col-sm-12 col-md-12">
                                        <div class="form-group">
                                            <label class="form-label"><%- i18n('ssl', 'credentials-file-content') %> <span class="form-required">*</span></label>
                                            <textarea
                                                    name="meta[dns_provider_credentials]"
                                                    class="form-control text-monospace"
                                                    id="dns_provider_credentials"
                                            ><%- getDnsProviderCredentials() %></textarea>
                                            <div class="text-secondary small">
                                                <i class="fe fe-info"></i>
                                                <%= i18n('ssl', 'credentials-file-content-info') %>
                                            </div>
                                            <div class="text-red small">
                                                <i class="fe fe-alert-triangle"></i>
                                                <%= i18n('ssl', 'stored-as-plaintext-info') %>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                                <!-- DNS propagation delay -->
                                <div class="row">
                                    <div class="col-sm-12 col-md-12">
                                        <div class="form-group mb-0">
                                            <label class="form-label"><%- i18n('ssl', 'propagation-seconds') %></label>
                                            <input
                                                    type="number"
                                                    min="0"
                                                    name="meta[propagation_seconds]"
                                                    class="form-control"
                                                    id="propagation_seconds"
                                                    value="<%- getPropagationSeconds() %>"
                                            >
                                            <div class="text-secondary small">
                                                <i class="fe fe-info"></i>
                                                <%= i18n('ssl', 'propagation-seconds-info') %>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                            </fieldset>
                        </div>
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('ssl', 'letsencrypt-email') %> <span class="form-required">*</span></label>
                                <input name="meta[letsencrypt_email]" type="email" class="form-control" placeholder="" value="<%- getLetsencryptEmail() %>" required disabled>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input type="checkbox" class="custom-switch-input" name="meta[letsencrypt_agree]" value="1" required disabled>
                                    <span class="custom-switch-indicator"></span>
                                    <span class="custom-switch-description"><%= i18n('ssl', 'letsencrypt-agree', {url: 'https://letsencrypt.org/repository/'}) %> <span class="form-required">*</span></span>
                                </label>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </form>
    </div>
    <div class="modal-footer">
--- a/frontend/js/app/nginx/stream/form.js
+++ b/frontend/js/app/nginx/stream/form.js
@ -2,14 +2,10 @@ const Mn            = require('backbone.marionette');
 const App         = require('../../main');
 const StreamModel = require('../../../models/stream');
 const template    = require('./form.ejs');
 const dns_providers = require('../../../../../global/certbot-dns-plugins');
 require('jquery-serializejson');
 require('jquery-mask-plugin');
 require('selectize');
 const Helpers = require("../../../lib/helpers");
 const certListItemTemplate = require("../certificates-list-item.ejs");
 const i18n = require("../../i18n");
 module.exports = Mn.View.extend({
    template:  template,
@ -22,17 +18,7 @@ module.exports = Mn.View.extend({
        buttons:    '.modal-footer button',
        switches:   '.custom-switch-input',
        cancel:     'button.cancel',
-        save:                     'button.save',
+        save:       'button.save'
        le_error_info:            '#le-error-info',
        certificate_select:       'select[name="certificate_id"]',
        domain_names:             'input[name="domain_names"]',
        dns_challenge_switch:     'input[name="meta[dns_challenge]"]',
        dns_challenge_content:    '.dns-challenge',
        dns_provider:             'select[name="meta[dns_provider]"]',
        credentials_file_content: '.credentials-file-content',
        dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
        propagation_seconds:      'input[name="meta[propagation_seconds]"]',
        letsencrypt:              '.letsencrypt'
    },
    events: {
@ -62,35 +48,6 @@ module.exports = Mn.View.extend({
            data.tcp_forwarding  = !!data.tcp_forwarding;
            data.udp_forwarding  = !!data.udp_forwarding;
            if (typeof data.meta === 'undefined') data.meta = {};
            data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
            data.meta.dns_challenge = true;
