New translations en-us.json (Chinese Simplified)

[ci skip]

messages/zh-CN.json

@@ -72,7 +72,7 @@
     "siteManageSites": "管理站点",
     "siteDescription": "创建和管理站点，启用与私人网络的连接",
     "sitesBannerTitle": "连接任何网络",
-    "sitesBannerDescription": "站点是连接到远程网络的链接，允许Pangolin为用户提供资源访问，无论是公共还是私人。可以在任何可以运行二进制文件或容器的地方安装站点网络连接器（Newt）以建立连接。",
+    "sitesBannerDescription": "站点是到远程网络的连接，使 Pangolin 能够向任何位置的用户提提供公共或私有的资源访问。你可以在任何能够运行二进制文件或容器的地方安装站点网络连接器（Newt），以建立连接。",
     "sitesBannerButtonText": "安装站点",
     "approvalsBannerTitle": "批准或拒绝设备访问",
     "approvalsBannerDescription": "审核、批准或拒绝用户的设备访问请求。 当需要设备批准时，用户必须先获得管理员批准，然后他们的设备才能连接到您的组织资源。",
@@ -204,11 +204,11 @@
     "proxyResourceTitle": "管理公共资源",
     "proxyResourceDescription": "创建和管理可通过 Web 浏览器公开访问的资源",
     "publicResourcesBannerTitle": "基于 Web 的公共访问",
-    "publicResourcesBannerDescription": "公共资源是 HTTPS 代理，可以通过网络浏览器在互联网上的任何人访问。与私人资源不同，它们不需要客户端软件，并且可以包含身份和上下文感知的访问策略。",
+    "publicResourcesBannerDescription": "公共资源是 HTTPS 代理，可供互联网上的任何人通过 Web 浏览器访问。与私人资源不同，它们不需要客户端软件，并且可以包含身份和上下文感知的访问策略。",
     "clientResourceTitle": "管理私有资源",
     "clientResourceDescription": "创建和管理只能通过连接客户端访问的资源",
-    "privateResourcesBannerTitle": "零信任的私人访问",
+    "privateResourcesBannerTitle": "零信任私有访问",
-    "privateResourcesBannerDescription": "私人资源使用零信任安全性，确保只允许明确授予的用户和机器访问资源。可以连接用户设备或机器客户端，通过安全的虚拟专用网络访问这些资源。",
+    "privateResourcesBannerDescription": "私有资源采用零信任安全机制，确保只有获得明确授权的用户和机器才能访问。用户设备或机器客户端连接后，即可通过安全的虚拟专用网络访问这些资源。",
     "resourcesSearch": "搜索资源...",
     "resourceAdd": "添加资源",
     "resourceErrorDelte": "删除资源时出错",
@@ -327,7 +327,7 @@
     "passToAuth": "传递至认证",
     "orgSettingsDescription": "配置组织设置",
     "orgGeneralSettings": "组织设置",
-    "orgGeneralSettingsDescription": "管理机构的详细信息和配置",
+    "orgGeneralSettingsDescription": "管理组织的详细信息和配置",
     "saveGeneralSettings": "保存常规设置",
     "saveSettings": "保存设置",
     "orgDangerZone": "危险区域",
@@ -381,7 +381,7 @@
     "accessApprovalsDescription": "查看和管理待审批的组织访问权限",
     "description": "描述",
     "inviteTitle": "打开邀请",
-    "inviteDescription": "管理其他用户加入机构的邀请",
+    "inviteDescription": "管理其他用户加入组织的邀请",
     "inviteSearch": "搜索邀请...",
     "minutes": "分钟",
     "hours": "小时",
@@ -425,12 +425,12 @@
     "apiKeysDelete": "删除 API 密钥",
     "apiKeysManage": "管理 API 密钥",
     "apiKeysDescription": "API 密钥用于认证集成 API",
-    "provisioningKeysTitle": "置备密钥",
+    "provisioningKeysTitle": "预配密钥",
-    "provisioningKeysManage": "管理置备键",
+    "provisioningKeysManage": "管理预配密钥",
     "provisioningKeysDescription": "置备密钥用于验证您组织的自动站点配置。",
-    "provisioningManage": "置备中",
+    "provisioningManage": "预配",
-    "provisioningDescription": "管理预配键和审查等待批准的站点。",
+    "provisioningDescription": "管理预配密钥，并审核待批准的站点。",
-    "pendingSites": "待定站点",
+    "pendingSites": "待审批站点",
     "siteApproveSuccess": "站点批准成功",
     "siteApproveError": "批准站点出错",
     "provisioningKeys": "置备键",
@@ -467,11 +467,11 @@
     "provisioningKeysUpdateError": "更新预配键时出错",
     "provisioningKeysUpdated": "置备密钥已更新",
     "provisioningKeysUpdatedDescription": "您的更改已保存。",
-    "provisioningKeysBannerTitle": "站点置备密钥",
+    "provisioningKeysBannerTitle": "站点预配密钥",
-    "provisioningKeysBannerDescription": "生成一个供应密钥，并将其与 Newt 连接器一起使用，以在首次启动时自动创建站点 - 无需为每个站点设置单独的凭据。",
+    "provisioningKeysBannerDescription": "生成预配密钥，并将其与 Newt 连接器配合使用，即可在首次启动时自动创建站点，无需为每个站点单独配置凭据。",
     "provisioningKeysBannerButtonText": "了解更多",
-    "pendingSitesBannerTitle": "待定站点",
+    "pendingSitesBannerTitle": "待审批站点",
-    "pendingSitesBannerDescription": "使用供应密钥连接的站点将在此显示以供审核。",
+    "pendingSitesBannerDescription": "使用预配密钥连接的网站会在这里以供审核。",
     "pendingSitesBannerButtonText": "了解更多",
     "apiKeysSettings": "{apiKeyName} 设置",
     "userTitle": "管理所有用户",
@@ -1059,7 +1059,7 @@
     "network": "网络",
     "manage": "管理",
     "sitesNotFound": "未找到站点。",
-    "pangolinServerAdmin": "服务器管理员 - Pangolin",
+    "pangolinServerAdmin": "服务器管理 - Pangolin",
     "licenseTierProfessional": "专业许可证",
     "licenseTierEnterprise": "企业许可证",
     "licenseTierPersonal": "个人许可证",
@@ -1366,7 +1366,7 @@
     "supportKeyBuy": "购买支持者密钥",
     "logoutError": "注销错误",
     "signingAs": "登录为",
-    "serverAdmin": "服务器管理员",
+    "serverAdmin": "服务器管理",
     "managedSelfhosted": "托管自托管",
     "otpEnable": "启用双因子认证",
     "otpDisable": "禁用双因子认证",
