Merge pull request #2594 from fosrl/dev

Translations
Merge pull request #2569 from fosrl/crowdin_dev
2026-03-04 09:46:40 +00:00 · 2026-03-03 21:37:56 -08:00 · 2026-03-03 21:34:23 -08:00 · 2026-03-03 21:33:01 -08:00 · 2026-03-03 21:32:59 -08:00 · 2026-03-03 21:32:58 -08:00
141 changed files with 1098 additions and 472 deletions
--- a/6
+++ b/6
@@ -1,4 +1,5 @@
-FROM node:24-slim AS base
+# FROM node:24-slim AS base
+FROM public.ecr.aws/docker/library/node:24-slim AS base

 WORKDIR /app

@@ -31,7 +32,8 @@ FROM base AS builder

 RUN npm ci --omit=dev

-FROM node:24-slim AS runner
+# FROM node:24-slim AS runner
+FROM public.ecr.aws/docker/library/node:24-slim AS runner

 WORKDIR /app

--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -4,6 +4,12 @@ services:
    image: fosrl/pangolin:latest
    container_name: pangolin
    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 1g
+        reservations:
+          memory: 256m
    volumes:
      - ./config:/app/config
    healthcheck:
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -4,6 +4,12 @@ services:
    image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{.PangolinVersion}}
    container_name: pangolin
    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 1g
+        reservations:
+          memory: 256m
    volumes:
      - ./config:/app/config
    healthcheck:
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Прокси заявки чрез HTTPS, използвайки напълно квалифицирано име на домейн.",
    "resourceRaw": "Суров TCP/UDP ресурс",
    "resourceRawDescription": "Прокси заявки чрез сурови TCP/UDP, използвайки порт номер.",
+    "resourceRawDescriptionCloud": "Прокси заявките през суров TCP/UDP, използвайки номер на порт. ИЗИСКВА ИЗПОЛЗВАНЕ НА ОТДАЛЕЧЕН УЗЕЛ.",
    "resourceCreate": "Създайте ресурс",
    "resourceCreateDescription": "Следвайте стъпките по-долу, за да създадете нов ресурс",
    "resourceSeeAll": "Вижте всички ресурси",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Получаване на потребител",
    "actionGetOrgUser": "Вземете потребител на организация",
    "actionListOrgDomains": "Изброяване на домейни на организация",
+    "actionGetDomain": "Вземи домейн",
+    "actionCreateOrgDomain": "Създай домейн",
+    "actionUpdateOrgDomain": "Актуализирай домейн",
+    "actionDeleteOrgDomain": "Изтрий домейн",
+    "actionGetDNSRecords": "Вземи DNS записи",
+    "actionRestartOrgDomain": "Рестартирай домейн",
    "actionCreateSite": "Създаване на сайт",
    "actionDeleteSite": "Изтриване на сайта",
    "actionGetSite": "Вземете сайт",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Потребителят може да изпълнява само определени команди с sudo.",
    "sshSudo": "Разреши sudo",
    "sshSudoCommands": "Sudo команди",
-    "sshSudoCommandsDescription": "Списък с команди, които потребителят е разрешено да изпълнява с sudo.",
+    "sshSudoCommandsDescription": "Списък, разделен със запетаи, с команди, които потребителят е позволено да изпълнява с sudo.",
    "sshCreateHomeDir": "Създай начална директория",
    "sshUnixGroups": "Unix групи",
-    "sshUnixGroupsDescription": "Unix групи, в които да добавите потребителя на целевия хост.",
+    "sshUnixGroupsDescription": "Списък, разделен със запетаи, с Unix групи, към които да се добави потребителят на целевия хост.",
    "retryAttempts": "Опити за повторно",
    "expectedResponseCodes": "Очаквани кодове за отговор",
    "expectedResponseCodesDescription": "HTTP статус код, указващ здравословно състояние. Ако бъде оставено празно, между 200-300 се счита за здравословно.",
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy požadavky přes HTTPS pomocí plně kvalifikovaného názvu domény.",
    "resourceRaw": "Surový TCP/UDP zdroj",
    "resourceRawDescription": "Proxy požadavky přes nezpracovaný TCP/UDP pomocí čísla portu.",
+    "resourceRawDescriptionCloud": "Požadavky na proxy přes syrové TCP/UDP pomocí portového čísla. ŽÁDOSTI POUŽÍVAT POUŽITÍ Z REMOTE NODE.",
    "resourceCreate": "Vytvořit zdroj",
    "resourceCreateDescription": "Postupujte podle níže uvedených kroků, abyste vytvořili a připojili nový zdroj",
    "resourceSeeAll": "Zobrazit všechny zdroje",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Získat uživatele",
    "actionGetOrgUser": "Získat uživatele organizace",
    "actionListOrgDomains": "Seznam domén organizace",
+    "actionGetDomain": "Získat doménu",
+    "actionCreateOrgDomain": "Vytvořit doménu",
+    "actionUpdateOrgDomain": "Aktualizovat doménu",
+    "actionDeleteOrgDomain": "Odstranit doménu",
+    "actionGetDNSRecords": "Získat záznamy DNS",
+    "actionRestartOrgDomain": "Restartovat doménu",
    "actionCreateSite": "Vytvořit lokalitu",
    "actionDeleteSite": "Odstranění lokality",
    "actionGetSite": "Získat web",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Uživatel může spustit pouze zadané příkazy s sudo.",
    "sshSudo": "Povolit sudo",
    "sshSudoCommands": "Sudo příkazy",
-    "sshSudoCommandsDescription": "Seznam příkazů, které může uživatel spouštět s sudo.",
+    "sshSudoCommandsDescription": "Čárkami oddělený seznam příkazů, které může uživatel spouštět s sudo.",
    "sshCreateHomeDir": "Vytvořit domovský adresář",
    "sshUnixGroups": "Unixové skupiny",
-    "sshUnixGroupsDescription": "Unix skupiny přidají uživatele do cílového hostitele.",
+    "sshUnixGroupsDescription": "Čárkou oddělené skupiny Unix přidají uživatele do cílového hostitele.",
    "retryAttempts": "Opakovat pokusy",
    "expectedResponseCodes": "Očekávané kódy odezvy",
    "expectedResponseCodesDescription": "HTTP kód stavu, který označuje zdravý stav. Ponecháte-li prázdné, 200-300 je považováno za zdravé.",
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy-Anfragen über HTTPS mit einem voll qualifizierten Domain-Namen.",
    "resourceRaw": "Direkte TCP/UDP Ressource (raw)",
    "resourceRawDescription": "Proxy-Anfragen über rohes TCP/UDP mit einer Portnummer.",
+    "resourceRawDescriptionCloud": "Proxy-Anfragen über rohe TCP/UDP mit einer Portnummer. Erfordert die NUTZUNG eines REMOTE Knotens.",
    "resourceCreate": "Ressource erstellen",
    "resourceCreateDescription": "Folgen Sie den Schritten unten, um eine neue Ressource zu erstellen",
    "resourceSeeAll": "Alle Ressourcen anzeigen",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Benutzer abrufen",
    "actionGetOrgUser": "Organisationsbenutzer abrufen",
    "actionListOrgDomains": "Organisationsdomains auflisten",
+    "actionGetDomain": "Domain abrufen",
+    "actionCreateOrgDomain": "Domain erstellen",
+    "actionUpdateOrgDomain": "Domain aktualisieren",
+    "actionDeleteOrgDomain": "Domain löschen",
+    "actionGetDNSRecords": "DNS-Einträge abrufen",
+    "actionRestartOrgDomain": "Domain neu starten",
    "actionCreateSite": "Standort erstellen",
    "actionDeleteSite": "Standort löschen",
    "actionGetSite": "Standort abrufen",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.",
    "sshSudo": "sudo erlauben",
    "sshSudoCommands": "Sudo-Befehle",
-    "sshSudoCommandsDescription": "Liste der Befehle, die der Benutzer mit sudo ausführen darf.",
+    "sshSudoCommandsDescription": "Kommagetrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf.",
    "sshCreateHomeDir": "Home-Verzeichnis erstellen",
    "sshUnixGroups": "Unix-Gruppen",
-    "sshUnixGroupsDescription": "Unix-Gruppen, zu denen der Benutzer auf dem Ziel-Host hinzugefügt wird.",
+    "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.",
    "retryAttempts": "Wiederholungsversuche",
    "expectedResponseCodes": "Erwartete Antwortcodes",
    "expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.",
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy requests over HTTPS using a fully qualified domain name.",
    "resourceRaw": "Raw TCP/UDP Resource",
    "resourceRawDescription": "Proxy requests over raw TCP/UDP using a port number.",
+    "resourceRawDescriptionCloud": "Proxy requests over raw TCP/UDP using a port number. REQUIRES THE USE OF A REMOTE NODE.",
    "resourceCreate": "Create Resource",
    "resourceCreateDescription": "Follow the steps below to create a new resource",
    "resourceSeeAll": "See All Resources",
@@ -1102,6 +1103,12 @@
    "actionGetUser": "Get User",
    "actionGetOrgUser": "Get Organization User",
    "actionListOrgDomains": "List Organization Domains",
+    "actionGetDomain": "Get Domain",
+    "actionCreateOrgDomain": "Create Domain",
+    "actionUpdateOrgDomain": "Update Domain",
+    "actionDeleteOrgDomain": "Delete Domain",
+    "actionGetDNSRecords": "Get DNS Records",
+    "actionRestartOrgDomain": "Restart Domain",
    "actionCreateSite": "Create Site",
    "actionDeleteSite": "Delete Site",
    "actionGetSite": "Get Site",
@@ -1670,10 +1677,10 @@
    "sshSudoModeCommandsDescription": "User can run only the specified commands with sudo.",
    "sshSudo": "Allow sudo",
    "sshSudoCommands": "Sudo Commands",
-    "sshSudoCommandsDescription": "List of commands the user is allowed to run with sudo.",
+    "sshSudoCommandsDescription": "Comma separated list of commands the user is allowed to run with sudo.",
    "sshCreateHomeDir": "Create Home Directory",
    "sshUnixGroups": "Unix Groups",
-    "sshUnixGroupsDescription": "Unix groups to add the user to on the target host.",
+    "sshUnixGroupsDescription": "Comma separated Unix groups to add the user to on the target host.",
    "retryAttempts": "Retry Attempts",
    "expectedResponseCodes": "Expected Response Codes",
    "expectedResponseCodesDescription": "HTTP status code that indicates healthy status. If left blank, 200-300 is considered healthy.",
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy proporciona solicitudes sobre HTTPS usando un nombre de dominio completamente calificado.",
    "resourceRaw": "Recurso TCP/UDP sin procesar",
    "resourceRawDescription": "Proxy proporciona solicitudes sobre TCP/UDP usando un número de puerto.",
+    "resourceRawDescriptionCloud": "Las peticiones de proxy sobre TCP/UDP crudas usando un número de puerto. REQUIERE EL USO DE UN NODO REMOTE.",
    "resourceCreate": "Crear Recurso",
    "resourceCreateDescription": "Siga los siguientes pasos para crear un nuevo recurso",