            if (data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined;
            if (typeof data.domain_names === 'string' && data.domain_names) {
                data.domain_names = data.domain_names.split(',');
            }
            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
            if (data.certificate_id === 'new') {
                let domain_err = false;
                if (!data.meta.dns_challenge) {
                    data.domain_names.map(function (name) {
                        if (name.match(/\*/im)) {
                            domain_err = true;
                        }
                    });
                }
                if (domain_err) {
                    alert(i18n('ssl', 'no-wildcard-without-dns'));
                    return;
                }
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
            let method = App.Api.Nginx.Streams.create;
            let is_new = true;
@ -113,108 +70,10 @@ module.exports = Mn.View.extend({
                    });
                })
                .catch(err => {
-                    let more_info = '';
+                    alert(err.message);
                    if (err.code === 500 && err.debug) {
                        try {
                            more_info = JSON.parse(err.debug).debug.stack.join("\n");
                        } catch (e) {
                        }
                    }
                    this.ui.le_error_info[0].innerHTML = `${err.message}${more_info !== '' ? `<pre class="mt-3">${more_info}</pre>` : ''}`;
                    this.ui.le_error_info.show();
                    this.ui.le_error_info[0].scrollIntoView();
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
                    this.ui.save.removeClass('btn-loading');
                });
        },
        'change @ui.certificate_select': function () {
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
                this.ui.domain_names.prop('required', 'required');
                this.ui.dns_challenge_switch
                    .prop('disabled', true)
                    .parents('.form-group')
                    .css('opacity', 0.5);
                this.ui.dns_provider.prop('required', 'required');
                const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
                if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
                    this.ui.dns_provider_credentials.prop('required', 'required');
        }
                this.ui.dns_challenge_content.show();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }
        },
        'change @ui.dns_provider': function () {
            const selected_provider = this.ui.dns_provider[0].options[this.ui.dns_provider[0].selectedIndex].value;
            if (selected_provider != '' && dns_providers[selected_provider].credentials !== false) {
                this.ui.dns_provider_credentials.prop('required', 'required');
                this.ui.dns_provider_credentials[0].value = dns_providers[selected_provider].credentials;
                this.ui.credentials_file_content.show();
            } else {
                this.ui.dns_provider_credentials.prop('required', false);
                this.ui.credentials_file_content.hide();
            }
        },
    },
    templateContext: {
        getLetsencryptEmail: function () {
            return App.Cache.User.get('email');
        },
        getDnsProvider: function () {
            return typeof this.meta.dns_provider !== 'undefined' && this.meta.dns_provider != '' ? this.meta.dns_provider : null;
        },
        getDnsProviderCredentials: function () {
            return typeof this.meta.dns_provider_credentials !== 'undefined' ? this.meta.dns_provider_credentials : '';
        },
        getPropagationSeconds: function () {
            return typeof this.meta.propagation_seconds !== 'undefined' ? this.meta.propagation_seconds : '';
        },
        dns_plugins: dns_providers,
    },
    onRender: function () {
        let view = this;
        // Certificates
        this.ui.le_error_info.hide();
        this.ui.dns_challenge_content.hide();
        this.ui.credentials_file_content.hide();
        this.ui.letsencrypt.hide();
        this.ui.certificate_select.selectize({
            valueField:       'id',
            labelField:       'nice_name',
            searchField:      ['nice_name', 'domain_names'],
            create:           false,
            preload:          true,
            allowEmptyOption: true,
            render:           {
                option: function (item) {
                    item.i18n         = App.i18n;
                    item.formatDbDate = Helpers.formatDbDate;
                    return certListItemTemplate(item);
                }
            },
            load:             function (query, callback) {
                App.Api.Nginx.Certificates.getAll()
                    .then(rows => {
                        callback(rows);
                    })
                    .catch(err => {
                        console.error(err);
                        callback();
                    });
            },
            onLoad:           function () {
                view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
            }
        });
    },
    initialize: function (options) {
--- a/frontend/js/app/nginx/stream/list/item.ejs