@@ -1536,8 +1536,8 @@
     "sidebarSites": "站点",
     "sidebarApprovals": "审批请求",
     "sidebarResources": "资源",
-    "sidebarProxyResources": "公开的",
+    "sidebarProxyResources": "公开资源",
-    "sidebarClientResources": "非公开的",
+    "sidebarClientResources": "私有资源",
     "sidebarPolicies": "共享策略",
     "sidebarResourcePolicies": "公共资源",
     "sidebarAccessControl": "访问控制",
@@ -1549,15 +1549,15 @@
     "sidebarRoles": "角色",
     "sidebarShareableLinks": "可共享链接",
     "sidebarApiKeys": "API密钥",
-    "sidebarProvisioning": "置备中",
+    "sidebarProvisioning": "预配",
     "sidebarSettings": "设置",
     "sidebarAllUsers": "所有用户",
     "sidebarIdentityProviders": "身份提供商",
     "sidebarLicense": "证书",
     "sidebarClients": "客户端",
     "sidebarUserDevices": "用户设备",
-    "sidebarMachineClients": "机",
+    "sidebarMachineClients": "机器身份",
-    "sidebarDomains": "域",
+    "sidebarDomains": "域名",
     "sidebarGeneral": "管理",
     "sidebarLogAndAnalytics": "日志与分析",
     "sidebarBluePrints": "蓝图",
@@ -1689,8 +1689,8 @@
     "alertingTabHealthChecks": "健康检查",
     "alertingRulesBannerTitle": "获取通知",
     "alertingRulesBannerDescription": "每条规则都连接要监视的对象（站点、健康检查或资源），触发时间（例如离线或不健康），以及如何通过电子邮件、Webhooks 或集成将通知发送给团队。使用此列表创建、启用和管理这些规则。",
-    "alertingHealthChecksBannerTitle": "监视健康和资源",
+    "alertingHealthChecksBannerTitle": "资源与健康监控",
-    "alertingHealthChecksBannerDescription": "健康检查是您一次定义的 HTTP 或 TCP 监控。然后可以将它们用作告警规则中的来源，以便目标变得正常或不正常时得到通知。资源上的健康检查也会出现在此处。",
+    "alertingHealthChecksBannerDescription": "通过 HTTP 或 TCP 检查目标状态，并在服务异常或恢复时发送通知。资源中配置的健康检查也会显示在这里。",
     "standaloneHcTableTitle": "健康检查",
     "standaloneHcSearchPlaceholder": "搜索健康检查…",
     "standaloneHcAddButton": "创建健康检查",
@@ -1793,15 +1793,15 @@
     "initialSetupTitle": "初始服务器设置",
     "initialSetupDescription": "创建初始服务器管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
     "createAdminAccount": "创建管理员帐户",
-    "setupErrorCreateAdmin": "创建服务器管理员账户时发生错误。",
+    "setupErrorCreateAdmin": "创建管理员账户时发生错误。",
     "certificateStatus": "证书",
     "certificateStatusAutoRefreshHint": "状态自动刷新。",
     "loading": "加载中",
     "loadingEllipsis": "加载中……",
     "loadingAnalytics": "加载分析",
     "restart": "重启",
-    "domains": "域",
+    "domains": "域名",
-    "domainsDescription": "创建和管理组织中可用的域",
+    "domainsDescription": "创建和管理组织中可用的域名",
     "domainsSearch": "搜索域...",
     "domainAdd": "添加域",
     "domainAddDescription": "注册一个新域名到组织",
@@ -2183,7 +2183,7 @@
     "roleTextImportAppend": "附加到现有",
     "roleTextImportMode": "导入模式",
     "roleTextImportPreview": "预览",
-    "roleTextImportItemCount": "{count, plural, =0 {No items to import} one {1 item to import} other {# items to import}}",
+    "roleTextImportItemCount": "{count, plural, =0 {没有可导入的项目} one {1 个可导入项目} other {# 个可导入项目}}",
     "roleTextImportTotalCount": "{existing} 个现有 + {imported} 个导入 = {total} 个总计",
     "roleTextImportConfirm": "导入",
     "roleTextImportInvalidFile": "不支持的文件类型",
@@ -2235,8 +2235,8 @@
     "resourceEditDomain": "编辑域名",
     "siteName": "站点名称",
     "proxyPort": "端口",
-    "resourcesTableProxyResources": "公开的",
+    "resourcesTableProxyResources": "公开资源",
-    "resourcesTableClientResources": "非公开的",
+    "resourcesTableClientResources": "私有资源",
     "resourcesTableNoProxyResourcesFound": "未找到代理资源。",
     "resourcesTableNoInternalResourcesFound": "未找到内部资源。",
     "resourcesTableDestination": "目标",
@@ -2925,7 +2925,7 @@
     "logRetentionRequestDescription": "保留请求日志的时间",
     "logRetentionAccessLabel": "访问日志保留",
     "logRetentionAccessDescription": "保留访问日志的时间",
-    "logRetentionActionLabel": "动作日志保留",
+    "logRetentionActionLabel": "审计日志保留",
     "logRetentionActionDescription": "保留操作日志的时间",
     "logRetentionConnectionLabel": "连接日志保留",
     "logRetentionConnectionDescription": "保留连接日志的时间",
@@ -2938,11 +2938,11 @@
     "logRetentionForever": "永远的",
     "logRetentionEndOfFollowingYear": "下一年结束",
     "actionLogsDescription": "查看此机构执行的操作历史",
-    "accessLogsDescription": "查看此机构资源的访问认证请求",
+    "accessLogsDescription": "查看此组织资源的访问认证请求",
     "connectionLogs": "连接日志",
     "connectionLogsDescription": "查看此机构隧道的连接日志",
     "sidebarLogsConnection": "连接日志",
-    "sidebarLogsStreaming": "流流",
+    "sidebarLogsStreaming": "事件流",
     "sourceAddress": "源地址",
     "destinationAddress": "目的地址",
     "duration": "期限",

