Fixes migration

Adds comments to docker compose dev
Fixes eslint errors
2021-10-25 13:08:35 +02:00 · 2021-10-12 15:55:28 +02:00 · 2021-10-12 15:42:22 +02:00 · 2021-10-12 15:25:46 +02:00 · 2021-10-12 13:44:50 +02:00 · 2021-10-12 10:36:48 +10:00
54 changed files with 2611 additions and 664 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.9.8
+2.9.9
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.8-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.9-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@ -483,6 +483,30 @@ Special thanks to the following contributors:
 				<br /><sub><b>Florian Meinicke</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/ssrahul96">
+				<img src="https://avatars.githubusercontent.com/u/15570570?v=4" width="80" alt=""/>
+				<br /><sub><b>Rahul Somasundaram</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/BjoernAkAManf">
+				<img src="https://avatars.githubusercontent.com/u/833043?v=4" width="80" alt=""/>
+				<br /><sub><b>Björn Heinrichs</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/realJoshByrnes">
+				<img src="https://avatars.githubusercontent.com/u/204185?v=4" width="80" alt=""/>
+				<br /><sub><b>Josh Byrnes</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/bergi9">
+				<img src="https://avatars.githubusercontent.com/u/5556750?v=4" width="80" alt=""/>
+				<br /><sub><b>bergi9</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->
--- a/backend/app.js
+++ b/backend/app.js
@ -74,12 +74,10 @@ app.use(function (err, req, res, next) {
 	}

 	// Not every error is worth logging - but this is good for now until it gets annoying.
-	if (typeof err.stack !== 'undefined' && err.stack) {
-		if (process.env.NODE_ENV === 'development') {
-			log.debug(err.stack);
-		} else if (typeof err.public == 'undefined' || !err.public) {
-			log.warn(err.message);
-		}
+	if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
+		log.debug(err);
+	} else if (typeof err.stack !== 'undefined' && err.stack && (typeof err.public == 'undefined' || !err.public)) {
+		log.warn(err.message);
 	}

 	res
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -869,7 +869,7 @@ const internalCertificate = {

 		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
 		const credentialsCmd      = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
-		const prepareCmd          = 'pip install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies;
+		const prepareCmd          = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;

 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
--- a/backend/internal/host.js
+++ b/backend/internal/host.js
@ -1,7 +1,8 @@
-const _                    = require('lodash');
-const proxyHostModel       = require('../models/proxy_host');
-const redirectionHostModel = require('../models/redirection_host');
-const deadHostModel        = require('../models/dead_host');
+const _                       = require('lodash');
+const proxyHostModel          = require('../models/proxy_host');
+const redirectionHostModel    = require('../models/redirection_host');
+const deadHostModel           = require('../models/dead_host');
+const sslPassthroughHostModel = require('../models/ssl_passthrough_host');

 const internalHost = {

@ -81,6 +82,9 @@ const internalHost = {
 				.query()
 				.where('is_deleted', 0),
 			deadHostModel
+				.query()
+				.where('is_deleted', 0),
+			sslPassthroughHostModel
 				.query()
 				.where('is_deleted', 0)
 		];
@ -112,6 +116,12 @@ const internalHost = {
 					response_object.total_count += response_object.dead_hosts.length;
 				}

+				if (promises_results[3]) {
+					// SSL Passthrough Hosts
+					response_object.ssl_passthrough_hosts = internalHost._getHostsWithDomains(promises_results[3], domain_names);
+					response_object.total_count          += response_object.ssl_passthrough_hosts.length;
+				}
+
 				return response_object;
 			});
 	},
@ -137,7 +147,11 @@ const internalHost = {
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere('domain_names', 'like', '%' + hostname + '%')
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
+			sslPassthroughHostModel
+				.query()
+				.where('is_deleted', 0)
+				.andWhere('domain_name', '=', hostname),
 		];

 		return Promise.all(promises)
@ -165,6 +179,13 @@ const internalHost = {
 					}
 				}

+				if (promises_results[3]) {
+					// SSL Passthrough Hosts
+					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[3], ignore_type === 'ssl_passthrough' && ignore_id ? ignore_id : 0)) {
+						is_taken = true;
+					}
+				}
+
 				return {
 					hostname: hostname,
 					is_taken: is_taken
@ -185,14 +206,21 @@ const internalHost = {

 		if (existing_rows && existing_rows.length) {
 			existing_rows.map(function (existing_row) {
-				existing_row.domain_names.map(function (existing_hostname) {
+				
+				function checkHostname(existing_hostname) {
 					// Does this domain match?
 					if (existing_hostname.toLowerCase() === hostname.toLowerCase()) {
 						if (!ignore_id || ignore_id !== existing_row.id) {
 							is_taken = true;
 						}
 					}
-				});
+				}
+
+				if (existing_row.domain_names) {
+					existing_row.domain_names.map(checkHostname);
+				} else if (existing_row.domain_name) {
+					checkHostname(existing_row.domain_name);
+				}
 			});
 		}

--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -1,10 +1,11 @@
-const _          = require('lodash');
-const fs         = require('fs');
-const logger     = require('../logger').nginx;
-const utils      = require('../lib/utils');
-const error      = require('../lib/error');
-const { Liquid } = require('liquidjs');
-const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
+const _                    = require('lodash');
+const fs                   = require('fs');
+const logger               = require('../logger').nginx;
+const utils                = require('../lib/utils');
+const error                = require('../lib/error');
+const { Liquid }           = require('liquidjs');
+const passthroughHostModel = require('../models/ssl_passthrough_host');
+const debug_mode           = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;

 const internalNginx = {

@ -23,7 +24,8 @@ const internalNginx = {
 	 * @returns {Promise}
 	 */
 	configure: (model, host_type, host) => {
-		let combined_meta = {};
+		let combined_meta           = {};
+		const sslPassthroughEnabled = internalNginx.sslPassthroughEnabled();

 		return internalNginx.test()
 			.then(() => {
@ -32,7 +34,25 @@ const internalNginx = {
 				return internalNginx.deleteConfig(host_type, host); // Don't throw errors, as the file may not exist at all
 			})
 			.then(() => {
-				return internalNginx.generateConfig(host_type, host);
+				if (host_type === 'ssl_passthrough_host' && !sslPassthroughEnabled){
+					// ssl passthrough is disabled
+					const meta = {
+						nginx_online: false,
+						nginx_err:    'SSL passthrough is not enabled in environment'
+					};
+
+					return passthroughHostModel
+						.query()
+						.where('is_deleted', 0)
+						.andWhere('enabled', 1)
+						.patch({
+							meta
+						}).then(() => {
+							return internalNginx.deleteConfig('ssl_passthrough_host', host, false); 
+						});
+				} else {
+					return internalNginx.generateConfig(host_type, host);
+				}
 			})
 			.then(() => {
 				// Test nginx again and update meta with result
@ -44,12 +64,27 @@ const internalNginx = {
 							nginx_err:    null
 						});

+						if (host_type === 'ssl_passthrough_host'){
+							// If passthrough is disabled we have already marked the hosts as offline
+							if (sslPassthroughEnabled) {
+								return passthroughHostModel
+									.query()
+									.where('is_deleted', 0)
+									.andWhere('enabled', 1)
+									.patch({
+										meta: combined_meta
+									});
+							}
+							return Promise.resolve();
+						}
+
 						return model
 							.query()
 							.where('id', host.id)
 							.patch({
 								meta: combined_meta
 							});
+						
 					})
 					.catch((err) => {
 						// Remove the error_log line because it's a docker-ism false positive that doesn't need to be reported.
@ -74,6 +109,18 @@ const internalNginx = {
 							nginx_err:    valid_lines.join('\n')
 						});

+						if (host_type === 'ssl_passthrough_host'){
+							return passthroughHostModel
+								.query()
+								.where('is_deleted', 0)
+								.andWhere('enabled', 1)
+								.patch({
+									meta: combined_meta
+								}).then(() => {
+									return internalNginx.deleteConfig('ssl_passthrough_host', host, true);
+								});
+						}
+
 						return model
 							.query()
 							.where('id', host.id)
@ -125,6 +172,8 @@ const internalNginx = {

 		if (host_type === 'default') {
 			return '/data/nginx/default_host/site.conf';
+		} else if (host_type === 'ssl_passthrough_host') {
+			return '/data/nginx/ssl_passthrough_host/hosts.conf';
 		}

 		return '/data/nginx/' + host_type + '/' + host_id + '.conf';
@ -186,7 +235,7 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host) => {
+	generateConfig: async (host_type, host) => {
 		host_type = host_type.replace(new RegExp('-', 'g'), '_');

 		if (debug_mode) {
@ -199,72 +248,87 @@ const internalNginx = {
 			root: __dirname + '/../templates/'
 		});

-		return new Promise((resolve, reject) => {
-			let template = null;
-			let filename = internalNginx.getConfigName(host_type, host.id);
+		let template = null;
+		let filename = internalNginx.getConfigName(host_type, host.id);

-			try {
-				template = fs.readFileSync(__dirname + '/../templates/' + host_type + '.conf', {encoding: 'utf8'});
-			} catch (err) {
-				reject(new error.ConfigurationError(err.message));
-				return;
-			}
+		try {
+			template = fs.readFileSync(__dirname + '/../templates/' + host_type + '.conf', {encoding: 'utf8'});
+		} catch (err) {
+			throw new error.ConfigurationError(err.message);
+		}

-			let locationsPromise;
-			let origLocations;
-
-			// Manipulate the data a bit before sending it to the template
-			if (host_type !== 'default') {
-				host.use_default_location = true;
-				if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
-					host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
-				}
-			}
-
-			if (host.locations) {
-				//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2));
-				origLocations    = [].concat(host.locations);
-				locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => {
-					host.locations = renderedLocations;
-				});
-
-				// Allow someone who is using / custom location path to use it, and skip the default / location
-				_.map(host.locations, (location) => {
-					if (location.path === '/') {
-						host.use_default_location = false;
-					}
-				});
+		let locationsPromise;
+		let origLocations;

+		// Manipulate the data a bit before sending it to the template
+		if (host_type === 'ssl_passthrough_host') {
+			if (internalNginx.sslPassthroughEnabled()){
+				const allHosts = await passthroughHostModel
+					.query()
+					.where('is_deleted', 0)
+					.groupBy('id')
+					.omit(['is_deleted']);
+				host           = {
+					all_passthrough_hosts: allHosts.map((host) => {
+						// Replace dots in domain
+						host.forwarding_host = internalNginx.addIpv6Brackets(host.forwarding_host);
+						return host;
+					}),
+				};
 			} else {
-				locationsPromise = Promise.resolve();
+				internalNginx.deleteConfig(host_type, host, false);
 			}
+			
+		} else if (host_type !== 'default') {
+			host.use_default_location = true;
+			if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
+				host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
+			}
+		}

-			// Set the IPv6 setting for the host
-			host.ipv6 = internalNginx.ipv6Enabled();
-
-			locationsPromise.then(() => {
-				renderEngine
-					.parseAndRender(template, host)
-					.then((config_text) => {
-						fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
-
-						if (debug_mode) {
-							logger.success('Wrote config:', filename, config_text);
-						}
-
-						// Restore locations array
-						host.locations = origLocations;
-
-						resolve(true);
-					})
-					.catch((err) => {
-						if (debug_mode) {
-							logger.warn('Could not write ' + filename + ':', err.message);
-						}
-
-						reject(new error.ConfigurationError(err.message));
-					});
+		if (host.locations) {
+			//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2));
+			origLocations    = [].concat(host.locations);
+			locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => {
+				host.locations = renderedLocations;
 			});
+
+			// Allow someone who is using / custom location path to use it, and skip the default / location
+			_.map(host.locations, (location) => {
+				if (location.path === '/') {
+					host.use_default_location = false;
+				}
+			});
+
+		} else {
+			locationsPromise = Promise.resolve();
+		}
+
+		// Set the IPv6 setting for the host
+		host.ipv6 = internalNginx.ipv6Enabled();
+
+		return locationsPromise.then(() => {
+			renderEngine
+				.parseAndRender(template, host)
+				.then((config_text) => {
+					fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
+
+					if (debug_mode) {
+						logger.success('Wrote config:', filename, config_text);
+					}
+
+					// Restore locations array
+					host.locations = origLocations;
+
+					return true;
+				})
+				.catch((err) => {
+					if (debug_mode) {
+						logger.warn('Could not write ' + filename + ':', err.message);
+					}
+
+					throw new error.ConfigurationError(err.message);
+				});
 		});
 	},

@ -429,6 +493,33 @@ const internalNginx = {
 		}

 		return true;
+	},
+
+	/**
+	 * @returns {boolean}
+	 */
+	sslPassthroughEnabled: function () {
+		if (typeof process.env.ENABLE_SSL_PASSTHROUGH !== 'undefined') {
+			const enabled = process.env.ENABLE_SSL_PASSTHROUGH.toLowerCase();
+			return (enabled === 'on' || enabled === 'true' || enabled === '1' || enabled === 'yes');
+		}
+
+		return false;
+	},
+
+	/**
+	 * Helper function to add brackets to an IP if it is IPv6
+	 * @returns {string}
+	 */
+	addIpv6Brackets: function (ip) {
+		// Only run check if ipv6 is enabled
+		if (internalNginx.ipv6Enabled()) {
+			const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/gi;
+			if (ipv6Regex.test(ip)){
+				return `[${ip}]`;
+			}
+		}
+		return ip;
 	}
 };

