Merge pull request #592 from jc21/develop

v2.5.0
Version bump and contributors
2020-09-04 09:07:47 +10:00 · 2020-09-03 14:11:44 +10:00 · 2020-09-03 14:03:43 +10:00 · 2020-09-03 14:01:05 +10:00 · 2020-09-03 13:53:17 +10:00 · 2020-08-29 20:24:51 -07:00
98 changed files with 9196 additions and 5257 deletions
--- a/.github/ISSUE_TEMPLATE/product_support.md
+++ b/.github/ISSUE_TEMPLATE/product_support.md
@ -0,0 +1,16 @@
+---
+name: Product Support
+about: Need help configuring the software?
+title: ''
+labels: product-support
+assignees: ''
+
+---
+
+**Checklist**
+- Please read the [setup instructions](https://nginxproxymanager.com/setup/)
+- Please read the [FAQ](https://nginxproxymanager.com/faq/)
+
+**What is troubling you?**
+
+_Clear and concise description of what you're trying to do and what isn't working for you_
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,4 @@
 .idea
 ._*
 .vscode
-
+certbot-help.txt
--- a/.jenkins/config-mysql.json
+++ b/.jenkins/config-mysql.json
--- a/.jenkins/config-sqlite.json
+++ b/.jenkins/config-sqlite.json
@ -0,0 +1,11 @@
+{
+	"database": {
+		"engine": "knex-native",
+		"knex": {
+			"client": "sqlite3",
+			"connection": {
+				"filename": "/data/database.sqlite"
+			}
+		}
+	}
+}
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.2.1
+2.5.0
--- a/130
+++ b/130
@ -5,6 +5,7 @@ pipeline {
 	options {
 		buildDiscarder(logRotator(numToKeepStr: '5'))
 		disableConcurrentBuilds()
+		ansiColor('xterm')
 	}
 	environment {
 		IMAGE                      = "nginx-proxy-manager"
@ -55,56 +56,76 @@ pipeline {
 		}
 		stage('Frontend') {
 			steps {
-				ansiColor('xterm') {
-					sh './scripts/frontend-build'
-				}
+				sh './scripts/frontend-build'
 			}
 		}
 		stage('Backend') {
 			steps {
-				ansiColor('xterm') {
-					echo 'Checking Syntax ...'
-					// See: https://github.com/yarnpkg/yarn/issues/3254
-					sh '''docker run --rm \\
-						-v "$(pwd)/backend:/app" \\
-						-w /app \\
-						node:latest \\
-						sh -c "yarn install && yarn eslint . && rm -rf node_modules"
-					'''
+				echo 'Checking Syntax ...'
+				// See: https://github.com/yarnpkg/yarn/issues/3254
+				sh '''docker run --rm \\
+					-v "$(pwd)/backend:/app" \\
+					-w /app \\
+					node:latest \\
+					sh -c "yarn install && yarn eslint . && rm -rf node_modules"
+				'''

-					echo 'Docker Build ...'
-					sh '''docker build --pull --no-cache --squash --compress \\
-						-t "${IMAGE}:ci-${BUILD_NUMBER}" \\
-						-f docker/Dockerfile \\
-						--build-arg TARGETPLATFORM=linux/amd64 \\
-						--build-arg BUILDPLATFORM=linux/amd64 \\
-						--build-arg BUILD_VERSION="${BUILD_VERSION}" \\
-						--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \\
-						--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \\
-						.
-					'''
-				}
+				echo 'Docker Build ...'
+				sh '''docker build --pull --no-cache --squash --compress \\
+					-t "${IMAGE}:ci-${BUILD_NUMBER}" \\
+					-f docker/Dockerfile \\
+					--build-arg TARGETPLATFORM=linux/amd64 \\
+					--build-arg BUILDPLATFORM=linux/amd64 \\
+					--build-arg BUILD_VERSION="${BUILD_VERSION}" \\
+					--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \\
+					--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \\
+					.
+				'''
 			}
 		}
-		stage('Test') {
+		stage('Integration Tests Sqlite') {
 			steps {
-				ansiColor('xterm') {
-					// Bring up a stack
-					sh 'docker-compose up -d fullstack'
-					sh './scripts/wait-healthy $(docker-compose ps -q fullstack) 120'
+				// Bring up a stack
+				sh 'docker-compose up -d fullstack-sqlite'
+				sh './scripts/wait-healthy $(docker-compose ps -q fullstack-sqlite) 120'

-					// Run tests
-					sh 'rm -rf test/results'
-					sh 'docker-compose up cypress'
-					// Get results
-					sh 'docker cp -L "$(docker-compose ps -q cypress):/results" test/'
-				}
+				// Run tests
+				sh 'rm -rf test/results'
+				sh 'docker-compose up cypress-sqlite'
+				// Get results
+				sh 'docker cp -L "$(docker-compose ps -q cypress-sqlite):/test/results" test/'
 			}
 			post {
 				always {
 					// Dumps to analyze later
 					sh 'mkdir -p debug'
-					sh 'docker-compose logs fullstack | gzip > debug/docker_fullstack.log.gz'
+					sh 'docker-compose logs fullstack-sqlite | gzip > debug/docker_fullstack_sqlite.log.gz'
+					sh 'docker-compose logs db | gzip > debug/docker_db.log.gz'
+					// Cypress videos and screenshot artifacts
+					dir(path: 'test/results') {
+						archiveArtifacts allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml'
+					}
+					junit 'test/results/junit/*'
+				}
+			}
+		}
+		stage('Integration Tests Mysql') {
+			steps {
+				// Bring up a stack
+				sh 'docker-compose up -d fullstack-mysql'
+				sh './scripts/wait-healthy $(docker-compose ps -q fullstack-mysql) 120'
+
+				// Run tests
+				sh 'rm -rf test/results'
+				sh 'docker-compose up cypress-mysql'
+				// Get results
+				sh 'docker cp -L "$(docker-compose ps -q cypress-mysql):/test/results" test/'
+			}
+			post {
+				always {
+					// Dumps to analyze later
+					sh 'mkdir -p debug'
+					sh 'docker-compose logs fullstack-mysql | gzip > debug/docker_fullstack_mysql.log.gz'
 					sh 'docker-compose logs db | gzip > debug/docker_db.log.gz'
 					// Cypress videos and screenshot artifacts
 					dir(path: 'test/results') {
@ -121,18 +142,16 @@ pipeline {
 				}
 			}
 			steps {
-				ansiColor('xterm') {
-					dir(path: 'docs') {
-						sh 'yarn install'
-						sh 'yarn build'
-					}
-
-					dir(path: 'docs/.vuepress/dist') {
-						sh 'tar -czf ../../docs.tgz *'
-					}
-
-					archiveArtifacts(artifacts: 'docs/docs.tgz', allowEmptyArchive: false)
+				dir(path: 'docs') {
+					sh 'yarn install'
+					sh 'yarn build'
 				}
+
+				dir(path: 'docs/.vuepress/dist') {
+					sh 'tar -czf ../../docs.tgz *'
+				}
+
+				archiveArtifacts(artifacts: 'docs/docs.tgz', allowEmptyArchive: false)
 			}
 		}
 		stage('MultiArch Build') {
@ -142,12 +161,11 @@ pipeline {
 				}
 			}
 			steps {
-				ansiColor('xterm') {
-					withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
-						sh "docker login -u '${duser}' -p '${dpass}'"
-						// Buildx with push
-						sh "./scripts/buildx --push ${BUILDX_PUSH_TAGS}"
-					}
+				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
+					// Docker Login
+					sh "docker login -u '${duser}' -p '${dpass}'"
+					// Buildx with push from cache
+					sh "./scripts/buildx --push ${BUILDX_PUSH_TAGS}"
 				}
 			}
 		}
@ -193,10 +211,8 @@ pipeline {
 				}
 			}
 			steps {
-				ansiColor('xterm') {
-					script {
-						def comment = pullRequest.comment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`")
-					}
+				script {
+					def comment = pullRequest.comment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`")
 				}
 			}
 		}
--- a/README.md
+++ b/README.md
@ -1,16 +1,19 @@
 <p align="center">
-  <img src="https://nginxproxymanager.com/github.png">
-  <br><br>
-  <img src="https://img.shields.io/badge/version-2.2.1-green.svg?style=for-the-badge">
-  <a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
-    <img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
-  </a>
-  <a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
-    <img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge">
-  </a>
-  <a href="https://ci.nginxproxymanager.com/blue/organizations/jenkins/nginx-proxy-manager/branches/">
-    <img src="https://img.shields.io/jenkins/build?jobUrl=https%3A%2F%2Fci.nginxproxymanager.com%2Fjob%2Fnginx-proxy-manager%2Fjob%2Fmaster&style=for-the-badge">
-  </a>
+	<img src="https://nginxproxymanager.com/github.png">
+	<br><br>
+	<img src="https://img.shields.io/badge/version-2.5.0-green.svg?style=for-the-badge">
+	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
+		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
+	</a>
+	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
+		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge">
+	</a>
+	<a href="https://ci.nginxproxymanager.com/blue/organizations/jenkins/nginx-proxy-manager/branches/">
+		<img src="https://img.shields.io/jenkins/build?jobUrl=https%3A%2F%2Fci.nginxproxymanager.com%2Fjob%2Fnginx-proxy-manager%2Fjob%2Fmaster&style=for-the-badge">
+	</a>
+	<a href="https://gitter.im/nginx-proxy-manager/community">
+		<img alt="Gitter" src="https://img.shields.io/gitter/room/nginx-proxy-manager/community?style=for-the-badge">
+	</a>
 </p>

 This project comes as a pre-built docker image that enables you to easily forward to your websites
@ -48,3 +51,141 @@ I won't go in to too much detail here but here are the basics for someone new to
 2. Add port forwarding for port 80 and 443 to the server hosting this project
 3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
 4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
+
+
+## Contributors
+
+Special thanks to the following contributors:
+
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable -->
+<table>
+	<tr>
+		<td align="center">
+			<a href="https://github.com/Subv">
+				<img src="https://avatars1.githubusercontent.com/u/357072?s=460&u=d8adcdc91d749ae53e177973ed9b6bb6c4c894a3&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Sebastian Valle</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/Indemnity83">
+				<img src="https://avatars3.githubusercontent.com/u/35218?s=460&u=7082004ff35138157c868d7d9c683ccebfce5968&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Kyle Klaus</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/theraw">
+				<img src="https://avatars1.githubusercontent.com/u/32969774?s=460&u=6b359971e15685fb0359e6a8c065a399b40dc228&v=4" width="80px;" alt=""/>
+				<br /><sub><b>ƬHE ЯAW</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/spalger">
+				<img src="https://avatars2.githubusercontent.com/u/1329312?s=400&u=565223e38f1c052afb4c5dcca3fcf1c63ba17ae7&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Spencer</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/Xantios">
+				<img src="https://avatars3.githubusercontent.com/u/1507836?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Xantios Krugor</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/dpanesso">
+				<img src="https://avatars2.githubusercontent.com/u/2687121?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>David Panesso</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/IronTooch">
+				<img src="https://avatars3.githubusercontent.com/u/27360514?s=460&u=69bf854a6647c55725f62ecb8d39249c6c0b2602&v=4" width="80px;" alt=""/>
+				<br /><sub><b>IronTooch</b></sub>
+			</a>
+		</td>
+	</tr>
+	<tr>
+		<td align="center">
+			<a href="https://github.com/damianog">
+				<img src="https://avatars1.githubusercontent.com/u/2786682?s=460&u=76c6136fae797abb76b951cd8a246dcaecaf21af&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Damiano</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/tfmm">
+				<img src="https://avatars3.githubusercontent.com/u/6880538?s=460&u=ce0160821cc4aa802df8395200f2d4956a5bc541&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Russ</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/margaale">
+				<img src="https://avatars3.githubusercontent.com/u/20794934?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Marcelo Castagna</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/Steven-Harris">
+				<img src="https://avatars2.githubusercontent.com/u/7720242?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Steven Harris</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/jlesage">
+				<img src="https://avatars0.githubusercontent.com/u/1791123?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Jocelyn Le Sage</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/cmer">
+				<img src="https://avatars0.githubusercontent.com/u/412?s=460&u=67dd8b2e3661bfd6f68ec1eaa5b9821bd8a321cd&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Carl Mercier</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/the1ts">
+				<img src="https://avatars1.githubusercontent.com/u/84956?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Paul Mansfield</b></sub>
+			</a>
+		</td>
+	</tr>
+	<tr>
+		<td align="center">
+			<a href="https://github.com/OhHeyAlan">
+				<img src="https://avatars0.githubusercontent.com/u/11955126?s=460&u=fbaa5a1a4f73ef8960132c703349bfd037fe2630&v=4" width="80px;" alt=""/>
+				<br /><sub><b>OhHeyAlan</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/dogmatic69">
+				<img src="https://avatars2.githubusercontent.com/u/94674?s=460&u=ca7647de53145c6283b6373ade5dc94ba99347db&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Carl Sutton</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/tg44">
+				<img src="https://avatars0.githubusercontent.com/u/31839?s=460&u=ad32f4cadfef5e5fb09cdfa4b7b7b36a99ba6811&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Gergő Törcsvári</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/vrenjith">
+				<img src="https://avatars3.githubusercontent.com/u/2093241?s=460&u=96ce93a9bebabdd0a60a2dc96cd093a41d5edaba&v=4" width="80px;" alt=""/>
+				<br /><sub><b>vrenjith</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/duhruh">
+				<img src="https://avatars2.githubusercontent.com/u/1133969?s=460&u=c0691e6131ec6d516416c1c6fcedb5034f877bbe&v=4" width="80px;" alt=""/>
+				<br /><sub><b>David Rivera</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/jipjan">
+				<img src="https://avatars2.githubusercontent.com/u/1384618?s=460&v=4" width="80px;" alt=""/>
+				<br /><sub><b>Jaap-Jan de Wit</b></sub>
+			</a>
+		</td>
+	</tr>
+</table>
+<!-- markdownlint-enable -->
+<!-- prettier-ignore-end -->
--- a/backend/.gitignore
+++ b/backend/.gitignore
@ -4,3 +4,5 @@ yarn-error.log
 tmp
 certbot.log
 node_modules
+core.*
+
--- a/backend/config/sqlite-test-db.json
+++ b/backend/config/sqlite-test-db.json
@ -0,0 +1,26 @@
+{
+  "database": {
+      "engine": "knex-native",
+      "knex": {
+        "client": "sqlite3",
+        "connection": {
+          "filename": "/app/backend/config/mydb.sqlite"
+        },
+        "pool": {
+          "min": 0,
+          "max": 1,
+          "createTimeoutMillis": 3000,
+          "acquireTimeoutMillis": 30000,
+          "idleTimeoutMillis": 30000,
+          "reapIntervalMillis": 1000,
+          "createRetryIntervalMillis": 100,
+          "propagateCreateError": false
+        },
+        "migrations": {
+          "tableName": "migrations",
+          "stub": "src/backend/lib/migrate_template.js",
+          "directory": "src/backend/migrations"
+        }
+      }
+    }
+}
--- a/backend/db.js
+++ b/backend/db.js
@ -4,19 +4,27 @@ if (!config.has('database')) {
 	throw new Error('Database config does not exist! Please read the instructions: https://github.com/jc21/nginx-proxy-manager/blob/master/doc/INSTALL.md');
 }

-let data = {
-	client:     config.database.engine,
-	connection: {
-		host:     config.database.host,
-		user:     config.database.user,
-		password: config.database.password,
-		database: config.database.name,
-		port:     config.database.port
-	},
-	migrations: {
-		tableName: 'migrations'
-	}
-};
+function generateDbConfig() {
+	if (config.database.engine === 'knex-native') {
+		return config.database.knex;
+	} else
+		return {
+			client:     config.database.engine,
+			connection: {
+				host:     config.database.host,
+				user:     config.database.user,
+				password: config.database.password,
+				database: config.database.name,
+				port:     config.database.port
+			},
+			migrations: {
+				tableName: 'migrations'
+			}
+		};
+}
+
+
+let data = generateDbConfig();

 if (typeof config.database.version !== 'undefined') {
 	data.version = config.database.version;
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@ -1,14 +1,15 @@
-const _                   = require('lodash');
-const fs                  = require('fs');
-const batchflow           = require('batchflow');
-const logger              = require('../logger').access;
-const error               = require('../lib/error');
-const accessListModel     = require('../models/access_list');
-const accessListAuthModel = require('../models/access_list_auth');
-const proxyHostModel      = require('../models/proxy_host');
-const internalAuditLog    = require('./audit-log');
-const internalNginx       = require('./nginx');
-const utils               = require('../lib/utils');
+const _                     = require('lodash');
+const fs                    = require('fs');
+const batchflow             = require('batchflow');
+const logger                = require('../logger').access;
+const error                 = require('../lib/error');
+const accessListModel       = require('../models/access_list');
+const accessListAuthModel   = require('../models/access_list_auth');
+const accessListClientModel = require('../models/access_list_client');
+const proxyHostModel        = require('../models/proxy_host');
+const internalAuditLog      = require('./audit-log');
+const internalNginx         = require('./nginx');
+const utils                 = require('../lib/utils');

 function omissions () {
 	return ['is_deleted'];
@ -29,14 +30,16 @@ const internalAccessList = {
 					.omit(omissions())
 					.insertAndFetch({
 						name:          data.name,
+						satisfy_any:   data.satisfy_any,
 						owner_user_id: access.token.getUserId(1)
 					});
 			})
 			.then((row) => {
 				data.id = row.id;