    "resourceSeeAll": "Ver todos los recursos",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Obtener usuario",
    "actionGetOrgUser": "Obtener usuario de la organización",
    "actionListOrgDomains": "Listar dominios de la organización",
+    "actionGetDomain": "Obtener dominio",
+    "actionCreateOrgDomain": "Crear dominio",
+    "actionUpdateOrgDomain": "Actualizar dominio",
+    "actionDeleteOrgDomain": "Eliminar dominio",
+    "actionGetDNSRecords": "Obtener registros DNS",
+    "actionRestartOrgDomain": "Reiniciar dominio",
    "actionCreateSite": "Crear sitio",
    "actionDeleteSite": "Eliminar sitio",
    "actionGetSite": "Obtener sitio",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.",
    "sshSudo": "Permitir sudo",
    "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista de comandos que el usuario puede ejecutar con sudo.",
+    "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo.",
    "sshCreateHomeDir": "Crear directorio principal",
    "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix para agregar el usuario en el host de destino.",
+    "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.",
    "retryAttempts": "Intentos de Reintento",
    "expectedResponseCodes": "Códigos de respuesta esperados",
    "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy les demandes sur HTTPS en utilisant un nom de domaine entièrement qualifié.",
    "resourceRaw": "Ressource TCP/UDP brute",
    "resourceRawDescription": "Proxy les demandes sur TCP/UDP brut en utilisant un numéro de port.",
+    "resourceRawDescriptionCloud": "Requêtes de proxy sur TCP/UDP brute en utilisant un numéro de port. REQUISE L'UTILISATION D'UN Nœud DE REMOTE.",
    "resourceCreate": "Créer une ressource",
    "resourceCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle ressource",
    "resourceSeeAll": "Voir toutes les ressources",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Obtenir l'utilisateur",
    "actionGetOrgUser": "Obtenir l'utilisateur de l'organisation",
    "actionListOrgDomains": "Lister les domaines de l'organisation",
+    "actionGetDomain": "Obtenir un domaine",
+    "actionCreateOrgDomain": "Créer un domaine",
+    "actionUpdateOrgDomain": "Mettre à jour le domaine",
+    "actionDeleteOrgDomain": "Supprimer le domaine",
+    "actionGetDNSRecords": "Récupérer les enregistrements DNS",
+    "actionRestartOrgDomain": "Redémarrer le domaine",
    "actionCreateSite": "Créer un site",
    "actionDeleteSite": "Supprimer un site",
    "actionGetSite": "Obtenir un site",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "L'utilisateur ne peut exécuter que les commandes spécifiées avec sudo.",
    "sshSudo": "Autoriser sudo",
    "sshSudoCommands": "Commandes Sudo",
-    "sshSudoCommandsDescription": "Liste des commandes que l'utilisateur est autorisé à exécuter avec sudo.",
+    "sshSudoCommandsDescription": "Liste des commandes séparées par des virgules que l'utilisateur est autorisé à exécuter avec sudo.",
    "sshCreateHomeDir": "Créer un répertoire personnel",
    "sshUnixGroups": "Groupes Unix",
-    "sshUnixGroupsDescription": "Groupes Unix à ajouter à l'utilisateur sur l'hôte cible.",
+    "sshUnixGroupsDescription": "Groupes Unix séparés par des virgules pour ajouter l'utilisateur sur l'hôte cible.",
    "retryAttempts": "Tentatives de réessai",
    "expectedResponseCodes": "Codes de réponse attendus",
    "expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.",
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Richieste proxy su HTTPS usando un nome di dominio completo.",
    "resourceRaw": "Risorsa Raw TCP/UDP",
    "resourceRawDescription": "Richieste proxy su TCP/UDP grezzo utilizzando un numero di porta.",
+    "resourceRawDescriptionCloud": "Richieste proxy su TCP/UDP grezzo utilizzando un numero di porta. RICHIEDE L'USO DI UN NODO REMOTO.",
    "resourceCreate": "Crea Risorsa",
    "resourceCreateDescription": "Segui i passaggi seguenti per creare una nuova risorsa",
    "resourceSeeAll": "Vedi Tutte Le Risorse",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Ottieni Utente",
    "actionGetOrgUser": "Ottieni Utente Organizzazione",
    "actionListOrgDomains": "Elenca Domini Organizzazione",
+    "actionGetDomain": "Ottieni Dominio",
+    "actionCreateOrgDomain": "Crea Dominio",
+    "actionUpdateOrgDomain": "Aggiorna Dominio",
+    "actionDeleteOrgDomain": "Elimina Dominio",
+    "actionGetDNSRecords": "Ottieni Record DNS",
+    "actionRestartOrgDomain": "Riavvia Dominio",
    "actionCreateSite": "Crea Sito",
    "actionDeleteSite": "Elimina Sito",
    "actionGetSite": "Ottieni Sito",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "L'utente può eseguire solo i comandi specificati con sudo.",
    "sshSudo": "Consenti sudo",
    "sshSudoCommands": "Comandi Sudo",
-    "sshSudoCommandsDescription": "Elenco di comandi che l'utente può eseguire con sudo.",
+    "sshSudoCommandsDescription": "Elenco di comandi separati da virgole che l'utente può eseguire con sudo.",
    "sshCreateHomeDir": "Crea Cartella Home",
    "sshUnixGroups": "Gruppi Unix",
-    "sshUnixGroupsDescription": "Gruppi Unix su cui aggiungere l'utente sull'host di destinazione.",
+    "sshUnixGroupsDescription": "Gruppi Unix separati da virgole per aggiungere l'utente sull'host di destinazione.",
    "retryAttempts": "Tentativi di Riprova",
    "expectedResponseCodes": "Codici di Risposta Attesi",
    "expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.",
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "완전한 도메인 이름을 사용해 RAW 또는 HTTPS로 프록시 요청을 수행합니다.",
    "resourceRaw": "원시 TCP/UDP 리소스",
    "resourceRawDescription": "포트 번호를 사용하여 RAW TCP/UDP로 요청을 프록시합니다.",
+    "resourceRawDescriptionCloud": "원시 TCP/UDP를 포트 번호를 사용하여 프록시 요청합니다. 원격 노드 사용이 필요합니다.",
    "resourceCreate": "리소스 생성",
    "resourceCreateDescription": "아래 단계를 따라 새 리소스를 생성하세요.",
    "resourceSeeAll": "모든 리소스 보기",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "사용자 조회",
    "actionGetOrgUser": "조직 사용자 가져오기",
    "actionListOrgDomains": "조직 도메인 목록",
+    "actionGetDomain": "도메인 가져오기",
+    "actionCreateOrgDomain": "도메인 생성",
+    "actionUpdateOrgDomain": "도메인 업데이트",
+    "actionDeleteOrgDomain": "도메인 삭제",
+    "actionGetDNSRecords": "DNS 레코드 가져오기",
+    "actionRestartOrgDomain": "도메인 재시작",
    "actionCreateSite": "사이트 생성",
    "actionDeleteSite": "사이트 삭제",
    "actionGetSite": "사이트 가져오기",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.",
    "sshSudo": "Sudo 허용",
    "sshSudoCommands": "Sudo 명령",
-    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있도록 허용된 명령 목록입니다.",
+    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령어의 쉼표로 구분된 목록입니다.",
    "sshCreateHomeDir": "홈 디렉터리 생성",
    "sshUnixGroups": "유닉스 그룹",
-    "sshUnixGroupsDescription": "대상 호스트에서 사용자를 추가할 유닉스 그룹입니다.",
+    "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.",
    "retryAttempts": "재시도 횟수",
    "expectedResponseCodes": "예상 응답 코드",
    "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy forespørsler over HTTPS ved å bruke et fullstendig kvalifisert domenenavn.",
    "resourceRaw": "Rå TCP/UDP-ressurs",
    "resourceRawDescription": "Proxy forespørsler over rå TCP/UDP ved å bruke et portnummer.",
+    "resourceRawDescriptionCloud": "Proxy ber om et portnummer. Om du vil bruke et sportsnummer.",
    "resourceCreate": "Opprett ressurs",
    "resourceCreateDescription": "Følg trinnene nedenfor for å opprette en ny ressurs",
    "resourceSeeAll": "Se alle ressurser",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Hent bruker",
    "actionGetOrgUser": "Hent organisasjonsbruker",
    "actionListOrgDomains": "List opp organisasjonsdomener",
+    "actionGetDomain": "Få Domene",
+    "actionCreateOrgDomain": "Opprett domene",
+    "actionUpdateOrgDomain": "Oppdater domene",
+    "actionDeleteOrgDomain": "Slett domene",
+    "actionGetDNSRecords": "Hent DNS-oppføringer",
+    "actionRestartOrgDomain": "Omstart Domene",
    "actionCreateSite": "Opprett område",
    "actionDeleteSite": "Slett område",
    "actionGetSite": "Hent område",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.",
    "sshSudo": "Tillat sudo",
    "sshSudoCommands": "Sudo kommandoer",
-    "sshSudoCommandsDescription": "Liste av kommandoer brukeren har lov til å kjøre med sudo.",
+    "sshSudoCommandsDescription": "Kommaseparert liste med kommandoer brukeren kan kjøre med sudo.",
    "sshCreateHomeDir": "Opprett hjemmappe",
    "sshUnixGroups": "Unix grupper",
-    "sshUnixGroupsDescription": "Unix grupper for å legge til brukeren til målverten.",
+    "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.",
    "retryAttempts": "Forsøk på nytt",
    "expectedResponseCodes": "Forventede svarkoder",
    "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.",
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxyverzoeken via HTTPS met een volledig gekwalificeerde domeinnaam.",
    "resourceRaw": "TCP/UDP bron",
    "resourceRawDescription": "Proxyverzoeken via ruwe TCP/UDP met een poortnummer.",
+    "resourceRawDescriptionCloud": "Proxy vraagt om onbewerkte TCP/UDP met behulp van een poortnummer. VEREIST HET GEBRUIK VAN EEN AFSTANDSBEDIENING NODE.",
    "resourceCreate": "Bron maken",
    "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
    "resourceSeeAll": "Alle bronnen bekijken",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Gebruiker ophalen",
    "actionGetOrgUser": "Krijg organisatie-gebruiker",
    "actionListOrgDomains": "Lijst organisatie domeinen",
+    "actionGetDomain": "Domein verkrijgen",
+    "actionCreateOrgDomain": "Domein aanmaken",
+    "actionUpdateOrgDomain": "Domein bijwerken",
+    "actionDeleteOrgDomain": "Domein verwijderen",
+    "actionGetDNSRecords": "Krijg DNS Records",
+    "actionRestartOrgDomain": "Domein opnieuw starten",
    "actionCreateSite": "Site aanmaken",
    "actionDeleteSite": "Site verwijderen",
    "actionGetSite": "Site ophalen",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.",
    "sshSudo": "sudo toestaan",
    "sshSudoCommands": "Sudo Commando's",
-    "sshSudoCommandsDescription": "Lijst van commando's die de gebruiker mag uitvoeren met een sudo.",
+    "sshSudoCommandsDescription": "Komma's gescheiden lijst van commando's waar de gebruiker een sudo mee mag uitvoeren.",