--- a/backend/internal/ssl-passthrough-host.js
+++ b/backend/internal/ssl-passthrough-host.js
@ -0,0 +1,365 @@
+const _                    = require('lodash');
+const error                = require('../lib/error');
+const passthroughHostModel = require('../models/ssl_passthrough_host');
+const internalHost         = require('./host');
+const internalNginx        = require('./nginx');
+const internalAuditLog     = require('./audit-log');
+
+function omissions () {
+	return ['is_deleted'];
+}
+
+const internalPassthroughHost = {
+
+	/**
+	 * @param   {Access}  access
+	 * @param   {Object}  data
+	 * @returns {Promise}
+	 */
+	create: (access, data) => {
+		return access.can('ssl_passthrough_hosts:create', data)
+			.then(() => {
+				// Get the domain name and check it against existing records
+				return internalHost.isHostnameTaken(data.domain_name)
+					.then((result) => {
+						if (result.is_taken) {
+							throw new error.ValidationError(result.hostname + ' is already in use');
+						}
+					});
+			}).then((/*access_data*/) => {
+				data.owner_user_id = access.token.getUserId(1);
+
+				if (typeof data.meta === 'undefined') {
+					data.meta = {};
+				}
+
+				return passthroughHostModel
+					.query()
+					.omit(omissions())
+					.insertAndFetch(data);
+			})
+			.then((row) => {
+				// Configure nginx
+				return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
+					.then(() => {
+						return internalPassthroughHost.get(access, {id: row.id, expand: ['owner']});
+					});
+			})
+			.then((row) => {
+				// Add to audit log
+				return internalAuditLog.add(access, {
+					action:      'created',
+					object_type: 'ssl-passthrough-host',
+					object_id:   row.id,
+					meta:        data
+				})
+					.then(() => {
+						return row;
+					});
+			});
+	},
+
+	/**
+	 * @param  {Access}  access
+	 * @param  {Object}  data
+	 * @param  {Number}  data.id
+	 * @return {Promise}
+	 */
+	update: (access, data) => {
+		return access.can('ssl_passthrough_hosts:update', data.id)
+			.then((/*access_data*/) => {
+				// Get the domain name and check it against existing records
+				if (typeof data.domain_name !== 'undefined') {
+					return internalHost.isHostnameTaken(data.domain_name, 'ssl_passthrough', data.id)
+						.then((result) => {
+							if (result.is_taken) {
+								throw new error.ValidationError(result.hostname + ' is already in use');
+							}
+						});
+				}
+			}).then((/*access_data*/) => {
+				return internalPassthroughHost.get(access, {id: data.id});
+			})
+			.then((row) => {
+				if (row.id !== data.id) {
+					// Sanity check that something crazy hasn't happened
+					throw new error.InternalValidationError('SSL Passthrough Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
+				}
+
+				return passthroughHostModel
+					.query()
+					.omit(omissions())
+					.patchAndFetchById(row.id, data)
+					.then(() => {
+						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
+							.then(() => {
+								return internalPassthroughHost.get(access, {id: row.id, expand: ['owner']});
+							});
+					})
+					.then((saved_row) => {
+						// Add to audit log
+						return internalAuditLog.add(access, {
+							action:      'updated',
+							object_type: 'ssl-passthrough-host',
+							object_id:   row.id,
+							meta:        data
+						})
+							.then(() => {
+								return _.omit(saved_row, omissions());
+							});
+					});
+			});
+	},
+
+	/**
+	 * @param  {Access}   access
+	 * @param  {Object}   data
+	 * @param  {Number}   data.id
+	 * @param  {Array}    [data.expand]
+	 * @param  {Array}    [data.omit]
+	 * @return {Promise}
+	 */
+	get: (access, data) => {
+		if (typeof data === 'undefined') {
+			data = {};
+		}
+
+		return access.can('ssl_passthrough_hosts:get', data.id)
+			.then((access_data) => {
+				let query = passthroughHostModel
+					.query()
+					.where('is_deleted', 0)
+					.andWhere('id', data.id)
+					.allowEager('[owner]')
+					.first();
+
+				if (access_data.permission_visibility !== 'all') {
+					query.andWhere('owner_user_id', access.token.getUserId(1));
+				}
+
+				// Custom omissions
+				if (typeof data.omit !== 'undefined' && data.omit !== null) {
+					query.omit(data.omit);
+				}
+
+				if (typeof data.expand !== 'undefined' && data.expand !== null) {
+					query.eager('[' + data.expand.join(', ') + ']');
+				}
+
+				return query;
+			})
+			.then((row) => {
+				if (row) {
+					return _.omit(row, omissions());
+				} else {
+					throw new error.ItemNotFoundError(data.id);
+				}
+			});
+	},
+
+	/**
+	 * @param {Access}  access
+	 * @param {Object}  data
+	 * @param {Number}  data.id
+	 * @param {String}  [data.reason]
+	 * @returns {Promise}
+	 */
+	delete: (access, data) => {
+		return access.can('ssl_passthrough_hosts:delete', data.id)
+			.then(() => {
+				return internalPassthroughHost.get(access, {id: data.id});
+			})
+			.then((row) => {
+				if (!row) {
+					throw new error.ItemNotFoundError(data.id);
+				}
+
+				return passthroughHostModel
+					.query()
+					.where('id', row.id)
+					.patch({
+						is_deleted: 1
+					})
+					.then(() => {
+						// Update Nginx Config
+						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
+							.then(() => {
+								return internalNginx.reload();
+							});
+					})
+					.then(() => {
+						// Add to audit log
+						return internalAuditLog.add(access, {
+							action:      'deleted',
+							object_type: 'ssl-passthrough-host',
+							object_id:   row.id,
+							meta:        _.omit(row, omissions())
+						});
+					});
+			})
+			.then(() => {
+				return true;
+			});
+	},
+
+	/**
+	 * @param {Access}  access
+	 * @param {Object}  data
+	 * @param {Number}  data.id
+	 * @param {String}  [data.reason]
+	 * @returns {Promise}
+	 */
+	enable: (access, data) => {
+		return access.can('ssl_passthrough_hosts:update', data.id)
+			.then(() => {
+				return internalPassthroughHost.get(access, {
+					id:     data.id,
+					expand: ['owner']
+				});
+			})
+			.then((row) => {
+				if (!row) {
+					throw new error.ItemNotFoundError(data.id);
+				} else if (row.enabled) {
+					throw new error.ValidationError('Host is already enabled');
+				}
+
+				row.enabled = 1;
+
+				return passthroughHostModel
+					.query()
+					.where('id', row.id)
+					.patch({
+						enabled: 1
+					})
+					.then(() => {
+						// Configure nginx
+						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {});
+					})
+					.then(() => {
+						// Add to audit log
+						return internalAuditLog.add(access, {
+							action:      'enabled',
+							object_type: 'ssl-passthrough-host',
+							object_id:   row.id,
+							meta:        _.omit(row, omissions())
+						});
+					});
+			})
+			.then(() => {
+				return true;
+			});
+	},
+
+	/**
+	 * @param {Access}  access
+	 * @param {Object}  data
+	 * @param {Number}  data.id
+	 * @param {String}  [data.reason]
+	 * @returns {Promise}
+	 */
+	disable: (access, data) => {
+		return access.can('ssl_passthrough_hosts:update', data.id)
+			.then(() => {
+				return internalPassthroughHost.get(access, {id: data.id});
+			})
+			.then((row) => {
+				if (!row) {
+					throw new error.ItemNotFoundError(data.id);
+				} else if (!row.enabled) {
+					throw new error.ValidationError('Host is already disabled');
+				}
+
+				row.enabled = 0;
+
+				return passthroughHostModel
+					.query()
+					.where('id', row.id)
+					.patch({
+						enabled: 0
+					})
+					.then(() => {
+						// Update Nginx Config
+						return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {})
+							.then(() => {
+								return internalNginx.reload();
+							});
+					})
+					.then(() => {
+						// Add to audit log
+						return internalAuditLog.add(access, {
+							action:      'disabled',
+							object_type: 'ssl-passthrough-host',
+							object_id:   row.id,
+							meta:        _.omit(row, omissions())
+						});
+					});
+			})
+			.then(() => {
+				return true;
+			});
+	},
+
+	/**
+	 * All SSL Passthrough Hosts
+	 *
+	 * @param   {Access}  access
+	 * @param   {Array}   [expand]
+	 * @param   {String}  [search_query]
+	 * @returns {Promise}
+	 */
+	getAll: (access, expand, search_query) => {
+		return access.can('ssl_passthrough_hosts:list')
+			.then((access_data) => {
+				let query = passthroughHostModel
+					.query()
+					.where('is_deleted', 0)
+					.groupBy('id')
+					.omit(['is_deleted'])
+					.allowEager('[owner]')
+					.orderBy('domain_name', 'ASC');
+
+				if (access_data.permission_visibility !== 'all') {
+					query.andWhere('owner_user_id', access.token.getUserId(1));
+				}
+
+				// Query is used for searching
+				if (typeof search_query === 'string') {
+					query.where(function () {
+						this.where('domain_name', 'like', '%' + search_query + '%');
+					});
+				}
+
+				if (typeof expand !== 'undefined' && expand !== null) {
+					query.eager('[' + expand.join(', ') + ']');
+				}
+
+				return query;
+			});
+	},
+
+	/**
+	 * Report use
+	 *
+	 * @param   {Number}  user_id
+	 * @param   {String}  visibility
+	 * @returns {Promise}
+	 */
+	getCount: (user_id, visibility) => {
+		let query = passthroughHostModel
+			.query()
+			.count('id as count')
+			.where('is_deleted', 0);
+
+		if (visibility !== 'all') {
+			query.andWhere('owner_user_id', user_id);
+		}
+
+		return query.first()
+			.then((row) => {
+				return parseInt(row.count, 10);
+			});
+	}
+};
+
+module.exports = internalPassthroughHost;
--- a/backend/internal/user.js
+++ b/backend/internal/user.js
@ -62,14 +62,15 @@ const internalUser = {
 				return userPermissionModel
 					.query()
 					.insert({
-						user_id:           user.id,
-						visibility:        is_admin ? 'all' : 'user',
-						proxy_hosts:       'manage',
-						redirection_hosts: 'manage',
-						dead_hosts:        'manage',
-						streams:           'manage',
-						access_lists:      'manage',
-						certificates:      'manage'
+						user_id:               user.id,
+						visibility:            is_admin ? 'all' : 'user',
+						proxy_hosts:           'manage',
+						redirection_hosts:     'manage',
+						dead_hosts:            'manage',
+						ssl_passthrough_hosts: 'manage',
+						streams:               'manage',
+						access_lists:          'manage',
+						certificates:          'manage'
 					})
 					.then(() => {
 						return internalUser.get(access, {id: user.id, expand: ['permissions']});
--- a/backend/lib/access/ssl_passthrough_hosts-create.json
+++ b/backend/lib/access/ssl_passthrough_hosts-create.json
@ -0,0 +1,23 @@
+{
+	"anyOf": [
+		{
+			"$ref": "roles#/definitions/admin"
+		},
+		{
+			"type": "object",
+			"required": ["permission_ssl_passthrough_hosts", "roles"],
+			"properties": {
+				"permission_ssl_passthrough_hosts": {
+					"$ref": "perms#/definitions/manage"
+				},
+				"roles": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["user"]
+					}
+				}
+			}
+		}
+	]
+}
--- a/backend/lib/access/ssl_passthrough_hosts-delete.json
+++ b/backend/lib/access/ssl_passthrough_hosts-delete.json
@ -0,0 +1,23 @@
+{
+	"anyOf": [
+		{
+			"$ref": "roles#/definitions/admin"
+		},
+		{
+			"type": "object",
+			"required": ["permission_ssl_passthrough_hosts", "roles"],
+			"properties": {
+				"permission_ssl_passthrough_hosts": {
+					"$ref": "perms#/definitions/manage"
+				},
+				"roles": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["user"]
+					}
+				}
+			}
+		}
+	]
+}
--- a/backend/lib/access/ssl_passthrough_hosts-get.json
+++ b/backend/lib/access/ssl_passthrough_hosts-get.json
@ -0,0 +1,23 @@
+{
+	"anyOf": [
+		{
+			"$ref": "roles#/definitions/admin"
+		},
+		{
+			"type": "object",
+			"required": ["permission_ssl_passthrough_hosts", "roles"],
+			"properties": {
+				"permission_ssl_passthrough_hosts": {
+					"$ref": "perms#/definitions/view"
+				},
+				"roles": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["user"]
+					}
+				}
+			}
+		}
+	]
+}
--- a/backend/lib/access/ssl_passthrough_hosts-list.json
+++ b/backend/lib/access/ssl_passthrough_hosts-list.json
@ -0,0 +1,23 @@
+{
+	"anyOf": [
+		{
+			"$ref": "roles#/definitions/admin"
+		},
+		{
+			"type": "object",
+			"required": ["permission_ssl_passthrough_hosts", "roles"],
+			"properties": {
+				"permission_ssl_passthrough_hosts": {
+					"$ref": "perms#/definitions/view"
+				},
+				"roles": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["user"]
+					}
+				}
+			}
+		}
+	]
+}
--- a/backend/lib/access/ssl_passthrough_hosts-update.json
+++ b/backend/lib/access/ssl_passthrough_hosts-update.json
@ -0,0 +1,23 @@
+{
+	"anyOf": [
+		{
+			"$ref": "roles#/definitions/admin"
+		},
+		{
+			"type": "object",
+			"required": ["permission_ssl_passthrough_hosts", "roles"],
+			"properties": {
+				"permission_ssl_passthrough_hosts": {
+					"$ref": "perms#/definitions/manage"
+				},
+				"roles": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["user"]
+					}
+				}
+			}
+		}
+	]
+}
--- a/backend/migrations/20211010141200_ssl_passthrough_host.js
+++ b/backend/migrations/20211010141200_ssl_passthrough_host.js
@ -0,0 +1,85 @@
+const migrate_name = 'ssl_passthrough_host';
+const logger       = require('../logger').migrate;
+
+/**
+	* Migrate
+	*
+	* @see http://knexjs.org/#Schema
+	*
+	* @param   {Object} knex
+	* @param   {Promise} Promise
+	* @returns {Promise}
+	*/
+exports.up = async function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	await knex.schema.createTable('ssl_passthrough_host', (table) => {
+		table.increments().primary();
+		table.dateTime('created_on').notNull();
+		table.dateTime('modified_on').notNull();
+		table.integer('owner_user_id').notNull().unsigned();
+		table.integer('is_deleted').notNull().unsigned().defaultTo(0);
+		table.string('domain_name').notNull();
+		table.string('forwarding_host').notNull();
+		table.integer('forwarding_port').notNull().unsigned();
+		table.integer('enabled').notNull().unsigned().defaultTo(1);
+		table.json('meta').notNull();
+	});
+
+	logger.info('[' + migrate_name + '] Table created');
+
+	// Remove unique constraint so name can be used for new table
+	await knex.schema.alterTable('user_permission', (table) => {
+		table.dropUnique('user_id');
+	});
+
+	await knex.schema.renameTable('user_permission', 'user_permission_old');
+
+	// We need to recreate the table since sqlite does not support altering columns
+	await knex.schema.createTable('user_permission', (table) => {
+		table.increments().primary();
+		table.dateTime('created_on').notNull();
+		table.dateTime('modified_on').notNull();
+		table.integer('user_id').notNull().unsigned();
+		table.string('visibility').notNull();
+		table.string('proxy_hosts').notNull();
+		table.string('redirection_hosts').notNull();
+		table.string('dead_hosts').notNull();
+		table.string('streams').notNull();
+		table.string('ssl_passthrough_hosts').notNull();
+		table.string('access_lists').notNull();
+		table.string('certificates').notNull();
+		table.unique('user_id');
+	});
+
+	await knex('user_permission_old').select('*', 'streams as ssl_passthrough_hosts').then((data) => {
+		if (data.length) {
+			return knex('user_permission').insert(data);
+		}
+		return Promise.resolve();
+	});
+
+	await knex.schema.dropTableIfExists('user_permission_old');
+
+	logger.info('[' + migrate_name + '] permissions updated');
+};
+
+/**
+	* Undo Migrate
+	*
+	* @param   {Object} knex
+	* @param   {Promise} Promise
+	* @returns {Promise}
+	*/
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.dropTable('stream').then(() => {
+		return knex.schema.table('user_permission', (table) => {
+			table.dropColumn('ssl_passthrough_hosts');
+		});
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] Table altered and permissions updated');
+		});
+};
--- a/backend/models/ssl_passthrough_host.js
+++ b/backend/models/ssl_passthrough_host.js
@ -0,0 +1,56 @@
+// Objection Docs:
+// http://vincit.github.io/objection.js/
+
+const db    = require('../db');
+const Model = require('objection').Model;
+const User  = require('./user');
+const now   = require('./now_helper');
+
+Model.knex(db);
+
+class SslPassthrougHost extends Model {
+	$beforeInsert () {
+		this.created_on  = now();
+		this.modified_on = now();
+
+		// Default for meta
+		if (typeof this.meta === 'undefined') {
+			this.meta = {};
+		}
+	}
+
+	$beforeUpdate () {
+		this.modified_on = now();
+	}
+
+	static get name () {
+		return 'SslPassthrougHost';
+	}
+
+	static get tableName () {
+		return 'ssl_passthrough_host';
+	}
+
+	static get jsonAttributes () {
+		return ['meta'];
+	}
+
+	static get relationMappings () {
+		return {
+			owner: {
+				relation:   Model.HasOneRelation,
+				modelClass: User,
+				join:       {
+					from: 'ssl_passthrough_host.owner_user_id',
+					to:   'user.id'
+				},
+				modify: function (qb) {
+					qb.where('user.is_deleted', 0);
+					qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
+				}
+			}
+		};
+	}
+}
+
+module.exports = SslPassthrougHost;
--- a/backend/package.json
+++ b/backend/package.json
@ -25,7 +25,7 @@
 		"mysql": "^2.18.1",
 		"node-rsa": "^1.0.8",
 		"nodemon": "^2.0.2",
-		"objection": "^2.1.3",
+		"objection": "^2.2.16",
 		"path": "^0.12.7",
 		"pg": "^7.12.1",
 		"restler": "^3.4.0",
--- a/backend/routes/api/main.js
+++ b/backend/routes/api/main.js
@ -1,6 +1,7 @@
-const express = require('express');
-const pjson   = require('../../package.json');
-const error   = require('../../lib/error');
+const express       = require('express');
+const pjson         = require('../../package.json');
+const error         = require('../../lib/error');
+const internalNginx = require('../../internal/nginx');