-				// Now add the items
 				let promises = [];
+
+				// Now add the items
 				data.items.map((item) => {
 					promises.push(accessListAuthModel
 						.query()
@ -48,13 +51,27 @@ const internalAccessList = {
 					);
 				});

+				// Now add the clients
+				if (typeof data.clients !== 'undefined' && data.clients) {
+					data.clients.map((client) => {
+						promises.push(accessListClientModel
+							.query()
+							.insert({
+								access_list_id: row.id,
+								address:        client.address,
+								directive:      client.directive
+							})
+						);
+					});
+				}
+
 				return Promise.all(promises);
 			})
 			.then(() => {
 				// re-fetch with expansions
 				return internalAccessList.get(access, {
 					id:     data.id,
-					expand: ['owner', 'items']
+					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
 				}, true /* <- skip masking */);
 			})
 			.then((row) => {
@ -64,7 +81,7 @@ const internalAccessList = {
 				return internalAccessList.build(row)
 					.then(() => {
 						if (row.proxy_host_count) {
-							return internalNginx.reload();
+							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					})
 					.then(() => {
@ -109,7 +126,8 @@ const internalAccessList = {
 						.query()
 						.where({id: data.id})
 						.patch({
-							name: data.name
+							name:        data.name,
+							satisfy_any: data.satisfy_any,
 						});
 				}
 			})
@ -153,6 +171,38 @@ const internalAccessList = {
 						});
 				}
 			})
+			.then(() => {
+				// Check for clients and add/update/remove them
+				if (typeof data.clients !== 'undefined' && data.clients) {
+					let promises = [];
+
+					data.clients.map(function (client) {
+						if (client.address) {
+							promises.push(accessListClientModel
+								.query()
+								.insert({
+									access_list_id: data.id,
+									address:        client.address,
+									directive:      client.directive
+								})
+							);
+						}
+					});
+
+					let query = accessListClientModel
+						.query()
+						.delete()
+						.where('access_list_id', data.id);
+
+					return query
+						.then(() => {
+							// Add new items
+							if (promises.length) {
+								return Promise.all(promises);
+							}
+						});
+				}
+			})
 			.then(() => {
 				// Add to audit log
 				return internalAuditLog.add(access, {
@ -166,14 +216,14 @@ const internalAccessList = {
 				// re-fetch with expansions
 				return internalAccessList.get(access, {
 					id:     data.id,
-					expand: ['owner', 'items']
+					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
 				}, true /* <- skip masking */);
 			})
 			.then((row) => {
 				return internalAccessList.build(row)
 					.then(() => {
 						if (row.proxy_host_count) {
-							return internalNginx.reload();
+							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
 					})
 					.then(() => {
@ -204,7 +254,7 @@ const internalAccessList = {
 					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
-					.allowEager('[owner,items,proxy_hosts]')
+					.allowEager('[owner,items,clients,proxy_hosts.[*, access_list.[clients,items]]]')
 					.omit(['access_list.is_deleted'])
 					.first();

@ -246,7 +296,7 @@ const internalAccessList = {
 	delete: (access, data) => {
 		return access.can('access_lists:delete', data.id)
 			.then(() => {
-				return internalAccessList.get(access, {id: data.id, expand: ['proxy_hosts', 'items']});
+				return internalAccessList.get(access, {id: data.id, expand: ['proxy_hosts', 'items', 'clients']});
 			})
 			.then((row) => {
 				if (!row) {
@ -330,7 +380,7 @@ const internalAccessList = {
 					.where('access_list.is_deleted', 0)
 					.groupBy('access_list.id')
 					.omit(['access_list.is_deleted'])
-					.allowEager('[owner,items]')
+					.allowEager('[owner,items,clients]')
 					.orderBy('access_list.name', 'ASC');

 				if (access_data.permission_visibility !== 'all') {
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -77,7 +77,7 @@ const internalCertificate = {
 													.where('id', certificate.id)
 													.andWhere('provider', 'letsencrypt')
 													.patch({
-														expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+														expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 													});
 											})
 											.catch((err) => {
@ -141,36 +141,60 @@ const internalCertificate = {
 								});
 						})
 						.then((in_use_result) => {
-							// 3. Generate the LE config
-							return internalNginx.generateLetsEncryptRequestConfig(certificate)
-								.then(internalNginx.reload)
-								.then(() => {
+							// Is CloudFlare, no config needed, so skip 3 and 5.
+							if (data.meta.cloudflare_use) {
+								return internalNginx.reload().then(() => {
 									// 4. Request cert
-									return internalCertificate.requestLetsEncryptSsl(certificate);
+									return internalCertificate.requestLetsEncryptCloudFlareDnsSsl(certificate, data.meta.cloudflare_token);
 								})
-								.then(() => {
-									// 5. Remove LE config
-									return internalNginx.deleteLetsEncryptRequestConfig(certificate);
-								})
-								.then(internalNginx.reload)
-								.then(() => {
-									// 6. Re-instate previously disabled hosts
-									return internalCertificate.enableInUseHosts(in_use_result);
-								})
-								.then(() => {
-									return certificate;
-								})
-								.catch((err) => {
-									// In the event of failure, revert things and throw err back
-									return internalNginx.deleteLetsEncryptRequestConfig(certificate)
-										.then(() => {
-											return internalCertificate.enableInUseHosts(in_use_result);
-										})
-										.then(internalNginx.reload)
-										.then(() => {
-											throw err;
-										});
-								});
+									.then(internalNginx.reload)
+									.then(() => {
+										// 6. Re-instate previously disabled hosts
+										return internalCertificate.enableInUseHosts(in_use_result);
+									})
+									.then(() => {
+										return certificate;
+									})
+									.catch((err) => {
+										// In the event of failure, revert things and throw err back
+										return internalCertificate.enableInUseHosts(in_use_result)
+											.then(internalNginx.reload)
+											.then(() => {
+												throw err;
+											});
+									});
+							} else {
+								// 3. Generate the LE config
+								return internalNginx.generateLetsEncryptRequestConfig(certificate)
+									.then(internalNginx.reload)
+									.then(() => {
+										// 4. Request cert
+										return internalCertificate.requestLetsEncryptSsl(certificate);
+									})
+									.then(() => {
+										// 5. Remove LE config
+										return internalNginx.deleteLetsEncryptRequestConfig(certificate);
+									})
+									.then(internalNginx.reload)
+									.then(() => {
+										// 6. Re-instate previously disabled hosts
+										return internalCertificate.enableInUseHosts(in_use_result);
+									})
+									.then(() => {
+										return certificate;
+									})
+									.catch((err) => {
+										// In the event of failure, revert things and throw err back
+										return internalNginx.deleteLetsEncryptRequestConfig(certificate)
+											.then(() => {
+												return internalCertificate.enableInUseHosts(in_use_result);
+											})
+											.then(internalNginx.reload)
+											.then(() => {
+												throw err;
+											});
+									});
+							}
 						})
 						.then(() => {
 							// At this point, the letsencrypt cert should exist on disk.
@ -180,7 +204,7 @@ const internalCertificate = {
 									return certificateModel
 										.query()
 										.patchAndFetchById(certificate.id, {
-											expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+											expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 										})
 										.then((saved_row) => {
 											// Add cert data for audit log
@ -558,7 +582,7 @@ const internalCertificate = {
 						// TODO: This uses a mysql only raw function that won't translate to postgres
 						return internalCertificate.update(access, {
 							id:           data.id,
-							expires_on:   certificateModel.raw('FROM_UNIXTIME(' + validations.certificate.dates.to + ')'),
+							expires_on:   moment(validations.certificate.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss'),
 							domain_names: [validations.certificate.cn],
 							meta:         _.clone(row.meta) // Prevent the update method from changing this value that we'll use later
 						})
@ -733,7 +757,6 @@ const internalCertificate = {
 			'--agree-tos ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
-			'--webroot ' +
 			'--domains "' + certificate.domain_names.join(',') + '" ' +
 			(le_staging ? '--staging' : '');

@ -748,6 +771,39 @@ const internalCertificate = {
 			});
 	},

+	/**
+	 * @param   {Object}  certificate   the certificate row
+	 * @param	{String} apiToken		the cloudflare api token
+	 * @returns {Promise}
+	 */
+	requestLetsEncryptCloudFlareDnsSsl: (certificate, apiToken) => {
+		logger.info('Requesting Let\'sEncrypt certificates via Cloudflare DNS for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
+
+		let tokenLoc = '~/cloudflare-token';
+		let storeKey = 'echo "dns_cloudflare_api_token = ' + apiToken + '" > ' + tokenLoc;	
+
+		let cmd = 
+			storeKey + ' && ' +
+			certbot_command + ' certonly --non-interactive ' +
+			'--cert-name "npm-' + certificate.id + '" ' +
+			'--agree-tos ' +
+			'--email "' + certificate.meta.letsencrypt_email + '" ' +			
+			'--domains "' + certificate.domain_names.join(',') + '" ' +
+			'--dns-cloudflare --dns-cloudflare-credentials ' + tokenLoc +
+			(le_staging ? ' --staging' : '')
+			+ ' && rm ' + tokenLoc;
+
+		if (debug_mode) {
+			logger.info('Command:', cmd);
+		}
+
+		return utils.exec(cmd).then((result) => {
+			logger.info(result);
+			return result;
+		});
+	},
+
+
 	/**
 	 * @param   {Access}  access
 	 * @param   {Object}  data
@ -761,7 +817,9 @@ const internalCertificate = {
 			})
 			.then((certificate) => {
 				if (certificate.provider === 'letsencrypt') {
-					return internalCertificate.renewLetsEncryptSsl(certificate)
+					let renewMethod = certificate.meta.cloudflare_use ? internalCertificate.renewLetsEncryptCloudFlareSsl : internalCertificate.renewLetsEncryptSsl;		
+
+					return renewMethod(certificate)
 						.then(() => {
 							return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
 						})
@ -769,7 +827,7 @@ const internalCertificate = {
 							return certificateModel
 								.query()
 								.patchAndFetchById(certificate.id, {
-									expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+									expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 								});
 						})
 						.then((updated_certificate) => {
@ -815,6 +873,29 @@ const internalCertificate = {
 			});
 	},

+	/**
+	 * @param   {Object}  certificate   the certificate row
+	 * @returns {Promise}
+	 */
+	renewLetsEncryptCloudFlareSsl: (certificate) => {
+		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
+
+		let cmd = certbot_command + ' renew --non-interactive ' +
+			'--cert-name "npm-' + certificate.id + '" ' +
+			'--disable-hook-validation ' +
+			(le_staging ? '--staging' : '');
+
+		if (debug_mode) {
+			logger.info('Command:', cmd);
+		}
+
+		return utils.exec(cmd)
+			.then((result) => {
+				logger.info(result);
+				return result;
+			});
+	},
+
 	/**
 	 * @param   {Object}  certificate    the certificate row
 	 * @param   {Boolean} [throw_errors]
@ -824,7 +905,6 @@ const internalCertificate = {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));

 		let cmd = certbot_command + ' revoke --non-interactive ' +
-			'--config "' + le_config + '" ' +
 			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
 			(le_staging ? '--staging' : '');
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -224,6 +224,9 @@ const internalNginx = {
 				locationsPromise = Promise.resolve();
 			}

+			// Set the IPv6 setting for the host
+			host.ipv6 = internalNginx.ipv6Enabled();
+
 			locationsPromise.then(() => {
 				renderEngine
 					.parseAndRender(template, host)
@ -270,6 +273,7 @@ const internalNginx = {
 		return new Promise((resolve, reject) => {
 			let template = null;
 			let filename = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
+
 			try {
 				template = fs.readFileSync(__dirname + '/../templates/letsencrypt-request.conf', {encoding: 'utf8'});
 			} catch (err) {
@ -277,6 +281,8 @@ const internalNginx = {
 				return;
 			}

+			certificate.ipv6 = internalNginx.ipv6Enabled();
+
 			renderEngine
 				.parseAndRender(template, certificate)
 				.then((config_text) => {
@ -396,6 +402,18 @@ const internalNginx = {
 	 */
 	advancedConfigHasDefaultLocation: function (config) {
 		return !!config.match(/^(?:.*;)?\s*?location\s*?\/\s*?{/im);
+	},
+
+	/**
+	 * @returns {boolean}
+	 */
+	ipv6Enabled: function () {
+		if (typeof process.env.DISABLE_IPV6 !== 'undefined') {
+			const disabled = process.env.DISABLE_IPV6.toLowerCase();
+			return !(disabled === 'on' || disabled === 'true' || disabled === '1' || disabled === 'yes');
+		}
+
+		return true;
 	}
 };

--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -73,7 +73,7 @@ const internalProxyHost = {
 				// re-fetch with cert
 				return internalProxyHost.get(access, {
 					id:     row.id,
-					expand: ['certificate', 'owner', 'access_list']
+					expand: ['certificate', 'owner', 'access_list.[clients,items]']
 				});
 			})
 			.then((row) => {
@ -186,7 +186,7 @@ const internalProxyHost = {
 			.then(() => {
 				return internalProxyHost.get(access, {
 					id:     data.id,
-					expand: ['owner', 'certificate', 'access_list']
+					expand: ['owner', 'certificate', 'access_list.[clients,items]']
 				})
 					.then((row) => {
 						// Configure nginx
@ -219,7 +219,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,access_list,certificate]')
+					.allowEager('[owner,access_list,access_list.[clients,items],certificate]')
 					.first();

 				if (access_data.permission_visibility !== 'all') {
--- a/backend/lib/express/cors.js
+++ b/backend/lib/express/cors.js
@ -4,11 +4,21 @@ module.exports = function (req, res, next) {

 	if (req.headers.origin) {

+		const originSchema = {
+			oneOf: [
+				{
+					type:    'string',
+					pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$'
+				},
+				{
+					type:    'string',
+					pattern: '^[a-z\\-]+:\\/\\/(?:\\[([a-z0-9]{0,4}\\:?)+\\])?/?(:[0-9]+)?$'
+				}
+			]
+		};
+
 		// very relaxed validation....
-		validator({
-			type:    'string',
-			pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$'
-		}, req.headers.origin)
+		validator(originSchema, req.headers.origin)
 			.then(function () {
 				res.set({
 					'Access-Control-Allow-Origin':      req.headers.origin,
--- a/backend/migrations/20190227065017_settings.js
+++ b/backend/migrations/20190227065017_settings.js
@ -22,22 +22,6 @@ exports.up = function (knex/*, Promise*/) {
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] setting Table created');
-
-			// TODO: add settings
-			let settingModel = require('../models/setting');
-
-			return settingModel
-				.query()
-				.insert({
-					id:          'default-site',
-					name:        'Default Site',
-					description: 'What to show when Nginx is hit with an unknown Host',
-					value:       'congratulations',
-					meta:        {}
-				});
-		})
-		.then(() => {
-			logger.info('[' + migrate_name + '] Default settings added');
 		});
 };

--- a/backend/migrations/20200410143839_access_list_client.js
+++ b/backend/migrations/20200410143839_access_list_client.js
@ -0,0 +1,53 @@
+const migrate_name = 'access_list_client';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.createTable('access_list_client', (table) => {
+		table.increments().primary();
+		table.dateTime('created_on').notNull();
+		table.dateTime('modified_on').notNull();
+		table.integer('access_list_id').notNull().unsigned();
+		table.string('address').notNull();
+		table.string('directive').notNull();
+		table.json('meta').notNull();
+
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] access_list_client Table created');
+
+			return knex.schema.table('access_list', function (access_list) {
+				access_list.integer('satify_any').notNull().defaultTo(0);
+			});
+		})
+		.then(() => {
+			logger.info('[' + migrate_name + '] access_list Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.dropTable('access_list_client')
+		.then(() => {
+			logger.info('[' + migrate_name + '] access_list_client Table dropped');
+		});
+};
--- a/backend/migrations/20200410143840_access_list_client_fix.js
+++ b/backend/migrations/20200410143840_access_list_client_fix.js
@ -0,0 +1,34 @@
+const migrate_name = 'access_list_client_fix';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('access_list', function (access_list) {
+		access_list.renameColumn('satify_any', 'satisfy_any');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] access_list Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex, Promise) {
+	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+	return Promise.resolve(true);
+};
--- a/backend/models/access_list.js
+++ b/backend/models/access_list.js
@ -1,17 +1,19 @@
 // Objection Docs:
 // http://vincit.github.io/objection.js/

-const db             = require('../db');
-const Model          = require('objection').Model;
-const User           = require('./user');
-const AccessListAuth = require('./access_list_auth');
+const db               = require('../db');
+const Model            = require('objection').Model;
+const User             = require('./user');
+const AccessListAuth   = require('./access_list_auth');
+const AccessListClient = require('./access_list_client');
+const now              = require('./now_helper');