    "sshCreateHomeDir": "Maak Home Directory",
    "sshUnixGroups": "Unix groepen",
-    "sshUnixGroupsDescription": "Unix groepen om de gebruiker toe te voegen aan de doel host.",
+    "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.",
    "retryAttempts": "Herhaal Pogingen",
    "expectedResponseCodes": "Verwachte Reactiecodes",
    "expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.",
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxy zapytań przez HTTPS przy użyciu w pełni kwalifikowanej nazwy domeny.",
    "resourceRaw": "Surowy zasób TCP/UDP",
    "resourceRawDescription": "Proxy zapytań przez surowe TCP/UDP przy użyciu numeru portu.",
+    "resourceRawDescriptionCloud": "Proxy żądania przesyłania danych nad surowym TCP/UDP przy użyciu numeru portu. Wymaga UŻYTKOWANIA PALIWA węzła.",
    "resourceCreate": "Utwórz zasób",
    "resourceCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nowy zasób",
    "resourceSeeAll": "Zobacz wszystkie zasoby",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Pobierz użytkownika",
    "actionGetOrgUser": "Pobierz użytkownika organizacji",
    "actionListOrgDomains": "Lista domen organizacji",
+    "actionGetDomain": "Pobierz domenę",
+    "actionCreateOrgDomain": "Utwórz domenę",
+    "actionUpdateOrgDomain": "Aktualizuj domenę",
+    "actionDeleteOrgDomain": "Usuń domenę",
+    "actionGetDNSRecords": "Pobierz rekordy DNS",
+    "actionRestartOrgDomain": "Zrestartuj domenę",
    "actionCreateSite": "Utwórz witrynę",
    "actionDeleteSite": "Usuń witrynę",
    "actionGetSite": "Pobierz witrynę",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.",
    "sshSudo": "Zezwól na sudo",
    "sshSudoCommands": "Komendy Sudo",
-    "sshSudoCommandsDescription": "Lista poleceń, które użytkownik może uruchamiać z sudo.",
+    "sshSudoCommandsDescription": "Lista poleceń oddzielonych przecinkami, które użytkownik może uruchamiać z sudo.",
    "sshCreateHomeDir": "Utwórz katalog domowy",
    "sshUnixGroups": "Grupy Unix",
-    "sshUnixGroupsDescription": "Grupy Unix do dodania użytkownika do docelowego hosta.",
+    "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.",
    "retryAttempts": "Próby Ponowienia",
    "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
    "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Proxies requests sobre HTTPS usando um nome de domínio totalmente qualificado.",
    "resourceRaw": "Recurso TCP/UDP bruto",
    "resourceRawDescription": "Proxies solicitações sobre TCP/UDP bruto usando um número de porta.",
+    "resourceRawDescriptionCloud": "Proxy solicita sobre TCP/UDP bruto usando um número de porta. OBRIGATÓRIO O USO DE UMA NOTA REMOTA.",
    "resourceCreate": "Criar Recurso",
    "resourceCreateDescription": "Siga os passos abaixo para criar um novo recurso",
    "resourceSeeAll": "Ver todos os recursos",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Obter Usuário",
    "actionGetOrgUser": "Obter Utilizador da Organização",
    "actionListOrgDomains": "Listar Domínios da Organização",
+    "actionGetDomain": "Obter domínio",
+    "actionCreateOrgDomain": "Criar domínio",
+    "actionUpdateOrgDomain": "Atualizar domínio",
+    "actionDeleteOrgDomain": "Excluir domínio",
+    "actionGetDNSRecords": "Obter registros de DNS",
+    "actionRestartOrgDomain": "Reiniciar domínio",
    "actionCreateSite": "Criar Site",
    "actionDeleteSite": "Eliminar Site",
    "actionGetSite": "Obter Site",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Usuário só pode executar os comandos especificados com sudo.",
    "sshSudo": "Permitir sudo",
    "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista de comandos com permissão de executar com o sudo.",
+    "sshSudoCommandsDescription": "Lista separada por vírgulas de comandos que o usuário pode executar com sudo.",
    "sshCreateHomeDir": "Criar Diretório Inicial",
    "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix para adicionar o usuário no host de destino.",
+    "sshUnixGroupsDescription": "Grupos Unix separados por vírgulas para adicionar o usuário no host alvo.",
    "retryAttempts": "Tentativas de Repetição",
    "expectedResponseCodes": "Códigos de Resposta Esperados",
    "expectedResponseCodesDescription": "Código de status HTTP que indica estado saudável. Se deixado em branco, 200-300 é considerado saudável.",
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Проксировать запросы через HTTPS с использованием полного доменного имени.",
    "resourceRaw": "Сырой TCP/UDP-ресурс",
    "resourceRawDescription": "Проксировать запросы по сырому TCP/UDP с использованием номера порта.",
+    "resourceRawDescriptionCloud": "Прокси-запросы через необработанный TCP/UDP с использованием номера порта. ТРЕБУЕТЕСЬ ИСПОЛЬЗОВАТЬ НЕОБХОДИМЫ.",
    "resourceCreate": "Создание ресурса",
    "resourceCreateDescription": "Следуйте инструкциям ниже для создания нового ресурса",
    "resourceSeeAll": "Посмотреть все ресурсы",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Получить пользователя",
    "actionGetOrgUser": "Получить пользователя организации",
    "actionListOrgDomains": "Список доменов организации",
+    "actionGetDomain": "Получить домен",
+    "actionCreateOrgDomain": "Создать домен",
+    "actionUpdateOrgDomain": "Обновить домен",
+    "actionDeleteOrgDomain": "Удалить домен",
+    "actionGetDNSRecords": "Получить записи DNS",
+    "actionRestartOrgDomain": "Перезапустить домен",
    "actionCreateSite": "Создать сайт",
    "actionDeleteSite": "Удалить сайт",
    "actionGetSite": "Получить сайт",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Пользователь может запускать только указанные команды с помощью sudo.",
    "sshSudo": "Разрешить sudo",
    "sshSudoCommands": "Sudo Команды",
-    "sshSudoCommandsDescription": "Список команд, которые пользователю разрешено запускать с помощью sudo.",
+    "sshSudoCommandsDescription": "Список команд, разделенных запятыми, которые пользователю разрешено запускать с помощью sudo.",
    "sshCreateHomeDir": "Создать домашний каталог",
    "sshUnixGroups": "Unix группы",
-    "sshUnixGroupsDescription": "Unix группы для добавления пользователя на целевой хост.",
+    "sshUnixGroupsDescription": "Группы Unix через запятую, чтобы добавить пользователя на целевой хост.",
    "retryAttempts": "Количество попыток повторного запроса",
    "expectedResponseCodes": "Ожидаемые коды ответов",
    "expectedResponseCodesDescription": "HTTP-код состояния, указывающий на здоровое состояние. Если оставить пустым, 200-300 считается здоровым.",
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "Tam nitelikli bir etki alanı adı kullanarak HTTPS üzerinden proxy isteklerini yönlendirin.",
    "resourceRaw": "Ham TCP/UDP Kaynağı",
    "resourceRawDescription": "Port numarası kullanarak ham TCP/UDP üzerinden proxy isteklerini yönlendirin.",
+    "resourceRawDescriptionCloud": "Bir port numarası kullanarak ham TCP/UDP üzerinden istekleri proxy ile yönlendirin. UZAKTAN BİR DÜĞÜM KULLANIMINI GEREKTİRİR.",
    "resourceCreate": "Kaynak Oluştur",
    "resourceCreateDescription": "Yeni bir kaynak oluşturmak için aşağıdaki adımları izleyin",
    "resourceSeeAll": "Tüm Kaynakları Gör",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "Kullanıcıyı Getir",
    "actionGetOrgUser": "Kuruluş Kullanıcısını Al",
    "actionListOrgDomains": "Kuruluş Alan Adlarını Listele",
+    "actionGetDomain": "Alan Adını Al",
+    "actionCreateOrgDomain": "Alan Adı Oluştur",
+    "actionUpdateOrgDomain": "Alan Adını Güncelle",
+    "actionDeleteOrgDomain": "Alan Adını Sil",
+    "actionGetDNSRecords": "DNS Kayıtlarını Al",
+    "actionRestartOrgDomain": "Alanı Yeniden Başlat",
    "actionCreateSite": "Site Oluştur",
    "actionDeleteSite": "Siteyi Sil",
    "actionGetSite": "Siteyi Al",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "Kullanıcı sadece belirtilen komutları sudo ile çalıştırabilir.",
    "sshSudo": "Sudo'ya izin ver",
    "sshSudoCommands": "Sudo Komutları",
-    "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların listesi.",
+    "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların virgülle ayrılmış listesi.",
    "sshCreateHomeDir": "Ev Dizini Oluştur",
    "sshUnixGroups": "Unix Grupları",
-    "sshUnixGroupsDescription": "Hedef ana bilgisayarda kullanıcıya eklemek için Unix grupları.",
+    "sshUnixGroupsDescription": "Hedef konakta kullanıcıya eklenecek Unix gruplarının virgülle ayrılmış listesi.",
    "retryAttempts": "Tekrar Deneme Girişimleri",
    "expectedResponseCodes": "Beklenen Yanıt Kodları",
    "expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.",
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -175,6 +175,7 @@
    "resourceHTTPDescription": "通过使用完全限定的域名的HTTPS代理请求。",
    "resourceRaw": "TCP/UDP 资源",
    "resourceRawDescription": "通过使用端口号的原始TCP/UDP代理请求。",
+    "resourceRawDescriptionCloud": "正在使用端口号的 TCP/UDP 代理请求。请使用一个REMOTE",
    "resourceCreate": "创建资源",
    "resourceCreateDescription": "按照下面的步骤创建新资源",
    "resourceSeeAll": "查看所有资源",
@@ -1101,6 +1102,12 @@
    "actionGetUser": "获取用户",
    "actionGetOrgUser": "获取组织用户",
    "actionListOrgDomains": "列出组织域",
+    "actionGetDomain": "获取域",
+    "actionCreateOrgDomain": "创建域",
+    "actionUpdateOrgDomain": "更新域",
+    "actionDeleteOrgDomain": "删除域",
+    "actionGetDNSRecords": "获取 DNS 记录",
+    "actionRestartOrgDomain": "重新启动域",
    "actionCreateSite": "创建站点",
    "actionDeleteSite": "删除站点",
    "actionGetSite": "获取站点",
@@ -1669,10 +1676,10 @@
    "sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。",
    "sshSudo": "允许Sudo",
    "sshSudoCommands": "Sudo 命令",
-    "sshSudoCommandsDescription": "允许用户使用 sudo 运行的命令列表。",
+    "sshSudoCommandsDescription": "逗号分隔的用户允许使用 sudo 运行的命令列表。",
    "sshCreateHomeDir": "创建主目录",
    "sshUnixGroups": "Unix 组",
-    "sshUnixGroupsDescription": "将用户添加到目标主机的Unix组。",
+    "sshUnixGroupsDescription": "用逗号分隔了Unix组，将用户添加到目标主机上。",
    "retryAttempts": "重试次数",
    "expectedResponseCodes": "期望响应代码",
    "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空，200-300 被视为健康。",
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -17,6 +17,7 @@ import fs from "fs";
 import path from "path";
 import { APP_PATH } from "./lib/consts";
 import yaml from "js-yaml";
+import { z } from "zod";