 let router = express.Router({
 	caseSensitive: true,
@ -34,10 +35,18 @@ router.use('/settings', require('./settings'));
 router.use('/nginx/proxy-hosts', require('./nginx/proxy_hosts'));
 router.use('/nginx/redirection-hosts', require('./nginx/redirection_hosts'));
 router.use('/nginx/dead-hosts', require('./nginx/dead_hosts'));
+router.use('/nginx/ssl-passthrough-hosts', require('./nginx/ssl_passthrough_hosts'));
 router.use('/nginx/streams', require('./nginx/streams'));
 router.use('/nginx/access-lists', require('./nginx/access_lists'));
 router.use('/nginx/certificates', require('./nginx/certificates'));

+router.get('/ssl-passthrough-enabled', (req, res/*, next*/) => {
+	res.status(200).send({
+		status:                  'OK',
+		ssl_passthrough_enabled: internalNginx.sslPassthroughEnabled()
+	});
+});
+
 /**
 * API 404 for all other routes
 *
--- a/backend/routes/api/nginx/ssl_passthrough_hosts.js
+++ b/backend/routes/api/nginx/ssl_passthrough_hosts.js
@ -0,0 +1,196 @@
+const express                = require('express');
+const validator              = require('../../../lib/validator');
+const jwtdecode              = require('../../../lib/express/jwt-decode');
+const internalSslPassthrough = require('../../../internal/ssl-passthrough-host'); 
+const apiValidator           = require('../../../lib/validator/api');
+
+let router = express.Router({
+	caseSensitive: true,
+	strict:        true,
+	mergeParams:   true
+});
+
+/**
+ * /api/nginx/ssl-passthrough-hosts
+ */
+router
+	.route('/')
+	.options((req, res) => {
+		res.sendStatus(204);
+	})
+	.all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes
+
+	/**
+	 * GET /api/nginx/ssl-passthrough-hosts
+	 *
+	 * Retrieve all ssl passthrough hosts
+	 */
+	.get((req, res, next) => {
+		validator({
+			additionalProperties: false,
+			properties:           {
+				expand: {
+					$ref: 'definitions#/definitions/expand'
+				},
+				query: {
+					$ref: 'definitions#/definitions/query'
+				}
+			}
+		}, {
+			expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
+			query:  (typeof req.query.query === 'string' ? req.query.query : null)
+		})
+			.then((data) => {
+				return internalSslPassthrough.getAll(res.locals.access, data.expand, data.query);
+			})
+			.then((rows) => {
+				res.status(200)
+					.send(rows);
+			})
+			.catch(next);
+	})
+
+	/**
+	 * POST /api/nginx/ssl-passthrough-hosts
+	 *
+	 * Create a new ssl passthrough host
+	 */
+	.post((req, res, next) => {
+		apiValidator({$ref: 'endpoints/ssl-passthrough-hosts#/links/1/schema'}, req.body)
+			.then((payload) => {
+				return internalSslPassthrough.create(res.locals.access, payload);
+			})
+			.then((result) => {
+				res.status(201)
+					.send(result);
+			})
+			.catch(next);
+	});
+
+/**
+ * Specific ssl passthrough host
+ *
+ * /api/nginx/ssl-passthrough-hosts/123
+ */
+router
+	.route('/:host_id')
+	.options((req, res) => {
+		res.sendStatus(204);
+	})
+	.all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes
+
+	/**
+	 * GET /api/nginx/ssl-passthrough-hosts/123
+	 *
+	 * Retrieve a specific ssl passthrough host
+	 */
+	.get((req, res, next) => {
+		validator({
+			required:             ['host_id'],
+			additionalProperties: false,
+			properties:           {
+				host_id: {
+					$ref: 'definitions#/definitions/id'
+				},
+				expand: {
+					$ref: 'definitions#/definitions/expand'
+				}
+			}
+		}, {
+			host_id: req.params.host_id,
+			expand:  (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
+		})
+			.then((data) => {
+				return internalSslPassthrough.get(res.locals.access, {
+					id:     parseInt(data.host_id, 10),
+					expand: data.expand
+				});
+			})
+			.then((row) => {
+				res.status(200)
+					.send(row);
+			})
+			.catch(next);
+	})
+
+	/**
+	 * PUT /api/nginx/ssl-passthrough-hosts/123
+	 *
+	 * Update an existing ssl passthrough host
+	 */
+	.put((req, res, next) => {
+		apiValidator({$ref: 'endpoints/ssl-passthrough-hosts#/links/2/schema'}, req.body)
+			.then((payload) => {
+				payload.id = parseInt(req.params.host_id, 10);
+				return internalSslPassthrough.update(res.locals.access, payload);
+			})
+			.then((result) => {
+				res.status(200)
+					.send(result);
+			})
+			.catch(next);
+	})
+
+	/**
+	 * DELETE /api/nginx/ssl-passthrough-hosts/123
+	 *
+	 * Delete an ssl passthrough host
+	 */
+	.delete((req, res, next) => {
+		internalSslPassthrough.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
+			.then((result) => {
+				res.status(200)
+					.send(result);
+			})
+			.catch(next);
+	});
+
+/**
+ * Enable ssl passthrough host
+ *
+ * /api/nginx/ssl-passthrough-hosts/123/enable
+ */
+router
+	.route('/:host_id/enable')
+	.options((req, res) => {
+		res.sendStatus(204);
+	})
+	.all(jwtdecode())
+
+	/**
+	 * POST /api/nginx/ssl-passthrough-hosts/123/enable
+	 */
+	.post((req, res, next) => {
+		internalSslPassthrough.enable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
+			.then((result) => {
+				res.status(200)
+					.send(result);
+			})
+			.catch(next);
+	});
+
+/**
+ * Disable ssl passthrough host
+ *
+ * /api/nginx/ssl-passthrough-hosts/123/disable
+ */
+router
+	.route('/:host_id/disable')
+	.options((req, res) => {
+		res.sendStatus(204);
+	})
+	.all(jwtdecode())
+
+	/**
+	 * POST /api/nginx/ssl-passthrough-hosts/123/disable
+	 */
+	.post((req, res, next) => {
+		internalSslPassthrough.disable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
+			.then((result) => {
+				res.status(200)
+					.send(result);
+			})
+			.catch(next);
+	});
+
+module.exports = router;
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@ -153,7 +153,7 @@
      "example": "john@example.com",
      "format": "email",
      "type": "string",
-      "minLength": 8,
+      "minLength": 6,
      "maxLength": 100
    },
    "password": {
--- a/backend/schema/endpoints/ssl-passthrough-hosts.json
+++ b/backend/schema/endpoints/ssl-passthrough-hosts.json
@ -0,0 +1,208 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "endpoints/ssl-passthrough-hosts",
+  "title": "SSL Passthrough Hosts",
+  "description": "Endpoints relating to SSL Passthrough Hosts",
+  "stability": "stable",
+  "type": "object",
+  "definitions": {
+    "id": {
+      "$ref": "../definitions.json#/definitions/id"
+    },
+    "created_on": {
+      "$ref": "../definitions.json#/definitions/created_on"
+    },
+    "modified_on": {
+      "$ref": "../definitions.json#/definitions/modified_on"
+    },
+    "domain_name": {
+      "$ref": "../definitions.json#/definitions/domain_name"
+    },
+    "forwarding_host": {
+      "anyOf": [
+        {
+          "$ref": "../definitions.json#/definitions/domain_name"
+        },
+        {
+          "type": "string",
+          "format": "ipv4"
+        },
+        {
+          "type": "string",
+          "format": "ipv6"
+        }
+      ]
+    },
+    "forwarding_port": {
+      "type": "integer",
+      "minimum": 1,
+      "maximum": 65535
+    },
+    "enabled": {
+      "$ref": "../definitions.json#/definitions/enabled"
+    },
+    "meta": {
+      "type": "object"
+    }
+  },
+  "properties": {
+    "id": {
+      "$ref": "#/definitions/id"
+    },
+    "created_on": {
+      "$ref": "#/definitions/created_on"
+    },
+    "modified_on": {
+      "$ref": "#/definitions/modified_on"
+    },
+    "domain_name": {
+      "$ref": "#/definitions/domain_name"
+    },
+    "forwarding_host": {
+      "$ref": "#/definitions/forwarding_host"
+    },
+    "forwarding_port": {
+      "$ref": "#/definitions/forwarding_port"
+    },
+    "enabled": {
+      "$ref": "#/definitions/enabled"
+    },
+    "meta": {
+      "$ref": "#/definitions/meta"
+    }
+  },
+  "links": [
+    {
+      "title": "List",
+      "description": "Returns a list of SSL Passthrough Hosts",
+      "href": "/nginx/ssl-passthrough-hosts",
+      "access": "private",
+      "method": "GET",
+      "rel": "self",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      },
+      "targetSchema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/properties"
+        }
+      }
+    },
+    {
+      "title": "Create",
+      "description": "Creates a new SSL Passthrough Host",
+      "href": "/nginx/ssl-passthrough-hosts",
+      "access": "private",
+      "method": "POST",
+      "rel": "create",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      },
+      "schema": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": [
+          "domain_name",
+          "forwarding_host",
+          "forwarding_port"
+        ],
+        "properties": {
+          "domain_name": {
+            "$ref": "#/definitions/domain_name"
+          },
+          "forwarding_host": {
+            "$ref": "#/definitions/forwarding_host"
+          },
+          "forwarding_port": {
+            "$ref": "#/definitions/forwarding_port"
+          },
+          "meta": {
+            "$ref": "#/definitions/meta"
+          }
+        }
+      },
+      "targetSchema": {
+        "properties": {
+          "$ref": "#/properties"
+        }
+      }
+    },
+    {
+      "title": "Update",
+      "description": "Updates a existing SSL Passthrough Host",
+      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}",
+      "access": "private",
+      "method": "PUT",
+      "rel": "update",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      },
+      "schema": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "domain_name": {
+            "$ref": "#/definitions/domain_name"
+          },
+          "forwarding_host": {
+            "$ref": "#/definitions/forwarding_host"
+          },
+          "forwarding_port": {
+            "$ref": "#/definitions/forwarding_port"
+          },
+          "meta": {
+            "$ref": "#/definitions/meta"
+          }
+        }
+      },
+      "targetSchema": {
+        "properties": {
+          "$ref": "#/properties"
+        }
+      }
+    },
+    {
+      "title": "Delete",
+      "description": "Deletes a existing SSL Passthrough Host",
+      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}",
+      "access": "private",
+      "method": "DELETE",
+      "rel": "delete",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      },
+      "targetSchema": {
+        "type": "boolean"
+      }
+    },
+    {
+      "title": "Enable",
+      "description": "Enables a existing SSL Passthrough Host",
+      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}/enable",
+      "access": "private",
+      "method": "POST",
+      "rel": "update",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      },
+      "targetSchema": {
+        "type": "boolean"
+      }
+    },
+    {
+      "title": "Disable",
+      "description": "Disables a existing SSL Passthrough Host",
+      "href": "/nginx/ssl-passthrough-hosts/{definitions.identity.example}/disable",
+      "access": "private",
+      "method": "POST",
+      "rel": "update",
+      "http_header": {
+        "$ref": "../examples.json#/definitions/auth_header"
+      },
+      "targetSchema": {
+        "type": "boolean"
+      }
+    }
+  ]
+}
--- a/backend/schema/index.json
+++ b/backend/schema/index.json
@ -26,6 +26,9 @@
    "dead-hosts": {
      "$ref": "endpoints/dead-hosts.json"
    },
+    "ssl-passthrough-hosts": {
+      "$ref": "endpoints/ssl-passthrough-hosts.json"
+    },
    "streams": {
      "$ref": "endpoints/streams.json"
    },
--- a/backend/setup.js
+++ b/backend/setup.js
@ -1,15 +1,17 @@
-const fs                  = require('fs');
-const NodeRSA             = require('node-rsa');
-const config              = require('config');
-const logger              = require('./logger').setup;
-const certificateModel    = require('./models/certificate');
-const userModel           = require('./models/user');
-const userPermissionModel = require('./models/user_permission');
-const utils               = require('./lib/utils');
-const authModel           = require('./models/auth');
-const settingModel        = require('./models/setting');
-const dns_plugins         = require('./global/certbot-dns-plugins');
-const debug_mode          = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
+const fs                   = require('fs');
+const NodeRSA              = require('node-rsa');
+const config               = require('config');
+const logger               = require('./logger').setup;
+const certificateModel     = require('./models/certificate');
+const userModel            = require('./models/user');
+const userPermissionModel  = require('./models/user_permission');
+const utils                = require('./lib/utils');
+const authModel            = require('./models/auth');
+const settingModel         = require('./models/setting');
+const passthroughHostModel = require('./models/ssl_passthrough_host');
+const dns_plugins          = require('./global/certbot-dns-plugins');
+const internalNginx        = require('./internal/nginx');
+const debug_mode           = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;