 Model.knex(db);

 class AccessList extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for meta
 		if (typeof this.meta === 'undefined') {
@ -20,7 +22,7 @@ class AccessList extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 	}

 	static get name () {
@ -62,6 +64,17 @@ class AccessList extends Model {
 					qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
 				}
 			},
+			clients: {
+				relation:   Model.HasManyRelation,
+				modelClass: AccessListClient,
+				join:       {
+					from: 'access_list.id',
+					to:   'access_list_client.access_list_id'
+				},
+				modify: function (qb) {
+					qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
+				}
+			},
 			proxy_hosts: {
 				relation:   Model.HasManyRelation,
 				modelClass: ProxyHost,
@ -76,6 +89,10 @@ class AccessList extends Model {
 			}
 		};
 	}
+
+	get satisfy() {
+		return this.satisfy_any ? 'satisfy any' : 'satisfy all';
+	}
 }

 module.exports = AccessList;
--- a/backend/models/access_list_auth.js
+++ b/backend/models/access_list_auth.js
@ -3,13 +3,14 @@

 const db    = require('../db');
 const Model = require('objection').Model;
+const now   = require('./now_helper');

 Model.knex(db);

 class AccessListAuth extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for meta
 		if (typeof this.meta === 'undefined') {
@ -18,7 +19,7 @@ class AccessListAuth extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 	}

 	static get name () {
--- a/backend/models/access_list_client.js
+++ b/backend/models/access_list_client.js
@ -0,0 +1,59 @@
+// Objection Docs:
+// http://vincit.github.io/objection.js/
+
+const db    = require('../db');
+const Model = require('objection').Model;
+const now   = require('./now_helper');
+
+Model.knex(db);
+
+class AccessListClient extends Model {
+	$beforeInsert () {
+		this.created_on  = now();
+		this.modified_on = now();
+
+		// Default for meta
+		if (typeof this.meta === 'undefined') {
+			this.meta = {};
+		}
+	}
+
+	$beforeUpdate () {
+		this.modified_on = now();
+	}
+
+	static get name () {
+		return 'AccessListClient';
+	}
+
+	static get tableName () {
+		return 'access_list_client';
+	}
+
+	static get jsonAttributes () {
+		return ['meta'];
+	}
+
+	static get relationMappings () {
+		return {
+			access_list: {
+				relation:   Model.HasOneRelation,
+				modelClass: require('./access_list'),
+				join:       {
+					from: 'access_list_client.access_list_id',
+					to:   'access_list.id'
+				},
+				modify: function (qb) {
+					qb.where('access_list.is_deleted', 0);
+					qb.omit(['created_on', 'modified_on', 'is_deleted', 'access_list_id']);
+				}
+			}
+		};
+	}
+
+	get rule() {
+		return `${this.directive} ${this.address}`;
+	}
+}
+
+module.exports = AccessListClient;
--- a/backend/models/audit-log.js
+++ b/backend/models/audit-log.js
@ -4,13 +4,14 @@
 const db    = require('../db');
 const Model = require('objection').Model;
 const User  = require('./user');
+const now   = require('./now_helper');

 Model.knex(db);

 class AuditLog extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for meta
 		if (typeof this.meta === 'undefined') {
@ -19,7 +20,7 @@ class AuditLog extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 	}

 	static get name () {
--- a/backend/models/auth.js
+++ b/backend/models/auth.js
@ -5,6 +5,7 @@ const bcrypt = require('bcrypt');
 const db     = require('../db');
 const Model  = require('objection').Model;
 const User   = require('./user');
+const now    = require('./now_helper');

 Model.knex(db);

@ -24,8 +25,8 @@ function encryptPassword () {

 class Auth extends Model {
 	$beforeInsert (queryContext) {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for meta
 		if (typeof this.meta === 'undefined') {
@ -36,7 +37,7 @@ class Auth extends Model {
 	}

 	$beforeUpdate (queryContext) {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 		return encryptPassword.apply(this, queryContext);
 	}

--- a/backend/models/certificate.js
+++ b/backend/models/certificate.js
@ -4,17 +4,18 @@
 const db    = require('../db');
 const Model = require('objection').Model;
 const User  = require('./user');
+const now   = require('./now_helper');

 Model.knex(db);

 class Certificate extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for expires_on
 		if (typeof this.expires_on === 'undefined') {
-			this.expires_on = Model.raw('NOW()');
+			this.expires_on = now();
 		}

 		// Default for domain_names
@ -31,7 +32,7 @@ class Certificate extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();

 		// Sort domain_names
 		if (typeof this.domain_names !== 'undefined') {
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@ -5,13 +5,14 @@ const db          = require('../db');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const Certificate = require('./certificate');
+const now         = require('./now_helper');

 Model.knex(db);

 class DeadHost extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for domain_names
 		if (typeof this.domain_names === 'undefined') {
@ -27,7 +28,7 @@ class DeadHost extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();

 		// Sort domain_names
 		if (typeof this.domain_names !== 'undefined') {
--- a/backend/models/now_helper.js
+++ b/backend/models/now_helper.js
@ -0,0 +1,13 @@
+const db     = require('../db');
+const config = require('config');
+const Model  = require('objection').Model;
+
+Model.knex(db);
+
+module.exports = function () {
+	if (config.database.knex && config.database.knex.client === 'sqlite3') {
+		return Model.raw('datetime(\'now\',\'localtime\')');
+	} else {
+		return Model.raw('NOW()');
+	}
+};
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@ -6,13 +6,14 @@ const Model       = require('objection').Model;
 const User        = require('./user');
 const AccessList  = require('./access_list');
 const Certificate = require('./certificate');
+const now         = require('./now_helper');

 Model.knex(db);

 class ProxyHost extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for domain_names
 		if (typeof this.domain_names === 'undefined') {
@ -28,7 +29,7 @@ class ProxyHost extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();

 		// Sort domain_names
 		if (typeof this.domain_names !== 'undefined') {
--- a/backend/models/redirection_host.js
+++ b/backend/models/redirection_host.js
@ -5,13 +5,14 @@ const db          = require('../db');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const Certificate = require('./certificate');
+const now         = require('./now_helper');

 Model.knex(db);

 class RedirectionHost extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for domain_names
 		if (typeof this.domain_names === 'undefined') {
@ -27,7 +28,7 @@ class RedirectionHost extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();

 		// Sort domain_names
 		if (typeof this.domain_names !== 'undefined') {
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@ -4,13 +4,14 @@
 const db    = require('../db');
 const Model = require('objection').Model;
 const User  = require('./user');
+const now   = require('./now_helper');

 Model.knex(db);

 class Stream extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for meta
 		if (typeof this.meta === 'undefined') {
@ -19,7 +20,7 @@ class Stream extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 	}

 	static get name () {
--- a/backend/models/user.js
+++ b/backend/models/user.js
@ -4,13 +4,14 @@
 const db             = require('../db');
 const Model          = require('objection').Model;
 const UserPermission = require('./user_permission');
+const now            = require('./now_helper');

 Model.knex(db);

 class User extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();

 		// Default for roles
 		if (typeof this.roles === 'undefined') {
@ -19,7 +20,7 @@ class User extends Model {
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 	}

 	static get name () {
--- a/backend/models/user_permission.js
+++ b/backend/models/user_permission.js
@ -3,17 +3,18 @@

 const db    = require('../db');
 const Model = require('objection').Model;
+const now   = require('./now_helper');

 Model.knex(db);

 class UserPermission extends Model {
 	$beforeInsert () {
-		this.created_on  = Model.raw('NOW()');
-		this.modified_on = Model.raw('NOW()');
+		this.created_on  = now();
+		this.modified_on = now();
 	}

 	$beforeUpdate () {
-		this.modified_on = Model.raw('NOW()');
+		this.modified_on = now();
 	}

 	static get name () {
--- a/backend/package.json
+++ b/backend/package.json
@ -4,30 +4,32 @@
 	"description": "A beautiful interface for creating Nginx endpoints",
 	"main": "js/index.js",
 	"dependencies": {
-		"ajv": "^6.11.0",
+		"ajv": "^6.12.0",
 		"batchflow": "^0.4.0",
-		"bcrypt": "^3.0.8",
+		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
 		"compression": "^1.7.4",
-		"config": "^3.2.5",
+		"config": "^3.3.1",
 		"diskdb": "^0.1.17",
 		"express": "^4.17.1",
-		"express-fileupload": "^1.1.6",
+		"express-fileupload": "^1.1.9",
 		"gravatar": "^1.8.0",
 		"html-entities": "^1.2.1",
-		"json-schema-ref-parser": "^7.1.3",
+		"json-schema-ref-parser": "^8.0.0",
 		"jsonwebtoken": "^8.5.1",
-		"knex": "^0.20.10",
-		"liquidjs": "^9.7.1",
-		"lodash": "^4.17.15",
+		"knex": "^0.20.13",
+		"liquidjs": "^9.11.10",
+		"lodash": "^4.17.19",
 		"moment": "^2.24.0",
 		"mysql": "^2.18.1",
-		"node-rsa": "^1.0.7",
+		"node-rsa": "^1.0.8",
 		"nodemon": "^2.0.2",
 		"objection": "^2.1.3",
 		"path": "^0.12.7",
+		"pg": "^7.12.1",
 		"restler": "^3.4.0",
 		"signale": "^1.4.0",
+		"sqlite3": "^4.1.1",
 		"temp-write": "^4.0.0",
 		"unix-timestamp": "^0.2.0"
 	},
@ -40,6 +42,6 @@
 	"devDependencies": {
 		"eslint": "^6.8.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
-		"prettier": "^1.19.1"
+		"prettier": "^2.0.4"
 	}
 }
--- a/backend/schema/endpoints/access-lists.json
+++ b/backend/schema/endpoints/access-lists.json
@ -1,168 +1,227 @@
 {
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/access-lists",
-  "title": "Access Lists",
-  "description": "Endpoints relating to Access Lists",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "name": {
-      "type": "string",
-      "description": "Name of the Access List"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "name": {
-      "$ref": "#/definitions/name"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Access Lists",
-      "href": "/nginx/access-lists",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Access List",
-      "href": "/nginx/access-list",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "name"
-        ],
-        "properties": {
-          "name": {
-            "$ref": "#/definitions/name"
-          },
-          "items": {
-            "type": "array",
-            "minItems": 1,
-            "items": {
-              "type": "object",
-              "additionalProperties": false,
-              "properties": {
-                "username": {
-                  "type": "string",
-                  "minLength": 1
-                },
-                "password": {
-                  "type": "string",
-                  "minLength": 1
-                }
-              }
-            }
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Access List",
-      "href": "/nginx/access-list/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "name": {
-            "$ref": "#/definitions/name"
-          },
-          "items": {
-            "type": "array",
-            "minItems": 1,
-            "items": {
-              "type": "object",
-              "additionalProperties": false,
-              "properties": {
-                "username": {
-                  "type": "string",
-                  "minLength": 1
-                },
-                "password": {
-                  "type": "string",
-                  "minLength": 0
-                }
-              }
-            }
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Access List",
-      "href": "/nginx/access-list/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
+	"$schema": "http://json-schema.org/draft-07/schema#",
+	"$id": "endpoints/access-lists",
+	"title": "Access Lists",
+	"description": "Endpoints relating to Access Lists",
+	"stability": "stable",
+	"type": "object",
+	"definitions": {
+		"id": {
+			"$ref": "../definitions.json#/definitions/id"
+		},
+		"created_on": {
+			"$ref": "../definitions.json#/definitions/created_on"
+		},
+		"modified_on": {
+			"$ref": "../definitions.json#/definitions/modified_on"
+		},
+		"name": {
+			"type": "string",
+			"description": "Name of the Access List"
+		},
+		"directive": {
+			"type": "string",
+			"enum": ["allow", "deny"]
+		},
+		"address": {
+			"oneOf": [
+				{
+					"type": "string",
+					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^all$"
+				}
+			]
+		},
+		"satisfy_any": {
+			"type": "boolean"
+		},
+		"meta": {
+			"type": "object"
+		}
+	},
+	"properties": {
+		"id": {
+			"$ref": "#/definitions/id"
+		},
+		"created_on": {
+			"$ref": "#/definitions/created_on"
+		},
+		"modified_on": {
+			"$ref": "#/definitions/modified_on"
+		},
+		"name": {
+			"$ref": "#/definitions/name"
+		},
+		"meta": {
+			"$ref": "#/definitions/meta"
+		}
+	},
+	"links": [
+		{
+			"title": "List",
+			"description": "Returns a list of Access Lists",
+			"href": "/nginx/access-lists",
+			"access": "private",
+			"method": "GET",
+			"rel": "self",
+			"http_header": {
+				"$ref": "../examples.json#/definitions/auth_header"
+			},
+			"targetSchema": {
+				"type": "array",
+				"items": {
+					"$ref": "#/properties"
+				}
+			}
+		},
+		{
+			"title": "Create",
+			"description": "Creates a new Access List",
+			"href": "/nginx/access-list",
+			"access": "private",
+			"method": "POST",
+			"rel": "create",
+			"http_header": {
+				"$ref": "../examples.json#/definitions/auth_header"
+			},
+			"schema": {
+				"type": "object",
+				"additionalProperties": false,
+				"required": ["name"],
+				"properties": {
+					"name": {
+						"$ref": "#/definitions/name"
+					},
+					"satisfy_any": {
+						"$ref": "#/definitions/satisfy_any"
+					},
+					"items": {
+						"type": "array",
+						"minItems": 0,
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"properties": {
+								"username": {
+									"type": "string",
+									"minLength": 1
+								},
+								"password": {
+									"type": "string",
+									"minLength": 1
+								}
+							}
+						}
+					},
+					"clients": {
+						"type": "array",
+						"minItems": 0,
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"properties": {
+								"address": {
+									"$ref": "#/definitions/address"
+								},
+								"directive": {
+									"$ref": "#/definitions/directive"
+								}
+							}
+						}
+					},
+					"meta": {
+						"$ref": "#/definitions/meta"
+					}
+				}
+			},
+			"targetSchema": {
+				"properties": {
+					"$ref": "#/properties"
+				}
+			}
+		},
+		{
+			"title": "Update",
+			"description": "Updates a existing Access List",
+			"href": "/nginx/access-list/{definitions.identity.example}",
+			"access": "private",
+			"method": "PUT",
+			"rel": "update",
+			"http_header": {
+				"$ref": "../examples.json#/definitions/auth_header"
+			},
+			"schema": {
+				"type": "object",
+				"additionalProperties": false,
+				"properties": {
+					"name": {
+						"$ref": "#/definitions/name"
+					},
+					"satisfy_any": {
+						"$ref": "#/definitions/satisfy_any"
+					},
+					"items": {
+						"type": "array",
+						"minItems": 0,
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"properties": {
+								"username": {
+									"type": "string",
+									"minLength": 1
+								},
+								"password": {
+									"type": "string",
+									"minLength": 0
+								}
+							}
+						}
+					},
+					"clients": {
+						"type": "array",
+						"minItems": 0,
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"properties": {
+								"address": {
+									"$ref": "#/definitions/address"
+								},
+								"directive": {
+									"$ref": "#/definitions/directive"
+								}
+							}
+						}
+					}
+				}
+			},
+			"targetSchema": {
+				"properties": {
+					"$ref": "#/properties"
+				}
+			}
+		},
+		{
+			"title": "Delete",
+			"description": "Deletes a existing Access List",
+			"href": "/nginx/access-list/{definitions.identity.example}",
+			"access": "private",
+			"method": "DELETE",
+			"rel": "delete",
+			"http_header": {
+				"$ref": "../examples.json#/definitions/auth_header"
+			},
+			"targetSchema": {
+				"type": "boolean"
+			}
+		}
+	]
 }
--- a/backend/schema/endpoints/certificates.json
+++ b/backend/schema/endpoints/certificates.json
@ -41,6 +41,12 @@
        },
        "letsencrypt_agree": {
          "type": "boolean"
+        },
+        "cloudflare_use": {
+          "type": "boolean"
+        },
+        "cloudflare_token": {
+          "type": "string"
        }
      }
    }
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@ -25,7 +25,7 @@
    "forward_host": {
      "type": "string",
      "minLength": 1,
-      "maxLength": 50
+      "maxLength": 255
    },
    "forward_port": {
      "type": "integer",
--- a/backend/setup.js
+++ b/backend/setup.js
@ -5,9 +5,15 @@ const logger              = require('./logger').setup;
 const userModel           = require('./models/user');
 const userPermissionModel = require('./models/user_permission');
 const authModel           = require('./models/auth');
+const settingModel        = require('./models/setting');
 const debug_mode          = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;

-module.exports = function () {
+/**
+ * Creates a new JWT RSA Keypair if not alread set on the config
+ *
+ * @returns {Promise}
+ */
+const setupJwt = () => {
 	return new Promise((resolve, reject) => {
 		// Now go and check if the jwt gpg keys have been created and if not, create them
 		if (!config.has('jwt') || !config.has('jwt.key') || !config.has('jwt.pub')) {
@ -27,12 +33,12 @@ module.exports = function () {
 			}