server/lib/traefik/TraefikConfigManager.ts

@@ -511,6 +511,12 @@ export class TraefikConfigManager {
         let traefikConfig;
         try {
             const currentExitNode = await getCurrentExitNodeId();
+
+            const maintenancePort = config.getRawConfig().server.next_port;
+            const maintenanceHost =
+                config.getRawConfig().server.internal_hostname;
+            const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
+
             // logger.debug(`Fetching traefik config for exit node: ${currentExitNode}`);
             traefikConfig = await getTraefikConfig(
                 // this is called by the local exit node to get its own config
@@ -521,7 +527,8 @@ export class TraefikConfigManager {
                 build == "saas"
                     ? false
                     : config.getRawConfig().traefik.allow_raw_resources, // dont allow raw resources on saas otherwise use config
-                build != "oss" // generate browser gateway targets on cloud and enterprise
+                pangolinUIUrl, // generate maintenance pages on cloud and hybrid
+                pangolinUIUrl // generate browser gateway targets on cloud and hybrid
             );
 
             const domains = new Set<string>();

server/lib/traefik/getTraefikConfig.ts

@@ -44,8 +44,8 @@ export async function getTraefikConfig(
     filterOutNamespaceDomains = false, // UNUSED BUT USED IN PRIVATE
     generateLoginPageRouters = false, // UNUSED BUT USED IN PRIVATE
     allowRawResources = true,
-    allowMaintenancePage = true, // UNUSED BUT USED IN PRIVATE
+    maintenancePageUiUrl: string | null = null, // UNUSED BUT USED IN PRIVATE
-    allowBrowserGatewayResources = true
+    browserGatewayUiUrl: string | null = null // UNUSED BUT USED IN PRIVATE
 ): Promise<any> {
     // Get resources with their targets and sites in a single optimized query
     // Start from sites on this exit node, then join to targets and resources

server/private/lib/traefik/getTraefikConfig.ts

@@ -84,8 +84,8 @@ export async function getTraefikConfig(
     filterOutNamespaceDomains = false,
     generateLoginPageRouters = false,
     allowRawResources = true,
-    allowMaintenancePage = true,
+    maintenancePageUiUrl: string | null = null,
-    allowBrowserGatewayResources = true
+    browserGatewayUiUrl: string | null = null
 ): Promise<any> {
     // Get resources with their targets and sites in a single optimized query
     // Start from sites on this exit node, then join to targets and resources
@@ -317,7 +317,7 @@ export async function getTraefikConfig(
         BrowserGatewayResourceEntry
     >();
 
-    if (allowBrowserGatewayResources) {
+    if (browserGatewayUiUrl) {
         for (const row of resourcesWithTargetsAndSites) {
             if (!["ssh", "vnc", "rdp"].includes(row.mode)) {
                 continue;
@@ -630,10 +630,11 @@ export async function getTraefikConfig(
                 }
             }
 
-            if (showMaintenancePage && allowMaintenancePage) {
+            if (showMaintenancePage && maintenancePageUiUrl) {
                 const maintenanceServiceName = `${key}-maintenance-service`;
                 const maintenanceRouterName = `${key}-maintenance-router`;
                 const rewriteMiddlewareName = `${key}-maintenance-rewrite`;
+                const maintenanceHeadersMiddlewareName = `${key}-maintenance-headers`;
 
                 const entrypointHttp =
                     config.getRawConfig().traefik.http_entrypoint;
@@ -646,15 +647,11 @@ export async function getTraefikConfig(
                     ? `*.${domainParts.slice(1).join(".")}`
                     : fullDomain;
 