 const dev = process.env.ENVIRONMENT !== "prod";
 const externalPort = config.getRawConfig().server.integration_port;
@@ -38,12 +39,24 @@ export function createIntegrationApiServer() {
    apiServer.use(cookieParser());
    apiServer.use(express.json());

+    const openApiDocumentation = getOpenApiDocumentation();
+
    apiServer.use(
        "/v1/docs",
        swaggerUi.serve,
-        swaggerUi.setup(getOpenApiDocumentation())
+        swaggerUi.setup(openApiDocumentation)
    );

+    // Unauthenticated OpenAPI spec endpoints
+    apiServer.get("/v1/openapi.json", (_req, res) => {
+        res.json(openApiDocumentation);
+    });
+
+    apiServer.get("/v1/openapi.yaml", (_req, res) => {
+        const yamlOutput = yaml.dump(openApiDocumentation);
+        res.type("application/yaml").send(yamlOutput);
+    });
+
    // API routes
    const prefix = `/v1`;
    apiServer.use(logIncomingMiddleware);
@@ -75,16 +88,6 @@ function getOpenApiDocumentation() {
        }
    );

-    for (const def of registry.definitions) {
-        if (def.type === "route") {
-            def.route.security = [
-                {
-                    [bearerAuth.name]: []
-                }
-            ];
-        }
-    }
-
    registry.registerPath({
        method: "get",
        path: "/",
@@ -94,6 +97,74 @@ function getOpenApiDocumentation() {
        responses: {}
    });

+    registry.registerPath({
+        method: "get",
+        path: "/openapi.json",
+        description: "Get OpenAPI specification as JSON",
+        tags: [],
+        request: {},
+        responses: {
+            "200": {
+                description: "OpenAPI specification as JSON",
+                content: {
+                    "application/json": {
+                        schema: {
+                            type: "object"
+                        }
+                    }
+                }
+            }
+        }
+    });
+
+    registry.registerPath({
+        method: "get",
+        path: "/openapi.yaml",
+        description: "Get OpenAPI specification as YAML",
+        tags: [],
+        request: {},
+        responses: {
+            "200": {
+                description: "OpenAPI specification as YAML",
+                content: {
+                    "application/yaml": {
+                        schema: {
+                            type: "string"
+                        }
+                    }
+                }
+            }
+        }
+    });
+
+    for (const def of registry.definitions) {
+        if (def.type === "route") {
+            def.route.security = [
+                {
+                    [bearerAuth.name]: []
+                }
+            ];
+
+            // Ensure every route has a generic JSON response schema so Swagger UI can render responses
+            const existingResponses = def.route.responses;
+            const hasExistingResponses =
+                existingResponses && Object.keys(existingResponses).length > 0;
+
+            if (!hasExistingResponses) {
+                def.route.responses = {
+                    "*": {
+                        description: "",
+                        content: {
+                            "application/json": {
+                                schema: z.object({})
+                            }
+                        }
+                    }
+                };
+            }
+        }
+    }
+
    const generator = new OpenApiGeneratorV3(registry.definitions);

    const generated = generator.generateDocument({
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -477,7 +477,10 @@ export async function getTraefikConfig(

                        // TODO: HOW TO HANDLE ^^^^^^ BETTER
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
+                            target.site.online ||
+                            target.site.type === "local" ||
+                            target.site.type === "wireguard"
                        );

                        return (
@@ -490,7 +493,7 @@ export async function getTraefikConfig(
                                    if (target.health == "unhealthy") {
                                        return false;
                                    }
-
+                                    
                                    // If any sites are online, exclude offline sites
                                    if (anySitesOnline && !target.site.online) {
                                        return false;
@@ -605,7 +608,10 @@ export async function getTraefikConfig(
                    servers: (() => {
                        // Check if any sites are online
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
+                            target.site.online ||
+                            target.site.type === "local" ||
+                            target.site.type === "wireguard"
                        );

                        return targets
@@ -613,7 +619,7 @@ export async function getTraefikConfig(
                                if (!target.enabled) {
                                    return false;
                                }
-
+                                
                                // If any sites are online, exclude offline sites
                                if (anySitesOnline && !target.site.online) {
                                    return false;
--- a/server/middlewares/integration/index.ts
+++ b/server/middlewares/integration/index.ts
@@ -14,3 +14,4 @@ export * from "./verifyApiKeyApiKeyAccess";
 export * from "./verifyApiKeyClientAccess";
 export * from "./verifyApiKeySiteResourceAccess";
 export * from "./verifyApiKeyIdpAccess";
+export * from "./verifyApiKeyDomainAccess";
--- a/server/middlewares/integration/verifyApiKeyDomainAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyDomainAccess.ts
@@ -0,0 +1,90 @@
+import { Request, Response, NextFunction } from "express";
+import { db, domains, orgDomains, apiKeyOrg } from "@server/db";
+import { and, eq } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export async function verifyApiKeyDomainAccess(
+    req: Request,
+    res: Response,
+    next: NextFunction
+) {
+    try {
+        const apiKey = req.apiKey;
+        const domainId =
+            req.params.domainId || req.body.domainId || req.query.domainId;
+        const orgId = req.params.orgId;
+
+        if (!apiKey) {
+            return next(
+                createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
+            );
+        }
+
+        if (!domainId) {
+            return next(
+                createHttpError(HttpCode.BAD_REQUEST, "Invalid domain ID")
+            );
+        }
+
+        if (apiKey.isRoot) {
+            // Root keys can access any domain in any org
+            return next();
+        }
+
+        // Verify domain exists and belongs to the organization
+        const [domain] = await db
+            .select()
+            .from(domains)
+            .innerJoin(orgDomains, eq(orgDomains.domainId, domains.domainId))
+            .where(
+                and(
+                    eq(orgDomains.domainId, domainId),
+                    eq(orgDomains.orgId, orgId)
+                )
+            )
+            .limit(1);
+
+        if (!domain) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Domain with ID ${domainId} not found in organization ${orgId}`
+                )
+            );
+        }
+
+        // Verify the API key has access to this organization
+        if (!req.apiKeyOrg) {
+            const apiKeyOrgRes = await db
+                .select()
+                .from(apiKeyOrg)
+                .where(
+                    and(
+                        eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
+                        eq(apiKeyOrg.orgId, orgId)
+                    )
+                )
+                .limit(1);
+            req.apiKeyOrg = apiKeyOrgRes[0];
+        }
+
+        if (!req.apiKeyOrg) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "Key does not have access to this organization"
+                )
+            );
+        }
+
+        return next();
+    } catch (error) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Error verifying domain access"
+            )
+        );
+    }
+}
--- a/server/openApi.ts
+++ b/server/openApi.ts
@@ -5,17 +5,20 @@ export const registry = new OpenAPIRegistry();
 export enum OpenAPITags {
    Site = "Site",
    Org = "Organization",
-    Resource = "Resource",
+    PublicResource = "Public Resource",
+    PrivateResource = "Private Resource",
    Role = "Role",
    User = "User",
-    Invitation = "Invitation",
-    Target = "Target",
+    Invitation = "User Invitation",
+    Target = "Resource Target",
    Rule = "Rule",
    AccessToken = "Access Token",
-    Idp = "Identity Provider",
+    GlobalIdp = "Identity Provider (Global)",
+    OrgIdp = "Identity Provider (Organization Only)",
    Client = "Client",
    ApiKey = "API Key",
    Domain = "Domain",
    Blueprint = "Blueprint",
-    Ssh = "SSH"
+    Ssh = "SSH",
+    Logs = "Logs"
 }
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -665,7 +665,10 @@ export async function getTraefikConfig(

                        // TODO: HOW TO HANDLE ^^^^^^ BETTER
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
+                            target.site.online ||
+                            target.site.type === "local" ||
+                            target.site.type === "wireguard"
                        );

                        return (
@@ -793,7 +796,10 @@ export async function getTraefikConfig(
                    servers: (() => {
                        // Check if any sites are online
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
+                            target.site.online ||
+                            target.site.type === "local" ||
+                            target.site.type === "wireguard"
                        );

                        return targets
--- a/server/private/routers/auditLogs/exportAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -32,7 +32,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/access/export",
    description: "Export the access audit log for an organization as CSV",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryAccessAuditLogsParams
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -32,7 +32,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/action/export",
    description: "Export the action audit log for an organization as CSV",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryActionAuditLogsQuery,
        params: queryActionAuditLogsParams
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -249,7 +249,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/access",
    description: "Query the access audit log for an organization",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryAccessAuditLogsParams
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -160,7 +160,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/action",
    description: "Query the action audit log for an organization",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryActionAuditLogsQuery,
        params: queryActionAuditLogsParams
--- a/server/private/routers/billing/getOrgUsage.ts
+++ b/server/private/routers/billing/getOrgUsage.ts
@@ -31,16 +31,16 @@ const getOrgSchema = z.strictObject({
    orgId: z.string()
 });