 			// Now create the keys and save them in the config.
-			let key = new NodeRSA({b: 2048});
+			let key = new NodeRSA({ b: 2048 });
 			key.generateKeyPair();

 			config_data.jwt = {
 				key: key.exportKey('private').toString(),
-				pub: key.exportKey('public').toString()
+				pub: key.exportKey('public').toString(),
 			};

 			// Write config
@ -47,7 +53,6 @@ module.exports = function () {
 					process.exit(0);
 				}
 			});
-
 		} else {
 			// JWT key pair exists
 			if (debug_mode) {
@ -56,14 +61,20 @@ module.exports = function () {

 			resolve();
 		}
-	})
-		.then(() => {
-			return userModel
-				.query()
-				.select(userModel.raw('COUNT(`id`) as `count`'))
-				.where('is_deleted', 0)
-				.first();
-		})
+	});
+};
+
+/**
+ * Creates a default admin users if one doesn't already exist in the database
+ *
+ * @returns {Promise}
+ */
+const setupDefaultUser = () => {
+	return userModel
+		.query()
+		.select(userModel.raw('COUNT(`id`) as `count`'))
+		.where('is_deleted', 0)
+		.first()
 		.then((row) => {
 			if (!row.count) {
 				// Create a new user and set password
@ -75,7 +86,7 @@ module.exports = function () {
 					name:       'Administrator',
 					nickname:   'Admin',
 					avatar:     '',
-					roles:      ['admin']
+					roles:      ['admin'],
 				};

 				return userModel
@ -88,28 +99,64 @@ module.exports = function () {
 								user_id: user.id,
 								type:    'password',
 								secret:  'changeme',
-								meta:    {}
+								meta:    {},
 							})
 							.then(() => {
-								return userPermissionModel
-									.query()
-									.insert({
-										user_id:           user.id,
-										visibility:        'all',
-										proxy_hosts:       'manage',
-										redirection_hosts: 'manage',
-										dead_hosts:        'manage',
-										streams:           'manage',
-										access_lists:      'manage',
-										certificates:      'manage'
-									});
+								return userPermissionModel.query().insert({
+									user_id:           user.id,
+									visibility:        'all',
+									proxy_hosts:       'manage',
+									redirection_hosts: 'manage',
+									dead_hosts:        'manage',
+									streams:           'manage',
+									access_lists:      'manage',
+									certificates:      'manage',
+								});
 							});
 					})
 					.then(() => {
-						logger.info('Initial setup completed');
+						logger.info('Initial admin setup completed');
 					});
 			} else if (debug_mode) {
 				logger.debug('Admin user setup not required');
 			}
 		});
 };
+
+/**
+ * Creates default settings if they don't already exist in the database
+ *
+ * @returns {Promise}
+ */
+const setupDefaultSettings = () => {
+	return settingModel
+		.query()
+		.select(settingModel.raw('COUNT(`id`) as `count`'))
+		.where({id: 'default-site'})
+		.first()
+		.then((row) => {
+			if (!row.count) {
+				settingModel
+					.query()
+					.insert({
+						id:          'default-site',
+						name:        'Default Site',
+						description: 'What to show when Nginx is hit with an unknown Host',
+						value:       'congratulations',
+						meta:        {},
+					})
+					.then(() => {
+						logger.info('Default settings added');
+					});
+			}
+			if (debug_mode) {
+				logger.debug('Default setting setup not required');
+			}
+		});
+};
+
+module.exports = function () {
+	return setupJwt()
+		.then(setupDefaultUser)
+		.then(setupDefaultSettings);
+};
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@ -1,5 +1,15 @@
  listen 80;
+{% if ipv6 -%}
+  listen [::]:80;
+{% else -%}
+  #listen [::]:80;
+{% endif %}
 {% if certificate -%}
  listen 443 ssl{% if http2_support %} http2{% endif %};
+{% if ipv6 -%}
+  listen [::]:443;
+{% else -%}
+  #listen [::]:443;
+{% endif %}
 {% endif %}
  server_name {{ domain_names | join: " " }};
--- a/backend/templates/letsencrypt-request.conf
+++ b/backend/templates/letsencrypt-request.conf
@ -2,6 +2,10 @@

 server {
  listen 80;
+{% if ipv6 -%}
+  listen [::]:80;
+{% endif %}
+
  server_name {{ domain_names | join: " " }};

  access_log /data/logs/letsencrypt-requests.log standard;
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@ -21,11 +21,23 @@ server {
 {% if use_default_location %}

  location / {
-    {%- if access_list_id > 0 -%}
-    # Access List
+
+    {% if access_list_id > 0 %}
+    {% if access_list.items.length > 0 %}
+    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};
-    {%- endif %}
+    {% endif %}
+
+    # Access Rules
+    {% for client in access_list.clients %}
+    {{- client.rule -}};
+    {% endfor %}deny all;
+
+    # Access checks must...
+    {{ access_list.satisfy }};
+
+    {% endif %}

 {% include "_forced_ssl.conf" %}
 {% include "_hsts.conf" %}
--- a/backend/templates/stream.conf
+++ b/backend/templates/stream.conf
@ -6,6 +6,12 @@
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
  listen {{ incoming_port }};
+{% if ipv6 -%}
+  listen [::]:{{ incoming_port }};
+{% else -%}
+  #listen [::]:{{ incoming_port }};
+{% endif %}
+
  proxy_pass {{ forward_ip }}:{{ forwarding_port }};

  # Custom
@ -16,6 +22,11 @@ server {
 {% if udp_forwarding == 1 or udp_forwarding == true %}
 server {
  listen {{ incoming_port }} udp;
+{% if ipv6 -%}
+  listen [::]:{{ incoming_port }} udp;
+{% else -%}
+  #listen [::]:{{ incoming_port }} udp;
+{% endif %}
  proxy_pass {{ forward_ip }}:{{ forwarding_port }};

  # Custom
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -16,9 +16,9 @@ ENV S6_FIX_ATTRS_HIDDEN=1
 ENV NODE_ENV=production

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
-	&& rm -rf /etc/nginx \
 	&& apk update \
-	&& apk add python2 certbot jq \
+	&& apk add python2 py-pip certbot jq \
+	&& pip install certbot-dns-cloudflare \
 	&& rm -rf /var/cache/apk/*

 ENV NPM_BUILD_VERSION="${BUILD_VERSION}" NPM_BUILD_COMMIT="${BUILD_COMMIT}" NPM_BUILD_DATE="${BUILD_DATE}"
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -6,9 +6,9 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1
 ENV S6_FIX_ATTRS_HIDDEN=1

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
-	&& rm -rf /etc/nginx \
 	&& apk update \
-	&& apk add python2 certbot jq \
+	&& apk add python2 py-pip certbot jq \
+	&& pip install certbot-dns-cloudflare \
 	&& rm -rf /var/cache/apk/*

 # Task
--- a/docker/docker-compose.ci.yml
+++ b/docker/docker-compose.ci.yml
@ -2,14 +2,14 @@
 version: "3"
 services:

-  fullstack:
+  fullstack-mysql:
    image: ${IMAGE}:ci-${BUILD_NUMBER}
    environment:
      - NODE_ENV=development
      - FORCE_COLOR=1
    volumes:
      - npm_data:/data
-      - ../.jenkins/config.json:/app/config/production.json
+      - ../.jenkins/config-mysql.json:/app/config/development.json
    expose:
      - 81
      - 80
@ -17,6 +17,19 @@ services:
    depends_on:
      - db

+  fullstack-sqlite:
+    image: ${IMAGE}:ci-${BUILD_NUMBER}
+    environment:
+      - NODE_ENV=development
+      - FORCE_COLOR=1
+    volumes:
+      - npm_data:/data
+      - ../.jenkins/config-sqlite.json:/app/config/development.json
+    expose:
+      - 81
+      - 80
+      - 443
+
  db:
    image: jc21/mariadb-aria
    environment:
@ -27,13 +40,24 @@ services:
    volumes:
      - db_data:/var/lib/mysql

-  cypress:
+  cypress-mysql:
    image: ${IMAGE}-cypress:ci-${BUILD_NUMBER}
    build:
      context: ../
      dockerfile: test/cypress/Dockerfile
    environment:
-      CYPRESS_baseUrl: "http://fullstack:81"
+      CYPRESS_baseUrl: "http://fullstack-mysql:81"
+    volumes:
+      - cypress-logs:/results
+    command: cypress run --browser chrome --config-file=${CYPRESS_CONFIG:-cypress/config/ci.json}
+
+  cypress-sqlite:
+    image: ${IMAGE}-cypress:ci-${BUILD_NUMBER}
+    build:
+      context: ../
+      dockerfile: test/cypress/Dockerfile
+    environment:
+      CYPRESS_baseUrl: "http://fullstack-sqlite:81"
    volumes:
      - cypress-logs:/results
    command: cypress run --browser chrome --config-file=${CYPRESS_CONFIG:-cypress/config/ci.json}
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -15,6 +15,7 @@ services:
      - NODE_ENV=development
      - FORCE_COLOR=1
      - DEVELOPMENT=true
+      #- DISABLE_IPV6=true
    volumes:
      - npm_data:/data
      - le_data:/etc/letsencrypt
--- a/docker/rootfs/bin/handle-ipv6-setting
+++ b/docker/rootfs/bin/handle-ipv6-setting
@ -0,0 +1,46 @@
+#!/bin/bash
+
+# This command reads the `DISABLE_IPV6` env var and will either enable
+# or disable ipv6 in all nginx configs based on this setting.
+
+# Lowercase
+DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
+
+CYAN='\E[1;36m'
+BLUE='\E[1;34m'
+YELLOW='\E[1;33m'
+RED='\E[1;31m'
+RESET='\E[0m'
+
+FOLDER=$1
+if [ "$FOLDER" == "" ]; then
+	echo -e "${RED}❯ $0 requires a absolute folder path as the first argument!${RESET}"
+	echo -e "${YELLOW}  ie: $0 /data/nginx${RESET}"
+	exit 1
+fi
+
+FILES=$(find "$FOLDER" -type f -name "*.conf")
+if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ]; then
+	# IPV6 is disabled
+	echo "Disabling IPV6 in hosts"
+	echo -e "${BLUE}❯ ${CYAN}Disabling IPV6 in hosts: ${YELLOW}${FOLDER}${RESET}"
+
+	# Iterate over configs and run the regex
+	for FILE in $FILES
+	do
+		echo -e "  ${BLUE}❯ ${YELLOW}${FILE}${RESET}"
+		sed -E -i 's/^([^#]*)listen \[::\]/\1#listen [::]/g' "$FILE"
+	done
+
+else
+	# IPV6 is enabled
+	echo -e "${BLUE}❯ ${CYAN}Enabling IPV6 in hosts: ${YELLOW}${FOLDER}${RESET}"
+
+	# Iterate over configs and run the regex
+	for FILE in $FILES
+	do
+		echo -e "  ${BLUE}❯ ${YELLOW}${FILE}${RESET}"
+		sed -E -i 's/^(\s*)#listen \[::\]/\1listen [::]/g' "$FILE"
+	done
+
+fi
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -26,12 +26,15 @@ http {
 	tcp_nopush                    on;
 	tcp_nodelay                   on;
 	client_body_temp_path         /tmp/nginx/body 1 2;
-	keepalive_timeout             65;
+	keepalive_timeout             90s;
+	proxy_connect_timeout         90s;
+	proxy_send_timeout            90s;
+	proxy_read_timeout            90s;
 	ssl_prefer_server_ciphers     on;
 	gzip                          on;
 	proxy_ignore_client_abort     off;
 	client_max_body_size          2000m;
-	server_names_hash_bucket_size 64;
+	server_names_hash_bucket_size 1024;
 	proxy_http_version            1.1;
 	proxy_set_header              X-Forwarded-Scheme $scheme;
 	proxy_set_header              X-Forwarded-For $proxy_add_x_forwarded_for;
@ -57,6 +60,9 @@ http {
 	# Real IP Determination
 	# Docker subnet:
 	set_real_ip_from 172.0.0.0/8;
+	# Local subnets:
+	set_real_ip_from 10.0.0.0/8;
+	set_real_ip_from 192.0.0.0/8;
 	# NPM generated CDN ip ranges:
 	include conf.d/include/ip_ranges.conf;
 	# always put the following 2 lines after ip subnets:
--- a/docker/rootfs/etc/services.d/nginx/run
+++ b/docker/rootfs/etc/services.d/nginx/run
@ -42,4 +42,8 @@ then
 	echo "Complete"
 fi

+# Handle IPV6 settings
+/bin/handle-ipv6-setting /etc/nginx/conf.d
+/bin/handle-ipv6-setting /data/nginx
+
 exec nginx
--- a/docker/rootfs/root/.bashrc
+++ b/docker/rootfs/root/.bashrc
@ -16,5 +16,5 @@ alias h='cd ~;clear;'

 echo -e -n '\E[1;34m'
 figlet -w 120 "NginxProxyManager"
-echo -e "\E[1;36mVersion \E[1;32m${NPM_BUILD_VERSION:-2.0.0-dev}\E[1;36m (${NPM_BUILD_COMMIT:-dev}) ${NPM_BUILD_DATE:-0000-00-00}, Nginx \E[1;32m${NGINX_VERSION:-unknown}\E[1;36m, Alpine \E[1;32m${VERSION_ID:-unknown}\E[1;36m, Kernel \E[1;32m$(uname -r)\E[0m"
+echo -e "\E[1;36mVersion \E[1;32m${NPM_BUILD_VERSION:-2.0.0-dev} (${NPM_BUILD_COMMIT:-dev}) ${NPM_BUILD_DATE:-0000-00-00}\E[1;36m, OpenResty \E[1;32m${OPENRESTY_VERSION:-unknown}\E[1;36m, Alpine \E[1;32m${VERSION_ID:-unknown}\E[1;36m, Kernel \E[1;32m$(uname -r)\E[0m"
 echo
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@ -47,6 +47,7 @@ module.exports = {
 					["/screenshots/", "Screenshots"],
 					["/setup/", "Setup Instructions"],
 					["/advanced-config/", "Advanced Configuration"],
+					["/faq/", "Frequently Asked Questions"],
 					["/third-party/", "Third Party"]
 				]
 			}
--- a/docs/README.md
+++ b/docs/README.md
@ -45,7 +45,21 @@ footer: MIT Licensed | Copyright © 2016-present jc21.com
 - [Docker Install documentation](https://docs.docker.com/install/)
 - [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)

-2. Create a docker-compose.yml file similar to this:
+2. Create a config file for example
+```json
+{
+  "database": {
+    "engine": "mysql",
+    "host": "db",
+    "name": "npm",
+    "user": "npm",
+    "password": "npm",
+    "port": 3306
+  }
+}
+```
+
+3. Create a docker-compose.yml file similar to this:

 ```yml
 version: '3'
@ -71,15 +85,16 @@ services:
      - ./data/mysql:/var/lib/mysql
 ```

-3. Bring up your stack
+4. Bring up your stack

 ```bash
 docker-compose up -d
 ```

-4. Log in to the Admin UI
+5. Log in to the Admin UI

 When your docker container is running, connect to it on port `81` for the admin interface.
+Sometimes this can take a little bit because of the entropy of keys.

 [http://127.0.0.1:81](http://127.0.0.1:81)

--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@ -1,6 +1,20 @@
 # Advanced Configuration

-### Custom Nginx Configurations
+## Disabling IPv6
+
+On some docker hosts IPv6 may not be enabled. In these cases, the following message may be seen in the log:
+
+> Address family not supported by protocol
+
+The easy fix is to add a Docker environment variable to the Nginx Proxy Manager stack:
+
+```yml
+    environment:
+      DISABLE_IPV6: 'true'
+```
+
+
+## Custom Nginx Configurations

 If you are a more advanced user, you might be itching for extra Nginx customizability.

@ -8,18 +22,18 @@ NPM has the ability to include different custom configuration snippets in differ

 You can add your custom configuration snippet files at `/data/nginx/custom` as follow:

-`/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
-`/data/nginx/custom/http.conf`: Included at the end of the main http block
-`/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
-`/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
-`/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
-`/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
-`/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block
+ - `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
+ - `/data/nginx/custom/http.conf`: Included at the end of the main http block
+ - `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
+ - `/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
+ - `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
+ - `/data/nginx/custom/server_stream_tcp.conf`: Included at the end of every TCP stream server block
+ - `/data/nginx/custom/server_stream_udp.conf`: Included at the end of every UDP stream server block

 Every file is optional.


-### X-FRAME-OPTIONS Header
+## X-FRAME-OPTIONS Header

 You can configure the [`X-FRAME-OPTIONS`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) header
 value by specifying it as a Docker environment variable. The default if not specified is `deny`.
--- a/docs/faq/README.md
+++ b/docs/faq/README.md
@ -0,0 +1,16 @@
+# FAQ
+
+## Do I have to use Docker?
+
+Yes, that's how this project is packaged.
+
+This makes it easier to support the project when I have control over the version of Nginx and NodeJS
+being used. In future this could change if the backend was no longer using NodeJS and it's long list
+of dependencies.
+
+
+## Can I run it on a Raspberry Pi?
+
+Yes! The docker image is multi-arch and is built for a variety of architectures. If yours is
+[not listed](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags) please open a
+[GitHub issue](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).
--- a/docs/package.json
+++ b/docs/package.json
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@ -6,7 +6,7 @@

 Don't worry, this is easy to do.