-                const maintenancePort = config.getRawConfig().server.next_port;
-                const maintenanceHost =
-                    config.getRawConfig().server.internal_hostname;
-
                 config_output.http.services[maintenanceServiceName] = {
                     loadBalancer: {
                         servers: [
                             {
-                                url: `http://${maintenanceHost}:${maintenancePort}`
+                                url: maintenancePageUiUrl
                             }
                         ],
                         passHostHeader: true
@@ -673,12 +670,26 @@ export async function getTraefikConfig(
                     }
                 };
 
+                config_output.http.middlewares[
+                    maintenanceHeadersMiddlewareName
+                ] = {
+                    headers: {
+                        customRequestHeaders: {
+                            Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+                            "p-host": fullDomain
+                        }
+                    }
+                };
+
                 config_output.http.routers[maintenanceRouterName] = {
                     entryPoints: [
                         resource.ssl ? entrypointHttps : entrypointHttp
                     ],
                     service: maintenanceServiceName,
-                    middlewares: [rewriteMiddlewareName],
+                    middlewares: [
+                        rewriteMiddlewareName,
+                        maintenanceHeadersMiddlewareName
+                    ],
                     rule: rule,
                     priority: 2000,
                     ...(resource.ssl ? { tls } : {})
@@ -691,6 +702,7 @@ export async function getTraefikConfig(
                             resource.ssl ? entrypointHttps : entrypointHttp
                         ],
                         service: maintenanceServiceName,
+                        middlewares: [maintenanceHeadersMiddlewareName],
                         rule: `${rule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`)) `,
                         priority: 2001,
                         ...(resource.ssl ? { tls } : {})
@@ -1027,7 +1039,7 @@ export async function getTraefikConfig(
         }
     }
 
-    if (allowBrowserGatewayResources) {
+    if (browserGatewayUiUrl) {
         // Generate Traefik config for browser gateway resources
         const browserGatewayPort = 39999;
         for (const [, bgResource] of browserGatewayResourcesMap.entries()) {
@@ -1119,20 +1131,17 @@ export async function getTraefikConfig(
                 }
             }
 
-            if (showBgMaintenancePage && allowMaintenancePage) {
+            if (showBgMaintenancePage && maintenancePageUiUrl) {
                 const bgMaintenanceServiceName = `bg-r${bgResource.resourceId}-maintenance-service`;
                 const bgMaintenanceRouterName = `bg-r${bgResource.resourceId}-maintenance-router`;
                 const bgRewriteMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-rewrite`;
+                const bgMaintenanceHeadersMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-headers`;
 
                 const entrypointHttp =
                     config.getRawConfig().traefik.http_entrypoint;
                 const entrypointHttps =
                     config.getRawConfig().traefik.https_entrypoint;
 
-                const maintenancePort = config.getRawConfig().server.next_port;
-                const maintenanceHost =
-                    config.getRawConfig().server.internal_hostname;
-
                 if (!config_output.http.services)
                     config_output.http.services = {};
                 if (!config_output.http.middlewares)
@@ -1144,7 +1153,7 @@ export async function getTraefikConfig(
                     loadBalancer: {
                         servers: [
                             {
-                                url: `http://${maintenanceHost}:${maintenancePort}`
+                                url: maintenancePageUiUrl
                             }
                         ],
                         passHostHeader: true
@@ -1158,12 +1167,26 @@ export async function getTraefikConfig(
                     }
                 };
 
+                config_output.http.middlewares![
+                    bgMaintenanceHeadersMiddlewareName
+                ] = {
+                    headers: {
+                        customRequestHeaders: {
+                            Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+                            "p-host": fullDomain
+                        }
+                    }
+                };
+
                 config_output.http.routers![bgMaintenanceRouterName] = {
                     entryPoints: [
                         bgResource.ssl ? entrypointHttps : entrypointHttp
                     ],
                     service: bgMaintenanceServiceName,
-                    middlewares: [bgRewriteMiddlewareName],
+                    middlewares: [
+                        bgRewriteMiddlewareName,
+                        bgMaintenanceHeadersMiddlewareName
+                    ],
                     rule: hostRule,
                     priority: 2000,
                     ...(bgResource.ssl ? { tls } : {})
@@ -1176,6 +1199,7 @@ export async function getTraefikConfig(
                         bgResource.ssl ? entrypointHttps : entrypointHttp
                     ],
                     service: bgMaintenanceServiceName,
+                    middlewares: [bgMaintenanceHeadersMiddlewareName],
                     rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
                     priority: 2001,
                     ...(bgResource.ssl ? { tls } : {})
@@ -1234,9 +1258,8 @@ export async function getTraefikConfig(
             // The primary type is used for the path rewrite (e.g. /rdp), mirroring
             // how the maintenance page rewrites everything to /maintenance-screen.
             const primaryType = typeMap.keys().next().value as string;
-            const internalHost = config.getRawConfig().server.internal_hostname;
-            const internalPort = config.getRawConfig().server.next_port;
             const uiRewriteMiddlewareName = `bg-r${bgResource.resourceId}-ui-rewrite`;
+            const uiHeadersMiddlewareName = `bg-r${bgResource.resourceId}-ui-headers`;
             const entrypoint = bgResource.ssl
                 ? config.getRawConfig().traefik.https_entrypoint
                 : config.getRawConfig().traefik.http_entrypoint;
@@ -1252,22 +1275,33 @@ export async function getTraefikConfig(
                 }
             };
 
+            config_output.http.middlewares![uiHeadersMiddlewareName] = {
+                headers: {
+                    customRequestHeaders: {
+                        Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+                        "p-host": fullDomain
+                    }
+                }
+            };
+
             config_output.http.services![bgUiServiceName] = {
                 loadBalancer: {
                     servers: [
                         {
-                            url: `http://${internalHost}:${internalPort}`
+                            url: browserGatewayUiUrl
                         }
                     ]
                 }
             };
 