 /**
 * Creates a new JWT RSA Keypair if not alread set on the config
@ -105,14 +107,15 @@ const setupDefaultUser = () => {
 							})
 							.then(() => {
 								return userPermissionModel.query().insert({
-									user_id:           user.id,
-									visibility:        'all',
-									proxy_hosts:       'manage',
-									redirection_hosts: 'manage',
-									dead_hosts:        'manage',
-									streams:           'manage',
-									access_lists:      'manage',
-									certificates:      'manage',
+									user_id:               user.id,
+									visibility:            'all',
+									proxy_hosts:           'manage',
+									redirection_hosts:     'manage',
+									dead_hosts:            'manage',
+									ssl_passthrough_hosts: 'manage',
+									streams:               'manage',
+									access_lists:          'manage',
+									certificates:          'manage',
 								});
 							});
 					})
@ -175,7 +178,7 @@ const setupCertbotPlugins = () => {
 				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
 						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
-						const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`;
+						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;

 						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);

@ -222,10 +225,19 @@ const setupLogrotation = () => {
 	return runLogrotate();
 };

+/**
+ * Makes sure the ssl passthrough option is reflected in the nginx config
+ * @returns {Promise}
+ */
+const setupSslPassthrough = () => {
+	return internalNginx.configure(passthroughHostModel, 'ssl_passthrough_host', {});
+};
+
 module.exports = function () {
 	return setupJwt()
 		.then(setupDefaultUser)
 		.then(setupDefaultSettings)
 		.then(setupCertbotPlugins)
-		.then(setupLogrotation);
+		.then(setupLogrotation)
+		.then(setupSslPassthrough);
 };
--- a/backend/templates/ssl_passthrough_host.conf
+++ b/backend/templates/ssl_passthrough_host.conf
@ -0,0 +1,41 @@
+# ------------------------------------------------------------
+# SSL Passthrough hosts
+# ------------------------------------------------------------
+
+map $ssl_preread_server_name $name {
+{% for host in all_passthrough_hosts %}
+{% if host.enabled %}
+  {{ host.domain_name }} ssl_passthrough_{{ host.domain_name }};
+{% endif %}
+{% endfor %}
+  default https_default_backend;
+}
+
+{% for host in all_passthrough_hosts %}
+{% if host.enabled %}
+upstream ssl_passthrough_{{ host.domain_name }} {
+  server {{host.forwarding_host}}:{{host.forwarding_port}};
+}
+{% endif %}
+{% endfor %}
+
+upstream https_default_backend {
+    server 127.0.0.1:443;
+}
+
+server {
+  listen 444;
+{% if ipv6 -%}
+  listen [::]:444;
+{% else -%}
+  #listen [::]:444;
+{% endif %}
+
+  proxy_pass $name;
+  ssl_preread on;
+
+  error_log /data/logs/ssl-passthrough-hosts_error.log warn;
+
+  # Custom
+  include /data/nginx/custom/server_ssl_passthrough[.]conf;
+}
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -77,10 +77,10 @@ acorn@^7.1.1:
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c"
  integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==

-ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.0:
-  version "6.12.3"
-  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.3.tgz#18c5af38a111ddeb4f2697bd78d68abc1cabd706"
-  integrity sha512-4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA==
+ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.0, ajv@^6.12.6:
+  version "6.12.6"
+  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
+  integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==
  dependencies:
    fast-deep-equal "^3.1.1"
    fast-json-stable-stringify "^2.0.0"
@ -2572,12 +2572,12 @@ object.pick@^1.2.0, object.pick@^1.3.0:
  dependencies:
    isobject "^3.0.1"

-objection@^2.1.3:
-  version "2.2.2"
-  resolved "https://registry.yarnpkg.com/objection/-/objection-2.2.2.tgz#1a3c9010270e3677940d2bc91aeaeb3c0f103800"
-  integrity sha512-+1Ap7u9NQRochzDW5/BggUlKi94JfZGTJwQJuNXo8DwmAb8czEirvxcWBcX91/MmQq0BQUJjM4RPSiZhnkkWQw==
+objection@^2.2.16:
+  version "2.2.16"
+  resolved "https://registry.yarnpkg.com/objection/-/objection-2.2.16.tgz#552ec6d625a7f80d6e204fc63732cbd3fc56f31c"
+  integrity sha512-sq8erZdxW5ruPUK6tVvwDxyO16U49XAn/BmOm2zaNhNA2phOPCe2/7+R70nDEF1SFrgJOrwDu/PtoxybuJxnjQ==
  dependencies:
-    ajv "^6.12.0"
+    ajv "^6.12.6"
    db-errors "^0.2.3"

 on-finished@~2.3.0:
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -10,7 +10,8 @@ services:
    ports:
      - 3080:80
      - 3081:81
-      - 3443:443
+      - 3443:443 # Ususally you would only have this one
+      - 3444:444 # This is to test ssl passthrough
    networks:
      - nginx_proxy_manager
    environment:
@ -22,6 +23,7 @@ services:
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
+      # ENABLE_SSL_PASSTHROUGH: "true"
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # DISABLE_IPV6: "true"
    volumes:
@ -39,6 +41,8 @@ services:
    container_name: npm_db
    networks:
      - nginx_proxy_manager
+    ports:
+      - 33306:3306
    environment:
      MYSQL_ROOT_PASSWORD: "npm"
      MYSQL_DATABASE: "npm"
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -85,6 +85,7 @@ http {

 stream {
 	# Files generated by NPM
+	include /data/nginx/ssl_passthrough_host/hosts[.]conf;
 	include /data/nginx/stream/*.conf;