-The app requires a configuration file to let it know what database you're using. By default, this file is called config.json. 
+The app requires a configuration file to let it know what database you're using. By default, this file is called `config.json`

 Here's an example configuration for `mysql` (or mariadb) that is compatible with the docker-compose example below:

@ -23,15 +23,31 @@ Here's an example configuration for `mysql` (or mariadb) that is compatible with
 }
 ```

+Alternatively if you would like to use a Sqlite database file:
+
+```json
+{
+  "database": {
+    "engine": "knex-native",
+    "knex": {
+      "client": "sqlite3",
+      "connection": {
+        "filename": "/data/database.sqlite"
+      }
+    }
+  }
+}
+```
+
 Once you've created your configuration file it's easy to mount it in the docker container.

 **Note:** After the first run of the application, the config file will be altered to include generated encryption keys unique to your installation. These keys
 affect the login and session management of the application. If these keys change for any reason, all users will be logged out.


-### Database
+### MySQL Database

-This app doesn't come with a database, you have to provide one yourself. Currently only `mysql/mariadb` is supported for the minimum versions:
+If you opt for the MySQL configuration you will have to provide the database server yourself. You can also use MariaDB. Here are the minimum supported versions:

 - MySQL v5.7.8+
 - MariaDB v10.2.7+
@ -63,6 +79,9 @@ services:
      - '443:443'
      # Admin Web Port:
      - '81:81'
+    environment:
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
    volumes:
      # Make sure this config.json file exists as per instructions above:
      - ./config.json:/app/config/production.json
@ -74,10 +93,10 @@ services:
    image: jc21/mariadb-aria:10.4
    restart: always
    environment:
-      MYSQL_ROOT_PASSWORD: "npm"
-      MYSQL_DATABASE: "npm"
-      MYSQL_USER: "npm"
-      MYSQL_PASSWORD: "npm"
+      MYSQL_ROOT_PASSWORD: 'npm'
+      MYSQL_DATABASE: 'npm'
+      MYSQL_USER: 'npm'
+      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
 ```
@ -100,7 +119,7 @@ The docker images support the following architectures:
 The docker images are a manifest of all the architecture docker builds supported, so this means
 you don't have to worry about doing anything special and you can follow the common instructions above.

-Check out the [dockerhub tags](https://cloud.docker.com/repository/registry-1.docker.io/jc21/nginx-proxy-manager/tags)
+Check out the [dockerhub tags](https://hub.docker.com/r/jc21/nginx-proxy-manager/tags)
 for a list of supported architectures and if you want one that doesn't exist,
 [create a feature request](https://github.com/jc21/nginx-proxy-manager/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=).

--- a/docs/yarn.lock
+++ b/docs/yarn.lock
--- a/frontend/js/app/nginx/access/form.ejs
+++ b/frontend/js/app/nginx/access/form.ejs
@ -3,28 +3,74 @@
        <h5 class="modal-title"><%- i18n('access-lists', 'form-title', {id: id}) %></h5>
        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
    </div>
-    <div class="modal-body">
+    <div class="modal-body has-tabs">
        <form>
-            <div class="row">
-                <div class="col-sm-12 col-md-12">
-                    <div class="form-group">
-                        <label class="form-label"><%- i18n('str', 'name') %> <span class="form-required">*</span></label>
-                        <input type="text" name="name" class="form-control" value="<%- name %>" required>
-                    </div>
-                </div>
-                <div class="col-sm-6 col-md-6">
-                    <div class="form-group">
-                        <label class="form-label"><%- i18n('str', 'username') %></label>
-                    </div>
-                </div>
-                <div class="col-sm-6 col-md-6">
-                    <div class="form-group">
-                        <label class="form-label"><%- i18n('str', 'password') %></label>
-                    </div>
-                </div>
-            </div>
+            <ul class="nav nav-tabs" role="tablist">
+                <li role="presentation" class="nav-item"><a href="#details" aria-controls="tab1" role="tab" data-toggle="tab" class="nav-link active show" aria-selected="true"><i class="fe fe-zap"></i> <%- i18n('access-lists', 'details') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#auth" aria-controls="tab4" role="tab" data-toggle="tab" class="nav-link" aria-selected="false"><i class="fe fe-users"></i> <%- i18n('access-lists', 'authorization') %></a></li>
+                <li role="presentation" class="nav-item"><a href="#access" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link" aria-selected="false"><i class="fe fe-radio"></i> <%- i18n('access-lists', 'access') %></a></li>
+            </ul>

-            <div class="items"><!-- items --></div>
+            <div class="tab-content">
+                <!-- Details -->
+                <div role="tabpanel" class="tab-pane active show" id="details">
+                    <div class="row">
+                        <div class="col-sm-12 col-md-12">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('str', 'name') %> <span class="form-required">*</span></label>
+                                <input type="text" name="name" class="form-control" value="<%- name %>" required>
+                            </div>
+                        </div>
+
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="satisfy_any" value="1"<%- typeof satisfy_any !== 'undefined' && satisfy_any ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('access-lists', 'satisfy-any') %></span>
+                                </label>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+
+                <!-- Authorization -->
+                <div class="tab-pane" id="auth">
+                    <div class="row">
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('str', 'username') %></label>
+                            </div>
+                        </div>
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="form-label"><%- i18n('str', 'password') %></label>
+                            </div>
+                        </div>
+                    </div>
+
+                    <div class="items"><!-- items --></div>
+                </div>
+
+                <!-- Access -->
+                <div class="tab-pane" id="access">
+                    <div class="clients"><!-- clients --></div>
+                    <div class="row">
+                        <div class="col-sm-3 col-md-3">
+                            <div class="form-group">
+                                <input type="text" class="form-control disabled" value="deny" disabled>
+                            </div>
+                        </div>
+                        <div class="col-sm-9 col-md-9">
+                            <div class="form-group">
+                                <input type="text" class="form-control disabled" value="all" disabled>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="text-muted">Note that the <code>allow</code> and <code>deny</code> directives will be applied in the order they are defined.</div>
+                </div>
+
+            </div>
        </form>
    </div>
    <div class="modal-footer">
--- a/frontend/js/app/nginx/access/form.js
+++ b/frontend/js/app/nginx/access/form.js
@ -3,6 +3,7 @@ const App             = require('../../main');
 const AccessListModel = require('../../../models/access-list');
 const template        = require('./form.ejs');
 const ItemView        = require('./form/item');
+const ClientView      = require('./form/client');

 require('jquery-serializejson');

@ -10,20 +11,26 @@ const ItemsView = Mn.CollectionView.extend({
    childView: ItemView
 });

+const ClientsView = Mn.CollectionView.extend({
+    childView: ClientView
+});
+
 module.exports = Mn.View.extend({
    template:  template,
    className: 'modal-dialog',

    ui: {
-        items_region: '.items',
-        form:         'form',
-        buttons:      '.modal-footer button',
-        cancel:       'button.cancel',
-        save:         'button.save'
+        items_region:   '.items',
+        clients_region: '.clients',
+        form:           'form',
+        buttons:        '.modal-footer button',
+        cancel:         'button.cancel',
+        save:           'button.save'
    },

    regions: {
-        items_region: '@ui.items_region'
+        items_region:   '@ui.items_region',
+        clients_region: '@ui.clients_region'
    },

    events: {
@ -35,9 +42,10 @@ module.exports = Mn.View.extend({
                return;
            }

-            let view       = this;
-            let form_data  = this.ui.form.serializeJSON();
-            let items_data = [];
+            let view         = this;
+            let form_data    = this.ui.form.serializeJSON();
+            let items_data   = [];
+            let clients_data = [];

            form_data.username.map(function (val, idx) {
                if (val.trim().length) {
@ -48,16 +56,29 @@ module.exports = Mn.View.extend({
                }
            });

-            if (!items_data.length) {
-                alert('You must specify at least 1 Username and Password combination');
+            form_data.address.map(function (val, idx) {
+                if (val.trim().length) {
+                    clients_data.push({
+                        address: val.trim(),
+                        directive: form_data.directive[idx]
+                    })
+                }
+            });
+
+            if (!items_data.length && !clients_data.length) {
+                alert('You must specify at least 1 Authorization or Access rule');
                return;
            }

            let data = {
-                name:  form_data.name,
-                items: items_data
+                name:       form_data.name,
+                satisfy_any: !!form_data.satisfy_any,
+                items:      items_data,
+                clients:    clients_data
            };

+            console.log(data);
+
            let method = App.Api.Nginx.AccessLists.create;
            let is_new = true;

@ -88,6 +109,7 @@ module.exports = Mn.View.extend({

    onRender: function () {
        let items = this.model.get('items');
+        let clients = this.model.get('clients');

        // Add empty items to the end of the list. This is cheating but hey I don't have the time to do it right
        let items_to_add = 5 - items.length;
@ -97,9 +119,20 @@ module.exports = Mn.View.extend({
            }
        }

+        let clients_to_add = 4 - clients.length;
+        if (clients_to_add) {
+            for (let i = 0; i < clients_to_add; i++) {
+                clients.push({});
+            }
+        }
+
        this.showChildView('items_region', new ItemsView({
            collection: new Backbone.Collection(items)
        }));
+
+        this.showChildView('clients_region', new ClientsView({
+            collection: new Backbone.Collection(clients)
+        }));
    },

    initialize: function (options) {
--- a/frontend/js/app/nginx/access/form/client.ejs
+++ b/frontend/js/app/nginx/access/form/client.ejs
@ -0,0 +1,13 @@
+<div class="col-sm-3 col-md-3">
+    <div class="form-group">
+        <select name="directive[]" class="form-control custom-select" placeholder="http">
+            <option value="allow" <%- typeof directive == 'undefined' || directive === 'allow' ? 'selected' : '' %>>allow</option>
+            <option value="deny" <%- typeof directive !== 'undefined' && directive === 'deny' ? 'selected' : '' %>>deny</option>
+        </select>
+    </div>
+</div>
+<div class="col-sm-9 col-md-9">
+    <div class="form-group">
+        <input type="text" name="address[]" class="form-control" value="<%- typeof address !== 'undefined' ? address : '' %>" value="">
+    </div>
+</div>
--- a/frontend/js/app/nginx/access/form/client.js
+++ b/frontend/js/app/nginx/access/form/client.js
@ -0,0 +1,7 @@
+const Mn       = require('backbone.marionette');
+const template = require('./client.ejs');
+
+module.exports = Mn.View.extend({
+    template:  template,
+    className: 'row'
+});
--- a/frontend/js/app/nginx/access/list/item.ejs
+++ b/frontend/js/app/nginx/access/list/item.ejs
@ -14,6 +14,16 @@
 <td>
    <%- i18n('access-lists', 'item-count', {count: items.length || 0}) %>
 </td>
+<td>
+    <%- i18n('access-lists', 'client-count', {count: clients.length || 0}) %>
+</td>
+<td>
+    <% if (satisfy_any) { %>
+    <%- i18n('str', 'any') %>
+    <%} else { %>
+    <%- i18n('str', 'all') %>
+    <% } %>
+</td>
 <td>
    <%- i18n('access-lists', 'proxy-host-count', {count: proxy_host_count}) %>
 </td>
--- a/frontend/js/app/nginx/access/list/main.ejs
+++ b/frontend/js/app/nginx/access/list/main.ejs
@ -1,7 +1,9 @@
 <thead>
    <th width="30">&nbsp;</th>
    <th><%- i18n('str', 'name') %></th>
-    <th><%- i18n('users', 'title') %></th>
+    <th><%- i18n('access-lists', 'authorization') %></th>
+    <th><%- i18n('access-lists', 'access') %></th>
+    <th><%- i18n('access-lists', 'satisfy') %></th>
    <th><%- i18n('proxy-hosts', 'title') %></th>
    <% if (canManage) { %>
    <th>&nbsp;</th>
--- a/frontend/js/app/nginx/access/main.js
+++ b/frontend/js/app/nginx/access/main.js
@ -40,7 +40,7 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;

-        App.Api.Nginx.AccessLists.getAll(['owner', 'items'])
+        App.Api.Nginx.AccessLists.getAll(['owner', 'items', 'clients'])
            .then(response => {
                if (!view.isDestroyed()) {
                    if (response && response.length) {
--- a/frontend/js/app/nginx/certificates/form.ejs
+++ b/frontend/js/app/nginx/certificates/form.ejs
@ -20,6 +20,24 @@
                            <input name="meta[letsencrypt_email]" type="email" class="form-control" placeholder="" value="<%- getLetsencryptEmail() %>" required>
                        </div>
                    </div>
+
+                    <!-- CloudFlare -->
+                    <div class="col-sm-12 col-md-12">
+                        <div class="form-group">
+                            <label class="custom-switch">
+                                <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                <span class="custom-switch-indicator"></span>
+                                <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                            </label>
+                        </div>
+                    </div>
+                    <div class="col-sm-12 col-md-12 cloudflare">
+                        <div class="form-group">
+                            <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                            <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                        </div>
+                    </div>
+
                    <div class="col-sm-12 col-md-12">
                        <div class="form-group">
                            <label class="custom-switch">
@ -42,7 +60,7 @@
                            <div class="form-label"><%- i18n('certificates', 'other-certificate-key') %><span class="form-required">*</span></div>
                            <div class="custom-file">
                                <input type="file" class="custom-file-input" name="meta[other_certificate_key]" id="other_certificate_key" required>
-                                <label class="custom-file-label"><%- i18n('str', 'choose-file') %></label>
+                                <label id="other_certificate_key_label" class="custom-file-label"><%- i18n('str', 'choose-file') %></label>
                            </div>
                        </div>
                    </div>
@ -51,7 +69,7 @@
                            <div class="form-label"><%- i18n('certificates', 'other-certificate') %><span class="form-required">*</span></div>
                            <div class="custom-file">
                                <input type="file" class="custom-file-input" name="meta[other_certificate]" id="other_certificate">
-                                <label class="custom-file-label"><%- i18n('str', 'choose-file') %></label>
+                                <label id="other_certificate_label" class="custom-file-label"><%- i18n('str', 'choose-file') %></label>
                            </div>
                        </div>
                    </div>
@ -60,7 +78,7 @@
                            <div class="form-label"><%- i18n('certificates', 'other-intermediate-certificate') %></div>
                            <div class="custom-file">
                                <input type="file" class="custom-file-input" name="meta[other_intermediate_certificate]" id="other_intermediate_certificate">
-                                <label class="custom-file-label"><%- i18n('str', 'choose-file') %></label>
+                                <label id="other_intermediate_certificate_label" class="custom-file-label"><%- i18n('str', 'choose-file') %></label>
                            </div>
                        </div>
                    </div>
--- a/frontend/js/app/nginx/certificates/form.js
+++ b/frontend/js/app/nginx/certificates/form.js
@ -13,22 +13,39 @@ module.exports = Mn.View.extend({
    max_file_size: 102400,

    ui: {
-        form:                           'form',
-        domain_names:                   'input[name="domain_names"]',
-        buttons:                        '.modal-footer button',
-        cancel:                         'button.cancel',
-        save:                           'button.save',
-        other_certificate:              '#other_certificate',
-        other_certificate_key:          '#other_certificate_key',
-        other_intermediate_certificate: '#other_intermediate_certificate'
+        form:                                 'form',
+        domain_names:                         'input[name="domain_names"]',
+        buttons:                              '.modal-footer button',
+        cancel:                               'button.cancel',
+        save:                                 'button.save',
+        other_certificate:                    '#other_certificate',
+        other_certificate_label:              '#other_certificate_label',
+        other_certificate_key:                '#other_certificate_key',
+        cloudflare_switch:                    'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:                     'input[name="meta[cloudflare_token]"',
+        cloudflare:                           '.cloudflare',
+        other_certificate_key_label:          '#other_certificate_key_label',
+        other_intermediate_certificate:       '#other_intermediate_certificate',
+        other_intermediate_certificate_label: '#other_intermediate_certificate_label'
    },
-
+    
    events: {
+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
        'click @ui.save': function (e) {
            e.preventDefault();

            if (!this.ui.form[0].checkValidity()) {
                $('<input type="submit">').hide().appendTo(this.ui.form).click().remove();
+                $(this).removeClass('btn-loading');
                return;
            }

@ -36,10 +53,29 @@ module.exports = Mn.View.extend({
            let data      = this.ui.form.serializeJSON();
            data.provider = this.model.get('provider');