-            // Assets router at higher priority so /_next files load without rewrite
+            // Assets router at higher priority so /_next files load without rewrite.
+            // Do NOT apply the path-rewrite middleware here — static assets must
+            // keep their original path; only the host headers are needed.
             config_output.http.routers![
                 `bg-r${bgResource.resourceId}-assets-router`
             ] = {
                 entryPoints: [entrypoint],
-                middlewares: routerMiddlewares,
+                middlewares: [...routerMiddlewares, uiHeadersMiddlewareName],
                 service: bgUiServiceName,
                 rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
                 priority: 101,
@@ -1279,7 +1313,11 @@ export async function getTraefikConfig(
                 `bg-r${bgResource.resourceId}-ui-router`
             ] = {
                 entryPoints: [entrypoint],
-                middlewares: [...routerMiddlewares, uiRewriteMiddlewareName],
+                middlewares: [
+                    ...routerMiddlewares,
+                    uiRewriteMiddlewareName,
+                    uiHeadersMiddlewareName
+                ],
                 service: bgUiServiceName,
                 rule: hostRule,
                 priority: 100,
@@ -1312,10 +1350,6 @@ export async function getTraefikConfig(
             const siteResourceRouterName = `${srKey}-router`;
             const siteResourceRewriteMiddlewareName = `${srKey}-rewrite`;
 
-            const maintenancePort = config.getRawConfig().server.next_port;
-            const maintenanceHost =
-                config.getRawConfig().server.internal_hostname;
-
             if (!config_output.http.routers) {
                 config_output.http.routers = {};
             }
@@ -1331,7 +1365,7 @@ export async function getTraefikConfig(
                 loadBalancer: {
                     servers: [
                         {
-                            url: `http://${maintenanceHost}:${maintenancePort}`
+                            url: maintenancePageUiUrl
                         }
                     ],
                     passHostHeader: true

server/private/routers/hybrid.ts

@@ -277,6 +277,8 @@ hybridRouter.get(
             );
         }
 
+        const pangolinUIUrl = config.getRawConfig().app.dashboard_url; // points to the dashboard to serve from there
+
         try {
             const traefikConfig = await getTraefikConfig(
                 remoteExitNode.exitNodeId,
@@ -284,8 +286,8 @@ hybridRouter.get(
                 true, // But don't allow domain namespace resources
                 false, // Dont include login pages,
                 true, // allow raw resources
-                false, // dont generate maintenance page
+                pangolinUIUrl, // dont generate maintenance page
-                false // dont generate browser gateway targets
+                pangolinUIUrl // generate browser gateway targets
             );
 
             return response(res, {

server/routers/newt/handleNewtGetConfigMessage.ts

@@ -54,7 +54,7 @@ export const handleNewtGetConfigMessage: MessageHandler = async (context) => {
         // TODO: somehow we should make sure a recent hole punch has happened if this occurs (hole punch could be from the last restart if done quickly)
     }
 
-    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 5) {
+    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 12) {
         logger.warn(
             `Site last hole punch is too old; skipping this register. The site is failing to hole punch and identify its network address with the server. Can the site reach the server on UDP port ${config.getRawConfig().gerbil.clients_start_port}?`
         );

server/routers/olm/handleOlmRegisterMessage.ts

@@ -348,7 +348,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
     // this prevents us from accepting a register from an olm that has not hole punched yet.
     // the olm will pump the register so we can keep checking
     // TODO: I still think there is a better way to do this rather than locking it out here but ???
-    if (now - (client.lastHolePunch || 0) > 5 && sitesCount > 0) {
+    if (now - (client.lastHolePunch || 0) > 12 && sitesCount > 0) {
         logger.warn(
             `[handleOlmRegisterMessage] Client last hole punch is too old and we have sites to send; skipping this register. The client is failing to hole punch and identify its network address with the server. Can the client reach the server on UDP port ${config.getRawConfig().gerbil.clients_start_port}?`,
             { orgId: client.orgId, clientId: client.clientId }

server/routers/serverInfo/getServerInfo.ts

@@ -3,7 +3,6 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
-import config from "@server/lib/config";
 import { build } from "@server/build";
 import { APP_VERSION } from "@server/lib/consts";
 import license from "#dynamic/license/license";
@@ -22,9 +21,6 @@ export async function getServerInfo(
     next: NextFunction
 ): Promise<any> {
     try {
-        const supporterData = config.getSupporterData();
-        const supporterStatusValid = supporterData?.valid || false;
-
         let enterpriseLicenseValid = false;
         let enterpriseLicenseType: string | null = null;
 
@@ -41,7 +37,7 @@ export async function getServerInfo(
         return sendResponse<GetServerInfoResponse>(res, {
             data: {
                 version: APP_VERSION,
-                supporterStatusValid,
+                supporterStatusValid: true,
                 build,
                 enterpriseLicenseValid,
                 enterpriseLicenseType

server/routers/traefik/traefikConfigProvider.ts

@@ -17,13 +17,18 @@ export async function traefikConfigProvider(
         // Get the current exit node name from config
         const currentExitNodeId = await getCurrentExitNodeId();
 