 	# Custom
--- a/docker/rootfs/etc/services.d/nginx/run
+++ b/docker/rootfs/etc/services.d/nginx/run
@ -12,6 +12,7 @@ mkdir -p /tmp/nginx/body \
 	/data/nginx/default_www \
 	/data/nginx/proxy_host \
 	/data/nginx/redirection_host \
+	/data/nginx/ssl_passthrough_host \
 	/data/nginx/stream \
 	/data/nginx/dead_host \
 	/data/nginx/temp \
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@ -172,3 +172,28 @@ value by specifying it as a Docker environment variable. The default if not spec
    X_FRAME_OPTIONS: "sameorigin"
  ...
 ```
+
+## SSL Passthrough
+
+SSL Passthrough will allow you to proxy a server without [SSL termination](https://en.wikipedia.org/wiki/TLS_termination_proxy). This means the SSL encryption of the server will be passed right through the proxy, retaining the original certificate.  
+
+Because of the SSL encryption the proxy does not know anything about the traffic and it just relies on an SSL feature called [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication) to know where to send this network packet. This also means if the client does not provide this additional information, accessing the site through the proxy won't be possible. But most modern browsers include this information a HTTPS requests.
+
+Due to nginx constraints using SSL Passthrough comes with **a performance penalty for other hosts**, since all hosts (including normal proxy hosts) now have to pass through this additional step and basically being proxied twice. If you want to retain the upstream SSL certificate but do not need your service to be available on port 443, it is recommended to use a stream host instead.
+
+To enable SSL Passthrough on your npm instance you need to do two things: add the environment variable `ENABLE_SSL_PASSTHROUGH` with the value `"true"`, and expose port 444 instead of 443 to the outside as port 443.
+
+```yml
+version: '3'
+services:
+  app:
+    ...
+    ports:
+      - '80:80'
+      - '81:81'
+      - '443:444' # Expose internal port 444 instead of 443 as SSL port
+    environment:
+      ...
+      ENABLE_SSL_PASSTHROUGH: "true" # Enable SSL Passthrough
+    ...
+```
--- a/docs/package.json
+++ b/docs/package.json
@ -443,7 +443,7 @@
    "normalize-url": "^5.1.0",
    "npm-run-path": "^4.0.1",
    "nprogress": "^0.2.0",
-    "nth-check": "^1.0.2",
+    "nth-check": "^2.0.1",
    "num2fraction": "^1.2.2",
    "number-is-nan": "^2.0.0",
    "oauth-sign": "^0.9.0",
@ -612,7 +612,7 @@
    "serve-index": "^1.9.1",
    "serve-static": "^1.14.1",
    "set-blocking": "^2.0.0",
-    "set-value": "^3.0.2",
+    "set-value": "^4.0.1",
    "setimmediate": "^1.0.5",
    "setprototypeof": "^1.2.0",
    "sha.js": "^2.4.11",
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -1624,9 +1624,9 @@ ansi-regex@^4.1.0:
  integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==

 ansi-regex@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
-  integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
+  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==

 ansi-styles@^2.2.1:
  version "2.2.1"
@ -6726,6 +6726,13 @@ nth-check@^1.0.2, nth-check@~1.0.1:
  dependencies:
    boolbase "~1.0.0"

+nth-check@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-2.0.1.tgz#2efe162f5c3da06a28959fbd3db75dbeea9f0fc2"
+  integrity sha512-it1vE95zF6dTT9lBsYbxvqh0Soy4SPowchj0UBGj/V6cTPnXXtQOPUbhZ6CmGzAD/rW22LQK6E96pcdJXk4A4w==
+  dependencies:
+    boolbase "^1.0.0"
+
 num2fraction@^1.2.2:
  version "1.2.2"
  resolved "https://registry.yarnpkg.com/num2fraction/-/num2fraction-1.2.2.tgz#6f682b6a027a4e9ddfa4564cd2589d1d4e669ede"
@ -7699,9 +7706,9 @@ pretty-time@^1.1.0:
  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==

 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.24.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac"
-  integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ==
+  version "1.25.0"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.25.0.tgz#6f822df1bdad965734b310b315a23315cf999756"
+  integrity sha512-WCjJHl1KEWbnkQom1+SzftbtXMKQoezOCYs5rECqMN+jP+apI7ftoflyqigqzopSO3hMhTEb0mFClA8lkolgEg==

 private@^0.1.8:
  version "0.1.8"
@ -8436,13 +8443,20 @@ set-value@^2.0.0, set-value@^2.0.1:
    is-plain-object "^2.0.3"
    split-string "^3.0.1"

-set-value@^3.0.0, set-value@^3.0.2:
+set-value@^3.0.0:
  version "3.0.2"
  resolved "https://registry.yarnpkg.com/set-value/-/set-value-3.0.2.tgz#74e8ecd023c33d0f77199d415409a40f21e61b90"
  integrity sha512-npjkVoz+ank0zjlV9F47Fdbjfj/PfXyVhZvGALWsyIYU/qrMzpi6avjKW3/7KeSU2Df3I46BrN1xOI1+6vW0hA==
  dependencies:
    is-plain-object "^2.0.4"

+set-value@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/set-value/-/set-value-4.0.1.tgz#bc23522ade2d52314ec3b5d6fb140f5cd3a88acf"
+  integrity sha512-ayATicCYPVnlNpFmjq2/VmVwhoCQA9+13j8qWp044fmFE3IFphosPtRM+0CJ5xoIx5Uy52fCcwg3XeH2pHbbPQ==
+  dependencies:
+    is-plain-object "^2.0.4"
+
 setimmediate@^1.0.4, setimmediate@^1.0.5:
  version "1.0.5"
  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
--- a/frontend/js/app/api.js
+++ b/frontend/js/app/api.js
@ -515,6 +515,76 @@ module.exports = {
            }
        },

+        SslPassthroughHosts: {
+            /**
+             * @param   {Array}    [expand]
+             * @param   {String}   [query]
+             * @returns {Promise}
+             */
+            getFeatureEnabled: function () {
+                return fetch('get', 'ssl-passthrough-enabled');
+            },
+
+            /**
+             * @param   {Array}    [expand]
+             * @param   {String}   [query]
+             * @returns {Promise}
+             */
+            getAll: function (expand, query) {
+                return getAllObjects('nginx/ssl-passthrough-hosts', expand, query);
+            },
+
+            /**
+             * @param {Object}  data
+             */
+            create: function (data) {
+                return fetch('post', 'nginx/ssl-passthrough-hosts', data);
+            },
+
+            /**
+             * @param   {Object}   data
+             * @param   {Number}   data.id
+             * @returns {Promise}
+             */
+            update: function (data) {
+                let id = data.id;
+                delete data.id;
+                return fetch('put', 'nginx/ssl-passthrough-hosts/' + id, data);
+            },
+
+            /**
+             * @param   {Number}  id
+             * @returns {Promise}
+             */
+            delete: function (id) {
+                return fetch('delete', 'nginx/ssl-passthrough-hosts/' + id);
+            },
+
+            /**
+             * @param   {Number}  id
+             * @returns {Promise}
+             */
+            get: function (id) {
+                return fetch('get', 'nginx/ssl-passthrough-hosts/' + id);
+            },
+
+            /**
+             * @param   {Number}  id
+             * @returns {Promise}
+             */
+            enable: function (id) {
+                return fetch('post', 'nginx/ssl-passthrough-hosts/' + id + '/enable');
+            },
+
+            /**
+             * @param   {Number}  id
+             * @returns {Promise}
+             */
+            disable: function (id) {
+                return fetch('post', 'nginx/ssl-passthrough-hosts/' + id + '/disable');
+            }
+        },
+
        DeadHosts: {
            /**
             * @param   {Array}    [expand]
--- a/frontend/js/app/controller.js
+++ b/frontend/js/app/controller.js
@ -221,6 +221,46 @@ module.exports = {
        }
    },

+     /**
+     * Nginx SSL Passthrough Hosts
+     */
+      showNginxSslPassthrough: function () {
+        if (Cache.User.isAdmin() || Cache.User.canView('ssl_passthrough_hosts')) {
+            let controller = this;
+
+            require(['./main', './nginx/ssl-passthrough/main'], (App, View) => {
+                controller.navigate('/nginx/ssl-passthrough');
+                App.UI.showAppContent(new View());
+            });
+        }
+    },
+
+    /**
+     * SSL Passthrough Hosts Form
+     *
+     * @param [model]
+     */
+     showNginxSslPassthroughForm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('ssl_passthrough_hosts')) {
+            require(['./main', './nginx/ssl-passthrough/form'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
+
+    /**
+     * SSL Passthrough Hosts Delete Confirm
+     *
+     * @param model
+     */
+     showNginxSslPassthroughDeleteConfirm: function (model) {
+        if (Cache.User.isAdmin() || Cache.User.canManage('ssl_passthrough_hosts')) {
+            require(['./main', './nginx/ssl-passthrough/delete'], function (App, View) {
+                App.UI.showModalDialog(new View({model: model}));
+            });
+        }
+    },
+
    /**
     * Nginx Dead Hosts
     */
--- a/frontend/js/app/nginx/ssl-passthrough/delete.ejs
+++ b/frontend/js/app/nginx/ssl-passthrough/delete.ejs
@ -0,0 +1,19 @@
+<div class="modal-content">
+    <div class="modal-header">
+        <h5 class="modal-title"><%- i18n('ssl-passthrough-hosts', 'delete') %></h5>
+        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
+    </div>
+    <div class="modal-body">
+        <form>
+            <div class="row">
+                <div class="col-sm-12 col-md-12">
+                    <%= i18n('ssl-passthrough-hosts', 'delete-confirm') %>
+                </div>
+            </div>
+        </form>
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
+        <button type="button" class="btn btn-danger save"><%- i18n('str', 'sure') %></button>
+    </div>
+</div>
--- a/frontend/js/app/nginx/ssl-passthrough/delete.js
+++ b/frontend/js/app/nginx/ssl-passthrough/delete.js
@ -0,0 +1,32 @@
+const Mn       = require('backbone.marionette');
+const App      = require('../../main');
+const template = require('./delete.ejs');
+
+module.exports = Mn.View.extend({
+    template:  template,
+    className: 'modal-dialog',
+
+    ui: {
+        form:    'form',
+        buttons: '.modal-footer button',
+        cancel:  'button.cancel',
+        save:    'button.save'
+    },
+
+    events: {
+
+        'click @ui.save': function (e) {
+            e.preventDefault();
+
+            App.Api.Nginx.SslPassthroughHosts.delete(this.model.get('id'))
+                .then(() => {
+                    App.Controller.showNginxSslPassthrough();
+                    App.UI.closeModal();
+                })
+                .catch(err => {
+                    alert(err.message);
+                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                });
+        }
+    }
+});
--- a/frontend/js/app/nginx/ssl-passthrough/form.ejs
+++ b/frontend/js/app/nginx/ssl-passthrough/form.ejs
@ -0,0 +1,34 @@
+<div class="modal-content">
+    <div class="modal-header">
+        <h5 class="modal-title"><%- i18n('ssl-passthrough-hosts', 'form-title', {id: id}) %></h5>
+        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
+    </div>
+    <div class="modal-body">
+        <form>
+            <div class="row">
+                <div class="col-sm-12 col-md-12">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('all-hosts', 'domain-name') %> <span class="form-required">*</span></label>
+                        <input type="text" name="domain_name" class="form-control" id="input-domain" placeholder="example.com" value="<%- domain_name %>" required>
+                    </div>
+                </div>
+                <div class="col-sm-8 col-md-8">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('ssl-passthrough-hosts', 'forwarding-host') %><span class="form-required">*</span></label>
+                        <input type="text" name="forwarding_host" class="form-control text-monospace" placeholder="example.com or 10.0.0.1 or 2001:db8:3333:4444:5555:6666:7777:8888" value="<%- forwarding_host %>" autocomplete="off" maxlength="255" required>
+                    </div>
+                </div>
+                <div class="col-sm-4 col-md-4">
+                    <div class="form-group">
+                        <label class="form-label"><%- i18n('ssl-passthrough-hosts', 'forwarding-port') %> <span class="form-required">*</span></label>
+                        <input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 443" value="<%- forwarding_port %>" required>
+                    </div>
+                </div>
+            </div>
+        </form>
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
+        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+    </div>
+</div>
--- a/frontend/js/app/nginx/ssl-passthrough/form.js
+++ b/frontend/js/app/nginx/ssl-passthrough/form.js
@ -0,0 +1,74 @@
+const Mn                  = require('backbone.marionette');
+const App                 = require('../../main');
+const SslPassthroughModel = require('../../../models/ssl-passthrough-host');
+const template            = require('./form.ejs');
+
+require('jquery-serializejson');
+require('jquery-mask-plugin');
+require('selectize');
+
+module.exports = Mn.View.extend({
+    template:  template,
+    className: 'modal-dialog',
+
+    ui: {
+        form:            'form',
+        forwarding_host: 'input[name="forwarding_host"]',
+        buttons:         '.modal-footer button',
+        cancel:          'button.cancel',
+        save:            'button.save'
+    },
+
+    events: {
+        'change @ui.switches': function () {
+            this.ui.type_error.hide();
+        },
+
+        'click @ui.save': function (e) {
+            e.preventDefault();
+
+            if (!this.ui.form[0].checkValidity()) {
+                $('<input type="submit">').hide().appendTo(this.ui.form).click().remove();
+                return;
+            }
+
+            let view = this;
+            let data = this.ui.form.serializeJSON();
+
+            // Manipulate
+            data.forwarding_port = parseInt(data.forwarding_port, 10);
+
+            let method = App.Api.Nginx.SslPassthroughHosts.create;
+            let is_new = true;
+
+            if (this.model.get('id')) {
+                // edit
+                is_new  = false;
+                method  = App.Api.Nginx.SslPassthroughHosts.update;
+                data.id = this.model.get('id');
+            }
+
+            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            method(data)
+                .then(result => {
+                    view.model.set(result);
+
+                    App.UI.closeModal(function () {
+                        if (is_new) {
+                            App.Controller.showNginxSslPassthrough();
+                        }
+                    });
+                })
+                .catch(err => {
+                    alert(err.message);
+                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                });
+        }
+    },
+
+    initialize: function (options) {
+        if (typeof options.model === 'undefined' || !options.model) {
+            this.model = new SslPassthroughModel.Model();
+        }
+    }
+});
--- a/frontend/js/app/nginx/ssl-passthrough/list/item.ejs
+++ b/frontend/js/app/nginx/ssl-passthrough/list/item.ejs
@ -0,0 +1,43 @@
+<td class="text-center">
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
+    </div>
+</td>
+<td>
+    <div class="text-monospace">
+        <%- domain_name %>
+    </div>
+    <div class="small text-muted">
+        <%- i18n('str', 'created-on', {date: formatDbDate(created_on, 'Do MMMM YYYY')}) %>
+    </div>
+</td>
+<td>
+    <div class="text-monospace"><%- forwarding_host %>:<%- forwarding_port %></div>
+</td>
+<td>
+    <%
+    var o = isOnline();
+    if (!enabled) { %>
+        <span class="status-icon bg-warning"></span> <%- i18n('str', 'disabled') %>
+    <% } else if (o === true) { %>
+        <span class="status-icon bg-success"></span> <%- i18n('str', 'online') %>
+    <% } else if (o === false) { %>
+        <span title="<%- getOfflineError() %>"><span class="status-icon bg-danger"></span> <%- i18n('str', 'offline') %></span>
+    <% } else { %>
+        <span class="status-icon bg-warning"></span> <%- i18n('str', 'unknown') %>