+++ b/frontend/js/app/nginx/stream/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
@ -16,10 +16,7 @@
 </td>
 <td>
    <div>
-        <% if (certificate) { %>
+        <% if (tcp_forwarding) { %>
            <span class="tag"><%- i18n('streams', 'tcp+ssl') %></span>
        <% }
        else if (tcp_forwarding) { %>
            <span class="tag"><%- i18n('streams', 'tcp') %></span>
        <% }
        if (udp_forwarding) { %>
@ -27,9 +24,6 @@
        <% } %>
    </div>
 </td>
 <td>
    <div><%- certificate && certificate_id ? i18n('ssl', certificate.provider) : i18n('all-hosts', 'none') %></div>
 </td>
 <td>
    <%
    var o = isOnline();
--- a/frontend/js/app/nginx/stream/list/main.ejs
+++ b/frontend/js/app/nginx/stream/list/main.ejs
@ -3,7 +3,6 @@
    <th><%- i18n('streams', 'incoming-port') %></th>
    <th><%- i18n('str', 'destination') %></th>
    <th><%- i18n('streams', 'protocol') %></th>
    <th><%- i18n('str', 'ssl') %></th>
    <th><%- i18n('str', 'status') %></th>
    <% if (canManage) { %>
    <th>&nbsp;</th>
--- a/frontend/js/app/nginx/stream/main.js
+++ b/frontend/js/app/nginx/stream/main.js
@ -88,7 +88,7 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;
-        view.fetch(['owner', 'certificate'])
+        view.fetch(['owner'])
            .then(response => {
                if (!view.isDestroyed()) {
                    if (response && response.length) {
--- a/frontend/js/app/user/form.ejs
+++ b/frontend/js/app/user/form.ejs
@ -1,10 +1,10 @@
 <div class="modal-content">
    <form>
    <div class="modal-header">
        <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
    </div>
    <div class="modal-body">
        <form>
            <div class="row">
                <div class="col-sm-6 col-md-6">
                    <div class="form-group">
@ -49,10 +49,10 @@
                </div>
                <% } %>
            </div>
        </form>
    </div>
    <div class="modal-footer">
        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
-            <button type="submit" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
    </div>
    </form>
 </div>
--- a/frontend/js/app/user/form.js
+++ b/frontend/js/app/user/form.js
@ -19,7 +19,7 @@ module.exports = Mn.View.extend({
    events: {
-        'submit @ui.form': function (e) {
+        'click @ui.save': function (e) {
            e.preventDefault();
            this.ui.error.hide();
            let view = this;
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -60,7 +60,7 @@
    },
    "footer": {
      "fork-me": "Fork me on Github",
-      "copy": "&copy; 2025 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
+      "copy": "&copy; 2024 <a href=\"{url}\" target=\"_blank\">jc21.com</a>.",
      "theme": "Theme by <a href=\"{url}\" target=\"_blank\">Tabler</a>"
    },
    "dashboard": {
@ -179,9 +179,7 @@
      "delete-confirm": "Are you sure you want to delete this Stream?",
      "help-title": "What is a Stream?",
      "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
-      "search": "Search Incoming Port…",
+      "search": "Search Incoming Port…"
      "ssl-certificate": "SSL Certificate for TCP Forwarding",
      "tcp+ssl": "TCP+SSL"
    },
    "certificates": {
      "title": "SSL Certificates",
@ -208,10 +206,7 @@
      "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
      "download": "Download",
      "renew-title": "Renew Let's Encrypt Certificate",
-      "search": "Search Certificate…",
+      "search": "Search Certificate…"
      "in-use"  : "In use",
      "inactive": "Inactive",
      "active-domain_names": "Active domain names"
    },
    "access-lists": {
      "title": "Access Lists",
--- a/frontend/js/models/stream.js
+++ b/frontend/js/models/stream.js
@ -15,11 +15,8 @@ const model = Backbone.Model.extend({
            udp_forwarding:  false,
            enabled:         true,
            meta:            {},
            certificate_id:  0,
            domain_names:    [],
            // The following are expansions:
-            owner:           null,
+            owner:           null
            certificate:     null
        };
    }
 });
--- a/frontend/scss/tabler-extra.scss
+++ b/frontend/scss/tabler-extra.scss
@ -167,5 +167,4 @@ $pink: #f66d9b;
 textarea.form-control.text-monospace {
    font-size: 12px;
    font-family: monospace;
 }
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@ -907,13 +907,6 @@ atob@^2.1.2:
  resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
  integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==
 available-typed-arrays@^1.0.7:
  version "1.0.7"
  resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz#a5cc375d6a03c2efc87a553f3e0b1522def14846"
  integrity sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==
  dependencies:
    possible-typed-array-names "^1.0.0"
 babel-code-frame@^6.26.0:
  version "6.26.0"
  resolved "https://registry.yarnpkg.com/babel-code-frame/-/babel-code-frame-6.26.0.tgz#63fd43f7dc1e3bb7ce35947db8fe369a3f58c74b"
@ -1797,32 +1790,6 @@ cacheable-request@^6.0.0:
    normalize-url "^4.1.0"
    responselike "^1.0.2"
 call-bind-apply-helpers@^1.0.0, call-bind-apply-helpers@^1.0.1, call-bind-apply-helpers@^1.0.2:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz#4b5428c222be985d79c3d82657479dbe0b59b2d6"
  integrity sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==
  dependencies:
    es-errors "^1.3.0"
    function-bind "^1.1.2"
 call-bind@^1.0.8:
  version "1.0.8"
  resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.8.tgz#0736a9660f537e3388826f440d5ec45f744eaa4c"
  integrity sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==
  dependencies:
    call-bind-apply-helpers "^1.0.0"
    es-define-property "^1.0.0"
    get-intrinsic "^1.2.4"
    set-function-length "^1.2.2"
 call-bound@^1.0.3, call-bound@^1.0.4:
  version "1.0.4"
  resolved "https://registry.yarnpkg.com/call-bound/-/call-bound-1.0.4.tgz#238de935d2a2a692928c538c7ccfa91067fd062a"
  integrity sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==
  dependencies:
    call-bind-apply-helpers "^1.0.2"
    get-intrinsic "^1.3.0"
 callsites@^3.0.0:
  version "3.1.0"
  resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73"
@ -2265,7 +2232,7 @@ create-ecdh@^4.0.0:
    bn.js "^4.1.0"
    elliptic "^6.5.3"
-create-hash@^1.1.0, create-hash@^1.2.0:
+create-hash@^1.1.0, create-hash@^1.1.2, create-hash@^1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.2.0.tgz#889078af11a63756bcfb59bd221996be3a9ef196"
  integrity sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==
@ -2276,17 +2243,7 @@ create-hash@^1.1.0, create-hash@^1.2.0:
    ripemd160 "^2.0.1"
    sha.js "^2.4.0"
-create-hash@~1.1.3:
+create-hmac@^1.1.0, create-hmac@^1.1.4, create-hmac@^1.1.7:
  version "1.1.3"
  resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.1.3.tgz#606042ac8b9262750f483caddab0f5819172d8fd"
  integrity sha512-snRpch/kwQhcdlnZKYanNF1m0RDlrCdSKQaH87w1FCFPVPNCQ/Il9QJKAX2jVBZddRdaHBMC+zXa9Gw9tmkNUA==
  dependencies:
    cipher-base "^1.0.1"
    inherits "^2.0.1"
    ripemd160 "^2.0.0"
    sha.js "^2.4.0"
 create-hmac@^1.1.0, create-hmac@^1.1.7:
  version "1.1.7"
  resolved "https://registry.yarnpkg.com/create-hmac/-/create-hmac-1.1.7.tgz#69170c78b3ab957147b2b8b04572e47ead2243ff"
  integrity sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==
@ -2457,15 +2414,6 @@ defer-to-connect@^1.0.1:
  resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-1.1.3.tgz#331ae050c08dcf789f8c83a7b81f0ed94f4ac591"
  integrity sha512-0ISdNousHvZT2EiFlZeZAHBUvSxmKswVCEf8hW7KWgG4a8MVEu/3Vb6uWYozkjylyCxe0JBIiRB1jV45S70WVQ==
 define-data-property@^1.1.4:
  version "1.1.4"
  resolved "https://registry.yarnpkg.com/define-data-property/-/define-data-property-1.1.4.tgz#894dc141bb7d3060ae4366f6a0107e68fbe48c5e"
  integrity sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==
  dependencies:
    es-define-property "^1.0.0"
    es-errors "^1.3.0"
    gopd "^1.0.1"
 define-properties@^1.1.2, define-properties@^1.1.3:
  version "1.1.3"
  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.3.tgz#cf88da6cbee26fe6db7094f61d870cbd84cee9f1"
@ -2631,15 +2579,6 @@ dot-prop@^5.2.0:
  dependencies:
    is-obj "^2.0.0"
 dunder-proto@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/dunder-proto/-/dunder-proto-1.0.1.tgz#d7ae667e1dc83482f8b70fd0f6eefc50da30f58a"
  integrity sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==
  dependencies:
    call-bind-apply-helpers "^1.0.1"
    es-errors "^1.3.0"
    gopd "^1.2.0"
 duplexer3@^0.1.4:
  version "0.1.4"
  resolved "https://registry.yarnpkg.com/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2"
@ -2709,9 +2648,9 @@ electron-to-chromium@^1.3.47:
  integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==
 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.6.1"
+  version "6.5.7"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.1.tgz#3b8ffb02670bf69e382c7f65bf524c97c5405c06"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
-  integrity sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==
+  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
  dependencies:
    bn.js "^4.11.9"
    brorand "^1.1.0"
@ -2823,23 +2762,6 @@ es-abstract@^1.17.0-next.1, es-abstract@^1.17.5:
    string.prototype.trimend "^1.0.1"
    string.prototype.trimstart "^1.0.1"
 es-define-property@^1.0.0, es-define-property@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.1.tgz#983eb2f9a6724e9303f61addf011c72e09e0b0fa"
  integrity sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==
 es-errors@^1.3.0:
  version "1.3.0"
  resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
  integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
 es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
  version "1.1.1"
  resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz#1c4f2c4837327597ce69d2ca190a7fdd172338c1"
  integrity sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==
  dependencies:
    es-errors "^1.3.0"
 es-to-primitive@^1.2.1:
  version "1.2.1"
  resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.2.1.tgz#e55cd4c9cdc188bcefb03b366c736323fc5c898a"
@ -3209,13 +3131,6 @@ flush-write-stream@^1.0.0:
    inherits "^2.0.3"
    readable-stream "^2.3.6"
 for-each@^0.3.5:
  version "0.3.5"
  resolved "https://registry.yarnpkg.com/for-each/-/for-each-0.3.5.tgz#d650688027826920feeb0af747ee7b9421a41d47"
  integrity sha512-dKx12eRCVIzqCxFGplyFKJMPvLEWgmNtUrpTiJIR5u97zEhRG8ySrtboPHZXx7daLxQVrl643cTzbab2tkQjxg==
  dependencies:
    is-callable "^1.2.7"
 for-in@^1.0.2:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
@ -3276,11 +3191,6 @@ function-bind@^1.1.1:
  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d"
  integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==