+        const maintenancePort = config.getRawConfig().server.next_port;
+        const maintenanceHost = config.getRawConfig().server.internal_hostname;
+        const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
+
         const traefikConfig = await getTraefikConfig(
             currentExitNodeId,
             config.getRawConfig().traefik.site_types,
             build == "oss", // filter out the namespace domains in open source
             build != "oss", // generate the login pages on the cloud and and enterprise,
             config.getRawConfig().traefik.allow_raw_resources,
-            build != "oss" // generate browser gateway resources on cloud and enterprise
+            pangolinUIUrl,
+            pangolinUIUrl
         );
 
         if (traefikConfig?.http?.middlewares) {

src/app/admin/license/page.tsx

@@ -42,7 +42,14 @@ import {
     SettingsSectionFooter
 } from "@app/components/Settings";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import { ArrowRight, Check, ExternalLink, Heart, InfoIcon, TicketCheck } from "lucide-react";
+import {
+    ArrowRight,
+    Check,
+    ExternalLink,
+    Heart,
+    InfoIcon,
+    TicketCheck
+} from "lucide-react";
 import Link from "next/link";
 import DismissableBanner from "@app/components/DismissableBanner";
 import CopyTextBox from "@app/components/CopyTextBox";
@@ -50,7 +57,7 @@ import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { SitePriceCalculator } from "@app/components/SitePriceCalculator";
 import { Checkbox } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
-import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useTranslations } from "next-intl";
 
 const ENTERPRISE_DOCS_URL =
@@ -82,7 +89,7 @@ export default function LicensePage() {
     const [isActivatingLicense, setIsActivatingLicense] = useState(false);
     const [isDeletingLicense, setIsDeletingLicense] = useState(false);
     const [isRecheckingLicense, setIsRecheckingLicense] = useState(false);
-    const { supporterStatus } = useSupporterStatusContext();
+    // const { supporterStatus } = useSupporterStatusContext();
 
     const t = useTranslations();
 
@@ -347,9 +354,7 @@ export default function LicensePage() {
                     storageKey="license-banner-dismissed"
                     version={1}
                     title={t("licenseBannerTitle")}
-                    titleIcon={
+                    titleIcon={<TicketCheck className="w-5 h-5 text-primary" />}
-                        <TicketCheck className="w-5 h-5 text-primary" />
-                    }
                     description={t("licenseBannerDescription")}
                 >
                     <Link

src/app/layout.tsx

@@ -68,15 +68,15 @@ export default async function RootLayout({
     const env = pullEnv();
     const locale = await getLocale();
 
-    const supporterData = {
+    // const supporterData = {
-        visible: true
+    //     visible: true
-    } as any;
+    // } as any;
 
-    const res = await priv.get<AxiosResponse<IsSupporterKeyVisibleResponse>>(
+    // const res = await priv.get<AxiosResponse<IsSupporterKeyVisibleResponse>>(
-        "supporter-key/visible"
+    //     "supporter-key/visible"
-    );
+    // );
-    supporterData.visible = res.data.data.visible;
+    // supporterData.visible = res.data.data.visible;
-    supporterData.tier = res.data.data.tier;
+    // supporterData.tier = res.data.data.tier;
 
     let licenseStatus: GetLicenseStatusResponse;
     if (build === "enterprise") {
@@ -127,20 +127,20 @@ export default async function RootLayout({
                                     <LicenseStatusProvider
                                         licenseStatus={licenseStatus}
                                     >
-                                        <SupportStatusProvider
+                                        {/* <SupportStatusProvider
                                             supporterStatus={supporterData}
-                                        >
+                                        > */}
-                                            {/* Main content */}
+                                        {/* Main content */}
-                                            <div className="h-full flex flex-col">
+                                        <div className="h-full flex flex-col">
-                                                <div className="flex-1 overflow-auto">
+                                            <div className="flex-1 overflow-auto">
-                                                    <SplashImage>
+                                                <SplashImage>
-                                                        <LicenseViolation />
-                                                        {children}
-                                                    </SplashImage>
                                                     <LicenseViolation />
-                                                </div>
+                                                    {children}
+                                                </SplashImage>
+                                                <LicenseViolation />
                                             </div>
-                                        </SupportStatusProvider>
+                                        </div>
+                                        {/* </SupportStatusProvider> */}
                                     </LicenseStatusProvider>
                                     <Toaster />
                                 </TanstackQueryProvider>

src/app/maintenance-screen/page.tsx

@@ -28,7 +28,7 @@ export default async function MaintenanceScreen() {
 
     try {
         const headersList = await headers();
-        const host = headersList.get("host") || "";
+        const host = headersList.get("p-host") || headersList.get("host") || "";
         const hostname = host.split(":")[0];
 
         const res = await priv.get<AxiosResponse<GetMaintenanceInfoResponse>>(

src/components/AuthPageFooterNotices.tsx

@@ -1,24 +1,24 @@
 "use client";
 