+    <% } %>
+</td>
+<% if (canManage) { %>
+<td class="text-right">
+    <div class="item-action dropdown">
+        <a href="#" data-toggle="dropdown" class="icon"><i class="fe fe-more-vertical"></i></a>
+        <div class="dropdown-menu dropdown-menu-right">
+            <span class="dropdown-header"><%- i18n('audit-log', 'ssl-passthrough-host') %> #<%- id %></span>
+            <a href="#" class="edit dropdown-item"><i class="dropdown-icon fe fe-edit"></i> <%- i18n('str', 'edit') %></a>
+            <a href="#" class="able dropdown-item"><i class="dropdown-icon fe fe-power"></i> <%- i18n('str', enabled ? 'disable' : 'enable') %></a>
+            <div class="dropdown-divider"></div>
+            <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
+        </div>
+    </div>
+</td>
+<% } %>
--- a/frontend/js/app/nginx/ssl-passthrough/list/item.js
+++ b/frontend/js/app/nginx/ssl-passthrough/list/item.js
@ -0,0 +1,54 @@
+const Mn       = require('backbone.marionette');
+const App      = require('../../../main');
+const template = require('./item.ejs');
+
+module.exports = Mn.View.extend({
+    template: template,
+    tagName:  'tr',
+
+    ui: {
+        able:   'a.able',
+        edit:   'a.edit',
+        delete: 'a.delete'
+    },
+
+    events: {
+        'click @ui.able': function (e) {
+            e.preventDefault();
+            let id = this.model.get('id');
+            App.Api.Nginx.SslPassthroughHosts[this.model.get('enabled') ? 'disable' : 'enable'](id)
+                .then(() => {
+                    return App.Api.Nginx.SslPassthroughHosts.get(id)
+                        .then(row => {
+                            this.model.set(row);
+                        });
+                });
+        },
+
+        'click @ui.edit': function (e) {
+            e.preventDefault();
+            App.Controller.showNginxSslPassthroughForm(this.model);
+        },
+
+        'click @ui.delete': function (e) {
+            e.preventDefault();
+            App.Controller.showNginxSslPassthroughDeleteConfirm(this.model);
+        }
+    },
+
+    templateContext: {
+        canManage: App.Cache.User.canManage('ssl_passthrough_hosts'),
+
+        isOnline: function () {
+            return typeof this.meta.nginx_online === 'undefined' ? null : this.meta.nginx_online;
+        },
+
+        getOfflineError: function () {
+            return this.meta.nginx_err || '';
+        }
+    },
+
+    initialize: function () {
+        this.listenTo(this.model, 'change', this.render);
+    }
+});
--- a/frontend/js/app/nginx/ssl-passthrough/list/main.ejs
+++ b/frontend/js/app/nginx/ssl-passthrough/list/main.ejs
@ -0,0 +1,12 @@
+<thead>
+    <th width="30">&nbsp;</th>
+    <th><%- i18n('all-hosts', 'domain-name') %></th>
+    <th><%- i18n('str', 'destination') %></th>
+    <th><%- i18n('str', 'status') %></th>
+    <% if (canManage) { %>
+    <th>&nbsp;</th>
+    <% } %>
+</thead>
+<tbody>
+    <!-- items -->
+</tbody>
--- a/frontend/js/app/nginx/ssl-passthrough/list/main.js
+++ b/frontend/js/app/nginx/ssl-passthrough/list/main.js
@ -0,0 +1,32 @@
+const Mn       = require('backbone.marionette');
+const App      = require('../../../main');
+const ItemView = require('./item');
+const template = require('./main.ejs');
+
+const TableBody = Mn.CollectionView.extend({
+    tagName:   'tbody',
+    childView: ItemView
+});
+
+module.exports = Mn.View.extend({
+    tagName:   'table',
+    className: 'table table-hover table-outline table-vcenter card-table',
+    template:  template,
+
+    regions: {
+        body: {
+            el:             'tbody',
+            replaceElement: true
+        }
+    },
+
+    templateContext: {
+        canManage: App.Cache.User.canManage('ssl_passthrough_hosts')
+    },
+
+    onRender: function () {
+        this.showChildView('body', new TableBody({
+            collection: this.collection
+        }));
+    }
+});
--- a/frontend/js/app/nginx/ssl-passthrough/main.ejs
+++ b/frontend/js/app/nginx/ssl-passthrough/main.ejs
@ -0,0 +1,23 @@
+<div class="card">
+    <div class="card-status bg-dark"></div>
+    <div class="card-header">
+        <h3 class="card-title"><%- i18n('ssl-passthrough-hosts', 'title') %></h3>
+        <div class="card-options">
+            <a href="#" class="btn btn-outline-secondary btn-sm ml-2 help"><i class="fe fe-help-circle"></i></a>
+            <% if (showAddButton) { %>
+            <a href="#" class="btn btn-outline-dark btn-sm ml-2 add-item"><%- i18n('ssl-passthrough-hosts', 'add') %></a>
+            <% } %>
+        </div>
+    </div>
+    <div class="card-body no-padding min-100">
+        <div id="ssl-passthrough-disabled-info" class="alert alert-danger rounded-0 mb-0">
+            <%= i18n('ssl-passthrough-hosts', 'is-disabled-warning', {url: 'https://nginxproxymanager.com/advanced-config/#ssl-passthrough'}) %>
+        </div>
+        <div class="dimmer active">
+            <div class="loader"></div>
+            <div class="dimmer-content list-region">
+                <!-- List Region -->
+            </div>
+        </div>
+    </div>
+</div>
--- a/frontend/js/app/nginx/ssl-passthrough/main.js
+++ b/frontend/js/app/nginx/ssl-passthrough/main.js
@ -0,0 +1,91 @@
+const Mn                  = require('backbone.marionette');
+const App                 = require('../../main');
+const SslPassthroughModel = require('../../../models/ssl-passthrough-host');
+const ListView            = require('./list/main');
+const ErrorView           = require('../../error/main');
+const EmptyView           = require('../../empty/main');
+const template            = require('./main.ejs');
+
+module.exports = Mn.View.extend({
+    id:       'nginx-ssl-passthrough',
+    template: template,
+
+    ui: {
+        list_region:   '.list-region',
+        add:           '.add-item',
+        help:          '.help',
+        dimmer:        '.dimmer',
+        disabled_info: '#ssl-passthrough-disabled-info'
+    },
+
+    regions: {
+        list_region: '@ui.list_region'
+    },
+
+    events: {
+        'click @ui.add': function (e) {
+            e.preventDefault();
+            App.Controller.showNginxSslPassthroughForm();
+        },
+
+        'click @ui.help': function (e) {
+            e.preventDefault();
+            App.Controller.showHelp(App.i18n('ssl-passthrough-hosts', 'help-title'), App.i18n('ssl-passthrough-hosts', 'help-content'));
+        }
+    },
+
+    templateContext: {
+        showAddButton: App.Cache.User.canManage('ssl_passthrough_hosts')
+    },
+
+    onRender: function () {
+        let view = this;
+        view.ui.disabled_info.hide();
+
+        App.Api.Nginx.SslPassthroughHosts.getFeatureEnabled().then((response) => {
+            if (response.ssl_passthrough_enabled === false) {
+                view.ui.disabled_info.show();
+            } else {
+                view.ui.disabled_info.hide();
+            }
+        });
+
+        App.Api.Nginx.SslPassthroughHosts.getAll(['owner'])
+            .then(response => {
+                if (!view.isDestroyed()) {
+                    if (response && response.length) {
+                        view.showChildView('list_region', new ListView({
+                            collection: new SslPassthroughModel.Collection(response)
+                        }));
+                    } else {
+                        let manage = App.Cache.User.canManage('ssl_passthrough_hosts');
+
+                        view.showChildView('list_region', new EmptyView({
+                            title:      App.i18n('ssl-passthrough-hosts', 'empty'),
+                            subtitle:   App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
+                            link:       manage ? App.i18n('ssl-passthrough-hosts', 'add') : null,
+                            btn_color:  'dark',
+                            permission: 'ssl-passthrough-hosts',
+                            action:     function () {
+                                App.Controller.showNginxSslPassthroughForm();
+                            }
+                        }));
+                    }
+                }
+            })
+            .catch(err => {
+                view.showChildView('list_region', new ErrorView({
+                    code:    err.code,
+                    message: err.message,
+                    retry:   function () {
+                        App.Controller.showNginxSslPassthrough();
+                    }
+                }));
+
+                console.error(err);
+            })
+            .then(() => {
+                view.ui.dimmer.removeClass('active');
+            });
+    }
+});
--- a/frontend/js/app/router.js
+++ b/frontend/js/app/router.js
@ -4,16 +4,17 @@ const Controller = require('./controller');
 module.exports = AppRouter.default.extend({
    controller: Controller,
    appRoutes:  {
-        users:                'showUsers',
-        logout:               'logout',
-        'nginx/proxy':        'showNginxProxy',
-        'nginx/redirection':  'showNginxRedirection',
-        'nginx/404':          'showNginxDead',
-        'nginx/stream':       'showNginxStream',
-        'nginx/access':       'showNginxAccess',
-        'nginx/certificates': 'showNginxCertificates',
-        'audit-log':          'showAuditLog',
-        'settings':           'showSettings',
-        '*default':           'showDashboard'
+        users:                   'showUsers',
+        logout:                  'logout',
+        'nginx/proxy':           'showNginxProxy',
+        'nginx/redirection':     'showNginxRedirection',
+        'nginx/404':             'showNginxDead',
+        'nginx/ssl-passthrough': 'showNginxSslPassthrough',
+        'nginx/stream':          'showNginxStream',
+        'nginx/access':          'showNginxAccess',
+        'nginx/certificates':    'showNginxCertificates',
+        'audit-log':             'showAuditLog',
+        'settings':              'showSettings',
+        '*default':              'showDashboard'
    }
 });
--- a/frontend/js/app/ui/header/main.ejs
+++ b/frontend/js/app/ui/header/main.ejs
@ -1,5 +1,8 @@
 <div class="container">
    <div class="d-flex">
+        <button class="navbar-toggler d-lg-none mr-2" type="button" data-toggle="collapse" data-target="#menu">
+            <span class="navbar-toggler-icon"></span>
+        </button>
        <a class="navbar-brand" href="/">
            <img src="/images/favicons/favicon-32x32.png" border="0"> &nbsp; <%- i18n('main', 'app') %>
        </a>
--- a/frontend/js/app/ui/main.ejs
+++ b/frontend/js/app/ui/main.ejs
@ -1,9 +1,11 @@
 <div class="page-main">
-    <div class="header" id="header">
-        <!-- Header View -->
-    </div>
-    <div id="menu">
-        <!-- Menu View -->
+    <div class="navbar-light">
+        <div class="header" id="header">
+            <!-- Header View -->
+        </div>
+        <div id="menu">
+            <!-- Menu View -->
+        </div>
    </div>
    <div class="my-3 my-md-5">
        <div id="app-content" class="container">
--- a/frontend/js/app/ui/menu/main.ejs
+++ b/frontend/js/app/ui/menu/main.ejs
@ -20,6 +20,10 @@
                        <a href="/nginx/stream" class="dropdown-item "><%- i18n('streams', 'title') %></a>
                        <% } %>

+                        <% if (canShow('ssl_passthrough_hosts')) { %>
+                        <a href="/nginx/ssl-passthrough" class="dropdown-item "><%- i18n('ssl-passthrough-hosts', 'title') %></a>
+                        <% } %>
+
                        <% if (canShow('dead_hosts')) { %>
                        <a href="/nginx/404" class="dropdown-item "><%- i18n('dead-hosts', 'title') %></a>
                        <% } %>
--- a/frontend/js/app/user/permissions.ejs
+++ b/frontend/js/app/user/permissions.ejs
@ -31,9 +31,9 @@
                </div>

                <%
-                var list = ['proxy-hosts', 'redirection-hosts', 'dead-hosts', 'streams', 'access-lists', 'certificates'];
+                var list = ['proxy-hosts', 'redirection-hosts', 'dead-hosts', 'streams', 'ssl-passthrough-hosts', 'access-lists', 'certificates'];
                list.map(function(item) {
-                    var perm = item.replace('-', '_');
+                    var perm = item.replace(/-/g, '_');
                    %>
                    <div class="col-sm-12 col-md-12">
                        <div class="form-group">
--- a/frontend/js/app/user/permissions.js
+++ b/frontend/js/app/user/permissions.js
@ -29,12 +29,13 @@ module.exports = Mn.View.extend({
            if (view.model.isAdmin()) {
                // Force some attributes for admin
                data = _.assign({}, data, {
-                    access_lists:      'manage',
-                    dead_hosts:        'manage',
-                    proxy_hosts:       'manage',
-                    redirection_hosts: 'manage',
-                    streams:           'manage',
-                    certificates:      'manage'
+                    access_lists:          'manage',
+                    dead_hosts:            'manage',
+                    proxy_hosts:           'manage',
+                    redirection_hosts:     'manage',
+                    ssl_passthrough_hosts: 'manage',
+                    streams:               'manage',
+                    certificates:          'manage'
                });
            }

--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -72,6 +72,7 @@
      "enable-ssl": "Enable SSL",
      "force-ssl": "Force SSL",
      "http2-support": "HTTP/2 Support",
+      "domain-name": "Domain Name",
      "domain-names": "Domain Names",
      "cert-provider": "Certificate Provider",
      "block-exploits": "Block Common Exploits",
@ -115,6 +116,19 @@
      "processing-info": "Processing... This might take a few minutes.",
      "passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
    },
+    "ssl-passthrough-hosts": {
+      "title": "SSL Passthrough Hosts",
+      "empty": "There are no SSL Passthrough Hosts",
+      "add": "Add SSL Passthrough Hosts",
+      "form-title": "{id, select, undefined{New} other{Edit}} SSL Passthrough Host",
+      "forwarding-host": "Forward Host",
+      "forwarding-port": "Forward Port",
+      "delete": "Delete SSL Passthrough Host",
+      "delete-confirm": "Are you sure you want to delete this SSL Passthrough Host?",
+      "is-disabled-warning": "SSL Passthrough Hosts are not enabled in the environment. Please see <a href=\"{url}\" target=\"_blank\">the docs</a> for more information.",
+      "help-title": "What is an SSL Passthrough Host?",
+      "help-content": "An SSL Passthrough Host will allow you to proxy a server without SSL termination. This means the SSL encryption of the server will be passed right through the proxy, retaining the upstream certificate.\n Because of the SSL encryption the proxy does not know anything about the traffic, and it just relies on an SSL feature called Server Name Indication to know where to send this packet. This also means if the client does not provide this additional information, accessing the site through the proxy won't be possible. But most modern browsers include this information in HTTP requests.\n\nDue to nginx constraints using SSL Passthrough comes with a performance penalty for other hosts, since all hosts (including normal proxy hosts) now have to pass through this additional step and basically being proxied twice. If you want to retain the upstream SSL certificate but do not need your service to be available on port 443, it is recommended to use a stream host instead."
+    },
    "proxy-hosts": {
      "title": "Proxy Hosts",
      "empty": "There are no Proxy Hosts",
@ -130,7 +144,7 @@
      "access-list": "Access List",
      "allow-websocket-upgrade": "Websockets Support",
      "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
-      "custom-forward-host-help": "Use 1.1.1.1/path for sub-folder forwarding"
+      "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path"