 function-bind@^1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c"
  integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
 functional-red-black-tree@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz#1b0ab3bd553b2a0d6399d29c0e3ea0b252078327"
@ -3317,30 +3227,6 @@ get-caller-file@^2.0.1, get-caller-file@^2.0.5:
  resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
  integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
 get-intrinsic@^1.2.4, get-intrinsic@^1.3.0:
  version "1.3.0"
  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01"
  integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
  dependencies:
    call-bind-apply-helpers "^1.0.2"
    es-define-property "^1.0.1"
    es-errors "^1.3.0"
    es-object-atoms "^1.1.1"
    function-bind "^1.1.2"
    get-proto "^1.0.1"
    gopd "^1.2.0"
    has-symbols "^1.1.0"
    hasown "^2.0.2"
    math-intrinsics "^1.1.0"
 get-proto@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/get-proto/-/get-proto-1.0.1.tgz#150b3f2743869ef3e851ec0c49d15b1d14d00ee1"
  integrity sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==
  dependencies:
    dunder-proto "^1.0.1"
    es-object-atoms "^1.0.0"
 get-stdin@^4.0.1:
  version "4.0.1"
  resolved "https://registry.yarnpkg.com/get-stdin/-/get-stdin-4.0.1.tgz#b968c6b0a04384324902e8bf1a5df32579a450fe"
@ -3507,11 +3393,6 @@ globule@^1.0.0:
    lodash "~4.17.10"
    minimatch "~3.0.2"
 gopd@^1.0.1, gopd@^1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1"
  integrity sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==
 got@^9.6.0:
  version "9.6.0"
  resolved "https://registry.yarnpkg.com/got/-/got-9.6.0.tgz#edf45e7d67f99545705de1f7bbeeeb121765ed85"
@ -3561,30 +3442,11 @@ has-flag@^4.0.0:
  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
 has-property-descriptors@^1.0.2:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz#963ed7d071dc7bf5f084c5bfbe0d1b6222586854"
  integrity sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==
  dependencies:
    es-define-property "^1.0.0"
 has-symbols@^1.0.0, has-symbols@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8"
  integrity sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==
 has-symbols@^1.0.3, has-symbols@^1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338"
  integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
 has-tostringtag@^1.0.2:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc"
  integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
  dependencies:
    has-symbols "^1.0.3"
 has-unicode@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
@ -3633,13 +3495,6 @@ has@^1.0.3:
  dependencies:
    function-bind "^1.1.1"
 hash-base@^2.0.0:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-2.0.2.tgz#66ea1d856db4e8a5470cadf6fce23ae5244ef2e1"
  integrity sha512-0TROgQ1/SxE6KmxWSvXHvRj90/Xo1JvZShofnYF+f6ZsGtR4eES7WfrQzPalmyagfKZCXpVnitiRebZulWsbiw==
  dependencies:
    inherits "^2.0.1"
 hash-base@^3.0.0:
  version "3.1.0"
  resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.1.0.tgz#55c381d9e06e1d2997a883b4a3fddfe7f0d3af33"
@ -3657,13 +3512,6 @@ hash.js@^1.0.0, hash.js@^1.0.3:
    inherits "^2.0.3"
    minimalistic-assert "^1.0.1"
 hasown@^2.0.2:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003"
  integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==
  dependencies:
    function-bind "^1.1.2"
 he@1.2.x, he@^1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f"
@ -4008,11 +3856,6 @@ is-callable@^1.1.4, is-callable@^1.2.0:
  resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.0.tgz#83336560b54a38e35e3a2df7afd0454d691468bb"
  integrity sha512-pyVD9AaGLxtg6srb2Ng6ynWJqkHU9bEM087AKck0w8QwDarTfNcpIYoU8x8Hv2Icm8u6kFJM18Dag8lyqGkviw==
 is-callable@^1.2.7:
  version "1.2.7"
  resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.7.tgz#3bc2a85ea742d9e36205dcacdd72ca1fdc51b055"
  integrity sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==
 is-ci@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/is-ci/-/is-ci-2.0.0.tgz#6bc6334181810e04b5c22b3d589fdca55026404c"
@ -4176,13 +4019,6 @@ is-symbol@^1.0.2:
  dependencies:
    has-symbols "^1.0.1"
 is-typed-array@^1.1.14:
  version "1.1.15"
  resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.15.tgz#4bfb4a45b61cee83a5a46fba778e4e8d59c0ce0b"
  integrity sha512-p3EcsicXjit7SaskXHs1hA91QxgTw46Fv6EFKKGS5DRFLD8yKnohjF3hxoju94b/OcMZoQukzpPpBE9uLVKzgQ==
  dependencies:
    which-typed-array "^1.1.16"
 is-typedarray@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
@ -4208,11 +4044,6 @@ isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0:
  resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
  integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=
 isarray@^2.0.5:
  version "2.0.5"
  resolved "https://registry.yarnpkg.com/isarray/-/isarray-2.0.5.tgz#8af1e4c1221244cc62459faf38940d4e644a5723"
  integrity sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==
 isexe@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
@ -4605,11 +4436,6 @@ marionette.templatecache@^1.0.0:
  dependencies:
    backbone.marionette "^4.0.0, 4.0.0-beta.1"
 math-intrinsics@^1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz#a0dd74be81e2aa5c2f27e65ce283605ee4e2b7f9"
  integrity sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==
 md5.js@^1.3.4:
  version "1.3.5"
  resolved "https://registry.yarnpkg.com/md5.js/-/md5.js-1.3.5.tgz#b5d07b8e3216e3e27cd728d72f70d1e6a342005f"