-import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useTranslations } from "next-intl";
 import { build } from "@server/build";
 
 export default function AuthPageFooterNotices() {
     const t = useTranslations();
-    const { supporterStatus } = useSupporterStatusContext();
+    // const { supporterStatus } = useSupporterStatusContext();
     const { isUnlocked, licenseStatus } = useLicenseStatusContext();
 
     return (
         <>
-            {supporterStatus?.visible && (
+            {/* {supporterStatus?.visible && (
                 <div className="text-center mt-2">
                     <span className="text-sm text-muted-foreground opacity-50">
                         {t("noSupportKey")}
                     </span>
                 </div>
-            )}
+            )} */}
             {build === "enterprise" && !isUnlocked() ? (
                 <div className="text-center mt-2">
                     <span className="text-sm font-medium text-muted-foreground">

src/components/SupporterMessage.tsx

@@ -9,33 +9,34 @@ export default function SupporterMessage({ tier }: { tier: string }) {
     const t = useTranslations();
 
     return (
-        <div className="relative flex items-center space-x-2 whitespace-nowrap group">
+        <></>
-            <span
+        // <div className="relative flex items-center space-x-2 whitespace-nowrap group">
-                className="cursor-pointer"
+        //     <span
-                onClick={(e) => {
+        //         className="cursor-pointer"
-                    // Get the bounding box of the element
+        //         onClick={(e) => {
-                    const rect = (
+        //             // Get the bounding box of the element
-                        e.target as HTMLElement
+        //             const rect = (
-                    ).getBoundingClientRect();
+        //                 e.target as HTMLElement
+        //             ).getBoundingClientRect();
 
-                    // Trigger confetti centered on the word "Pangolin"
+        //             // Trigger confetti centered on the word "Pangolin"
-                    confetti({
+        //             confetti({
-                        particleCount: 100,
+        //                 particleCount: 100,
-                        spread: 70,
+        //                 spread: 70,
-                        origin: {
+        //                 origin: {
-                            x: (rect.left + rect.width / 2) / window.innerWidth,
+        //                     x: (rect.left + rect.width / 2) / window.innerWidth,
-                            y: rect.top / window.innerHeight
+        //                     y: rect.top / window.innerHeight
-                        },
+        //                 },
-                        colors: ["#FFA500", "#FF4500", "#FFD700"]
+        //                 colors: ["#FFA500", "#FF4500", "#FFD700"]
-                    });
+        //             });
-                }}
+        //         }}
-            >
+        //     >
-                Pangolin
+        //         Pangolin
-            </span>
+        //     </span>
-            <Star className="w-3 h-3" />
+        //     <Star className="w-3 h-3" />
-            <div className="absolute left-1/2 transform -translate-x-1/2 -top-10 hidden group-hover:block  text-primary text-sm rounded-md border shadow-md px-4 py-2 pointer-events-none opacity-0 group-hover:opacity-100 transition-opacity">
+        //     <div className="absolute left-1/2 transform -translate-x-1/2 -top-10 hidden group-hover:block  text-primary text-sm rounded-md border shadow-md px-4 py-2 pointer-events-none opacity-0 group-hover:opacity-100 transition-opacity">
-                {t("componentsSupporterMessage", { tier: tier })}
+        //         {t("componentsSupporterMessage", { tier: tier })}
-            </div>
+        //     </div>
-        </div>
+        // </div>
     );
 }

src/components/SupporterStatus.tsx

@@ -3,7 +3,7 @@
 // THIS IS DEPRECATED AND IS NO LONGER SHOWED TO THE USER WITH THE DISCONTINUATION
 // OF THE SUPPORTER PROGRAM. IT MAY BE REMOVED IN A FUTURE UPDATE.
 
-import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useState, useTransition } from "react";
 import {
     Tooltip,
@@ -58,134 +58,134 @@ interface SupporterStatusProps {
 export default function SupporterStatus({
     isCollapsed = false
 }: SupporterStatusProps) {
-    const { supporterStatus, updateSupporterStatus } =
+    // const { supporterStatus, updateSupporterStatus } =
-        useSupporterStatusContext();
+    //     useSupporterStatusContext();
-    const [supportOpen, setSupportOpen] = useState(false);
+    // const [supportOpen, setSupportOpen] = useState(false);
-    const [keyOpen, setKeyOpen] = useState(false);
+    // const [keyOpen, setKeyOpen] = useState(false);
-    const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
+    // const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
 
-    const { env } = useEnvContext();
+    // const { env } = useEnvContext();
-    const api = createApiClient({ env });
+    // const api = createApiClient({ env });
-    const t = useTranslations();
+    // const t = useTranslations();
 
-    const formSchema = z.object({
+    // const formSchema = z.object({
-        githubUsername: z.string().nonempty({
+    //     githubUsername: z.string().nonempty({
-            error: "GitHub username is required"
+    //         error: "GitHub username is required"
-        }),
+    //     }),
-        key: z.string().nonempty({
+    //     key: z.string().nonempty({
-            error: "Supporter key is required"
+    //         error: "Supporter key is required"
-        })
+    //     })
-    });
+    // });
 
-    const form = useForm({
+    // const form = useForm({
-        resolver: zodResolver(formSchema),
+    //     resolver: zodResolver(formSchema),
-        defaultValues: {
+    //     defaultValues: {
-            githubUsername: "",
+    //         githubUsername: "",
-            key: ""
+    //         key: ""
-        }
+    //     }
-    });
+    // });
 
-    async function hide() {
+    // async function hide() {
-        await api.post("/supporter-key/hide");
+    //     await api.post("/supporter-key/hide");
 
-        updateSupporterStatus({
+    //     updateSupporterStatus({
-            visible: false
+    //         visible: false
-        });
+    //     });
-    }
+    // }
 
-    async function onSubmit(values: z.infer<typeof formSchema>) {
+    // async function onSubmit(values: z.infer<typeof formSchema>) {
-        try {
+    //     try {
-            const res = await api.post<
+    //         const res = await api.post<
-                AxiosResponse<ValidateSupporterKeyResponse>
+    //             AxiosResponse<ValidateSupporterKeyResponse>
-            >("/supporter-key/validate", {
+    //         >("/supporter-key/validate", {
-                githubUsername: values.githubUsername,
+    //             githubUsername: values.githubUsername,
-                key: values.key
+    //             key: values.key
-            });
+    //         });
 