    },
    "redirection-hosts": {
      "title": "Redirection Hosts",
@ -248,6 +262,7 @@
      "proxy-host": "Proxy Host",
      "redirection-host": "Redirection Host",
      "dead-host": "404 Host",
+      "ssl-passthrough-host": "SSL Passthrough Host",
      "stream": "Stream",
      "user": "User",
      "certificate": "Certificate",
--- a/frontend/js/models/ssl-passthrough-host.js
+++ b/frontend/js/models/ssl-passthrough-host.js
@ -0,0 +1,27 @@
+const Backbone = require('backbone');
+
+const model = Backbone.Model.extend({
+    idAttribute: 'id',
+
+    defaults: function () {
+        return {
+            id:              undefined,
+            created_on:      null,
+            modified_on:     null,
+            domain_name:     null,
+            forwarding_host: null,
+            forwarding_port: null,
+            enabled:         true,
+            meta:            {},
+            // The following are expansions:
+            owner:           null
+        };
+    }
+});
+
+module.exports = {
+    Model:      model,
+    Collection: Backbone.Collection.extend({
+        model: model
+    })
+};
--- a/frontend/package.json
+++ b/frontend/package.json
@ -28,10 +28,10 @@
    "messageformat-loader": "^0.8.1",
    "mini-css-extract-plugin": "^0.9.0",
    "moment": "^2.24.0",
-    "node-sass": "^4.13.1",
+    "node-sass": "^6.0.1",
    "nodemon": "^2.0.2",
    "numeral": "^2.0.6",
-    "sass-loader": "^8.0.2",
+    "sass-loader": "10.2.0",
    "style-loader": "^1.1.3",
    "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
    "underscore": "^1.12.1",
--- a/frontend/scss/custom.scss
+++ b/frontend/scss/custom.scss
@ -12,6 +12,15 @@ a:hover {
    color: darken($primary-color, 10%);
 }

+.alert-danger a {
+    color: #6b1110;
+    text-decoration: underline;
+}
+
+a:hover {
+    color: darken(#6b1110, 10%);
+}
+
 .dropdown-header {
    padding-left: 1rem;
 }
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@ -9,7 +9,7 @@
 *    cloudflare: {
 *      display_name: "Name displayed to the user",
 *      package_name: "Package name in PyPi repo",
- *      package_version: "Package version in PyPi repo",
+ *      version_requirement: "Optional package version requirements (e.g. ==1.3 or >=1.2,<2.0, see https://www.python.org/dev/peps/pep-0440/#version-specifiers)",
 *      dependencies: "Additional dependencies, space separated (as you would pass it to pip install)",
 *      credentials: `Template of the credentials file`,
 *      full_plugin_name: "The full plugin name as used in the commandline with certbot, including prefixes, e.g. 'certbot-dns-njalla:dns-njalla'",
@ -22,30 +22,30 @@
 module.exports = {
 	//####################################################//
 	acmedns: {
-		display_name:    'ACME-DNS',
-		package_name:    'certbot-dns-acmedns',
-		package_version: '0.1.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
+		display_name:        'ACME-DNS',
+		package_name:        'certbot-dns-acmedns',
+		version_requirement: '~=0.1.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
 certbot_dns_acmedns:dns_acmedns_registration_file = /data/acme-registration.json`,
 		full_plugin_name: 'certbot-dns-acmedns:dns-acmedns',
 	},
 	aliyun: {
-		display_name:    'Aliyun',
-		package_name:    'certbot-dns-aliyun',
-		package_version: '0.38.1',
-		dependencies:    '',
-		credentials:     `certbot_dns_aliyun:dns_aliyun_access_key = 12345678
+		display_name:        'Aliyun',
+		package_name:        'certbot-dns-aliyun',
+		version_requirement: '~=0.38.1',
+		dependencies:        '',
+		credentials:         `certbot_dns_aliyun:dns_aliyun_access_key = 12345678
 certbot_dns_aliyun:dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef`,
 		full_plugin_name: 'certbot-dns-aliyun:dns-aliyun',
 	},
 	//####################################################//
 	azure: {
-		display_name:    'Azure',
-		package_name:    'certbot-dns-azure',
-		package_version: '1.2.0',
-		dependencies:    '',
-		credentials:     `# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.
+		display_name:        'Azure',
+		package_name:        'certbot-dns-azure',
+		version_requirement: '~=1.2.0',
+		dependencies:        '',
+		credentials:         `# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.
 # Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.
 # As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.

@ -67,165 +67,175 @@ dns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf274462
 	},
 	//####################################################//
 	cloudflare: {
-		display_name:    'Cloudflare',
-		package_name:    'certbot-dns-cloudflare',
-		package_version: '1.8.0',
-		dependencies:    'cloudflare',
-		credentials:     `# Cloudflare API token
+		display_name: 'Cloudflare',
+		package_name: 'certbot-dns-cloudflare',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: 'cloudflare',
+		credentials:  `# Cloudflare API token
 dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
 		full_plugin_name: 'dns-cloudflare',
 	},
 	//####################################################//
 	cloudns: {
-		display_name:    'ClouDNS',
-		package_name:    'certbot-dns-cloudns',
-		package_version: '0.4.0',
-		dependencies:    '',
-		credentials:     `# Target user ID (see https://www.cloudns.net/api-settings/)
+		display_name:        'ClouDNS',
+		package_name:        'certbot-dns-cloudns',
+		version_requirement: '~=0.4.0',
+		dependencies:        '',
+		credentials:         `# Target user ID (see https://www.cloudns.net/api-settings/)
 	dns_cloudns_auth_id=1234
 	# Alternatively, one of the following two options can be set:
 	# dns_cloudns_sub_auth_id=1234
-	# dns_cloudns_sub_auth_user=foobar 
-	
+	# dns_cloudns_sub_auth_user=foobar
+
 	# API password
 	dns_cloudns_auth_password=password1`,
 		full_plugin_name: 'dns-cloudns',
 	},
 	//####################################################//
 	cloudxns: {
-		display_name:    'CloudXNS',
-		package_name:    'certbot-dns-cloudxns',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
+		display_name: 'CloudXNS',
+		package_name: 'certbot-dns-cloudxns',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
 dns_cloudxns_secret_key = 1122334455667788`,
 		full_plugin_name: 'dns-cloudxns',
 	},
 	//####################################################//
 	corenetworks: {
-		display_name:    'Core Networks',
-		package_name:    'certbot-dns-corenetworks',
-		package_version: '0.1.4',
-		dependencies:    '',
-		credentials:     `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
+		display_name:        'Core Networks',
+		package_name:        'certbot-dns-corenetworks',
+		version_requirement: '~=0.1.4',
+		dependencies:        '',
+		credentials:         `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
 certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
 		full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
 	},
 	//####################################################//
 	cpanel: {
-		display_name:    'cPanel',
-		package_name:    'certbot-dns-cpanel',
-		package_version: '0.2.2',
-		dependencies:    '',
-		credentials:     `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
+		display_name:        'cPanel',
+		package_name:        'certbot-dns-cpanel',
+		version_requirement: '~=0.2.2',
+		dependencies:        '',
+		credentials:         `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
 certbot_dns_cpanel:cpanel_username = user
 certbot_dns_cpanel:cpanel_password = hunter2`,
 		full_plugin_name: 'certbot-dns-cpanel:cpanel',
 	},
 	//####################################################//
+	desec: {
+		display_name:        'deSEC',
+		package_name:        'certbot-dns-desec',
+		version_requirement: '~=0.3.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_desec:dns_desec_token = YOUR_DESEC_API_TOKEN
+certbot_dns_desec:dns_desec_endpoint = https://desec.io/api/v1/`,
+		full_plugin_name: 'certbot-dns-desec:dns-desec',
+	},
+	//####################################################//
 	duckdns: {
-		display_name:     'DuckDNS',
-		package_name:     'certbot-dns-duckdns',
-		package_version:  '0.6',
-		dependencies:     '',
-		credentials:      'dns_duckdns_token=your-duckdns-token',
-		full_plugin_name: 'dns-duckdns',
+		display_name:        'DuckDNS',
+		package_name:        'certbot-dns-duckdns',
+		version_requirement: '~=0.6',
+		dependencies:        '',
+		credentials:         'dns_duckdns_token=your-duckdns-token',
+		full_plugin_name:    'dns-duckdns',
 	},
 	//####################################################//
 	digitalocean: {
 		display_name:     'DigitalOcean',
 		package_name:     'certbot-dns-digitalocean',
-		package_version:  '1.8.0',
+		// version_requirement: '', // Official plugin, no version requirement
 		dependencies:     '',
 		credentials:      'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
 		full_plugin_name: 'dns-digitalocean',
 	},
 	//####################################################//
 	directadmin: {
-		display_name:    'DirectAdmin',
-		package_name:    'certbot-dns-directadmin',
-		package_version: '0.0.20',
-		dependencies:    '',
-		credentials:     `directadmin_url = https://my.directadminserver.com:2222
+		display_name:        'DirectAdmin',
+		package_name:        'certbot-dns-directadmin',
+		version_requirement: '~=0.0.23',
+		dependencies:        '',
+		credentials:         `directadmin_url = https://my.directadminserver.com:2222
 directadmin_username = username
 directadmin_password = aSuperStrongPassword`,
-		full_plugin_name: 'certbot-dns-directadmin:directadmin',
+		full_plugin_name: 'directadmin',
 	},
 	//####################################################//
 	dnsimple: {
 		display_name:     'DNSimple',
 		package_name:     'certbot-dns-dnsimple',
-		package_version:  '1.8.0',
+		// version_requirement: '', // Official plugin, no version requirement
 		dependencies:     '',
 		credentials:      'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
 		full_plugin_name: 'dns-dnsimple',
 	},
 	//####################################################//
 	dnsmadeeasy: {
-		display_name:    'DNS Made Easy',
-		package_name:    'certbot-dns-dnsmadeeasy',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
+		display_name: 'DNS Made Easy',
+		package_name: 'certbot-dns-dnsmadeeasy',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
 dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
 		full_plugin_name: 'dns-dnsmadeeasy',
 	},
 	//####################################################//
 	dnspod: {
-		display_name:    'DNSPod',
-		package_name:    'certbot-dns-dnspod',
-		package_version: '0.1.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
+		display_name:        'DNSPod',
+		package_name:        'certbot-dns-dnspod',
+		version_requirement: '~=0.1.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
 certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
 		full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
 	},
 	//####################################################//
 	dynu: {
-		display_name:     'Dynu',
-		package_name:     'certbot-dns-dynu',
-		package_version:  '0.0.1',
-		dependencies:     '',
-		credentials:      'certbot_dns_dynu:dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN',
-		full_plugin_name: 'certbot-dns-dynu:dns-dynu',
+		display_name:        'Dynu',
+		package_name:        'certbot-dns-dynu',
+		version_requirement: '~=0.0.1',
+		dependencies:        '',
+		credentials:         'certbot_dns_dynu:dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN',
+		full_plugin_name:    'certbot-dns-dynu:dns-dynu',
 	},
 	//####################################################//
 	eurodns: {
-		display_name:    'EuroDNS',
-		package_name:    'certbot-dns-eurodns',
-		package_version: '0.0.4',
-		dependencies:    '',
-		credentials:     `dns_eurodns_applicationId = myuser
+		display_name:        'EuroDNS',
+		package_name:        'certbot-dns-eurodns',
+		version_requirement: '~=0.0.4',
+		dependencies:        '',
+		credentials:         `dns_eurodns_applicationId = myuser
 dns_eurodns_apiKey = mysecretpassword
 dns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy`,
 		full_plugin_name: 'certbot-dns-eurodns:dns-eurodns',
 	},
 	//####################################################//
 	gandi: {
-		display_name:     'Gandi Live DNS',
-		package_name:     'certbot_plugin_gandi',
-		package_version:  '1.2.5',
-		dependencies:     '',
-		credentials:      'certbot_plugin_gandi:dns_api_key = APIKEY',
-		full_plugin_name: 'certbot-plugin-gandi:dns',
+		display_name:        'Gandi Live DNS',
+		package_name:        'certbot_plugin_gandi',
+		version_requirement: '~=1.2.5',
+		dependencies:        '',
+		credentials:         'certbot_plugin_gandi:dns_api_key = APIKEY',
+		full_plugin_name:    'certbot-plugin-gandi:dns',
 	},
 	//####################################################//
 	godaddy: {
-		display_name:    'GoDaddy',
-		package_name:    'certbot-dns-godaddy',
-		package_version: '0.2.0',
-		dependencies:    '',
-		credentials:     `dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567
+		display_name:        'GoDaddy',
+		package_name:        'certbot-dns-godaddy',
+		version_requirement: '~=0.2.0',
+		dependencies:        '',
+		credentials:         `dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567
 dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`,
 		full_plugin_name: 'dns-godaddy',
 	},
 	//####################################################//
 	google: {
-		display_name:    'Google',
-		package_name:    'certbot-dns-google',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `{
+		display_name: 'Google',
+		package_name: 'certbot-dns-google',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `{
 "type": "service_account",
 ...
 }`,
@ -233,29 +243,29 @@ dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`,
 	},
 	//####################################################//
 	hetzner: {
-		display_name:     'Hetzner',
-		package_name:     'certbot-dns-hetzner',
-		package_version:  '1.0.4',
-		dependencies:     '',
-		credentials:      'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
-		full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
+		display_name:        'Hetzner',
+		package_name:        'certbot-dns-hetzner',
+		version_requirement: '~=1.0.4',
+		dependencies:        '',
+		credentials:         'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
+		full_plugin_name:    'certbot-dns-hetzner:dns-hetzner',
 	},
 	//####################################################//
 	infomaniak: {
-		display_name:     'Infomaniak',
-		package_name:     'certbot-dns-infomaniak',
-		package_version:  '0.1.12',
-		dependencies:     '',
-		credentials:      'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
-		full_plugin_name: 'certbot-dns-infomaniak:dns-infomaniak',
+		display_name:        'Infomaniak',
+		package_name:        'certbot-dns-infomaniak',
+		version_requirement: '~=0.1.12',
+		dependencies:        '',
+		credentials:         'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+		full_plugin_name:    'certbot-dns-infomaniak:dns-infomaniak',
 	},
 	//####################################################//
 	inwx: {
-		display_name:    'INWX',
-		package_name:    'certbot-dns-inwx',
-		package_version: '2.1.2',
-		dependencies:    '',
-		credentials:     `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
+		display_name:        'INWX',
+		package_name:        'certbot-dns-inwx',
+		version_requirement: '~=2.1.2',
+		dependencies:        '',
+		credentials:         `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
 certbot_dns_inwx:dns_inwx_username = your_username
 certbot_dns_inwx:dns_inwx_password = your_password
 certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
@ -263,112 +273,126 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
 	},
 	//####################################################//
 	ionos: {
-		display_name:    'IONOS',
-		package_name:    'certbot-dns-ionos',
-		package_version: '0.0.7',