-registry.registerPath({
-    method: "get",
-    path: "/org/{orgId}/billing/usage",
-    description: "Get an organization's billing usage",
-    tags: [OpenAPITags.Org],
-    request: {
-        params: getOrgSchema
-    },
-    responses: {}
-});
+// registry.registerPath({
+//     method: "get",
+//     path: "/org/{orgId}/billing/usage",
+//     description: "Get an organization's billing usage",
+//     tags: [OpenAPITags.Org],
+//     request: {
+//         params: getOrgSchema
+//     },
+//     responses: {}
+// });

 export async function getOrgUsage(
    req: Request,
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -52,7 +52,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/idp/oidc",
    description: "Create an OIDC IdP for a specific organization.",
-    tags: [OpenAPITags.Idp, OpenAPITags.Org],
+    tags: [OpenAPITags.OrgIdp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/private/routers/orgIdp/deleteOrgIdp.ts
+++ b/server/private/routers/orgIdp/deleteOrgIdp.ts
@@ -35,7 +35,7 @@ registry.registerPath({
    method: "delete",
    path: "/org/{orgId}/idp/{idpId}",
    description: "Delete IDP for a specific organization.",
-    tags: [OpenAPITags.Idp, OpenAPITags.Org],
+    tags: [OpenAPITags.OrgIdp],
    request: {
        params: paramsSchema
    },
--- a/server/private/routers/orgIdp/getOrgIdp.ts
+++ b/server/private/routers/orgIdp/getOrgIdp.ts
@@ -50,9 +50,9 @@ async function query(idpId: number, orgId: string) {

 registry.registerPath({
    method: "get",
-    path: "/org/:orgId/idp/:idpId",
+    path: "/org/{orgId}/idp/{idpId}",
    description: "Get an IDP by its IDP ID for a specific organization.",
-    tags: [OpenAPITags.Idp, OpenAPITags.Org],
+    tags: [OpenAPITags.OrgIdp],
    request: {
        params: paramsSchema
    },
--- a/server/private/routers/orgIdp/listOrgIdps.ts
+++ b/server/private/routers/orgIdp/listOrgIdps.ts
@@ -67,7 +67,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/idp",
    description: "List all IDP for a specific organization.",
-    tags: [OpenAPITags.Idp, OpenAPITags.Org],
+    tags: [OpenAPITags.OrgIdp],
    request: {
        query: querySchema,
        params: paramsSchema
--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -59,7 +59,7 @@ registry.registerPath({
    method: "post",
    path: "/org/{orgId}/idp/{idpId}/oidc",
    description: "Update an OIDC IdP for a specific organization.",
-    tags: [OpenAPITags.Idp, OpenAPITags.Org],
+    tags: [OpenAPITags.OrgIdp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/private/routers/resource/getMaintenanceInfo.ts
+++ b/server/private/routers/resource/getMaintenanceInfo.ts
@@ -52,7 +52,7 @@ registry.registerPath({
    method: "get",
    path: "/maintenance/info",
    description: "Get maintenance information for a resource by domain.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        query: z.object({
            fullDomain: z.string()
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -43,7 +43,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/access-token",
    description: "Generate a new access token for a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.AccessToken],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
    request: {
        params: generateAccssTokenParamsSchema,
        body: {
--- a/server/routers/accessToken/listAccessTokens.ts
+++ b/server/routers/accessToken/listAccessTokens.ts
@@ -122,7 +122,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/access-tokens",
    description: "List all access tokens in an organization.",
-    tags: [OpenAPITags.Org, OpenAPITags.AccessToken],
+    tags: [OpenAPITags.AccessToken],
    request: {
        params: z.object({
            orgId: z.string()
@@ -135,8 +135,8 @@ registry.registerPath({
 registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/access-tokens",
-    description: "List all access tokens in an organization.",
-    tags: [OpenAPITags.Resource, OpenAPITags.AccessToken],
+    description: "List all access tokens for a resource.",
+    tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
    request: {
        params: z.object({
            resourceId: z.number()
--- a/server/routers/apiKeys/createOrgApiKey.ts
+++ b/server/routers/apiKeys/createOrgApiKey.ts
@@ -37,7 +37,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/api-key",
    description: "Create a new API key scoped to the organization.",
-    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
+    tags: [OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/apiKeys/deleteApiKey.ts
+++ b/server/routers/apiKeys/deleteApiKey.ts
@@ -18,7 +18,7 @@ registry.registerPath({
    method: "delete",
    path: "/org/{orgId}/api-key/{apiKeyId}",
    description: "Delete an API key.",
-    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
+    tags: [OpenAPITags.ApiKey],
    request: {
        params: paramsSchema
    },
--- a/server/routers/apiKeys/listApiKeyActions.ts
+++ b/server/routers/apiKeys/listApiKeyActions.ts
@@ -48,7 +48,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/api-key/{apiKeyId}/actions",
    description: "List all actions set for an API key.",
-    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
+    tags: [OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        query: querySchema
--- a/server/routers/apiKeys/listOrgApiKeys.ts
+++ b/server/routers/apiKeys/listOrgApiKeys.ts
@@ -52,7 +52,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/api-keys",
    description: "List all API keys for an organization",
-    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
+    tags: [OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        query: querySchema
--- a/server/routers/apiKeys/setApiKeyActions.ts
+++ b/server/routers/apiKeys/setApiKeyActions.ts
@@ -25,7 +25,7 @@ registry.registerPath({
    path: "/org/{orgId}/api-key/{apiKeyId}/actions",
    description:
        "Set actions for an API key. This will replace any existing actions.",
-    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
+    tags: [OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/auditLogs/exportRequestAuditLog.ts
+++ b/server/routers/auditLogs/exportRequestAuditLog.ts
@@ -20,7 +20,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/request",
    description: "Query the request audit log for an organization",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryAccessAuditLogsQuery.omit({
            limit: true,
--- a/server/routers/auditLogs/queryRequestAnalytics.ts
+++ b/server/routers/auditLogs/queryRequestAnalytics.ts
@@ -151,7 +151,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/analytics",
    description: "Query the request audit analytics for an organization",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryRequestAuditLogsParams
--- a/server/routers/auditLogs/queryRequestAuditLog.ts
+++ b/server/routers/auditLogs/queryRequestAuditLog.ts
@@ -182,7 +182,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/request",
    description: "Query the request audit log for an organization",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Logs],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryRequestAuditLogsParams
--- a/server/routers/blueprints/applyJSONBlueprint.ts
+++ b/server/routers/blueprints/applyJSONBlueprint.ts
@@ -20,7 +20,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/blueprint",
    description: "Apply a base64 encoded JSON blueprint to an organization",
-    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Blueprint],
    request: {
        params: applyBlueprintParamsSchema,
        body: {
--- a/server/routers/blueprints/applyYAMLBlueprint.ts
+++ b/server/routers/blueprints/applyYAMLBlueprint.ts
@@ -43,7 +43,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/blueprint",
    description: "Create and apply a YAML blueprint to an organization",
-    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Blueprint],
    request: {
        params: applyBlueprintParamsSchema,
        body: {
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -53,7 +53,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/blueprint/{blueprintId}",
    description: "Get a blueprint by its blueprint ID.",
-    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Blueprint],
    request: {
        params: getBlueprintSchema
    },
--- a/server/routers/blueprints/listBlueprints.ts
+++ b/server/routers/blueprints/listBlueprints.ts
@@ -67,7 +67,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/blueprints",
    description: "List all blueprints for a organization.",
-    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Blueprint],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -48,7 +48,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/client",
    description: "Create a new client for an organization.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.Client],
    request: {
        params: createClientParamsSchema,
        body: {
--- a/server/routers/client/createUserClient.ts
+++ b/server/routers/client/createUserClient.ts
@@ -49,7 +49,7 @@ registry.registerPath({
    path: "/org/{orgId}/user/{userId}/client",
    description:
        "Create a new client for a user and associate it with an existing olm.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org, OpenAPITags.User],
+    tags: [OpenAPITags.Client],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/client/getClient.ts
+++ b/server/routers/client/getClient.ts
@@ -243,7 +243,7 @@ registry.registerPath({
    path: "/org/{orgId}/client/{niceId}",
    description:
        "Get a client by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.",
-    tags: [OpenAPITags.Org, OpenAPITags.Site],
+    tags: [OpenAPITags.Site],
    request: {
        params: z.object({
            orgId: z.string(),
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -119,12 +119,12 @@ const listClientsSchema = z.object({
        }),
    query: z.string().optional(),
    sort_by: z
-        .enum(["megabytesIn", "megabytesOut"])
+        .enum(["name", "megabytesIn", "megabytesOut"])
        .optional()
        .catch(undefined)
        .openapi({
            type: "string",
-            enum: ["megabytesIn", "megabytesOut"],
+            enum: ["name", "megabytesIn", "megabytesOut"],
            description: "Field to sort by"
        }),
    order: z
@@ -237,7 +237,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/clients",
    description: "List all clients for an organization.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.Client],
    request: {
        query: listClientsSchema,
        params: listClientsParamsSchema
@@ -363,14 +363,14 @@ export async function listClients(
        const countQuery = db.$count(baseQuery.as("filtered_clients"));

        const listMachinesQuery = baseQuery
-            .limit(page)
+            .limit(pageSize)
            .offset(pageSize * (page - 1))
            .orderBy(
                sort_by
                    ? order === "asc"
                        ? asc(clients[sort_by])
                        : desc(clients[sort_by])
-                    : asc(clients.clientId)
+                    : asc(clients.name)
            );