-            const data = res.data.data;
+    //         const data = res.data.data;
 
-            if (!data || !data.valid) {
+    //         if (!data || !data.valid) {
-                toast({
+    //             toast({
-                    variant: "destructive",
+    //                 variant: "destructive",
-                    title: t("supportKeyInvalid"),
+    //                 title: t("supportKeyInvalid"),
-                    description: t("supportKeyInvalidDescription")
+    //                 description: t("supportKeyInvalidDescription")
-                });
+    //             });
-                return;
+    //             return;
-            }
+    //         }
 
-            // Trigger the toast
+    //         // Trigger the toast
-            toast({
+    //         toast({
-                variant: "default",
+    //             variant: "default",
-                title: t("supportKeyValid"),
+    //             title: t("supportKeyValid"),
-                description: t("supportKeyValidDescription")
+    //             description: t("supportKeyValidDescription")
-            });
+    //         });
 
-            // Fireworks-style confetti
+    //         // Fireworks-style confetti
-            const duration = 5 * 1000; // 5 seconds
+    //         const duration = 5 * 1000; // 5 seconds
-            const animationEnd = Date.now() + duration;
+    //         const animationEnd = Date.now() + duration;
-            const defaults = {
+    //         const defaults = {
-                startVelocity: 30,
+    //             startVelocity: 30,
-                spread: 360,
+    //             spread: 360,
-                ticks: 60,
+    //             ticks: 60,
-                zIndex: 0,
+    //             zIndex: 0,
-                colors: ["#FFA500", "#FF4500", "#FFD700"] // Orange hues
+    //             colors: ["#FFA500", "#FF4500", "#FFD700"] // Orange hues
-            };
+    //         };
 
-            function randomInRange(min: number, max: number) {
+    //         function randomInRange(min: number, max: number) {
-                return Math.random() * (max - min) + min;
+    //             return Math.random() * (max - min) + min;
-            }
+    //         }
 
-            const interval = setInterval(() => {
+    //         const interval = setInterval(() => {
-                const timeLeft = animationEnd - Date.now();
+    //             const timeLeft = animationEnd - Date.now();
 
-                if (timeLeft <= 0) {
+    //             if (timeLeft <= 0) {
-                    clearInterval(interval);
+    //                 clearInterval(interval);
-                    return;
+    //                 return;
-                }
+    //             }
 
-                const particleCount = 50 * (timeLeft / duration);
+    //             const particleCount = 50 * (timeLeft / duration);
 
-                // Launch confetti from two random horizontal positions
+    //             // Launch confetti from two random horizontal positions
-                confetti({
+    //             confetti({
-                    ...defaults,
+    //                 ...defaults,
-                    particleCount,
+    //                 particleCount,
-                    origin: {
+    //                 origin: {
-                        x: randomInRange(0.1, 0.3),
+    //                     x: randomInRange(0.1, 0.3),
-                        y: Math.random() - 0.2
+    //                     y: Math.random() - 0.2
-                    }
+    //                 }
-                });
+    //             });
-                confetti({
+    //             confetti({
-                    ...defaults,
+    //                 ...defaults,
-                    particleCount,
+    //                 particleCount,
-                    origin: {
+    //                 origin: {
-                        x: randomInRange(0.7, 0.9),
+    //                     x: randomInRange(0.7, 0.9),
-                        y: Math.random() - 0.2
+    //                     y: Math.random() - 0.2
-                    }
+    //                 }
-                });
+    //             });
-            }, 250);
+    //         }, 250);
 
-            setPurchaseOptionsOpen(false);
+    //         setPurchaseOptionsOpen(false);
-            setKeyOpen(false);
+    //         setKeyOpen(false);
 
-            updateSupporterStatus({
+    //         updateSupporterStatus({
-                visible: false
+    //             visible: false
-            });
+    //         });
-        } catch (error) {
+    //     } catch (error) {
-            toast({
+    //         toast({
-                variant: "destructive",
+    //             variant: "destructive",
-                title: t("error"),
+    //             title: t("error"),
-                description: formatAxiosError(
+    //             description: formatAxiosError(
-                    error,
+    //                 error,
-                    t("supportKeyErrorValidationDescription")
+    //                 t("supportKeyErrorValidationDescription")
-                )
+    //             )
-            });
+    //         });
-            return;
+    //         return;
-        }
+    //     }
-    }
+    // }
 
     return (
         <>
-            <Credenza
+            {/* <Credenza
                 open={purchaseOptionsOpen}
                 onOpenChange={(val) => {
                     setPurchaseOptionsOpen(val);
@@ -469,7 +469,7 @@ export default function SupporterStatus({
                         {t("supportKeyBuy")}
                     </Button>
                 )
-            ) : null}
+            ) : null} */}
         </>
     );
 }

src/components/newt-install-commands.tsx

@@ -139,7 +139,6 @@ Restart=always
 RestartSec=2
 UMask=0077
 
-NoNewPrivileges=true
 PrivateTmp=true
 
 [Install]

src/lib/getBrowserTargetForRequest.ts

@@ -6,7 +6,7 @@ import { cache } from "react";
 
 export const getBrowserTargetForRequest = cache(async () => {
     const headersList = await headers();
-    const host = headersList.get("host") || "";
+    const host = headersList.get("p-host") || headersList.get("host") || "";
     const hostname = host.split(":")[0];
 
     try {