@ -5463,16 +5289,15 @@ path-type@^4.0.0:
  integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==
 pbkdf2@^3.0.3:
-  version "3.1.3"
+  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.3.tgz#8be674d591d65658113424592a95d1517318dd4b"
+  resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.1.tgz#cb8724b0fada984596856d1a6ebafd3584654b94"
-  integrity sha512-wfRLBZ0feWRhCIkoMB6ete7czJcnNnqRpcoWQBLqatqXXmelSRqfdDK4F3u9T2s2cXas/hQJcryI/4lAL+XTlA==
+  integrity sha512-4Ejy1OPxi9f2tt1rRV7Go7zmfDQ+ZectEQz3VGUQhgq62HtIRPDyG/JtnwIxs6x3uNMwo2V7q1fMvKjb+Tnpqg==
  dependencies:
-    create-hash "~1.1.3"
+    create-hash "^1.1.2"
-    create-hmac "^1.1.7"
+    create-hmac "^1.1.4"
-    ripemd160 "=2.0.1"
+    ripemd160 "^2.0.1"
-    safe-buffer "^5.2.1"
+    safe-buffer "^5.0.1"
-    sha.js "^2.4.11"
+    sha.js "^2.4.8"
    to-buffer "^1.2.0"
 picomatch@^2.0.4, picomatch@^2.0.5, picomatch@^2.2.1:
  version "2.2.2"
@ -5501,11 +5326,6 @@ posix-character-classes@^0.1.0:
  resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
  integrity sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=
 possible-typed-array-names@^1.0.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/possible-typed-array-names/-/possible-typed-array-names-1.1.0.tgz#93e3582bc0e5426586d9d07b79ee40fc841de4ae"
  integrity sha512-/+5VFTchJDoVj3bhoqi6UeymcD00DAwb1nJwamzPvHEszJ4FpF6SNNbUbOS8yI56qHzdV8eK0qEfOSiodkTdxg==
 postcss-modules-extract-imports@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/postcss-modules-extract-imports/-/postcss-modules-extract-imports-2.0.0.tgz#818719a1ae1da325f9832446b01136eeb493cd7e"
@ -6066,14 +5886,6 @@ rimraf@^3.0.2:
  dependencies:
    glob "^7.1.3"
 ripemd160@=2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.1.tgz#0f4584295c53a3628af7e6d79aca21ce57d1c6e7"
  integrity sha512-J7f4wutN8mdbV08MJnXibYpCOPHR+yzy+iQ/AsjMv2j8cLavQ8VGagDFUwwTAdF8FmRKVeNpbTTEwNHCW1g94w==
  dependencies:
    hash-base "^2.0.0"
    inherits "^2.0.1"
 ripemd160@^2.0.0, ripemd160@^2.0.1:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.2.tgz#a1c1a6f624751577ba5d07914cbc92850585890c"
@ -6225,18 +6037,6 @@ set-blocking@^2.0.0:
  resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
  integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc=
 set-function-length@^1.2.2:
  version "1.2.2"
  resolved "https://registry.yarnpkg.com/set-function-length/-/set-function-length-1.2.2.tgz#aac72314198eaed975cf77b2c3b6b880695e5449"
  integrity sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==
  dependencies:
    define-data-property "^1.1.4"
    es-errors "^1.3.0"
    function-bind "^1.1.2"
    get-intrinsic "^1.2.4"
    gopd "^1.0.1"
    has-property-descriptors "^1.0.2"
 set-value@^2.0.0, set-value@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
@ -6252,7 +6052,7 @@ setimmediate@^1.0.4:
  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
  integrity sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU=
-sha.js@^2.4.0, sha.js@^2.4.11, sha.js@^2.4.8:
+sha.js@^2.4.0, sha.js@^2.4.8:
  version "2.4.11"
  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
  integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==
@ -6792,15 +6592,6 @@ to-arraybuffer@^1.0.0:
  resolved "https://registry.yarnpkg.com/to-arraybuffer/-/to-arraybuffer-1.0.1.tgz#7d229b1fcc637e466ca081180836a7aabff83f43"
  integrity sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M=
 to-buffer@^1.2.0:
  version "1.2.1"
  resolved "https://registry.yarnpkg.com/to-buffer/-/to-buffer-1.2.1.tgz#2ce650cdb262e9112a18e65dc29dcb513c8155e0"
  integrity sha512-tB82LpAIWjhLYbqjx3X4zEeHN6M8CiuOEy2JY8SEQVdYRe3CCHOFaqrBW1doLDrfpWhplcW7BL+bO3/6S3pcDQ==
  dependencies:
    isarray "^2.0.5"
    safe-buffer "^5.2.1"
    typed-array-buffer "^1.0.3"
 to-fast-properties@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-1.0.3.tgz#b83571fa4d8c25b82e231b06e3a3055de4ca1a47"
@ -6907,15 +6698,6 @@ type-fest@^0.8.1:
  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.8.1.tgz#09e249ebde851d3b1e48d27c105444667f17b83d"
  integrity sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==
 typed-array-buffer@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/typed-array-buffer/-/typed-array-buffer-1.0.3.tgz#a72395450a4869ec033fd549371b47af3a2ee536"
  integrity sha512-nAYYwfY3qnzX30IkA6AQZjVbtK6duGontcQm1WSG1MD94YLqK0515GNApXkoxKOWMusVssAHWLh9SeaoefYFGw==
  dependencies:
    call-bound "^1.0.3"
    es-errors "^1.3.0"
    is-typed-array "^1.1.14"
 typedarray-to-buffer@^3.1.5:
  version "3.1.5"
  resolved "https://registry.yarnpkg.com/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz#a97ee7a9ff42691b9f783ff1bc5112fe3fca9080"
@ -7242,19 +7024,6 @@ which-module@^2.0.0:
  resolved "https://registry.yarnpkg.com/which-module/-/which-module-2.0.0.tgz#d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a"
  integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=
 which-typed-array@^1.1.16:
  version "1.1.19"
  resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.19.tgz#df03842e870b6b88e117524a4b364b6fc689f956"
  integrity sha512-rEvr90Bck4WZt9HHFC4DJMsjvu7x+r6bImz0/BrbWb7A2djJ8hnZMrWnHo9F8ssv0OMErasDhftrfROTyqSDrw==
  dependencies:
    available-typed-arrays "^1.0.7"
    call-bind "^1.0.8"
    call-bound "^1.0.4"
    for-each "^0.3.5"
    get-proto "^1.0.1"
    gopd "^1.2.0"
    has-tostringtag "^1.0.2"