        const [clientsList, totalCount] = await Promise.all([
--- a/server/routers/client/listUserDevices.ts
+++ b/server/routers/client/listUserDevices.ts
@@ -256,7 +256,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/user-devices",
    description: "List all user devices for an organization.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.Client],
    request: {
        query: listUserDevicesSchema,
        params: listUserDevicesParamsSchema
--- a/server/routers/client/pickClientDefaults.ts
+++ b/server/routers/client/pickClientDefaults.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/pick-client-defaults",
    description: "Return pre-requisite data for creating a client.",
-    tags: [OpenAPITags.Client, OpenAPITags.Site],
+    tags: [OpenAPITags.Client],
    request: {
        params: pickClientDefaultsSchema
    },
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -59,7 +59,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/domains",
    description: "List all domains for a organization.",
-    tags: [OpenAPITags.Org],
+    tags: [OpenAPITags.Domain],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/idp/createIdpOrgPolicy.ts
+++ b/server/routers/idp/createIdpOrgPolicy.ts
@@ -27,7 +27,7 @@ registry.registerPath({
    method: "put",
    path: "/idp/{idpId}/org/{orgId}",
    description: "Create an IDP policy for an existing IDP on an organization.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/idp/createOidcIdp.ts
+++ b/server/routers/idp/createOidcIdp.ts
@@ -37,7 +37,7 @@ registry.registerPath({
    method: "put",
    path: "/idp/oidc",
    description: "Create an OIDC IdP.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        body: {
            content: {
--- a/server/routers/idp/deleteIdp.ts
+++ b/server/routers/idp/deleteIdp.ts
@@ -21,7 +21,7 @@ registry.registerPath({
    method: "delete",
    path: "/idp/{idpId}",
    description: "Delete IDP.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema
    },
--- a/server/routers/idp/deleteIdpOrgPolicy.ts
+++ b/server/routers/idp/deleteIdpOrgPolicy.ts
@@ -19,7 +19,7 @@ registry.registerPath({
    method: "delete",
    path: "/idp/{idpId}/org/{orgId}",
    description: "Create an OIDC IdP for an organization.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema
    },
--- a/server/routers/idp/getIdp.ts
+++ b/server/routers/idp/getIdp.ts
@@ -34,7 +34,7 @@ registry.registerPath({
    method: "get",
    path: "/idp/{idpId}",
    description: "Get an IDP by its IDP ID.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema
    },
--- a/server/routers/idp/listIdpOrgPolicies.ts
+++ b/server/routers/idp/listIdpOrgPolicies.ts
@@ -48,7 +48,7 @@ registry.registerPath({
    method: "get",
    path: "/idp/{idpId}/org",
    description: "List all org policies on an IDP.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema,
        query: querySchema
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -58,7 +58,7 @@ registry.registerPath({
    method: "get",
    path: "/idp",
    description: "List all IDP in the system.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        query: querySchema
    },
--- a/server/routers/idp/updateIdpOrgPolicy.ts
+++ b/server/routers/idp/updateIdpOrgPolicy.ts
@@ -26,7 +26,7 @@ registry.registerPath({
    method: "post",
    path: "/idp/{idpId}/org/{orgId}",
    description: "Update an IDP org policy.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/idp/updateOidcIdp.ts
+++ b/server/routers/idp/updateOidcIdp.ts
@@ -42,7 +42,7 @@ registry.registerPath({
    method: "post",
    path: "/idp/{idpId}/oidc",
    description: "Update an OIDC IdP.",
-    tags: [OpenAPITags.Idp],
+    tags: [OpenAPITags.GlobalIdp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -27,7 +27,8 @@ import {
    verifyApiKeyClientAccess,
    verifyApiKeySiteResourceAccess,
    verifyApiKeySetResourceClients,
-    verifyLimits
+    verifyLimits,
+    verifyApiKeyDomainAccess
 } from "@server/middlewares";
 import HttpCode from "@server/types/HttpCode";
 import { Router } from "express";
@@ -347,6 +348,56 @@ authenticated.get(
    domain.listDomains
 );

+authenticated.get(
+    "/org/:orgId/domain/:domainId",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyDomainAccess,
+    verifyApiKeyHasAction(ActionsEnum.getDomain),
+    domain.getDomain
+);
+
+authenticated.put(
+    "/org/:orgId/domain",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyHasAction(ActionsEnum.createOrgDomain),
+    logActionAudit(ActionsEnum.createOrgDomain),
+    domain.createOrgDomain
+);
+
+authenticated.patch(
+    "/org/:orgId/domain/:domainId",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyDomainAccess,
+    verifyApiKeyHasAction(ActionsEnum.updateOrgDomain),
+    domain.updateOrgDomain
+);
+
+authenticated.delete(
+    "/org/:orgId/domain/:domainId",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyDomainAccess,
+    verifyApiKeyHasAction(ActionsEnum.deleteOrgDomain),
+    logActionAudit(ActionsEnum.deleteOrgDomain),
+    domain.deleteAccountDomain
+);
+
+authenticated.get(
+    "/org/:orgId/domain/:domainId/dns-records",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyDomainAccess,
+    verifyApiKeyHasAction(ActionsEnum.getDNSRecords),
+    domain.getDNSRecords
+);
+
+authenticated.post(
+    "/org/:orgId/domain/:domainId/restart",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyDomainAccess,
+    verifyApiKeyHasAction(ActionsEnum.restartOrgDomain),
+    logActionAudit(ActionsEnum.restartOrgDomain),
+    domain.restartOrgDomain
+);
+
 authenticated.get(
    "/org/:orgId/invitations",
    verifyApiKeyOrgAccess,
--- a/server/routers/newt/buildConfiguration.ts
+++ b/server/routers/newt/buildConfiguration.ts
@@ -230,7 +230,7 @@ export async function buildTargetConfigurationForNewtClient(siteId: number) {
            !target.hcMethod
        ) {
            logger.debug(
-                `Skipping target ${target.targetId} due to missing health check fields`
+                `Skipping adding target health check ${target.targetId} due to missing health check fields`
            );
            return null; // Skip targets with missing health check fields
        }
--- a/server/routers/resource/addEmailToResourceWhitelist.ts
+++ b/server/routers/resource/addEmailToResourceWhitelist.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/whitelist/add",
    description: "Add a single email to the resource whitelist.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: addEmailToResourceWhitelistParamsSchema,
        body: {
--- a/server/routers/resource/addRoleToResource.ts
+++ b/server/routers/resource/addRoleToResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/roles/add",
    description: "Add a single role to a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
    request: {
        params: addRoleToResourceParamsSchema,
        body: {
--- a/server/routers/resource/addUserToResource.ts
+++ b/server/routers/resource/addUserToResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/users/add",
    description: "Add a single user to a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
    request: {
        params: addUserToResourceParamsSchema,
        body: {
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -79,7 +79,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/resource",
    description: "Create a resource.",
-    tags: [OpenAPITags.Org, OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: createResourceParamsSchema,
        body: {
--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@@ -31,7 +31,7 @@ registry.registerPath({
    method: "put",
    path: "/resource/{resourceId}/rule",
    description: "Create a resource rule.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
    request: {
        params: createResourceRuleParamsSchema,
        body: {
--- a/server/routers/resource/deleteResource.ts
+++ b/server/routers/resource/deleteResource.ts
@@ -22,7 +22,7 @@ registry.registerPath({
    method: "delete",
    path: "/resource/{resourceId}",
    description: "Delete a resource.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: deleteResourceSchema
    },
--- a/server/routers/resource/deleteResourceRule.ts
+++ b/server/routers/resource/deleteResourceRule.ts
@@ -19,7 +19,7 @@ registry.registerPath({
    method: "delete",
    path: "/resource/{resourceId}/rule/{ruleId}",
    description: "Delete a resource rule.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
    request: {
        params: deleteResourceRuleSchema
    },
--- a/server/routers/resource/getResource.ts
+++ b/server/routers/resource/getResource.ts
@@ -54,7 +54,7 @@ registry.registerPath({
    path: "/org/{orgId}/resource/{niceId}",
    description:
        "Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.",
-    tags: [OpenAPITags.Org, OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: z.object({
            orgId: z.string(),
@@ -68,7 +68,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}",
    description: "Get a resource by resourceId.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: z.object({
            resourceId: z.number()
--- a/server/routers/resource/getResourceWhitelist.ts
+++ b/server/routers/resource/getResourceWhitelist.ts
@@ -31,7 +31,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/whitelist",
    description: "Get the whitelist of emails for a specific resource.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: getResourceWhitelistSchema
    },
--- a/server/routers/resource/listAllResourceNames.ts
+++ b/server/routers/resource/listAllResourceNames.ts
@@ -33,7 +33,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/resources-names",
    description: "List all resource names for an organization.",
-    tags: [OpenAPITags.Org, OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/resource/listResourceRoles.ts
+++ b/server/routers/resource/listResourceRoles.ts
@@ -35,7 +35,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/roles",
    description: "List all roles for a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
    request: {
        params: listResourceRolesSchema
    },
--- a/server/routers/resource/listResourceRules.ts
+++ b/server/routers/resource/listResourceRules.ts
@@ -56,7 +56,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/rules",
    description: "List rules for a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
    request: {
        params: listResourceRulesParamsSchema,
        query: listResourceRulesSchema
--- a/server/routers/resource/listResourceUsers.ts
+++ b/server/routers/resource/listResourceUsers.ts
@@ -38,7 +38,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/users",
    description: "List all users for a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
    request: {
        params: listResourceUsersSchema
    },
--- a/server/routers/resource/listResources.ts
+++ b/server/routers/resource/listResources.ts
@@ -19,6 +19,7 @@ import {
    and,
    asc,
    count,
+    desc,
    eq,
    inArray,
    isNull,
@@ -63,6 +64,26 @@ const listResourcesSchema = z.object({
            description: "Page number to retrieve"
        }),
    query: z.string().optional(),
+    sort_by: z
+        .enum(["name"])
+        .optional()
+        .catch(undefined)
+        .openapi({
+            type: "string",
+            enum: ["name"],
+            description: "Field to sort by"
+        }),
+    order: z
+        .enum(["asc", "desc"])
+        .optional()
+        .default("asc")
+        .catch("asc")
+        .openapi({
+            type: "string",
+            enum: ["asc", "desc"],
+            default: "asc",
+            description: "Sort order"
+        }),
    enabled: z
        .enum(["true", "false"])
        .transform((v) => v === "true")
@@ -204,7 +225,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/resources",
    description: "List resources for an organization.",
-    tags: [OpenAPITags.Org, OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: z.object({
            orgId: z.string()
@@ -229,8 +250,16 @@ export async function listResources(
                )
            );
        }
-        const { page, pageSize, authState, enabled, query, healthStatus } =
-            parsedQuery.data;
+        const {
+            page,
+            pageSize,
+            authState,
+            enabled,
+            query,
+            healthStatus,
+            sort_by,
+            order
+        } = parsedQuery.data;

        const parsedParams = listResourcesParamsSchema.safeParse(req.params);
        if (!parsedParams.success) {
@@ -395,7 +424,13 @@ export async function listResources(
            baseQuery
                .limit(pageSize)
                .offset(pageSize * (page - 1))
-                .orderBy(asc(resources.resourceId)),
+                .orderBy(
+                    sort_by
+                        ? order === "asc"
+                            ? asc(resources[sort_by])
+                            : desc(resources[sort_by])
+                        : asc(resources.name)
+                ),
            countQuery
        ]);