+
+
+            let domain_err = false;
+            if (!data.meta.cloudflare_use) {                
+                data.domain_names.split(',').map(function (name) {
+                    if (name.match(/\*/im)) {
+                        domain_err = true;
+                    }
+                });
+            }
+
+            if (domain_err) {
+                alert('Cannot request Let\'s Encrypt Certificate for wildcard domains when not using CloudFlare DNS');
+                return;
+            }
+
            // Manipulate
            if (typeof data.meta !== 'undefined' && typeof data.meta.letsencrypt_agree !== 'undefined') {
                data.meta.letsencrypt_agree = !!data.meta.letsencrypt_agree;
            }
+            if (typeof data.meta !== 'undefined' && typeof data.meta.cloudflare_use !== 'undefined') {
+                data.meta.cloudflare_use = !!data.meta.cloudflare_use;
+            }

            if (typeof data.domain_names === 'string' && data.domain_names) {
                data.domain_names = data.domain_names.split(',');
@ -81,6 +117,7 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');

            // compile file data
            let form_data = new FormData();
@ -119,10 +156,22 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
+        },
+        'change @ui.other_certificate_key': function(e){
+            this.setFileName("other_certificate_key_label", e)
+        },
+        'change @ui.other_certificate': function(e){
+            this.setFileName("other_certificate_label", e)
+        },
+        'change @ui.other_intermediate_certificate': function(e){
+            this.setFileName("other_intermediate_certificate_label", e)
        }
    },
-
+    setFileName(ui, e){
+        this.getUI(ui).text(e.target.files[0].name)
+    },
    templateContext: {
        getLetsencryptEmail: function () {
            return typeof this.meta.letsencrypt_email !== 'undefined' ? this.meta.letsencrypt_email : App.Cache.User.get('email');
@ -130,6 +179,10 @@ module.exports = Mn.View.extend({

        getLetsencryptAgree: function () {
            return typeof this.meta.letsencrypt_agree !== 'undefined' ? this.meta.letsencrypt_agree : false;
+        },
+
+        getCloudflareUse: function () {
+            return typeof this.meta.cloudflare_use !== 'undefined' ? this.meta.cloudflare_use : false;
        }
    },

@ -144,8 +197,9 @@ module.exports = Mn.View.extend({
                    text:  input
                };
            },
-            createFilter: /^(?:[^.*]+\.?)+[^.]$/
+            createFilter: /^(?:[^.]+\.?)+[^.]$/
        });
+        this.ui.cloudflare.hide();
    },

    initialize: function (options) {
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -28,7 +28,7 @@
    </div>
 </td>
 <td>
-    <%- i18n('ssl', provider) %>
+    <%- i18n('ssl', provider) %><% if (meta.cloudflare_use) { %> - CloudFlare DNS<% } %>
 </td>
 <td class="<%- isExpired() ? 'text-danger' : '' %>">
    <%- formatDbDate(expires_on, 'Do MMMM YYYY, h:mm a') %>
--- a/frontend/js/app/nginx/dead/form.ejs
+++ b/frontend/js/app/nginx/dead/form.ejs
@ -73,6 +73,23 @@
                            </div>
                        </div>

+                        <!-- CloudFlare -->
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12 cloudflare letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                                <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                            </div>
+                        </div>
+
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
--- a/frontend/js/app/nginx/dead/form.js
+++ b/frontend/js/app/nginx/dead/form.js
@ -23,6 +23,9 @@ module.exports = Mn.View.extend({
        hsts_enabled:       'input[name="hsts_enabled"]',
        hsts_subdomains:    'input[name="hsts_subdomains"]',
        http2_support:      'input[name="http2_support"]',
+        cloudflare_switch:  'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:   'input[name="meta[cloudflare_token]"',
+        cloudflare:         '.cloudflare',
        letsencrypt:        '.letsencrypt'
    },

@ -31,10 +34,12 @@ module.exports = Mn.View.extend({
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
+                this.ui.cloudflare.hide();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }

+
            let enabled = id === 'new' || parseInt(id, 10) > 0;

            let inputs = this.ui.ssl_forced.add(this.ui.http2_support);
@ -76,6 +81,17 @@ module.exports = Mn.View.extend({
            }
        },

+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
+
        'click @ui.save': function (e) {
            e.preventDefault();

@ -98,20 +114,23 @@ module.exports = Mn.View.extend({
            }

            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
+            if (data.certificate_id === 'new') {                
                let domain_err = false;
-                data.domain_names.map(function (name) {
-                    if (name.match(/\*/im)) {
-                        domain_err = true;
-                    }
-                });
+                if (!data.meta.cloudflare_use) {
+                    data.domain_names.map(function (name) {
+                        if (name.match(/\*/im)) {
+                            domain_err = true;
+                        }
+                    });
+                }

                if (domain_err) {
-                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains');
+                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains without CloudFlare DNS.');
                    return;
                }

-                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';
+                data.meta.cloudflare_use = data.meta.cloudflare_use === '1';
+                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';                
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
@ -127,6 +146,8 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');
+
            method(data)
                .then(result => {
                    view.model.set(result);
@ -140,6 +161,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        }
    },
--- a/frontend/js/app/nginx/proxy/access-list-item.ejs
+++ b/frontend/js/app/nginx/proxy/access-list-item.ejs
@ -3,7 +3,7 @@
        <div class="title">
            <i class="fe fe-lock text-teal"></i> <%- name %>
        </div>
-        <span class="description"><%- i18n('access-lists', 'item-count', {count: items.length || 0}) %> &ndash; Created: <%- formatDbDate(created_on, 'Do MMMM YYYY, h:mm a') %></span>
+        <span class="description"><%- i18n('access-lists', 'item-count', {count: items.length || 0}) %>, <%- i18n('access-lists', 'client-count', {count: clients.length || 0}) %> &ndash; Created: <%- formatDbDate(created_on, 'Do MMMM YYYY, h:mm a') %></span>
    <% } else { %>
        <div class="title">
            <i class="fe fe-unlock text-yellow"></i> <%- i18n('access-lists', 'public') %>
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@ -44,7 +44,7 @@
                        <div class="col-sm-5 col-md-5">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'forward-host') %><span class="form-required">*</span></label>
-                                <input type="text" name="forward_host" class="form-control text-monospace" placeholder="" value="<%- forward_host %>" autocomplete="off" maxlength="50" required>
+                                <input type="text" name="forward_host" class="form-control text-monospace" placeholder="" value="<%- forward_host %>" autocomplete="off" maxlength="255" required>
                            </div>
                        </div>
                        <div class="col-sm-4 col-md-4">
@ -141,6 +141,23 @@
                            </div>
                        </div>

+                        <!-- CloudFlare -->
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12 cloudflare letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                                <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                            </div>
+                        </div>
+
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@ -33,6 +33,9 @@ module.exports = Mn.View.extend({
        hsts_enabled:       'input[name="hsts_enabled"]',
        hsts_subdomains:    'input[name="hsts_subdomains"]',
        http2_support:      'input[name="http2_support"]',
+        cloudflare_switch:  'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:   'input[name="meta[cloudflare_token]"',
+        cloudflare:         '.cloudflare',
        forward_scheme:     'select[name="forward_scheme"]',
        letsencrypt:        '.letsencrypt'
    },
@ -46,6 +49,7 @@ module.exports = Mn.View.extend({
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
+                this.ui.cloudflare.hide();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }
@ -91,6 +95,17 @@ module.exports = Mn.View.extend({
            }
        },

+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
+
        'click @ui.add_location_btn': function (e) {
            e.preventDefault();
            
@ -134,20 +149,23 @@ module.exports = Mn.View.extend({
            }

            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
+            if (data.certificate_id === 'new') {                
                let domain_err = false;
-                data.domain_names.map(function (name) {
-                    if (name.match(/\*/im)) {
-                        domain_err = true;
-                    }
-                });
+                if (!data.meta.cloudflare_use) {
+                    data.domain_names.map(function (name) {
+                        if (name.match(/\*/im)) {
+                            domain_err = true;
+                        }
+                    });
+                }

                if (domain_err) {
-                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains');
+                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains without CloudFlare DNS.');
                    return;
                }

-                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';
+                data.meta.cloudflare_use = data.meta.cloudflare_use === '1';
+                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';                
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
@ -163,6 +181,8 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');
+
            method(data)
                .then(result => {
                    view.model.set(result);
@ -176,6 +196,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        }
    },
@ -203,7 +224,7 @@ module.exports = Mn.View.extend({
                    text:  input
                };
            },
-            createFilter: /^(?:\*\.)?(?:[^.*]+\.?)+[^.]$/
+            createFilter: /^(?:\.)?(?:[^.*]+\.?)+[^.]$/
        });

        // Access Lists
@ -222,7 +243,7 @@ module.exports = Mn.View.extend({
                }
            },
            load:             function (query, callback) {
-                App.Api.Nginx.AccessLists.getAll(['items'])
+                App.Api.Nginx.AccessLists.getAll(['items', 'clients'])
                    .then(rows => {
                        callback(rows);
                    })
--- a/frontend/js/app/nginx/proxy/location-item.ejs
+++ b/frontend/js/app/nginx/proxy/location-item.ejs
@ -38,7 +38,7 @@
            <div class="col-sm-5 col-md-5">
                <div class="form-group">
                    <label class="form-label"><%- i18n('proxy-hosts', 'forward-host') %><span class="form-required">*</span></label>
-                    <input type="text" name="forward_host" class="form-control text-monospace model" placeholder="" value="<%- forward_host %>" autocomplete="off" maxlength="50" required>
+                    <input type="text" name="forward_host" class="form-control text-monospace model" placeholder="" value="<%- forward_host %>" autocomplete="off" maxlength="200" required>
                    <span style="font-size: 9px;"><%- i18n('proxy-hosts', 'custom-forward-host-help') %></span>
                </div>
            </div>
@ -61,4 +61,4 @@
            <i class="fa fa-trash"></i> <%- i18n('locations', 'delete') %>
        </a>
    </div>
-</div>    
+</div>    
--- a/frontend/js/app/nginx/redirection/form.ejs
+++ b/frontend/js/app/nginx/redirection/form.ejs
@ -97,6 +97,23 @@
                            </div>
                        </div>

+                        <!-- CloudFlare -->
+                        <div class="col-sm-12 col-md-12 letsencrypt">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="meta[cloudflare_use]" value="1">
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%= i18n('ssl', 'use-cloudflare') %></span>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-12 col-md-12 cloudflare letsencrypt">
+                            <div class="form-group">
+                                <label class="form-label">CloudFlare DNS API Token  <span class="form-required">*</span></label>
+                                <input type="text" name="meta[cloudflare_token]" class="form-control" id="cloudflare_token">
+                            </div>
+                        </div>
+
                        <!-- Lets encrypt -->
                        <div class="col-sm-12 col-md-12 letsencrypt">
                            <div class="form-group">
--- a/frontend/js/app/nginx/redirection/form.js
+++ b/frontend/js/app/nginx/redirection/form.js
@ -23,6 +23,9 @@ module.exports = Mn.View.extend({
        hsts_enabled:       'input[name="hsts_enabled"]',
        hsts_subdomains:    'input[name="hsts_subdomains"]',
        http2_support:      'input[name="http2_support"]',
+        cloudflare_switch:  'input[name="meta[cloudflare_use]"]',
+        cloudflare_token:   'input[name="meta[cloudflare_token]"',
+        cloudflare:         '.cloudflare',
        letsencrypt:        '.letsencrypt'
    },

@ -31,6 +34,7 @@ module.exports = Mn.View.extend({
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
                this.ui.letsencrypt.show().find('input').prop('disabled', false);
+                this.ui.cloudflare.hide();
            } else {
                this.ui.letsencrypt.hide().find('input').prop('disabled', true);
            }
@ -76,6 +80,17 @@ module.exports = Mn.View.extend({
            }
        },

+        'change @ui.cloudflare_switch': function() {
+            let checked = this.ui.cloudflare_switch.prop('checked');
+            if (checked) {                
+                this.ui.cloudflare_token.prop('required', 'required');
+                this.ui.cloudflare.show();
+            } else {                
+                this.ui.cloudflare_token.prop('required', false);
+                this.ui.cloudflare.hide();                
+            }
+        },
+
        'click @ui.save': function (e) {
            e.preventDefault();

@ -100,20 +115,23 @@ module.exports = Mn.View.extend({
            }

            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {
+            if (data.certificate_id === 'new') {                
                let domain_err = false;
-                data.domain_names.map(function (name) {
-                    if (name.match(/\*/im)) {
-                        domain_err = true;
-                    }
-                });
+                if (!data.meta.cloudflare_use) {
+                    data.domain_names.map(function (name) {
+                        if (name.match(/\*/im)) {
+                            domain_err = true;
+                        }
+                    });
+                }

                if (domain_err) {
-                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains');
+                    alert('Cannot request Let\'s Encrypt Certificate for wildcard domains without CloudFlare DNS.');
                    return;
                }

-                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';
+                data.meta.cloudflare_use = data.meta.cloudflare_use === '1';
+                data.meta.letsencrypt_agree = data.meta.letsencrypt_agree === '1';                
            } else {
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
@ -129,6 +147,8 @@ module.exports = Mn.View.extend({
            }

            this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
+            this.ui.save.addClass('btn-loading');
+
            method(data)
                .then(result => {
                    view.model.set(result);
@ -142,6 +162,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    alert(err.message);
                    this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+                    this.ui.save.removeClass('btn-loading');
                });
        }
    },
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -33,7 +33,9 @@
      "unknown": "Unknown",
      "expires": "Expires",
      "value": "Value",
-      "please-wait": "Please wait..."
+      "please-wait": "Please wait...",
+      "all": "All",
+      "any": "Any"
    },
    "login": {
      "title": "Login to your account"
@ -99,7 +101,8 @@
      "letsencrypt-email": "Email Address for Let's Encrypt",
      "letsencrypt-agree": "I Agree to the <a href=\"{url}\" target=\"_blank\">Let's Encrypt Terms of Service</a>",
      "delete-ssl": "The SSL certificates attached will NOT be removed, they will need to be removed manually.",
-      "hosts-warning": "These domains must be already configured to point to this installation"
+      "hosts-warning": "These domains must be already configured to point to this installation",
+      "use-cloudflare": "Use CloudFlare DNS verification"      
    },
    "proxy-hosts": {
      "title": "Proxy Hosts",
@ -184,10 +187,16 @@
      "public": "Publicly Accessible",
      "public-sub": "No Access Restrictions",
      "help-title": "What is an Access List?",
-      "help-content": "Access Lists provide authentication for the Proxy Hosts via Basic HTTP Authentication.\nYou can configure multiple usernames and passwords for a single Access List and then apply that to a Proxy Host.\nThis is most useful for forwarded web services that do not have authentication mechanisms built in.",
+      "help-content": "Access Lists provide a blacklist or whitelist of specific client IP addresses along with authentication for the Proxy Hosts via Basic HTTP Authentication.\nYou can configure multiple client rules, usernames and passwords for a single Access List and then apply that to a Proxy Host.\nThis is most useful for forwarded web services that do not have authentication mechanisms built in or that you want to protect from access by unknown clients.",
      "item-count": "{count} {count, select, 1{User} other{Users}}",
+      "client-count": "{count} {count, select, 1{Rule} other{Rules}}",
      "proxy-host-count": "{count} {count, select, 1{Proxy Host} other{Proxy Hosts}}",
-      "delete-has-hosts": "This Access List is associated with {count} Proxy Hosts. They will become publicly available upon deletion."
+      "delete-has-hosts": "This Access List is associated with {count} Proxy Hosts. They will become publicly available upon deletion.",
+      "details": "Details",
+      "authorization": "Authorization",
+      "access": "Access",
+      "satisfy": "Satisfy",
+      "satisfy-any": "Satisfy Any"
    },
    "users": {
      "title": "Users",
--- a/frontend/js/models/access-list.js
+++ b/frontend/js/models/access-list.js
@ -10,6 +10,7 @@ const model = Backbone.Model.extend({
            modified_on:     null,
            name:            '',
            items:           [],
+            clients:         [],
            // The following are expansions:
            owner:           null
        };
--- a/frontend/package.json
+++ b/frontend/package.json
@ -4,22 +4,22 @@
  "description": "A beautiful interface for creating Nginx endpoints",
  "main": "js/index.js",
  "devDependencies": {
-    "@babel/core": "^7.8.3",
+    "@babel/core": "^7.9.0",
    "babel-core": "^6.26.3",
-    "babel-loader": "^8.0.6",
+    "babel-loader": "^8.1.0",
    "babel-minify-webpack-plugin": "^0.3.1",
    "babel-preset-env": "^1.7.0",
    "backbone": "^1.4.0",
    "backbone.marionette": "^4.1.2",
    "copy-webpack-plugin": "^5.1.1",
-    "css-loader": "^3.4.2",
+    "css-loader": "^3.5.0",
    "ejs-lint": "^1.0.1",
-    "ejs-loader": "^0.3.5",
+    "ejs-loader": "^0.3.6",
    "ejs-webpack-loader": "^2.2.2",
-    "file-loader": "^5.0.2",
-    "html-webpack-plugin": "^3.2.0",
+    "file-loader": "^6.0.0",
+    "html-webpack-plugin": "^4.0.4",
    "imports-loader": "^0.8.0",
-    "jquery": "^3.4.1",
+    "jquery": "^3.5.0",
    "jquery-mask-plugin": "^1.14.16",
    "jquery-serializejson": "^2.9.0",
    "marionette.approuter": "^1.0.2",
@ -34,9 +34,9 @@
    "sass-loader": "^8.0.2",
    "style-loader": "^1.1.3",
    "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
-    "underscore": "^1.9.2",
-    "webpack": "^4.41.5",
-    "webpack-cli": "^3.3.10",
+    "underscore": "^1.10.2",
+    "webpack": "^4.42.1",
+    "webpack-cli": "^3.3.11",
    "webpack-visualizer-plugin": "^0.1.11"
  },
  "scripts": {
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
--- a/scripts/.common.sh
+++ b/scripts/.common.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Colors
+BLUE='\E[1;34m'
+CYAN='\E[1;36m'
+GREEN='\E[1;32m'
+RED='\E[1;31m'
+RESET='\E[0m'
+YELLOW='\E[1;33m'
+
+export BLUE CYAN GREEN RED RESET YELLOW
+
+# Docker Compose
+COMPOSE_PROJECT_NAME="npmdev"
+COMPOSE_FILE="docker/docker-compose.dev.yml"
+
+export COMPOSE_FILE COMPOSE_PROJECT_NAME
--- a/scripts/buildx
+++ b/scripts/buildx
@ -1,10 +1,7 @@
 #!/bin/bash