 which@^1.2.14, which@^1.2.9, which@^1.3.1:
  version "1.3.1"
  resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a"
--- a/global/certbot-dns-plugins.json
+++ b/global/certbot-dns-plugins.json
@ -10,15 +10,15 @@
    "active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
-		"version": "~=2.0.0",
+		"version": "~=1.5.1",
 		"dependencies": "",
-		"credentials": "dns_active24_api_key = <identifier>\ndns_active24_secret = <secret>",
+		"credentials": "dns_active24_token=\"TOKEN\"",
 		"full_plugin_name": "dns-active24"
 	},
 	"aliyun": {
 		"name": "Aliyun",
 		"package_name": "certbot-dns-aliyun",
-		"version": "~=2.0.0",
+		"version": "~=0.38.1",
 		"dependencies": "",
 		"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
 		"full_plugin_name": "dns-aliyun"
@ -31,22 +31,6 @@
 		"credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2",
 		"full_plugin_name": "dns-azure"
 	},
 	"baidu": {
 		"name": "baidu",
 		"package_name": "certbot-dns-baidu",
 		"version": "~=0.1.1",
 		"dependencies": "",
 		"credentials": "dns_baidu_access_key = 12345678\ndns_baidu_secret_key = 1234567890abcdef1234567890abcdef",
 		"full_plugin_name": "dns-baidu"
 	},
 	"beget": {
 		"name":"Beget",
 		"package_name": "certbot-beget-plugin",
 		"version": "~=1.0.0.dev9",
 		"dependencies": "",
 		"credentials": "# Beget API credentials used by Certbot\nbeget_plugin_username = username\nbeget_plugin_password = password",
 		"full_plugin_name": "beget-plugin"
 	},
 	"bunny": {
 		"name": "bunny.net",
 		"package_name": "certbot-dns-bunny",
@ -55,20 +39,12 @@
 		"credentials": "# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)\ndns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
 		"full_plugin_name": "dns-bunny"
 	},
 	"cdmon": {
                "name": "cdmon",
                "package_name": "certbot-dns-cdmon",
                "version": "~=0.4.1",
                "dependencies": "",
                "credentials": "dns_cdmon_api_key=your-cdmon-api-token\ndns_cdmon_domain=your_domain_is_optional",
                "full_plugin_name": "dns-cdmon"
        },
 	"cloudflare": {
 		"name": "Cloudflare",
 		"package_name": "certbot-dns-cloudflare",
 		"version": "=={{certbot-version}}",
-		"dependencies": "cloudflare==4.0.* acme=={{certbot-version}}",
+		"dependencies": "cloudflare==2.19.* acme=={{certbot-version}}",
-		"credentials": "# Cloudflare API credentials used by Certbot\ndns_cloudflare_email = cloudflare@example.com\ndns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234",
+		"credentials": "# Cloudflare API token\ndns_cloudflare_api_token=0123456789abcdef0123456789abcdef01234567",
 		"full_plugin_name": "dns-cloudflare"
 	},
 	"cloudns": {
@ -106,19 +82,11 @@
 	"cpanel": {
 		"name": "cPanel",
 		"package_name": "certbot-dns-cpanel",
-		"version": "~=0.4.0",
+		"version": "~=0.2.2",
 		"dependencies": "",
-		"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = your_username\ncpanel_password = your_password\ncpanel_token = your_api_token",
+		"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2",
 		"full_plugin_name": "cpanel"
 	},
 	"ddnss": {
 		"name": "DDNSS",
 		"package_name": "certbot-dns-ddnss",
 		"version": "~=1.1.0",
 		"dependencies": "",
 		"credentials": "dns_ddnss_token = YOUR_DDNSS_API_TOKEN",
 		"full_plugin_name": "dns-ddnss"
 	},
 	"desec": {
 		"name": "deSEC",
 		"package_name": "certbot-dns-desec",
@ -185,11 +153,11 @@
 	},
 	"domainoffensive": {
 		"name": "DomainOffensive (do.de)",
-		"package_name": "certbot-dns-domainoffensive",
+		"package_name": "certbot-dns-do",
-		"version": "~=2.0.0",
+		"version": "~=0.31.0",
 		"dependencies": "",
-		"credentials": "dns_domainoffensive_api_token = YOUR_DO_DE_AUTH_TOKEN",
+		"credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN",
-		"full_plugin_name": "dns-domainoffensive"
+		"full_plugin_name": "dns-do"
 	},
 	"domeneshop": {
 		"name": "Domeneshop",
@ -223,14 +191,6 @@
 		"credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy",
 		"full_plugin_name": "dns-eurodns"
 	},
 	"firstdomains": {
                "name": "First Domains",
                "package_name": "certbot-dns-firstdomains",
                "version": ">=1.0",
                "dependencies": "",
                "credentials": "dns_firstdomains_username = myremoteuser\ndns_firstdomains_password = verysecureremoteuserpassword",
                "full_plugin_name": "dns-firstdomains"
        },
 	"freedns": {
 		"name": "FreeDNS",
 		"package_name": "certbot-dns-freedns",
@ -241,20 +201,12 @@
 	},
 	"gandi": {
 		"name": "Gandi Live DNS",
-		"package_name": "certbot-dns-gandi",
+		"package_name": "certbot_plugin_gandi",
-		"version": "~=1.6.1",
+		"version": "~=1.5.0",
 		"dependencies": "",
 		"credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN",
 		"full_plugin_name": "dns-gandi"
 	},
 	"gcore": {
 		"name": "Gcore DNS",
 		"package_name": "certbot-dns-gcore",
 		"version": "~=0.1.8",
 		"dependencies": "",
 		"credentials": "dns_gcore_apitoken = 0123456789abcdef0123456789abcdef01234567",
 		"full_plugin_name": "dns-gcore"
 	},
 	"godaddy": {
 		"name": "GoDaddy",
 		"package_name": "certbot-dns-godaddy",
@ -295,14 +247,6 @@
 		"credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef",
 		"full_plugin_name": "dns-hetzner"
 	},
 	"hostingnl": {
 		"name": "Hosting.nl",
 		"package_name": "certbot-dns-hostingnl",
 		"version": "~=0.1.5",