--- a/server/routers/resource/removeEmailFromResourceWhitelist.ts
+++ b/server/routers/resource/removeEmailFromResourceWhitelist.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/whitelist/remove",
    description: "Remove a single email from the resource whitelist.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: removeEmailFromResourceWhitelistParamsSchema,
        body: {
--- a/server/routers/resource/removeRoleFromResource.ts
+++ b/server/routers/resource/removeRoleFromResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/roles/remove",
    description: "Remove a single role from a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
    request: {
        params: removeRoleFromResourceParamsSchema,
        body: {
--- a/server/routers/resource/removeUserFromResource.ts
+++ b/server/routers/resource/removeUserFromResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/users/remove",
    description: "Remove a single user from a resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
    request: {
        params: removeUserFromResourceParamsSchema,
        body: {
--- a/server/routers/resource/setResourceHeaderAuth.ts
+++ b/server/routers/resource/setResourceHeaderAuth.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/header-auth",
    description:
        "Set or update the header authentication for a resource. If user and password is not provided, it will remove the header authentication.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: setResourceAuthMethodsParamsSchema,
        body: {
--- a/server/routers/resource/setResourcePassword.ts
+++ b/server/routers/resource/setResourcePassword.ts
@@ -25,7 +25,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/password",
    description:
        "Set the password for a resource. Setting the password to null will remove it.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: setResourceAuthMethodsParamsSchema,
        body: {
--- a/server/routers/resource/setResourcePincode.ts
+++ b/server/routers/resource/setResourcePincode.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/pincode",
    description:
        "Set the PIN code for a resource. Setting the PIN code to null will remove it.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: setResourceAuthMethodsParamsSchema,
        body: {
--- a/server/routers/resource/setResourceRoles.ts
+++ b/server/routers/resource/setResourceRoles.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/roles",
    description:
        "Set roles for a resource. This will replace all existing roles.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
    request: {
        params: setResourceRolesParamsSchema,
        body: {
--- a/server/routers/resource/setResourceUsers.ts
+++ b/server/routers/resource/setResourceUsers.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/users",
    description:
        "Set users for a resource. This will replace all existing users.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
    request: {
        params: setUserResourcesParamsSchema,
        body: {
--- a/server/routers/resource/setResourceWhitelist.ts
+++ b/server/routers/resource/setResourceWhitelist.ts
@@ -32,7 +32,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/whitelist",
    description:
        "Set email whitelist for a resource. This will replace all existing emails.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: setResourceWhitelistParamsSchema,
        body: {
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -101,6 +101,49 @@ const updateHttpResourceBodySchema = z
        {
            error: "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
        }
+    )
+    .refine(
+        (data) => {
+            if (data.headers) {
+                // HTTP header names must be valid token characters (RFC 7230)
+                const validHeaderName = /^[a-zA-Z0-9!#$%&'*+\-.^_`|~]+$/;
+                return data.headers.every((h) => validHeaderName.test(h.name));
+            }
+            return true;
+        },
+        {
+            error: "Header names may only contain valid HTTP token characters (letters, digits, and !#$%&'*+-.^_`|~)."
+        }
+    )
+    .refine(
+        (data) => {
+            if (data.headers) {
+                // HTTP header values must be visible ASCII or horizontal whitespace, no control chars (RFC 7230)
+                const validHeaderValue = /^[\t\x20-\x7E]*$/;
+                return data.headers.every((h) => validHeaderValue.test(h.value));
+            }
+            return true;
+        },
+        {
+            error: "Header values may only contain printable ASCII characters and horizontal whitespace."
+        }
+    )
+    .refine(
+        (data) => {
+            if (data.headers) {
+                // Reject Traefik template syntax {{word}} in names or values
+                const templatePattern = /\{\{[^}]+\}\}/;
+                return data.headers.every(
+                    (h) =>
+                        !templatePattern.test(h.name) &&
+                        !templatePattern.test(h.value)
+                );
+            }
+            return true;
+        },
+        {
+            error: "Header names and values must not contain template expressions such as {{value}}."
+        }
    );

 export type UpdateResourceResponse = Resource;
@@ -136,7 +179,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}",
    description: "Update a resource.",
-    tags: [OpenAPITags.Resource],
+    tags: [OpenAPITags.PublicResource],
    request: {
        params: updateResourceParamsSchema,
        body: {
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@@ -38,7 +38,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/rule/{ruleId}",
    description: "Update a resource rule.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
    request: {
        params: updateResourceRuleParamsSchema,
        body: {
--- a/server/routers/role/createRole.ts
+++ b/server/routers/role/createRole.ts
@@ -45,7 +45,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/role",
    description: "Create a role.",
-    tags: [OpenAPITags.Org, OpenAPITags.Role],
+    tags: [OpenAPITags.Role],
    request: {
        params: createRoleParamsSchema,
        body: {
--- a/server/routers/role/listRoles.ts
+++ b/server/routers/role/listRoles.ts
@@ -7,7 +7,7 @@ import { and, eq, inArray, sql } from "drizzle-orm";
 import { ActionsEnum } from "@server/auth/actions";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
-import { z } from "zod";
+import { object, z } from "zod";
 import { fromError } from "zod-validation-error";

 const listRolesParamsSchema = z.strictObject({
@@ -64,7 +64,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/roles",
    description: "List roles.",
-    tags: [OpenAPITags.Org, OpenAPITags.Role],
+    tags: [OpenAPITags.Role],
    request: {
        params: listRolesParamsSchema,
        query: listRolesSchema
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -58,7 +58,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/site",
    description: "Create a new site.",
-    tags: [OpenAPITags.Site, OpenAPITags.Org],
+    tags: [OpenAPITags.Site],
    request: {
        params: createSiteParamsSchema,
        body: {
@@ -292,7 +292,7 @@ export async function createSite(
            if (type == "newt") {
                [newSite] = await trx
                    .insert(sites)
-                    .values({
+                    .values({ // NOTE: NO SUBNET OR EXIT NODE ID PASSED IN HERE BECAUSE ITS NOW CHOSEN ON CONNECT
                        orgId,
                        name,
                        niceId,
--- a/server/routers/site/getSite.ts
+++ b/server/routers/site/getSite.ts
@@ -51,7 +51,7 @@ registry.registerPath({
    path: "/org/{orgId}/site/{niceId}",
    description:
        "Get a site by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.",
-    tags: [OpenAPITags.Org, OpenAPITags.Site],
+    tags: [OpenAPITags.Site],
    request: {
        params: z.object({
            orgId: z.string(),
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -108,12 +108,12 @@ const listSitesSchema = z.object({
        }),
    query: z.string().optional(),
    sort_by: z
-        .enum(["megabytesIn", "megabytesOut"])
+        .enum(["name", "megabytesIn", "megabytesOut"])
        .optional()
        .catch(undefined)
        .openapi({
            type: "string",
-            enum: ["megabytesIn", "megabytesOut"],
+            enum: ["name", "megabytesIn", "megabytesOut"],
            description: "Field to sort by"
        }),
    order: z
@@ -180,7 +180,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/sites",
    description: "List all sites in an organization",
-    tags: [OpenAPITags.Org, OpenAPITags.Site],
+    tags: [OpenAPITags.Site],
    request: {
        params: listSitesParamsSchema,
        query: listSitesSchema
@@ -278,7 +278,7 @@ export async function listSites(

        // we need to add `as` so that drizzle filters the result as a subquery
        const countQuery = db.$count(
-            querySitesBase().where(and(...conditions))
+            querySitesBase().where(and(...conditions)).as("filtered_sites")
        );

        const siteListQuery = baseQuery
@@ -289,7 +289,7 @@ export async function listSites(
                    ? order === "asc"
                        ? asc(sites[sort_by])
                        : desc(sites[sort_by])
-                    : asc(sites.siteId)
+                    : asc(sites.name)
            );