-		dependencies:    '',
-		credentials:     `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix
+		display_name:        'IONOS',
+		package_name:        'certbot-dns-ionos',
+		version_requirement: '~=0.0.7',
+		dependencies:        '',
+		credentials:         `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix
 certbot_dns_ionos:dns_ionos_secret = verysecureapikeysecret
 certbot_dns_ionos:dns_ionos_endpoint = https://api.hosting.ionos.com`,
 		full_plugin_name: 'certbot-dns-ionos:dns-ionos',
 	},
 	//####################################################//
 	ispconfig: {
-		display_name:    'ISPConfig',
-		package_name:    'certbot-dns-ispconfig',
-		package_version: '0.2.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
+		display_name:        'ISPConfig',
+		package_name:        'certbot-dns-ispconfig',
+		version_requirement: '~=0.2.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
 certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword
 certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
 		full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
 	},
 	//####################################################//
 	isset: {
-		display_name:    'Isset',
-		package_name:    'certbot-dns-isset',
-		package_version: '0.0.3',
-		dependencies:    '',
-		credentials:     `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
+		display_name:        'Isset',
+		package_name:        'certbot-dns-isset',
+		version_requirement: '~=0.0.3',
+		dependencies:        '',
+		credentials:         `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
 certbot_dns_isset:dns_isset_token="<token>"`,
 		full_plugin_name: 'certbot-dns-isset:dns-isset',
 	},
 	joker: {
-		display_name:    'Joker',
-		package_name:    'certbot-dns-joker',
-		package_version: '1.1.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_joker:dns_joker_username = <Dynamic DNS Authentication Username>
+		display_name:        'Joker',
+		package_name:        'certbot-dns-joker',
+		version_requirement: '~=1.1.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_joker:dns_joker_username = <Dynamic DNS Authentication Username>
 certbot_dns_joker:dns_joker_password = <Dynamic DNS Authentication Password>
 certbot_dns_joker:dns_joker_domain = <Dynamic DNS Domain>`,
 		full_plugin_name: 'certbot-dns-joker:dns-joker',
 	},
 	//####################################################//
 	linode: {
-		display_name:    'Linode',
-		package_name:    'certbot-dns-linode',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
+		display_name: 'Linode',
+		package_name: 'certbot-dns-linode',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
 dns_linode_version = [<blank>|3|4]`,
 		full_plugin_name: 'dns-linode',
 	},
 	//####################################################//
 	loopia: {
-		display_name:    'Loopia',
-		package_name:    'certbot-dns-loopia',
-		package_version: '1.0.0',
-		dependencies:    '',
-		credentials:     `dns_loopia_user = user@loopiaapi
+		display_name:        'Loopia',
+		package_name:        'certbot-dns-loopia',
+		version_requirement: '~=1.0.0',
+		dependencies:        '',
+		credentials:         `dns_loopia_user = user@loopiaapi
 dns_loopia_password = abcdef0123456789abcdef01234567abcdef0123`,
 		full_plugin_name: 'dns-loopia',
 	},
 	//####################################################//
 	luadns: {
-		display_name:    'LuaDNS',
-		package_name:    'certbot-dns-luadns',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `dns_luadns_email = user@example.com
+		display_name: 'LuaDNS',
+		package_name: 'certbot-dns-luadns',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `dns_luadns_email = user@example.com
 dns_luadns_token = 0123456789abcdef0123456789abcdef`,
 		full_plugin_name: 'dns-luadns',
 	},
 	//####################################################//
 	netcup: {
-		display_name:    'netcup',
-		package_name:    'certbot-dns-netcup',
-		package_version: '1.0.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_netcup:dns_netcup_customer_id  = 123456
+		display_name:        'netcup',
+		package_name:        'certbot-dns-netcup',
+		version_requirement: '~=1.0.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_netcup:dns_netcup_customer_id  = 123456
 certbot_dns_netcup:dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
 certbot_dns_netcup:dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
 		full_plugin_name: 'certbot-dns-netcup:dns-netcup',
 	},
 	//####################################################//
 	njalla: {
-		display_name:     'Njalla',
-		package_name:     'certbot-dns-njalla',
-		package_version:  '1.0.0',
-		dependencies:     '',
-		credentials:      'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
-		full_plugin_name: 'certbot-dns-njalla:dns-njalla',
+		display_name:        'Njalla',
+		package_name:        'certbot-dns-njalla',
+		version_requirement: '~=1.0.0',
+		dependencies:        '',
+		credentials:         'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
+		full_plugin_name:    'certbot-dns-njalla:dns-njalla',
 	},
 	//####################################################//
 	nsone: {
 		display_name:     'NS1',
 		package_name:     'certbot-dns-nsone',
-		package_version:  '1.8.0',
+		// version_requirement: '', // Official plugin, no version requirement
 		dependencies:     '',
 		credentials:      'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
 		full_plugin_name: 'dns-nsone',
 	},
 	//####################################################//
+	oci: {
+		display_name:    'Oracle Cloud Infrastructure DNS',
+		package_name:    'certbot-dns-oci',
+		package_version: '0.3.6',
+		dependencies:    'oci',
+		credentials:     `[DEFAULT]
+user = ocid1.user.oc1...
+fingerprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
+tenancy = ocid1.tenancy.oc1...
+region = us-ashburn-1
+key_file = ~/.oci/oci_api_key.pem`,
+		full_plugin_name: 'dns-oci',
+	},
+	//####################################################//
 	ovh: {
-		display_name:    'OVH',
-		package_name:    'certbot-dns-ovh',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `dns_ovh_endpoint = ovh-eu
+		display_name: 'OVH',
+		package_name: 'certbot-dns-ovh',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `dns_ovh_endpoint = ovh-eu
 dns_ovh_application_key = MDAwMDAwMDAwMDAw
 dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
 dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
@ -376,41 +400,41 @@ dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
 	},
 	//####################################################//
 	porkbun: {
-		display_name:    'Porkbun',
-		package_name:    'certbot-dns-porkbun',
-		package_version: '0.2',
-		dependencies:    '',
-		credentials:     `dns_porkbun_key=your-porkbun-api-key
+		display_name:        'Porkbun',
+		package_name:        'certbot-dns-porkbun',
+		version_requirement: '~=0.2',
+		dependencies:        '',
+		credentials:         `dns_porkbun_key=your-porkbun-api-key
 dns_porkbun_secret=your-porkbun-api-secret`,
 		full_plugin_name: 'dns-porkbun',
 	},
 	//####################################################//
 	powerdns: {
-		display_name:    'PowerDNS',
-		package_name:    'certbot-dns-powerdns',
-		package_version: '0.2.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
+		display_name:        'PowerDNS',
+		package_name:        'certbot-dns-powerdns',
+		version_requirement: '~=0.2.0',
+		dependencies:        '',
+		credentials:         `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
 certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
 		full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
 	},
 	//####################################################//
 	regru: {
-		display_name:    'reg.ru',
-		package_name:    'certbot-regru',
-		package_version: '1.0.2',
-		dependencies:    '',
-		credentials:     `certbot_regru:dns_username=username
+		display_name:        'reg.ru',
+		package_name:        'certbot-regru',
+		version_requirement: '~=1.0.2',
+		dependencies:        '',
+		credentials:         `certbot_regru:dns_username=username
 certbot_regru:dns_password=password`,
 		full_plugin_name: 'certbot-regru:dns',
 	},
 	//####################################################//
 	rfc2136: {
-		display_name:    'RFC 2136',
-		package_name:    'certbot-dns-rfc2136',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `# Target DNS server
+		display_name: 'RFC 2136',
+		package_name: 'certbot-dns-rfc2136',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `# Target DNS server
 dns_rfc2136_server = 192.0.2.1
 # Target DNS port
 dns_rfc2136_port = 53
@ -424,42 +448,32 @@ dns_rfc2136_algorithm = HMAC-SHA512`,
 	},
 	//####################################################//
 	route53: {
-		display_name:    'Route 53 (Amazon)',
-		package_name:    'certbot-dns-route53',
-		package_version: '1.8.0',
-		dependencies:    '',
-		credentials:     `[default]
+		display_name: 'Route 53 (Amazon)',
+		package_name: 'certbot-dns-route53',
+		// version_requirement: '', // Official plugin, no version requirement
+		dependencies: '',
+		credentials:  `[default]
 aws_access_key_id=AKIAIOSFODNN7EXAMPLE
 aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
 		full_plugin_name: 'dns-route53',
 	},
 	//####################################################//
 	transip: {
-		display_name:    'TransIP',
-		package_name:    'certbot-dns-transip',
-		package_version: '0.3.3',
-		dependencies:    '',
-		credentials:     `certbot_dns_transip:dns_transip_username = my_username
+		display_name:        'TransIP',
+		package_name:        'certbot-dns-transip',
+		version_requirement: '~=0.3.3',
+		dependencies:        '',
+		credentials:         `certbot_dns_transip:dns_transip_username = my_username
 certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`,
 		full_plugin_name: 'certbot-dns-transip:dns-transip',
 	},
 	//####################################################//
 	vultr: {
-		display_name:     'Vultr',
-		package_name:     'certbot-dns-vultr',
-		package_version:  '1.0.3',
-		dependencies:     '',
-		credentials:      'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
-		full_plugin_name: 'certbot-dns-vultr:dns-vultr',
-	},
-	//####################################################//
-	desec: {
-		display_name:    'deSEC',
-		package_name:    'certbot-dns-desec',
-		package_version: '0.3.0',
-		dependencies:    '',
-		credentials:     `certbot_dns_desec:dns_desec_token = YOUR_DESEC_API_TOKEN
-certbot_dns_desec:dns_desec_endpoint = https://desec.io/api/v1/`,
-		full_plugin_name: 'certbot-dns-desec:dns-desec',
+		display_name:        'Vultr',
+		package_name:        'certbot-dns-vultr',
+		version_requirement: '~=1.0.3',
+		dependencies:        '',
+		credentials:         'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
+		full_plugin_name:    'certbot-dns-vultr:dns-vultr',
 	},
 };
Author	SHA1	Message	Date
Julian Reinhardt	70163a66fb	Fixes migration	2021-10-25 13:08:35 +02:00
chaptergy	6e82161987	Adds comments to docker compose dev	2021-10-12 15:55:28 +02:00
chaptergy	f650137c84	Fixes eslint errors	2021-10-12 15:42:22 +02:00
chaptergy	02d3093d88	Finalizes SSL Passthrough hosts	2021-10-12 15:25:46 +02:00
chaptergy	ab026e5e18	Merge branch 'develop'	2021-10-12 13:44:50 +02:00
jc21	725ba83606	Merge pull request #1443 from jc21/dependabot/npm_and_yarn/docs/ansi-regex-5.0.1 Bump ansi-regex from 5.0.0 to 5.0.1 in /docs	2021-10-12 10:36:48 +10:00
jc21	281906c0b5	Merge pull request #1476 from jc21/dependabot/npm_and_yarn/backend/objection-2.2.16 Bump objection from 2.2.2 to 2.2.16 in /backend	2021-10-12 10:36:34 +10:00
dependabot[bot]	8ed121f43d	Bump ansi-regex from 5.0.0 to 5.0.1 in /docs Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-10-11 01:57:51 +00:00
jc21	81a9cab2b3	Merge pull request #1464 from jc21/fixes-navigation-on-mobile Adds toggle to header to display menu on mobile	2021-10-11 11:55:37 +10:00
jc21	8d98a417c5	Merge pull request #1469 from jc21/certbot-plugin-updates Certbot plugin updates	2021-10-11 11:54:51 +10:00
dependabot[bot]	6fa81b179b	Bump objection from 2.2.2 to 2.2.16 in /backend Bumps [objection](https://github.com/vincit/objection.js) from 2.2.2 to 2.2.16. - [Release notes](https://github.com/vincit/objection.js/releases) - [Commits](https://github.com/vincit/objection.js/commits/2.2.16) --- updated-dependencies: - dependency-name: objection dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-10-11 01:53:33 +00:00
jc21	9e169fbb42	Merge pull request #1474 from Djelibeybi/add-oci-dns Add DNS provider for Oracle Cloud Infrastructure (OCI) DNS	2021-10-11 11:53:26 +10:00
Jamie Curnow	27f84f880a	Updated node-sass and sass-loader	2021-10-11 11:11:46 +10:00
chaptergy	5a2548c89d	WIP: complete control of new passthrough host type	2021-10-10 23:49:57 +02:00
chaptergy	5b1f0cead1	WIP: started adding new host type ssl passthrough	2021-10-10 23:49:07 +02:00
Avi Miller	0d9c941b4e	Add support for Oracle Cloud Infrastructure (OCI) DNS Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-10-10 08:49:12 +11:00
chaptergy	8865aa9c8c	Fixes formatting	2021-10-07 17:39:18 +02:00
chaptergy	6d8c4218f1	Replaces fixed certbot plugin version with optional version requirements	2021-10-07 17:13:48 +02:00
chaptergy	c134a43337	Updates DirectAdmin plugin to prevent certbot downgrade	2021-10-06 17:58:07 +02:00
chaptergy	780759dc27	Adds toggle to header to display menu on mobile	2021-10-05 21:00:10 +02:00
jc21	85128f08f3	Merge pull request #1409 from jc21/dependabot/npm_and_yarn/docs/set-value-4.0.1 Bump set-value from 3.0.2 to 4.0.1 in /docs	2021-09-30 13:16:28 +10:00
jc21	d2f8c1e5f1	Merge pull request #1412 from jc21/dependabot/npm_and_yarn/docs/prismjs-1.25.0 Bump prismjs from 1.24.0 to 1.25.0 in /docs	2021-09-30 13:16:20 +10:00
jc21	9c88b9c1e9	Merge pull request #1415 from jc21/dependabot/npm_and_yarn/docs/nth-check-2.0.1 Bump nth-check from 1.0.2 to 2.0.1 in /docs	2021-09-30 13:16:10 +10:00
dependabot[bot]	13fd2ce4e2	Bump nth-check from 1.0.2 to 2.0.1 in /docs Bumps [nth-check](https://github.com/fb55/nth-check) from 1.0.2 to 2.0.1. - [Release notes](https://github.com/fb55/nth-check/releases) - [Commits](https://github.com/fb55/nth-check/compare/v1.0.2...v2.0.1) --- updated-dependencies: - dependency-name: nth-check dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-22 04:54:41 +00:00
dependabot[bot]	9979f516d6	Bump prismjs from 1.24.0 to 1.25.0 in /docs Bumps [prismjs](https://github.com/PrismJS/prism) from 1.24.0 to 1.25.0. - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md) - [Commits](https://github.com/PrismJS/prism/compare/v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: prismjs dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-20 21:48:33 +00:00
dependabot[bot]	39a5cd2d6e	Bump set-value from 3.0.2 to 4.0.1 in /docs Bumps [set-value](https://github.com/jonschlinkert/set-value) from 3.0.2 to 4.0.1. - [Release notes](https://github.com/jonschlinkert/set-value/releases) - [Commits](https://github.com/jonschlinkert/set-value/compare/3.0.2...4.0.1) --- updated-dependencies: - dependency-name: set-value dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-16 04:26:17 +00:00
jc21	784516283f	Merge pull request #1399 from nikhen/i845 data.email should NOT be shorter than 8 characters #845	2021-09-13 11:03:22 +10:00
nikhen	ce503232c3	data.email should NOT be shorter than 8 characters #845	2021-09-12 15:01:55 +02:00
jc21	f2edf9130f	Merge pull request #1396 from nikhen/develop 1.1.1.1 used as a placeholder, despite being real external website/address #686	2021-09-12 20:42:51 +10:00
nikhen	413ab50fc4	Change example IP: 0.0.0.0 -> 203.0.113.25	2021-09-12 12:28:25 +02:00
nikhen	c1880bd3ff	1.1.1.1 used as a placeholder, despite being real external website/address #686	2021-09-11 17:21:32 +02:00
Jamie Curnow	0f0a672275	Added another contributor	2021-09-10 14:49:11 +10:00
Jamie Curnow	babc5b7a38	Bumped version	2021-09-10 07:54:10 +10:00
Jamie Curnow	b96c996a45	Log more info for internal errors in debug mode	2021-09-09 08:46:09 +10:00
 @ -1 +1 @@
 .9.8
 .9.9