-CYAN='\E[1;36m'
-YELLOW='\E[1;33m'
-BLUE='\E[1;34m'
-GREEN='\E[1;32m'
-RESET='\E[0m'
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/.common.sh"

 echo -e "${BLUE}❯ ${CYAN}Building docker multiarch: ${YELLOW}${*}${RESET}"

--- a/scripts/destroy-dev
+++ b/scripts/destroy-dev
@ -1,15 +1,7 @@
 #!/bin/bash -e

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-CYAN='\E[1;36m'
-BLUE='\E[1;34m'
-RED='\E[1;31m'
-RESET='\E[0m'
-
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+. "$DIR/.common.sh"

 # Ensure docker-compose exists
 # Make sure docker exists
--- a/scripts/docs-build
+++ b/scripts/docs-build
@ -1,12 +1,7 @@
 #!/bin/bash -e

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-CYAN='\E[1;36m'
-BLUE='\E[1;34m'
-RED='\E[1;31m'
-GREEN='\E[1;32m'
-RESET='\E[0m'
+. "$DIR/.common.sh"

 # Ensure docker-compose exists
 if hash docker 2>/dev/null; then
--- a/scripts/docs-upload
+++ b/scripts/docs-upload
@ -2,11 +2,8 @@

 # Note: This script is designed to be run inside CI builds

-CYAN='\E[1;36m'
-YELLOW='\E[1;33m'
-BLUE='\E[1;34m'
-GREEN='\E[1;32m'
-RESET='\E[0m'
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/.common.sh"

 echo -e "${BLUE}❯ ${CYAN}Uploading docs in: ${YELLOW}$1${RESET}"

--- a/scripts/frontend-build
+++ b/scripts/frontend-build
@ -1,17 +1,13 @@
 #!/bin/bash -e

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-CYAN='\E[1;36m'
-BLUE='\E[1;34m'
-RED='\E[1;31m'
-GREEN='\E[1;32m'
-RESET='\E[0m'
+. "$DIR/.common.sh"

 DOCKER_IMAGE=jc21/alpine-nginx-full:node

 # Ensure docker exists
 if hash docker 2>/dev/null; then
+	docker pull "${DOCKER_IMAGE}"
 	cd "${DIR}/.."
 	echo -e "${BLUE}❯ ${CYAN}Building Frontend ...${RESET}"
 	docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -w /app/frontend "$DOCKER_IMAGE" sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
--- a/scripts/start-dev
+++ b/scripts/start-dev
@ -1,16 +1,7 @@
 #!/bin/bash -e

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-CYAN='\E[1;36m'
-BLUE='\E[1;34m'
-YELLOW='\E[1;33m'
-RED='\E[1;31m'
-RESET='\E[0m'
-
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+. "$DIR/.common.sh"

 # Ensure docker-compose exists
 if hash docker-compose 2>/dev/null; then
--- a/scripts/stop-dev
+++ b/scripts/stop-dev
@ -1,15 +1,7 @@
 #!/bin/bash -e

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-CYAN='\E[1;36m'
-BLUE='\E[1;34m'
-RED='\E[1;31m'
-RESET='\E[0m'
-
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+. "$DIR/.common.sh"

 # Ensure docker-compose exists
 # Make sure docker exists
--- a/scripts/test-dev
+++ b/scripts/test-dev
@ -1,15 +1,7 @@
 #!/bin/bash -e

 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
-CYAN='\E[1;36m'
-BLUE='\E[1;34m'
-RED='\E[1;31m'
-RESET='\E[0m'
-
-COMPOSE_PROJECT_NAME="npmdev"
-COMPOSE_FILE="docker/docker-compose.dev.yml"
-export COMPOSE_FILE COMPOSE_PROJECT_NAME
+. "$DIR/.common.sh"

 # Ensure docker-compose exists
 if hash docker-compose 2>/dev/null; then
--- a/scripts/wait-healthy
+++ b/scripts/wait-healthy
@ -1,11 +1,7 @@
 #!/bin/bash

-CYAN='\E[1;36m'
-YELLOW='\E[1;33m'
-BLUE='\E[1;34m'
-GREEN='\E[1;32m'
-RED='\E[1;31m'
-RESET='\E[0m'
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$DIR/.common.sh"

 if [ "$1" == "" ]; then
 	echo "Waits for a docker container to be healthy."
--- a/test/.gitignore
+++ b/test/.gitignore
@ -1,3 +1,4 @@
 .vscode
 node_modules
-
+results
+cypress/videos
--- a/test/cypress/Dockerfile
+++ b/test/cypress/Dockerfile
@ -1,4 +1,4 @@
-FROM cypress/included:4.0.2
+FROM cypress/included:4.12.1

 COPY --chown=1000 ./test /test

--- a/test/cypress/config/ci.json
+++ b/test/cypress/config/ci.json
@ -1,15 +1,12 @@
 {
 	"requestTimeout": 30000,
 	"defaultCommandTimeout": 20000,
-	"reporter": "mocha-junit-reporter",
+	"reporter": "cypress-multi-reporters",
 	"reporterOptions": {
-		"jenkinsMode": true,
-		"rootSuiteTitle": "Cypress",
-		"jenkinsClassnamePrefix": "Cypress.",
-		"mochaFile": "/results/junit/my-test-output-[hash].xml"
+		"configFile": "multi-reporter.json"
 	},
-	"videosFolder": "/results/videos",
-	"screenshotsFolder": "/results/screenshots",
+	"videosFolder": "results/videos",
+	"screenshotsFolder": "results/screenshots",
 	"env": {
 		"swaggerBase": "{{baseUrl}}/api/schema",
 		"RETRIES": 4
--- a/test/cypress/config/dev.json
+++ b/test/cypress/config/dev.json
@ -1,13 +1,14 @@
 {
 	"requestTimeout": 30000,
 	"defaultCommandTimeout": 20000,
-	"reporter": "junit",
+	"reporter": "cypress-multi-reporters",
 	"reporterOptions": {
-		"mochaFile": "results/junit/my-test-output-[hash].xml"
+		"configFile": "multi-reporter.json"
 	},
-	"video": false,
-	"screenshotsFolder": "cypress/results/screenshots",
+	"videos": false,
+	"screenshotsFolder": "results/screenshots",
 	"env": {
-		"swaggerBase": "{{baseUrl}}/api/schema"
+		"swaggerBase": "{{baseUrl}}/api/schema",
+		"RETRIES": 0
 	}
 }
--- a/test/cypress/integration/api/Health.spec.js
+++ b/test/cypress/integration/api/Health.spec.js
@ -2,17 +2,15 @@

 describe('Basic API checks', () => {
 	it('Should return a valid health payload', function () {
-		cy.wait(2000);
 		cy.task('backendApiGet', {
 			path: '/api/',
 		}).then((data) => {
 			// Check the swagger schema:
-			cy.validateSwaggerSchema('get', '/', data);
+			cy.validateSwaggerSchema('get', 200, '/', data);
 		});
 	});

 	it('Should return a valid schema payload', function () {
-		cy.wait(2000);
 		cy.task('backendApiGet', {
 			path: '/api/schema',
 		}).then((data) => {
--- a/test/cypress/integration/api/Users.spec.js
+++ b/test/cypress/integration/api/Users.spec.js
@ -0,0 +1,48 @@
+/// <reference types="Cypress" />
+
+describe('Users endpoints', () => {
+	let token;
+
+	before(() => {
+		cy.getToken().then((tok) => {
+			token = tok;
+		});
+	});
+
+	it('Should be able to get yourself', function() {
+		cy.task('backendApiGet', {
+			token: token,
+			path:  '/api/users/me'
+		}).then((data) => {
+			cy.validateSwaggerSchema('get', 200, '/users/{userID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.greaterThan(0);
+		});
+	});
+
+	it('Should be able to get all users', function() {
+		cy.task('backendApiGet', {
+			token: token,
+			path:  '/api/users'
+		}).then((data) => {
+			cy.validateSwaggerSchema('get', 200, '/users', data);
+			expect(data.length).to.be.greaterThan(0);
+		});
+	});
+
+	it('Should be able to update yourself', function() {
+		cy.task('backendApiPut', {
+			token: token,
+			path:  '/api/users/me',
+			data:  {
+				name: 'changed name'
+			}
+		}).then((data) => {
+			cy.validateSwaggerSchema('put', 200, '/users/{userID}', data);
+			expect(data).to.have.property('id');
+			expect(data.id).to.be.greaterThan(0);
+			expect(data.name).to.be.equal('changed name');
+		});
+	});
+
+});
--- a/test/cypress/support/commands.js
+++ b/test/cypress/support/commands.js
@ -13,82 +13,30 @@
 * Check the swagger schema:
 *
 * @param {string}  method        API Method in swagger doc, "get", "put", "post", "delete"
+ * @param {number}  statusCode    API status code in swagger doc
 * @param {string}  path          Swagger doc endpoint path, exactly as defined in swagger doc
 * @param {*}       data          The API response data to check against the swagger schema
 */
-Cypress.Commands.add('validateSwaggerSchema', (method, path, data) => {
+Cypress.Commands.add('validateSwaggerSchema', (method, statusCode, path, data) => {
 	cy.task('validateSwaggerSchema', {
 		file:           Cypress.env('swaggerBase'),
 		endpoint:       path,
 		method:         method,
-		statusCode:     200,
+		statusCode:     statusCode,
 		responseSchema: data,
 		verbose:        true
 	}).should('equal', null);
 });