 		"dependencies": "",
 		"credentials": "dns_hostingnl_api_key = 0123456789abcdef0123456789abcdef",
 		"full_plugin_name": "dns-hostingnl"
 	},
 	"hover": {
 		"name": "Hover",
 		"package_name": "certbot-dns-hover",
@ -359,14 +303,6 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
 	"leaseweb": {
 		"name": "LeaseWeb",
 		"package_name": "certbot-dns-leaseweb",
 		"version": "~=1.0.1",
 		"dependencies": "",
 		"credentials": "dns_leaseweb_api_token = 01234556789",
 		"full_plugin_name": "dns-leaseweb"
 	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@ -396,7 +332,7 @@
 		"package_name": "certbot-dns-mijn-host",
 		"version": "~=0.0.4",
 		"dependencies": "",
-		"credentials": "dns_mijn_host_api_key=0123456789abcdef0123456789abcdef",
+		"credentials": "dns-mijn-host-credentials = /etc/letsencrypt/mijnhost-credentials.ini",
 		"full_plugin_name": "dns-mijn-host"
 	},
 	"namecheap": {
@ -415,14 +351,6 @@
 		"credentials": "dns_netcup_customer_id  = 123456\ndns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123",
 		"full_plugin_name": "dns-netcup"
 	},
 	"nicru": {
 		"name": "nic.ru",
 		"package_name": "certbot-dns-nicru",
 		"version": "~=1.0.3",
 		"dependencies": "",
 		"credentials": "dns_nicru_client_id = application-id\ndns_nicru_client_secret = application-token\ndns_nicru_username = 0001110/NIC-D\ndns_nicru_password = password\ndns_nicru_scope = .+:.+/zones/example.com(/.+)?\ndns_nicru_service = DNS_SERVICE_NAME\ndns_nicru_zone = example.com",
 		"full_plugin_name": "dns-nicru"
 	},
 	"njalla": {
 		"name": "Njalla",
 		"package_name": "certbot-dns-njalla",
@ -466,7 +394,7 @@
 	"porkbun": {
 		"name": "Porkbun",
 		"package_name": "certbot-dns-porkbun",
-		"version": "~=0.9",
+		"version": "~=0.2",
 		"dependencies": "",
 		"credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret",
 		"full_plugin_name": "dns-porkbun"
@ -511,29 +439,13 @@
 		"credentials": "[default]\naws_access_key_id=AKIAIOSFODNN7EXAMPLE\naws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
 		"full_plugin_name": "dns-route53"
 	},
 	"spaceship": {
 		"name": "Spaceship",
 		"package_name": "certbot-dns-spaceship",
 		"version": "~=1.0.4",
 		"dependencies": "",
 		"credentials": "[spaceship]\napi_key=your_api_key\napi_secret=your_api_secret",
 		"full_plugin_name": "dns-spaceship"
 	},
 	"strato": {
 		"name": "Strato",
 		"package_name": "certbot-dns-strato",
-		"version": "~=0.2.2",
+		"version": "~=0.2.1",
 		"dependencies": "",
 		"credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
 		"full_plugin_name": "dns-strato"
 	},
 	        "selectelv2": {
                "name": "Selectel api v2",
                "package_name": "certbot-dns-selectel-api-v2",
                "version": "~=0.3.0",
                "dependencies": "",
                "credentials": "dns_selectel_api_v2_account_id = your_account_id\ndns_selectel_api_v2_project_name = your_project\ndns_selectel_api_v2_username = your_username\ndns_selectel_api_v2_password = your_password",
                "full_plugin_name": "dns-selectel-api-v2"
 	},
 	"timeweb": {
 		"name": "Timeweb Cloud",
@ -590,13 +502,5 @@
 		"dependencies": "",
 		"credentials": "edgedns_client_secret = as3d1asd5d1a32sdfsdfs2d1asd5=\nedgedns_host = sdflskjdf-dfsdfsdf-sdfsdfsdf.luna.akamaiapis.net\nedgedns_access_token = kjdsi3-34rfsdfsdf-234234fsdfsdf\nedgedns_client_token = dkfjdf-342fsdfsd-23fsdfsdfsdf",
 		"full_plugin_name": "edgedns"
 	},
 	"zoneedit": {
 		"name": "ZoneEdit",
 		"package_name": "certbot-dns-zoneedit",
 		"version": "~=0.3.2",
 		"dependencies": "--no-deps dnspython",
 		"credentials": "dns_zoneedit_user = <login-user-id>\ndns_zoneedit_token = <dyn-authentication-token>",
 		"full_plugin_name": "dns-zoneedit"
 	}
 }
--- a/scripts/.common.sh
+++ b/scripts/.common.sh
@ -11,17 +11,7 @@ YELLOW='\E[1;33m'
 export BLUE CYAN GREEN RED RESET YELLOW
 # Docker Compose
-COMPOSE_PROJECT_NAME="npm2dev"
+COMPOSE_PROJECT_NAME="npmdev"
 COMPOSE_FILE="docker/docker-compose.dev.yml"
 export COMPOSE_FILE COMPOSE_PROJECT_NAME
 # $1: container_name
 get_container_ip () {
 	local container_name=$1
 	local container
 	local ip
 	container=$(docker-compose ps --all -q "${container_name}" | tail -n1)
 	ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$container")
 	echo "$ip"
 }
--- a/scripts/ci/fulltest-cypress
+++ b/scripts/ci/fulltest-cypress
@ -67,8 +67,6 @@ printf "nameserver %s\noptions ndots:0" "${DNSROUTER_IP}" > "${LOCAL_RESOLVE}"
 # bring up all remaining containers, except cypress!
 docker-compose up -d --remove-orphans stepca squid
 docker-compose pull db-mysql || true # ok to fail
 docker-compose pull db-postgres || true # ok to fail
 docker-compose pull authentik authentik-redis authentik-ldap || true # ok to fail
 docker-compose up -d --remove-orphans --pull=never fullstack
 # wait for main container to be healthy
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
jeffreysjauwmook	0987d7bba9	Merge branch 'NginxProxyManager:develop' into pg-support	2024-10-15 08:28:52 -03:00
jeff	b0b234ff7d	Merge branch 'develop' into pg-support	2024-10-13 15:47:12 -03:00
jeff	10f61595e1	added postgresql support & added a postgres containers	2024-10-13 15:45:33 -03:00
		`@ -1,2 +0,0 @@`
			`ssl_session_timeout 5m;`
			`ssl_session_cache shared:SSL_stream:50m;`
		`@ -1,2 +0,0 @@`
			`ssl_session_timeout 5m;`
			`ssl_session_cache shared:SSL:50m;`