        const [totalCount, rows] = await Promise.all([
--- a/server/routers/site/pickSiteDefaults.ts
+++ b/server/routers/site/pickSiteDefaults.ts
@@ -35,7 +35,7 @@ registry.registerPath({
    path: "/org/{orgId}/pick-site-defaults",
    description:
        "Return pre-requisite data for creating a site, such as the exit node, subnet, Newt credentials, etc.",
-    tags: [OpenAPITags.Org, OpenAPITags.Site],
+    tags: [OpenAPITags.Site],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/siteResource/addClientToSiteResource.ts
+++ b/server/routers/siteResource/addClientToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients/add",
    description:
        "Add a single client to a site resource. Clients with a userId cannot be added.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Client],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
    request: {
        params: addClientToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/addRoleToSiteResource.ts
+++ b/server/routers/siteResource/addRoleToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/roles/add",
    description: "Add a single role to a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
    request: {
        params: addRoleToSiteResourceParamsSchema,
        body: {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Owen Schwartz	c87b6872e5	Merge pull request #2594 from fosrl/dev Translations	2026-03-03 21:37:56 -08:00
Owen Schwartz	f315c8bc43	Merge pull request #2569 from fosrl/crowdin_dev New Crowdin updates	2026-03-03 21:34:23 -08:00
Owen Schwartz	20fa1519fd	New translations en-us.json (French)	2026-03-03 21:33:01 -08:00
Owen Schwartz	54430afc40	New translations en-us.json (Norwegian Bokmal)	2026-03-03 21:32:59 -08:00
Owen Schwartz	7990d08fee	New translations en-us.json (Chinese Simplified)	2026-03-03 21:32:58 -08:00
Owen Schwartz	e9042d9e2e	New translations en-us.json (Turkish)	2026-03-03 21:32:57 -08:00
Owen Schwartz	24a15841e4	New translations en-us.json (Russian)	2026-03-03 21:32:55 -08:00
Owen Schwartz	bb8f6e09fd	New translations en-us.json (Portuguese)	2026-03-03 21:32:54 -08:00
Owen Schwartz	04bc8ab694	New translations en-us.json (Polish)	2026-03-03 21:32:52 -08:00
Owen Schwartz	6ac8335cf2	New translations en-us.json (Dutch)	2026-03-03 21:32:51 -08:00
Owen Schwartz	4c6144f8fb	New translations en-us.json (Korean)	2026-03-03 21:32:50 -08:00
Owen Schwartz	255003794e	New translations en-us.json (Italian)	2026-03-03 21:32:48 -08:00
Owen Schwartz	119d5c79a0	New translations en-us.json (German)	2026-03-03 21:32:47 -08:00
Owen Schwartz	8e2d7c25df	New translations en-us.json (Czech)	2026-03-03 21:32:46 -08:00
Owen Schwartz	753dee3023	New translations en-us.json (Bulgarian)	2026-03-03 21:32:44 -08:00
Owen Schwartz	cac0272952	New translations en-us.json (Spanish)	2026-03-03 21:32:43 -08:00
Owen Schwartz	ee5b74f9fc	Merge pull request #2593 from fosrl/dev 1.16.2-s.2	2026-03-03 21:17:10 -08:00
Owen	1362b72cd3	Restrict what can be a header	2026-03-03 21:10:52 -08:00
Owen Schwartz	35b1566962	New translations en-us.json (French)	2026-03-03 20:42:42 -08:00
Owen Schwartz	a4bcce5a0c	New translations en-us.json (Norwegian Bokmal)	2026-03-03 20:42:40 -08:00
Owen Schwartz	c03f1946e8	New translations en-us.json (Chinese Simplified)	2026-03-03 20:42:39 -08:00
Owen Schwartz	c11e107758	New translations en-us.json (Turkish)	2026-03-03 20:42:37 -08:00
Owen Schwartz	3b4e49f63a	New translations en-us.json (Russian)	2026-03-03 20:42:36 -08:00
Owen Schwartz	ea7253f7e8	New translations en-us.json (Portuguese)	2026-03-03 20:42:34 -08:00
Owen Schwartz	8a529f7946	New translations en-us.json (Polish)	2026-03-03 20:42:33 -08:00
Owen Schwartz	e76612e018	New translations en-us.json (Dutch)	2026-03-03 20:42:31 -08:00
Owen Schwartz	e1f99985d8	New translations en-us.json (Korean)	2026-03-03 20:42:30 -08:00
Owen Schwartz	e0c2735635	New translations en-us.json (Italian)	2026-03-03 20:42:28 -08:00
Owen Schwartz	8e6b4e243d	New translations en-us.json (German)	2026-03-03 20:42:27 -08:00
Owen Schwartz	2623fa8f02	New translations en-us.json (Czech)	2026-03-03 20:42:25 -08:00
Owen Schwartz	7ff92d32cd	New translations en-us.json (Bulgarian)	2026-03-03 20:42:24 -08:00
Owen Schwartz	c7f691b20a	New translations en-us.json (Spanish)	2026-03-03 20:42:23 -08:00
Owen	db042e520e	Adjust language	2026-03-03 20:34:56 -08:00
miloschwartz	4cab693cfc	openapi and swagger ui improvements and cleanup	2026-03-03 14:54:17 -08:00
Owen	c9515ae77c	Add comment about not needing exit node	2026-03-03 14:54:17 -08:00
miloschwartz	d14de86f65	fix org selector spacing on mobile	2026-03-03 14:54:17 -08:00
Laurence	f6ee9db730	enhance(sidebar): make mobile org selector sticky Make org selector sticky on mobile sidebar Move OrgSelector outside the scrollable container so it stays fixed at the top while menu items scroll, matching the desktop sidebar behavior introduced in `9b2c0d0b`.	2026-03-03 14:54:17 -08:00
ChanningHe	94353aea44	feat(integration): add domain CRUD endpoints to integration API	2026-03-03 14:54:17 -08:00
miloschwartz	ed95f10fcc	openapi and swagger ui improvements and cleanup	2026-03-02 21:59:41 -08:00
Owen	64bae5b142	Merge branch 'main' into dev	2026-03-02 18:52:20 -08:00
Owen	19f9dda490	Add comment about not needing exit node	2026-03-02 16:28:01 -08:00
Owen Schwartz	cdf79edb00	Merge pull request #2570 from Fizza-Mukhtar/fix/mixed-target-failover-2448 fix: local targets ignored when newt site is unhealthy (mixed target failover)	2026-03-01 15:58:25 -08:00
Owen Schwartz	df53dfc936	New translations en-us.json (French)	2026-03-01 11:17:30 -08:00
Owen Schwartz	8e2e09ab81	New translations en-us.json (Norwegian Bokmal)	2026-03-01 11:17:28 -08:00
Owen Schwartz	1eac7cbccd	New translations en-us.json (Chinese Simplified)	2026-03-01 11:17:27 -08:00
Owen Schwartz	ddaaed65e4	New translations en-us.json (Turkish)	2026-03-01 11:17:26 -08:00
Owen Schwartz	8e633c21c7	New translations en-us.json (Russian)	2026-03-01 11:17:24 -08:00
Owen Schwartz	e7c4ef44d8	New translations en-us.json (Portuguese)	2026-03-01 11:17:23 -08:00
Owen Schwartz	3d71470bd2	New translations en-us.json (Polish)	2026-03-01 11:17:21 -08:00
Owen Schwartz	dd627a222e	New translations en-us.json (Dutch)	2026-03-01 11:17:20 -08:00
Owen Schwartz	62cc20fa1c	New translations en-us.json (Korean)	2026-03-01 11:17:19 -08:00
Owen Schwartz	0450fc9f57	New translations en-us.json (Italian)	2026-03-01 11:17:17 -08:00
Owen Schwartz	c58aaf5ba6	New translations en-us.json (German)	2026-03-01 11:17:16 -08:00
Owen Schwartz	655522d4e2	New translations en-us.json (Czech)	2026-03-01 11:17:15 -08:00
Owen Schwartz	225475dcae	New translations en-us.json (Bulgarian)	2026-03-01 11:17:13 -08:00
Owen Schwartz	ccb977fdfb	New translations en-us.json (Spanish)	2026-03-01 11:17:12 -08:00
Milo Schwartz	280cbb6e22	Merge pull request #2553 from LaurenceJJones/explore/static-org-dropdown enhance(sidebar): make mobile org selector sticky	2026-03-01 11:14:16 -08:00
miloschwartz	c20babcb53	fix org selector spacing on mobile	2026-03-01 11:13:49 -08:00
Owen Schwartz	768eebe2cd	Merge pull request #2432 from ChanningHe/feat-integration-api-domain-crud feat(integration): add domain CRUD endpoints to integration API	2026-03-01 11:12:05 -08:00
Owen Schwartz	44e3eedffa	Merge pull request #2567 from marcschaeferger/fix-kubernetes-install feat(kubernetes): enable newtInstances by default and update installation instructions	2026-03-01 10:56:18 -08:00
Marc Schäfer	bb189874cb	fix(newt-install): conditionally display Kubernetes installation info Signed-off-by: Marc Schäfer <git@marcschaeferger.de>	2026-03-01 10:55:58 -08:00
Marc Schäfer	34dadd0e16	feat(kubernetes): enable newtInstances by default and update installation instructions Signed-off-by: Marc Schäfer <git@marcschaeferger.de>	2026-03-01 10:55:58 -08:00
Owen Schwartz	87b5cd9988	Merge pull request #2573 from Fizza-Mukhtar/fix/container-search-excludes-labels-2228 fix: exclude labels from container search to prevent false positives	2026-03-01 10:52:50 -08:00
Marc Schäfer	6a537a23e8	fix(newt-install): conditionally display Kubernetes installation info Signed-off-by: Marc Schäfer <git@marcschaeferger.de>	2026-03-01 18:17:45 +01:00
Fizza-Mukhtar	e63a6e9b77	fix: treat local and wireguard sites as online for failover	2026-03-01 07:56:47 -08:00
Fizza-Mukhtar	7ce589c4f2	fix: exclude labels from container search to prevent false positives	2026-03-01 06:50:03 -08:00
Fizza-Mukhtar	f36cf06e26	fix: fallback to local targets when newt targets are unhealthy	2026-03-01 01:43:15 -08:00
Owen Schwartz	27d52646a0	New translations en-us.json (Norwegian Bokmal)	2026-02-28 20:13:31 -08:00
Owen Schwartz	4dd8080c55	New translations en-us.json (Chinese Simplified)	2026-02-28 20:13:29 -08:00
Owen Schwartz	0b35d4f2e3	New translations en-us.json (Turkish)	2026-02-28 20:13:28 -08:00
Owen Schwartz	54a9fb9e54	New translations en-us.json (Russian)	2026-02-28 20:13:27 -08:00
Owen Schwartz	60a9e68f02	New translations en-us.json (Portuguese)	2026-02-28 20:13:25 -08:00
Owen Schwartz	ad374298e3	New translations en-us.json (Polish)	2026-02-28 20:13:24 -08:00
Owen Schwartz	c5dc4e6127	New translations en-us.json (Dutch)	2026-02-28 20:13:22 -08:00
Owen Schwartz	291ad831c5	New translations en-us.json (Korean)	2026-02-28 20:13:21 -08:00
Owen Schwartz	0a018f0ca8	New translations en-us.json (Italian)	2026-02-28 20:13:20 -08:00
Owen Schwartz	6673eeb1bb	New translations en-us.json (German)	2026-02-28 20:13:18 -08:00
Owen Schwartz	4641f0b9ef	New translations en-us.json (Czech)	2026-02-28 20:13:17 -08:00
Owen Schwartz	a4487964e5	New translations en-us.json (Bulgarian)	2026-02-28 20:13:15 -08:00
Owen Schwartz	fe42fdd1ec	New translations en-us.json (Spanish)	2026-02-28 20:13:14 -08:00
Marc Schäfer	375211f184	feat(kubernetes): enable newtInstances by default and update installation instructions Signed-off-by: Marc Schäfer <git@marcschaeferger.de>	2026-02-28 23:56:28 +01:00
Owen	66c377a5c9	Merge branch 'main' into dev	2026-02-28 12:14:41 -08:00
Owen	50c2aa0111	Add default memory limits	2026-02-28 12:14:27 -08:00
Owen	fdeb891137	Fix pagination effecting drop downs	2026-02-28 12:07:42 -08:00
Owen Schwartz	6a6e3a43b1	Merge pull request #2562 from LaurenceJJones/fix/zod-openapi-catch-error fix(zod): Add openapi call after catch	2026-02-28 11:04:10 -08:00
Laurence	b0a34fa21b	fix(openapi): Add openapi call after catch fix: #2561 without making an explicit call to openapi a runtime error happens because it cannot infer the type, the call to openapi is the same across the codebase	2026-02-28 11:27:19 +00:00
Owen	72bf6f3c41	Comma seperated	2026-02-27 17:53:44 -08:00
miloschwartz	ad9289e0c1	sort by name by default	2026-02-27 15:53:27 -08:00
Owen Schwartz	b0cb0e5a99	Merge pull request #2559 from fosrl/dev 1.16.1	2026-02-27 12:40:23 -08:00
miloschwartz	8347203bbe	add sort to name col	2026-02-27 12:39:26 -08:00
miloschwartz	4aa1186aed	fix machine client pagination	2026-02-27 11:59:55 -08:00
Owen	eed87af61d	Use ecr base to build	2026-02-26 21:43:14 -08:00
Owen	daeea8e7ea	Add alises to quieries Fixes #2556	2026-02-26 21:37:47 -08:00
Owen	0d63a15715	Merge branch 'main' into dev	2026-02-26 20:14:41 -08:00
miloschwartz	fa2e229ada	support authPath in device login	2026-02-26 14:59:34 -08:00
Laurence	81c1a1da9c	enhance(sidebar): make mobile org selector sticky Make org selector sticky on mobile sidebar Move OrgSelector outside the scrollable container so it stays fixed at the top while menu items scroll, matching the desktop sidebar behavior introduced in `9b2c0d0b`.	2026-02-26 15:45:41 +00:00
ChanningHe	52f26396ac	feat(integration): add domain CRUD endpoints to integration API	2026-02-26 08:44:55 +09:00