 Cypress.Commands.add('getToken', () => {
-	cy.task('backendApiGet', {
-		path: '/api/',
-	}).then((data) => {
-		// Check the swagger schema:
-		cy.task('validateSwaggerSchema', {
-			endpoint:       '/',
-			method:         'get',
-			statusCode:     200,
-			responseSchema: data,
-			verbose:        true,
-		}).should('equal', null);
-
-		if (!data.result.setup) {
-			cy.log('Setup = false');
-			// create a new user
-			cy.createInitialUser().then(() => {
-				return cy.getToken();
-			});
-		} else {
-			cy.log('Setup = true');
-			// login with existing user
-			cy.task('backendApiPost', {
-				path: '/api/tokens',
-				data: {
-					type:     'password',
-					identity: 'jc@jc21.com',
-					secret:   'changeme'
-				}
-			}).then(res => {
-				cy.wrap(res.result.token);
-			});
-		}
-	});
-});
-
-Cypress.Commands.add('createInitialUser', () => {
-	return cy.task('backendApiPost', {
-		path: '/api/users',
+	// login with existing user
+	cy.task('backendApiPost', {
+		path: '/api/tokens',
 		data: {
-			name:        'Jamie Curnow',
-			nickname:    'James',
-			email:       'jc@jc21.com',
-			roles:       [],
-			is_disabled: false,
-			auth:        {
-				type:   'password',
-				secret: 'changeme'
-			}
+			identity: 'admin@example.com',
+			secret:   'changeme'
 		}
-	}).then((data) => {
-		// Check the swagger schema:
-		cy.task('validateSwaggerSchema', {
-			endpoint:       '/users',
-			method:         'post',
-			statusCode:     201,
-			responseSchema: data,
-			verbose:        true
-		}).should('equal', null);
-
-		expect(data.result).to.have.property('id');
-		expect(data.result.id).to.be.greaterThan(0);
-		cy.wrap(data.result);
+	}).then(res => {
+		cy.wrap(res.token);
 	});
 });
--- a/test/multi-reporter.json
+++ b/test/multi-reporter.json
@ -0,0 +1,9 @@
+{
+	"reporterEnabled": "spec, mocha-junit-reporter",
+	"mochaJunitReporterReporterOptions": {
+		"jenkinsMode": true,
+		"rootSuiteTitle": "Cypress.npm",
+		"jenkinsClassnamePrefix": "Cypress.npm.",
+		"mochaFile": "results/junit/cypress.npm.[hash].xml"
+	}
+}
--- a/test/package.json
+++ b/test/package.json
@ -4,21 +4,23 @@
 	"description": "",
 	"main": "index.js",
 	"dependencies": {
-		"@jc21/cypress-swagger-validation": "^0.0.5",
+		"@jc21/cypress-swagger-validation": "^0.0.9",
 		"@jc21/restler": "^3.4.0",
-		"chalk": "^3.0.0",
-		"cypress": "^4.0.2",
+		"chalk": "^4.1.0",
+		"cypress": "^4.12.1",
+		"cypress-multi-reporters": "^1.4.0",
 		"cypress-plugin-retries": "^1.5.2",
-		"eslint": "^6.7.2",
+		"eslint": "^7.6.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
-		"eslint-plugin-chai-friendly": "^0.5.0",
-		"eslint-plugin-cypress": "^2.8.0",
-		"lodash": "^4.17.15",
-		"mocha": "^6.2.2",
-		"mocha-junit-reporter": "^1.23.1"
+		"eslint-plugin-chai-friendly": "^0.6.0",
+		"eslint-plugin-cypress": "^2.11.1",
+		"lodash": "^4.17.19",
+		"mocha": "^8.1.1",
+		"mocha-junit-reporter": "^2.0.0"
 	},
 	"scripts": {
-		"cypress": "cypress open --config-file=cypress/config/dev.json --config baseUrl=http://127.0.0.1:3081"
+		"cypress": "cypress open --config-file=cypress/config/dev.json --config baseUrl=${BASE_URL:-http://127.0.0.1:3081}",
+		"cypress:headless": "cypress run --config-file=cypress/config/dev.json --config baseUrl=${BASE_URL:-http://127.0.0.1:3081}"
 	},
 	"author": "",
 	"license": "ISC"
--- a/test/yarn.lock
+++ b/test/yarn.lock
Author	SHA1	Message	Date
jc21	28f72086ec	Merge pull request #592 from jc21/develop v2.5.0	2020-09-04 09:07:47 +10:00
Jamie Curnow	a6b9bd7b01	Version bump and contributors	2020-09-03 14:11:44 +10:00
Jamie Curnow	2c5eac9dad	Merge branch 'master' of github.com:jc21/nginx-proxy-manager into develop	2020-09-03 14:03:43 +10:00
jc21	87f61b8527	Merge pull request #572 from jipjan/features/dns-cloudflare Add DNS CloudFlare with wildcard support	2020-09-03 14:01:05 +10:00
jc21	74bfe490c6	Merge pull request #587 from duhruh/bug/custom-ssl-inputs Allow inputs to update	2020-09-03 13:53:17 +10:00
David Rivera	015167f34d	Allow inputs to update	2020-08-29 20:24:51 -07:00
jc21	4bafc7ff1a	Merge pull request #546 from jc21/dependabot/npm_and_yarn/docs/prismjs-1.21.0 Bump prismjs from 1.20.0 to 1.21.0 in /docs	2020-08-25 10:51:11 +10:00
jc21	bf8beb50b4	Merge pull request #559 from jlesage/remove-webroot-certbot-arg Removed the hardcoded `--webroot` certbot argument to better support DNS challenge	2020-08-25 08:44:00 +10:00
jc21	e5034a34f5	Merge pull request #570 from jc21/dependabot/npm_and_yarn/backend/bcrypt-5.0.0 Bump bcrypt from 4.0.1 to 5.0.0 in /backend	2020-08-25 08:31:48 +10:00
Jaap-Jan de Wit	a561605653	show in ssl certificates list that CloudFlare is used	2020-08-24 09:09:52 +00:00
Jaap-Jan de Wit	e8596c1554	cloudflare DNS also possible while adding proxy, redirection and 404	2020-08-24 09:00:00 +00:00
Jaap-Jan de Wit	ab67481e99	fix eslint errors	2020-08-23 18:56:25 +00:00
Jaap-Jan de Wit	1b611e67c8	Merge commit 'c5aa2b9f771cbd4c78c239ed0791aeb8d9e4d2e4' into features/dns-cloudflare	2020-08-23 18:30:07 +00:00
Jaap-Jan de Wit	c5aa2b9f77	add cloudflare renew and make revoke working for both by deleting unnecessary config command	2020-08-23 18:29:16 +00:00
Jaap-Jan de Wit	cff6c4d1f5	- prevent wildcard generation when not using Cloudflare dns - fix cloudflare token required logic	2020-08-23 16:48:14 +00:00
Jaap-Jan de Wit	077cf75ef2	wildcard support	2020-08-23 13:24:20 +00:00
Jaap-Jan de Wit	ff1770204c	request via cloudflare dns working	2020-08-23 12:50:41 +00:00
Jaap-Jan de Wit	b9a95840e0	add cloudflare dns option to letsencrypt via manual certificate	2020-08-23 11:40:41 +00:00
Jaap-Jan de Wit	2d7576c57e	add cloudflare dns also to dev docker file	2020-08-23 10:54:36 +00:00
Jaap-Jan	251aac716a	Add CloudFlare DNS plugin to certbot	2020-08-21 09:49:43 +02:00
jc21	6694a42270	Merge pull request #560 from jlesage/remove-from-unixtime Removed usage of `FROM_UNIXTIME` mysql-specific function.	2020-08-21 14:21:40 +10:00
dependabot[bot]	f78a4c6ad1	Bump bcrypt from 4.0.1 to 5.0.0 in /backend Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js) from 4.0.1 to 5.0.0. - [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases) - [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0) Signed-off-by: dependabot[bot] <support@github.com>	2020-08-20 17:01:00 +00:00
Jocelyn Le Sage	83fad8bcda	Removed usage of `FROM_UNIXTIME` mysql-specific function. This provide better interoperability with different databases (e.g. sqlite). Fixes #557	2020-08-14 19:31:05 -04:00
Jocelyn Le Sage	f539e813aa	Removed the hardcoded `--webroot` certbot argument to better support DNS challenge. Also, this option is already set in the default `letsencrypt.ini`.	2020-08-14 14:28:03 -04:00
Jamie Curnow	5d65166777	Ignore local subnets for real IP determination	2020-08-12 09:32:40 +10:00
dependabot[bot]	70346138a7	Bump prismjs from 1.20.0 to 1.21.0 in /docs Bumps [prismjs](https://github.com/PrismJS/prism) from 1.20.0 to 1.21.0. - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md) - [Commits](https://github.com/PrismJS/prism/compare/v1.20.0...v1.21.0) Signed-off-by: dependabot[bot] <support@github.com>	2020-08-08 00:02:04 +00:00
jc21	d68656559c	Merge pull request #544 from jlesage/sqlite-now-helper-fix Fixed now_helper for sqlite (time is missing)	2020-08-07 08:37:00 +10:00
Jocelyn Le Sage	01660b5b80	Fixed now_helper for sqlite: it should also returns the time.	2020-08-06 17:16:22 -04:00
jc21	74010acd85	Merge pull request #543 from jc21/develop v2.4.0	2020-08-06 16:00:10 +10:00
Jamie Curnow	7c7d255172	Added another contributor	2020-08-06 14:46:19 +10:00
jc21	058f1e9835	Merge pull request #464 from vrenjith/patch-1 Update location-item.ejs - forward_host size increase to 200	2020-08-06 14:45:09 +10:00
Jamie Curnow	b4fc629ec0	Bumped version	2020-08-06 14:43:34 +10:00
Jamie Curnow	ae06b2da75	Updated deps and added contributor	2020-08-06 14:40:54 +10:00
Jamie Curnow	54d423a11f	Updated doc for sqlite	2020-08-06 14:27:29 +10:00
Jamie Curnow	5da6c97a00	Pull cypress tests from correct location	2020-08-06 13:57:33 +10:00
Jamie Curnow	bf2f13443f	Cypress fixes	2020-08-06 12:47:24 +10:00
Jamie Curnow	9ce4c3fe2f	CI fix	2020-08-06 12:02:47 +10:00
Jamie Curnow	4a07bf666d	Added users cypress tests	2020-08-06 11:57:31 +10:00
Jamie Curnow	5be46b4b20	Cypress fixes	2020-08-06 11:26:37 +10:00
Jamie Curnow	7fd825b76b	Use development config file in CI	2020-08-06 10:59:25 +10:00
Jamie Curnow	b23d59dec7	Updated cypress to 4.12.1	2020-08-06 09:00:52 +10:00
Jamie Curnow	492d450d26	Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict	2020-08-06 08:58:20 +10:00
jc21	04412f3624	Merge pull request #510 from tg44/multidb-re Multidb - sqlite support	2020-08-06 08:33:00 +10:00
Jamie Curnow	c41057b28a	Revert builx push experiment	2020-07-31 09:28:45 +10:00
Jamie Curnow	8312bc0100	Use same tags for experiment	2020-07-30 14:00:59 +10:00
Jamie Curnow	85ac43bc5e	Merge branch 'master' of github.com:jc21/nginx-proxy-manager into develop	2020-07-30 08:31:18 +10:00
Jamie Curnow	d1a0780c7a	Attempt to circumvent docker login token timeouts	2020-07-30 08:30:26 +10:00
jc21	f9b8d76527	Merge pull request #513 from jc21/dependabot/npm_and_yarn/frontend/lodash-4.17.19 Bump lodash from 4.17.15 to 4.17.19 in /frontend	2020-07-20 12:39:10 +10:00
jc21	26f00eeae4	Merge branch 'master' into dependabot/npm_and_yarn/frontend/lodash-4.17.19	2020-07-20 10:59:15 +10:00
jc21	1bc2df2178	Merge pull request #514 from jc21/dependabot/npm_and_yarn/docs/lodash-4.17.19 Bump lodash from 4.17.15 to 4.17.19 in /docs	2020-07-20 10:58:36 +10:00
dependabot[bot]	8dfbcef198	Bump lodash from 4.17.15 to 4.17.19 in /docs Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>	2020-07-19 20:33:49 +00:00
Gergo Torcsvari	6690b7735d	sqlite3 and psql support	2020-07-19 20:04:29 +02:00
Gergo Torcsvari	a9e7222e5e	introduced now_helper for multidb capabilities	2020-07-19 20:03:53 +02:00
Gergo Torcsvari	f8edeb2775	fixed migration and setup more info: https://github.com/knex/knex/issues/2820	2020-07-19 20:02:20 +02:00
dependabot[bot]	d1786fe159	Bump lodash from 4.17.15 to 4.17.19 in /frontend Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>	2020-07-19 15:20:28 +00:00
vrenjith	157a12fb7c	Update location-item.ejs	2020-06-19 01:56:16 +05:30
jc21	3f723b1638	Merge pull request #454 from jc21/develop v2.3.1	2020-06-09 09:47:31 +10:00
Jamie Curnow	e2e9835d01	Version bump	2020-06-09 09:17:25 +10:00
jc21	7599617b67	Merge pull request #452 from jc21/dependabot/npm_and_yarn/docs/websocket-extensions-0.1.4 Bump websocket-extensions from 0.1.3 to 0.1.4 in /docs	2020-06-08 11:14:20 +10:00
dependabot[bot]	18a5b11033	Bump websocket-extensions from 0.1.3 to 0.1.4 in /docs Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. - [Release notes](https://github.com/faye/websocket-extensions-node/releases) - [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md) - [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4) Signed-off-by: dependabot[bot] <support@github.com>	2020-06-07 23:36:47 +00:00
Jamie Curnow	fff31b0f34	Ensure we're using the latest node image	2020-06-03 10:30:29 +10:00
Jamie Curnow	c02e30663a	Revert last	2020-06-02 20:21:27 +10:00
Jamie Curnow	4c6527cafc	Ensure python2 is installed for frontend build	2020-06-02 20:09:27 +10:00
jc21	55bddb12e5	Merge pull request #435 from Subv/access_lists_ips Don't use duplicate relations when eager-loading access list items and clients.	2020-06-02 19:42:27 +10:00
Subv	d95861e1fb	Don't use duplicate relations when eager-loading access list items and clients. This fixes an Objection warning: 'Duplicate relation "proxy_hosts" in a relation expression. You should use "a.[b, c]" instead of "[a.b, a.c]". This will cause an error in objection 2.0'. It also fixes the access list clients not being properly eager-loaded when building the proxy host nginx configuration files. Closes #434	2020-05-29 20:29:34 -05:00
Jamie Curnow	94754a5cb3	Revert CI debug	2020-05-28 20:26:16 +10:00
jc21	546f862236	Merge pull request #429 from jc21/develop v2.3.0	2020-05-28 17:06:19 +10:00
jc21	f105e29e56	Merge branch 'master' into develop	2020-05-28 15:38:38 +10:00
Jamie Curnow	5c15993d06	Contributors 7 wide	2020-05-28 13:31:41 +10:00
Jamie Curnow	a369ea1080	Bump version	2020-05-28 13:29:55 +10:00
Jamie Curnow	98068c0f57	Debug CI by leaving images alive	2020-05-28 13:26:36 +10:00
jc21	e0ef8683a2	Merge pull request #428 from jc21/openresty Openresty base	2020-05-28 12:22:31 +10:00
Jamie Curnow	66412a75f9	Revert to node base now that base has openresty	2020-05-28 09:25:29 +10:00
jc21	84d8fb0899	Merge pull request #403 from Indemnity83/empty-auth Don't ask for username/password if none are defined	2020-05-28 09:18:50 +10:00
Jamie Curnow	c631537dbe	Don't wipe out nginx dir, keeps luajit	2020-05-27 10:38:00 +10:00
Jamie Curnow	8d2f49541c	Use OpenResty base image	2020-05-26 14:38:41 +10:00
Jamie Curnow	55a28e3437	Merge branch 'develop' of github.com:jc21/nginx-proxy-manager into develop	2020-05-25 14:53:46 +10:00
Jamie Curnow	67ea2d01c8	Added gitter, contributors	2020-05-25 14:53:35 +10:00
jc21	dab229e37c	Merge pull request #406 from theraw/patch-1 set proper timeout.	2020-05-25 14:37:06 +10:00
jc21	7084473330	Merge pull request #416 from jc21/develop v2.2.4	2020-05-21 16:52:16 +10:00
Jamie Curnow	dd2e335fae	Cypress 4.6.0 and tweaks to scripts	2020-05-21 16:11:19 +10:00
Jamie Curnow	1ff87bbc12	Version bump	2020-05-21 15:09:51 +10:00
Jamie Curnow	2ebfdcf0c9	Fix LE certs for IPv6 only domains Fixes 394	2020-05-20 22:21:26 +10:00
Jamie Curnow	8ab161a3ee	Merge branch 'develop' of github.com:jc21/nginx-proxy-manager into develop	2020-05-20 21:53:44 +10:00
Jamie Curnow	e74b9617be	Added product support github template	2020-05-20 21:40:54 +10:00
jc21	c3d88c83e3	Merge pull request #402 from Indemnity83/patch-2 Fix address validation rule to allow 'all' keyword	2020-05-20 21:16:11 +10:00
Jamie Curnow	3e912a7474	Added FAQ to docs	2020-05-20 21:14:00 +10:00
jc21	0d726a1d83	Merge pull request #405 from Indemnity83/fix-satisfy fix spelling of 'satisfy'	2020-05-20 20:44:38 +10:00
ƬHE ЯAW ☣	affabf065e	set proper timeout.	2020-05-11 00:24:02 +02:00
Kyle Klaus	e6ea77d263	fix spelling of 'satisfy' Fixes #385	2020-05-09 18:01:43 -07:00
Kyle Klaus	df73c2a458	skip auth check if no users defined	2020-05-09 15:51:11 -07:00
Kyle Klaus	96c5c79aef	Fix address validation rule to allow 'all' keyword The rule was looking for the keyword 'any' but should have been looking for 'all' http://nginx.org/en/docs/http/ngx_http_access_module.html	2020-05-09 09:31:58 -07:00
jc21	64922f07ff	Merge pull request #388 from jc21/dependabot/npm_and_yarn/frontend/jquery-3.5.0 Bump jquery from 3.4.1 to 3.5.0 in /frontend	2020-05-07 14:53:24 +10:00
jc21	bae21f3210	Merge pull request #397 from Indemnity83/patch-1 apply migration to correct table	2020-05-05 10:14:47 +10:00
Jamie Curnow	0702a4e58e	Fix incorrect var	2020-05-05 10:00:41 +10:00
Kyle Klaus	31f1d304d6	apply migration to correct table	2020-05-04 16:56:26 -07:00
dependabot[bot]	291a74c295	Bump jquery from 3.4.1 to 3.5.0 in /frontend Bumps [jquery](https://github.com/jquery/jquery) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](https://github.com/jquery/jquery/compare/3.4.1...3.5.0) Signed-off-by: dependabot[bot] <support@github.com>	2020-04-30 14:43:28 +00:00
Jamie Curnow	c0e9d1eb2f	Fix satisy typo	2020-04-22 11:11:20 +10:00
jc21	a7cabdde3a	Merge pull request #376 from spalger/expand-forward-host-size expand the maximum size of the forward_host	2020-04-17 08:59:55 +10:00
spalger	3af560c2d0	switch to 255 limit to match db	2020-04-16 15:14:49 -07:00
spalger	1d23d5c761	remove maxlength from html too	2020-04-16 15:13:28 -07:00
spalger	995db12f22	remove arbitrary length limit of forward_host	2020-04-16 14:00:22 -07:00
jc21	4c60bfb66b	Merge pull request #370 from jc21/develop v2.2.3	2020-04-15 15:06:56 +10:00
jc21	1716747047	Merge branch 'master' into develop	2020-04-15 14:19:07 +10:00
Jamie Curnow	090b4d0388	Version bump	2020-04-15 14:18:27 +10:00
jc21	a9f068daa8	Merge pull request #360 from Indemnity83/ip-access-control Client Access Lists	2020-04-15 08:29:40 +10:00
Kyle Klaus	f5ee91aeb3	write access list to proxy host config	2020-04-13 23:32:00 -07:00
Kyle Klaus	e2ee2cbf2d	enforce a 'deny all' default rule this ensures that an access list is 'secure by default' and requires the user to create exceptions or holes in the proection instead of building the wall entirely. This also means that we no longer require the user to input any username/passwords or client addressses and can avoid internal errors which generate unhelpful user errors.	2020-04-13 23:31:54 -07:00
jc21	dcf8364899	Merge pull request #368 from jc21/develop Support ipv6 address as a origin header, hopefully fixes #149	2020-04-14 14:40:00 +10:00
Jamie Curnow	b783602786	Support ipv6 address as a origin header, hopefully fixes #149	2020-04-14 13:01:13 +10:00
Kyle Klaus	005e64eb9f	valite auth/access rules in backend	2020-04-13 19:23:55 -07:00
Kyle Klaus	e9e5d293cc	expand address format now accepts CIDR notation, IPv6 or the string 'any'	2020-04-13 19:16:18 -07:00
jc21	a57255350f	Merge pull request #365 from jc21/develop Develop	2020-04-14 09:10:45 +10:00
jc21	781442bf1e	Merge pull request #361 from Xantios/fix-bad-gateway Fixes #310 Clarification on the docs	2020-04-14 09:09:39 +10:00
jc21	604bd2c576	Merge pull request #358 from dpanesso/dev-formatting Documentation formatting	2020-04-14 08:37:23 +10:00
Xantios Krugor	d9e1e1bbb7	Fixes #310 Clarification on the docs	2020-04-11 13:03:15 +02:00
Kyle Klaus	907e9e182d	remove testing cruft	2020-04-11 00:42:58 -07:00
Kyle Klaus	0f238a5021	add satisfy configuration to the ui	2020-04-11 00:26:54 -07:00
Kyle Klaus	8d432bd60a	refine the UI labeling	2020-04-10 20:22:01 -07:00
Kyle Klaus	fd932c7678	fix bugs preventing client rules from being updated	2020-04-10 17:42:44 -07:00
Kyle Klaus	46a9f5cb96	add basic functionality to front end	2020-04-10 17:33:14 -07:00
Kyle Klaus	f990d3f674	add access list clients to back-end	2020-04-10 16:38:54 -07:00
David Panesso	4a6de8deee	Documentation formatting on advanced configuration page	2020-04-10 00:57:45 -05:00
jc21	9a7a216b23	Merge pull request #352 from jc21/develop Develop	2020-04-07 12:09:17 +10:00
jc21	fccaaaae4d	Merge branch 'master' into develop	2020-04-07 12:09:09 +10:00
Jamie Curnow	a882b0be82	Merge branch 'develop' of github.com:jc21/nginx-proxy-manager into develop	2020-04-07 12:06:55 +10:00
Jamie Curnow	db7bbab768	Updated npm deps	2020-04-07 12:06:36 +10:00
jc21	030e553549	Merge pull request #351 from jc21/develop v2.2.2 Release	2020-04-07 12:01:48 +10:00
jc21	8b0ca8e367	Merge branch 'master' into develop	2020-04-07 11:23:03 +10:00
Jamie Curnow	83b2b07200	Version bump	2020-04-07 10:45:45 +10:00
Jamie Curnow	bdb591af9e	- Add ability to disable ipv6, fixes #312 - Added ipv6 listening to hosts when configured, fixes #236 and #149 - Added documentation about disabling ipv6 - Updated npm packages	2020-04-07 10:43:19 +10:00
 @ -1 +1 @@
 .2.1
 .5.0